Acceptance Test Checklist

1. Scope and Preconditions

• Sites in scope: 25–100 (evaluation may start with 3 pilot sites)
• 7‑day export preconditions published to the customer:
  • ≤ 100 sites total in promise window
  • Standard SNMP v2c/v3 and Redfish scope, read‑only
  • Outbound egress to EU endpoints permitted (443/TLS)
  • Baseline config delivered on Day 0 (site list, IP ranges, credentials, contacts)
• Stakeholders confirmed for sign‑off: CIO/IT Ops lead and DPO
• Residency requirement confirmed: EU‑only hosting

Out of scope: bespoke features, non‑standard protocols (BACnet/Modbus), remote actions, advanced anomaly detection.

2. Test Environment and Roles

• Three test sites chosen with different vendors (at least one SNMP PDU and one Redfish‑capable server)
• Local maintainer on site to unplug WAN safely
• Video capture tool ready for unplug demo
• Time source synchronized (NTP) on agents and servers

3. Artifacts to Produce (required for pass)

• Control‑mapped evidence export per site (NIS2 mapping)
• Append‑only continuity log that shows offline → backfill
• Fleet inventory including role/access lineage
• Reproducible export hash for the evidence pack
• SBOM and signed build attestation
• EU hosting attestation and data‑flow diagram
• DPA and DPIA template delivered

4. Step‑by‑Step Evaluation Script

Day 1 — Install and Baseline

• Install agent on 3 sites; verify heartbeat visible in dashboard
• Confirm inventory created for devices (PDU, server); record device IDs
• Verify RBAC roles created and audit log recording admin actions

Day 3 — Continuity (Unplug) Test

• Select one site; start screen/video recording of dashboard + physical action
• Yank WAN for 30 minutes (or block egress at firewall); create device activity during outage
• Restore WAN; verify lossless backfill; no evidence gaps in continuity log
• Repeat unplug for 60 minutes on site B
• Repeat unplug for 120 minutes on site C

Day 5 — Evidence Export

• Generate NIS2 evidence export (PDF/CSV + lineage); record export timestamp
• Compute reproducible hash and capture it:
  # Option A

  sha256sum evidence-pack.zip > evidence-pack.zip.sha256

  # Option B (OpenSSL)

  openssl dgst -sha256 evidence-pack.zip | tee evidence-pack.zip.sha256
• Re‑export for same time window; verify identical hash

Day 7 — Debrief and Sign‑off

• Walk through artifact checklist with stakeholders
• Capture acceptance decision; if fail, open corrective ticket and schedule retest

5. Acceptance Criteria (must all pass)

Continuity and Backfill

• Offline buffer holds data for each unplug window (30/60/120 minutes)
• Backfill is lossless: no missing intervals; continuity log shows contiguous timeline
• Ingest lag returns to normal after reconnection

Evidence Export

• Each site has control‑mapped export with lineage fields (who/when/where collected)
• Export hash reproducibility confirmed

Security and Compliance

• RBAC enforced; least‑privilege user demonstrates read‑only view
• Audit log is append‑only and hash‑chained; delete/edit is impossible and tamper‑evident
• SBOM and signed build attestation shared
• EU hosting attestation and DPIA template delivered
• Telemetry confirmed to be zero‑PII

Resource Budgets (Agent)

• CPU, RAM, disk, and egress remain within published ceilings under test load
• Uninstall path documented and tested on one host

6. Evidence Collection Template

• Video: 3‑minute unplug demo showing offline → backfill and continuity window
• Screenshots: continuity log before/after; device charts during outage
• Files: evidence‑pack.zip, evidence‑pack.zip.sha256, SBOM, attestation.json
• Notes: site IDs, device models/firmware, timestamps, operators involved

7. Sign‑off