ABC Contacts Module — Testing Playbook

The Business

ABC Contacts powers member data management in CHAD2. Understanding the business context helps you catch edge cases that matter to chapters and national leadership.

🏢 What ABC Contacts Is Really About

ABC Contacts is the master record system for Companies and Individuals in CHAD2. Companies represent ABC member firms — contractors, subcontractors, and affiliates. Individuals are the people connected to those companies — employees, contacts, decision-makers. The system bridges the gap between National's need for clean, uniform member data and Chapters' need for control over their local member records.

Contacts is the foundation that every other module depends on: Events registers people, Membership & Dues invoices companies, Directory publishes companies, Advocacy tracks company contacts. If contact data is wrong, everything downstream breaks. This creates interesting constraints: you can't delete a company if it has invoices. You can't delete an individual if they have role history. Validation has to be strict.

Companies can be in three states: Member (active in chapter), Prospect (interested, not yet member), or Inactive. Trade codes, market segments, and business designations enrich company profiles. Individuals are linked to companies through Contact Types (e.g., Owner, Controller, Office Manager). The Portal allows member companies to self-manage their data, while staff maintain admin-side control with more powerful tools.

Why this matters for QA

You're testing two distinct workflows: Staff-side admin (full BREAD, no restrictions) and Portal self-service (guided flows, strict validation). A company with dependent records (invoices, event registrations) needs deletion prevention. An individual moved to a new company needs employment history tracking. Both paths must work correctly, and both paths block dangerous operations.

👥 Permission Model: Three Tiers

Member Portal Admin (MPA) can manage the company's full profile: company info, individuals, contact types, trade codes, market segments, and contact lists. They cannot create companies or change company status — that's staff-only. Portal Individual with Registration can view and edit the company's profile but cannot add/remove individuals or manage some sensitive fields. Portal Individual with Limited has read-only view. Every portal user was invited (no self-sign-up for portal accounts).

Chapter Staff with Contacts Permission can create, edit, and delete companies and individuals at will. Staff can override portal restrictions, manually add individuals, and force data changes. Staff can also run Contact Audits (data quality checks with 31 distinct criteria) and see sensitive audit reports that portal users cannot access.

Why this matters for QA

Test all three permission tiers on both the admin side and portal side. Verify that an MPA cannot delete a company (staff-only). Verify that Limited users cannot edit fields. Test that when portal is turned off, all portal invitations become invalid. Test that turning portal on triggers auto-invite for any MPAs.

📊 Data Value: What Members Get, What Chapters Get, What National Gets

For members, the portal is simple: log in, verify your company data is correct, update contact info, add new individuals when staff invites them, export your company profile. It's self-service data stewardship without chaos — members cannot delete, reorganize, or merge records.

For chapters, Contacts is operational. They manage a portfolio of member companies and prospect companies. They track company classifications (market segments, business designations, trade codes), build targeted contact lists, verify data quality, and enable portal access for their largest members. Chapters can customize lookup tables (choosing which trade codes are available locally vs. using national standards).

For National, Contacts create a uniform member directory and reporting foundation. They see member rosters, track where companies are strongest, monitor adoption of portal features, and run compliance audits on data. National controls national-level lookup tables (trade code lists, market classifications) while chapters control chapter-level overrides.

Why this matters for QA

Trace a company from creation through portal invitation to member data entry. If company status changes from Prospect to Member, do portal invitations change? If an individual is moved to another company, does the history record both companies? If a lookup table value is deleted, what happens to records using that value? These multi-step scenarios are where bugs hide.

🔗 Core Data Structure: Companies, Individuals, and Contact Types

Companies are the primary records. Each has a Name, Status (Member/Prospect/Inactive), Type, and optional rich metadata: Company Type (e.g., Contractor), Trade Codes (CSI Divisions, NAICS codes), Market Segments (Commercial, Industrial, Residential percentages), Business Designations (e.g., Certified, Union, etc.), Company Narrative (internal notes), and Related Companies (parent/subsidiary relationships).

Individuals are the people. Each has Name (First, Last, Informal), Email, Phone, and addresses (may have multiple, only one can be "Primary"). Individuals are always linked to a Company. When you move an Individual to a different company, the system creates an employment history record so you never lose the audit trail.

Contact Types define the relationship between Individual and Company. Examples: Owner, Controller, Project Manager, Office Manager. Contact Types can be flagged as "Member Portal Admin" — if an Individual gets that Contact Type AND the company has the portal enabled, they automatically get a portal invite sent. Contact Types can also be "Primary" per individual (one primary contact type per person).

Why this matters for QA

The data model is straightforward but has deep interdependencies. Remember: an Individual cannot exist without a Company. A Contact Type links Individual to Company in a specific role. Changing an Individual's Company creates employment history. Deleting a Contact Type that's in use should fail. Address "Is Primary" constraints are strict (only one primary per type of address). Test the cascading effects of changes.

How It Works

Complete workflows for managing companies, individuals, portal access, and data quality

✏️ Company Lifecycle: Create → Manage → Track

Creating a company requires just Name and Status (defaults to Member). Type, Trade Codes, Market Segments, and Business Designations are optional and can be added later. Company can immediately have individuals added to it. If you enable the portal for the company, any individual with the "Member Portal Admin" contact type gets an automatic portal invite sent.

Managing a company means updating fields, adding/removing individuals, assigning contact types, managing trade codes and market classifications, writing company narrative (internal notes), and defining related companies. All changes are tracked in change history. You can view all invoices, event registrations, and directory proofs tied to the company.

Tracking a company includes running Contact Audits to check data quality against 31 criteria (missing emails, duplicate individuals, invalid trade codes, market classification not 100%, etc.), viewing employment history, exporting company profiles, and building contact lists for outreach.

Why this matters for QA

Test that companies can be created with minimal data. Test that optional fields are truly optional. Test change history is recorded on every edit. Test that companies with dependent records (invoices, registrations) cannot be deleted. Test that portal invites are sent when portal is enabled.

