
tion, payroll data, sales forecasts, customer information, etc. This data must be
sanitized by whatever means possible before it can be used.
RISK If sensitive data is extracted from production databases and moved or
used as test data, the security of the sensitive data is compromised.
Once data has been moved out of production, security controls are often not as
restrictive. Often it is moved to a less restrictive site and access is given to a wide variety
of developers and QA personnel.
AP-ADVICE-TESTDATA-01 Test data should be generated from generic
data or sanitized to eliminate security issues regarding sensitive data.
DEFINEs, ASSIGNs, PARAMs