System Requirements Document

Email Automation System (EAS)

Oladipupo A Ajose

EMBA - IT, Ottawa University

IT 7000: Systems Analytics and Enterprise Management

Professor Khaled Sabha

July 12, 2020

Email Testing Automation System Requirements Document

STATEMENTS OF REQUIREMENTS
With the world in a Pandemic and with Organizations scrambling to adjust their business process to the
new normal, it is important that the Corporate Information Solution (CIS) and the Global Quality Solutions
(GQS) ensure the security of company sensitive and most important data.

More people than ever now work from home. This has resulted in fine-tuning corporate policies to make
provisions for users who required certain privileges that was otherwise prohibited. This might include
access to home printers from corporate assigned PCs. It has also resulted in an increase in policy and
test requirement before cut-over into production. To keep up with these policy changes, the Technology
Team, Policy Team and the Test Team must work hand in glove to role out new policies that better aligns
with the times we are in.

This resulted in the birth of the Email Automation System (EAS). The EAS automates the process of
sending out test emails. A quick evaluation of the test process found that manually sending test emails
accounts for almost 40% of the test time for email-based policies. With this part of testing automated, test
time can be reduced by 35%. The test team only needs to upload email details into an excel spreadsheet
and run the EAS. The EAS would automatically send out all required emails and trigger the Corporate
Incident Management System (CIMS)

Page 2 of 7
Email Testing Automation System Requirements Document

Table of Contents
Section 1 Purpose......................................................................................................................................4
Section 2 General System Requirements...................................................................................................4
2.1 Major System Capabilities...........................................................................................................4
2.2 Major System Conditions.............................................................................................................4
2.3 System Interfaces........................................................................................................................4
Section 3 Policy and Regulation Requirements..........................................................................................5
3.1 Policy Requirements....................................................................................................................5
3.2 Regulation Requirements............................................................................................................5
Section 4 Security Requirements...............................................................................................................6
Section 5 Initial Capacity Requirements....................................................................................................6
Section 6 System Acceptance Criteria.....................................................................................................6
Section 7 Current System Analysis..........................................................................................................6
References...................................................................................................................................................7

Page 3 of 7
Email Testing Automation System Requirements Document

Section 1 Purpose
The purpose of the System Requirements document is to specify the overall system requirements that
will govern the development and implementation of the system. The document will also establish initial
security, capacity and system architecture requirements, as well as, system acceptance criteria agreed
upon be the project sponsor and key stakeholders.

Each requirement has a suffix indicating its priority. The requirement priority could either be High (Hi),
Medium (MED) or Low (LO). The priority shows how important each requirement is to the system being
designed.

Section 2 General System Requirements

2.1 Major System Capabilities
- System must be able to automatically launch approved corporate version of Microsoft
Outlook - Hi
- System must be able to launch new email window - Hi
- System must be able to pull email data from Microsoft Excel Spreadsheet and prepare for
input into Microsoft Outlook - Hi
- System must be able to input new email data (From, To, Cc, Bcc, Subject, Body, and
Attachment) - Hi
- System must be able to return an error if email attachment fails - MED
- System must be able to send email - Hi
- System must be able to verify email delivery - Hi
- System must be able to return error if email delivery fails - MED
- System must be able to be able to integrate into existing Corporate Incident Management
System (CIMS) - MED

2.2 Major System Conditions

- The EAS can only be integrated to a UAT or DEV Exchange server environment - Hi
- All Personal Identifiable Information (PII) used in this system must be fictitious - Hi
- The EAS system should only interact to a Corporate Incident Management System in a UAT
or Development Environment - MED
- The EAS should be an endpoint system; hence, it should have no interface with company
network - LO
- The EAS can only work on a PC that has the CIMS agent installed - LO

2.3 System Interfaces

The Email Automation System (EAS) must be able to seamlessly interact with any approved
version of Microsoft Outlook. The EAS should also be able to trigger the Incident search module
of the Corporate Incident Management System.

