Quality and assurance
Last updated
Was this helpful?
Last updated
Was this helpful?
Part of the package that comes with our software development is the peace of mind we offer our clients that their systems work well. And that comes down to our rigorous testing practices. We build testing into every stage of development.
Unit, component and integration tests. As the software developers write the code, they build in automatic tests to help us identify any issues quickly. Unit tests confirm that a change has not caused an unexpected behavioural impact, and component tests allow us to verify the behaviour of an individual component while integration tests verify the interactions between components.
End-to-end automation testing. Next up, our Quality Assurance (QA) team will manually test the application. As they test each section manually, they write automation scripts to repeat that process automatically. So the more the QA team test, the more they train the systems to run tests automatically until they have mapped testing across the entire platform. This end-to-end testing speeds up any future tests as they can be run without manual intervention.
Performance testing. We have service level agreements (SLAs) with our clients for the required performance and availability of our applications. The QA team run load tests where we increase the number of users to check the response time. And similarly with data, we load additional records to see how it impacts the performance. This helps us identify potential performance issues in the application to resolve them.
Regression testing. Before any changes are made, the QA team run regression testing on the full application. This makes sure we don’t reintroduce any previously resolved issues and the application is working as required.
Penetration testing. Not all testing is done by us. We hire accredited cyber-security specialists to run pen tests at least annually. They set out to find security weaknesses and try to break into our systems so we can build the best defences.
We use tools to automate the testing of code which is a huge time saver. It could take days, if not weeks, to manually test all the code we’re working on. But with automation, we can run those tests in just a few hours.
This means we have the capacity to test more regularly, mistakes are spotted sooner, and errors are fixed faster.
When issues aren’t spotted until later down the line, there’s a risk of the fault being embedded too deeply in the code. Then teams become reliant on workarounds and fixes that are costly and time consuming.
So we introduced a ‘shifting left’ policy for coding quality. This is the practice of detecting vulnerabilities and coding errors as early as possible. We’ve implemented tools like Snyk (to test platform security) and Sonarqube (to test coding practices). They work like a spell-checker for code by validating it as it’s being written.
Just like spell-checker, there are sometimes errors. It might read something incorrectly or in the wrong context and make a suggestion, like when an American spelling is suggested to improve British English writing. But most of the time it spots errors early before the code has been fully written.
These tools spot 70-80% of errors in the initial draft, which means they can be fixed at the source. Developers don’t waste time having to search through lines of code to find the issue. It’s addressed in the moment. The code is then manually checked by a senior developer to confirm it’s easy to read and meets our standards. Of course, the code still goes to the QA team for rigorous testing, but we find significantly fewer vulnerabilities to fix. This can save hours, if not days, of time.
We work to standards of engineering excellence which means we have a quality and security first mindset. One example of this is our site reliability engineering, which means we keep our applications online and working at all times.
Development isn’t just about the creation of software, it’s about keeping it live. We look out for indications of an issue, like performance slowing down, before errors are spotted. And we’re putting automatic alarms in place to warn our engineers when an application is not operating as required.
