Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, redesign and development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Predetermined Change Control Plan
    • GP-025 Usability and Human Factors Engineering
    • GP-027 Corporate Governance
    • GP-028 AI Development
    • GP-029 Software Delivery and Commissioning
      • Templates
        • T-029-001 — Deployment & Configuration Commissioning Template
        • T-029-002 — Functional & Interface Commissioning Template
        • T-029-003 — Clinical Workflow & Operational Readiness Commissioning Template
    • GP-030 Cyber Security Management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-026 Market-specific product requirements
    • GP-110 Esquema Nacional de Seguridad
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Grants
  • Pricing
  • Public tenders
  • Procedures
  • GP-029 Software Delivery and Commissioning
  • Templates
  • T-029-001 — Deployment & Configuration Commissioning Template

T-029-001 — Deployment & Configuration Commissioning Template

1. Document Control​

  • Document ID: T-029-001
  • Title: Deployment & Configuration Commissioning
  • Device: Legit.Health Plus
  • Document Type: Commissioning Template
  • Lifecycle Phase: Release / Commissioning
  • Standard(s): ISO 62304, ISO 82304-1

Regulatory purpose: This document defines the controlled activities required to verify that the released software version of the medical device has been correctly deployed, configured, and secured in its intended production environment prior to operational use.

2. Scope​

This template applies to:

  • Production deployments of the Legit.Health Plus software-only medical device
  • Cloud-based deployments on AWS infrastructure
  • All microservices required to expose the regulated API functionality

This template does not cover:

  • Software verification testing
  • Clinical validation
  • User acceptance testing

3. Normative Basis​

This commissioning activity is required to satisfy the following normative intents:

  • ISO 62304 §5.8: Release only after confirmation of correct system integration and readiness
  • ISO 62304 §5.7: Verification of integrated software in the target environment
  • ISO 82304-1 §7.3: Controlled installation and configuration of the health software product

4. Inputs and Preconditions​

The following shall be available prior to execution:

  • Approved software release identifier
  • Release manifest (version, container images, configuration baseline)
  • Approved deployment infrastructure
  • Access to production monitoring and logging systems

5. Device and Release Identification​

Objective: Ensure traceability between the released software and the deployed instance.

ItemValue
Device name
Software version
Release identifier
Deployment date
AWS region

6. Deployment Environment Verification​

Objective: Confirm that the software is deployed in the intended and controlled environment.

Verification activities:

  • Confirm AWS account and region
  • Confirm ECS cluster and services are running
  • Confirm no non-approved environments are active

Evidence required:

  • Environment identifiers
  • Service status snapshot

7. Container Image Verification​

Objective: Ensure that the deployed software corresponds exactly to the released version.

Verification activities:

  • Verify container image tags and digests
  • Confirm images are pulled from approved ECR repositories

Evidence required:

  • Image digest list
  • ECR repository references

8. Configuration Verification​

Objective: Confirm that runtime configuration is complete, correct, and controlled.

Verification activities:

  • Verify environment variables
  • Verify feature flags
  • Verify service endpoints and ports

Evidence required:

  • Configuration snapshot or export

9. Security Configuration Verification​

Objective: Confirm that security controls required for safe operation are active.

Verification activities:

  • TLS termination enabled
  • Authentication enforced on protected endpoints
  • IAM roles correctly assigned

Evidence required:

  • Security configuration summary

10. External Dependency Availability​

Objective: Confirm availability of required external services.

Dependencies include:

  • S3 model storage
  • DynamoDB audit tables
  • ECR image repositories

Evidence required:

  • Connectivity checks
  • Access permission verification

11. Deployment Deviations​

Objective: Record and assess any deviations identified during commissioning.

DeviationImpact assessmentResolution

12. Deployment Acceptance​

Objective: Formally confirm that the deployment meets commissioning requirements.

Acceptance statement:

The deployed software version has been verified against the approved release and is considered correctly installed and configured for operational use.

RoleNameDateSignature
Responsible engineer
Quality / Regulatory

13. Output​

The completed commissioning record generated from this template shall be stored as R-TF-029-001 and used as the baseline for maintenance and future releases.

Previous
GP-029 Software Delivery and Commissioning
Next
T-029-002 — Functional & Interface Commissioning Template
  • 1. Document Control
  • 2. Scope
  • 3. Normative Basis
  • 4. Inputs and Preconditions
  • 5. Device and Release Identification
  • 6. Deployment Environment Verification
  • 7. Container Image Verification
  • 8. Configuration Verification
  • 9. Security Configuration Verification
  • 10. External Dependency Availability
  • 11. Deployment Deviations
  • 12. Deployment Acceptance
  • 13. Output
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)