I have been asked to create a process around restoring production data to test/development servers.
Apart from the logistics of restoring the data, masking the appropriate fields and granting access, I have to create a form that users are required to sign before we restore data. This form is to cover such things as:
1. Protecting the confidentiality of data (even if sensitive data has been masked)
2. To remove the database after completion of test/development
3. To restrict access to the database to a minimum number of people as possible
4. To restrict the people who can view the DB from test/development front-end(s)
5. Where data is printed from the database/front-end, ensure the output is protected and shredded afterwards
6. Not to copy the database
Does any one have such a process/document that they would be willing to share or if you have any ideas of what else I should cover in such a document?
Thanks in advance for your help.