Page 4 of 7
Email Testing Automation System Requirements Document

Microsoft Email
Outlook Automatic
Launched ally sent by Corporate
Email system Incident
Automation Management
System System

EMAIL AUTOMATION SYSTEM

Section 3 Policy and Regulation Requirements

The EAS must comply with the following policies and regulations as required by Corporate
Management, Industry Standards and Applicable Laws

3.1 Policy Requirements

Policies are mandatory high-level management directives. (Conrad, Misenar & Feldman, 2017)

- System must be built using ONLY the Company’s Development Language Framework - Hi
- System’s Codes must be approved by the Identity Access Management Team - Hi
- System must interface with the corporate JDT (Java Development Tool) framework system -
Hi
- System must comply with corporate Internal Development Log Reporting (IDLR) Policy - Hi
- System must be compatible with both offline and cloud version of Microsoft Outlook - Hi

3.2 Regulation Requirements

- The EAS must be in compliance with all applicable National Institute of Standards and
Technology (NIST) guidelines. (Reuters, 2020) - Hi
- The EAS must be in compliance with the Economic Espionage Act of 1996 - Hi
- Other regulations the EAS must comply to includes the Gramm-Leach_Bliley Act, Health
Insurance Portability and Accountability Act (HIPAA) (Chapple, Gibson & Stewart, 2018) - Hi

Page 5 of 7
Email Testing Automation System Requirements Document

Section 4 Security Requirements

Below is the security requirement for users of the EAS.

- System architecture must be approved by the Corporate Information Security Unit before
implementation - Hi
- The EAS can only be used after your is authenticated into the approved user domain - Hi
- An authenticated user using the EAS system can only launch an outlook account the user is
authorized to access - Hi
- The EAS user is responsible for consent sent out by the EAS through Microsoft Outlook - Hi
- All actions performed by EAS must be logged and transmitted to the Internal Development
Log Reporting System - Hi

Section 5 Initial Capacity Requirements

- The intention behind the development of the EAS system is expedite the testing of email
related development in the UAT and Development Environment. For access to be granted to
the EAS system, the user must belong to the either the Corporate Information Security (CIS)
or the Global Quality Solutions (GQS) group - Hi
- The EAS should be able to send a minimum of One email and a maximum of 10999 emails -
LO
- There is no limit to the number of simultaneous users as the system should run locally on
the PC - LO

Section 6 System Acceptance Criteria

- The EAS must interact seamlessly with the Microsoft Outlook - Hi
- The EAS must be able to launch Microsoft Outlook, send emails to multiple receivers, verify
email delivery and successfully trigger the CIMS - Hi
- 3 years of data must be stored in Corporate Log Management system (conversion implied)
from day one - LO

Section 7 Current System Analysis

- User launches Microsoft outlook and send each test email
- User launches the CIMS agent and runs the Incident tracking script.
- The script searches the Data Loss Prevention Enforce Server console
- The CIMS tracks the incident triggered by the email and takes a screenshot
- The CIMS logs into HP ALM, searches the Test Case and attaches the screenshot into the
Test case and passes the test case.
- If an incident was not found in the Enforce server, the test case is failed in HP ALM

Page 6 of 7
Email Testing Automation System Requirements Document

References

Chapple, M., Gibson, D., & Stewart, J. (2018). CISSP Certified Information Systems Security
Professional (8th ed., pp. 141-151). Indianapolis: Sybex.

Conrad, E., Misenar, S., & Feldman, J. (2017). Eleventh hour CISSP (3rd ed., p. 17). Cambridge:
Syngress.

Reuters, T. (2020). Data Privacy Principles All Legal Providers Should Adopt. Retrieved July
12, 2020, from https://legal.thomsonreuters.com/en/insights/articles/data-privacy-principles

Guidance on the Protection of Personal Identifiable Information | U.S. Department of Labor.

(2020). Retrieved 12 July 2020, from https://www.dol.gov/general/ppii

SRD Template, CS 325. (2000). Retrieved 12 July 2020, from

http://bluehawk.monmouth.edu/rclayton/web-pages/s00-325/srs-template.html

Page 7 of 7