For the secure development Policy, in section four of your template you mention testing plans. What should be included in this document? Also, is this a mandatory document that should be created along with the secure development Policy?
Answer: Testing plans should include the purpose of the test, test methodology to be used, planned inputs and expected inputs, acceptance criteria, and expected data or conditions for the test to be performed.
Testing plans and testing results are required only if controls A.14.2.8 and A.14.29 are identified as applicable as result of risk assessment.
>Thank you for answering my previous question. I was wondering if you have a list of the mandatory records and logs needed. If so, are the requirements for each of the records/logs the same? What are the requirements? In your documentation toolkit, in each document you have a section for "managing records kept on the basis of this document". Are all of these records mandatory? If so, are there templates included in the toolkit?
All these documents and records are included in the ISO 27001 & ISO 22301 Premium Documentation Toolkit you bought. Also included in the toolkit there is a List of Documents file (located in the root folder) which shows which requirements and controls are covered by each document or record.
Regarding the section "managing records kept on th e basis of this document", some records mentioned in it are not mandatory, but they needed to be mentioned because the documents require their usage.
If during the template customization you identitfy that one or more of those non mandatory records are not necessary you can exclude them without problems.