Skip to content
Hawzu Docs

Security and Compliance Best Practices

1 min read

Security in Hawzu starts with disciplined access, careful test data handling, and traceable testing workflows.

Manage Access Intentionally

Section titled “Manage Access Intentionally”
  • Assign workspace roles only for workspace-level responsibilities.
  • Assign project roles for project testing work.
  • Use groups for inherited project access where possible.
  • Review users, groups, and roles regularly.
  • Remove direct project access when a user no longer needs it.

Learn more in Roles Overview and Users in Groups.

Use Access Tokens Carefully

Section titled “Use Access Tokens Carefully”

Access tokens are for automation and external systems, not interactive user work.

Best practices:

  • Use the smallest workspace or project scope that works.
  • Choose roles that match the automation task.
  • Set an expiry unless there is a strong reason not to.
  • Disable a token when you need a temporary pause.
  • Revoke a token when it should no longer work.

Learn more in Access Tokens Security.

Protect Sensitive Data

Section titled “Protect Sensitive Data”
  • Avoid storing passwords, production credentials, or private tokens in test cases, defects, comments, or attachments.
  • Use regular parameters only for reusable non-secret values.
  • Mask or crop screenshots before attaching them when they contain private data.
  • Prefer synthetic or approved test data over copied production data.

Preserve Traceability

Section titled “Preserve Traceability”

Traceability supports audits and quality review.

  • Link requirements to test cases.
  • Link defects to test cases, executions, releases, and requirements where relevant.
  • Keep release execution history intact.
  • Prefer careful retirement over deleting useful historical context.

Learn more in Traceability and Coverage.

Configure Integrations Safely

Section titled “Configure Integrations Safely”
  • Scope integrations to the projects that need them.
  • Rotate external credentials when team ownership changes.
  • Test connections after credential changes.
  • Avoid assuming external tools mirror every Hawzu workflow automatically.

Learn more in Integrations Best Practices.

Next Steps

Section titled “Next Steps”