Software under development, testing and production is run in differentiated technical environments in order to ensure the quality of development work in an environment that adapts to the production environment and, on the other hand, the production environment is not disturbed by unfinished development.
Sensitive or personal data of users is not copied and used in a development environment.
Only pre-defined, authorized users are allowed to post changes to the code.
Unmanaged installations of software on computers can lead to vulnerabilities and security breaches.
The organization should determine what types of software or updates each user can install. The instructions may include e.g. the following guidelines:
An event log should be kept for all updates to production or customer software or in-house IT services.