Many organizations use SD Elements to map other kinds of documents, ranging from other information security policies, standards and guidelines (e.g. ISMS policies) to software development and enterprise architecture standards to legal/compliance requirements.
There is no restriction on using SD Elements in this manner. However, you should keep a few constraints in mind when determining what else to map:
- All new content must still make sense in the context of Applications & Projects. For example, a general policy on “End User Security Awareness” may not map easily to a project
- All tasks should make sense within the existing SD Elements phases, such as “Requirements” and “Testing” or custom additional phases. While it is possible to add new phases, we suggest not adding more than 2 custom phases
- All additional project settings should make sense alongside the existing project settings
- Users will still be asked to select a standard application profile when first creating a project