Preparation Roadmap

This chapter defines a step-by-step preparation plan for project teams preparing for TQS certification for the first time. It includes an 8-week standard preparation plan, a priority matrix, and an accelerated preparation guide.

---

33.1.1. 8-Week Preparation Plan

It is recommended that TQS certification preparation follow a systematic 8-week plan. The key activities and deliverables for each week are as follows.

Week	Key Activity	Deliverables
Week 1	Current state analysis and gap assessment	Self-assessment checklist, current state analysis report
Week 2	Development environment standardization	.editorconfig, .vscode/settings.json, formatter configuration files
Week 3	Code convention adoption	Spotless configuration, ESLint/Prettier configuration files
Week 4	Test infrastructure setup	JUnit 5 + JaCoCo configuration, Vitest configuration, coverage reports
Week 5	CI/CD pipeline configuration	CircleCI configuration file, pipeline execution logs
Week 6	Security review	Spring Security configuration, OWASP scan results, secret management setup
Week 7	Frontend quality enhancement	Lighthouse reports, accessibility review results, bundle analysis results
Week 8	Final review and audit request	Finalized checklist, audit request form

33.1.1.1. Week 1: Current State Analysis and Gap Assessment

The goal of Week 1 is to objectively assess the current state of the project and identify gaps against TQS standards.

The activities to be performed are as follows.

• Verify compliance status of all items against the TQS certification checklist (Chapter 32).
• Classify each item as Compliant, Partially Compliant, or Non-Compliant.
• Estimate the remediation difficulty and required timeframe for non-compliant items.
• Adjust the detailed schedule for the remaining 7 weeks based on the gap assessment results.

If non-compliant items exceed 30% of the total at this stage, the 8-week plan may be insufficient, and a schedule extension must be considered.

33.1.1.2. Week 2: Development Environment Standardization

Development environment standardization is the process of unifying configurations so that the entire team develops in the same environment.

• Create an .editorconfig file in the project root and define indentation, character encoding, and line ending rules.
• Add auto-format on save and auto-lint execution settings in .vscode/settings.json.
• Add spotless-maven-plugin to pom.xml for applying Google Java Format to backend projects.
• Configure ESLint Flat Config and Prettier for frontend projects.
• Review the .gitignore file to ensure IDE configuration files, build artifacts, and environment variable files are properly excluded.

33.1.1.3. Week 3: Code Convention Adoption

Apply the code conventions required by TQS standards to existing source code.

• Backend: Apply Google Java Format to all Java source code using the mvn spotless:apply command.
• Frontend: Apply ESLint and Prettier rules using the yarn lint --fix and yarn format commands.
• Review naming conventions (classes, variables, methods, packages) and correct any violations.
• Replace System.out.println usage with a logging framework (SLF4J + Logback).
• Remove any type usage in TypeScript and define explicit types.
• Verify that Vue components use the Composition API, and migrate any components using the Options API.

33.1.1.4. Week 4: Test Infrastructure Setup

Set up the test automation environment and achieve coverage targets.

• Backend: Write unit tests based on JUnit 5 and measure coverage using JaCoCo.
• Frontend: Write unit tests based on Vitest and generate coverage reports.
• Coverage targets: Line coverage of 80% or higher and branch coverage of 70% or higher must be achieved.
• Prioritize testing core business logic, utility functions, and API call logic.
• Configure exclusions for code that does not require testing (configuration classes, DTOs, etc.) from coverage measurement.

33.1.1.5. Week 5: CI/CD Pipeline Configuration

Configure a CI/CD pipeline based on CircleCI.

• Create the .circleci/config.yml file and define the pipeline.
• Pipeline stages: Configure in the order of lint check, unit tests, coverage verification, build, and security scan.
• Configure the pipeline so that subsequent stages do not execute if the lint check fails.
• Configure the build to fail if coverage thresholds are not met.
• Set up notifications to inform the team of build results.

33.1.1.6. Week 6: Security Review

Review and remediate TQS standard items related to security.

• Verify Spring Security configuration. Confirm that RBAC (Role-Based Access Control) based access control is applied.
• Run OWASP Dependency-Check to scan for dependency security vulnerabilities. There must be 0 vulnerabilities with a CVSS score of 7.0 or higher.
• Check whether secrets (API keys, passwords, tokens) are hardcoded in the source code. Secrets must be managed through environment variables or a secret manager.
• Verify data encryption settings (At-Rest, In-Transit).
• Review whether input validation logic is properly implemented.

33.1.1.7. Week 7: Frontend Quality Enhancement

Review frontend performance, accessibility, and bundle optimization.

