Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification

L

lufaso

Hi :bigwave:
about ISO 27001, control A12.1.1 Security requirements analysis and specification...

How do you implement this control? How can I show conformity?

Any help will be appreciated...
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Sorry for the late reply.

This control is pretty straightforward. As this is information security, the standard is saying that when you design systems, security should be part of the design and analysis stage. Not after. During the design stage the following should be considered:

1. who can access?
2. how to validate access?
3. if passwords, how long? complexity rules? expiration?

ISO/IEC 27002 provides a long-list of guides for ISMS controls.
 
You must log in or register to reply here.

Similar threads

R
ISO/IEC 27001:2022 Information security management systems
Replies
4
Views
652
ROOTS
R
R
Sample procedure needed for ISO/IEC 27001:2022
Replies
3
Views
2K
Andy W
A
J
SOC 2 information security auditing
Replies
0
Views
1K
john.b
J
D
Gap Analysis for Customer specific requirements
Replies
5
Views
430
radame
R
Richard Regalado
Informational ISO/IEC 27001:2022 has been published
Replies
0
Views
882
Richard Regalado
Richard Regalado
Top Bottom