Before production systems become active, what must be done with test data and accounts?

• A. Archive test data for audit
• B. Removal of test data and accounts before production systems become active
• C. Convert test accounts to production accounts
• D. Keep test data in place but restrict access

Answer: (B)

Maintaining a clear separation between test and production environments is essential. Before production goes live, all test data and test accounts should be removed from the production environment so there’s no chance of dummy data or credentials being used to access live systems. This reduces risk of data exposure, keeps production data clean, and ensures access controls apply only to real production users. Archiving test data or converting test accounts to production accounts would still leave test artifacts or insecure credentials in production, and keeping data with restricted access doesn’t fully prevent potential exposure. Removing test data and accounts aligns with secure deployment practices and PCI DSS expectations for a clean, secure production environment.