👤 Individual Lifecycle: Add → Associate → Manage → Track

Adding an individual requires linking them to a company. You provide First Name, Last Name, Email, and optionally Phone and addresses. "Informal Name" auto-populates from First Name but can be manually edited.

Associating to a company means assigning one or more Contact Types. Each contact type is a distinct role: Owner, Manager, Coordinator. An individual can have multiple contact types at the same company (e.g., both "Owner" and "Signatory"). One contact type per individual can be marked "Primary".

Managing an individual means editing name, contact info, addresses, and contact types. If you move an individual to a different company, employment history is automatically created. You cannot delete an individual if they have employment history (to preserve audit trail).

Tracking an individual includes viewing event registrations, invoices, and employment history. The system enforces email uniqueness within the same company for active individuals — you cannot have two active individuals with the same email in the same company, but you can have multiple at different companies or if one is inactive.

Why this matters for QA

Test email uniqueness constraints carefully. Test that moving an individual creates employment history. Test that you cannot delete an individual with history. Test that contact type assignment works correctly. Test that "Informal Name" auto-population works.

🔐 Portal Invitation and Access Flow

Step 1: Chapter enables portal for a company (toggle in company form). If any existing individuals have "Member Portal Admin" contact type, they are automatically invited.

Step 2: Staff invites an individual who doesn't yet have portal access. System sends email with secure link. Invite is one-time-use and expires (configurable, usually 7 days). Individual who receives invite can click link and set password, or ignore it. If ignored, staff can resend invite.

Step 3: Individual sets password and logs in. Portal account is now active. Individual can now manage company data based on their permission level (MPA, Registration, or Limited).

Step 4: Chapter disables portal (toggle off). All portal invites and active sessions for that company become invalid. Individuals cannot log in. Portal data is preserved (not deleted).

Why this matters for QA

Test the entire invitation flow from enable to invite to accept to login. Test that expired invites cannot be used. Test that disabling portal logs out users. Test that re-enabling portal re-sends invites to MPAs. Test that invitation emails contain correct links and expire properly.

📋 Lookup Table Management and Approvals

Lookup tables control values available for Trade Codes, Business Designations, Market Classifications, and Individual Types. Some are national-only (chapters cannot add values). Some are national-approved (chapters can request new values via workflow). Some are chapter-managed (chapters control their own values). When a lookup table value is deleted, records using that value become unlinked (the value is cleared from those records).

Trade Codes have Directory Proof counts — a chapter can set max CSI codes per company, max NAICS codes per company. Exceeding these limits triggers validation errors. Market Classifications must total 100% per group (Public/Private/Federal, Commercial/Industrial/Residential) — otherwise audit fails.

Why this matters for QA

Test that national-only values cannot be edited by chapters. Test that deleting a lookup value clears it from records using it. Test directory proof max enforcement. Test market classification percentage validation (100% per group). Test the approval workflow for national-approved values.

🔍 Contact Audit Flow: Quality Checks at Scale

Step 1: Select audit criteria — choose from 31 defined checks: missing company email, missing individual email, duplicate individuals, invalid trade code, market classifications not 100%, company narrative exceeds limit, address missing city, etc.

Step 2: Run audit — system scans all companies and individuals against selected criteria, generates report.

Step 3: Review results — audit report shows which companies/individuals failed which criteria, details of failures, recommended fixes.

Step 4: Fix issues — staff or portal users (MPAs) fix the data, or audit rules can be suppressed if false positive. Re-run audit to verify.

Why this matters for QA

Test that each of the 31 audit criteria work correctly. Test that audit results are accurate (no false positives, no missed issues). Test that re-running audit after fixes shows improvement. Test that users can see which audits are running and completed.

Glossary

Key terms and concepts used throughout the Contacts module

Company

The master record representing an ABC member firm, prospect, or inactive organization. Contains name, status, type, and enrichment data (trade codes, market segments, business designations).

Individual

A person record linked to a company. Has name, email, phone, and addresses. Cannot exist without a company. Individuals are related to companies through Contact Types.

Contact Type

The role or relationship between an Individual and a Company. Examples: Owner, Controller, Manager. Can be flagged as "Member Portal Admin" or "Primary". One individual can have multiple contact types at same company.

Member Portal Admin (MPA)

An individual with the "Member Portal Admin" contact type. Can manage the company's full profile in the portal: individuals, contact types, trade codes, market segments. Cannot create or delete companies.

Portal Individual

A user invited to the portal to manage company data. Permission level determined by contact type assigned: Registration (full edit), Limited (read-only), or Admin (full edit including add/remove users).

Trade Code

Classification system for company specialization. Supports CSI (Construction Specification Institute) codes and NAICS (North American Industry Classification) codes. Directory Proof limits control max codes per company per type.

Market Segment

Classification of company's market focus as percentages across categories: Public/Private/Federal, Commercial/Industrial/Residential. Must total 100% for each group when enforced.

Business Designation

Labels assigned to companies indicating certifications or status, e.g., Union, Certified, Minority-Owned. Managed through lookup tables, can be national or chapter-managed.

Contact Audit

Data quality check against 31 distinct criteria. Can target specific criteria (missing email, invalid codes, percentage mismatch, etc.). Generates report of non-compliant records with recommended fixes.

Employment History

Audit trail created when an Individual is moved to a different Company. Preserves original and new company associations for compliance and reporting.

Lookup Table

Master list of valid values for a field, e.g., Trade Codes, Business Designations. Can be national-only, national-approved (with request workflow), or chapter-managed.

Directory Proof

Limit on the number of trade codes (by type: CSI or NAICS) a company can have. Set at chapter level, configurable. Exceeding limit triggers validation error or audit failure.

Related Companies

Parent/subsidiary or peer relationships between companies. Tracked for reporting and data organization. Can be used for selective reporting.

