When to use this
Use this record before production or sensitive data is copied into development, test, staging, analytics, or supplier environments.
Related controls
- A.8.31 Separation of Development Test and Production Environments
- A.8.11 Data Masking
- A.8.10 Information Deletion
Approval record
| Field | Value |
|---|---|
| System/data set | TBD |
| Requestor | TBD |
| Target environment | TBD |
| Business need | TBD |
| Data classification | TBD |
| Masking/anonymisation method | TBD |
| Access restrictions | TBD |
| Retention/deletion date | TBD |
| Residual risk | TBD |
| Approver | TBD |
| Approval date | TBD |
Minimum checks
- Synthetic or masked data was considered first.
- Use of sensitive data is justified.
- Target environment controls match data sensitivity.
- Access is restricted and logged.
- Deletion date is defined.
- Residual risk is accepted by an authorized owner.
- Template
- Iso27001
- Test data
- Environment separation
Note Metadata
Aliases: Production Data in Test Approval Record
Source: 90 Templates/Test Data Security Approval Record.md
Related Notes
- A.8.31 Audit Evidence Pack
- A.8.33 Audit Evidence Pack
- ISO 27001 A.8.10 - Information Deletion
- ISO 27001 A.8.11 - Data Masking
- ISO 27001 A.8.31 - Separation of Development Test and Production Environments
- ISO 27001 A.8.33 - Test Information
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Templates MOC