|

Computerized System Release

1. Purpose and Scope

Installation Qualification establishes documented evidence that a computerized system is installed correctly and in accordance with approved specifications, vendor recommendations, and infrastructure requirements.

This phase confirms that the system environment is suitable to support reliable operation before functional testing begins. It applies to all regulated computerized systems, including infrastructure components, commercial off-the-shelf applications, and configured systems subject to GxP requirements.

2. Position within the Validation Lifecycle

Computerized System Release occurs after completion and approval of Installation Qualification, Operational Qualification, and Performance Qualification where applicable.

At this stage, no additional qualification activities are performed. Instead, release relies on the documented outcomes of these phases to confirm that the system is validated and suitable for use. Within the lifecycle:

  • Installation Qualification establishes the verified installation and configuration baseline
  • Operational Qualification confirms that system functions operate as intended
  • Performance Qualification demonstrates performance under routine operating conditions
  • System Release authorizes use based on successful completion and approval of these activities

The purpose of this section is to confirm that validation is complete and that the system can be released based on documented evidence, not to repeat qualification work.

3. Release Readiness Assessment

Release readiness is a formal evaluation confirming that all validation activities are complete and that the system is prepared for production use. This assessment does not re-execute IQ, OQ, or PQ. It verifies that:

  • all qualification phases are completed and formally approved
  • acceptance criteria defined in IQ, OQ, and PQ are met
  • all deviations, discrepancies, and open items are resolved or assessed for impact
  • the validated system configuration baseline is clearly defined and controlled
  • no unapproved changes have occurred since completion of qualification

Readiness assessment ensures that the validated state established during IQ, OQ, and PQ is intact and can be relied upon for system release. The outcome of this assessment is a documented and justified decision that the system is suitable for release into production use.

The diagram below illustrates the decision-based structure of computerized system release. It shows how completed validation activities and supporting evidence are evaluated through a formal readiness assessment, leading to documented approval and authorization of the system for production use. The controlled state layer emphasizes that, following release, the system is managed under ongoing lifecycle controls.

System Release Decision Model diagram showing progression from completed IQ OQ PQ through validation evidence review and release readiness assessment to formal approval and system authorization, with a controlled state layer representing change control, periodic review, and incident management.

4. Environment Equivalency and Deployment Control

When OQ and PQ are executed in a validation or test environment, system release to production requires documented evidence that the production environment is equivalent to the validated environment. Verification must include:

  • Environment equivalency confirmation
    Demonstrate that production and validation environments match in all critical aspects:
    • application version and build
    • configuration settings
    • database structure and version
    • operating system and patch level
    • infrastructure components and dependencies
    • interface configurations
  • Configuration baseline comparison
    Perform documented comparison of configuration parameters between environments. Any differences must be assessed and justified.
  • Installation Qualification for each environment
    IQ must be executed for both validation and production environments. Production IQ must confirm that the installation matches the validated baseline.
  • Controlled deployment process
    Deployment of the validated software to production must be executed using a defined and approved process ensuring:
    • same software version and build as validated
    • controlled installation steps
    • verification of successful deployment
    • no unapproved changes introduced during deployment
  • Post-deployment verification
    Confirm that the production system reflects the validated state through:
    • version verification
    • configuration verification
    • connectivity checks
    • basic functional confirmation where appropriate
  • Change control linkage
    Any differences between environments must be documented through change control and evaluated for impact on validation status.

Release cannot proceed unless equivalency between validated and production environments is demonstrated and documented.

5. Infrastructure and Environment Verification

The system environment must be verified to ensure it meets defined requirements and supports system operation. Typical verification elements include:

  • server or workstation specifications
  • operating system version and patch level
  • database installation and configuration
  • network configuration and connectivity
  • domain and directory services integration
  • time synchronization settings

Environmental dependencies must be confirmed to be stable, controlled, and compliant with organizational IT standards. For cloud or hosted systems, verification focuses on:

  • documented infrastructure qualification by the supplier
  • service-level agreements and availability commitments
  • data center controls and certifications
  • logical environment segregation

6. Software Installation and Configuration Verification

Software installation must be verified to confirm that the correct application and associated components are deployed. Verification activities include:

  • installation of the correct software version
  • verification of installation success without errors
  • confirmation of required modules and components
  • application of approved configuration settings
  • verification of system parameters and baseline configuration

Where configuration replaces custom development, configuration settings become a critical part of the validated state and must be documented and verified.

7. System Components and Interfaces

All system components and interfaces must be identified and verified. This includes:

  • application servers and services
  • databases and data storage locations
  • client installations
  • middleware components
  • external system interfaces

Interface readiness may include:

  • confirmation of connectivity
  • verification of data exchange mechanisms
  • validation of interface configuration settings

Full interface testing is typically performed during Operational Qualification, but installation readiness must be confirmed during IQ.

8. Security and Access Control Setup

Initial security configuration must be verified to ensure controlled system access. Typical checks include:

  • user account management mechanism
  • role-based access structure availability
  • password policy configuration
  • account lockout and session timeout settings
  • system administrator access control

IQ confirms that the system supports defined security controls. Detailed access control testing is performed during Operational Qualification.

9. Data Integrity Foundations

Installation Qualification must confirm that core data integrity controls are present and enabled at the system level. Verification includes:

  • audit trail functionality enabled
  • secure data storage locations defined
  • protection against unauthorized data modification
  • system time synchronization to ensure timestamp integrity
  • backup configuration and scheduling

These controls form the baseline for compliance with 21 CFR Part 11 and ALCOA+ principles.

10. Backup and Recovery Configuration

Backup and recovery mechanisms must be verified to ensure data protection. Typical verification elements:

  • backup schedule configuration
  • backup location and media
  • confirmation of successful backup execution
  • restore capability verification at a basic level

Full disaster recovery and restore testing may be performed separately but must be supported by IQ configuration verification.

11. Documentation Verification

All required documentation must be available and aligned with the installed system. This includes:

  • vendor installation documentation
  • system architecture documentation
  • configuration specifications
  • licensing information
  • operating procedures

Documentation must be reviewed for completeness and consistency with the installed system.

12. IQ Protocol Structure and Execution

Installation Qualification is executed using a pre-approved protocol that defines:

  • scope of installation verification
  • required test steps and checks
  • acceptance criteria
  • required evidence
  • deviation handling process

Execution must be controlled and documented. Each step must include:

  • clear instructions
  • expected result
  • actual result
  • objective evidence reference

Deviations must be documented, assessed for impact, and resolved prior to progression to Operational Qualification.

13. Acceptance Criteria

Acceptance criteria for Installation Qualification are objective and evidence-based. Typical criteria include:

  • all system components installed as specified
  • infrastructure meets defined requirements
  • software installed without errors
  • required configuration settings applied correctly
  • security baseline established
  • backup mechanisms configured
  • required documentation available and accurate

All discrepancies must be resolved or justified prior to approval.

14. Deliverables and Approval

Installation Qualification results in formal documentation confirming that installation requirements have been met. Typical deliverables include:

  • executed IQ protocol
  • installation checklists
  • configuration records and screenshots
  • deviation records and resolutions
  • summary report

Final approval confirms that the system is correctly installed and ready for Operational Qualification.