8.31 Separation of Development, Test and Production Environments

Development, testing and production environments should be separated and secured.

Separation of development, test, and production environments in information security refers to the practice of maintaining separate environments for different phases of the software development life cycle (SDLC). This includes maintaining separate environments for development, testing, and production.

The development environment is where software is created and initially tested. This is where developers write and test code, and where new features and functionality are added to the software.The test environment is where software is thoroughly tested before it is deployed to production. This environment is used to identify and fix any issues with the software, including security vulnerabilities.The production environment is where the software is actually used by end-users. This is the live environment where the software is deployed and used by customers.The separation of these environments is important for security reasons because it helps to prevent any issues that may occur in the development or test environments from affecting the production environment.It also helps to prevent any unauthorised access, modification, or accidental deletion of production data and configuration.By maintaining separate environments for development, testing, and production, organisations can better manage security risks, ensure that the software is thoroughly tested before it is deployed, and minimize the potential impact of any issues that may occur.