Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

All the controls for development , maintenance , support

  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

All the controls for development , maintenance , support

Hi , we are a company that develops softwares (for us and for clients). 1- Shall all the controls for development , maintenance , support be applied for our products and for the products we develop for us to support our business? or only the the products we develop for us ? for example : secure development policy or technical vul check  : these controls shall be applied on the products or the software we develop to support our business ?   If we include our products (that we develop for clients) in the scope , what are the consequences on implementation? Reagrds,
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

Afef,

This is primarily the question of setting the ISMS scope. If your scope covers only the systems you develop and maintain internally, then the controls from Annex A have to apply only to those systems; if you include in your scope also the products you deliver to your customers, then the controls must cover them as well.

If you include in the scope the products you deliver to your customers, then you have to assess all the risks related to information contained in those products, and then you have to apply applicable controls.

This article will explain you the logic of risk assessment and applying controls: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics