I’ve been tasked with producing a Confidence (Risk) Assessment Criteria for each release before it goes into Production. I’m keen to understand how others approach this and what information you typically include in such a document.
A few questions I’d love your input on:
Have you had to create a similar risk assessment or confidence criteria for releases?
What details or metrics do you document to help stakeholders understand release readiness?
Do you use a scorecard, health check, or any other method to quantify confidence levels?
Are there any templates or frameworks you’ve found particularly effective?
Any examples, templates, or lessons learned would be greatly appreciated!
On coming up with such ideas, I suggest looking into James Bach’s Risk-Based Testing talk: https://www.youtube.com/watch?v=Sz-WiCV2eh4, particularly when he talks about forward and backward coding (around 33:23).
Now, on the usage of this criteria:
Make sure that everything is automatically checkable.
The worst thing you can possibly do is to come up with a bunch of things to verify,
and having to actually force people into adding this into their workflow.
Not that is useless, but many will perceive it as being a top-down useless thing.
Give enough time and people involved, and this will become another forgotten
Confluence page last modified 3 years ago.
Make computers do the checks: When one pushes new code, one receives an email
saying “No problems were found.” or “We found these problems, code was reverted, please
take a look and try again”.
Thanks @ghawkes . The list you have shared is great and we use something similar for a Release Sign off (Go/No-Go)
However, I am looking for something that can define the Confidence/ Risk it could have on customers once released. Some ideas we have currently include:
Will a customer affecting service outage be required to implement this change?
What will be the potential number of users impacted by this change (i.e. less then 1000, 1001 - 5000, 5001+)
Is there a roll back strategy defined and tested?
Does this update schedule coincide with significant known customer service activity (i.e. At Worldpay we manage moving of money, so we wouldn’t want to push any updates around Black Friday where we have significant traffic)
@joaofarias I agree with attempting to automate as much as possible. For the Go/No-Go checklist, most of this is automated as part of our Build process (i.e. Builds will break if mandatory 100% Unit Testing is not achieved via SonarQube).
However, for a confidence assessment this is more of a conversation that may not be automated. Some initial thoughts we have are shared in the reply to Gary
