6. Quality assurance testing

How to ensure your OpenCRVS configuration is fully tested and ready for live use?

OpenCRVS has been thoroughly tested to ensure that all functionality is reliable and it can work on a variety of devices and levels of connectivity. From a performance perspective the minimum server configuration has been successfully stress tested with loads of up to 200 birth declarations a minute, with multiple concurrent users experiencing response times consistently less than 5 seconds. Cyber-security penetration tests have also been carried out on the application with no significant vulnerabilities found.

Although the OpenCRVS Core Product has been rigorously tested, depending on your configuration (or customisations made) it is essential that you conduct your own lab testing prior to releasing the application to users for field testing and wider rollout.

Testing types

The following are a set of tests which you should consider running:

Product Test

Product tests are systematic procedures conducted to evaluate the functionality, usability, and reliability of the deployed software. These tests aim to ensure that the product meets the specified requirements and functions as per the configuration design.


  1. Identify test cases based on requirements and user stories.

  2. Execute test cases to validate functionality, including inputs, outputs, and system behavior.

  3. Document and report any defects found during testing.

  4. Repeat testing iteratively as new features are added or changes are made.

User Acceptance Testing (UAT)

UAT is the final phase of testing where end-users validate the software to ensure it meets their requirements and expectations before deployment. It focuses on confirming that the system behaves as intended in real-world scenarios.


  1. Define acceptance criteria based on user requirements.

  2. Invite stakeholders or representative users to perform testing.

  3. Execute test cases covering typical user workflows and scenarios.

  4. Gather feedback and address any issues or discrepancies identified.

  5. Obtain formal approval from stakeholders to proceed with deployment.

Regression Tests

Regression tests verify that recent changes to the software have not adversely affected existing functionality. These tests help maintain product stability over time by ensuring that new features or bug fixes do not introduce unintended side effects.


  1. Develop a comprehensive suite of regression test cases covering critical functionalities.

  2. Execute regression tests after each software update or change.

  3. Automate repetitive regression tests to streamline the testing process.

  4. Investigate and address any failures, either due to regression issues or changes in requirements.

Smoke Tests

Smoke tests are preliminary tests performed to verify basic functionality and stability of the software build. They aim to quickly identify major issues that could prevent further testing or deployment.


  1. Select a subset of essential test cases covering core features.

  2. Execute smoke tests on each new build or deployment.

  3. Verify basic functionalities such as login, navigation, and critical workflows.

  4. If smoke tests pass, proceed with more extensive testing or progress with deployment; otherwise, halt further testing and address issues.

Performance Tests

Performance tests evaluate the responsiveness, speed, and scalability of a software application under various load conditions. These tests help identify performance bottlenecks and optimize system resources. A set of non-functional requirements are defined in the OpenCRVS Specifications v1.4, which will need to be adapted to your country context.


  1. Define performance metrics and objectives based on user expectations.

  2. Create test scenarios simulating realistic usage patterns and load conditions.

  3. Use tools to simulate concurrent users, transactions, or data volume.

  4. Measure and analyze system response times, throughput, and resource utilization.

  5. Optimize resource usage to improve performance as needed.

Technical Tests

Technical tests, such as failover and backup procedures, ensure the reliability and availability of the software system in the event of hardware failures, disasters, or data loss.


  1. Develop failover and disaster recovery plans detailing procedures for system recovery.

  2. Test failover mechanisms by intentionally simulating hardware failures or network disruptions.

  3. Verify backup procedures by regularly backing up critical data and restoring from backups.

  4. Document and update technical tests and procedures based on system changes or improvements.

  5. Conduct periodic drills or tabletop exercises to validate the effectiveness of failover and backup procedures.

Penetration Testing:

Penetration testing involves simulating cyber-attacks on a software system and its infrastructure to identify vulnerabilities and assess its security posture. It is a mandatory testing phase before live use of OpenCRVS to mitigate risks that PII could be accessed or misused. This testing should be organised with an accredited partner, for example with CREST and CyberEssentials certification.


  1. Define objectives, scope, and rules of engagement for the test.

  2. Gather information about target systems and potential vulnerabilities.

  3. Assess identified weaknesses for potential exploitation.

  4. Attempt to exploit vulnerabilities to gain unauthorized access.

  5. Document findings and provide recommendations for strengthening security.

Test cases

The OpenCRVS testing team has developed a set of testing assets that can be used to support your own testing needs. The OpenCRVS Test Case Repository contains all of the test cases used for testing the core product, which can be reused or modified for your own testing purposes.

See also the Regression and Smoke Test Scope the tabs for regression tests and smoke tests for recommended test scope.

Raising OpenCRVS defects

If you suspect that you have discovered a defect in the OpenCRVS Core Product, please share details with our team using the following procedure. You can view existing issues and raise new ones at https://github.com/opencrvs/opencrvs-core/issues.

Your issue will be fixed much faster if you spend about half an hour preparing it, including the exact reproduction steps and a demo.

Steps to complete a detailed defect report are as follows:

  1. Describe the bug (a clear and concise description of what the bug is)

  2. Which feature of OpenCRVS does your bug concern?

  3. To reproduce (steps required to reproduce the behaviour) e.g.

    • Login as a Registrar

    • Go to '...'

    • Click on '....'

    • Scroll down to '....'

    • See error

  4. Expected behaviour (a clear and concise description of what you expected to happen)

  5. Actual behaviour (describe what happened, including screenshots and video)

  6. OpenCRVS Core Version e.g. v1.4.0 (Git branch: master / release-v1.4.0)

  7. Country Configuration Version e.g. v1.4.0 (Git branch: master / release-v1.4.0)

  8. Device

    • OS: [e.g. iOS]

    • Browser [e.g. chrome]

    • Version [e.g. 22]

  9. Possible fixes (if you can, link to the line of code that might be responsible for the problem)