Testing Policy
The following outlines the testing policy for Firefly Partners, including donation forms, email templates, and associated web assets. The purpose of this policy is to ensure the functionality, security, and user experience of these digital assets meet the standards set forth by the organization.
The objective of this testing policy is to establish a systematic approach to testing websites, donation forms, and emails to ensure they are secure, functional, and user-friendly.
This policy applies to all digital assets including donation forms, email templates, and other web-based functionalities developed, maintained, or managed by Firefly Partners.
1. Testing Process:
1.1 Pre-Deployment Testing:
- Prior to deployment, all website updates, including donation forms and email templates, must undergo thorough testing.
- Testing should encompass:
- Functionality: Ensure all features, links, and forms are working correctly.
- Security: Conduct security testing to identify and remediate vulnerabilities such as SQL injection, cross-site scripting (XSS), and input validation.
- Usability: Evaluate the user interface for accessibility, responsiveness, and overall user experience.
- Compatibility: Test across the most recent versions browsers (chrome, Firefox, Safari and Microsoft Edge), real devices or device replicators applications, and screen sizes to ensure consistent performance. We will also test using commonly used mobile devices and operating systems to ensure features are working optimally and according to established requirements.
- Performance: Assess page load times, server response times, and overall performance metrics. Also to test for assets that are not loading — 404s or 403s, as this can dramatically impact load times as the browser waits for a broken asset to load.
- Valid HTML Markup. Test against the W3C Validator for valid HTML and CSS code.
- Checking browser console messages for JavaScript errors.
- Compliance: Ensure compliance with relevant regulations such as GDPR, PCI-DSS (for donation forms), and ADA (for accessibility).
1.2 Testing Tools:
- Utilize automated testing tools for functional testing and security testing.
- Employ cross-browser testing tools like BrowserStack or Email on Acid to ensure compatibility across different platforms.
- Accessibility testing tools like Axe, WAVE, Accessibility Insights and NVDA screen reader can be used to assess compliance with accessibility standards.
- Page Performance tools like GTMetrix and Google Page Speed.
- W3C Validator to test for valid HTML and CSS code.
- WordFence Plugin to scan for malicious code or vulnerable plugins on the site.
1.3 Donation Form Testing:
- Test donation form validation to ensure accurate processing of donation amounts and payment details.
- Verify that donor information is securely transmitted and stored using encryption protocols.
- During our testing process, we use placeholder data including test credit card account numbers, when possible, to ensure our features are working as expected without using real client data.
1.4 Email Testing:
- Email templates used for communication, fundraising, or marketing purposes must be thoroughly tested.
- Test email across various email clients to ensure consistent rendering and delivery.
- Verify that all links and images within emails are functional and lead to the intended destination.
2. Testing Frequency:
- Regular testing should be conducted before major updates, releases, or changes to the website, donation forms, or email templates.
- Additionally, periodic security scans and vulnerability assessments should be performed to identify and address potential risks. Note that Firefly will only provide security scans and vulnerability assessments for clients with whom we have an active contract.
3. Documentation:
- Firefly Partners will document any identified issues and their resolutions, including security patches or updates.
4. Responsibilities:
- The development and QA teams are responsible for conducting testing in accordance with this policy.
- The IT security team is responsible for overseeing security testing and ensuring compliance with relevant standards and regulations.
- The marketing or fundraising team is responsible for ensuring email templates are engaging, accurate, and compliant with organizational branding guidelines.
5. Review and Revision:
- This testing policy will be reviewed periodically to ensure its effectiveness and relevance.
- Any necessary revisions will be made to address changing requirements or emerging threats.
6. Distribution:
- This testing policy will be distributed to all relevant personnel involved in the development, maintenance, and management of the company website, donation forms, and email systems.
- This policy provides a framework for systematic testing of the company website, donation forms, and emails to ensure they meet quality, security, and compliance standards. Compliance with this policy is essential for maintaining the integrity and reliability of these digital assets.