In ISO27002 section 14.2.7 it sets out the requirements for outsourced software development.
By Outsourced software development are they referring to bespoke software or does this also include off-the-shelf software?
Asked
Active
Viewed 170 times
2
-
Just to note that in the move from the 2005 to the 2014 version of the standard the wording was changed from 'software' to 'system'. – R15 Jan 09 '15 at 16:31
1 Answers
1
The intention of section (14.2.7) in 2014, (12.5.5) in 2005, have always referred to bespoke software development.
When I participated in the Swedish translation of ISO27002:2005 the question was never raised as to whether it might also apply to COTS-software.
However. Even though the intention of the section is to ensure a somewhat qualitative software development practice there is nothing, obviously, preventing the use and adaptation of this to apply also to regular software.
Many of these practices could be generalised and used as a part of a quality measurement of the organisation from which you intend on purchasing the COTS-software.
Christoffer
- 1,030
- 1
- 6
- 14