Company Narrative

Internal notes field for staff-side context about a company. Chapter-configurable character limit (default 4000). Visible to staff and MPAs in portal, not published.

BREAD Operations

Create, Read, Update, Delete operations. Core test areas for both admin and portal interfaces. Permission checks ensure users can only perform BREAD at their access level.

Selective Reporting

Ability to filter export/reports by company type, market segment, trade code, business designation, or related companies. Used for targeted outreach and analysis.

Test Strategy

How to approach Contacts testing systematically and where the highest risks live

🎯 Focus Areas and Risk Ranking

HIGHEST RISK (must test thoroughly): BREAD operations for both admin and portal sides (permission checks), portal invitation and access flow (email delivery, link expiration, password reset), company deletion constraints (preventing orphaned records), individual email uniqueness within company, portal enable/disable with active users, Contact Type assignment and auto-invites, lookup table tiers (national vs. chapter-managed).

HIGH RISK: Contact Audit accuracy (31 criteria must be correct), market classification percentage validation (must total 100% per group), employment history creation and retention, address "Is Primary" constraints (only one per record), company status transitions and side effects, trade code directory proof max enforcement.

MEDIUM RISK: Portal user permission levels (MPA vs. Registration vs. Limited enforced correctly), company narrative character limits (chapter-configurable), change history completeness, related companies linking, lookup table deletion (clearing from affected records), export and filtering functionality.

LOWER RISK (but test): UI responsiveness, form validation error messages, multi-language support (if applicable), browser compatibility, performance with large data volumes.

⚠️ Known Risk Zones and Edge Cases

Permission Escalation: MPA tries to delete company (should fail). Limited user tries to edit field (should fail). Anonymous user tries to access portal (should redirect to login). Staff member without Contacts Permission tries to create company (should fail). Test all combinations.

Data Loss on Delete: Delete company with invoices (should fail). Delete individual with history (should fail). Delete contact type in use (should fail). Delete lookup table value in use (value should be cleared from records, not deleted). Verify no orphaned records remain.

Portal Access Transitions: Enable portal, MPA auto-invited. Individual accepts invite, logs in. Disable portal, individual tries to log in (should fail). Re-enable portal, MPA gets re-invited. Invite expires (7 days default), individual tries to use expired link (should fail).

Email Uniqueness: Two active individuals at same company with same email (should fail). One active, one inactive with same email (should allow). Same email at different companies (should allow). Email changes after portal account created (portal still works). Test all variations.

Lookup Table Approval Workflows: Chapter requests new value for national-approved table. National admin approves. Value becomes available in chapter. Test request, approval, and availability steps.

Address Constraints: Add primary address, then add another primary address (should fail). Add non-primary, change to primary when primary exists (should fail or auto-flip). Delete primary address when backups exist (should allow).

Why this matters for QA

These edge cases represent real-world scenarios that chapters encounter. If you miss a permission check, staff could accidentally escalate. If you miss a deletion constraint, you lose audit trail. If you miss an email uniqueness validation, portal login breaks. Spend time on these scenarios.

📋 Test Data Strategy

Company Variety: Create companies in all states (Member, Prospect, Inactive). Create companies with and without portal enabled. Create companies with varying richness (one with all fields, one with minimal data). Create company groups (parent/subsidiary relationships) to test related companies. Create companies near and at directory proof limits.

Individual Variety: Create individuals with multiple contact types. Create individuals with multiple addresses (primary and non-primary). Create individuals in inactive state. Create individuals with employment history (moved from one company to another). Create individuals with email conflicts (to test uniqueness). Create duplicate-looking individuals (same name, different company) to test search accuracy.

Portal Scenarios: Create MPA and test portal access. Create individual with Registration permission and Limited permission. Test all three permission levels independently. Invite individuals who already have portal accounts at different companies. Test invitation expiry.

Lookup Tables: Mix national, national-approved, and chapter-managed values. Create some values that are in use (test deletion). Create some values at directory proof limits. Test cleanup when value is deleted (records should auto-unlink).

Business Rules & Gotchas

Critical business rules that have the biggest impact on testing. Expansion cards show implementation details and edge cases.

▶

Company Deletion Only if No Dependent Records

ABC-772

The Rule: A company can only be deleted if it has NO invoices, NO event registrations, NO directory proofs, NO individuals with employment history. If any of these exist, deletion is blocked with specific error message naming what's preventing it.

Attempt to delete company with active individuals: Fails (individuals must be deleted first, but only if no history)
Attempt to delete company with invoices: Fails with message "Cannot delete: X invoices exist"
Attempt to delete company with event registrations: Fails with message "Cannot delete: X registrations exist"
Delete all dependent records, then delete company: Succeeds
Portal users cannot delete companies (staff-only operation)

QA Critical: Test each dependency type independently. Test blocking message clarity. Test that partial cleanup (delete some but not all invoices) still blocks deletion. Test that staff cannot delete via API if API respects permission model.

▶

Individual Deletion Checks Employment History

ABC-841

The Rule: An individual can only be deleted if they have NO employment history (i.e., have never been moved to another company). If history exists, deletion is blocked. Inactivity does NOT prevent deletion — only history does.

Delete new individual at single company: Succeeds
Delete individual who has been moved to another company: Fails with message "Cannot delete: Employment history exists"
Delete inactive individual with no history: Succeeds
Delete individual with multiple contact types at same company: Succeeds (if no history)
Portal users cannot delete individuals (staff-only operation)

QA Critical: Test deletion of individuals with and without history. Verify that the message is clear. Test that you CAN delete an inactive individual (inactivity alone is not a blocker).

▶

Email Uniqueness Within Same Company

ABC-944

The Rule: Cannot have two ACTIVE individuals with the same email at the same company. Can have same email across different companies. Can have same email if one is inactive. Can have inactive + active only if explicitly different emails per active rule.

