91ԭ��

Use of test servers, systems and cloud-app environments in the University environment:

1. Test servers, systems and cloud-app environments should not contain production-level data. 
   
   This means they do not contain any personally identifiable or protected data (defined as “restricted” or “highly restricted” in the University’s Data Classification System). 
   
    
2. If business needs require that test server/system/cloud environment contain production-level data, they must be restricted to University IP space only, and access should be limited to the least number of users necessary. 
   
   Those servers/systems/environments should be treated as DCL 3 at a minimum and must be protected accordingly.
   
    
3. If production-level data must reside on a test server/system/cloud environment AND must be open externally the test server/system/cloud environment must be reported to the respective campus ISO for additional review.