T7.5.2 -PROTECTION OF SYSTEM TEST DATA Implementation Guidance
The entity shall ensure the protection of system test data.
Back to T7.5.2 - P3 - PROTECTION OF SYSTEM TEST DATA
The use of operational databases containing personal information or any other sensitive information for testing purposes should be avoided. If personal or otherwise sensitive information is used for testing purposes, all sensitive details and content should be removed or modified beyond recognition before use. The following guidelines should be applied to protect operational data, when used for testing purposes:
- A. The access control procedures, which apply to operational application systems, should also apply to test application systems
- B. There should be separate authorization each time operational information is copied to a test application system
- C. Operational information should be erased from a test application system immediately after the testing is complete
- D. The copying and use of operational information should be logged to provide an audit trail
