Guest
Secure Development Policy template content
For the secure development Policy, in section four of your template you mention testing plans. What should be included in this document? Also, is this a mandatory document that should be created along with the secure development Policy?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Feb 27, 2018
Answer: Testing plans should include the purpose of the test, test methodology to be used, planned inputs and expected inputs, acceptance criteria, and expected data or conditions for the test to be performed.
Testing plans and testing results are required only if controls A.14.2.8 and A.14.29 are identified as applicable as result of risk assessment.
This article will provide you further explanation about tests:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
Expert
Rhand Leal
Mar 03, 2018
We received this question:
>Thank you for answering my previous question. I was wondering if you have a list of the mandatory records and logs needed. If so, are the requirements for each of the records/logs the same? What are the requirements? In your documentation toolkit, in each document you have a section for "managing records kept on the basis of this document". Are all of these records mandatory? If so, are there templates included in the toolkit?
Answer: To see a list of mandatory documents and records for ISO 27001, plesase access this article:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
All these documents and records are included in the ISO 27001 & ISO 22301 Premium Documentation Toolkit you bought. Also included in the toolkit there is a List of Documents file (located in the root folder) which shows which requirements and controls are covered by each document or record.
Regarding the section "managing records kept on th e basis of this document", some records mentioned in it are not mandatory, but they needed to be mentioned because the documents require their usage.
If during the template customization you identitfy that one or more of those non mandatory records are not necessary you can exclude them without problems.
>Thank you for answering my previous question. I was wondering if you have a list of the mandatory records and logs needed. If so, are the requirements for each of the records/logs the same? What are the requirements? In your documentation toolkit, in each document you have a section for "managing records kept on the basis of this document". Are all of these records mandatory? If so, are there templates included in the toolkit?
Answer: To see a list of mandatory documents and records for ISO 27001, plesase access this article:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
All these documents and records are included in the ISO 27001 & ISO 22301 Premium Documentation Toolkit you bought. Also included in the toolkit there is a List of Documents file (located in the root folder) which shows which requirements and controls are covered by each document or record.
Regarding the section "managing records kept on th e basis of this document", some records mentioned in it are not mandatory, but they needed to be mentioned because the documents require their usage.
If during the template customization you identitfy that one or more of those non mandatory records are not necessary you can exclude them without problems.
Comment as guest or Sign in
Feb 27, 2018
Mar 02, 2018
Mar 02, 2018