Expert Advice Community

Home / ISO 27001 & 22301 / Software developmnet within the company

Guest

Software developmnet within the company

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Software developmnet within the company

ISO 27001 & 22301
Our company sells software we develop ourselves. Development is done within a separate system and is managed by its own policies, procedures, and has its own set of (security) requirements. Do we need to include these policies, procedures and requirements into the ISMS? I prefer to exclude this from the ISMS scope, because we don’t use this software in our oown production environment and the  requirements are customer specific. Thanks.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
AntonioS Jan 13, 2016

You can exclude the development in your ISMS scope. From my point of view, you have focused the scope in the production environment, and it is not mandatory to include also the development (although can be recommendable to include it in the future, integrating existing policies, procedures, etc. with the documentation of the ISMS). Anyway, if you need more information about the definition of the scope, you can read this article "How to define the ISMS scope" : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Sep 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Can a company be certified by someone who works for them?
Lajvar Created:   Apr 25, 2023 ISO 27001 & 22301
Replies: 1
0 0

Company Acquisition and Integration ISO27001
Guest user Created:   Feb 24, 2023 ISO 27001 & 22301
Replies: 1
0 0

How to make company auditor?