When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this for projects that build, buy, configure, integrate, outsource, or materially change systems, services, processes, suppliers, infrastructure, or data flows.
Project details
| Field | Value |
|---|---|
| Project name | TBD |
| Project owner | TBD |
| Security reviewer | TBD |
| Business owner | TBD |
| System/service owner | TBD |
| Data types involved | TBD |
| Supplier involvement | TBD |
| Target go-live | TBD |
Requirements register
| Risk or driver | Security requirement | Control response | Owner | Validation method | Status | Evidence location | Residual risk decision |
|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Project security checklist
- Project activity security risks assessed.
- Deliverable security risks assessed.
- Security requirements documented with functional requirements.
- Security responsibilities assigned.
- COTS, add-ons, customizations, suppliers, and integrations assessed.
- Security requirements traced to risks and controls.
- Security impact reviewed for major project changes.
- Security requirements tested.
- Deficiencies tracked and resolved.
- Residual risks accepted by authorized owner.
- Operational handover includes control owners, evidence, monitoring, and support.
Related notes
- Template
- Iso27001
- A5 8
- Project management
- Risk assessment
Note Metadata
Aliases: Project Security Requirements
Source: 90 Templates/Project Security Requirements Register.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.