The New Default. Your hub for building smart, fast, and sustainable AI software
Table of Contents
and 7 more
A quality assurance process is the set of structured activities - from requirements analysis to post-release monitoring - that a development team uses to prevent defects, validate user experience, and ensure a digital product works as intended before it reaches users.
Most QA failures trace back to planning decisions made before a single test was run: QA brought in too late, test coverage defined too narrowly, or quality treated as one team's problem rather than the whole team's standard. The six steps below are structured to address each of those failure points.
According to Forrester's 2024 US Customer Experience Index, customer experience quality has hit an all-time low after declining for three consecutive years. The cost of poor quality has never been higher, and the window for recovery after a bad release has never been shorter.
Executive Summary
Quality assurance for digital products is a six-step process that spans from requirements definition to post-release monitoring. The most common failure mode is a planning problem: QA starts after code is written, gets treated as a gatekeeper function rather than a shared team standard, and relies on ad hoc environment setup instead of infrastructure defined upfront. This post covers each step of the QA process in sequence, with emphasis on what breaks down in practice and why.
How QA Differs by Product Type
There's no universal QA process. Testing a regulated healthcare platform looks nothing like testing an e-commerce checkout flow, and both look different from testing a real-time collaboration tool. The testing strategy, tooling, and risk thresholds have to match the actual stakes.
That said, some principles hold across all product types. According to the International Software Testing Qualifications Board (ISTQB), the primary objective in software testing is always ensuring end-user satisfaction. Establishing a defined Software Testing Life Cycle (STLC) – with explicit phases and exit criteria – is how teams achieve that goal consistently, regardless of what they're building.
The differences show up in priorities. A healthcare application subject to HIPAA, FDA, or EU MDR compliance requires formal test documentation, traceable defect logs, and security testing as non-negotiables. A consumer mobile app prioritizes performance under load and device compatibility. A financial platform demands rigorous security and transaction integrity testing above almost everything else.
The six steps below apply across product types. The weighting you apply to each step is what changes.
The Prerequisite: Quality as a Team Standard, Not a Role
Before the six steps, one structural decision determines how effective all of them will be: who owns quality.
In teams where QA is a separate handoff stage - where code moves from development to "the QA team" for validation - quality problems compound. Developers write code without testing assumptions in mind. QA engineers discover issues late, when fixing them is expensive. Stakeholders see QA as a bottleneck rather than a value-add.
The more effective model: QA engineers participate from the first requirements discussion, working alongside designers, developers, and product owners as full team members – present to ask "how will we know this works?" before anyone writes a line of code.
At Monterail, this collaborative structure is standard on every project. It doesn't eliminate defects - nothing does - but it shifts where they're caught. Issues found during planning cost almost nothing to fix. Issues found in production cost significantly more, both financially and in user trust.
Step 1: Define Clear Goals and User Requirements
Quality assurance begins the moment you start analyzing business requirements – not when the first feature is ready to test.
At this stage, QA engineers aren't testing anything. They're asking questions: What does success look like for this product? What will users try to accomplish? Where are the friction points most likely to appear? What does a failure state mean for this specific user in this specific context?
These questions matter because they shape every testing decision that follows. In one project at Monterail, the team worked on a mental health mobile application where users were immediately asked sensitive questions about sleeping habits, employment, and relationship status. The QA team's early analysis identified that the core quality challenge wasn't functional – the app needed to make users feel safe enough to provide intimate information and motivated to return. That insight changed how features were paced, how the user journey was mapped, and what the test plan prioritized.
This is what early QA involvement produces: a test strategy built around actual user risk, not just technical completeness. Deliverables at this stage include user journey maps with annotated risk points, documented acceptance criteria for functional and non-functional requirements, and an initial list of edge cases – the scenarios that don't appear in the happy path but will happen in production.
Step 2: Plan Your Testing Strategy
With clear goals established and team alignment secured, the next phase translates strategy into an actionable test plan that defines scope, resources, and success metrics.
Good planning enables teams to estimate testing duration accurately, calculate realistic costs, allocate resources effectively, and identify risks early. It's the foundation that prevents costly surprises later in the cycle.
