Safeguarding requirements may be supplemented or modified between editions of Publication 1075 by guidance issued by the Office of Safeguards.
Live Data Testing Notification Requirements
Live Data Testing Notification Form
The use of live FTI in test environments should generally be avoided and is not approved unless specifically authorized by the IRS Office of Safeguards. Dummy data should be used in place of live FTI wherever possible. This memo provides guidance to federal, state and local agencies that receive, store, process or transmit FTI on the requirements for the approval, acquisition, handling, protection, and disposition of live FTI used in system testing activities. This guidance further expands upon the Live Data Testing requirements provided in IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies, Section 9.4.6 – Live Data Testing.
Protecting FTI in a Cloud Computing Environment
Cloud Computing Notification Form
As agencies look to reduce costs and improve operations, cloud computing may offer promise as an alternative to traditional data center models. By utilizing software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) cloud service models, agencies may be able to reduce hardware and personnel costs by eliminating redundant operations and consolidating resources. While cloud computing offers many potential benefits, it is not without risk. Limiting access to authorized individuals becomes a much greater challenge with the increased availability of data in the cloud, and agencies may have greater difficulties isolating federal tax information (FTI) from other information and preventing “commingling” of data.