Scrum Compliance

This diagram shows how Scrum framework comply with ISO 27001 process.

• Plan - In this step, sprint planning is made during the meeting with the team. Input for sprint planning is product backlog and output is the sprint backlog with the sprint goal. It is similar to ISO 27001 because in both processes, we have planning phase.

• Do - Next step is complying the controls from ISO 27001 in your process. Similarly, scrum has sprint execution and daily meetings. On the sprint execution all the tasks from sprint backlog are included. Also, from scrum point of view here the development and testing take place in the process.

• Check - In ISO 27001 there are monitoring of the process and evaluation. It is similar to scrum because this project methodology also has these steps during the way. They are done in sprint review and sprint retrospective. Also, process control is executed in the process.

• Act - This is the output from the sprint review and retrospective, which is expressed in the particular requirements and tasks for process improvement.

We can say that every sprint is like ISO 27001 cycle, because there is continuous improvement during the work.

(arhimetric,2019)