Surely if we meet the following then we comply, basically we need to treat the test system the same as a live system which I imagine most of us do. Our test system is managed in the same way as our live system and is on the same server so the ICT protocols.
• Alternatively, LAs could create a cloned production system to create a test system which reflects the live environment. The test system must be managed in exactly the same way as the production system, following all security and policy principles outlined within this MOU; for example encryption requirements, active monitoring, end-point access principles and anti-malware requirements must be replicated. There are conditions under GDPR which LAs must consider before adopting this approach
