Winsights.life

Im sharing a draft Standard of Work for the testing to be done. At this point, we are open to feedback, modification by Kasey or others as assigned, and questions. Kasey is also working on a fair hourly rate for your efforts. Your input is welcome.

Winsights Social

Standard of Work (SOW)

Role-Based Testing: Admin, Moderator, Patient

1. Purpose

This document defines the scope, expectations, testing procedures, and success criteria for evaluating the Admin, Moderator, and Patient roles within the Winsights Social test environment.

The goal is to:

• Validate role permissions and boundaries

• Confirm workflow integrity

• Identify usability, security, and logic flaws

• Ensure patient-centered design

• Document reproducible issues for development review

2. General Testing Standards (Applies to All Roles)

All testers must:

• Use assigned test credentials only

• Document each test scenario step-by-step

• Capture screenshots or screen recordings for issues

• Record:

• Date

• Device and browser

• Role used

• Expected result

• Actual result

• Severity level (Low / Medium / High / Critical)

Issue Severity Definitions

• Critical – Data breach risk, role boundary violation, system crash

• High – Major workflow failure, permissions error

• Medium – Feature not functioning as intended

• Low – UI inconsistency, minor usability concern

3. Admin Role Testing Standard

3.1 Core Responsibilities to Test

• Role modification

• Permission controls

• Content oversight capabilities

• Account suspension / reactivation

3.2 Required Test Scenarios

Admin testers must:

• Create a Moderator account

• Create a Patient account

• Modify a user’s role

• Attempt to assign conflicting permissions

• Suspend and reinstate a user

• Review flagged content

• Access analytics (if available)

• Attempt actions that should be restricted (to test boundaries)

3.3 Validation Criteria

• Admin cannot accidentally remove their own core permissions

• Role changes reflect immediately

• Audit trail logs actions correctly

• No patient data is exposed improperly

• System prevents unauthorized privilege escalation

4. Moderator Role Testing Standard

4.1 Core Responsibilities to Test

• Content moderation (posts, comments, uploads)

• Flag handling

• User warning system

• Temporary content removal

• Escalation to Admin

4.2 Required Test Scenarios

Moderator testers must:

• Review flagged content

• Remove inappropriate content

• Issue a warning

• Escalate a case to Admin

• Attempt to access Admin-level settings (should fail)

• Attempt to modify user roles (should fail)

4.3 Validation Criteria

• Cannot override Admin decisions

• Moderation workflow is intuitive and clear

• No access to sensitive health data beyond permitted scope

5. Patient Role Testing Standard

5.1 Core Responsibilities to Test

• Profile setup

• Privacy settings

• Posting and commenting

• Uploading media

• Messaging

• Reporting content

• Editing/deleting own content

5.2 Required Test Scenarios

Patient testers must:

• Complete profile fields

• Adjust privacy settings

• Create a post

• Comment on another post

• Upload media

• Report content

• Delete or edit own content

• Attempt to access moderator tools (should fail)

• Attempt to access admin tools (should fail)

5.3 Validation Criteria

• Privacy settings function correctly

• Personal data visibility matches selected settings

• Cannot view private health information of others

• No ability to elevate permissions

• Interface is accessible and understandable

6. Accessibility & Inclusion Testing (All Roles)

Because this is health-related and patient-centered, testing must include:

• Text resizing behavior

• Cognitive load review (clarity of instructions)

Testers must note any barriers for users with:

• Mobility impairments

• Cognitive fatigue

• Neurodivergence

7. Security Testing Baseline

Testers must attempt controlled boundary testing:

• Direct URL access to restricted pages

• Browser back-button permission bypass

• Session timeout behavior

• Password reset process

• Multi-login session testing

Any unauthorized access is automatically Critical severity.

8. Reporting Protocol

All findings must be:

• Submitted within 24 hours of discovery

• Logged in shared ticket tracker

• Assigned severity

• Clearly reproducible

Each submission must include:

• Role used

• Steps to reproduce

• Expected outcome

• Actual outcome

• Screenshot/video evidence

9. Completion Criteria

Testing phase is considered complete when:

• All required test scenarios are executed

• All Critical and High issues are resolved and retested

• No role boundary violations exist

• Privacy settings function reliably

• Core workflows are stable

Winsights Social

Ticketing & Defect Logging Standard

(Applies to Admin, Moderator, and Patient Role Testing)

1. Single Reporting Channel Requirement

All bugs, missing features, usability issues, and permission concerns must be logged exclusively in the Winsights ticket system.

• No reporting via email

• No reporting via chat

• No verbal-only reporting

• No scree