Use of test servers, systems and cloud-app environments in the University environment:
- Test servers, systems and cloud-app environments should not contain production-level data.
This means they do not contain any personally identifiable or protected data (defined as “restricted” or “highly restricted” in the University’s Data Classification System).
- If business needs require that test server/system/cloud environment contain production-level data, they must be restricted to University IP space only, and access should be limited to the least number of users necessary.
Those servers/systems/environments should be treated as DCL 3 at a minimum and must be protected accordingly.
- If production-level data must reside on a test server/system/cloud environment AND must be open externally the test server/system/cloud environment must be reported to the respective campus ISO for additional review.