3.4.5 Testing

No: 43028139

Date(g): 4/11/2021 | Date(h): 29/3/1443

Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right

Principle

All changes to information systems should be comprehensively tested on the test environment based on the defined and approved test cases to ensure that changes meets the business requirements as well as to identify defects or vulnerabilities before releasing changes to the production environment.

Control Requirements

1.	Test plan should be formally defined, approved and documented for the changes.
2.	Test case should be defined, approved and documented for the changes. In addition, test case should address the following, but not limited to:
	a.	test case name and unique ID;
	b.	test case designed by and tested by;
	c.	test case description with clear identification of negative and positive test cases;
	d.	test priority;
	e.	date of the test execution;
	f.	data use to test the cases;
	g.	status of the test case (i.e. pass or fail);
	h.	expected outcome of the test case; and
	i.	third party testing certification requirement, if applicable, i.e. MADA, Tanfeeth, etc.
3.	At a minimum, the following types of testing should be considered as part of system change management.
	a.	unit testing;
	b.	system integration testing (SIT);
	c.	stress testing (if applicable);
	d.	security testing; and
	e.	user acceptance testing (UAT).
4.	All changes to information system should be thoroughly tested on a separate test environment in accordance with the approved test cases.
5.	All changes should be formally tested and accepted by the concern business users.
6.	Testing should include positive and negative test cases scenarios.
7.	The results of UAT should be documented and maintained for future reference purposes.
8.	The production data should not be utilized for system testing in the test environment. Only sanitized data should be used for testing purposes.

Soft Launch