T3.2.5 - SEPARATION OF DEVELOPMENT, TEST AND OPERATIONAL DUTIES Implementation Guidance
The entity shall separate development, test, and operational environment.
Back to T3.2.5 - P2 - SEPARATION OF DEVELOPMENT, TEST AND OPERATIONAL FACILITIES
The level of separation between operational, test, and development environments that is necessary to prevent operational problems should be identified and appropriate controls implemented. The following items should be considered:
- A. Rules for the transfer of software from development to operational status should be defined and documented
- B. Development and operational software should run on different systems or computer processors and in different domains or directories
- C. Compilers, editors, and other development tools or system utilities should not be accessible from operational systems when not required
- D. The test system environment should emulate the operational system environment as closely as possible
- E. Users should use different user profiles for operational and test systems, and menus should display appropriate identification messages to reduce the risk of error
- F. Sensitive data should not be copied into the test system environment
Back to T3.2.5 - P2 - SEPARATION OF DEVELOPMENT, TEST AND OPERATIONAL FACILITIES
