A quality gate is a milestone in an IT project that requires that predefined criteria be met before the project can proceed to the next phase. Designed to provide benchmarks for quality standards, these gates are commonly used throughout application or software development projects. Typically, quality gates are located before phases that are highly dependent on the outcome of a previous phase, particularly where potential trouble spots need to be addressed and resolved.
The concept of a quality gate combines aspects of project management, decision modeling and workflow management to increase measurability and promote superior conditions. Quality gates can be applied at many levels throughout an organization such as system, project and release. Additionally, they can be used as part of the overall product development or quality assurance (QA) methodologies.
How a quality gate works
Quality gates help ensure that a project is well thought out technically and can be supported after deployment. In order to accomplish this, conditions are predefined based on aspects of the project that can be measured. Examples of conditions could be amount of vulnerabilities, whether outputs are on target or compile time. These milestones minimize project risk through phase-by-phase checklists and by enabling project managers to communicate the process continuously, reducing development cycle time by achieving higher success rates and increasing focus on a well-designed product.
When a quality gate is reached, the project results are checked against the predefined criteria and status information is returned. The three potential quality gate statuses are:
- Pass- Quality gate metrics are met and production can continue.
- Warn- Quality gate metrics may not be met, or just barely, and should be verified before production continues.
- Fail- Quality gate metrics are not met and issues need to be resolved before production can continue.
Often software projects fail to meet time, budget and other requirements, but monitoring the quality of project results by presetting benchmarks and steering a project at key points can help resolve these issues.
Implementing quality gates
Quality gates are customizable and their format varies by level of implementation. Some applications, such as with internal frameworks, may need stronger requirements than others. Checklists of deliverables can be applied throughout a project’s life and proceeding to each gate requires the successful completion of items on the list. Formal sign-off and acceptance are mandatory at each gate. The IT project manager and a senior executive or sponsor involved with the project should review the checklists. The assessment of the quality and integrity of the product and information should then be communicated to the correct stakeholders.
Quality gates in security
Although traditionally employed to ensure that code meets specific requirements, quality gates can also be used to check for security issues within the code and to verify that code is built securely. Gates can be configured to stop or fail a build if the code does not meet security standards or metrics. This allows security to be built into the product, rather than as an add-on or afterthought. The sooner security can be implemented into the software development lifecycle, the more time developers can save.