Management should establish testing standards that require the use of predefined, comprehensive test plans, end-user involvement, and documented test results. Additionally, testing standards should prohibit testing in production environments or with live data. If copies of live (customer) data are used during tests management should ensure that appropriate standards exist to protect the confidentiality of that data. Management can use test data generators, which are software applications that generate representative testing data based upon predefined parameters, to develop appropriate testing data. Numerous automated applications are also available that test program logic, functional operability, and network interoperability.
Risk Management Standards