Security controls from ISO 27001 can be a helpful guide for TL 9000 implementation

Ensuring security of products and infrastructure is part TL9000 requirements. The ISO standard on information security can be a helpful reference for the organizations and auditors. The ISO 27001 standard provides a list of security controls. ISO 27002 provides implementation guidance of those controls. Organizations can pick and choose controls relevant for their products and/or services.

Key words in TL9000 (section 7.1) related to security are:

  • Security risk assessment by identifying threats and vulnerabilities
  • Product design should consider safeguarding from such threats and vulnerabilities
  • Implement operational controls in the operational environment
  • Include security risk assessment in the change control process

Here are some commonly used controls from ISO 2701:2013 Annex A that can be helpful for the organizations implementing TL9000. Most of these controls are simple common sense. You do not require an expert on security or IT to implement those.

For questions, contact Subrata Guha.

Leave a Reply

Your email address will not be published. Required fields are marked *