Tracing test cases to compliance needs
Best practices Auditability
8 mins read
September 1, 2023

Regulatory compliance in IT: 4 strategies to pass IT audits

Regulatory compliance is tough, and software development is no exception. You are not legally obligated to release bug-free software, but there are laws and regulations that dictate how you test software to minimise issues. How do you stay on top of regulatory demands while keeping the expenses reasonable? Read on to find out.

Robert Weingartz
Denis Matusovskiy

Challenges when linking and tracking test cases associated with specific regulatory compliance

Here are the main obstacles that companies face when mapping test cases to individual requirements

  • A legacy test database makes it hard to further organise test cases. This is a very acute problem for companies that still use Excel instead of a proper software testing tool to handle test cases. Even if you are using something old, most dedicated test management solutions should at least not get in your way. 
  • Poor test documentation prevents both proper test categorisation and compliance checks. If nothing in the title or in the description mentions the addressed ISO standard / regulatory demand, how would you find it later?
  • Lack of multi-level categorisation is a big headache for test suites of any size. Most test management solutions allow you to group test cases. The problem happens when you can only do so by one criterion. Projects, individual sprints, or the tested requirement provide a higher-level overview.If your TMS supports only one categorisation level, you are unlikely to use it on regulatory compliance.
  • Rigid and primitive analytics mean that you will not be able to visually track test cases associated with specific regulatory compliance criteria. Test management solutions still often offer dashboards that only display data pre-picked by the vendor. If the solution does not have a native option for tracking how individual tests help you comply with regulations, visualising a workaround will likely be impossible. 

For extra ideas on organising your testing, look no further than our testing strategy template. It is an easily editable, ready-to-use document with tips and practices that we have gathered over 20 years of QA and IT consultancy work.

testing strategy template

Regulators-proof testing strategy template

Best strategies for tracing test cases to compliance needs

Tracking regulatory compliance in QA requires a mix of ingenuity and competent tools. Let’s look at some of the ways where they come together for a great result. 

Applying labels

Using labels is a simple and effective way to mark test cases if your test management solution supports that. Every test can be marked as helping to meet one or multiple regulatory requirements. You can even colour code labels, e.g. green hues cover data privacy while different shades of blue denote ISO standards. Most tools that offer labels would allow you to sort and/or search by them, further tracking regulatory compliance on a per requirement or per project level.

Enforcing test documentation requirements natively

It’s human nature to leave out the small details, promising to add them some time later. Besides, software development and QA are designed to have more tasks than fit into one’s schedule. With that in mind, how do you make colleagues consistently lay the groundwork to link test cases associated with specific regulatory compliance? The answer is simple: workflows.

Workflows cover the lifecycle of an item entered into a test management solution. They are often used to make items undergo required supervision and always have somebody working on an item or acknowledging it. The better way here, however, is enforcing mandatory fields. When creating a test, your QA specialist should always list the regulatory demand(s) that the test covers. Much like with labels, using this information alongside other filters should be enough to track compliance.

Making compliance a separate requirement

We have so far primarily covered the approach of using compliance test cases alongside other tests for a feature. But what if you track compliance via requirements?

This approach has a number of benefits. You will be able to create specific test cases just to cover one industry standard or regulatory demand. Tracking tests for a dedicated requirement could be easier than navigating regular and compliance tests for a feature-related requirement. Analytics will be cleaner as well.

Creating a compliance-conscious view

Tracking what test covers which requirement can be tricky, especially if you are using a QA solution that does not support requirements management. The UX can mandate more clicking than necessary as well, making you check cards for every requirement to quickly find test cases. This increases the odds of letting a regulatory demand slip past you.

The straightforward answer here is creating a TMS workspace view that prioritises traceability. You should be able to see the requirement and tests covering it on the same screen. Ideally, you should be able to do that even when testing and requirements management happen in different tools. They are still integrated, so it is only right that you should have the information anyway.

All these strategies require using a proven tool, especially if regulatory compliance is not your especially. Look no further than aqua, an AI-powered test management solution used by 40+ banks and government agencies. The portfolio even includes BaFin, the German regulator for the IT side of traditional businesses.

aqua offers the following functionality for simplified traceability:

  • Test case coverage tab displayed right on the requirements overview

Keep 100% test coverage with ease

  • Labels for denoting compliance testing coverage

labels and sublabels in test management tool aqua

  • Flexible folder structure to group requirements and test cases the way you want

  • Custom workflows to mandate compliance documentation and supervisory signoffs

Avoid slowdowns and errors with native workflows

  • Dashboard with any data to visualise compliance coverage

Dashboard with KPI alerts

  • Reports wizard to describe and auto-update compliance coverage with any scripts, images, or texts

Track long-term success via advanced reports

The ultimate solution for QA traceability and compliance

Try aqua


Adapting your QA processes to meet regulatory requirements proves difficult, especially when doing that for the first time and/or using the wrong tools. But when the situation dictates that you comply or perish, you can either let things be and hope to fly under the radar — or be brave and take action. The action here would be to educate yourself, adapt, and make sure your testing is compliant.

Fortunately, there are solutions that simplify both becoming compliant and staying so. A great example here is aqua, a test management solution with a separate traceability & compliance module. It covers every challenge described in this article without a headache. 

Solve all compliance challenges in no time

Try aqua
On this page:
See more
Speed up your releases x2 with aqua
Start for free
closed icon