Determining Testing Types
The combination of testing types you deploy should follow your product's actual risk profile, not a default template. Here's a reference for the core options:
Testing Type | What It Validates | Best For | Tooling Examples |
Manual / exploratory | UX, edge cases, judgment-dependent scenarios | All products, especially early-stage | JIRA, TestRail |
Automated regression | Core functionality stability after each release | Products with frequent deployments | Cypress, Playwright, Selenium |
API testing | Backend logic, data integrity, integration points | Products with complex third-party integrations | Postman, REST Assured |
Performance testing | Speed, load capacity, scalability under real conditions | High-traffic apps, marketplaces, real-time products | k6, JMeter, Locust |
Security testing | Vulnerabilities, authentication, data exposure | FinTech, HealthTech, any regulated product | OWASP ZAP, Burp Suite |
Accessibility testing | WCAG compliance, screen reader compatibility | Consumer apps, healthcare, government platforms | axe, Lighthouse |
Cross-device / browser | Rendering consistency across environments | Mobile apps, PWAs, global audiences | BrowserStack, Sauce Labs |
A financial application demands rigorous security testing. A social platform needs extensive load testing. A healthcare product typically requires all of the above, plus formal documentation to satisfy regulatory requirements. The specific combination depends on what a failure actually costs your users.
AI-Assisted Testing in 2026
AI-powered testing tools have shifted from experimental to standard practice for mature QA teams, particularly for test case generation, regression analysis, and defect prediction.
LLM-based tools can generate test cases from requirements documents, reducing manual test-writing time. Predictive analytics tools analyze historical defect data to surface which modules carry the highest regression risk. AI-powered visual testing tools catch UI regressions that would be tedious to cover with manual checks.
What these tools don't handle well: exploratory testing, judgment calls on UX quality, and the domain-specific context that makes healthcare or financial testing different from a standard consumer app. The best-performing QA teams use AI to eliminate repetitive coverage and redirect that time toward higher-judgment work. Monterail's approach to AI in software development applies directly here – AI accelerates the process, but the strategy still requires human expertise to define correctly.
Creating Testing Documentation
Planning produces test cases, test scenarios, and a test plan shared with stakeholders. This creates a common vocabulary between development teams and project owners, and eliminates the ambiguity that leads to expensive rework. Key deliverables: a test plan document covering scope and approach, a test case library organized by feature and priority, a risk assessment with mitigation strategies, resource and timeline estimates, and a definition of the environments you'll need.
Step 3: Establish Quality Standards and Code Review Processes
Before executing tests, successful teams establish the quality standards that code must meet throughout development. This step prevents issues from reaching the testing phase at all – and it's the most underinvested step in most QA processes.
Code Quality Gates
Implement automated quality checks as early as possible: linters and static analysis tools that catch issues before code review, quality gates in your CI/CD pipeline, and pre-commit hooks that enforce coding standards before code is committed.
Establish peer review for every code change – with clear acceptance criteria, not vague "looks good" approvals. The goal is knowledge transfer and consistent standards across the team, not just defect prevention.
Conduct regular knowledge-sharing sessions led by senior developers. Maintain updated coding standards documentation. At Monterail, each new project starts with a technical architect or engineering manager reviewing quality standards before development begins, with project-specific checklists built from those requirements.
These preventive measures consistently reduce the number of defects that reach the testing phase. Catching issues during development, rather than testing, accelerates delivery without compromising standards.
Step 4: Build Your QA Infrastructure and Environments
With your plan defined and quality standards established, the next step is creating the concrete testing infrastructure that enables consistent, efficient validation.
Set Up Testing Environments
Establish dedicated testing environments where QA engineers can validate changes without blocking other releases. Depending on project complexity, this might include a development environment for initial testing, a staging environment that mirrors production, a dedicated QA environment for comprehensive validation, and an integration environment for third-party service testing.
Multiple environments allow flexibility: QA engineers can test different features simultaneously even when a bug is found in one branch, maintaining development momentum.
Establish QA Workflows
Define clearly how builds move from development to testing environments, how bug tracking integrates with project management tools, what communication channels connect developers and QA engineers, how you define "done" for each testing phase, and what release approval criteria look like.
Tool Integration
Connect bug tracking systems, test management platforms, CI/CD pipelines, and any stakeholder tools into a unified workflow.
At Monterail, automated test suites run on every pull request - immediate feedback to developers before code reaches manual testing. Issues get caught before they compound.
Step 5: Execute Comprehensive Testing
With entry criteria met and QA environments ready, testing begins. This is the most dynamic phase of the Software Testing Life Cycle: QA engineers become the first real users of newly developed features, discovering what works and what needs fixing before actual users encounter it.
Test Execution
Running tests means documenting actual results against expected outcomes, verifying that business logic matches requirements, and checking that implementation matches design specifications. Results analysis goes beyond pass/fail – you're also identifying user experience issues that might not technically be bugs but would frustrate users.
