The Client needed to ensure adequate app security to mitigate any issues arising to avoid them being magnified and discussed in the media.
An additional challenge for the Client was ensuring app accessibility for the entire UK population.
Enabled a Performance & Security test approach by selecting the right environment and workload to conduct Regression Performance and Security testing at each week release level.
Performed exhaustive accessibility testing across all aspects of the app.
The Client was able to ensure there was less margin for errors due to the number of people using the app and security updates were released weekly.
Identified and fixed 35+ accessibility bugs across the app.
Our Client was established to lead the digital transformation of health and social care across every NHS healthcare setting in the UK, driving the safe sharing of patient data to all clinicians, improving patient care and safety.
The NHS response to the COVID19 pandemic was driven by our Client. They were responsible for the “The Covid Pass Program” – the “Covid Status” certification program which was both a digital and a non-digital program. It aimed to provide the vaccination/diagnostic status of the UK’s residents (England and Devolved administrations within Wales, Scotland, NI and Crown Dependencies like Isle of Man, Guernsey, Jersey, and Overseas Territories such as Gibraltar) as a 2D Barcode which could be scanned by a verifier app to gain access to international travel, domestic travel, retail outlets and sport and social events.
Our Client’s work involved the delivery and maintenance of the UK’s “Covid Passport”, which interfaced with the overall vaccination program within the UK to help in opening the economy post-pandemic in a safe and controlled manner. It was a critical transformation program with multiple integrations and data sources and strict timelines, based upon changes by the UK Government with approval from Parliament. The ultimate stakeholder was the Cabinet Health Secretary for whom the Department for Health and Social Care works.
Our Client faced several challenges with this, including:
Performance: A high demand on the app from travellers and domestic users during peak Covid times and frequent government policy changes meant the immediate programme deliverables changed often and fast.
Quality assurance: Strong collaborative quality assurance governance and planning was required to ensure all features in a release had undergone the required quality assurance testing to accommodate last-minute changes to sprint and release backlog prioritisation.
INVEST principles: Functional and non-functional requirements for key stories/epics did not initially conform to INVEST principles. The quality assurance team introduced a governance process to ensure that all user stories entering the current release cycle had been reviewed and followed the principles of INVEST. This enabled rapid deliveries of functionality to be assessed appropriately, test coverage reviewed, and prioritised test cases written and executed in sprint.
Environment availability/config synchronisation: This was a challenge to concurrent testing across all services. This led to issues logged as defects because test environments were out of sync. The quality assurance team collaborated with wider teams across the programme to establish the root cause of environmental issues and manage resolution, redeployment, and retest activities to ensure the issues did not reoccur.
As part of ensuring quality for “The Covid Pass Program”, Qualitest provided a comprehensive quality assurance solution for this service and validated the Azure FHIR-based solution setup hosted in the Azure Cloud platform, which is utilized by both Web and Native Mobile application. The project’s main objectives included:
To ensure accessibility for the “The Covid Pass Program”, our solutions included exhaustive accessibility testing which identified 35+ bugs across the application. In addition, we also provided continuous performance evaluation on the weekly release cadence, performance monitoring and diagnosis, security testing on the weekly release cadence and accessibility-testing-as-a-service (ATAAS).
When it came to the performance of the testing, Qualitest identified several improvements that were made to the Covid Passport Program as a result:
In addition, a further 25+ bugs were in the Web App with severity levels ranging from ‘Very high’ to ‘Low’ against WCAG 2.1 guidelines. When it came to testing the mobile app, 10+ bugs were identified with severity levels from ‘Very high’ to ‘Low’. The accessibility of the app was also validated across multiple browsers, devices, and OSs on all pages.
When undertaking security testing a ‘Critical’ vulnerability was detected on key length in the RSA cipher algorithm during SAST testing, and multiple ‘High’ vulnerabilities on the package version were also identified which could potentially cause a DDoS attack and Session steal. These vulnerabilities were fixed to help improve the security of the app.
The “Covid Passport Program” was so successful it won the Pandemic Innovation category at the Digital Leaders Impact Awards in 2022, with Qualitest’s contribution being recognized as key to its success. In addition, the program also won the “Best Agile project with Qualitest at the European Software Testing Awards 2022.
Download the PDF
