BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Secure system engineering principles (clause A.14.2.5)

  Quote
mbeau0999 Created:   Aug 04, 2022 Last commented:   Aug 10, 2022

Secure system engineering principles (clause A.14.2.5)

What kind of documents are required to satisfy this clause? We have principles in place, but I'm unsure of documentation needed.

Assign topic to the user

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

Expert
Rhand Leal Aug 10, 2022

ISO 27001 does not specify how to document secure system engineering principles, so organizations are free to document them as best fit their needs.To see a document covering secure system engineering principles compliant with ISO 27001, please see this demo template: https://advisera.com/27001academy/documentation/secure-development-policy/In its section 3.3 Secure engineering principles you can document the principles you have in place (e.g., adoption of user authentication techniques, secure session control, data validation, etc.), or refer to the documents where they are explained (e.g., documents about guidance on secure programming techniques).

These articles will provide you with further explanation:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 04, 2022

Aug 10, 2022

Suggested Topics

Guest user Created:   May 12, 2022 ISO 27001 & 22301
Replies: 1
0 0

Mandatory docs