Add individual john@example.com to Company A: Succeeds
Try to add another active individual john@example.com to Company A: Fails with "Email already exists in this company"
Add individual john@example.com to Company B: Succeeds (different company)
Add inactive individual john@example.com to Company A (where active john@example.com exists): Succeeds (inactive exception)
Change active individual email from john@example.com to jane@example.com, then try to add john@example.com as new individual: Succeeds
Portal user edit of individual email triggers same check

QA Critical: This is a core constraint. Test thoroughly across both admin and portal. Test that error message clearly states the conflict. Test that bulk import respects this rule. Test that moving an individual to another company does NOT trigger the same email error.

▶

Address Is Primary Flag Constraints

ABC-979

The Rule: Only one address per record can be marked "Is Primary". If you try to set a second address as primary, system should either auto-flip the old one to non-primary or reject with error. Behavior is system-configurable.

Add primary address to individual: Succeeds, marked Primary
Add second address and mark as primary: Either auto-flips first to non-primary, or rejects with "Only one primary address allowed"
Delete the primary address when backups exist: Succeeds, one of remaining addresses becomes new primary or stays non-primary
Delete primary address when it's the only address: Succeeds, individual now has no address

Behavior Verification: Confirm with PM whether auto-flip or reject is correct behavior. Test that behavior is consistent across add/edit flows for both admin and portal.

▶

Company Type Defaults

ABC-977

The Rule: When creating a company without specifying Type, system applies defaults in this order: (1) User's personal default setting, (2) Chapter's default setting, (3) National default setting. If user has never set a preference, their default is blank and chapter default is used.

User with personal Company Type default creates company without specifying type: Personal default applied
User with NO personal default, chapter has default, creates company: Chapter default applied
User with NO personal default, chapter has NO default, creates company: National default applied
User can override any default by explicitly choosing type during creation
Changing user's personal default does NOT affect already-created companies

QA Critical: Test all three default scenarios. Verify that each level of default is applied in correct priority order. Test that explicit selection always overrides defaults.

▶

Portal Permission Levels Enforce Field Access

ABC-980

The Rule: Portal permission level (MPA, Registration, Limited) determines which fields can be viewed/edited.

Member Portal Admin (MPA): Can view and edit all company data, add/remove individuals, manage contact types, edit trade codes, market segments, business designations. Cannot create new companies or change company status.
Portal Individual with Registration: Can view and edit company profile and own individual record. Cannot add/remove other individuals or change contact types or trade codes.
Portal Individual with Limited: Can view company profile and own individual record. Read-only, cannot edit anything.
Portal user trying to access restricted field: Field appears read-only or disappears from form
Portal user cannot view sensitive audit reports or compliance data

QA Critical: Test all three permission levels independently. For each level, verify exactly which fields are editable. Test that edits by Limited users are rejected. Test that MPA edits are allowed. Test that form does not show "save" button for read-only users.

▶

Lookup Table Tiers: National, Approved, Chapter-Managed

ABC-3641 ABC-3664

The Rule: Lookup tables have different governance models. National-only values cannot be changed by chapters. National-approved values can be requested by chapters via approval workflow. Chapter-managed values are fully controlled by each chapter.

National-only: CSI code list, some business designations. Chapters see these values but cannot add, edit, or delete.
National-approved: Trade code additions, new business designations. Chapter can request, National admin approves or rejects. Once approved, becomes available in chapter.
Chapter-managed: Individual Type, some business designations. Chapter fully controls values. Can add, edit, delete. No national override.
Deletion of lookup value: Value is cleared from all records using it (records are not deleted, value is unlinked)
Chapter cannot see National's pending requests from other chapters

QA Critical: Test that national-only values cannot be edited by chapters. Test that deletion clears value from records. Test the approval workflow end-to-end. Test that newly-approved values appear in dropdowns immediately.

▶

Directory Proof Maximums Are Chapter-Configurable

ABC-3621

The Rule: Directory Proof max controls how many CSI codes and NAICS codes a company can have. Set per chapter, default typically 3-5 per type. Exceeding limit triggers validation error on add, or audit failure when running audits. Reducing limit below current count triggers audit failure but does not auto-delete codes.

Chapter sets directory proof max CSI = 3
Company has 2 CSI codes: Allowed
Try to add 3rd CSI code: Succeeds
Try to add 4th CSI code: Fails with "Directory Proof limit exceeded (max 3)"
Chapter reduces max to 2. Company still has 3: Audit failure, not auto-delete
Staff or MPA must manually remove codes to bring back into compliance

QA Critical: Test that limit enforcement works at add-time. Test that reducing limit triggers audit failure. Test that error message is clear. Test that compliance can be restored by removal.

▶

Market Classification Percentages Must Total 100%

ABC-3436

The Rule: Market Classifications are split into groups. Within each group, percentages must total 100% if market classification is used. Groups: (1) Public/Private/Federal, (2) Commercial/Industrial/Residential. If company has NO market classification, both groups are empty (allowed). If company HAS market classification, both groups must total 100%.

Company with no market classification: Allowed (empty)
Company with Public=50%, Private=40%, Federal=10%: Allowed (totals 100%)
Try to set Public=50%, Private=40%: Fails (Federal is missing, doesn't total 100%)
Set Commercial=60%, Industrial=30%, Residential=10%: Allowed (totals 100%)
Try to set Commercial=60%, Industrial=30%: Fails (Residential missing)
Audit will flag non-compliant records (percentages != 100%)

QA Critical: Test the 100% validation on add and edit. Test that audit correctly flags non-100% totals. Test that error message shows current total. Test that company with no market classification is allowed.

▶

Individual Informal Name Auto-Population

ABC-3393

The Rule: When creating an individual, "Informal Name" field auto-populates with First Name value. User can manually override it. Once set manually, it stays as manually edited and does NOT auto-update if First Name changes later.

