Skip to main content
Control Tests let you validate that your security controls are working as designed. Each test is linked to a specific control and can be run manually, on a schedule, or fed by automated tooling — capturing evidence that flows into Evidence Collection and Reports.

What you can do

  • Create and link tests — Map tests to any control in your framework; specify test type (manual, automated, or integration)
  • Track test results — Run tests and record Pass / Fail / Warning outcomes with optional notes
  • Schedule recurring tests — Set frequency (in days) so tests re-run automatically on your cadence
  • View test history — See last run date, next scheduled run, and test status across your control portfolio
  • Generate audit evidence — Test results flow into Evidence Collection and feed Reports

How to run a control test

1

Navigate to Control Tests

In the Compliance module sidebar, click Control Tests (under the EVIDENCE & REPORTING caption) to view all defined tests.
2

Click Run Test on a test row

The Run Test button opens a result-entry modal.
3

Select result and add optional notes

Choose Pass, Fail, or Warning. Add details about what you tested or any findings in the Message field.
4

Submit the result

Click Submit Result. The test status updates immediately and is logged in the audit trail.

Test statuses

StatusMeaningAction
PassControl is functioning correctlyNo action needed; evidence captured
FailControl failed the testCreates a compliance issue; review and resolve
WarningControl has partial or questionable behaviorInvestigate further; may escalate
Not RunTest has never been executedRun the test to collect initial evidence

Test types

  • Manual — A team member runs the test and submits the result (e.g., “verify firewall rules”)
  • Automated — A scheduled check runs and reports back (e.g., “MFA enforcement on all admins”)
  • Integration — Connected to an external service (RMM, SIEM, identity provider) that feeds results

Audit-readiness cadence

Each test has a configurable frequency (how often it should run, in days). The dashboard shows:
  • Last Run At — when the test was last executed
  • Next Run At — when the test is scheduled to run next
  • Frequency Days — how often the test repeats (default: 90 days)
For critical Controls, set shorter frequencies (e.g. 7 or 30 days) so evidence is fresh when auditors arrive.

Frequently asked questions

A failed test creates a draft compliance issue tied to that control. You can review, assign, and track closure. The issue appears in the Audit Lifecycle view.
Yes — 90 days (quarterly). You can change it when creating the test or edit it later.
Yes. Click any test to see every previous run with timestamp, result, and notes. Useful for SOC 2 Type 2 evidence (proving the control operated throughout the audit period).