DEV Community

taniazhydkova
taniazhydkova

Posted on

How I chose a test management tool for banking app

Quality Assurance in Banking is a tricky matter. Releasing without major bugs is not a competitive advantage, but a regulatory requirement. Not every general-purpose test management vendor fits them, so finding good software is that much harder.

In this article:

  1. Common and costly mistakes to avoid when picking a test management solution in banking
  2. The landscape of test management solutions in banking
  3. Top 5 test management solutions in banking
  4. Banking test management solutions checklist

Mistakes to avoid

As I mentioned, banks are under greater scrutiny than most businesses when it comes to the quality of their software. Mistakes cost money not just for the bank, but its customers and potentially the country’s central bank as well.

Regulatory compliance is the biggest caveat when it comes to test management solutions for banking. Here are certifications that your solution should obtain and/or not block you from obtaining:

Certifications

  1. Test Maturity Model integration
  2. ISO 9001
  3. ISO 27001
  4. ISO 26262
  5. ISO 13485
  6. FDA 21 CFR Part 11

The depth of traceability is also a major concern. Should something ever go wrong, you need to find who made a negligent or malicious change to your software and/or approved an unstable version of the app. Implementation of traceability functionality is a great point of distinction between suitable tools: the features can be useful in more ways than passing regulatory audits.

Not scrutinising on-premise offerings can prove costly. Information security requirements make it impossible to use Cloud-only solutions, so some of the test management market’s hip newcomers are out of the question. On a similar note, you should pay extra attention to feature sets of solutions that have both Cloud and On-Premise versions. The latter could be lagging behind due to development nuances and/or the client portfolio of the vendor.

Neglecting capacity for large testing volumes can be pretty dire. It’s not uncommon for banks to reach 6-digit and even 7-digit number of tests. Some test management solutions are not built to handle that much, due to the database architecture and/or suboptimal client experience.

Banking tools landscape

I won’t speculate why, but surprisingly few test management solutions explicitly claim they are banking-ready. These include QA Cube, Polarion, and aqua. These services have dedicated success cases and claim to meet all the regulatory requirements.

Most popular test management tools are not as straightforward. A good example here would be Zephyr. Although they do not specifically talk about banking, they feature Pfizer as one of their clients. If Zephyr went through even bigger trouble of complying with medical industry requirements, they surely can work with banks, can’t they? Well, this is the kind of question you will have to ask yourself and/or clarify with sales for most test management solutions.

Picking an explicitly banking-ready solution or going through options that could be banking-ready are two valid approaches. In this article, however, we will focus on the first group.

Best test management solutions for banking

aqua

aqua ALM

aqua ALM was launched in 2013 by the German andagon group, which provides IT consulting services since 2001. The company specialises in highly regulated industries, reflected by dedicated solutions pages for both banking, insurance, and government agencies. Some of the clients are Nürnberger Versicherung and BaFin, the regulatory body that a prominent competitor Polarion helps pass audits from.

Naturally, aqua uses traceability as one of the main selling points. The logs are ISO 9001, BRSG, and IFRS 17 compliant. Traceability both meets regulatory needs and brings its own features, e.g. comparing revisions and reverting changes through the project’s lifespan.

Security is another prominent aspect of aqua. It has over 100 separate user permissions rather than predefined access levels; both SAML and LDAP are supported for user management. On-premise instances can be entirely handled by the client and completely isolated from aqua. The extensively documented REST API implementation uses oauth2 tokens for authentication, which means you can connect any third-party tool without breaching security regulations.

The main criticism for aqua is mostly about reporting and interface-based feature differences. Reports, while offering great depth, can be a bit tricky to set up and require the ALM licence to create new templates. Some features of the desktop client may be unavailable in the web version, but patch notes indicate progress there (most recently adding Agile functionality).

QA Cube

QA Cube

The bread and butter of QA Cube are customisable dashboards. Another key selling point is predictive analytics. The company claims it will help identify potential points of failure and make testing more efficient. Alas, the same tech cannot be used for software development, since QA Cube is a test management but not ALM solution.

Polarion

Polarion

Polarion strongly emphasise their traceability features. The software logs all changes so you can demonstrate them to regulators and even automatically self-audits the log. Polarion specifically mention helping to pass regular BaFin audits and complying with MaRisk requirements.

Find the detailed descriptions of all these tools, two extra tools, and a 6-step checklist for picking the right one in the full article on HackerNoon

Top comments (0)