Create individual John Smith: Informal Name auto-fills with "John"
User manually changes to "Johnny": Informal Name is now "Johnny"
Later edit, change First Name to "Jonathan": Informal Name stays "Johnny" (does not auto-update)
Portal user can manually edit Informal Name if they have edit permission

Behavior Verification: Confirm that once manually edited, Informal Name is considered "user set" and does not respond to First Name changes. Test both admin and portal edit flows.

▶

Contact Type Member Portal Admin Auto-Invite

ABC-3397 ABC-3562

The Rule: If a Contact Type is flagged as "Member Portal Admin" and it is assigned to an Individual at a Company where portal is ENABLED, a portal invitation email is automatically sent to that individual. If portal is disabled, no invite is sent. If portal is later enabled, all existing MPAs get invited.

Company portal is OFF, assign "MPA" contact type to individual: No invite sent
Company portal is ON, assign "MPA" contact type to individual: Invite sent immediately
Company portal is OFF, then enable it: All existing MPA contacts get invited
Individual already has portal account at another company, gets MPA assigned here: Receives invite, same account can now manage both companies (if system supports multi-company access)
Disable portal: All active sessions end, invites become invalid

QA Critical: Test auto-invite trigger. Verify email is sent when contact type is assigned. Verify no email if portal OFF. Verify batch invite on portal enable. Test with individual who already has portal account elsewhere.

▶

Changing Portal On/Off Requires Confirmation

ABC-3563

The Rule: Toggling the portal on or off for a company requires explicit confirmation prompt. Prompt should explain implications (invites sent if turning ON, users logged out if turning OFF). User must confirm before action executes.

Portal is OFF, click toggle to ON: Confirmation prompt appears ("Enable portal? MPAs will receive invites.")
User confirms: Portal enabled, invites sent, page updates
User cancels: Portal stays OFF, no change
Portal is ON, click toggle to OFF: Confirmation prompt appears ("Disable portal? All users will be logged out.")
User confirms: Portal disabled, sessions ended, invites invalidated

Confirmation Message Verification: Verify that confirmation prompt clearly states what will happen. Test that both confirm and cancel work correctly. Test that portal state does not change until user confirms.

▶

31 Contact Audit Criteria

ABC-3570 ABC-3703 ABC-3707

The Rule: Contact Audit supports 31 distinct data quality checks. Each criterion is independently selectable. All criteria must be correctly implemented and accurate.

Missing company email
Missing individual email
Duplicate individuals in same company (same first+last name)
Invalid trade code (code not in national or chapter lookup)
Invalid business designation
Market classifications do not total 100% (if populated)
Company narrative exceeds character limit
Address missing city/state/zip
Individual address missing phone
No primary address (if address required)
Multiple primary addresses
Individual with no contact type
Individual inactive with no end date
Individual email inactive but in use elsewhere
Directory proof exceeded (too many trade codes)
Contact type not in lookup (deleted from table but still in use)
Company status mismatch (prospect with members-only designation)
Individual Type not found (orphaned reference)
Related company not found (orphaned reference)
Company name too short/empty
Individual name too short/empty
Email format invalid
Phone format invalid
Zip code invalid
Tax ID invalid format
Company with no individuals (optional criterion)
Duplicate contact types at same company (optional)
Individual email matches another company's email (optional cross-company check)
Company related to itself (self-reference)
Inactive company with recent activity
Portal user with no company assignment

QA Critical: Test each of the 31 criteria independently to ensure they work correctly. Create test data that violates each criterion, run audit, verify criterion detects violation. Test false positives (make sure criterion does NOT flag compliant data).

Scenario Thinking

Real-world what-if scenarios to guide exploratory testing and edge case coverage

▶

Scenario: MPA Invites Someone Who Already Has Portal Account Elsewhere

Setup: John works at Company A and Company B. Company A invites him as MPA. He receives invite, creates portal account, logs in. Later, Company B (different chapter) also assigns him as MPA and sends invite.

What to Test:

Can John use the same email for portal at both companies?
Does John's existing password work for both companies, or does he set new password for Company B?
Can John be logged into Company A and Company B portals simultaneously?
If John logs into Company B portal, is he auto-logged out of Company A?
If Company A disables portal, can John still access Company B portal?
Can John manage both company profiles from a single portal dashboard, or does he need separate logins?

Why This Matters: Multiple chapters may want to engage the same person. The portal design must handle cross-chapter users cleanly without breaking session management or creating duplicate accounts.

▶

Scenario: Disable Portal While Users Are Logged In

Setup: Company A has portal enabled. John (MPA) is logged into portal and actively editing company profile. Staff disables portal for Company A.

What to Test:

John's active session: Does it end immediately or after timeout?
Does John see a "session ended" message or is he silently logged out?
If John refreshes page mid-edit, does he stay in editor or get booted to login?
Can John's invitations (if pending) still be used?
If Company A re-enables portal, does John automatically get re-invited?
Are John's edits lost, saved, or partially saved?

Why This Matters: Chapters sometimes disable portal for maintenance or access control. The system must protect data integrity and give users clear feedback about the logout.

▶

Scenario: Delete Company That Has Portal Users

Setup: Company A has portal enabled, 3 active portal users. Staff attempts to delete Company A.

What to Test:

Deletion blocked: "Cannot delete — company has portal users with active sessions" or "Cannot delete — company has dependent records"?
Should staff disable portal first, THEN delete? Or should deleting auto-logout users and clean up?
Are portal users' accounts deleted, deactivated, or orphaned?
If deletion allowed, what happens to portal invitations (pending invites for this company)?
Can company be restored from trash/soft-delete if someone accidentally deleted it?

Behavior Clarification: Confirm the intended behavior with PM. The safest approach is to block deletion of any company with active portal users or pending invitations, requiring staff to explicitly disable portal and clean up users first.

▶

Scenario: Individual's Email Changes After Portal Invitation

Setup: John's email is john@oldmail.com. Staff invites him to portal, sends invite email to john@oldmail.com. John receives invite. Before John clicks the link, his email changes to john@newmail.com (maybe he updates it himself, or moves to company).

