This requirement is specific to ISO 27001. It is required for Annex A control A.14.2.5.
Secure engineering is actually how you will apply security while making changes to your software or IT applications. An example of a security engineering principle “Assure information protection in processing, transit, and storage.” It’s important to know that principles apply to every phase of your development projects, and to all architectural layers of your final products (business, data, applications, and technology). Taking the example principle, here are examples of how it would be applied at the different layers during development.
business layer – e.g., based on user authentication level; only particular users can see personal data
data layer – e.g., only logging in with a strong database password for database maintenance activities is allowed
applications – e.g., application encryption is used for data export and import
technology – e.g., open-source software and state-of-the-art hardware and network infrastructure provided by selected vendors are used
The above information was taken from https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/.