Continuous IV&V: How Preview Environments Replace Stage-Gate Review

Independent verification and validation, in its dominant form, is a stage-gate practice. Development happens, then IV&V reviews completed work against requirements, then deployment happens. The model assumes batched delivery, a separate IV&V team, and a milestone cadence. None of those survive contact with continuous delivery, but the methodology has been slow to adapt because the contractual and organizational scaffolding around it was built for the milestone era.

This is the narrower mechanical claim: preview environments are the missing piece that turns stage-gated IV&V into continuous IV&V. History and broader framing are in /blog/evolution-of-ivv-and-modern-software-delivery/.

What Stage-Gate IV&V Assumes

The traditional model is built around discrete reviewable units — a release, a build, a milestone deliverable. IV&V gets a package: source, build artifacts, test results, requirements traceability, design documentation. They review on their own timeline, produce findings, and the program office decides what to do. Cycles measured in weeks or months.

This works when releases are infrequent and large. The model degrades along three axes when delivery becomes continuous:

Cadence mismatch. A team shipping fifteen PRs a week cannot batch them into milestone packages without giving up the cadence advantage.

Package staleness. The package IV&V reviews represents the system at a point in time. By the time review concludes, the system has moved on.

Per-change attribution. Continuous delivery means each change is small and independently meaningful. A milestone-sized review struggles to attribute problems to specific changes — by the time IV&V reviews, dozens of changes have landed.

None of this is a problem with IV&V as a discipline. The discipline of independent, expert review is as valuable in continuous delivery as in milestone delivery. What needs to change is the mechanism.

The Mechanical Argument

A preview environment is, structurally, the same kind of thing IV&V has always reviewed: a running system that implements the change in question, exercisable against requirements. The differences are quantitative — many more, shorter, smaller — but the fundamental object is the same.

If a preview exists for every PR, IV&V has at every point in the cycle access to a real, verifiable artifact tied to a specific proposed change. The “package” is the live preview. Traceability that used to be assembled retrospectively is captured prospectively as preview metadata.

Concretely, continuous IV&V looks like this:

1. A developer (or AI coding agent — see /blog/verification-checklist-autonomous-coding-agents/) opens a PR.
2. CI builds the change and deploys a preview with a stable URL.
3. The preview is registered in the IV&V workflow with a checklist drawn from acceptance criteria, control mappings, or risk-driven sampling.
4. The IV&V engineer reviews on their own cadence, executes test cases under their own identity, records findings in an evidence log.
5. Findings flow back as machine-readable feedback addressable in subsequent commits.
6. When the change merges, the evidence log captures the full trail tied to the image digest of what shipped.

IV&V engagement is no longer batched. Each PR is a unit IV&V engages with on its own merits. Cadence is set by IV&V capacity and risk-driven sampling, not by milestone schedule.

The three patterns covered in /blog/evolution-of-ivv-and-modern-software-delivery/ — Integrated, Parallel, Asynchronous — all reduce to specific shapes of this mechanism. The underlying object is the same in all three.

What Has to Change Organizationally

Contracts. IV&V contracts have historically been written in terms of milestone deliverables — findings reports per quarter, attendance at PDR/CDR, traceability matrices against specified release candidates. The right shape for continuous IV&V is closer to time-and-materials with a defined sampling rate, severity thresholds, and a requirement to produce evidence in a portable, auditor-ready format. Some agencies are moving this direction; many haven’t.

Staffing. Stage-gate IV&V can be staffed in surges. Continuous IV&V wants steadier engagement — fewer people, deeper context. The contractor’s staffing model has to follow.

Tooling. IV&V has historically operated arms-length — the prime delivers artifacts, IV&V reviews. Continuous IV&V means IV&V engineers need scoped access to preview environments, the evidence log, and the PR workflow. Federal access controls, U.S. persons enforcement, and the audit-trail requirements in /blog/audit-trail-preview-environment-evidence-portable/ all apply.

Cultural inheritance. Stage-gate IV&V has, for some teams, become a defensive ritual — findings produced because findings are expected. The continuous model exposes this. Expect pushback from teams whose contract value depends on findings volume rather than quality.

Cost Model

A common assumption is that continuous IV&V is more expensive. The opposite is usually true. Defects caught at PR-time cost a fraction of defects caught during milestone review. And the package-assembly cost — engineering hours preparing artifacts — is largely eliminated when the preview is the artifact.

What changes is the cost shape. Stage-gate is bursty. Continuous is steady. Total cost is usually lower; cash-flow predictability is higher; findings density per dollar is better.

Capital cost of preview infrastructure is real but modest. /blog/cost-aware-preview-environments/ applies. For a federal program with tens of active developers, preview infrastructure runs in the low five figures monthly even on GovCloud — small relative to the IV&V labor cost it lets you redeploy more effectively.

Regulatory Framing

OMB M-22-09 emphasizes continuous validation as part of zero-trust requirements. NIST SP 800-160 Vol. 2 assumes ongoing verification rather than batched assessment. The DoD Software Modernization Strategy explicitly calls for moving from stage-gated certification to continuous authorization.

None of this prescribes preview environments. It does prescribe a posture that stage-gate IV&V cannot meet. Preview environments are the most direct mechanism by which IV&V can adapt. For programs under continuous ATO variants, the connection is more direct still: continuous ATO requires ongoing evidence of control implementation, and per-change evidence is exactly that.

End-to-End

A federal contractor running continuous IV&V:

• Per-PR preview environments inside the authorized boundary.
• IV&V workflow integrated with the PR workflow, configured per the governance pattern (Integrated, Parallel, or Asynchronous).
• Acceptance criteria, control mappings, and risk-based sampling drive which PRs IV&V engages with at what depth.
• Evidence log captures every IV&V engagement — signed, hash-chained, bound to image digests, exportable in OSCAL or the agency’s preferred format.
• Findings flow back as machine-readable feedback addressable in subsequent commits.
• Stakeholder sign-off, including IV&V concurrence in Integrated or Parallel patterns, lives in the same evidence log.
• Milestone audit packages, when they happen, are assembled from the evidence log.

The program still has milestones. The heavy lift of verification has shifted to where it belongs — alongside the work, while corrections are still cheap.

A note on PreviewProof, since this is our blog: PreviewProof is built for this shape of work. The three IV&V patterns are first-class workflow shapes, the evidence log is portable and auditor-ready, and the deployment posture is BYOC inside the contractor’s authorized environment. It is not currently FedRAMP authorized and it is not the only way to operationalize continuous IV&V — a team with strong platform engineering can build the same shape themselves, and other vendors are moving in this direction. If you want a tool already shaped this way, it’s worth a look.