What to Test:

Is the invite still valid at the old email john@oldmail.com?
If John clicks the old invite link, can he still set up portal?
Should staff re-send invite to new email john@newmail.com?
If John has already set password at old email, can he log in with new email?
Are there two separate portal accounts (one for each email) or does email change seamlessly?
If seamless, what happens to the old email's login credentials?

Why This Matters: Email changes are common. The system must handle email transitions without creating duplicate accounts or losing access. Test that the invitation process is resilient to post-invitation email changes.

▶

Scenario: Directory Proof Max Reduced Below Current Count

Setup: Company A has 3 CSI codes. Chapter staff configured Directory Proof max CSI = 5. Months later, chapter reduces max to 2. Company A now exceeds the limit.

What to Test:

Does system auto-delete the oldest codes to bring Company A into compliance? (Probably NOT — data loss risk)
Does system flag Company A in next audit as non-compliant?
Can staff still add new codes to Company A, or is it blocked at add-time due to exceeding limit?
Can MPA portal user see that the limit has changed?
What message is shown to portal user when they try to add code and limit is exceeded?
How does MPA fix this: By manually removing codes? Or can staff suspend the limit?

Why This Matters: Directory Proof limits are governance tools. Reducing them creates non-compliance. The system must not silently delete data, but must clearly communicate the non-compliance and guide users to fix it.

▶

Scenario: Market Classification Percentages Don't Add to 100%

Setup: Staff accidentally enters market classification: Public=50%, Private=40% (missing Federal). Submits form.

What to Test:

Form validation blocks submission with message showing current total and expected 100%?
Or does system allow save and only catch error on audit?
If caught on audit, what's the error message?
Can portal MPA see the issue and fix it?
If MPA tries to edit market classification, do they see current values and can add Federal to fix?
What if staff deliberately sets percentages to < 100% to leave "buffer" for future additions?

Behavior Confirmation: Confirm whether the 100% rule is enforced at form validation time (recommended) or allowed to save with audit catching it. Test both staff and portal paths.

▶

Scenario: Lookup Table Value Deleted While In Use

Setup: Custom Business Designation "Preferred Partner" exists. 15 companies are marked with this designation. Staff deletes "Preferred Partner" from the lookup table (assuming it's not in use, or accidentally).

What to Test:

Does system block deletion if value is in use? (Recommended for safety)
If blocked, error message: "Cannot delete — used by 15 companies"?
If deletion IS allowed, do the 15 companies still show "Preferred Partner" in their record?
Or is "Preferred Partner" cleared from those records (data loss)?
Can staff easily undo deletion (soft-delete with restore)?
In portal, if MPA views company with now-deleted designation, can they see it or is it blank?

Why This Matters: Lookup table deletions are high-risk operations. The safest approach is to block deletion if in use, or soft-delete with restore option. Data should never be silently lost.

▶

Scenario: Attempt to Merge Two Companies With Conflicting Data

Setup: Company A and Company B are duplicates. Company A has 5 individuals, Company B has 3 individuals. 1 individual (John) exists at both companies. Staff wants to merge B into A.

What to Test:

Does system support company merge operation at all?
If yes, what happens to John (duplicate individual)? Merged, one deleted, or kept both?
What happens to invoices/registrations/history tied to Company B?
Does merged company retain both sets of individuals or does one company lose data?
What about conflicting fields: Company A has Trade Codes "Concrete", Company B has "Steel". After merge, both? Or manual selection?
If Company B has portal enabled and Company A doesn't, what happens to portal users?
Can merge be undone?

Feature Clarification: Confirm whether company merge is a supported feature. If supported, test all conflict scenarios. If not supported, confirm that staff are given merge-like tools (bulk move individuals, etc.).

Regression Checklists

Organized by feature area to ensure complete coverage

▶

Company BREAD Operations

☐ Create company with minimal data (name, status only)
☐ Create company with all optional fields (type, narrative, related companies)
☐ Company type defaults cascade correctly (user > chapter > national)
☐ Edit company name, description, status
☐ Edit company type, trade codes, market segments
☐ Change company status (Member > Prospect > Inactive)
☐ View change history shows all edits with user and timestamp
☐ Delete company with no dependents (invoices, registrations, history)
☐ Attempt delete company with invoices (blocked with clear error)
☐ Attempt delete company with event registrations (blocked with clear error)
☐ Attempt delete company with individuals (blocked)
☐ Attempt delete company with employment history (blocked)
☐ Bulk edit companies (if supported)
☐ Export company list with filtering
☐ Search companies by name, type, market segment
☐ Browse company roster with sorting/pagination

▶

Individual BREAD Operations

☐ Add individual to company with required fields (first name, last name, email)
☐ Informal name auto-populates from first name
☐ Informal name can be manually overridden
☐ Add individual with optional fields (phone, addresses, notes)
☐ Email uniqueness enforced within same company
☐ Same email allowed at different companies
☐ Inactive individual can share email with active individual (same company)
☐ Edit individual name, email, phone
☐ Add multiple addresses to individual
☐ Mark address as primary (only one allowed)
☐ Delete address (primary or non-primary)
☐ Move individual to different company (creates employment history)
☐ Delete individual with no history
☐ Attempt delete individual with employment history (blocked)
☐ View individual employment history
☐ Search individuals by name, email, company
☐ Bulk import individuals (if supported)

▶

Portal Authentication & Setup

☐ Enable portal for company triggers auto-invite to MPAs
☐ Disable portal logs out all active users
☐ Confirm prompt shown when toggling portal on/off
☐ MPA receives invitation email with secure link
☐ Invitation link expires (default 7 days)
☐ Expired invitation link rejected with clear message
☐ MPA can re-request invitation if expired
☐ MPA clicks link, sets password, creates portal account
☐ Password meets requirements (length, complexity per config)
☐ MPA logs in with email and password
☐ Failed login attempts with error message
☐ Forgot password flow works (reset email sent, link valid)
☐ MPA can change password
☐ Session timeout after inactivity (configurable)
☐ Logout clears session
☐ Portal not accessible when disabled
☐ Portal not accessible to non-invited users

