Testing Is The New Black

Recently I was at a webinar for a coming EU IT regulation. One of the key takeaways was the CEO's challenge of being resilient to regulations. GDPR was the first such regulation, and NIS2 is the next in line. There will be a range of EU regulations coming into play in the coming years. All to improve the corporate resilience and security of the citizen's digital rights. For many companies regulatory compliance is a "license to operate" - not just an annoyance due to the heavy EU fines. Oh, ad for you non-EU folks - it's coming your way too.

The webinar recommended that IT compliance shouldn't just be a matter of producing company guidelines and procedures. Regulations, especially those with notification deadlines need to be rehearsed. Do you know that your organization can react in time in case of a data breach? Let's design a test for the regulations - it's surely the better way to be resilient. If you already have P1 incident response plans - how about extending them to data breach responses? It goes for IT services too - it's about to come around in your next contract renewal.

If you are building IT services - do you remember to align with your customer on their compliance worries in your day-to-day testing efforts? What front-page tests do you have in your test suite to address the CEO's fear, uncertainty, and doubt about data breaches? A classic probing from a tester is for the "front page test case" - what event in the system would make it to the front page? Based on recent news, it seems the worst-case scenarios should emphasize data breaches and security more than simply features and functionality.

All the features in the system are of no use if the company license to operate is not in place. Continuing to discuss testing type definitions and the differences between non-functional testing and functional testing, testing professionals need to look up and help solve regulatory business problems.

Is this the first time you have a compliance testing challenge? It's not my first time.