OpenCRVS has been thoroughly tested to ensure that all functionality is reliable and it can work on a variety of devices and levels of connectivity. From a performance perspective the minimum server configuration has been successfully stress tested with loads of up to 200 birth declarations a minute, with multiple concurrent users experiencing response times consistently less than 5 seconds. Cyber-security penetration tests have been carried out on the application with no significant vulnerabilities found.

Depending on your implementation and the configuration changes (or customisations) you have made, it is always prudent to conduct your own lab testing prior to releasing the application to users for field testing and wider rollout.

At a minimum, a number of functional smoke tests should be conducted to ensure that the application has been installed correctly and the configuration is working as expected. A smoke test should include the following:

• create and update users (National System Admin and Local System Admin)

• birth registration flows (tested with Field Agents, Registration Agents and Registrars)

• death registration flows (tested with Field Agents, Registration Agents and Registrars)

• performance management (tested with National Registrar, Performance Manager and Registrars)

• use of the actual devices (e.g. laptops, tablets) to be used by staff

Email us at team@opencrvs.org for access to the full set of product test cases and scripts.

Performance testing should be conducted, with stress test thresholds set based on the maximum number of vital event registrations expected. For example, in Farajaland there are 20,000 births expected per annum, or approximately 100 births per working day.

Penetration testing of the application and infrastructure is essential to mitigate risks that PII could be accessed or misused. This should be organised with an accredited partner, for example with CREST and CyberEssentials certification.