System Level Test Cases HIPAA_PLUS_ASSESSOR Version 1.6

8/12/2019 System Level Test Cases HIPAA_PLUS_ASSESSOR Version 1.6

1/58

HIPAA+ Solutions Suite131, Elden Street, Herndon VA - 20170

HIPAA+ Assessor Dashboard NACHRI Release

Internal Test Plan

Version: 1.5Last Modified: Aug10, 2011

Document Number: HIPAA-PLUS-2011-0001Contract Number:


2/58

TABLE OF CONTENTS

1. INTRODUCTION ...................................................................................................... 1

2. REFERENCED DOCUMENTS ................................................................................. 2

3. TESTING APPROACH/STRATEGY ........................................................................ 3

4. PLANNED TESTS .................................................................................................... 14.1.SYSTEMS INTEGRATION TESTING........................................................................... 1

4.1.1.SYSTEM TESTING.............................................................................................. 1

4.1.2.REGRESSION TESTING....................................................................................... 1

4.1.3.INTEGRATION TESTING....................................................................................... 1

5. TEST PROGRESSION ............................................................................................. 1

6. FEATURES TO BE TESTED ................................................................................... 2

7. TEST ENVIRONMENT .............................................................................................. 45

7.1.HARDWARE........................................................................................................ 457.2.SOFTWARE........................................................................................................ 45

7.3.TEST DATA........................................................................................................ 45

8. TEST DELIVERABLE ............................................................................................... 468.1.INTERNAL TEST REPORT..................................................................................... 46

9. TEST ROLES AND RESPONSIBILITIES ................................................................. 46

10. ASSUMPTIONS ...................................................................................................... 47

11. RISKS AND ISSUES .............................................................................................. 48

12. GLOSSARY ............................................................................................................ 49

APPENDICES ............................................................................................................... 51


3/58

HIPAA+ Solution Suite

HIPAA+ Assessor DashboardNACHRI ReleaseTest Plan Version 1.5

LIST OF TABLES

Table 1: Referenced Documents .................................................................................... 2Table 1Features to be Tested ..................................................................................... 2

Table 3Software ........................................................................................................ 45


4/58


_____________________________________________________________________________________________

HIPAA+ Assessor DashboardNACHRI ReleaseTest Plan Version 1.5Page 1 of 28

1. INTRODUCTION

The HIPAA+ Assessor Dashboard is the one place the Assessor would go to do theAssessment for an end client. In the module, the Assessor would be able to view the

responses/answers input by the client user, Add and update findings, set Date by whichhe believes the Client needs to complete the Assessment survey, views the documentsuploaded by the client and other TBD functions.


5/58


_____________________________________________________________________________________________


2. REFERENCED DOCUMENTS

Table 1: Referenced Documents

Document Name Issuance Date


6/58


7/58


_____________________________________________________________________________________________


4. PLANNED TESTS

The following types or levels of testing will be performed as a part of the testing lifecycle. Test bed data preparation and seeding will occur at each test level.

4.1. Systems Integration Testing

4.1.1. System Testing

System testing for the HIPAA+ Assessor Module will perform according to therequirements when the user is logged in as an Assessor.

4.1.2. Regression Testing

QSSI shall develop test scenarios and test procedures for conducting regressiontesting. Regression testing includes but is not limited to:

a. Ensuring that coding changes to specific programs do not change the existingfunctionality of the system in a manner not specified by the requirements of thesolution.

b. Creating a test bed that shall be utilized for each release. The test bed shallinclude test cases that address, at a minimum, the critical path to assure basicfunctionality has not been affected.

The regression test scenarios have been identified for the regression suite and are

intended to execute based on the test priority.

4.1.3. Integration Testing

Integration testing is the phase of software testing in which individual software modulesare combined and tested as a group. The purpose of integration testing is to verifyfunctional, performance and reliability requirements placed on major design items.

4.1.4 Performance Testing

Testing the performance of the application how much time its taking to open individual

Page.


8/58


_____________________________________________________________________________________________


5. TEST PROGRESSION

No dependencies that affect testing have been identified. Therefore, there is no planned

sequence of the prescribed tests.


