Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
      • Software
      • Artificial Intelligence
      • Cybersecurity
      • Usability and Human Factors Engineering
      • Clinical
      • Commissioning
        • R-T-029-001 Software Commissioning Plan
        • R-T-029-002 Software Commissioning Report
        • Use Case 001 - Referral application using Diagnostic-Support API (Top-5 pathologies)
        • Use Case 002 - PASI demo calculator using clinical-signs models
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Grants
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Product Verification and Validation
  • Commissioning
  • R-T-029-001 Software Commissioning Plan

R-T-029-001 Software Commissioning Plan

Document Information​

FieldValue
API/Product Name
Version
Release Date
Plan Prepared By
Plan Prepared Date
Plan Approved By
Plan Approval Date
Related GP-012 Phase 5

1. Executive Summary​

1.1 Purpose​

This Software Commissioning Plan describes the approach for validating and commissioning the [API Name] Version [X.X] in its intended environment of use, in accordance with procedure GP-029 and IEC 82304-1:2016 section 6.2.

1.2 Scope​

This plan covers:

  • Objective 1: Internal validation of the API in representative environments that simulate client integrations
  • Objective 2: Client integration assurance process to ensure clients can integrate the API correctly and safely
  • Deployment of the API to production infrastructure
  • Validation activities in representative test environments
  • Preparation and delivery of client documentation and support resources
  • Post-deployment monitoring and client support

1.3 Commissioning Objectives​

  • Deploy API to production infrastructure
  • Validate API functionality in representative client integration environments
  • Demonstrate that API can be successfully integrated by clients (Objective 1)
  • Prepare complete client integration documentation and resources
  • Establish client integration assurance process (Objective 2)
  • Commission API for client use
  • Establish post-deployment monitoring and support

2. API Release Package​

2.1 Software Artifacts​

ArtifactVersionLocationStatus
API Compiled Artifacts
Configuration Templates
Database Migration Scripts
Deployment Scripts

2.2 Documentation​

DocumentVersionLocationStatus
Release Notes
API Documentation (OpenAPI/Swagger)
Integration Guide
Instructions for Use (IFU)
Known Issues and Limitations

2.3 Client Resources​

ResourceVersionLocationStatus
Client SDK/Libraries
Code Examples
Sample Data Sets
Authentication Guide

3. Production Environment Preparation​

3.1 Infrastructure Requirements​

ComponentSpecificationStatusNotes
Cloud/Server Infrastructure
Network Configuration
Load Balancers
DNS Configuration
SSL/TLS Certificates
Database Systems
Authentication Services
Monitoring Infrastructure
Logging Infrastructure
Backup Systems

3.2 Client Support Infrastructure​

ComponentSpecificationStatusNotes
Sandbox/Test Environment
API Documentation Portal
Support Ticketing System
Test Credentials System

4. Deployment Plan​

4.1 Deployment Schedule​

ActivityPlanned DateResponsibleStatus
Pre-deployment verification
Database migration (if applicable)
API deployment to production
Configuration verification
Post-deployment verification
Go/No-Go decision

4.2 Rollback Plan​

Rollback Trigger Conditions:

  • Critical functionality failure
  • Security vulnerability detected
  • Data integrity issues
  • Performance below acceptable thresholds
  • Other (specify): **___**

Rollback Procedure:

  1. [Step 1]
  2. [Step 2]
  3. [Step 3]

Rollback Responsible Party: **___**

5. Objective 1: Internal Validation in Representative Environments​

5.1 Representative Test Environments​

Environment TypeDescriptionInfrastructureStatus
Mobile App Integration (iOS)
Mobile App Integration (Android)
Web Application Integration
EHR System Integration
Telemedicine Platform
Other: **___**

5.2 Test Applications to be Developed​

Test ApplicationPlatformPurposeDevelopment Status
Test Mobile App (iOS)
Test Mobile App (Android)
Test Web App
Test EHR Integration
Other: **__**

5.3 Integration Test Scenarios​

Scenario IDScenario DescriptionEnvironmentExpected OutcomePriority
ITS-001High/Med/Low
ITS-002
ITS-003
ITS-004
ITS-005

5.4 Validation Test Cases​

See Annex A: Objective 1 Validation Checklist for detailed test cases covering:

