ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code
In this article ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code this two topics are explain. A.9.4.4 Use of Privileged Utility Programs Control- The use of utility programs that could bypass system and application controls should be limited and tightly controlled. Implementation Guidance- The following guidelines should be taken into account when using utility programs that could override system and application controls: the use of procedures for identification, authentication, and authorization of utility programs; Segregation of the utility programs from software applications; Limiting the availability of utility services to the minimum practicable number of reliable, authorized users ( refer to 9.2.3 ); Approval for the ad hoc use of utility programs; Limiting the availability of utilities, e.g. for the time of the approved amendment; Logging the use of utility programs; ...