9/58


_____________________________________________________________________________________________

HIPAA+ Assessor Dashboard NACHRI ReleaseTest Plan Version 1.5Page 2 of 28

6. FEATURES TO BE TESTED

Table 2 Features to be tested

6.1 HIPAA+ Assessor Module Test Cases

6.1.1 Assessor user Functional Test cases

TestCase ID

BusinessRequirements ID

Test Description Testing Method Inputs ExpectedResults

Exception

AFT 1 Assessor UserRegistration

Click on Register on theupper right hand cornerof the page

NA Assessorshould see auserregistrationpage


Scroll down & click onAssessor Registration

User shouldbe navigatedto AssessorRegistrationpage


Enter Inputs Enter All Fieldsmarked with a red* and click onsubmit

Assessorshould see apopup with amessagestating that theAssessor hasbeensuccessfullyregistered


10/58


_____________________________________________________________________________________________



Check whether Assessoruser receives an emailstating that user hasbeen successfullyregistered but user isNOT activated

NA AssessorShouldreceive anemail statingthat they havebeensuccessfullyregistered butnot activated

ADT 1 Admin Login Enter Admin logincredentials & click onLogin

Admin/qssi!@#786 User shouldbe able tologinsuccessfully

ADT 2 Admin Login On the top right side,under MyAccount, Clickon Activate User

User shouldbe navigatedto ActivateUser(childwindow) withrows with 4columnnames(Active,UserName,Email, Delete)

with Activate &Cancel(buttons)

ADT 3 Admin Select the desiredcheckbox underActive(Column name) forwhich the user wants toactivate the account &

The usernameactivated byadmin usershould NOTbe displayed


11/58


_____________________________________________________________________________________________


click on Activate(button) in the row &user shouldgetconfirmationmessageActivation ofuser(s)successful

ADT 4 Assessor UserRegistration

After the assessor isactivated, check whetherAssessor receives emailstating Account isactivated & user can nowlogin into system

NA Once the userhas beenactivated bythe Admin, theAssessorshould receivean emailstating thatthey havebeen activatedand can loginto thesystem

AFT 1 Assessor User

Login

In the Login window,Enter Username &

Password

UserIDenterAssessor

UsernamePassword enterAssessorpasswordClick on Loginbutton

User shouldbe navigated

to HIPAA+AssessorHome page

AFT 2 Assessor


12/58


_____________________________________________________________________________________________


Assessor, Click onAssessor Dashboard

to HIPAA+AssessorDashboard

AFT 3. Selecting ClientUser

Select desired client fromClient Listbox

Client ListboxSelect FGHC

User shouldbe able toselect thedesired clientfrom Clientlistbox

AFT 4.Set Date

From top of the menu,Click on Set Date

Set Date User shouldhave an optionto set thedesired date

AFT 5 Click on X mark in thecurrent browser(HIPAAASSESSOR browser titlename)

Currentbrowsershould beclosed

AFT 6 In home page, under topright side(MyAccount),Click on Logout

User shouldbe logged out

AFT 7.Log out

From top of the menu,Click on Log out

ClickLog out User shouldbe logged out

AFT 8. Pre-condition:After Client Usersubmits theAssessmentSurveyLogin

In the Login window,Enter Username &Password

UserIDenterAssessorUsernamePassword enterAssessorpasswordClick on Loginbutton

User shouldbe navigatedto HIPAA+AssessorHome page


13/58


_____________________________________________________________________________________________


AFT 9. Assessor


14/58


_____________________________________________________________________________________________


Survey

AFT 13. Reviewdocumentattached

Check whether Assessorcan receive thedocuments attached foreach question underAssessment Surveyquestionnaire

Assessorshould receivethe documentswhich areattached foreach questionunderAssessmentSurveyquestionnaire

AFT 14. Input OnsiteSurvey

Check whether Assessorhas a option to inputOnsite Survey data intothe system

Onsite Surveydata

Assessorshould havean option toinput OnsiteSurvey datainto thesystem

AFT 15. Steps for OnsiteSurvey

Check whether Assessorhas all steps to be donein onsite survey listed ordocumented with process

