Topic

Approval of security documentation

Applicable to

all

History

Mar 2022

The right to verify compliance with security requirements documented in contractual arrangements is exercised on a regular and ongoing basis.

If security documentation is not reviewed and approved by an appropriate authority, system owners risk failing in their duty to ensure that appropriate security controls have been identified and implemented for systems and their operating environments. In doing so, it is important that a system’s security architecture, as outlined within the system security plan and supported by the incident response plan and continuous monitoring plan, is approved by the system’s authorising officer prior to the development of the system.