DSP-15: Is authorization from data owners obtained, and the associated risk managed,
before replicating or using production data in non-production environments?
Before replicating data or using data in non-production systems copied from the production system, perform a risk analysis and obtain data owner approval. Then, implement privacy risk mitigating techniques such as anonymization, pseudonymization, etc. (if required).
Control implemented
Control ownership
Description
Obtain authorization from data owners, and manage associated risk
before replicating or using production data in non-production environments.