Checklist of ISO/IEC 27001-A.14.2.3 Technical review of applications after operating platform changes

Introduction:

In the world of technology, software and hardware are continually updated and patched to keep them functioning optimally and secure. 

When these changes occur, it is essential to evaluate and review the systems’ security to ensure they remain secure. 

The A.14.2.3 technical review of applications after operating platform changes is one such evaluation. 

This article will examine the importance of this review and provide a checklist to help organizations conduct it.

Importance of A.14.2.3 Technical Review of Applications After Operating Platform Changes:

Operating system and application changes can significantly impact system security. Therefore, it is vital to conduct a technical review of applications after these changes. The purpose of this review is to ensure that the security measures previously implemented still function correctly and are not impacted by the changes.

This review should include the following elements:

  • An assessment of security risks associated with the changes
  • A review of system security policies to ensure they are still applicable
  • A review of system security procedures to ensure they are still applicable
  • A review of access controls to ensure they are still applicable
  • A review of data encryption to ensure it is still applicable
  • A review of system logs to ensure they are still capturing the necessary information
  • A review of system backups to ensure they are still valid

Sample Checklist:

  • Identify the changes made to the operating system or application and review them to understand their impact on the system’s security.
  • Identify the security controls in place before the changes and determine if they are still applicable.
  • Review system logs to ensure that they are still capturing the necessary information.
  • Review system backups to ensure they are still valid.
  • Assess the impact of changes on system access controls and encryption, if any.
  • Test the system to ensure that it is still functioning correctly and securely.
  • Document the results of the technical review and any remediation steps taken.
See also  ISO 27001 and NIST: How do these two work together?

Conclusion:

The A.14.2.3 technical review of applications after operating platform changes is a crucial evaluation that organizations should conduct to ensure their systems remain secure after changes to operating systems or applications. 

Organizations can use the checklist provided in this article to conduct the review effectively. 

By following the checklist, organizations can minimize the security risks associated with changes and ensure that their systems remain secure.

Leave a comment

Your email address will not be published. Required fields are marked *