N/A Assessorshould all thesteps to bedone in onsitesurvey listedordocumentedwith process

AFT 16. BR-5 Input Findings todatabase

Check whether Assessorcan add Findings in thedatabase

Adding Finding Assessorshould be ableto add theFindings in thedatabase


15/58


_____________________________________________________________________________________________


AFT 17. BR-15 EnterRecommendation for Findings

Check whether Assessorhas option to enter 1 ormore Recommendationsfor each Findings

EnterRecommendation

Assessorshould havean option toenter 1 ormoreRecommendations for eachFindings

AFT 18. Assign Criticallevel for Finding

Check whether Assessorhas an option to assignthe desired criticality levelfor each Finding

Assign criticalitylevel

Assessorshould havean option toassign thedesiredcriticality level

CFT 1Client UserRegistration

Click on Register on theupper right hand corner of thepage

No Additional Inputsrequired

Client usershould see a userregistration page

CFT 2Client UserRegistration

Enter Inputs Enter All Fieldsmarked with a red *and click on submit

Client usershould see apopup with amessage statingthat the user hasbeen successfully

registeredCFT 3 Client User

RegistrationReceive Email No Additional Inputs

requiredClient userShould receivean email statingthat they havebeen successfullyregistered but notactivated


16/58


_____________________________________________________________________________________________





User shouldbe navigatedto ActivateUser(childwindow) withrows with 4columnnames(Active,UserName,Email, Delete)with Activate &Cancel(buttons)

ADT 7 Admin Select the desiredcheckbox underActive(Column name) forwhich the user wants toactivate the account &click on Activate(button)

The usernameactivated byadmin usershould NOTbe displayedin the row &

user shouldgetconfirmationmessageActivation ofuser(s)successful


17/58


_____________________________________________________________________________________________


Client UserRegistration

Check whether Client userreceives an email stating thatclient user has been activated& now user can login

No Additional Inputsrequired

Once the userhas beenactivated by the

Admin, the Clientuser shouldreceive an emailstating that theyhave beenactivated and canlog into the

system

CFT 4 Client User LoginIn the Login window,Enter Username &Password

UserIDenterClient UsernamePassword enterClient passwordClick on Loginbutton

User shouldbe navigatedto HIPAA+Client UserHome page

CFT 5 ClientUser


18/58


_____________________________________________________________________________________________


(x=No. of daysset byAssessor)

CFT 7 Check whether on the topright side, user is able toview Client User Name& Client Logo

On the topright side ofthedashboard,

user should beable to viewClient UserName &Client Logo

CFT 8 ProfileManagement

Check whether ClientUser has an option tochange his accountdetails

Ex: change name User shouldhave an optionto change hisaccountdetails

CFT 9 CR-610& 723

AssessmentSurvey

From top of the menu,Click on AssessmentSurvey

User shouldbe navigatedtoInstructions(

page) with thetext:Dear(HIPAA+User),

Pleasecomplete theassessment


19/58


_____________________________________________________________________________________________


questions onthe Security,Privacy,BusinessAssociateAgreements,and ITOperationstabs of theHIPAA+Assessor system.

1. Questionsmay beskipped andreturned at alater time byplacing theselecting thehold response.2. If thequestion is notapplicable to

the entity,select N/A asthe answer.3. Upload alldocumentsthat supportyour answer. Ifyou do not


20/58


_____________________________________________________________________________________________


have adocument youmay proceedto nextquestion4. If you like toprovide anyadditionalinformation,please use the"AdditionalComments"box.5. The surveywill not beconsideredcomplete untilall questionshave beenresponded towith either ayes, no, or n/aresponse.

6. Answersmay bechanged upuntil thesurvey asbeensubmitted ascomplete.


21/58


_____________________________________________________________________________________________


Thank you foryour efforts incompletion ofthe HIPAA+assessmentsurvey.

