Test plan

Prepared by: Mohammed Asaad Irfan

Introduction
In our testing plan for Nexus Inc.'s Internal Correspondence System, we focus on ensuring
functionality, usability, performance, accessibility, and data security. Our approach
involves systematic testing methodologies to validate the system's capabilities and mitigate
potential risks. Through rigorous testing, we aim to deliver a reliable and efficient
communication platform that enhances collaboration among team members.

Testing resources
Testers and roles:
1. Siyeshen Govender – (Project Activity Coordinator and Communications Officer)
2. Mohammed Asaad Irfan – (Secretary)
3. Zian Ariff Ali – (Software Coordinator)
4. Neil Alvares – (Security Coordinator)
5. Ansh Babbar – (Librarian)

Scope of testing
In scope:

1. Functional Testing: Functional testing ensures that each feature operates according to
the specifications. For the system, the following functional tests will be conducted:
Login Screen (MFR1):
- Test cases include entering valid/invalid credentials, handling MFA verification, and
compatibility across various browsers and devices.
Inbox Feature (MFR2):
- Test the sorting options (by date, sender, importance) and the ability to handle hundreds
or thousands of messages efficiently.
Internal Messaging (MFR3):
- Test sending and receiving messages in real-time and validating message delivery
reliability under different traffic levels.
 Document and Attachment Sharing (MFR4):
Test file upload limits, file encryption, and successful secure transfer of documents.
Instant Notifications (MFR5):
- Validate real-time notifications for message delivery and document arrival, ensuring
they sync across devices.

- Profile Update (MFR6):

- Test updating personal details like phone number, name, etc., and validate real-time
changes and concurrency.

- Mandatory and Non-Mandatory Reply Messages (MFR7):

- Test the selection mechanism for reply to types and track mandatory messages with
proper alerts for unanswered ones.

- Unread Message Reporting/Escalation (MFR8):

- Validate alert mechanisms for unread mandatory messages after 3 days and test the
background task system.

- Appointment and Meeting Management (MFR10):

- Test scheduling, conflict detection, integration with external applications like Google
Calendar, and tracking attendance.

Attendance Tracking (MFR11):

- Test real-time tracking of attendance for meetings and appointments, ensuring
synchronization with HR systems.

Announcement Messaging (MFR12):

- Validate that announcements are visible to all intended users and departments without
delay.
Password Reset (MFR13):
- Test password reset options with MFA, confirmation via email, and resistance to threats
like brute force or phishing.
Access Control (MFR14):
- Test user access restrictions based on roles and ensure unauthorized users cannot access
restricted sections.
User Status Management (MFR15):
- Test status updates (Online, Offline, Busy, etc.) and ensure these are visible and
correctly synced across devices.
Custom Folder Creation (MFR16):
- Test the creation and management of custom folders and their impact on message
organization, archiving, and retrieval.
2. Performance Testing:
Performance testing assesses the system's efficiency and responsiveness under different
conditions:
Load Testing:
- Simulate multiple concurrent users accessing the login, inbox, and messaging features to
observe system performance and resource usage.
Stress Testing:
- Evaluate how the system handles extreme scenarios, such as a sudden spike in messages
or file uploads, to ensure stability.
Scalability Testing:
- Assess the system’s ability to handle increasing workloads, especially in the messaging,
document sharing, and search functionalities.
3. Security Testing:
Security testing verifies the system’s protection mechanisms for user data and credentials:
Authentication and Authorization:
- Test MFA implementation and access control based on user roles, ensuring that only
authorized users gain access.
Data Encryption:
- Verify encryption of messages and document transmissions to protect sensitive
information.
Password Reset Vulnerabilities:
- Assess the strength of the password reset mechanism against phishing, brute force
attacks, and unauthorized access.
4. Compatibility Testing:
- Ensure that the system is compatible across various browsers (Chrome, Firefox, Edge)
and desktop environments (Windows, Mac OS).
5. Regression Testing:
- After implementing fixes or updates, perform regression testing to ensure no new issues
arise from recent changes.
This comprehensive testing plan will help validate the system’s functionalities,
performance, security, and compatibility, ensuring a smooth and secure internal
correspondence system.