  • Endpoint availability testing
  • Authentication and authorization testing
  • Integration scenario testing (mobile, web, EHR, etc.)
  • Error handling validation
  • Performance testing
  • Security validation
  • Data integrity validation
  • End-to-end clinical workflow testing
  • Integration documentation validation

6. Objective 2: Client Integration Assurance Process​

6.1 Client-Facing Documentation Preparation​

DocumentResponsibleTarget DateStatus
API Integration Guide
API Reference Documentation
Instructions for Use (IFU)
Authentication & Authorization Guide
Error Handling Guide
Code Examples (specify languages)
Client Support Procedures
Integration Best Practices
API Changelog

6.2 Client Support Infrastructure​

Infrastructure ComponentDescriptionResponsibleStatus
Sandbox Environment URL
Test Credentials System
Sample Data Sets
Support Email/Portal
Support Response Time SLA

6.3 Client Integration Process​

See Annex B: Client Integration Checklist for detailed process covering:

  • Pre-integration phase (documentation, sandbox access, onboarding)
  • During integration phase (technical support, monitoring)
  • Pre-production validation (client testing checklist, integration review)
  • Post-integration support (monitoring, validation, ongoing support)

7. Acceptance Criteria​

7.1 Objective 1 Acceptance Criteria​

  • All representative test environments created and documented
  • All test applications developed and functional
  • All integration test scenarios executed successfully
  • All validation test cases passed (see Annex A)
  • Integration documentation validated through actual testing
  • Validation report completed (T-029-002)
  • Objective evidence that API can be successfully integrated by clients

7.2 Objective 2 Acceptance Criteria​

  • All client-facing documentation completed and published
  • API Integration Guide validated through internal testing
  • Sandbox environment operational and accessible
  • Test credentials and sample data available
  • Support infrastructure operational
  • Support team trained and ready
  • Client onboarding process defined

7.3 General Acceptance Criteria​

  • API deployed successfully to production
  • All production infrastructure components operational
  • Performance meets specifications
  • Security controls validated
  • Monitoring and alerting operational
  • Backup and recovery procedures validated
  • Commissioning checklist completed (Annex A & B)

8. Roles and Responsibilities​

RoleNameResponsibilities
JD-001Approve commissioning and deployment
JD-003Oversee validation and commissioning activities
JD-007Execute deployment, validation, and prepare client resources
JD-004Ensure documentation is generated and archived

9. Risk Management​

9.1 Identified Risks​

Risk IDRisk DescriptionProbabilityImpactMitigation StrategyOwner
R-001H/M/LH/M/L
R-002
R-003

9.2 Contingency Plans​

[Describe contingency plans for major risks]

10. Communication Plan​

10.1 Internal Communication​

StakeholderInformationFrequencyMethod

10.2 Client Communication​

MilestoneCommunication TypeContentTiming
API Go-Live
Documentation Available
Support Channels Open

11. Schedule and Milestones​

MilestoneDescriptionTarget DateStatus
M1API deployment to production completed
M2Representative test environments ready
M3Objective 1 validation completed
M4Client documentation completed
M5Sandbox environment operational
M6API go-live for clients
M7Commissioning completed

12. Success Metrics​

MetricTargetMeasurement Method
API Uptime99.9%Monitoring dashboard
Response Time (p95)< X msPerformance monitoring
Error Rate< X%Logging analysis
Successful IntegrationsX clients in Y daysIntegration records
Support Response Time< X hoursSupport ticket system
Documentation Satisfaction> X/10Client feedback

13. Post-Commissioning Activities​

13.1 Initial Monitoring Period (24-48 hours)​

  • Continuous API performance monitoring
  • Log review for errors or anomalies
  • Monitoring alert validation
  • Initial client integration support

13.2 Post-Deployment Review (within 1 week)​

  • Review deployment issues and resolutions
  • Assess actual vs expected performance
  • Review client feedback
  • Document lessons learned
  • Identify improvements

13.3 Ongoing Activities​

  • Continuous API monitoring
  • Client integration support
  • Documentation updates based on feedback
  • Integration records maintenance (T-029-002)

Approvals​

RoleNameSignatureDate
Plan Prepared By (JD-007)
Plan Reviewed By (JD-003)
Plan Approved By (JD-001)