CFT 10 CR-764 AssessmentSurvey Check whether user isable to view the

CFT 11 CR-629 AssessmentSurvey

Under AssessmentSurvey>Security>Administrative Safeguards, on topright side, check whetheruser is able to viewbuttons

User shouldbe able toview buttons on thetop right side

CFT 12 CR-629 AssessmentSurvey

Under AssessmentSurvey>Security>Administrative Safeguards, on thebottom right side, check

whether user is able toview as Last

UnderAssessmentSurvey>Security>Administrati

veSafeguards,on the bottomright side, usershould be ableto view buttonnames labeledas


22/58


23/58


_____________________________________________________________________________________________


questions able to answerthe desiredquestions

CFT 17 AssessmentSurvey


24/58


25/58


26/58


_____________________________________________________________________________________________


ColumnNames

CFT 28 Check whether user hasoption to add multipleagreements

User shouldhave option toadd Multipleagreements

CFT 29 Check whether user hasoption to delete thedesired agreements

User shouldhave option todelete thedesiredagreements

CFT 30 Under AssessmentSurvey, Click on ITOperations(sub menuitem)

User shouldbe navigatedto ITOperations(sub menu item)page

CFT 31 Under AssessmentSurvey>IT Operations,above the applet, checkwhether user is able to

view the text as Pleaseupload documents thatsupport the governanceof the entity's IToperations. Documentsmay include the following:Enterprise ArchitectureDiagrams, CIO Roles and

UnderAssessmentSurvey>ITOperations,

above theapplet, usershould be ableto view thetext asPleaseuploaddocuments


27/58


_____________________________________________________________________________________________


Responsibilities, and ITGovernance Structure.Note: these documentswill not be used tocalculate your dashboardcompliance levels

that supportthegovernance ofthe entity's IToperations.Documentsmay includethe following:EnterpriseArchitectureDiagrams,CIO Roles andResponsibilities, and ITGovernanceStructure.Note: thesedocuments willnot be used tocalculate yourdashboardcompliancelevels

CFT 32 CR-645 AssessmentSurvey>Submit

Click on Submit forAssessment

User shouldbe able toview an alertSurveyCompletedsuccessfully


28/58


_____________________________________________________________________________________________


CFT 33 BR-15 Dashboard


29/58


_____________________________________________________________________________________________


on Findings

CFT 37 Compliance


30/58


_____________________________________________________________________________________________


with ValidLogincredentials

AFT 20 Check whether user isable to view the topmodules as below:(A) Dashboard(B) Assessment Survey

(C) ExecutiveQuestionnaire(D) Set Date(E) Help

User shouldbe able toview topmodules asbelow:

(A) Dashboard(B)AssessmentSurvey(C) ExecutiveQuestionnaire(D) Set Date(E) Help

AFT 21 Check whether user isable to view theDashboard sub modulesas below:(A) Home(B) Findings

(C) Control Repository(D) Compliance(E) Reports

User shouldbe able toview theDashboardsub modulesas below:

(A) Home(B) Findings(C) ControlRepository(D)Compliance(E) Reports


31/58


_____________________________________________________________________________________________


AFT 22 Check whether user hasthe below categories:1) Policy2) Procedure3) Implementation4) Enforcement

User shouldbe able toview the belowcategories:

1) Policy2) Proced

ure3) Implem

entation4) Enforce

ment

AFT 23 Check whether Assessorhas option to search theFindings based onCategory

Assessorshould haveoption tosearchFindingsbased onCategory

AFT 24 Check whether bydefault, Home ishighlighted where usercan view SummaryDetails-Findings records

with column names(ID,Description,Recommendation)

By default,user should beable to viewthat Home ishighlighted

where usercan viewSummaryDetails-Findingsrecords withcolumnnames(ID,


32/58


_____________________________________________________________________________________________


Description,Recommendation)

AFT 25 Check whether belowSummary Details-Findings records, user isable to view ComplianceDashboard graph with

percentage mentioned

BelowSummaryDetails-Findingsrecords, user

should be ableto viewComplianceDashboardgraph withpercentagementioned

AFT 26 On the top left side,below Home checkwhether user is able toview Location(heading)with dropdown boxes asbelow:(A) State

(B) City(C) Facility(D) Dept.

