isms framework control a 14.2

iFour ConsultancyISO 27001 Control A 14.2Security in Development & Support Process

ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com1

A.14.2 Security in Development and Support Process

Objective

Controls


A.14.2.1 Secure Development Policy

Define rules for software development

Define rules for system development

Apply rules among the entire organization

Testing an integral part of policy


A.14.2.2 System Change Control Procedures

Define change implementation policy

Security assessment of change

Automated testing tool

Produce compliance reports


A.14.2.3 Technical Review of Applications after Operating Platform Changes

Platform independent tests

Operating system independent tests

Impact analysis on organizational security


A.14.2.4 Restrictions on Changes to Software Packages

Discouraged modification to software package

Limited & necessary changes

Controlled changes


A.14.2.5 Secure System Engineering Principles

Establishment of principles

Documentation of principles

Maintenance of principles

Application of principles


A.14.2.6 Secure Development Environment

Transparent code security test

Visibility to Vulnerability

Secure coding practices

Context based recommendations


A.14.2.7 Outsourced Development

Supervision of outsourced development

Vulnerability testing of third party development

Monitoring of outsource development


A.14.2.8 System Security Testing

Testing of security functionality

Information Leakage

confidentiality, integrity, authentication, availability, authorization and non-repudiation.


A.14.2.9 System Acceptance Testing

Well defined acceptance criteria

New developedUpgrades


References

ISO/ IEC : 27001 / 2013

http://www.quotium.com/resources/application-security-iso27001-compliance-seeker-can-help/


Visit our website for more detailshttp://www.ifour-consultancy.com/

iFour Consultancy Services
