.png)
ISO27001 states that “Rules for the secure development of software and systems shall be established and applied.” (A8.25 – Secure development lifecycle)
Dependent upon the complexity of your development processes, you may decide on defining a set of procedures (which could also be classifed as 'rules'). However, we believe that it's important to define your expectations in a policy and set the 'rules' for your development team(s) to follow.
This policy helps set the stage for your requirements in a way that is easy to understand and follow.
About our policies
This policy is written with the end-user in mind. It is not complicated, and it is written in 'plain english'. It's important to note that ISO27001 mandates key policies (where a control has been selected), but it does NOT mandate that the policies are BORING!
Keep the audience in mind. Don't reveal too much in your policies (i.e. don't mention specific technologies, as these may change over time.
Keep. It. Simple.
Secure Development Policy
Hey, we're not going to go all 'legal' on you here... that's not our style. But this is our Intellectual Property, and we'd prefer it if you didn't go sharing this with other people who haven't spent the money and bought a copy.
Of course, we can't really stop you... But are you that kind of person? We don't think you are. So if you want to tell people about your new found super power of ISO27001-Awesomeness, great... just don't give it away for free!