ISO 27001 Annex : A.14.3 Test data

ISO 27001 Annex : A.14.3  Test data its objective is to ensure that data used for research are secured.

A.14.3.1  Protection of test data

Control – Careful collection, security, and review of test data should be performed.

Implementation Guidance – It should be avoided the use of operational information containing personal information or any other confidential information for test purposes. Where personal information or otherwise confidential information for testing purposes is used, all sensitive information and content should be protected either by deletion or modification.

When used for testing purposes, the following guidelines should be used for the protection of operational data:

1. The access management protocols applicable to the running application systems should also refer to the application control systems;
2. Every time operational information is copied to the test setting, separate authorization should be granted;
3. Operational information should be deleted immediately after completion of the test environment from a test environment;
4. In order to include an audit trail, copying and using operational details should be logged.

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

Other Information – System testing and acceptance testing usually involve significant volumes of test data as close to operational data as possible.

A well-known ISO 27001 Lead Auditor and ISO 27001 Lead Implementer certificate that mainly covers information security clauses and their implementation, i.e., controls which should be implemented by the organization to preserve the CIA triad, Confidentiality, Integrity, and Availability to maintain their critical, sensitive information in a secure manner. Infosavvy, an institute in Mumbai conducts training and certification for multiple domains in Information Security which includes IRCA CQI ISO 27001:2013 Lead Auditor (LA), ISO 27001 Lead Implementer (LI) (TÜV SÜD Certification). Infosavvy will help you to understand and recognize the full scope of your organization’s security checks to protect your organization’s activities and information equipment (assets) from attacks, and also to illustrate the controls for securing system engineering principles and also controls for maintaining and testing software packages and systems. We have trainers with extensive expertise and experience to ensure the efficient handling of the security of information. Consequently, the applicant will gain the necessary skills for the ISMS audit by using commonly agreed audit concepts, procedures and techniques.

Read More : https://info-savvy.com/iso-27001-annex-a-14-3-test-data/

-------------------------------------------------------------------------------------------------------------------------------------