Separation of production, testing and development environments

Critical
High
Normal
Low

Software under development, testing and production is run in differentiated technical environments in order to ensure the quality of development work in an environment that adapts to the production environment and, on the other hand, the production environment is not disturbed by unfinished development.

Sensitive or personal data of users is not copied and used in a development environment.

Connected other frameworks and requirements:
14.2.6: Secure development environment
ISO 27001
12.1.4: Separation of development, testing and operational environments
ISO 27001
12.5: Control of operational software
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
PR.DS-7: The development and testing environments
NIST CSF

Source code management

Critical
High
Normal
Low

Access to source code and other related plans is controlled to prevent e.g. adding unauthorized code and avoiding unintentional changes. Access rights are allocated on a need-to-know basis and, for example, support staff are not granted unlimited access rights.

Source code control can be implemented, for example, by storing all code centrally in a dedicated source code management system.

Connected other frameworks and requirements:
9.4.5: Access control to program source code
ISO 27001
14.2.6: Secure development environment
ISO 27001
8.4: Access to source code
ISO 27001
8.31: Separation of development, test and production environments
ISO 27001
No items found.