Test data (whether dedicated or sourced from an operational environment) needs to be closely managed and logged, to ensure that privacy information is not used inappropriately, or compromised in any way when moving from one environment to another.
ISO 27701 6.11.3 contains one sub-clause that deals with the protection of test data (ISO 27701 6.11.3.1).
There are no additional PIMS or PII-specific guidelines to adhere to, and a single UK GDPR article to consider alongside guidance from ISO 27002 (see below).
Please note that GDPR citations are for indicative purposes only. Organisations should scrutinise the legislation and make their own judgement on what parts of the law applies to them.
Organisations should carefully select test data to ensure that testing activity is both reliable, and secure. Organisations should pay extra attention to ensuring that PII is not copied into the development and testing environments.
In order to protect operational data throughout testing activities, organisations should:
ISO 27701 Clause Identifier | ISO 27701 Clause Name | ISO 27002 Control | Associated GDPR Articles |
---|---|---|---|
6.11.3.1 | Protection of Test Data | 8.33 – Test Information for ISO 27002 | Article (5) |
ISMS.online makes personal information management easy through a great cloud-based solution to support ISO 27701 compliance in your organisation.
On top of this we have information security experts and resources available to guide you through the ISO 27701 accreditation process.
<p>Find out more by booking a hands on demo.
Book a tailored hands-on session
based on your needs and goals
Book your demo