On the top leftside, belowHome usershould be ableto viewLocation(heading) with

dropdownboxes asbelow:(A) State(B) City(C) Facility(D) Dept.


33/58


_____________________________________________________________________________________________


AFT 27 Check whether on the topright side, user is able toview Client usernames(listbox)

On the topright side, usershould be ableto view Clientusernames(listbox)

AFT 28 Pre-condition: After theClient Login user submitsthe Assessment SurveyQuestionnaireCheck whether user isable to view a alert scrolltext from right to leftreminding ie,Assessment SurveyQuestionnaire iscompleted for QSSI.Document review can bestarted

User shouldbe able toview a alertscroll text fromright to leftreminding ie,AssessmentSurveyQuestionnaireis completedfor QSSI.Documentreview can bestarted

AFT 29 Check whether on the topleft side, user is able toview HIPAA & on the

top right side, whetheruser is able to viewMyPHRSC

On the top left

side, user

should be ableto view

HIPAA & on

the top right

side, user

should be able

to view


34/58


_____________________________________________________________________________________________


MyPHRSC

AFT 30 Keep the cursor on thedesired ID underID(column name)

User shouldbe able toview a handicon indicatingits a link

AFT 31 Click on the desired IDunder ID(column name)

A childwindow shouldopen withwhere usercan viewFindingsdetails withsubheadings(Category,Compliance,Risk) withSubmit &Cancel(button

s)AFT 32 Click on Cancel button Finding

Details(childwindow)should beclosed


35/58


_____________________________________________________________________________________________


AFT 33 Click on the desired IDunder ID(column name)

A childwindow shouldopen withwhere usercan viewFindingsdetails withsubheadings(Category,Compliance,Risk) withSubmit &Cancel(buttons)

AFT 34 Enter/Select the desireddata & click on Submit

FindingDetails(childwindow)should beclosed

AFT 35 In Summary Details-Findings(page),click on

the same ID underID(column name)

User shouldbe able to

view thenew/changeddata which theuserentered/selected recently


36/58


_____________________________________________________________________________________________


AFT 36 Check whether user isable to view QSSI logo

User shouldNOT be ableto view QSSIlogo

AFT 37 Check whether user isable to view HIPAA+ logo& project specific logolike MyPHRSC

User shouldbe able toview HIPAA+& projectspecific logo

AFT 38 Check whether user isable to viewRecommendations inDashboard

User shouldbe able toviewRecommendations in theDashboardinstead ofCorrectiveAction Plan

AFT 39 Check whether user isable to viewRecommendations inIndividual Findings page

User shouldbe able toviewRecommenda

tions in theIndividualFindings pageinstead ofCorrectiveAction Plan


37/58


_____________________________________________________________________________________________


AFT 40 In Findings table, checkwhether width of ID &Findings(columns) areconsistent with eachother

Width of ID &Findings(columns) shouldbe consistentwith eachother

AFT 41 In ComplianceDashboard(page), checkwhether user is able toview value percentage inthe format of number &then %

User shouldbe able toview valuepercentage inthe format ofnumber & then%(percentagesymbol) Ex:99%

AFT 42 In Assessor Login, Clickon Dashboard

On the top ofthe menu,user should beable to view

SetDate(tab)

AFT 43 Click on the desiredquestionnaire (tab)

User shouldbe able toview thecorrespondingquestionnairedetails


38/58


_____________________________________________________________________________________________


AFT 44 Change/Edit the desireddetails

User shouldbe able tochange/editthe desireddetails

AFT 45 Click on Clear(button) The dataselected/entered should becleared

AFT 46 Click on Next button User shouldbe directed tothe next page

AFT 47 Now, Click on Prev User shouldbe directed toprevious page

AFT 48 Check whether the datais cleared from the

questionnaire

Data shouldNOT be

cleared fromthequestionaree

AFT 49 Select/enter/change thedesired data

User shouldbe able toselect/enter/change thedesired data


39/58


_____________________________________________________________________________________________


AFT 50 Click on Next User should

be directed to

the next

questionaree

AFT 51 In Assessor Login, Checkwhether user is able toview Set Date(tab) on thetop menu bar

