Test Information Selection and Protection
Choose and protect test data carefully to avoid exposing sensitive information.
Plain language
This control is about making sure that when you're testing new software or systems, you don't accidentally expose sensitive information, like customer data. If you don't protect this information properly, it could be accessed by someone who shouldn't see it, leading to privacy breaches and potentially serious reputational damage.
Framework
ISO/IEC 27001:2022
Control effect
Preventative
ISO 27001 domain
Technological controls
Classifications
N/A
Official last update
24 Oct 2022
Control Stack last updated
12 Apr 2026
Maturity levels
N/A
Official control statement
Test information shall be appropriately selected, protected and managed.
Why it matters
Exposing real data in testing can lead to data breaches and reputational damage, as sensitive information may be accessed inappropriately.
Operational notes
Regularly audit test environments to ensure only anonymised or synthetic data is used, with robust access controls and secure deletion after testing.
Implementation tips
- The IT manager should ensure that test information is properly chosen to avoid using real customer data unnecessarily. Use dummy data or anonymised data wherever possible by creating fake records that don't tie back to real individuals. This approach minimises the risk of exposing sensitive information during testing.
- Data protection officers must enforce specific rules for accessing testing environments. This means only allowing people who absolutely need access to test data. Train staff regularly on access procedures and ensure that access logs are reviewed periodically for any unauthorised access attempts.
- The IT team needs to set up logging and monitoring within test environments to track data usage. Implement logging tools that keep a record of every action taken within the test environment, so there’s a clear trail of who accessed what data and when, ensuring a high level of transparency.
- Database administrators should remove or anonymise sensitive data before it is used in a test environment. Use techniques such as data masking to hide real data with scrambled or false data characters, which aligns with the Privacy Act 1988 and keeps sensitive information secure during tests.
- Once testing is done, IT staff must delete the test data promptly. Implement automated scripts to clean up test environments after each test cycle, ensuring no sensitive operational data remains that could be misused or accidentally exposed later.
Audit / evidence tips
-
AskRequest access control logs for the test environment.
GoodThere are clear, consistent records of access, showing that only authorised personnel have accessed the test data, with entries matching the policy outlined in access control documentation.
-
AskRequest a copy of the data masking policy or procedures.
GoodProcedures clearly show that sensitive data is scrambled or replaced with fictional data prior to any testing activity.
-
AskRequest logs of data deletions after testing is completed.
GoodLogs are complete and verify that no data is left in the test environment after testing, as per the established deletion policy.
-
AskRequest an overview of test data selection criteria.
GoodSelection criteria ensure minimal use of real data, with clear reasons when actual data is used, demonstrating compliance with ISO 27002:2022 guidelines.
-
AskRequest audit trails of operations conducted within the test environment.
GoodAudit trails are complete, showing a clear sequence of testing actions, proving adherence to operational controls.
Cross-framework mappings
How Annex A 8.33 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| ISM-0831 | Annex A 8.33 requires test information to be selected, protected and managed to prevent exposure of sensitive data | |
| ISM-2021 | ISM-2021 requires system owners to implement data minimisation so only necessary data is collected and stored in each system | |
| handshake Supports (5) expand_less | ||
| ISM-0457 | Annex A 8.33 mandates protection and management of test information including preventing disclosure of sensitive data | |
| ISM-0465 | Annex A 8.33 requires selection and protection of test information to avoid exposure of sensitive data | |
| ISM-0631 | Annex A 8.33 requires management of test information to avoid unauthorised disclosure or misuse | |
| ISM-1273 | Annex A 8.33 requires selection and protection of test information to prevent leakage of sensitive data | |
| ISM-2094 | ISM-2094 requires AI applications to filter content to prevent sensitive data leakage and improper disclosure in outputs | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.