ISO27001:2022 states that “Principles for engineering secure systems shall be established, documented, maintained and applied to any information system development activities.” (A8.27 – Secure system architecture and engineering principles)
Note here the ISO27001 control deliberately uses the word ‘architecture’ in the title. This tells us that this control is concerned with the way that systems are designed and built, and that it happens in a structured way.
Also note that this ISO27001 control has several aspects to it, where it states that principles shall be;·
- Established – defined by someone· Documented – exist in a way that can be evidenced·
- Maintained – routinely considered and addressed·
- Applied – evidenced that principles are being followed
This process is provided here as an example of the steps that you should consider when implementing your SDLC programme.
About our procedures
Our procedures are written with the end-user in mind. They need to represent 'truth' and what actually happens in your organisation.
Remember to always keep the audience in mind; Who will read these documents? They are a little more detailed than policies, as they can include steps that must be followed to achieve the desired outcome.
Software Development Life Cycle Process
Hey, we're not going to go all 'legal' on you here... that's not our style. But this is our Intellectual Property, and we'd prefer it if you didn't go sharing this with other people who haven't spent the money and bought a copy.
Of course, we can't really stop you... But are you that kind of person? We don't think you are. So if you want to tell people about your new found super power of ISO27001-Awesomeness, great... just don't give it away for free!