1 minute read
Properties > Advanced Properties > Custom > Organization Name. Press Ctrl A on the keyboard to select all text in the document (or use Select, Select All via the Editing header on the Home tab
Implementation guidance
The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text and certain generic terms, see the Completion Instructions document.
Purpose of this document
This document describes the organization’s policy regarding the development of applications and associated components in a secure way.
Areas of the standard addressed
The following areas of the ISO/IEC 27001:2013 standard are addressed by this document:
• A.5 Information security policies o A.5.1 Management direction for information security ▪ A.5.1.1 Policies for information security • A.14 System acquisition, development and maintenance o A.14.2 Security in development and support processes ▪ A.14.2.1 Secure development policy ▪ A.14.2.7 Outsourced development ▪ A.14.2.8 System security testing o A.14.3 Test data ▪ A.14.3.1 Protection of test data
General guidance
This is an important document because it covers several requirements. It sets out how you will ensure that the code you (and your suppliers) produce is as secure as possible. Note that if you have a purely COTS (Commercial Off the Shelf) package approach then many of these requirements will be inapplicable and marked as such in your Statement of Applicability.
Review frequency
We would recommend that this document is reviewed annually.
