PR.DS-07

Are your development and testing environments physically and logically separated from your production environment?

Explanation

Separation of environments is a critical security control that prevents development activities from impacting production systems and reduces the risk of unauthorized access to production data. Without proper separation, testing changes could accidentally affect live systems, developers might have unnecessary access to sensitive production data, and security vulnerabilities in development tools could expose production environments. Evidence of fulfillment could include network diagrams showing segregation between environments, access control matrices demonstrating different permission sets for each environment, documentation of environment provisioning processes, or screenshots of infrastructure management tools showing the distinct environments with their configurations.

Context

Function: PR: PROTECT
Category: PR.DS: Data Security
Sub-Category: The development and testing environment(s) are separate from the production environment

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub