In short, who should be able to ‘see what’ and ‘do what’.
If you are fortunate then you will already be post-implementation and beyond those gut-clenching moments immediately post ‘go-live’ when someone suggests that they can see or do more than you intended.
Security doesn’t just impact data, it also impacts the performance of your business processes. Nevertheless, a data leakage/GDPR issue has to be avoided – the threat of heavy fines, the necessary internal investigation of ‘how could this happen’ and the real threat of an external regulatory investigation to ensure the problem is resolved and can’t happen again.
The time available for testing your security design in UAT is always too short, which means confidence is never where it should be at go-live. You would hope all this will change once you have gone live and got through your hypercare phase. The truth is that this security challenge never goes away and you will be lucky if your problems were, or are just limited to Workday. How will, or did, your e2e security perform at go-live? Did your integrations work as you expected?
The problem is that integrations are far less transparent. Any problems with data flowing through your integrations will typically become apparent much, much later. If the necessary data isn’t there then you will know pretty quickly. The integration will fail. However, if the data is being made available – but perhaps in a wider or more sensitive set of data than necessary – then it might take some time before someone notices the problem. If an integration is working then any underlying problems rarely surface quickly.
Post implementation is the period where you can fully regression test the system for Workday security; and back-test your integrations for end-to-end security. A welcome window to take stock … but there on the horizon is your next challenge.
A new Workday update or new release is imminent. It has to be readied for and any new features explored. Your first concern has to be system security and the impact on integrations. Even if new features can be ignored, the new release may bring changes to how business processes work. Regression testing will be necessary to ensure that your configuration and security still work as originally designed.
Whenever a change is made in an application, no matter how minimal, this may affect existing functionality. Therefore, every time something is changed in your Workday tenant, its functionality must be tested.
Frequent updates from Workday lead to the same need:
- more testing to make sure that Workday’s update didn’t damage any of your business-critical processes.
- more testing to ensure that your security groups are working as designed
- more testing to ensure that your integrations won’t be adversely effected
Workday has two major releases every year that may impact your custom business processes unexpectedly. It is therefore is important to test your business-critical processes in the new release environment to ensure that everything will work as intended, before the new release goes live.
If you are operating across multiple countries – and therefore multiple legal jurisdictions – you will have complex conditionality attached to your business processes. Add to this the need to test country specific business processes with country specific data permissions and the testing challenge can become unmanageable. This is where Test automation can help mitigate the time and effort required to build the confidence that you need.
LogicaCloud understands the complexity of what you are facing. Our team is expert in design, implementation and analysis of automated test routines. Critically, via test automation they can do so without compromising access to your data.
With Automated Testing LogicaCloud can work with your IT and HR professionals to ensure business continuity. They are able to identify those critical points in test scenarios where human eyesight and judgement is necessary and where it is not. This reduces the level of UAT engagement needed and significantly increases the speed at which new features, security groups and assignments can be tested across multiple roles and locations.
For a purely exploratory and cost-free conversation with one of our experienced test automation people, Contact us here.