![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
When you test a control, you're evaluating whether it's effective. Control testing allows you to discover what's working (and what's not). Regularly testing your controls allows you to address any weaknesses before you enter an audit. If controls are found to be effective, control risk is low. If controls are identified as ineffective, control risk is high. In Hyperproof, you can test your controls manually or via automation.
Hyperproof recognizes the following testing statuses:
Not tested (default) - The control has not yet been tested.
Effective - The control is doing its job; risk is low.
In progress - The control is actively undergoing testing.
Ineffective - The control has a weakness that needs to be addressed; risk is high. When set to ineffective, two deficiency properties are available: design and operation.
Calculated value - This status is linked to any automated tests implemented on the control or on a label linked to the control. If a test passes, the status is effective. If the test fails, the status is ineffective, and the control is considered to be at risk.
To change the testing status
Navigate to the control.
From the Details tab, locate the control status panel.
Hover over the current testing status, and then click the Edit icon.
Select a new status.
Note: The control's overall health may change depending on the selected status. A testing status of 'not tested' or 'in progress' puts the control 'at risk'. A testing status of 'ineffective' causes the overall health status to default to 'critical', even if the control is fresh, implemented, and has linked proof.
If you need to change the status of multiple controls, you can bulk edit those controls.
Note: When bulk editing the testing status of multiple controls, the Calculated value option is unavailable. To set the control testing status to Calculated value, you must go to the Details tab for the control and select Calculated value in the Testing status field.
Automated control testing
Automated control testing requires the use of a Hypersync on a control or label to automatically gather proof. Proof gathered by Hypersyncs follows a predictable table format, allowing it to be tested easily.
Once a Hypersync is set up, you can configure a test to run on a schedule that you specify: on the most recent proof, on all proof, or on proof created in a particular date range. Hyperproof’s flexible test builder allows you to write many types of tests using simple business logic. It works similarly to popular spreadsheet functions like VLOOKUP(), HLOOKUP(), IF(), and more.
For example, if you have a control that requires that all passwords be 10 characters or more, you can use a Hypersync to retrieve proof that contains password length. Based on that proof, you can configure a test that checks the password length field to ensure that it is greater than or equal to 10. If not, the test fails, and you can address the issue.
Hyperproof’s notification system warns you about failed tests by email, Slack, or Teams, depending on your configuration. You can also set up automatic event-driven repeating tasks for failed tests, asking team members to review controls or labels, and the associated proof.
If a test fails, review the failure on the Tests tab of the control or label you are testing.
To use automated control testing
Select the control you want to test.
Configure a Hypersync for the control or associated label to collect proof. See How does a Hyperproof user create a new Hypersync? and Hypersync overview.
Review the proof to determine what needs to be tested. See Viewing proof.
Configure a test to verify that the collected proof meets the control's criteria. See Creating and running an automated control test.
For more information, see these workshops on automated control testing:
The importance of automated controls
Automated control testing