Secure Engineering Principles (control A.14.2.5)
Assign topic to the user
ISO 27001 SECURE DEVELOPMENT POLICY
Basic rules for secure development of software and systems.
Get it now 
ISO 27001 SECURE DEVELOPMENT POLICY
Basic rules for secure development of software and systems.
Get it now
ISO 27001 SECURE DEVELOPMENT POLICY
Basic rules for secure development of software and systems.
Get it now
Answer:
The control A.14.2.5 is related to the large information system design, which also includes the development of software. So, you simply need to design the security into all architecture layers: business, data, application and technology.
How can you design security during the development of software? With a Secure Development Policy, I mean, with rules that establish how to codifying a secure code, so an auditor could search this document (although is not mandatory to have a document for this).
So, generally the auditor will search in your organization procedures or technical instructions that you uses for the information systems design: Some examples: Secure Development Policy, Policy of fortification of servers, policy of configuration of data bases, etc.
Regarding the Secure Development Policy, this template can be useful for you (you can see a free version cl icking on “Free demo” tab) “Secure Development Policy” : https://advisera.com/27001academy/documentation/secure-development-policy/
By the way, for more information about the security controls, our online course can be also interesting for you “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Feb 29, 2016