Business requirements documentation

Business requirements documentation for new systems or enhancements to existing systems must
contain the requirements for security controls. Security vulnerabilities must be recognised from the outset
through undertaking a risk assessment and the security requirements must be developed alongside the
functional requirements.