How Tests Work
Every test in LowerPlane follows the same evaluation cycle:Test is triggered
Tests run automatically on a schedule, when an integration syncs, or when manually triggered by a user.
Data is evaluated
The test evaluates data from integrations, uploaded evidence, policies, or other sources against defined criteria.
Result is recorded
The test produces a status (passing, failing, pending, or not run) along with details about what was evaluated and any issues found.
Test Capacity
LowerPlane’s test engine processes over 1,200 tests per hour through a distributed worker architecture. CPU-intensive tests (evidence processing, risk calculations, compliance scoring) are executed by dedicated Go workers, while lightweight checks run on Node.js workers.Test Types
LowerPlane supports six test types, each designed for a different verification method:Automated
Triggered by integration syncs. Evaluate data from connected tools without any manual intervention.
Scheduled
Run on a user-defined schedule from hourly to annual. Useful for periodic compliance checks.
Manual
Completed by uploading evidence or confirming an action was taken. Used for controls that cannot be automated.
Policy
Verify that a required policy exists, is approved, and is current. Automatically linked to the policy center.
Document
Validate that a required document is present and has not expired. Tracks document currency.
Custom
User-defined tests with custom pass/fail criteria. Flexible enough for any compliance requirement.
Test Statuses
Each test displays one of four statuses:| Status | Meaning | Dashboard Color |
|---|---|---|
| Passing | The test criteria are satisfied. Evidence supports compliance. | Green |
| Failing | The test criteria are not met. Remediation is required. | Red |
| Pending | The test is awaiting data, evidence upload, or manual completion. | Yellow |
| Not Run | The test has never been executed. Typically waiting for an integration connection. | Gray |
Test Severity
Tests are assigned a severity level that indicates their compliance impact:| Severity | Description |
|---|---|
| Critical | Failure represents a significant compliance gap that could result in audit failure |
| High | Important control that auditors will examine closely |
| Medium | Standard control with moderate compliance impact |
| Low | Minor control or best practice recommendation |
| Informational | Advisory finding with no direct compliance impact |
Tests and Controls
Every test is mapped to one or more controls. A single control may have multiple tests verifying different aspects of the requirement. For example, the “Access Control” control might have:- An automated test checking MFA enrollment via Okta
- A scheduled test verifying access review completion
- A policy test confirming an access control policy is approved
- A manual test for physical access control evidence
Tests and Frameworks
Because controls map across frameworks, a single test can provide compliance evidence for multiple frameworks simultaneously. For example:A test verifying MFA enrollment satisfies ISO 27001 A.9.4.2, SOC 2 CC6.1, HIPAA 164.312(d), GDPR Article 32, and PCI-DSS 8.3 — all from one integration sync.This multi-framework mapping is central to LowerPlane’s efficiency. You write one test, and it counts toward compliance across every applicable framework.
Dashboard Metrics
The tests dashboard displays key metrics at a glance:- Total tests — Count of all configured tests
- Passing — Tests currently meeting criteria
- Failing — Tests requiring attention
- Pass rate — Percentage of tests passing (target: 90%+ for audit readiness)
- Tests by type — Breakdown of automated vs. manual vs. other types
- Recent activity — Latest test runs and status changes
Next Steps
Test Types
Detailed explanation of each test type and when to use them.
Managing Tests
Create, configure, run, and monitor tests.