Professional Documents
Culture Documents
ISO 27001 - Clause 12
ISO 27001 - Clause 12
ISO 27001 - Clause 12
Control Objective
Clause
Application access control
11.6
Logical access controls should be enacted to protect application systems and data
from unauthorized access.
An analysis of the requirements for security controls should be carried out at the
12.1.1 requirements analysis stage of each project.
Message integrity
Cryptographic Controls
To ensure that IT project and support activities are conducted in a secure manner.
12.4 Access to system files should be controlled.
12.4.3 Strict control should be maintained over access to program source code.
The impact of operating system changes should be reviewed and tested to ensure
12.5.2 that there is no adverse impact on operation or security.
Information leakage