Appearance
Control Testing Procedures
Document ID: PLCY-CTL-001
Version: 1.0
Effective Date: December 22, 2025
Last Review: December 22, 2025
Owner: Hop And Haul Team
CONFIDENTIAL
This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.
1. Purpose
This document defines the procedures for testing that Hop And Haul's key controls are operating effectively. Each control has defined test procedures, expected outputs, testing frequency, ownership, and results documentation requirements.
2. Control Testing Framework
2.1 Testing Principles
| Principle | Implementation |
|---|---|
| Independence | Tests run by someone other than control owner where possible |
| Evidence-based | All tests produce documented evidence |
| Repeatable | Tests can be re-executed with consistent methodology |
| Timely | Tests performed at defined frequencies |
| Remediation-tracked | Failures trigger documented remediation |
2.2 Test Result Classification
| Result | Definition | Action Required |
|---|---|---|
| Pass | Control operating as designed | Document and archive |
| Pass with observation | Control effective but improvement opportunity noted | Document, track observation |
| Fail | Control not operating effectively | Immediate remediation, escalation |
| Unable to test | Insufficient data or access | Investigate, reschedule |
3. Safety & Compliance Controls
3.1 Moving-State Communication Limits
Control: No actionable communications sent to MOVING drivers
Test Procedure:
sql
-- Query: Communications to MOVING drivers with interaction required
SELECT
communication_id,
timestamp,
driver_state,
interaction_required,
method
FROM communication_logs
WHERE driver_state = 'MOVING'
AND interaction_required != 'NONE'
AND timestamp > NOW() - INTERVAL '7 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Weekly |
| Owner | Operations |
| Results stored | /audit/control-tests/moving-state/ |
| Failure action | Immediate escalation to Safety Director |
3.2 Validation Blocking
Control: No matches finalized with failed validations
Test Procedure:
sql
-- Query: Matches with any failed validation
SELECT
match_id,
finalized_timestamp,
validation_type,
validation_result
FROM match_validations mv
JOIN matches m ON mv.match_id = m.id
WHERE m.status = 'FINALIZED'
AND mv.validation_result = 'FAIL'
AND m.finalized_timestamp > NOW() - INTERVAL '7 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Weekly |
| Owner | Safety |
| Results stored | /audit/control-tests/validation/ |
| Failure action | Immediate review, suspend matching if systemic |
3.3 Insurance Endorsement Timing
Control: Insurance verified BEFORE match acceptance, not after
Test Procedure:
sql
-- Query: Insurance verified after acceptance
SELECT
match_id,
acceptance_timestamp,
insurance_verification_timestamp
FROM matches m
JOIN insurance_verifications iv ON m.vehicle_id = iv.vehicle_id
WHERE m.status IN ('FINALIZED', 'ACCEPTED')
AND iv.verification_timestamp > m.acceptance_timestamp
AND m.created_at > NOW() - INTERVAL '7 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Weekly |
| Owner | Safety |
| Results stored | /audit/control-tests/insurance-timing/ |
| Failure action | Review match workflow, correct sequencing |
3.4 Coercion Prevention - Retry Limits
Control: No driver receives more than 1 offer attempt per offer
Test Procedure:
sql
-- Query: Offers with retry count > 1
SELECT
offer_id,
driver_id,
retry_count,
created_at
FROM offers
WHERE retry_count > 1
AND created_at > NOW() - INTERVAL '30 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Monthly |
| Owner | Compliance |
| Results stored | /audit/control-tests/coercion/ |
| Failure action | Review offer workflow, remediate system bug |
3.5 Global Rate Limiting
Control: No driver receives more than 3 offers per hour
Test Procedure:
sql
-- Query: Drivers with >3 offers in any hour
SELECT
driver_id,
DATE_TRUNC('hour', created_at) as offer_hour,
COUNT(*) as offer_count
FROM offers
WHERE created_at > NOW() - INTERVAL '30 days'
GROUP BY driver_id, DATE_TRUNC('hour', created_at)
HAVING COUNT(*) > 3;| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Monthly |
| Owner | Operations |
| Results stored | /audit/control-tests/rate-limiting/ |
| Failure action | Review rate limiter configuration |
4. Emergency & Exception Controls
4.1 Emergency Override Usage
Control: All emergency mode activations documented with basis
Test Procedure:
sql
-- Query: Emergency overrides without documentation
SELECT
emergency_id,
trigger_condition,
recording_basis,
incident_report_filed,
created_at
FROM emergency_overrides
WHERE (recording_basis IS NULL OR incident_report_filed = false)
AND created_at > NOW() - INTERVAL '30 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows (all emergencies documented) |
| Frequency | Monthly |
| Owner | Safety |
| Results stored | /audit/control-tests/emergency/ |
| Failure action | Follow up on missing documentation |
Additional test: Manual review of 5 random emergency overrides per month for appropriateness.
