Expert Advice Community

Home / ISO 27001 & 22301 / Secure Development Policy template content

Guest

Secure Development Policy template content

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 27, 2018 Last commented:   Mar 03, 2018

Secure Development Policy template content

ISO 27001 & 22301
For the secure development Policy, in section four of your template you mention testing plans. What should be included in this document? Also, is this a mandatory document that should be created along with the secure development Policy?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Feb 27, 2018

Answer: Testing plans should include the purpose of the test, test methodology to be used, planned inputs and expected inputs, acceptance criteria, and expected data or conditions for the test to be performed.

Testing plans and testing results are required only if controls A.14.2.8 and A.14.29 are identified as applicable as result of risk assessment.

This article will provide you further explanation about tests:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/

Quote
0 0
Expert
Rhand Leal Mar 03, 2018

We received this question:

>Thank you for answering my previous question. I was wondering if you have a list of the mandatory records and logs needed. If so, are the requirements for each of the records/logs the same? What are the requirements? In your documentation toolkit, in each document you have a section for "managing records kept on the basis of this document". Are all of these records mandatory? If so, are there templates included in the toolkit?

Answer: To see a list of mandatory documents and records for ISO 27001, plesase access this article:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

All these documents and records are included in the ISO 27001 & ISO 22301 Premium Documentation Toolkit you bought. Also included in the toolkit there is a List of Documents file (located in the root folder) which shows which requirements and controls are covered by each document or record.

Regarding the section "managing records kept on th e basis of this document", some records mentioned in it are not mandatory, but they needed to be mentioned because the documents require their usage.

If during the template customization you identitfy that one or more of those non mandatory records are not necessary you can exclude them without problems.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 27, 2018

Mar 02, 2018

Suggested Topics
Guest user Created:   Feb 14, 2022 ISO 27001 & 22301
Replies: 1
0 0

Infosec procedures
Guest user Created:   Jun 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Filling documents
Guest user Created:   Apr 08, 2021 ISO 27001 & 22301
Replies: 1
0 0

Secure System Engineering Principles