Expert Advice Community

Guest

Query on Annex A Controls - IS027001

  Quote
Guest
Guest user Created:   Jun 02, 2020 Last commented:   Jun 02, 2020

Query on Annex A Controls - IS027001

The company I work for is working towards attaining ISO27001 certification this year and I am part of the project team embarking on this.
I am working through Risk Management at the moment, having completed Risk Identification & Assessment, I am looking at treatment now.
I am specifically looking at the Application & Databases Information Assets. I note the risk of Inadequate Maintenance, however, I cannot find a control specific to Software/Application Maintenance.
My thought train is towards version releases, upgrades, database maintenance plans, data checks, etc. The nearest controls I have noted are
A.11.2.4 Equipment Maintenance
A.12.5.1 Installation of Software on Operational Systems
A.14.1.1 Information Security requirements analysis and specification, A.13.1.2 Security of Network Services
Is there a specific one for Software Maintenance?
Appreciate some direction

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 02, 2020

Software maintenance is basically covered by controls from section A.14 System acquisition, development, and maintenance (there is no single control specific for this purpose).

Control A.14.1.1ensures that maintenance is done in order to reach some requirements set to protect information.

The other controls you mentioned are more related to the security of information systems implementation and daily operations.

These articles will provide you a further explanation about the software development life cycle:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jun 02, 2020

Jun 02, 2020

Suggested Topics

Guest user Created:   Dec 03, 2021 ISO 27001 & 22301
Replies: 1
0 0

Controls A.17.1