NA User shouldbe able toview SetDate(tab) onthe top of themenu bar

AFT 52 Click on Set Date(tab) User shouldbe navigatedto SetDate(page)where usercan set thedesired date

AFT 53 Pre-condition: Assumecurrent date as 1 June,2011Select the date which isprevious(before) than thecurrent date

31 May 2011 User shouldNOT be ableto select thedate which isprevious(before) than thecurrent date


40/58


_____________________________________________________________________________________________


AFT 54 Pre-condition: Assumecurrent date as 1 June,2011 Selectthe date which is sameas current date

1 June 2011 User shouldNOT be ableto select thedate which isthe same ascurrent date

AFT 55 Pre-condition: Date set isafter 90 daysFrom Set thedate(Calender), Selectthe date ie, after/next to90 days from thecurrent/present date

29 Aug 2011 User shouldbe able to setthe date whichis after/next to90 days fromthe presentdate

RFT 1 Restricted UserRegistration

Click on Register on theupper right hand cornerof the page

No AdditionalInputs required

Restricteduser shouldsee a userregistrationpage

RFT 2 1)FromUserType(dropdownbox), select RestrictedUser2)Enter All Fields markedwith a red * and click onsubmit

Restricteduser shouldsee a popupwith amessagestating that theuser has beensuccessfullyregistered

RFT 3 Receive Email No AdditionalInputs required

Restricteduser Shouldreceive anemail stating


41/58


_____________________________________________________________________________________________


that they havebeensuccessfullyregistered butnot activated




User shouldbe navigatedto ActivateUser(childwindow) withrows with 4columnnames(Active,UserName,Email, Delete)with Activate &Cancel(buttons)

ADT 10 Admin Select the desiredcheckbox underActive(Column name) forwhich the user wants toactivate the account &click on Activate(button)

The usernameactivated byadmin usershould NOTbe displayedin the row &user shouldgetconfirmation


42/58


_____________________________________________________________________________________________


messageActivation ofuser(s)successful

RFT 4 Restricted UserRegistration

Check whether Restricteduser receives an emailstating that client userhas been activated & now

user can login

No AdditionalInputs required

Once the userhas beenactivated bythe Admin, the

Restricteduser shouldreceive anemail statingthat they havebeen activatedand can loginto thesystem


43/58


_____________________________________________________________________________________________


6.1.2 Internal Reviewer Functional test cases

TestScenarioID

TestDescription

Testing Method Inputs Expected Results Verification method

6.1.3 Admin Functional Test Cases

TestScenarioID

TestDescription

Testing Method Inputs Expected Results Verification method


44/58


45/58


_____________________________________________________________________________________________


6.4 Performance Test Cases

TestScenarioID

TestDescription Testingmethod Inputs ExpectedResults Verificationmethod

APT 1Verify theperformanceof home page

Enter valid url http://wwwv.healthitplus.com/HIPAA-PLUS/form.aspx

Check howmuch time itstaking to openthe homepage.

APT 2 Verify theperformanceof sign inpage

Enter validusercredentialsand click onlogin and itsnavigate tothedashboardscreen

User: hakandukuri111.Passd:qssi!@#786

Check howmuch time itstaking fromsign in pageto Home pagescreen.

APT 3. Verify theperformanceof registerpage

Click onRegister linkits navigate totheregistrationpage

Click on link Check howmuch time itstaking fromhome page toregistrationpage.


46/58


_____________________________________________________________________________________________


APT 4. Verify theperformanceof registerpage.

Give validdata click onsubmit buttonits navigate tothe homepage.

Enter valid data Check howmuch time itstaking fromregister pageto homepage.

APT 5. Verify theperformanceof AssessorRegistration

Click onAssessorRegister linkits navigate tothe Assessorregistrationpage

Click on link Check howmuch time itstaking fromregistrationpage toAssessorRegistrationpage.

APT 6. Verify theperformanceof Assessorregistrationpage.

Give validdata click onsubmit buttonits navigate tothe homepage.

Enter valid data Check howmuch time itstaking fromregistrationpage to homepage.

