The Module 9 test summary table is retained as the primary navigation artefact for Module 9’s testing evidence. It maps each test type to its most recent execution date, scope, finding count by severity, remediation status, and next scheduled execution date. The table covers penetration testing, vulnerability scanning, adversarial ML testing, additional threat-specific testing, red team exercises, and manual security code reviews.

The summary table is the first document an assessor, competent authority inspector, or notified body reviewer examines when evaluating Module 9’s testing evidence. From the summary table, they navigate to the detailed reports in the evidence pack. A current, complete summary table demonstrates an active, ongoing testing programme; gaps in the table indicate areas where testing has lapsed.

The summary table is updated after each test execution and reviewed quarterly by the AI Governance Lead. It is retained alongside the detailed reports for the ten-year period.

Key outputs

• Single-page summary covering all Module 9 test types
• Navigation index to detailed reports in the evidence pack
• Quarterly governance review
• Module 9 AISDP evidence