Development, testing, and production environments must be kept separate and secured to safeguard the production environment and data from potential compromise during development and testing activities. The necessary level of separation between these environments should be identified and enforced to prevent any issues from affecting production systems.
Software under development, testing and production is run in differentiated technical environments in order to ensure the quality of development work in an environment that adapts to the production environment and, on the other hand, the production environment is not disturbed by unfinished development.
Sensitive or personal data of users is not copied and used in a development environment.
Access to source code and other related plans is controlled to prevent e.g. adding unauthorized code and avoiding unintentional changes. Access rights are allocated on a need-to-know basis and, for example, support staff are not granted unlimited access rights.
Source code control can be implemented, for example, by storing all code centrally in a dedicated source code management system.