Out of scope:

1. Performance Under Extreme Load Scenarios (MNFR1, ONFR5)

Scope Exclusion: Performance testing for extreme load scenarios beyond the specified
requirements (e.g., massive surges in traffic beyond peak estimates or testing on highly
specialized hardware environments).

Reason: Testing beyond the expected load range is not feasible within the given time and
budget constraints. Only expected traffic and usage patterns will be tested within the
defined boundaries.

2. Advanced Security Penetration Testing (MNFR2, ONFR3)

Scope Exclusion: In-depth penetration testing and ethical hacking exercises that go beyond
standard security measures like encryption verification, basic vulnerability scanning, and
MFA validation.

Reason: Such testing requires specialized expertise, time, and additional resources that may
not be available during the development phase. These advanced security measures would
be better suited for a later phase or handled by a specialized security team.

3. Scalability Tests Beyond Current Infrastructure (MNFR3)

Scope Exclusion: Testing scalability for future expansions beyond the current
infrastructure, such as the ability to integrate future modules or support a tenfold increase
in user base.

Reason: This testing phase will only focus on ensuring that the system can scale within its
current setup. Future scalability needs will be evaluated in a subsequent project phase when
expansions are planned.
4. Full Reliability/Uptime Monitoring Over Long Durations (MNFR4)
Scope Exclusion: Long-term reliability testing to validate a 99.9% uptime guarantee,
including continuous monitoring over extended periods (months/years).

Reason: Full reliability validation requires prolonged testing beyond the typical
development schedule. Monitoring uptime and reliability in real operational environments
will be conducted post-deployment.

5. Usability Testing Across All Device Types and User Scenarios (MNFR5, ONFR4)
Scope Exclusion: Testing the interface's usability and responsiveness on every possible
device type and operating system version (e.g., outdated browsers or rare device models).

Reason: The testing will focus on commonly used devices and browsers as per market data.
Testing every possible configuration is not feasible within the given schedule and may
require additional resources and time.

6. Physical Environment Variability Testing (MNFR7)

Scope Exclusion: Extensive compatibility and performance testing in all potential physical
environments (e.g., compatibility with non-standard network configurations or specialized
IT infrastructures beyond the typical setup).

Reason: Testing will focus on standard office setups and typical environments expected
within the organization. Uncommon or highly customized physical environments are
excluded due to their variability and associated costs.

7. Error Handling Under Rare or Catastrophic Conditions (MNFR8)

Scope Exclusion: Testing error handling and recovery processes under extreme or unlikely
conditions, such as full data center outages or catastrophic hardware failures.

Reason: Such scenarios go beyond regular testing scope and require simulation of rare
conditions, which might not be achievable with current testing resources. Simulations will
be limited to common errors and failures within expected operational parameters.
8. Cross-Platform Testing for Outdated or Obsolete Browsers (ONFR2)
Scope Exclusion: Full support testing for outdated, deprecated, or niche browsers/platforms
(e.g., Internet Explorer versions or obscure Linux distributions).

Reason: The focus will be on modern and widely used platforms that align with current
web standards. Supporting outdated or less common platforms would require additional
resources and is not aligned with the current strategy.

9. Backup and Recovery Beyond Standard Testing (ONFR1)

Scope Exclusion: Stress testing of backup and recovery procedures using large datasets or
simulating extreme conditions such as full database corruption scenarios.

Reason: Backup and recovery testing will focus on standard cases and medium-sized
datasets to align with the project’s scope and timeframe. Extreme conditions and larger
datasets will be tested in later phases when the system has scaled up.

10. Resource Usage Testing Beyond Regular Constraints (ONFR5)

Scope Exclusion: Testing of resource usage (CPU, memory, bandwidth) under conditions
that exceed regular hardware limitations (e.g., using highly specialized hardware setups or
testing bandwidth requirements in unique geographical locations).

Reason: The testing will be limited to standard hardware setups and the primary network
environments expected within the organization. Advanced testing with specialized setups
requires more resources and is beyond the initial testing phase.

Testing approaches

Our testing approach encompasses a combination of systematic methodologies and best

practices to ensure comprehensive coverage and reliability in assessing Nexus Inc.'s
Internal Correspondence System. The methodology follows a structured and iterative
process that involves planning, execution, and evaluation phases to identify defects,
validate functionality, and optimize performance, ensuring a seamless communication
experience for all users.
 ● Improve Internal Communication
Improve the fast and timely communication exchange among employees by using
grouping messaging services to respond faster to clients across departments.

