When to use this
Use this checklist before and after testing that involves sensitive, production-derived, personal, or confidential information.
Related controls
Checklist
- Test data source is documented.
- Synthetic or masked data was preferred.
- Live data use is approved.
- Personal data/privacy requirements are reviewed.
- Access is restricted to authorized testers.
- Logs, debug files, screenshots, exports, caches, and reports are protected.
- Retention period is defined.
- Secure deletion is planned and evidenced.
- Reproducibility needs are balanced against minimization.
- Template
- Iso27001
- Test information
- Privacy
Note Metadata
Aliases: Test Information Protection Checklist
Source: 90 Templates/Test Data Protection Checklist.md
Related Notes
- A.8.33 Audit Evidence Pack
- ISO 27001 A.8.10 - Information Deletion
- ISO 27001 A.8.11 - Data Masking
- ISO 27001 A.8.33 - Test Information
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Templates MOC