Expert Advice Community

Guest

System Acquisition Development and Maintenance

  Quote
Guest
Guest user Created:   Jan 29, 2021 Last commented:   Jan 29, 2021

System Acquisition Development and Maintenance

Regarding 27001 Toolkit\08_Annex_A_Security_Controls\A.14_System_Acquisition_Development_and_Maintenance:

We do not do any software development. Is it safe to say that we do not need to complete this Policy and Appendix on Specification o Requirements?   If so, do we note this elsewhere in the documentation?

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 29, 2021

Your assumption is correct. Since you do not do any software development, you do not need to complete the Secure Development Policy.

Since this document will not be used by your organization, you must update the Statement of Applicability to reflect this situation.

These articles will provide you a further explanation:

This material will also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 29, 2021

Jan 29, 2021

Suggested Topics

Guest user Created:   Jan 09, 2020 ISO 27001 & 22301
Replies: 1
0 0

Documenting information

Guest user Created:   Nov 13, 2020 ISO 27001 & 22301
Replies: 1
2 0

Finding ISO 27017/18 content

Guest user Created:   Apr 08, 2020 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content