Expert Advice Community

Guest

Secure System Engineering Principles

  Quote
Guest
Guest user Created:   Apr 08, 2021 Last commented:   Apr 08, 2021

Secure System Engineering Principles

I am interested in the Secure System Engineering Principles and what level of documentation is required?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 08, 2021

For ISO 27001, secure engineering principles are the high-level rules defined to apply security in software development (e.g., Assure information protection in processing, transit, and storage). This standard defines the control A.14.2.5 Secure system engineering principles to be implemented if you have relevant risks or legal requirements to justify its implementation.

Regarding the required documentation level, ISO 27001 does not prescribe any documentation level, so organizations are free to use the document level that best suits their needs. For example, you can define security principles as statements in a policy (e.g., security must be considered in business, data, application, and technological layers, security must balance protection and accessibility needs, etc. ), or you can provide them as detailed engineering procedures on how they must be implemented.

To see an example of a document that covers this control in a policy, I suggest you take a look at the free demo of this template: https://advisera.com/27001academy/01academy/emy/ademy/my/documentation/secure-development-policy/

These articles will provide you a further explanation about secure engineering principles:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 08, 2021

Apr 08, 2021