Using Live Data for Testing

Ideally, all testing would utilise only realistic test data, expressly created for the purpose. However, in practice that may not be feasible, and it may be necessary to use a copy of current data files e.g. the client database. It is imperative that any such 'temporary test data' be treated as live at all times. This is particularly important because test staff tend to have more system privileges compared to a live (production) environment, and the organisation's usual Information Security procedures are unlikely to be followed.

To view the related Policy click      

  • Using live data for testing can severely compromise its confidentiality, possibly even leading to legal action.

  • Only use live data for testing if it is unavoidable.
  • Especially where contractors and other third party staff are involved, a Non Disclosure Agreement should be signed, together with a declaration of compliance with you organisation's Information Security Policy, controls and safeguards.
  • Beware of files that may continue to contain current data after testing is complete, with Information Security measures having ceased.
  • Agree how to delete / dispose of both data and printouts both during and after the testing.
  • The acquisition of data for testing may breach the Information Security safeguards of your live system which could result in fraud, malicious damage or even legal action if confidentiality is lost.

  • Do not permit the systems development staff to access the live system and its database. Agree a procedure with the System Administrator for the safe and secure copy of the data to, say, the development volume or system. Only release this data, once the means and use of access have been clarified and authorised.
  • Ensure that the techniques used to capture the live data do not permit subsequent or additional access to the live system by the development staff.
  • Data used for testing can become merged with live data, leading to confusion and potential disruption to your business operations.

  • Only use live data for testing if it is unavoidable.
  • Isolate development and testing work from your production work by means of separate machines or partitions.
  • Differentiate 'testing' from 'live' output, e.g. by different coloured paper or overprinting the words 'TEST DATA' in large capital letters.
  • Contain all test output within the test room / area. Where this is not practical, ensure that test reports etc are retrieved and gathered together after all interim reviews.
  • Ensure that the techniques used to capture the live data do not permit subsequent or additional access to the live system by the development staff.
Previous PageTop of this pageNext Page


Information Security Policies from US$595

 From
 US$595

Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page