Content library
ISO 27001 (2013): Full
14.3.1: Protection of test data

How to fill the requirement

ISO 27001 (2013): Full

14.3.1: Protection of test data

Task name
Priority
Status
Theme
Policy
Other requirements
Protection and minimisation of test data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Secure development
6
requirements

Task is fulfilling also these other security requirements

14.3: Test data
ISO27 Full
14.3.1: Protection of test data
ISO27 Full
8.33: Test information
ISO27k1 Full
21.2.e: Secure system acquisition and development
NIS2
9.3 §: Tietojärjestelmien hankinta ja kehittäminen
KyberTL
1. Task description

The data and other materials used for testing should be carefully selected and protected.

Production information that contains personal or other confidential information should not be used for testing purposes.

Specific safeguards for production data used for testing
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Secure development
6
requirements

Task is fulfilling also these other security requirements

14.3: Test data
ISO27 Full
14.3.1: Protection of test data
ISO27 Full
8.33: Test information
ISO27k1 Full
21.2.e: Secure system acquisition and development
NIS2
2.1.6: Use separate environments for development, test and production
NSM ICT-SP
1. Task description

The use of production data for testing purposes should be avoided. If confidential information is used in testing, the following security measures should be used:

  • all sensitive details should be either deleted or made secure (e.g. anonymisation of personal data)
  • testing environments are subject to the same strict access control as production
  • copying production data to the test environment is done only with a separate authorization
  • production data is removed from the test environment immediately upon completion of testing
No items found.