The Segregation of IT Environments Standard supports the IT control framework with respect to segregation of IT environments. It outlines the minimum information security controls for segregation of labs, development, test, and production environments. The key principle of segregation of environments is that the integrity & availability of the production computing environment and the business data residing therein must be protected from unauthorized access, changes and other negative impacts.
Different access rules and data integrity considerations apply to the development & test environments. Hence controls must be in place to isolate these environments from each other as appropriate.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. DEVELOPMENT, TEST, AND PRODUCTION ENVIRONMENT SEPARATION
3.1 IDENTIFICATION OF ENVIRONMENTS
3.2 SEGREGATION OF ENVIRONMENTS
4. MAINTAINING SECURITY WITHIN ENVIRONMENTS
4.1 SEGREGATION OF DUTIES
4.2 USE OF ENVIRONMENTS
4.3 DEPLOYMENT INTO PRODUCTION
4.4 DATA PROTECTION
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!