The Waterfall method is a traditional, sequential software development and project management approach in which each phase must be completed before the next begins. The typical phases include requirements gathering, design, implementation, testing, deployment and maintenance, flowing downwards like a waterfall. Unlike iterative approaches such as Agile or DevSecOps, Waterfall assumes that requirements can be fully defined upfront and that changes during development are minimal and costly.
Whilst the Waterfall method provides clear structure, well-defined milestones and straightforward documentation, it can be inflexible when requirements evolve or when early feedback is needed. In compliance and security contexts, some organisations favour Waterfall for its predictability and thorough documentation, which can simplify audit trails. However, many modern compliance programmes are adopting iterative approaches to integrate security testing and compliance checks throughout the development lifecycle rather than only at the end.