APT 7. Verify theperformanceof AssessorDash boardlink in homepage

Enter validsing in detailsclick onAssessorDash boardlink in homepage

Give client user credentials.hakandukuri111.Passd:qssi!@#786

Check howmuch time itstaking fromHome page toAssessorDash boardscreen.

APT 8. Verify theperformanceof theassessment

Click onassessmentsurvey tab itsnavigate to

Click on assessment survey tab Check howmuch time itstaking to openassessment


47/58


_____________________________________________________________________________________________


survey tab. the concernpage.

surveyscreen.

APT 9. Verify theperformanceof the securitytab.

Click onsecurity tabits navigate tothe concernpage.

Click on security tab. Check howmuch time itstaking to openSecurityscreen

APT 10. Verify the

performanceof the Privacytab.

Click on

Privacy tab itsnavigate tothe concernpage.

Click on Privacy tab. Check how

much time itstaking to openPrivacyscreen

APT 11. Verify theperformanceof theAgreementstab.

Click onAgreementstab itsnavigate tothe concernpage.

Click on Agreements tab. Check howmuch time itstaking to openAgreementsscreen

APT 12. Verify theperformanceof the ITOperationstab.

Click on ITOperationstab itsnavigate tothe concernpage.

Click on IT Operations tab. Check howmuch time itstaking to openIT Operationsscreen

APT 13. Verify theperformanceof theAdministrativeSafe guardtab.

Click onAdministrativeSafe guardtab itsnavigate tothe concernpage.

Click on Administrative Safe guard Check howmuch time itstaking to openAdministrativeSafe guardscreen


48/58


_____________________________________________________________________________________________



Enter validanswer andgive 20 MBdocumentupload.

Click on questions Yes and indocument Yes upload document

Check howmuch time itstaking tonavigate thenext page.


Enter validanswer anddont uploadthedocument.

Click on questions Yes and indocument NO upload document


APT 16. Verify theperformanceof thePhysicalSafeguardtab.

Click onPhysicalSafeguard tabits navigate tothe concernpage.

Click on Physical Safeguard Check howmuch time itstaking to openPhysicalSafeguardscreen

APT 17 Verify theperformanceof thePhysicalSafeguardtab.




APT 18Verify theperformanceof thePhysical Safeguard tab.




APT 19 Verify theperformance

Click onTechnical

Click on Technical Safeguard Check howmuch time its


49/58


_____________________________________________________________________________________________


of theTechnicalSafeguardtab.

Safeguard tabits navigate tothe concernpage.

taking to openTechnicalSafeguardscreen

APT 20 Verify theperformanceof theTechnicalSafeguardtab.




APT 21 Verify theperformanceof theTechnicalSafeguardtab.




APT 22 Verify thePerformanceof the submitforassessmentbutton

Enter validdata in allfields click onsubmit getsuccessfulmessage

Check howmuch time itstaking to getconfirmationsuccessfulmessage.

APT 23 Verify theperformanceof the setdate tab inassessorlogin

Click on setdate tab itsnavigate toconcernpage.

Enter assessor login credentialsUser name:assessor111Pssd: qssi!@#786

Check howmuch time itstaking to getset datepage.

APT 24 Verify theperformanceof Document

Click onDocumentReview

Click on the button Check howmuch time itstaking to get


50/58


51/58


_____________________________________________________________________________________________


6.5 Security Test Cases

6.5.1 HIPAA+ Test cases

Test Scenario ID Test Description Testing method Inputs Expected Results Verification

6.5.2 HIPAA+ ASSESSOR security test cases

Test Scenario ID Test Description Testing method Inputs ExpectedResults

Verificationmethod


52/58

_____________________________________________________________________________________________

Page 45 of 28

7. TEST ENVIRONMENT

QSSI has an internal test environment that mimics the production environment inHIPAA+. Regression Test

7.1. Hardware

The QSSI Test Team will conduct testing using standard IBM compatible Desktopworkstations.

7.2. Software

The following table contains software used throughout testing.

