When to use this
Use this record when a system design deviates from approved secure architecture or engineering principles.
Related controls
- A.8.27 Secure System Architecture and Engineering Principles
- Secure Architecture Principles Standard
Deviation record
| Deviation ID | System | Principle affected | Reason | Risk impact | Compensating control | Approved by | Review date |
|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Minimum checks
- Deviation is documented.
- Risk impact is assessed.
- Compensating control is defined.
- Approval is recorded.
- Review date is set.
- Template
- Iso27001
- Technological controls
- Secure architecture
Note Metadata
Aliases: Security Architecture Deviation Record
Source: 90 Templates/Security Engineering Deviation Record.md
Related Notes
- A.8.27 Audit Evidence Pack
- ISO 27001 A.8.27 - Secure System Architecture and Engineering Principles
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.27 Audit Checklist
- Secure Architecture Principles Standard
- Templates MOC