Better Software - November/December 2010 - (Page 22)
“We can’t do that, we’ll never pass the audit!” If you’ve worked in regulated software, chances are you’ve heard that statement. The threat of an audit can cause even the most enthusiastic proponents of new ideas to cower in fear of the dreaded “finding,” an auditor’s report on something noncompliant in your process. The truth is, many of the most cited “can’ts” about regulated software testing are nothing more than myths.
Myth 1: We Can Only Test with Prewritten Test Cases
Scripted manual tests have been used for so long that many organizations assume that they are the only option, but that doesn’t mean this is the only acceptable approach. When someone says, “We can’t do exploratory testing,” what he is usually afraid of is not being able to present objective evidence of testing, such as the kind called for in FDA regulatory guidelines . Those regulations require that someone looking at your documentation can tell what you tested without taking your word for it. There is nothing about prescripted tests that make them better for this than exploratory tests. Some problems with test evidence, like putting a checkmark in the Pass box or just typing “as expected” for a result, are actually unique to prescripted test cases. In this regard, exploratory testing can be more suited to showing objective evidence
BETTER SOFTWARE NOVEMBER/DECEMBER 2010
because notes on observation make up the bulk of the documentation. An exploratory test session is designed so that the tester has objective evidence about what he saw. Screen and video capture tools can make gathering objective evidence even easier. One tool, SiriusQA’s Test Explorer, is specifically designed to support the recording of objective evidence during exploratory testing . Other tools I’ve used that feature video capture are BlueBerry Test Assistant and HP Quality Center.
Myth 2: Test Automation Is Too Difficult
Test automation is a tricky road to walk in any context, but in the regulated world, misunderstood rules often remove it from consideration completely. This is unfortunate because automation can supplement a regulated testing process just as much or more than a nonregulated one. An automated test can add control to your evidence because it logs results the same way every time, but some auditors may ask you to validate each tool for your specific process to make sure it meets their standard of objective evidence. Types of tool validation that I have seen are general and specific. General validation is usually a certification for a certain industry. Some companies will tout this certification about a particular tool if it has passed an audit by a regulatory body in that industry. Second, the tool may need to be validated for your specific
If you would like to try to load the digital publication without using Flash Player detection, please click here.