Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Secure System Engg Principles

My Organization is ISO 9001 certified and CMMI L3 certified. Currently we are implementing ISO 27001. This question is regarding, Secure system engg principles. Can we have the SDLC document(which we have for 9001) for secure system engg principles. Is this enough or do we need to derive a new one? Please advice.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

If in your Software Development Life Cycle you have defined that the security is in place in the phases of development (requirements, design, coding, testing, operation), it can be enough for the ISO 27001 (questions about security in the requirements phase, risk assessment during the design phase, secure code during coding phase, etc.)

This webinar about ISO 9001 and ISO 27001 can be interesting for you "ISO 27001 implementation: How to make it easier using ISO 9001" : https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ . And also this article "Using ISO 9001 for implementing ISO 27001" : https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
Finally, we have a template for this control "14.2.5 Secure system engineering principles" that can help you (you can see a free version clicking on "Free Demo" tab "Secure Development Policy": https://advisera.com/27001academy/documentation/secure-development-policy/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community