Unified Compliance Testing for HTML Applications with AvePoint Compliance Guardian

AvePoint is always looking for ways to improve not only the company’s customer-facing products, but also the internal processes used in design, development, and quality assurance as required to bring products to market. The guidance that we provide to our Compliance Guardian customers to help manage their Governance, Risk and Compliance (GRC) programs is that “it’s critically important to both be transparent and accountable”. As such, our GRC technology allows our customers to say what they do, do what they say, and prove it! To that end, I wanted to share one of the innovative practices we are implementing at AvePoint in testing our own Compliance Guardian Platform products – with Compliance Guardian itself! Our Compliance Guardian Quality Assurance teams are utilizing a methodology that we call Unified Compliance Testing (UCT) for our HTML-based applications and services. Since I have just coined this phrase, let me define it. Unified Compliance Testing of HTML applications is mainly related to the following:

• standards-based testing;
• privacy, accessibility, or usability guidelines;
• papers and standards, including those for web applications on mobile platforms and numerous W3C Standards and guidelines; and
• application security and privacy best practices pertaining to the collection of personal or sensitive information, the use of tracking technologies, and/or compliance with privacy policies and notices supported by the application.

This testing is done in a logical, unified style to assure that a simple set of tests provides full coverage in a cost-effective manner. Here at AvePoint, we support these best practices across our products and services to assure that we can compete at the highest and most competitive levels. It’s fundamentally important to always assess our products as related to best practices while delivering standards-based solutions. Today, we are doing this automated testing for Compliance Guardian Online and the AvePoint Privacy Impact Assessment System (APIA), which are both HTML applications, as well as other AvePoint applications like Compliance Detector. Our first step in the unification of these compliance testing requirements is to implement the test suites, and then provide both static and rendered output testing for the selected standards, guidelines, and best practices. By using Compliance Guardian to manage this UCT process, we are able to then limit the items that need individual QA review manually. Essentially, those items that include “Human Review” will require that additional validation as every other result can be derived by the system, meaning the Pass/Fail/NA results. Human Review items are identified by the system and then logged for further manual inspection, as the system can identify the item but cannot determine the result of a test. Two good examples of this are:

1. The system finds a table, but the table needs a specialist to determine if it is accessible.
2. The system identifies a data collection method, such as an HTML form that needs review, to assure it matches company policies. This may be required so a Policy person can complete Security or Privacy Questionnaires – as in APIA.

By automating the UCT process with Compliance Guardian, customers – just like AvePoint – are able to improve quality and decrease the amount of time required to complete testing for standards compliance. Some of the essential features of the Application Testing Facility in Compliance Guardian are:

• • Recording, playback, and editing of Application Functional Tests (Scripts)
  • These test scripts can be used to specify pages to then test for aforementioned       standards
  • No coding experience necessary

AvePoint uses Compliance Guardian for the same reasons our customers do, to test our HTML-based applications, services, and the related content!  The automation of Quality Assurance practices available through Compliance Guardian have the obvious benefit of providing users with real knowledge about their data, applications, and services – and how the same are used. This knowledge can then be used to streamline the go-to-market strategy as well as minimize errors, usability, and quality concerns. Following the UCT process with Compliance Guardian creates easily repeatable processes and therefore provides a superior level of quality for products, services, and delivered content at a decreased cost. References

• Mobile: http://www.w3.org/2014/04/mobile-web-app-state/
• Accessibility: http://www.w3.org/standards/webdesign/accessibility
• Privacy: http://www.w3.org/Privacy/
• Usability: http://www.usability.gov/