Polarion features US FDA-compliant electronic signatures, which can be applied to different artifacts, including Test Runs. When configured, Polarion automatically maintains e-signatures as part of the overall artifact history. It is then easy to retrieve data to prove who signed what and when. Administrators can set configuration to require electronic signatures from users when they:
Change the Status of a Test Run via the workflow.
Execute the Test Cases of a Test Run (including importing of results of Test Cases executed externally to Polarion).
For security, it is highly recommended to use the https protocol for access to Polarion when your system is configured to use electronic signatures.
The Test Run Workflow page of Administration has a section Actions, which defines the set of actions users can invoke to transition a Test Run from one Status to any other allowed Status. The Actions table has a column Requires Signature. When you check this option for any Action, users invoking that Action are prompted to enter their username and password in lieu of their handwritten signature. (The dialog requires two steps in order to require explicit action by the user, preventing browsers from supplying all credentials.)
It can happen that after some workflow action has been executed, that another action is invoked that renders existing signature(s) irrelevant. For example, a test manager might decide that a Test Run with failed Test Cases should be executed again, and so sets the status back to the awaiting execution state. In this case, any existing signatures previously applied to actions such as "mark passed" aren't really relevant anymore.
To handle this situation, you can specify the workflow function MarkWorkflowSignaturesAsObsolete for the relevant workflow action. In the example above, when the test manager invokes the action (which could be configured as something like "Mark as Reopened"), all signatures from previous Test Run workflow actions are marked as obsolete.
For each Test Run type defined, it is possible to require electronic signature when executing Test Cases in Test Runs of the type. For example, if you have a type, "Manual Security Test", you can configure it to require a signature when executing Test Runs of that type:
This configuration is available globally (to provide a global default for new projects) and per project (in which the global default can be overridden). You must have administrator permissions for the scope you want to configure.
To require signature for Test Case execution:
Open the scope you want to configure: Repository or a project.
Enter Administration, and then in Navigation select Testing > Test Run Types.
In the Test Run Types page, check the Requires Signature for Test Case execution option for every type for which you want to require Test Case execution signatures.
When this option is enabled, users executing Test Runs of the type configured are prompted to electronically sign when they log the verdict for each Test Case executed during the Test Run. The Test Records show an icon indicating that the user who executed the Test Case signed.
When Test Cases are exported to Excel for execution externally to Polarion, it is possible to require electronic signature when a user imports Test Case results from Excel (using the "Import Manual Test Results" action on the Test Run overview page.) Before importing Test Cases from Excel, configure the Test Run type for your external tests to require electronic signature for execution of Test Cases, as described in the previous section. Once configured, you can create Test Runs and export the Test Cases to Excel as usual. When a user re-imports the Excel file to Polarion, that user is presented with a summary of the executed Test Cases:
If the user proceeds with the import, s/he is prompted for electronic signature. The testing results are imported, and the Test Run is updated only after the user completes the signature.