# Quality and assurance

Part of the package that comes with our software development is the peace of mind we offer our clients that their systems work well. And that comes down to our rigorous testing practices. We build testing into every stage of development. 

1. **Unit, component and integration tests.** As the [software developers](/team/nec-digital-studio-team.md#software-developer) write the code, they build in automatic tests to help us identify any issues quickly. Unit tests confirm that a change has not caused an unexpected behavioural impact, and component tests allow us to verify the behaviour of an individual component while integration tests verify the interactions between components.
2. **End-to-end automation testing.** Next up, our [Quality Assurance (QA) team](/team/nec-digital-studio-team.md#quality-assurance-analyst) will manually test the application. As they test each section manually, they write automation scripts to repeat that process automatically. So the more the QA team test, the more they train the systems to run tests automatically until they have mapped testing across the entire platform. This end-to-end testing speeds up any future tests as they can be run without manual intervention.
3. **Performance testing.** We have service level agreements (SLAs) with our clients for the required performance and availability of our applications. The QA team run load tests where we increase the number of users to check the response time. And similarly with data, we load additional records to see how it impacts the performance. This helps us identify potential performance issues in the application to resolve them.
4. **Regression testing.** Before any changes are made, the QA team run regression testing on the full application. This makes sure we don’t reintroduce any previously resolved issues and the application is working as required.
5. **Penetration testing.** Not all testing is done by us. We hire accredited cyber-security specialists to run pen tests at least annually. They set out to find security weaknesses and try to break into our systems so we can build the best defences.

We use tools to automate the testing of code which is a huge time saver. It could take days, if not weeks, to manually test all the code we’re working on.  But with automation, we can run those tests in just a few hours.

This means we have the capacity to test more regularly, mistakes are spotted sooner, and errors are fixed faster.

<figure><img src="/files/uh93nyF4pZt8EfWSgjwX" alt="&#x22;&#x22;" width="563"><figcaption></figcaption></figure>

## Find early, fix early&#x20;

When issues aren’t spotted until later down the line, there’s a risk of the fault being embedded too deeply in the code. Then teams become reliant on workarounds and fixes that are costly and time consuming.

So we introduced a ‘shifting left’ policy for coding quality. This is the practice of detecting vulnerabilities and coding errors as early as possible. We’ve implemented tools like Snyk (to test platform security) and Sonarqube (to test coding practices). They work like a spell-checker for code by validating it as it’s being written.

Just like spell-checker, there are sometimes errors. It might read something incorrectly or in the wrong context and make a suggestion, like when an American spelling is suggested to improve British English writing. But most of the time it spots errors early before the code has been fully written.&#x20;

These tools spot 70-80% of errors in the initial draft, which means they can be fixed at the source. Developers don’t waste time having to search through lines of code to find the issue. It’s addressed in the moment. The code is then manually checked by a senior developer to confirm it’s easy to read and meets our standards. Of course, the code still goes to the QA team for rigorous testing, but we find significantly fewer vulnerabilities to fix. This can save hours, if not days, of time.

## One step ahead

We work to standards of engineering excellence which means we have a quality and security first mindset. One example of this is our site reliability engineering, which means we keep our applications online and working at all times.

Development isn’t just about the creation of software, it’s about keeping it live. We look out for indications of an issue, like performance slowing down, before errors are spotted. And we’re putting automatic alarms in place to warn our engineers when an application is not operating as required.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://playbook.necdigitalstudio.com/capabilities/development/quality-and-assurance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.