2.127.1 IT Test Policy 2.127.1.1 Program Scope and Objectives 2.127.1.1.1 Background 2.127.1.1.2 Authority 2.127.1.1.3 Responsibility 2.127.1.1.4 Program Management and Review 2.127.1.1.5 Program Controls 2.127.1.1.6 Terms and Acronyms 2.127.1.1.7 Related Resources Part 2. Information Technology Chapter 127. Testing Standards and Procedures Section 1. IT Test Policy 2.127.1 IT Test Policy Manual Transmittal December 06, 2024 Purpose (1) This transmits revised Internal Revenue Manual (IRM) 2.127.1, Testing Standards and Procedures, IT Test Policy. Material Changes (1) IRM 2.127.1.1 Internal controls were added to comply with Internal Management Documents (IMD) requirements Effect on Other Documents IRM 2.127.1, dated May 15, 2017, is superseded. Audience This Directive is applicable to all organizations within Information Technology (IT) responsible for testing. Effective Date (12-06-2024) Rajiv Uppal Chief Information Officer 2.127.1.1 (12-06-2024) Program Scope and Objectives The scope of this IRM applies to all testing (i.e., software application, hardware, infrastructure upgrade projects, as well as, new and current (legacy) production system upgrade projects, etc.) within IT organizations following One Solution Delivery Lifecycle (OneSDLC). The purpose of this IRM is to establish guidelines, expectations, authority, and documentation responsibility for development and facilitation of testing standards. The audience for this IRM are all organizations within IT responsible for testing. The policy owner of this IRM is the Chief Information Officer (CIO). The process owner of this IRM is Enterprise Systems Testing (EST). The primary stakeholders of this IRM are IT organizations responsible for testing. The goal of this IRM is to provide guidance and support to all IT organizations responsible for testing. 2.127.1.1.1 (12-06-2024) Background EST serves as the Test Process Owner and supports the development, facilitation, and institutionalization of the test processes within IT. EST works in collaboration with other IT organizations and stakeholders for the successful promotion of product quality. This IRM has been created to centralize and establish practices for effective testing. It establishes guidelines for performing validation and verification activities throughout all phases of the testing lifecycle. 2.127.1.1.2 (12-06-2024) Authority This Directive is to establish standards, expectations, authority, and documentation responsibility for development and facilitation of testing standards. Approval of this directive, including updates, rests with the Chief Information Officer (CIO) and Associate Chief Information Officer (ACIO) for Enterprise Services. 2.127.1.1.3 (12-06-2024) Responsibility EST is responsible for the development, implementation, and maintenance of this directive. All proposed changes to this directive must be submitted to EST. Chief Information Officer (CIO) and Associate Chief Information Officer (ACIO) for Enterprise Services is responsible for the approval of any changes to this directive. 2.127.1.1.4 (12-06-2024) Program Management and Review EST shall manage and evaluate the process based on the following mandates: EST shall have the authority and responsibility for developing IT Test Assets including Process Descriptions, Procedures, and related guidance materials. EST shall have the authority to develop, facilitate and coordinate the appropriate use of IT Test Process Assets. The planning, management, execution, and quality responsibilities of verification activities and validation activities explicitly belong to Project Managers or designated Project Leads. These methods shall be defined, including any limitations, and outlined in the project's test plan. Responsibility for all information system project management activities shall be explicitly assigned by the applicable IT Executive. All system, program, or test plans must include verification strategies addressing system integration, acceptance, regression, privacy, and security as required by Cybersecurity and Section 508 of the 1973 Rehabilitation Act as currently amended. Project generated test artifacts or work products, such as test plans, test scripts, test cases, test reports and measurements, shall be recorded and maintained in an approved repository. Measures collected and used by the projects to determine test status and/or produce resultant work products shall be reviewed during program and project reviews. All testing must have a plan that addresses verification activities and validation activities through all lifecycle phases. This is applicable to all test releases, formal or informal, whether testing is conducted by EST or is executed by individual projects, other testing components, or outside contractors. This applies to any and all approved IRS lifecycle development methodologies a project may choose to follow. 2.127.1.1.5 (12-06-2024) Program Controls This IRM complies with the Internal Revenue Service (IRS) Internal Management Documents (IMD) requirements to establish controls. Any waivers or deviations of this Directive require written approval from the ACIO, Enterprise Services. 2.127.1.1.6 (12-06-2024) Terms and Acronyms The following tables lists the terms and acronyms in this document. Terms Definitions Application Collection of software programs that automates a business function. Each application may be part of more than one application and can run on one or more servers or other hardware. Process A structured set of activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs. A process may include any of the roles and responsibilities, tools, and management controls required to reliably deliver the output. A process may define policies, standards, guidelines, activities, and work instructions if they are needed. Process Owner A role responsible for ensuring that a process is fit for its purpose. The Process Owner's responsibilities include sponsorship, design, change management and continual improvement of the process and its assets. Requirement A requirement describes a condition or capability to which a system must conform; either derived directly from user needs, or stated in a contract, standard, specification, or other formally imposed document. A desired feature, property, or behavior of a system. Validation Validation is the process whose purpose is to demonstrate that a product or product component fulfills its intended use when placed in its intended environment. In testing, validation is performed upon the completion of a given module, or even the completion of the entire application. Verification Verification is the process for ensuring that selected work products meet their specified requirements. In testing, verification is the process performed at the end of a test cycle phase with the objective of ensuring that the requirements established have been met. It is an overall evaluation activity that includes reviewing, inspecting, testing, checking, and auditing Acronyms Definition ACIO Associate Chief Information Officer CIO Chief Information Officer ES Enterprise Services EST Enterprise Systems Testing IMD Internal Management Documents IRM Internal Revenue Manual IRS Internal Revenue Service IT Information Technology 2.127.1.1.7 (12-06-2024) Related Resources The following lists the regulatory documents that validate the IT Test Policy. IRS Privacy Testing Guidance IT Test Reference Documents IT Security, Policy and Guidance IT Program Governance Directive, Process Description and Procedures IT Transition Management Directive and Process Release Readiness Review Board Procedure More Internal Revenue Manual