4.2 Manual Verification Audit
Control: All manual verifications have required evidence and approval
Test Procedure:
sql
-- Query: Manual verifications missing evidence or approval
SELECT
verification_id,
validation_type,
evidence_attached,
approver_id,
created_at
FROM manual_verifications
WHERE (evidence_attached = false OR approver_id IS NULL)
AND created_at > NOW() - INTERVAL '30 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Monthly |
| Owner | Operations |
| Results stored | /audit/control-tests/manual-verification/ |
| Failure action | Review process compliance, retrain if needed |
5. Security Controls
5.1 Token Expiration
Control: Tokens expire at defined times, no stale access
Test Procedure:
Automated test suite: token_expiration_tests
- Create session token, verify expires at 8 hours
- Create ride tracking token, verify expires at ride completion + 15 min
- Create API bearer token, verify expires at 24 hours
- Attempt use of expired token, verify rejection| Attribute | Value |
|---|---|
| Expected output | All tests pass |
| Frequency | Daily (automated) |
| Owner | Security |
| Results stored | CI/CD pipeline artifacts |
| Failure action | Immediate security review |
5.2 Encryption at Rest
Control: No PII stored unencrypted
Test Procedure:
Automated scan: encryption_audit_scan
- Scan all database tables for PII columns
- Verify encryption applied (AES-256)
- Scan log files for unmasked PII
- Verify file storage encryption enabled| Attribute | Value |
|---|---|
| Expected output | Zero unencrypted PII findings |
| Frequency | Weekly (automated) |
| Owner | Security |
| Results stored | /audit/control-tests/encryption/ |
| Failure action | Immediate remediation, security incident if exposure |
5.3 Access Control Enforcement
Control: Role-based access correctly enforced
Test Procedure:
sql
-- Query: Access grants outside role permissions
SELECT
user_id,
role,
resource_accessed,
action,
timestamp
FROM access_logs al
JOIN user_roles ur ON al.user_id = ur.user_id
JOIN role_permissions rp ON ur.role = rp.role
WHERE NOT EXISTS (
SELECT 1 FROM role_permissions rp2
WHERE rp2.role = ur.role
AND rp2.resource = al.resource_accessed
AND rp2.action = al.action
)
AND al.timestamp > NOW() - INTERVAL '7 days';| Attribute | Value |
|---|---|
| Expected output | Zero rows |
| Frequency | Weekly |
| Owner | Security |
| Results stored | /audit/control-tests/access-control/ |
| Failure action | Immediate access review, revoke if unauthorized |
6. Audit & Logging Controls
6.1 Log Integrity
Control: Audit logs maintain integrity (no tampering)
Test Procedure:
Automated verification: log_integrity_check
- Verify chain checksums for all log entries in past 24 hours
- Compare checksum chain to external backup
- Verify no gaps in log sequence IDs
- Verify no modifications to historical entries| Attribute | Value |
|---|---|
| Expected output | All integrity checks pass |
| Frequency | Daily (automated) |
| Owner | Security |
| Results stored | /audit/control-tests/log-integrity/ |
| Failure action | Security incident, forensic analysis |
6.2 Retention Compliance
Control: Data retained and disposed per retention schedule
Test Procedure:
sql
-- Query: Records past retention that haven't been disposed
SELECT
table_name,
record_count,
oldest_record_date,
retention_policy_days
FROM retention_compliance_view
WHERE oldest_record_date < NOW() - (retention_policy_days * INTERVAL '1 day')
AND NOT under_legal_hold;| Attribute | Value |
|---|---|
| Expected output | Zero rows (all expired records disposed) |
| Frequency | Monthly |
| Owner | Compliance |
| Results stored | /audit/control-tests/retention/ |
| Failure action | Initiate disposal, review automation |
7. Test Results Documentation
7.1 Test Result Record
Each test execution produces a record containing:
| Field | Description |
|---|---|
| Test ID | Unique identifier |
| Control tested | Reference to control |
| Test date | When executed |
| Tester | Who performed test |
| Query/procedure used | Exact test performed |
| Raw output | Actual query/test results |
| Result classification | Pass/Fail/Observation |
| Evidence artifacts | Screenshots, exports, logs |
| Remediation (if fail) | Actions taken |
| Sign-off | Reviewer approval |
7.2 Results Storage
| Location | Contents | Retention |
|---|---|---|
/audit/control-tests/[control-name]/ | Test results by control | 24 months |
/audit/control-tests/summary/ | Monthly summary reports | 36 months |
| CI/CD artifacts | Automated test results | Per CI/CD policy |
8. Remediation Process
8.1 Failure Response
| Step | Action | Owner | Timeline |
|---|---|---|---|
| 1 | Document failure details | Tester | Immediate |
| 2 | Assess impact and scope | Control owner | 4 hours |
| 3 | Implement containment | Control owner | 24 hours |
| 4 | Root cause analysis | Control owner | 72 hours |
| 5 | Implement fix | Control owner | Per severity |
| 6 | Re-test control | Tester | After fix |
| 7 | Document remediation | Control owner | After re-test |
8.2 Remediation Tracking
All failures tracked in findings register (PLCY-FRP-001) until resolved.
9. Testing Schedule Summary
| Control | Frequency | Owner | Next Test |
|---|---|---|---|
| Moving-state comm limits | Weekly | Operations | [Rolling] |
| Validation blocking | Weekly | Safety | [Rolling] |
| Insurance endorsement timing | Weekly | Safety | [Rolling] |
| Coercion prevention | Monthly | Compliance | [Rolling] |
| Global rate limiting | Monthly | Operations | [Rolling] |
| Emergency override usage | Monthly | Safety | [Rolling] |
| Manual verification audit | Monthly | Operations | [Rolling] |
| Token expiration | Daily | Security | [Automated] |
| Encryption at rest | Weekly | Security | [Automated] |
| Access control enforcement | Weekly | Security | [Rolling] |
| Log integrity | Daily | Security | [Automated] |
| Retention compliance | Monthly | Compliance | [Rolling] |
10. Document Control
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | December 22, 2025 | Hop And Haul Team | Initial release |