Planning insights from the Election Security Exchange

Planning Desk, Week E-16: Pre-Election Testing of Software

Election administration relies on a complex web of technologies, systems, and processes that share and transfer data. Every point that creates, stores, or transfers election data introduces a security boundary. Validating and testing those boundaries before an election maintains data integrity, prevents misconfiguration, and ensures resilience. 

Testing is a core security function as much as an administrative one. Over the next four editions, we’ll review testing of election technologies, systems, and processes throughout the course of the election.

Flow chart showing interaction of voting and election systems, including registration, voter info, pollworker training, UOCAVA, printing, precinct management, ballot marking, reporting, e-pollbooks, auditing, GIS, and more.

Kennesaw State University

Pre-election Testing

Pre-election testing is one of the most effective ways election offices can reduce risk and confirm that their systems are secure, accurate, and ready for use. 

Every election office across the country tests election equipment, yet pre-election testing involves more than just the logic and accuracy (L&A) of the voting system. It confirms that all election-related software, hardware, data transfers, operational workflows, and reports are configured correctly and function as intended prior to deployment. Both system-specific validation and end-to-end workflow should be tested to ensure that data created in one system can be accurately and securely received, processed, reported, and documented in the other related systems. 

Systems that should be tested include:

  • Candidate Filing: candidate entry, withdrawal, office assignment, ballot order, and data export.
  • Voter Registration: voter status, precinct assignment, district coding, ballot style assignment, absentee or mail ballot status, and exports used by other systems.
  • Election Management: election setup, ballot creation and layout, equipment programming, tabulation and reporting configurations, audit logs, user access, and media creation.
  • Election Reporting: results upload, aggregation, display, public reporting, file formatting, and reconciliation with official tabulation reports.
  • UOCAVA Ballot Transmission Tools: electronic ballot delivery, marking, and return; voter authentication workflow; ballot package accuracy; transmission logs; and return-status tracking.

Testing should:

  • Validate that each system is running the approved software version and is configured properly. This may include running a hash validation and comparing it against the certified or approved software’s hash value. Document any mismatch, and prohibit use of any component that cannot be validated until resolved.
  • Confirm that candidate, contest, precinct, district, ballot style, and voter registration data flow accurately between systems.
  • Verify that ballot files, election definition files, voter files, UOCAVA ballot packages, and results files can be created, transmitted, received, opened, and reconciled.
  • Ensure that the results reporting application accepts only authorized files, displays accurate test results, labels test data clearly, and does not expose unofficial or live data prematurely.
  • Test email and electronic file transmission procedures, including naming conventions, encryption or secure transfer requirements, access permissions, confirmation of receipt, and retention of sent and received records.
  • Apply to all identified redundancies and backups as documented in emergency preparedness protocol and Incident Response Plans.

A Testing Plan needs to:

  • Identify the office or staff lead responsible for coordinating the pre-election testing schedule.
  • Confirm which systems and software components require hash validation, who will perform the comparison, and how to resolve mismatches. 
  • Determine whether testing will include vendor participation, public observation, or coordination with state or local election officials.
  • Approve standard test scripts, expected-result files, documentation templates, and issue-resolution procedures.
  • Establish deadlines for completing initial testing, correcting exceptions, retesting, and final certification for election use. Any jurisdictions facing the possibility of last-minute redistricting should account for this in their pre-testing timeline.

Although some technologies, systems, and processes may require election-specific databases or files to be created before testing can commence, election officials do not need to wait for the formal pre-election testing timeframe to begin preparing or conducting tests. Prepare equipment now to avoid being rushed once data is available for testing.

As election offices prepare for the busy months ahead, thorough testing remains one of the most effective security safeguards available. Each validated workflow, confirmed data transfer, and verified software component strengthens the integrity of the election and reduces the risk of disruption. By approaching testing as a core security function, jurisdictions reinforce trust in the electoral process and ensure they are ready for the demands of each election.

Additional Resources


The Planning Desk is a running timeline of key election security tasks. You can find prior editions in the newsletter archive.