ISO 27701, Clause 6.11.3 – Test Data

ISO 27701 Controls and Clauses Explained

Book a demo

african,ethnicity,businessman,hands,typing,using,laptop,close,up,view

Test data (whether dedicated or sourced from an operational environment) needs to be closely managed and logged, to ensure that privacy information is not used inappropriately, or compromised in any way when moving from one environment to another.

What’s Covered in ISO 27701 Clause 6.11.3

ISO 27701 6.11.3 contains one sub-clause that deals with the protection of test data (ISO 27701 6.11.3.1).

There are no additional PIMS or PII-specific guidelines to adhere to, and a single UK GDPR article to consider alongside guidance from ISO 27002 (see below).

Please note that GDPR citations are for indicative purposes only. Organisations should scrutinise the legislation and make their own judgement on what parts of the law applies to them.

Simple. Secure. Sustainable.

See our platform in action with a tailored hands-on session based on your needs and goals.

Book your demo
img

ISO 27701 Clause 6.11.3.1 – Protection of Test Data

References ISO 27002 Control 8.33

Organisations should carefully select test data to ensure that testing activity is both reliable, and secure. Organisations should pay extra attention to ensuring that PII is not copied into the development and testing environments.

In order to protect operational data throughout testing activities, organisations should:

  • Utilise a homogenous set of access control procedures across testing and operational environments.
  • Ensure that authorisation is required every time operational data is copied to a test environment.
  • Log the copying and use of operational data.
  • Safeguard privacy information through techniques such as masking (see ISO 27002 Control 8.11).
  • Removing operational data from a testing environment, once it’s no longer needed (see ISO 27002 Control 8.10).
  • Securely store test data, and ensure that employees are aware that it is only to be used for testing purposes.

Applicable GDPR Articles

  • Article 5 – (1)(f)

Relevant ISO 27002 Controls

  • ISO 27002 8.10
  • ISO 27002 8.11

Supporting Controls From ISO 27002 and GDPR

ISO 27701 Clause IdentifierISO 27701 Clause NameISO 27002 ControlAssociated GDPR Articles
6.11.3.1Protection of Test Data8.33 – Test Information for ISO 27002Article (5)

How ISMS.online Helps

ISMS.online makes personal information management easy through a great cloud-based solution to support ISO 27701 compliance in your organisation.

On top of this we have information security experts and resources available to guide you through the ISO 27701 accreditation process.

<‌p>Find out more by booking a hands on demo.

See ISMS.online
in action

Book a tailored hands-on session
based on your needs and goals
Book your demo

Unsure whether to build or buy?

Discover the best way to achieve ISMS success

Get your free guide

Explore ISMS.online's platform with a self-guided tour - Start Now