Expert Advice Community

Secure system engineering principles (clause A.14.2.5)

  Quote
mbeau0999 Created:   Aug 04, 2022 Last commented:   Aug 10, 2022

Secure system engineering principles (clause A.14.2.5)

What kind of documents are required to satisfy this clause? We have principles in place, but I'm unsure of documentation needed.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 10, 2022

ISO 27001 does not specify how to document secure system engineering principles, so organizations are free to document them as best fit their needs.

To see a document covering secure system engineering principles compliant with ISO 27001, please see this demo template: https://advisera.com/27001academy/documentation/secure-development-policy/

In its section 3.3 Secure engineering principles you can document the principles you have in place (e.g., adoption of user authentication techniques, secure session control, data validation, etc.), or refer to the documents where they are explained (e.g., documents about guidance on secure programming techniques).

These articles will provide you with further explanation:

- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 04, 2022

Aug 10, 2022