Annex A: Objective 1 Validation Checklist​

A.1 Endpoint Availability Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
EP-001Verify API endpoints publicly accessible
EP-002Verify DNS resolution works correctly
EP-003Verify load balancing distributes requests
EP-004Verify health check endpoints respond
EP-005Verify API versioning and routing

A.2 Authentication and Authorization Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
AU-001Test HTTP(S) calls with API keys
AU-002Test OAuth authentication flow
AU-003Test JWT token authentication
AU-004Test authorization rules enforcement
AU-005Test rate limiting application
AU-006Test token expiration and refresh
AU-007Test invalid/expired credentials handling

A.3 Mobile App Integration Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
MOB-001Test mobile app can call all API endpoints
MOB-002Test authentication flow from mobile
MOB-003Test data exchange formats with mobile
MOB-004Test with various network conditions
MOB-005Test offline/online transitions (if applicable)
MOB-006Test iOS platform compatibility
MOB-007Test Android platform compatibility

A.4 Web Application Integration Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
WEB-001Test web app can call all API endpoints
WEB-002Test authentication flow from web app
WEB-003Test CORS configuration (if applicable)
WEB-004Test with different browsers
WEB-005Test with various network conditions

A.5 EHR Integration Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
EHR-001Test EHR data format compatibility (HL7/FHIR)
EHR-002Test clinical data workflow
EHR-003Test data mapping and transformation
EHR-004Test bidirectional data exchange

A.6 Error Handling and Logging​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
ERR-001Verify error responses follow specifications
ERR-002Verify error messages don't expose sensitive data
ERR-003Verify client can handle all error scenarios
ERR-004Verify logging captures troubleshooting info
ERR-005Verify monitoring receives metrics correctly
ERR-006Verify alerting mechanisms function

A.7 Performance Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
PERF-001Measure response latency under normal load
PERF-002Verify availability target maintained
PERF-003Measure throughput under load
PERF-004Test under peak load conditions
PERF-005Verify resource utilization acceptable
PERF-006Test graceful degradation under stress

A.8 Security Validation​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
SEC-001Verify data encryption in transit (TLS/SSL)
SEC-002Verify data encryption at rest
SEC-003Verify input validation and sanitization
SEC-004Verify HTTPS enforcement
SEC-005Verify security headers configured
SEC-006Review vulnerability scanning results
SEC-007Verify security logging operational

A.9 Data Integrity Validation​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
DATA-001Verify data validation rules applied
DATA-002Verify data persistence operates correctly
DATA-003Verify backup mechanisms function
DATA-004Verify data recovery procedures
DATA-005Verify audit trails capture information

A.10 End-to-End Clinical Workflow Testing​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
CLIN-001Execute clinical workflow 1
CLIN-002Execute clinical workflow 2
CLIN-003Validate clinical algorithms accuracy
CLIN-004Test with edge cases and boundary conditions

A.11 Integration Documentation Validation​

Test IDTest DescriptionExpected ResultActual ResultPass/FailNotes
DOC-001Follow integration guide step-by-step
DOC-002Test all code examples provided
DOC-003Verify API reference documentation accuracy
DOC-004Verify authentication guide clarity
DOC-005Verify error handling documentation completeness

Summary:

  • Total Test Cases: _
  • Passed: _
  • Failed: _
  • Blocked: _
  • Validation Date: _
  • Validated By: _

Annex B: Client Integration Checklist​

B.1 Pre-Integration Phase​

ActivityDescriptionResponsibleStatusNotes
Documentation PublishedAll client-facing documentation available
Sandbox Environment ReadyTest environment accessible to clients
Test Credentials AvailableTest credentials generated and delivery method ready
Sample Data PreparedSample datasets available for testing
Support Channels EstablishedEmail/portal/ticketing system operational
Support Team TrainedSupport team ready to assist clients

B.2 Client Onboarding Process​

StepActivityClient DeliverableAI Labs Deliverable
1Initial contact with client
2Overview of integration process
3Identify client use case
4Provide sandbox access
5Deliver test credentials
6Share integration guide
7Schedule check-in meetings