Table 2

SoftwareItem no Software Version Licenses

OwnerPurpose

1 MicrosoftWindows

7 HIPAA+ For end user laptops and desktops

2 MicrosoftWindowsServer

2008 HIPAA+ For hosting application services

3 MicrosoftSQL

2005 HIPAA+ For databasesHIPAA+ Website.

4 Apache

Tomcat

6.0 HIPAA+ For Hosting the Assessor Module

5 IIS HIPAA+ For Hosting the HIPAA+ Website

6 MySQL 5.2 HIPAA+ For databaseAssessor Module

7.3. Test Data

Test data will be developed according to specifications in the Interface ControlDocuments (ICD).


53/58


54/58

_____________________________________________________________________________________________

Page 47 of 28

10. ASSUMPTIONS

N/A


55/58

_____________________________________________________________________________________________

Page 48 of 28

11. RISKS AND ISSUES

N/A


56/58

_____________________________________________________________________________________________

Page 49 of 28

12. GLOSSARY

Test Summary ReportThis report summarizes what testing activities took place, including theversions/releases of the software, environment, etc. It includes information onvariances and incidents, and documents resolutions including:

a. Summary of the test including the test cases, dates tested, and pass/fail.b. Any variances from the Test Plan/Test Case Specification.

Results include problems/incidents and their resolution as well as unresolvedproblems/incidents and plans of action for resolution.

Software Verification vs. ValidationSoftware testing is used in association with verification and validation:

Verification: Process based, ensure the software is built right i.e. matching therequirement specifications.

Validation: Product based, ensure the software is built right that the customer wants.

Static vs. Dynamic testingThere are many approaches to software testing. Reviews, walkthroughs or inspectionsare considered as static testing, whereas actually executing programmed code with agiven set of test procedures is referred to as dynamic testing.

Validation Readiness Review(formally the TRR):ESD-M contractor, QSSI shall participate in the VRR which is conducted by NG afterstring testing and prior to formal systems testing. The VRR is conducted to affirm finalagreement from all stakeholders regarding the readiness of the system to begin formaltesting. The purpose of the VRR is to ensure that all prerequisites leading up to formaltesting have been met.

Implementation Readiness Review(formally the PRR):ESD-M contractor, QSSI shall participate in an IRR conducted by NG. The purpose ofthe IRR is to ensure that the release is ready for implementation activities, such that therequired system hardware, networking and telecommunications equipment, software,and databases can be installed and configured in the OTHER production environments.

A separate IRR is required for each release. Persons with technical knowledge of thesoftware products to be reviewed shall attend this review. The OTHER GTL mustapprove the release prior to implementation.

Operational Readiness Review:


57/58

_____________________________________________________________________________________________

Page 50 of 28

ESD-M contractor, QSSI shall participate in an ORR conducted by NG. The purpose ofthe ORR is to ensure that the release is ready for implementation activities, such thatthe required system hardware, networking and telecommunications equipment,software, and databases can be installed and configured in the OTHER productionenvironments. A separate ORR is required for each release. Persons with technical

knowledge of the software products to be reviewed shall attend this review. TheOTHER GTL must approve the release prior to implementation. The ORR is the finalstage where the maintainer moves the code to actual production.

Performance testingchecks to see if the software can handle large quantities of dataor users. This is generally referred to as software scalability.

Unit testingtests the minimal software component, or module. Each unit (basiccomponent) of the software is tested to verify that the detailed design for the unit hasbeen correctly implemented. In an object-oriented environment, this is usually at theclass level, and the minimal unit tests include the constructors and destructors.

Integration testingexposes defects in the interfaces and interaction betweenintegrated components (modules). Progressively larger groups of tested softwarecomponents corresponding to elements of the architectural design are integrated andtested until the software works as a system.

System testingtests a completely integrated system to verify that it meets itsrequirements.

System integration testingverifies that a system is integrated to any external or thirdparty systems defined in the system requirements.

Regression testing after modifying software, either for a change in functionality or to fixdefects, a regression test re-runs previously passing tests on the modified software toensure that the modifications haven't unintentionally caused a regression of previousfunctionality. Regression testing can be performed at any or all of the above test levels.These regression tests are often automated. More specific forms of regression testingare known as sanity testing.


58/58

APPENDICES

N/A