Scribd Logo
Upload

Welcome to Scribd!

  • Standard 12.1 SecurityRequirementsOfSystems

    Uploaded by

    Allan Tuwanpor
    7 views2 pages
    This document outlines security requirements for systems at BG Group. It states that new systems must be designed with security in mind from the start. All security requirements should be identified early in a project and justified based on a risk assessment. Security controls should reflect the business value of the assets and potential losses. Business requirements for new systems should specify both automated and manual controls.

    Original Description:

    SecurityRequirementsOfSystems

    Original Title

    Standard-12.1-SecurityRequirementsOfSystems

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines security requirements for systems at BG Group. It states that new systems must be designed with security in mind from the start. All security requirements should be identified early in a project and justified based on a risk assessment. Security controls should reflect the business value of the assets and potential losses. Business requirements for new systems should specify both automated and manual controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    7 views2 pages

    Standard 12.1 SecurityRequirementsOfSystems

    Uploaded by

    Allan Tuwanpor
    This document outlines security requirements for systems at BG Group. It states that new systems must be designed with security in mind from the start. All security requirements should be identified early in a project and justified based on a risk assessment. Security controls should reflect the business value of the assets and potential losses. Business requirements for new systems should specify both automated and manual controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    BG 

    Group 
    Information Management 

    Standard 12.1 Security Requirements of Systems 

    Document owner:  Philip Colby 
    Reviewed by:  IM Governance 
    Approved by:  ISSG 
    Release status:  Approved 

    Security classification:  Unclassified 
    This document is uncontrolled when printed. 

    Document reference:  none 
    Document version:  1.1 

    Last review date:  2006­08­11 
    Next review date:  2007­11­01 
    Change history 

    Date  Section(s)  Version  Updated by  Description 


    1  2004­09­15  All  0.1  Philip Colby  Draft 
    2  2005­09­26  Title  1.0  Philip Colby  Renamed 
    3  2006­08­11  1.1  Philip Colby  Reviewed, no changes

    12.1 Security Requirements of Systems  Version: 1.1
    ã 2006 BG Group  Page 1 of 2  Date: 2006­08­11 
    BG Group 
    Information Management 

    Purpose 
    To ensure that security is built into information systems. 

    Scope 
    ISO 17799 section 12.1. 

    Audience 
    This standard applies to all of BG Group and subsidiaries, and to jointly owned 
    assets where BG is the operator. In non­operated assets it has advisory status. 

    Standard 
    New systems, whether applications or elements of infrastructure, must be designed 
    to be secure. The security requirements should be identified and agreed prior to 
    development, and should include the business processes that support the application 
    or service. 
    All security requirements, including the need for business continuity arrangements, 
    should be identified at the requirements phase of a project and justified, agreed and 
    documented as part of the overall business case for an information system. Security 
    requirements and controls should reflect the business value of the information assets 
    involved, and the potential business losses that might result from a failure or absence 
    of security. The security requirements should be established through a risk 
    assessment. The provisions in Standard 10.3 System Planning and Acceptance also 
    apply. 
    Statements of business requirements for new systems should also specify the 
    controls to be incorporated, both automated and manual. 

    Procedures 
    Project Risk Assessment Checklist. 

    Control Evidence 
    Completed checklists

    12.1 Security Requirements of Systems  Version: 1.1
    ã 2006 BG Group  Page 2 of 2  Date: 2006­08­11 

    You might also like