Clause 8.28 of ISO/IEC 27002:2022 addresses “Secure system architecture and engineering principles,” which includes secure design principles throughout the system lifecycle.
The purpose is:
“To ensure that security is built into systems and processes by following recognized engineering and design principles, minimizing vulnerabilities.”
This clause ensures secure system architecture is embedded early, aligning with secure-by-design practices.
[References:, ISO/IEC 27002:2022 Clause 8.28 (Secure system architecture and engineering principles), ISO/IEC 27001 Implementation Toolkit Guide (Secure development reference)===========]
Submit