Bug management becomes its own workflow: reporting defects with clear reproduction steps and severity classification, collaborating with developers to prioritize fixes, retesting those fixes, and running regression testing to confirm that fixes don't introduce new issues.
Branch-Based Testing
Once developers merge tasks into the main branch, QA teams conduct manual testing across four areas: business logic verification, design compliance, regression testing against existing functionality, and a review for issues introduced by recent changes.
For complex projects, a regression test suite covering critical user paths and core functionality is essential, both automated and manual components.
For products in regulated industries, health apps testing and QA involves an additional layer: formal defect documentation, traceability between requirements and test cases, and validation protocols that satisfy HIPAA or medical device standards.
Step 6: Monitor, Measure, and Continuously Improve
Quality assurance doesn't end when tests pass. The final step looks back at your testing process to identify optimization opportunities before the next cycle begins.
Key QA Metrics
While the specific metrics vary by project, effective QA teams track a consistent set of indicators:
Metric | What It Measures | Why It Matters |
Test coverage | % of code and requirements validated by tests | Identifies gaps before production |
Defect detection rate | Bugs caught in testing vs. production | Primary indicator of testing effectiveness |
Defect density | Defects per module or feature | Pinpoints highest-risk areas of the codebase |
Mean Time to Detect (MTTD) | Average time to identify an issue | Lower = earlier detection in cycle |
Mean Time to Resolve (MTTR) | Average time to fix a defect | Measures development and QA responsiveness |
Test execution rate | Tests completed vs. tests planned | Tracks coverage velocity |
Optimization and Adaptation
Regularly review test coverage, defect detection patterns, and testing cycle bottlenecks. Identify automation opportunities for repetitive test cases. If stakeholder feedback reveals gaps in test coverage, adjust. If new tooling could improve outcomes, test it.
As the World Quality Report consistently shows, organizations with mature, adaptive QA processes release faster while maintaining higher quality standards. Adaptability isn't a nice-to-have – it's what separates QA that improves over time from QA that plateaus.
Continuous Feedback Framework
Throughout all SDLC phases, implement proactive feedback mechanisms. Don't fight feedback; analyze it. It's information about your product, and the teams that improve fastest are the ones that treat it as such.
Effective teams continuously review and iterate on features based on testing insights, maintain clean and maintainable code through regular refactoring, invite stakeholder feedback throughout all SDLC phases, and document lessons learned for future projects.
This transparency creates an agile development cycle where quality emerges from collaboration rather than gatekeeping. Feedback is the result of collaborative work done throughout the process – and acting on it quickly is what separates teams that improve from those that repeat the same issues. Tools like user feedback mechanisms integrated early help QA teams gather signal from real users before major rework becomes necessary.
Key Takeaways
Quality assurance is a planning discipline as much as a testing discipline. Starting QA at requirements – not at feature handoff – is the single highest-leverage change most teams can make.
The testing types you select should follow your product's actual risk profile. Healthcare and fintech need security and compliance testing as non-negotiables. Consumer apps need load and device compatibility. One-size testing plans waste coverage on low-risk areas.
Code quality gates (linters, static analysis, peer review protocols) prevent defects from reaching the testing phase at all. Step 3 is the most underinvested step in most QA processes.
Metrics only drive improvement when connected to business outcomes. Track defect detection rate (testing vs. production), MTTD, and MTTR – not just test execution rate.
AI-assisted testing reduces repetitive coverage and accelerates regression analysis, but doesn't replace the domain judgment required for healthcare, financial, or complex UX testing.
What Separates QA That Works From QA That Doesn't
The teams that ship reliable software have made structural decisions earlier in the process: QA involved before requirements are finalized, quality standards defined before code is written, and feedback loops that connect post-release monitoring back into planning.
The six steps in this post reflect how Monterail approaches QA across 900+ delivered projects – including regulated healthcare software development, high-traffic marketplaces, and fintech platforms where a production defect has direct compliance implications. The process scales because it's built around principles rather than a fixed checklist.
If you're evaluating your current QA setup or building one from scratch, Monterail's engineering team can walk through what a well-structured QA process looks like for your specific product type and stage.
Quality Assurance FAQ
Hubert Białęcki
Head of Technology at Monterail
As Monterail’s Head of Technology, Hubert brings a unique blend of technical expertise and strategic leadership to drive innovation and organizational growth. A graduate of Wrocław University of Science and Technology, Hubert has carved an impressive career path from JavaScript developer to technology executive, demonstrating both technical mastery and exceptional leadership capabilities. He excels at understanding complex organizational dynamics and implementing strategic changes that enhance team performance and company development.