B.3 During Integration Support​

Support ActivityDescriptionSLAStatus
Technical support channelEmail/portal for questions
Integration monitoringMonitor sandbox API usage
Proactive outreachContact clients if issues detected
Best practices communicationShare optimal usage patterns
Documentation updatesUpdate docs based on feedback

B.4 Client Pre-Production Testing Checklist​

Recommended checklist to provide to clients before production go-live:

  • Functional testing of all integrated API endpoints completed
  • Authentication and authorization tested
  • Error handling tested with various scenarios
  • Performance testing under expected load completed
  • Security testing completed (encryption, credential storage)
  • End-to-end testing in client's staging environment completed
  • User acceptance testing with end users completed
  • Production credentials requested and received
  • Production cutover plan prepared
  • Rollback plan prepared

B.5 Production Go-Live Support​

ActivityDescriptionTimingResponsible
Production credentials deliverySecurely deliver production API keys
Go-live readiness reviewConfirm client readiness
Enhanced monitoringMonitor client production usage closelyFirst 48-72h
On-call support availabilityBe available for urgent support
Issue escalation processFast-track critical issues

B.6 Post-Integration Validation​

ActivityDescriptionTimingStatus
Performance reviewReview client API usage metrics1-2 weeks post go-live
Client feedback collectionGather integration experience feedback
Issue documentationDocument any issues and resolutions
Integration success confirmationConfirm stable integration

B.7 Client Integration Records​

For each client integration, maintain record (T-029-002) including:

  • Client name and contact information
  • Integration start date
  • Production go-live date
  • Support requests log and resolutions
  • Integration issues identified
  • Client feedback received
  • Status: ☐ In Progress ☐ Completed ☐ On Hold

End of Software Commissioning Plan

Previous
Commissioning
Next
R-T-029-002 Software Commissioning Report
  • Document Information
  • 1. Executive Summary
    • 1.1 Purpose
    • 1.2 Scope
    • 1.3 Commissioning Objectives
  • 2. API Release Package
    • 2.1 Software Artifacts
    • 2.2 Documentation
    • 2.3 Client Resources
  • 3. Production Environment Preparation
    • 3.1 Infrastructure Requirements
    • 3.2 Client Support Infrastructure
  • 4. Deployment Plan
    • 4.1 Deployment Schedule
    • 4.2 Rollback Plan
  • 5. Objective 1: Internal Validation in Representative Environments
    • 5.1 Representative Test Environments
    • 5.2 Test Applications to be Developed
    • 5.3 Integration Test Scenarios
    • 5.4 Validation Test Cases
  • 6. Objective 2: Client Integration Assurance Process
    • 6.1 Client-Facing Documentation Preparation
    • 6.2 Client Support Infrastructure
    • 6.3 Client Integration Process
  • 7. Acceptance Criteria
    • 7.1 Objective 1 Acceptance Criteria
    • 7.2 Objective 2 Acceptance Criteria
    • 7.3 General Acceptance Criteria
  • 8. Roles and Responsibilities
  • 9. Risk Management
    • 9.1 Identified Risks
    • 9.2 Contingency Plans
  • 10. Communication Plan
    • 10.1 Internal Communication
    • 10.2 Client Communication
  • 11. Schedule and Milestones
  • 12. Success Metrics
  • 13. Post-Commissioning Activities
    • 13.1 Initial Monitoring Period (24-48 hours)
    • 13.2 Post-Deployment Review (within 1 week)
    • 13.3 Ongoing Activities
  • Approvals
  • Annex A: Objective 1 Validation Checklist
    • A.1 Endpoint Availability Testing
    • A.2 Authentication and Authorization Testing
    • A.3 Mobile App Integration Testing
    • A.4 Web Application Integration Testing
    • A.5 EHR Integration Testing
    • A.6 Error Handling and Logging
    • A.7 Performance Testing
    • A.8 Security Validation
    • A.9 Data Integrity Validation
    • A.10 End-to-End Clinical Workflow Testing
    • A.11 Integration Documentation Validation
  • Annex B: Client Integration Checklist
    • B.1 Pre-Integration Phase
    • B.2 Client Onboarding Process
    • B.3 During Integration Support
    • B.4 Client Pre-Production Testing Checklist
    • B.5 Production Go-Live Support
    • B.6 Post-Integration Validation
    • B.7 Client Integration Records
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)