Isn’t there a layer 2 as procedures and principles ?
1.1. Secure coding
[Job title] will issue procedures for secure coding of information system, both for the development of new systems and for the maintenance of the existing systems, as well as set the minimum secure coding practices that must be complied with.
The same secure coding principles will be applied to outsourced development, and defined through the contracts as defined in [Supplier Security Policy].
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I’m assuming this text is from the Secure development policy.
Considering that, please note that the comments included in this section provide some examples of practices and principles for secure coding.
Regarding a second layer of the document (i.e., specific procedures), please note that since each organization has its own specific set of procedures and principles for coding development and maintenance (based on the programing language used, development framework, etc.), it is unfeasible to provide a set of templates that covers existent possibilities.
What you can do is refer to your already written procedures principles in this Policy. In case you still need to develop such documents, then you can use the blank template that is included in your toolkit to develop them.
In case you need additional support, you can schedule an online meeting where one of our experts will help you develop these documents. To schedule a meeting, please click here: https://advisera.com/consultations/
Comment as guest or Sign in
Feb 25, 2023