在ISO 27001:2013 與ISO 27001:2005差異比較#4說明新版ISO27001/27002新增了12項控制措施(controls),將一一進行解說與分享:
14.2.8 System security testing
系統安全測試
Control 控制措施
Tests of the securtiy functionality should be carried out during development.
安全功能的測試宜在發展過程中執行
Implementation guidance實作指引
New and updated systems require thorough testing and verification during the development processes, including the preparation of a detailed schedule of activities and test inputs and expected outputs under a range of conditions. For in-house developments, such tests should initially be performed by the development team. Independent acceptance testing should then be undertaken (both for in-house and for outsourced developments) to ensure that the system works as expected and only as expected (see 14.1.1 and 14.1.9). The extent of testing should be in proportion to the importance and nature of the system.

新版的ISO 27001/27002提及要進行系統安全測試, 包含輸入的檢查, 以及輸出是否如同預期. 宜進行獨立接收測試來確保結果如預期.