As we develop and test new features or updates, it is important that we follow rigorous quality control and security procedures to ensure that software updates are secure, bug-free, and adhere to industry standards and regulations
This can happen across multiple environments.
| 0 | 1 | 2 | 3 | 4 | 5 | |
|---|---|---|---|---|---|---|
| Design | Development | Test instance (or ‘pizza’) | Staging (.dev) | Production (behind feature flag) | Production (.uk) | |
| What is it? | Mockup environment (eg Figma) | Collaborative version control environment eg GitHub | A standalone instance of the service at a testing link. No user data present. | A staging instance of the service where new features can be combined with each other and service integrations. | The live service, but new features can be made available to a limited group of test users before rolling out to all users | The live environment. |
| Manual testing and review by team | All pull requests are reviewed for any bugs or security issues. | We manually test a new feature in context looking for weaknesses or issues. | Manual testing of new features together, along with integrations. | Removal of all test or debugging code | If, from reports we identify an issue we can immediately roll back individual features or changes if required until the issue has been fixed. | |
| Automated testing | We run a suite of automated tests to test for accessibility, security, performance or bugs. | We run live monitoring services that allow us to spot if something is going wrong. | ||||
| Customers & users | We test interactive mockups with users and stakeholders to identify design problems early. | We may invite customers and users to help us find issues. | Invite customers and users to test with dummy data. | Invite customers and users to test with real data. | Bug reporting and issues monitoring |
https://www.youtube.com/watch?v=33cl6ojv1GA
<aside> <img src="/icons/subtask_gray.svg" alt="/icons/subtask_gray.svg" width="40px" /> This section only relates to the development and release of new software updates. It does not relate to testing and publishing new service content, which is managed by a separate process within the editor.
</aside>
For more about how we make sure that any changes we make are secure before they go live, see Security.