Production data, that is real data from “customers” that is gathered or used in the production environment, should not be used in non-production environments.  Non-production environments include, but are not limited to, development, quality assurance (QA), test, and user acceptance testing (UAT).

Non-production environments have more access and less security, leading to more exposure of information and more likelihood of unintended disclosure. Organizations want to minimize the risks to their data and protect the privacy of their customers or users.

Organizations expect that their data will not be used in non-production environments. Stand-in data should be used. This data is very similar to the production data in format, but does not include the actual data.

Every application needs a name that it is referred to as, whether it be for internal or external use.  Naming an application and setting boundaries as to what is part of that application and what that application is connected to is an important part of setting boundaries and assigning responsibilities.

The organization asking for the application name is simply looking for a way to refer to the application in paperwork, contracts, the security questionnaire, and in other communications.

The organization is looking for an established name of the application that they can use in documents and communications so that both your organization and theirs will understand what is being referred to in these communications. Version numbers may be applicable to include in the name, if there are major changes between application versions. If there are major changes, then the major version should be updated.  Minor version numbers may not need to be referred to in business documents, but are likely needed in technical documents exchanged as there may be impactful technical differences between minor versions.