Skip to content

πŸ§ͺ E8 Assessment Framework Test Plan

Executive Summary

This test plan validates the Essential Eight (E8) Assessment Framework's ability to deliver on its core promises:

  • 85% pre-completion through triple-crossover intelligence
  • Intelligent routing (IT: ~35 questions, Board: ~5 questions)
  • Accurate maturity level calculations
  • Board-friendly 2-3 minute decision process

Test Objectives

Primary Objectives

  1. Validate Mapping Accuracy: Ensure 152 ACSC controls correctly map to 40 questions
  2. Verify Pre-fill Engine: Confirm 85% pre-completion from crossover sources
  3. Test Role Routing: Validate questions route to appropriate stakeholders
  4. Confirm Board Experience: Ensure board interface delivers 2-3 minute decision capability
  5. Validate Maturity Calculations: Verify ML0-ML3 calculations match ACSC guidance

Secondary Objectives

  • Document integration points with UQB
  • Validate audit trail completeness
  • Confirm delegation workflows
  • Test edge cases and failure modes

Test Scope

In Scope

  • All 40 E8 assessment questions
  • Triple-crossover intelligence (policies, insurance, prior assessments)
  • Role-based routing logic
  • Maturity level calculations
  • Board presentation layer
  • Audit trail generation

Out of Scope

  • UI implementation (covered in Task 86)
  • API performance testing (pre-code phase)
  • Load testing (single-tenant MVP)
  • Integration with external systems

Test Methodology

1. Document-Based Validation

Since GetCimple is in documentation phase, testing involves:

  • Walking through scenarios on paper
  • Validating logic flows
  • Checking mathematical calculations
  • Reviewing mapping accuracy

2. Scenario-Based Testing

Three representative scenarios:

  • Small business (10 employees, no board)
  • Medium enterprise (50 employees with board)
  • Regulated entity (financial services with compliance requirements)

3. Coverage Analysis

  • Ensure all 152 ACSC controls have representation
  • Verify all 8 E8 strategies are assessed
  • Confirm all maturity levels are achievable

Test Scenarios

Scenario 1: Small Business (TechStartup Pty Ltd)

Profile: 10-person SaaS startup, no formal board, basic IT setup

Test Points:

  1. Pre-fill from basic policies (expect 30-40% completion)
  2. All questions route to IT manager/founder
  3. Simplified maturity view (no board interface)
  4. Target setting by management only
  5. Quick wins identified for ML1

Expected Outcomes:

  • Current maturity: ML0-ML1 mix
  • Completion time: 20-25 minutes
  • Pre-fill rate: 35%
  • Recommended target: ML1 across all strategies

Scenario 2: Medium Enterprise (MedCorp Limited)

Profile: 50 employees, board with 5 directors, IT team of 3

Test Points:

  1. Pre-fill from policies and cyber insurance (expect 70% completion)
  2. Technical questions route to IT team
  3. Governance questions escalate to board
  4. Board sees "90% complete by IT"
  5. Clear ML2 pathway presented

Expected Outcomes:

  • Current maturity: ML1-ML2 mix
  • Board decision time: 2-3 minutes
  • Pre-fill rate: 70%
  • Recommended target: ML2 for critical strategies

Scenario 3: Regulated Entity (FinanceCore Pty Ltd)

Profile: 100 employees, regulated by APRA, mature governance

Test Points:

  1. Pre-fill from comprehensive sources (expect 85% completion)
  2. Complex routing through compliance team
  3. Board focus on ML2+ compliance
  4. Regulatory alignment validation
  5. Advanced maturity options presented

Expected Outcomes:

  • Current maturity: ML2 baseline
  • Board review time: 3-5 minutes
  • Pre-fill rate: 85%
  • Mandatory target: ML2 minimum, ML3 for critical

Success Criteria

Functional Criteria

  • βœ… All 40 questions map to ACSC controls
  • βœ… Pre-fill achieves 60%+ average across scenarios
  • βœ… Role routing accuracy > 95%
  • βœ… Board decision time < 5 minutes
  • βœ… Maturity calculations align with ACSC model

Quality Criteria

  • βœ… No ambiguous questions
  • βœ… Clear delegation paths
  • βœ… Audit trail captures all decisions
  • βœ… Board language is non-technical
  • βœ… Recommendations are actionable

Test Execution Timeline

Phase 1: Mapping Validation (2 hours)

  • Review 152 β†’ 40 control mapping
  • Verify coverage of all E8 strategies
  • Document any gaps or overlaps

Phase 2: Scenario Execution (3 hours)

  • Walk through each scenario
  • Document question routing
  • Calculate pre-fill rates
  • Time board decision process

Phase 3: Results Documentation (1 hour)

  • Compile test results
  • Document findings
  • Create recommendations
  • Update framework documentation

Risk Assessment

High Risk Areas

  1. Pre-fill Accuracy: May not achieve 85% target

  2. Mitigation: Set realistic expectations (60-85% range)

  3. Board Complexity: 5 questions may still be too many

  4. Mitigation: Create executive summary option

  5. Maturity Calculation: Edge cases in ML determination

  6. Mitigation: Document calculation rules clearly

Medium Risk Areas

  1. Role Ambiguity: Some questions span multiple roles

  2. Mitigation: Allow collaborative answering

  3. Crossover Conflicts: Different sources give different answers

  4. Mitigation: Implement confidence scoring

Test Deliverables

  1. Test Execution Report: Results from all scenarios
  2. Validation Checklist: Completed validation items
  3. Gap Analysis: Any framework deficiencies found
  4. Recommendations: Improvements for implementation
  5. Audit Documentation: Evidence of testing completion

Conclusion

This test plan ensures the E8 Assessment Framework delivers on its promises before UI implementation begins. Focus is on validating the core logic, routing accuracy, and board experience rather than technical implementation details.