Professional Documents
Culture Documents
Standard 12.1 SecurityRequirementsOfSystems
Standard 12.1 SecurityRequirementsOfSystems
Group
Information Management
Standard 12.1 Security Requirements of Systems
Document owner: Philip Colby
Reviewed by: IM Governance
Approved by: ISSG
Release status: Approved
Security classification: Unclassified
This document is uncontrolled when printed.
Document reference: none
Document version: 1.1
Last review date: 20060811
Next review date: 20071101
Change history
12.1 Security Requirements of Systems Version: 1.1
ã 2006 BG Group Page 1 of 2 Date: 20060811
BG Group
Information Management
Purpose
To ensure that security is built into information systems.
Scope
ISO 17799 section 12.1.
Audience
This standard applies to all of BG Group and subsidiaries, and to jointly owned
assets where BG is the operator. In nonoperated assets it has advisory status.
Standard
New systems, whether applications or elements of infrastructure, must be designed
to be secure. The security requirements should be identified and agreed prior to
development, and should include the business processes that support the application
or service.
All security requirements, including the need for business continuity arrangements,
should be identified at the requirements phase of a project and justified, agreed and
documented as part of the overall business case for an information system. Security
requirements and controls should reflect the business value of the information assets
involved, and the potential business losses that might result from a failure or absence
of security. The security requirements should be established through a risk
assessment. The provisions in Standard 10.3 System Planning and Acceptance also
apply.
Statements of business requirements for new systems should also specify the
controls to be incorporated, both automated and manual.
Procedures
Project Risk Assessment Checklist.
Control Evidence
Completed checklists
12.1 Security Requirements of Systems Version: 1.1
ã 2006 BG Group Page 2 of 2 Date: 20060811