Environments

For every project we always have the following four environments: development, test, acceptance and production. More about environments and what they are used for can be found within the "Development Policy". Security between environments can differ, as explained below.

Development

Most development is done either locally or within a "development" environment (sometimes a hybrid setup is even used).

A development environment may not be publicly accessible and must be restricted to developers of the project team only.

Test

Although not mandatory, it is wise to implement as many security measures as possible on the test environment to make sure these do not break anything when deploying to acceptance (where these measures are mandatory).

Acceptance

The acceptance environment is where the customer (or main stakeholder) of a project can test functionality and make sure everything is in order before promoting a release to production.

All security measures must be in place on the acceptance environment as this environment may be publicly accessed. It is also acceptable to not make the acceptance environment publicly accessible, but this does not negate the need for security measures.

Production

Almost all production environments are publicly accessible and all security measures, just like on an acceptance environment, must be in place (even if the production environment is not publicly accessible).