▶

Portal Company Profile Management

☐ MPA views company profile
☐ MPA edits company name (if allowed)
☐ MPA edits company narrative (respects character limit)
☐ MPA cannot edit company status (staff-only)
☐ MPA cannot create new companies (staff-only)
☐ MPA views all individuals in company
☐ MPA invites new individual to portal (if allowed)
☐ MPA edits existing individual record (email, phone, names)
☐ Email edit respects uniqueness constraints
☐ MPA cannot delete individuals (staff-only)
☐ MPA views change history of company/individuals
☐ MPA can export company profile
☐ Export includes all editable fields
☐ Limited user views company profile (read-only)
☐ Limited user cannot edit any fields

▶

Portal Trade Codes & Market Segments

☐ MPA views current trade codes (CSI, NAICS)
☐ MPA adds CSI code to company
☐ Directory proof max CSI enforced (cannot exceed limit)
☐ MPA adds NAICS code to company
☐ Directory proof max NAICS enforced
☐ MPA removes trade code
☐ MPA views market segments (Public/Private/Federal, Commercial/Industrial/Residential)
☐ MPA edits market segment percentages
☐ Percentages must total 100% (validation at save-time or audit-time)
☐ Error message shows current total when not 100%
☐ Empty market classification allowed (optional)
☐ MPA can view but not edit national-only trade codes (if applicable)
☐ MPA can request new trade code if chapter-managed with approval workflow
☐ Requested codes pending approval not immediately available

▶

Contact Types & Assignments

☐ Create contact type (name, flag as MPA, flag as Primary)
☐ Edit contact type
☐ Delete contact type with no assignments
☐ Attempt delete contact type in use (blocked with error)
☐ Assign contact type to individual
☐ Individual can have multiple contact types at same company
☐ Only one primary contact type per individual (if enforced)
☐ Assigning "MPA" contact type to individual with portal ON triggers invite
☐ Assigning "MPA" with portal OFF does not trigger invite
☐ Bulk assign contact types (if supported)
☐ Change individual's contact type
☐ Remove contact type from individual
☐ Search individuals by contact type

▶

Lookup Tables & Governance

☐ View national-only lookup values (cannot edit)
☐ Attempt edit national-only value (rejected with message)
☐ View national-approved values with approval status
☐ Request new national-approved value
☐ Pending request shows in queue
☐ National admin approves request
☐ Approved value becomes available in chapter
☐ National admin rejects request
☐ Rejected value removed from queue, chapter notified
☐ Edit chapter-managed values
☐ Add chapter-managed value
☐ Delete chapter-managed value with no usage
☐ Attempt delete chapter-managed value in use (blocked or allowed with data clearing?)
☐ Deleting value clears it from records using it (data integrity test)
☐ Chapter cannot see national admin's pending requests from other chapters

▶

Contact Audit Operations

☐ Open audit creation form
☐ Select single audit criterion
☐ Select multiple audit criteria (all 31 available)
☐ Run audit with criteria selected
☐ Audit completes with results list
☐ Results show company/individual names and specific failures
☐ Results recommend fixes (e.g., "Add email to company")
☐ Missing company email criterion detects companies with no email
☐ Missing individual email criterion detects individuals with no email
☐ Duplicate individuals criterion detects same first+last name pairs
☐ Invalid trade code criterion catches codes not in lookup
☐ Market classification percentage criterion flags != 100% totals
☐ Directory proof exceeded criterion flags over-limit codes
☐ All 31 criteria execute correctly and without false positives
☐ Export audit results to CSV/Excel
☐ Re-run audit after fixes shows improvement
☐ Suppress/whitelist audit criterion for specific record (if feature exists)
☐ View audit history (previous runs, dates, results counts)

▶

Search, Filter & Export

☐ Search companies by name (partial match works)
☐ Search companies by status (Member, Prospect, Inactive)
☐ Filter companies by type
☐ Filter companies by market segment
☐ Filter companies by trade code
☐ Filter companies by business designation
☐ Combine multiple filters (AND logic)
☐ Search individuals by name
☐ Search individuals by email
☐ Filter individuals by contact type
☐ Filter individuals by company
☐ Filter individuals by status (active, inactive)
☐ Export company list to CSV/Excel
☐ Export includes selected columns
☐ Export respects applied filters (only showing filtered companies)
☐ Export individuals with contact types
☐ Export preserves special characters, line breaks
☐ Bulk send outreach email to filtered contact list (if feature exists)

▶

Permissions & Access Control

☐ Staff without Contacts permission cannot create company (shows forbidden)
☐ Staff with Contacts permission can create company
☐ Portal user cannot create company
☐ MPA can edit company profile (certain fields)
☐ MPA cannot edit company status
☐ MPA cannot delete company
☐ Registration-level portal user can view company (read-only certain fields)
☐ Limited portal user can only view, no edit
☐ Limited user form fields appear read-only
☐ Limited user sees no delete buttons
☐ Portal user cannot see staff-only audit reports
☐ Portal user cannot change portal settings
☐ Portal user cannot manage other portal users (unless MPA)
☐ Permission changes take effect immediately (no cache staleness)
☐ Permission denials show helpful error messages (not 403 error codes)

▶

Data Integrity & Consistency

☐ Individual cannot exist without company assignment
☐ Moving individual to new company creates employment history
☐ Employment history preserved when individual deleted (if no delete allowed)
☐ Contact type assignment creates audit entry
☐ Contact type removal creates audit entry
☐ Company status change tracked in change history
☐ All edits include timestamp and editor name
☐ No orphaned individuals (all linked to valid company)
☐ No orphaned contact types (all reference valid types in lookup)
☐ No duplicate individuals (true, unique identifiers)
☐ Related companies references are valid (no broken links)
☐ Trade code references valid (deleted codes cleared from records)
☐ Business designation references valid
☐ Individual type references valid
☐ Email uniqueness enforced across all operations (admin, portal, API)
☐ No data loss on edit (previous values preserved for undo/history)
☐ Cascade delete handled safely (no orphaned records)
☐ Concurrent edits handled (last-write-wins or merge conflict?)

