Separation of production, testing and development environments

Critical
High
Normal
Low

Software under development, testing and production is run in differentiated technical environments in order to ensure the quality of development work in an environment that adapts to the production environment and, on the other hand, the production environment is not disturbed by unfinished development.

Sensitive or personal data of users is not copied and used in a development environment.

Connected other frameworks and requirements:
14.2.6: Secure development environment
ISO 27001
12.1.4: Separation of development, testing and operational environments
ISO 27001
12.5: Control of operational software
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
PR.DS-7: The development and testing environments
NIST CSF

Listing authorized users for publishing code changes

Critical
High
Normal
Low

Only pre-defined, authorized users are allowed to post changes to the code.

Connected other frameworks and requirements:
12.5: Control of operational software
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
14.2.2: System change control procedures
ISO 27001
14.2.7: Outsourced development
ISO 27001
8.19: Installation of software on operational systems
ISO 27001

Restoration strategy

Critical
High
Normal
Low

We have agreed and recorded policies to restore an earlier version of the software before implementing the releases.

Connected other frameworks and requirements:
12.3: Backup
ISO 27001
12.5: Control of operational software
ISO 27001
12.3.1: Information backup
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
14.2.2: System change control procedures
ISO 27001

Maintaining a release log

Critical
High
Normal
Low

An event log should be kept for all updates to production or customer software or in-house IT services.

Connected other frameworks and requirements:
12.5: Control of operational software
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
8.19: Installation of software on operational systems
ISO 27001
No items found.