Skip to content

Test Strategy

LMU/COICP Example

Test Strategy Example

Define the LMU/COICP verification strategy for the integrated baseline that becomes RC-001, including evidence behavior, access checks, status transitions, emergency boundaries, AI deferment, regression stability, and known risks.

ES-109 Strategy Verification Focus

Example purpose

This artifact defines the ES-109 testing strategy for LMU/COICP.

Testing focuses on the ES-108 integrated baseline and the risks carried forward from integration: evidence write failure handling, access-control coverage, status transition validation, emergency-boundary behavior, and AI Incident Summary deferment.

Project

LMU Campus Operations and Incident Coordination Platform

Document control

Field Value
Artifact owner COICP Product Engineer
Primary reviewers Architecture Review Board chair, IT security reviewer, AI reviewer, Compliance reviewer, Campus Safety liaison
Status Accepted for ES-109 baseline
Last updated 2026-07-06
Related Engineering Stage ES-109 — Testing and Verification
Project workspace target docs/project-workspace/testing/test_strategy.md
Source stage ES-108 — Integration

Testing context

Field Value
Integrated baseline under test LMU-COICP-INT-001
Candidate produced by testing LMU-COICP-RC-001
Target release posture Internal engineering review only
Planned review environment LMU-COICP Internal Engineering Review Environment
Planned dataset Spring Semester Synthetic Incident Dataset
Planned synthetic records 421
Planned reviewer accounts 24
Planned review window March 18–22, 2026
AI Incident Summary Deferred / disabled
Operational pilot Not approved

Source evidence

docs/project-workspace/requirements/
docs/project-workspace/design/
docs/project-workspace/implementation/
docs/project-workspace/integration/

Strategy summary

ES-109 verifies whether the integrated baseline is stable enough to be evaluated by ES-110 Release Readiness for LMU internal engineering review only.

Testing targets the baseline that will become LMU-COICP-RC-001 if release-readiness review accepts it under conditions.

Verification priorities

Priority LMU Reason
EvidenceEvent creation for official state changes COICP depends on reviewable evidence for incident accountability.
Evidence failure behavior LMU cannot trust official state if evidence cannot be written.
Access-control denial for unauthorized protected actions Campus Operations, Residence Life, Facilities, and IT roles must not bleed together.
Invalid status transition rejection Incident state must not become incoherent during handoff or closure.
Emergency-related or out-of-scope incidents blocked or redirected COICP must not become dispatch, emergency notification, or prohibited-record workflow.
AI official-summary path absent AI Incident Summary is deferred and must not leak into official records.
Core create incident workflow stable after integration The baseline must support meaningful internal review.
Retention assumptions not hard-coded Retention remains a compliance/governance decision.

Test levels

Level Purpose LMU Applies To
Unit Verify validation and small logic units. status validation, incident fields, evidence event construction
Integration Verify workflow behavior across components. incident creation, status update, evidence creation, access denial
Manual / review Inspect guardrail-sensitive behavior. AI deferment, retention, evidence failure behavior
Regression Confirm ES-108 integration did not break baseline. create, validate, deny, evidence event checks
Failure-path Verify safe behavior when evidence or authorization fails. TC-007 evidence write failure, invalid transitions
Safety-boundary Verify emergency or prohibited categories are not normal workflow. TC-012 Campus Safety synthetic scenario

Guardrail focus

Guardrail Verification Focus
G-001 Official state changes create EvidenceEvent records normal create/update paths and evidence write failure path
G-002 AI output not official without human review AI deferment and official-summary absence
G-003 Protected actions require access check unauthorized create and broader access matrix
G-004 Emergency/out-of-scope incidents not normal workflow out-of-scope category rejection and Campus Safety scenario
G-005 Retention assumptions not hard-coded retention implementation inspection
G-006 Direct updates do not bypass evidence update workflow and evidence failure review

Known testing risks

Risk Testing Response
Automated test command evidence may be immature. Record command gaps and carry DEF-005 to release readiness.
Evidence write failure behavior may require simulation. Mark TC-007 high-risk if blocked.
Access-control matrix may exceed current role coverage. Start with reviewer-role tests and record DEF-002 if incomplete.
Status transition validation may be incomplete. Execute TC-006 and log DEF-001 if inconsistent.
Emergency-boundary testing may not be complete. Use Campus Safety scenario and log DEF-004 if not fully formalized.
AI feature is deferred. Verify no partial AI official-record path exists.

Continue to Test Plan

Translate the LMU test strategy into scope, owners, phases, and exit criteria.

Open Test Plan →