• Run Lighthouse and achieve a performance score of 90 or higher and an accessibility score of 90 or higher.
• Apply image optimization (format conversion, lazy loading).
• Analyze bundle size and apply code splitting.
• Verify compliance with WCAG (Web Content Accessibility Guidelines) 2.1 AA level accessibility.
• Review whether ARIA (Accessible Rich Internet Applications) attributes are properly used.

33.1.1.8. Week 8: Final Review and Audit Request

Perform a final review of the complete checklist and submit the audit request.

• Re-verify all items in the TQS certification checklist (Chapter 32).
• Execute all automated verification tools and collect results.
• Organize deliverables (configuration files, test reports, CI logs, security scan results).
• Prepare the audit request form and submit it to the TQS Committee.
• Conduct a final internal team review before submission to ensure no items are missing.

---

33.1.2. Priority Matrix

TQS certification preparation items can be classified into 4 quadrants based on urgency and difficulty. Using this matrix enables efficient preparation within a limited timeframe.

33.1.2.1. Quick Wins (High Urgency + Low Difficulty)

These items can be executed immediately and directly impact certification approval.

Item	Estimated Time	Notes
.editorconfig setup	30 min	Create in project root
.gitignore review and update	30 min	Add missing entries
Formatter adoption (Spotless, Prettier)	1-2 hours	Plugin setup + batch application
System.out.println removal	1-2 hours	Replace with logging framework
Environment variable separation	1 hour	Extract hardcoded configuration values

33.1.2.2. Planned Adoption (High Urgency + High Difficulty)

These items are essential for certification approval but require sufficient time and planning.

Item	Estimated Duration	Notes
Achieve test coverage targets (80%/70%)	1-2 weeks	Prioritize core logic
CI/CD pipeline configuration	3-5 days	CircleCI setup
Security vulnerability remediation	3-5 days	Remediate after OWASP scan
Vue Options API to Composition API migration	1-2 weeks	Varies by component scale

33.1.2.3. Gradual Adoption (Low Urgency + Low Difficulty)

These items are not mandatory for certification approval but should be applied when targeting a grade of Excellent or higher.

Item	Estimated Time	Notes
Code documentation (JSDoc, JavaDoc)	2-3 days	Prioritize public APIs
Lint rule refinement	1-2 days	Add project-specific rules
Error message standardization	1 day	Apply standard response format
Logging level organization	1 day	Establish DEBUG/INFO/WARN/ERROR criteria

33.1.2.4. Long-term Tasks (Low Urgency + High Difficulty)

These items should be improved over the long term after certification is obtained.

Item	Estimated Duration	Notes
Full architecture refactoring	Weeks to months	Structural improvements
Legacy code complete rewrite	Weeks to months	Phased approach required
Integration test automation	2-4 weeks	Including E2E tests
Advanced performance optimization	2-4 weeks	Profiling-based improvements

---

33.1.3. Accelerated Preparation Guide

This is a 4-week accelerated preparation plan for projects that already apply some TQS standards. This guide may be applied to projects where gap assessment results show non-compliant items at 20% or less of the total.

33.1.3.1. 4-Week Accelerated Plan

Week	Key Activity	Notes
Week 1	Gap assessment + batch processing of quick win items	Formatters, configuration files, .gitignore, etc.
Week 2	Test coverage remediation + CI/CD review	Focus on areas below threshold
Week 3	Security review + frontend quality verification	OWASP scan, Lighthouse execution
Week 4	Final review + audit request	Re-verify complete checklist

33.1.3.2. Accelerated Preparation Eligibility Criteria

The following conditions must be met to apply the accelerated preparation plan.

• Formatters (Spotless, ESLint, Prettier) must already be configured in the project.
• A CI/CD pipeline must already be operational at a basic level.
• Test coverage must be at least 60% line coverage. (At a level where reaching the 80% target is feasible)
• There must be no critical security defects (hardcoded secrets, vulnerabilities with CVSS 9.0 or higher).

33.1.3.3. Precautions for Accelerated Preparation

The accelerated preparation plan can save time, but the following precautions must be observed.

• The gap assessment phase must not be skipped or shortened. Accurate identification of non-compliant items is a prerequisite for accelerated preparation.
• When remediating test coverage, writing meaningless tests solely to increase numbers should be avoided. TQS technical audits also verify test quality.
• Security reviews are not subject to acceleration. Security items must be reviewed in their entirety.
• If the number of non-compliant items is higher than expected, it is recommended to immediately switch to the 8-week standard plan.