Using Checklists for QA and Compliance

Checklists not only allow you to break down what needs to be done; they provide a track record of what has been done – making them an excellent tool for assuring compliance. Checklists for Jira includes an array of features you can use to establish compliance in your software projects, including:

• Checklist history

• Checklist permissions

• Email notifications

• Global checklists

• Integration with Jira automation

• Workflow validators

At HeroCoders, we eat our own dog food by using live, admin-controlled, global checklists for QA and release management in our development projects. We managed our SOC 2 compliance process by using checklist templates with user mentions, and we enforce our checklists with workflow validators; And customers have told us they use checklists to track approvals

Software Development QA and Compliance

QA compliance with internal and external standards is one of the most common use cases for checklists. Our team uses a global checklist, automatically added to bug fixes and feature improvements, to ensure that newly-developed fixes work as expected in all applicable environments:

Sometimes a Jira work item created in a development project does not need to comply with the automatically applied checklists (for example a work item to update the documentation). Since the checklists are enforced with a validator (see below), the checklist still needs to be completed. The toggle all items feature allows all of the list items on these issues to be set to N/A with a single click.

Software Development Releases

As our product grew, our release process became more complex. We use a second global checklist to ensure that new features are released to all required instances.

Additional Checklist Use Cases for QA and Compliance

You can create additional checklists in your development projects to ensure adherence to best practices, as well as regulatory compliance:

• Definition of Ready

• Definition of Done

• Acceptance Criteria

• Code Review Compliance

• Release and Deployment Readiness

• Third-party Dependency Compliance

• GDPR Compliance

• HIPAA Compliance

A Software Compliance Project for Achieving SOC 2

HeroCoders recently achieved SOC 2 Type II compliance. We created a Jira project to manage our SOC 2 journey and made extensive use of checklists and checklist templates in that project. Some of our use cases included:

Assessing Findings

As part of our SOC 2 process, we reviewed AWS GuardDuty findings and assessed which ones required action. Note that using checklist statuses (in this case the SKIPPED status) allows us to record not only what was done, but also what was considered and intentionally not done.

Policies and Access Compliance

We frequently create checklists (and save them as templates to be reused at regular intervals) to track that team members are complying with security requirements. Mentioning each user provides a record showing that the entire team is in compliance. Examples include:

• Asking all team members to check a box saying that they have read a policy

• Asking all team members to check a box saying that they have enabled 2FA

• Asking a designated service owner to review which users have access

Managing SOC 2 Penetration Tests

Of course, checklists are also useful for breaking down the tasks that need to be done, as in this example where we used a checklist to manage penetration testing.

Tracking Multiple Approvals with Checklists

Customers have reported using checklists to track multiple levels of approval on a work item. This is a transparent, trackable way to handle approvals and much simpler than building an approval workflow.

The Checklist Validator

Regardless of the use case, if you’re using checklists for QA or compliance, you’ll want to enforce it with a workflow validator that prevents the Jira work item from being transitioned to DONE (or any status) without the required checklist items being complete.

Checklist Validators for Compliance in Company-managed Projects

For company-managed projects, Checklists for Jira ships with three built-in validators, allowing you to block a transition unless:

• All checklist items are complete

• All mandatory checklist items are complete

• A checklist is present on the Jira work item

 

Checklist Validators for Compliance in Team-managed Projects

In Team-managed projects you can create a rule to prevent a transition.

Note that the rule will function as a pre-condition to making the transition – the option to transition the work item to the target status will not be shown unless the checklist is complete.

Alternatively, you can set up an automation rule that will automatically reopen a Jira work item unless all checklist items on it are complete.

Additional Checklists Features for Compliance

Global checklists, checklist templates, user mentions and validators are features our team uses for QA and compliance, but Checklists for Jira also provides:

• Ability to grant checklist permissions to view/interact with checklists only to specific users (work item assignee, reviewers, approvers, etc.)

• Email notifications for user mentions to make double sure item assignees are aware of their tasks

• Integration with automation so you can bake compliance processes into Jira

• A complete checklist history with change log – meeting the audit tracking requirements of compliance frameworks.

 

For HeroCoders, use of checklists has proven to be an invaluable asset for ensuring quality and compliance throughout our software development processes. As we continue developing and dogfooding Checklists for Jira, compliance use cases will remain a key focus—empowering both our customers and ourselves to build safe, quality, compliant software.