Limitations on Production Data on Non-Production Environments Policy

Version 1.0

For Students, Faculty, Staff, Guests, Alumni

The purpose of this policy is to establish parameters for the use of Production Data in non-production environments.

Scope

This IT policy, and all policies referenced herein, shall apply to the following members of the University community, including faculty, students, administrators, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • Production Data shall not be replicated or used in non-production environments except for QA and Pre-Production (PPRD).
  • Data impacted must comply with legal and regulatory requirements per the Data Classification Guidelines and Data Classification and Protection Policy.
  • Any use of Production Data in non-production environments other than QA and PPRD requires explicit, documented approval from the Vice President and Chief Information Officer, the Associate Vice President for IT/CISO, and the Associate Vice President of DevOps.
  • When it is not viable to segregate the production data from the non-production environments, controls must be implemented to match production environment requirements, or the data must be anonymized to the satisfaction of the data owners.

Definitions

IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.

Non-production is any application environment that allows testing without impacting University operations. Non-production environments may otherwise be known as development, test, stage, or Sandbox environments.

Production Data refers to live and operational information.

A Production environment is an operational environment in which a software application or system is deployed and used to perform its intended tasks.

A QA environment, also known as a test environment, is used to validate a software application’s quality before it is deployed to production and to optimize software development processes so that the software works. This environment is typically isolated from other environments, such as development and staging, to ensure that any issues found in the QA environment do not impact the live production system.

Related Policies and Procedures

 Implementation Information

Review Frequency:
Triennial
Responsible Person:
Senior Director of IT Security and Assurance
Approved By:
CISO
Approval Date:
November 1, 2023

Revision History

Version
Date
Description
1.0
11/01/2023
Initial document

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal.

Need Help?


Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours