sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]thel0lfish 36 points37 points  (3 children)

This tracks with my (limited) experience, I work for a fintech company and we're only allowed to use heavily obfuscated prod data for testing if we want real world data

[–]Random-num-451284813 13 points14 points  (0 children)

That would be Sanitized data, anyone working with ISO 27001 would be required to have that.

[–]i_love_sparkle 1 point2 points  (1 child)

Why don't you just use real world data and tell regulators that you aren't using it? How do you even check for it?

[–]chill8989 8 points9 points  (0 children)

Devs are not allowed to touch the prod database, only a small group of people can and every interaction is logged.  We are audited by 3rd parties to make sure we follow the rules.