2.127.1. IT Test Policy

(1) Information Technology, Enterprise Services, Enterprise Systems Testing (EST) is responsible for the development, implementation, and maintenance of this directive. Approval of this directive, including updates, rests with the Chief Information Officer (CIO) and Associate Chief Information Officer (ACIO) for Enterprise Services. All proposed changes to this directive must be submitted to EST.

(1) This Directive is to establish standards, expectations, authority, and documentation responsibility for development and facilitation of testing standards.

(2) EST serves as the Test Process Owner and supports the development, facilitation, and institutionalization of the test processes within IT. EST works collaboratively with other IT organizations and Stakeholders for the successful promotion of product quality. This Directive has been created to centralize and establish practices for effective testing. It establishes requirements for performing verification activities and validation activities throughout all phases of the testing life cycle.

(1) This Directive applies to all testing (i.e. software application, hardware, infrastructure upgrade projects, as well as, new and current (legacy) production system upgrade projects, etc.) within IT organizations whether or not they are following Enterprise Life Cycle (ELC) Methodology.

(1) This Directive contains the following mandates:

• EST shall have the authority and responsibility for developing IT Test Assets including Process Descriptions, Procedures, and related guidance materials

• EST shall have the authority to develop, facilitate and coordinate the appropriate use of IT Test Process Assets

• The planning, management, execution, and quality responsibilities of verification activities and validation activities explicitly belong to Project Managers or designated Project Leads. These methods shall be defined, including any limitations, and outlined in the project's test plan

• Responsibility for all information system project management activities shall be explicitly assigned by the applicable IT Executive

• All system, program, or test plans must include verification strategies addressing system integration, acceptance, regression, privacy, and security as required by Cybersecurity and Section 508 of the 1973 Rehabilitation Act as currently amended

• Project generated test artifacts or work products, such as test plans, test scripts, test cases, test reports and measurements, shall be recorded and maintained in an approved repository

• Measures collected and used by the projects to determine test status and/or produce resultant work products shall be reviewed during program and project reviews

• All testing must have a plan that addresses verification activities and validation activities through all lifecycle phases. This is applicable to all test releases, formal or informal, whether testing is conducted by EST or is executed by individual projects, other testing components, or outside contractors. This applies to any and all approved IRS lifecycle development methodologies a project may choose to follow

(1) Any waivers or deviations of this Directive require written approval from the Associate Chief Information Officer, Enterprise Services.

(1) The following lists the regulatory documents that validate the IT Test Policy.

• Acquisition Management Directives (Dir-AcqMgt)

• Enterprise Life Cycle (ELC), ELC Guidance

• IT Testing and Related Work Products Process Description

• IT Test Procedures

• IT Peer Review Procedure

• IT Security Policy and Guidance

• IT Program Governance Directive, Process Description and Procedures

• Release Readiness Review Board Procedure

• IRS Privacy Testing Guidance

• IT Transition Management Directive and Process