Input validation checks all user input before it is processed by the application. The goal is to catch erroneous, unexpected, or malicious data early. Effective validation uses whitelisting: only explicitly allowed characters, formats, and value ranges are accepted. Server-side validation is essential because client-side checks can be bypassed. Input validation is a central defense-in-depth measure against injection attacks, cross-site scripting, and other vulnerabilities. In your ISMS, it belongs as a mandatory requirement in the secure development policy.