Are there any standard sets of testing that would be mandatory if you have a web application that know through a re-design will soon attract far more traffic than it does at present. We use a SaaS application for one of our customer facing apps, and they are trying to push more customer interaction through the site/app than it offers at present, so therefore it will be handling more traffic and data. There are already some concerns around performance etc as is, so we want to ensure our risk teams are verifying the data owners have got some assurances from the suppliers that this will be fit for purpose once the new features of the app are made available to customers/service users. I will trying to find some form of skeleton plan for the basics tests/risks that we need to delve further on. Obviously all levels of the technology stack behind the application require assessment/consideration. Although I appreciate each application is different, there must be some standard broad level test categories that would consistent for all. I'm not sure what assurances we could get directly from the SaaS providers or how to construct the queries so any assistance of probing questions would be most useful.