49
InformatIon SecurIty PolIcy DeveloPment for comPlIance
A.12.1.1 Security requirements analysis and specication
Control: Statements of business requirements for new informa-
tion systems or enhancements to existing information systems
shall specify the requirements for security controls.
A.12.2 Correct
pr
ocessing
in ap
plications
Objective: To prevent errors, loss, unauthorized modication, or mis-
use of information in applications.
Appropriate controls should be designed into applications, including
user-developed applications, to ensure correct processing. ese con-
trols should include the validation of input data, internal processing,
and output data.
Additional controls may be required for systems that process, or have
an impact on, sensi ...