Page 1076 - Cloud computing: From paradigm to operation
P. 1076
7 Security
14.2.3 Technical review of applications after operating platform changes
Control 14.2.3 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
14.2.4 Restrictions on changes to software packages
Control 14.2.4 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
14.2.5 Secure system engineering principles
Control 14.2.5 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
14.2.6 Secure development environment
Control 14.2.6 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
14.2.7 Outsourced development
Control 14.2.7 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
14.2.8 System security testing
Control 14.2.8 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
14.2.9 System acceptance testing
Control 14.2.9 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
Other information for cloud services
In cloud computing, guidance for system acceptance testing applies to the use of a cloud service by the cloud
service customer.
14.3 Test data
The objective specified in clause 14.3 of ISO/IEC 27002 applies.
14.3.1 Protection of test data
Control 14.3.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply.
15 Supplier relationships
15.1 Information security in supplier relationships
The objective specified in clause 15.1 of ISO/IEC 27002 applies.
15.1.1 Information security policy for supplier relationships
Control 15.1.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
apply. The following sector-specific guidance also applies.
1068
