Quality Assurance

Introduction

Ensuring that a software system functions according to expectations is critical. To achieve this, we test and qualify our software prior to production. The level of testing and qualification matches the risk appetite for each system.

We perform both manual and automated testing, with a strong emphasis on automated approaches such as unit testing. Regardless of the approach, the testing process is systematic, and the results are documented.

Implementation of this control

For any software delivered to customers or with the potential to impact customer data, we test all software before deployment or release. Our primary testing method favours automated tests at both the unit and integration levels. Currently, our server software achieves over 95% branch coverage.

• We perform automated testing as part of our CI/CD pipelines.

• We record the automated test results against the code and artefacts in our CI/CD pipelines.

• We ensure that tests are passing and test results are stored before deployment.

Additionally, we can perform the following optional but recommended controls:

• We have a test coverage ratchet that fails if a coverage goal is not met, causing the pipeline to fail.

• Manual intervention is required to lower the coverage goal.