● Enhance Data Security and Confidentiality

Keep communication and data transfer safe and utilise secure internal and external
transmission, restricted access, and frequent backup.

● Increase Work Efficiency

Eliminate the use of multiple third-party apps and paper-based communication by
combining messaging along with documents, calendars and workflow management in
one idyllic place, resulting in less time to make and execute decisions.

● Reduce Operational Costs

Reduce the costs of leveraging third-party applications by creating an internal solution
that is not costly and does not require significant integration.

● Support Scalability and Flexibility

Come up with a structure that should be expandable without much effort to enhance the
design to meet future organisational growth objectives and contemplate sustainable
approaches.

● Simplify Document Management

It also allows the employee to store, archive, retrieve and share documents seamlessly
from their interface, which will help manage correspondence and documents.
1.

Risks
Nejoum Aljazeera faces several major issues due to its adoption of third-party applications
for inter and intra-organisational dialogues and processes. These issues are limiting the
company’s efficiency, security, and overall operational effectiveness such as:

1. Lack of Centralised Communication:

Consequently, employees engage multiple third-party tools for communication within the
company, document sharing, and approvals. Using multiple systems creates confusion
among the employees, resulting in delay and ineffective communication between them.

2. Security Risks:
Using third-party intermediaries to manage internal communications that require security
brings many vulnerabilities. Nejoum Aljazeera has very little control over storing, sending
or securing information, which is a weakness for the company because an attacker may
infiltrate, steal essential information, or even gain unlawful access.

3. Inefficient Workflow Management:

For instance, the current working system entails low levels of automation for typical
intranet tasks like document authorisation, enforcement of organisational policies, and even
monitoring of tasks. Employees must manage and execute these complex workflows,
which are prone to human endeavour, resulting in delays and operational hitches.

4. Integration Complexities:
Connecting outside applications with the current framework presents numerous technical
challenges and overheads. In this respect, alteration or enhancement of external platforms
can pose significant constraints as different external platforms cause interference with the
internal system, thereby developing downtimes and/or reduced functionality.

5. Compliance and Data Privacy Concerns:

Third-party applications are not likely to meet the company's regulatory/privacy policy
standards. This is an enormous problem as far as the processes of data safeguarding and
compliance with steep industry guidelines are concerned.

6. Increased Operational Costs:

Improper use of the third-party tool can result in a high cost of operation due to recurring
charges for using the tool, charges for integration of the tools and the cost of handling
many tools at the same time. Such expenses are accumulated within a few years and are a
burden on the organisation’s expenditure.

Mitigations

1. Centralised Communication Platform

The messages, documents and even internal processes related to projects will be combined
into one platform. This will enable employees to use their communication tools, share
documents and even work together in real time with no need to navigate between
miscellaneous third-party solutions.
Such factors as notification, message tracking, and archiving will guarantee no
correspondence is missed or lost during communication.

2. Enhanced Security and Data Protection

The internal system will also employ Security for all messages and document exchanges
and the level of security shall allow only the respective recipients to access the given
information.
Data backup and user permission management will also add other security features and
control information access for certain users within the organisation.
As a result of not outsourcing the services, Nejoum Aljazeera can easily follow complex
internal security policies and meet industry data protection standards.

3. User-Friendly Interface
The correspondence system will have a user-friendly mechanism that enrols all employees
in the system. It will consist of an Inbox, Outbox, Message Archive and Search & Filter
options, enabling users to manage communication transactions effectively.
There will be very few trainings as this will reduce the challenges involved in migrating
from the current third-party applications to a new one.

4. Appointment and Meeting Management

Appointment scheduling applications with meeting solutions will make it easier for
employees to fix up the meetings, attendance, and recording of outcomes. It will also have
a calendar sync-on option whereby users can schedule their consults at their most
convenient time.
This will replace the need for outside scheduling platforms, making the organisation within
the company much more effective.

5. Internal-Only Architecture
As the new system will be entirely internal, it can be noted that there will be no such
integrations with third parties. This guarantees the company full control over its
communication infrastructure and can make alterations to the system as required.