Skip to content
PT CPI Docs

Phase 6: Security & Compliance Gates

Goal: Production accepts traffic only when agreed controls are proven—not because of deadline pressure alone.

  1. User Acceptance Testing (UAT) — business scenarios, execution evidence, product owner sign-off
  2. Security review — Snyk/Wiz/Infrastructure as Code (IaC) scan findings closed or documented accepted risk
  3. Compliance pack — diagrams, log retention, Disaster Recovery (DR) drill if in scope
  4. Go/no-go — sponsor + risk + platform

Next: Phase 7: Handover