Login

Test environments: The key to successful business reporting programmes

Posted on December 18, 2025 by Revathy Ramanan

This guest blog, by Tom Wacha, covers guidance on test environments as part of the broader XBRL International guidance on the features of an XBRL data collection and processing platform. Tom Wacha works as the Director of XBRL Product Management at Workiva and as a volunteer on the Arelle open source XBRL platform. He is also a member of XBRL International’s Best Practices Board.

A secure and robust test environment is an important, and at times overlooked, component of an effective XBRL reporting programme. Comprised of a software testing platform and a test collection processing platform, a test environment ensures the live collection processing system is not used for any type of testing. It can be implemented for a minimal additional cost and provides tremendous value to the regulator, software vendors and preparers.

A secure and robust test environment can ensure accuracy, validity, and compliance of XBRL reports:

  • The Software Testing Platform allows vendors to ensure their report creation software produces valid filings, adhering to technical and business rules. It should be identical to, but independent of, other platforms, and used by software vendors with dummy data, not live filings. This software testing platform is for testing software, not filings. Software testing programmes can also include regulator certification of report creation software, which can leverage XBRL International’s XBRL Certified Software programme, combined with direct filing components, both of which increase the consistency of the filed reports and ultimately the quality of the resultant data.
  • The Test Collection Processing Platform replicates the live collection processing platform, enabling preparers to test filings before submission. These “dry run” or “pre-flight check” test environments offer significant reassurance and certainty to preparers (and auditors if applicable). It must accept live filing data to allow preparers to verify authentication, filing acceptance, and appearance. This platform must be an exact copy of the live platform, capable of calling backend databases, and require robust security measures to protect live data, including separate access, adherence to security standards, no data storage, traffic monitoring, and robust security policies.

This dual approach minimises errors, enhances data quality, and builds confidence in the reporting process. Test environments provide value to software providers, preparers and regulators as depicted in the figure below:

 

Securing the testing platform

As live filing data is being submitted, which will typically involve market-sensitive and/or commercial in-confidence data, it is critical that proper security steps be taken. Regulators and other data collection bodies must take into account the cybersecurity risks associated with test filings of live data. Regulators and data collection bodies should consult carefully with suitable external or internal cybersecurity experts about the robustness of risk identification and mitigation steps taken when deploying test collection processing platforms.

Key security steps include, but are not limited to:

  • Access to the software testing platform is strictly controlled using credentials issued only to authorised software vendors.
  • Ensuring access to the test and live collection processing systems is kept completely separate, either via the use of a test flag in the live collection processing platform or via the use of separate systems.
  • Treating it the same as the live collection processing platform with regard to security.
  • Meeting or exceeding current data security standards.
  • Not storing the test filing data in any way.
  • Including traffic monitoring (detecting bots, DOS attacks).
  • Ensuring robust security policies are in place, including software design reviews, code reviews and external penetration testing.
  • Using the (still in draft) Digital Signatures in XBRL specification to ensure that management and auditors sign (and if necessary, encrypt) the business report.

This blog covers guidance on test environments within the broader guidance on the features of an XBRL data collection and processing platform.

 

 

Other Posts

Calendar

December 2025
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

Newsletter
Newsletter

Would you like
to learn more?

Join our Newsletter mailing list to
stay plugged in to the latest
information about XBRL around the world.

  • This field is for validation purposes and should be left unchanged.

By clicking submit you agree to the XBRL International privacy policy which can be found at xbrl.org/privacy