6 PIMS-specific guidance related to ISO/IEC 27002 与ISO/IEC 27002相关的隐私信息管理体系(PIMS)的特定指南/6.11 Systems acquisition, development and maintenance 系统获取、开发和维护/6.11.3 Test data 测试数据/6.11.3.1 Protection of test data 测试数据的保护
6.11.3.1 Protection of test data 测试数据的保护The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.3.1 and the following additional guidance applies:在ISO/IEC 27002:2013, 14.3.1中陈述的控制项,实施指南和其他信息,以及以下附加的指南适用:Additional implementation guidance for 14.3.1, Protection of test data, of ISO/IEC 27002:2013 is:附加到ISO/IEC 27002:2013中的“14.3.1 测试数据的保护”的实施指南是:PII should not be used for testing purposes; false or synthetic PII should be used. Where the use of PII for testing purposes cannot be avoided, technical and organizational measures equivalent to those used in the production environment should be implemented to minimize the risks. Where such equivalent measures are not feasible, a risk-assessment should be undertaken and used to inform the selection of appropriate mitigating controls.个人身份信息(PII)不宜被用作测试目的,测试宜使用不真实的或编造的个人身份信息(PII)。若因测试目的而不可避免地使用个人身份信息(PII),那么宜实施在正式环境所使用的同等的技术和组织措施,以将风险降低到最低。若这些同等的措施是不可行的,则宜采取风险评估,并以此告知适用的减缓措施的选择。
还没有评论,来说两句吧...