Environment & Data Setup

Test environment configuration and data prerequisites for comprehensive testing

▶

Test Environment Requirements

Sandbox Environment Setup:

ABC Contacts module installed and activated
Portal feature enabled (not disabled)
Email/SMTP configured for portal invitations and notifications
Multiple chapters configured (to test cross-chapter scenarios)
Lookup tables configured (trade codes, business designations, individual types)
Directory Proof limits set per chapter (CSI max, NAICS max)
Market classification groups configured (Public/Private/Federal, Commercial/Industrial/Residential)
Test user accounts created with various permission levels:

Admin (full access to all chapters)
Contacts Permission (can create/edit/delete companies and individuals)
Read-only Staff (view-only access)
Member Portal Admin (via invitation)
Portal Individual with Registration permission
Portal Individual with Limited permission
Anonymous/unauthenticated user (public access, if applicable)

Test email inbox configured for capturing portal invitations
Test database seeded with base data (see Data Prerequisites below)
API access configured (if API testing required)

▶

Data Prerequisites

Base Data to Create:

Chapters: At least 2 chapters (to test cross-chapter scenarios)

Chapter A: Portal enabled, Directory Proof max CSI=3, max NAICS=3
Chapter B: Portal disabled initially (for enable/disable testing), different Directory Proof limits

Companies (mixed statuses):

Member Company A: Portal enabled, 5 individuals with various contact types
Member Company B: Portal disabled, 3 individuals
Prospect Company C: No portal, 1 individual
Inactive Company D: 2 individuals
Company with minimal data (name + status only)
Company with all fields populated (type, narrative, related companies, trade codes, market segments)

Individuals (various scenarios):

Individual with multiple contact types at same company
Individual with multiple addresses (primary and non-primary)
Individual with employment history (moved between companies)
Duplicate-name individuals (same first/last, different companies)
Inactive individual
Individual with portal account (MPA)
Individual with multiple portal accounts (at different companies)

Contact Types:

Owner (flagged as MPA)
Controller
Project Manager
Office Manager
Sales Contact

Trade Codes:

National-only CSI codes (e.g., 033000 — Concrete Forming, Shoring, Bracing, and Removing)
Chapter-approved NAICS codes (pending approval)
Chapter-managed trade codes
Trade codes at directory proof limits

Business Designations:

National: Union, Certified, Bonded
Chapter-managed: Preferred Partner, Small Business

Company Relationships:

Parent/Subsidiary relationship (Company A parent, Company B subsidiary)
Peer/Related companies

▶

Test Data Reset Procedures

Between Test Cycles:

Delete all test companies created during cycle (preserve base data)
Clear all test individuals and contact assignments
Reset portal invitations (clear pending, invalidate sessions)
Reset contact audit results
Clear audit history logs if running volume tests
Reset lookup table test values to known state
Verify no orphaned records remain in database

Database Cleanup:

Preserve base data companies, individuals, contact types
Remove all test-created related company links
Clear test employment history records
Remove test-created trade code assignments
Reset market classification data
Clear change history logs older than 30 days (optional)
Verify no duplicate individual records
Verify all contact type references valid

Portal Cleanup:

Clear all test portal user accounts
Clear pending portal invitations
Disable portal for all test companies
Reset portal session tokens
Clear portal audit logs (optional)

▶

Test Data Scenarios to Prepare

Regression Cycle Setup:

Scenario 1: Basic Company & Individual

Company: "ABC Concrete Co", Member status, Type: Contractor
Individual: John Smith, Email: john@abcconcrete.com, Contact Type: Owner
Portal: Disabled initially
Data Quality: All fields complete, valid emails, no duplicates

Scenario 2: Complex Company with Portal

Company: "National Steel Corp", Member status, Type: Subcontractor
Portal: Enabled
Individuals: 5 people with multiple contact types
Trade Codes: 3 CSI + 2 NAICS (at directory proof limits)
Market Segments: Commercial=60%, Industrial=30%, Residential=10%
Business Designations: Union, Bonded

Scenario 3: Prospect Company (Pre-Member)

Company: "Future Builder Inc", Prospect status
Individuals: 2 contacts (no contact types yet)
Trade Codes: None yet
Portal: Disabled

Scenario 4: Company With Employment History

Company A: "Original Company"
Company B: "New Company"
Individual: Jane Doe, moved from Company A to Company B (test employment history)

Scenario 5: Multi-Company Portal User

Company A & Company B (different chapters): Both portal-enabled
Individual: Bob Smith, MPA at both companies
Test: Can Bob log in to both portals, manage both companies

▶

Performance & Load Testing Data

Scale Tests (if applicable):

100+ companies with 500+ individuals (test search/filter performance)
Company with 50+ individuals (test roster page loading)
Individual with 10+ addresses (test address management UI)
Contact audit on 1000+ records with all 31 criteria (test audit engine performance)
Portal with 100+ simultaneous users editing company data (concurrency)
1000+ trade codes in dropdown (UI responsiveness)

Edge Case Data:

Very long company names (100+ characters)
Very long company narrative (at/exceeding character limits)
Special characters in names (accents, symbols)
International addresses (non-US countries)
Null/empty optional fields (test graceful handling)
Deleted lookup values with 100+ record references (test cleanup)

Stress Tests:

Rapid company creation (100 in sequence)
Bulk individual import (500 individuals)
Multiple concurrent portal invitations sent
Portal enable/disable toggled rapidly (race condition detection)
Concurrent contact type assignments to same individual
Large export (1000+ records to CSV)