Checklists not only allow you to break down what needs to be done; they provide a track record of what has been done – making them an excellent tool for assuring compliance. Checklists for Jira includes an array of features you can use to establish compliance in your software projects, including:

• Checklist history
• Checklist permissions
• Email notifications
• Global checklists
• Integration with Jira automation
• Workflow validators
  ‍

Being a software development company ourselves, we at HeroCoders eat our own dog food by using live, admin-controlled global checklists for QA and release management in our development projects. We managed our SOC 2 compliance process by using checklist templates with user mentions, and we enforce our checklists with workflow validators.

Software Development QA Compliance

QA, including compliance with internal standards, is one of the most common use cases for checklists. Our team has a global checklist that is automatically added to bug fixes and feature improvements to ensure that the newly-developed fix works as expected in all applicable environments:

‍

‍

Sometimes a Jira work item is created in a development project that does not need to comply with the automatically applied checklists – such as a work item to update the documentation. Since the checklists are enforced with a validator (see below), the checklist still needs to be completed. The toggle all items feature allows all of the list items on these issues to be set to N/A with a single click.

‍

‍

Software Development Release Compliance

As our product grew (its available in multiple versions) our release process became more complex. We use a second global checklist to ensure that new features are released to all required instances.

‍

‍

A Software Compliance Project for Achieving SOC 2

HeroCoders recently achieved SOC 2 Type II compliance. We created a Jira project to manage our SOC 2 journey and made extensive use of checklists and checklist templates in that project.

Assessing Findings

As part of our SOC 2 process, we reviewed AWS GuardDuty findings and assessed which ones required action. Note that using checklist statuses (in this case the SKIPPED status) allows us to record not only what was done, but also what was considered and intentionally not done.

‍

Policy and Access Compliance

We frequently create checklists (and save them as templates to be reused at regular intervals) to track that team members are complying with security requirements. Mentioning each user provides  a record showing that the entire team is in compliance. Examples include:

• Asking all team members to check a box saying that they have read a policy
• Asking all team members to check a box saying that they have enabled 2FA
• Asking a designated service owner to review which users have access
  ‍
  ‍

‍

Managing Penetration Tests for SOC 2 Compliance

Of course, checklists are also useful for breaking down the tasks that need to be done, as in this example where we used a checklist to manage penetration testing.

‍

‍

The Checklist Validator

To ensure that the requirements defined in the Checklists aren’t bypassed, we use the All checklist items are completed workflow validator.
‍

‍

Additional Checklist Features for Compliance

Global checklists, checklist templates, user mentions and validators are the checklist features our team uses for compliance, but they aren’t the only ones. Checklists for Jira also provides:

• Ability to grant checklist permissions to view/interact with checklists only to specific users (work item assignee, reviewers, approvers, etc.)
• Email notifications for user mentions to make double sure item assignees are aware of their tasks
• Integration with automation so you can bake compliance processes into Jira
• A complete checklist history with change log – meeting the audit tracking requirements of compliance frameworks.
  ‍

For HeroCoders, use of checklists has proven to be an invaluable asset in ensuring compliance throughout our software development processes. By leveraging global checklists, user mentions, and workflow validators, we have streamlined our QA and release management, while also effectively managing our SOC 2 compliance journey. The ability to track progress, enforce standards, and maintain a comprehensive history not only enhances our operational efficiency, but also reinforces our commitment to quality and accountability.

As we continue developing and dogfooding Checklists for Jira, compliance use cases will remain a key focus—empowering both us and our customers to build compliant software.

‍