Go-Live Readiness
Go-live readiness verification confirms that a system implementation meets all requirements for production deployment. Use this checklist during the final readiness review, completing each category before proceeding to launch.
Functional Readiness
Functional readiness confirms that the system performs its intended business functions correctly and completely.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Core business processes execute end-to-end | Execute test scripts for each documented business process | All critical path transactions complete without error; results match expected outcomes | Signed test execution report |
| Data migration validated | Compare source and target record counts; verify sample records (minimum 5% or 500 records, whichever is greater) | Zero critical data discrepancies; all mandatory fields populated | Migration validation report with checksums |
| Integration points functional | Send test transactions through each integration; verify receipt and processing | All integrations return expected responses within defined timeouts | Integration test results log |
| User acceptance testing complete | Review UAT sign-off documentation | All critical and high-priority defects resolved; business owner sign-off obtained | UAT completion certificate |
| Calculated fields and business rules verified | Test boundary conditions and edge cases for each rule | Calculations match specification; no rounding errors exceeding tolerance (0.01 for currency) | Business rules test matrix |
| Reporting outputs accurate | Generate all standard reports; compare against validated source data | Report totals reconcile to source; formatting meets specification | Sample report outputs with validation notes |
Technical Readiness
Technical readiness confirms infrastructure, performance, and architectural requirements for production operation.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Performance under expected load | Execute load test simulating peak concurrent users (1.5× expected maximum) | Response times within SLA (page load under 3 seconds, API calls under 500ms); no errors under load | Load test report with percentile distributions |
| Stress testing completed | Increase load until failure; document breaking point | System degrades gracefully; breaking point exceeds 2× expected peak; recovery automatic after load reduction | Stress test report with failure analysis |
| Database performance acceptable | Run query execution plans for top 20 queries by frequency; verify index usage | No full table scans on tables exceeding 10,000 rows; query execution under 100ms for interactive operations | Query analysis report |
| Storage capacity adequate | Calculate current usage plus 12-month growth projection | Available capacity exceeds projected requirement by 50% minimum | Capacity planning document |
| Network connectivity verified | Test connectivity from all user locations and integrated systems | Latency within acceptable range (under 100ms for interactive use); no packet loss | Network test results by location |
| SSL/TLS certificates installed | Verify certificate chain using openssl or browser inspection | Valid certificate from trusted CA; expiry date minimum 90 days future; correct domain names | Certificate verification output |
| DNS configuration correct | Query DNS from multiple locations; verify A, CNAME, MX records as applicable | All records resolve correctly; TTL set appropriately for failover requirements | DNS query results |
| Load balancer configuration verified | Test failover by removing each backend server from pool | Traffic redistributes within 30 seconds; no user-visible errors during failover | Failover test documentation |
| Backup configuration operational | Initiate manual backup; verify completion and test restore to non-production environment | Backup completes within window; restore produces functional system with data integrity | Backup and restore test log |
| Monitoring and alerting configured | Trigger each alert condition; verify notification delivery | Alerts fire within 5 minutes of threshold breach; notifications reach on-call personnel | Alert test confirmation |
Security Readiness
Security readiness confirms the system meets security requirements and does not introduce unacceptable risk.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Vulnerability scan completed | Run authenticated vulnerability scan against all components | No critical or high vulnerabilities; medium vulnerabilities documented with remediation timeline | Vulnerability scan report |
| Penetration testing completed (for internet-facing systems) | Review penetration test report from qualified tester | All critical and high findings remediated; remaining findings accepted with documented rationale | Penetration test report and remediation evidence |
| Authentication configured correctly | Test login process including MFA enrollment, password reset, account lockout | MFA enforced for all users; lockout after 5 failed attempts; password policy enforced | Authentication configuration screenshots |
| Authorisation model implemented | Test each role against access matrix; verify denied actions produce appropriate errors | Users access only permitted functions; privilege escalation not possible; audit trail generated | Role-based access test results |
| Data encryption at rest verified | Query encryption status for databases and file storage | All sensitive data encrypted with AES-256 or equivalent; key management documented | Encryption configuration evidence |
| Data encryption in transit verified | Capture traffic sample; verify encryption | All communications use TLS 1.2 or higher; no unencrypted sensitive data transmission | Traffic analysis results |
| Audit logging functional | Perform auditable actions; verify log entries generated | All authentication events, data modifications, and administrative actions logged with timestamp, user, action, and outcome | Sample audit log entries |
| Security configuration baseline applied | Compare configuration against organisational security standard | All mandatory controls implemented; any deviations documented and approved | Configuration compliance report |
| Third-party component vulnerabilities assessed | Check all libraries and frameworks against vulnerability databases (NVD, vendor advisories) | No known critical vulnerabilities in production dependencies | Dependency scan report |
| Data classification labelling implemented | Review sample records for classification marking | All data classified; handling matches classification requirements | Data classification audit sample |
Operational Readiness
Operational readiness confirms the organisation can support and maintain the system in production.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Runbooks documented | Review runbook for each operational scenario | Runbooks exist for startup, shutdown, backup, restore, common troubleshooting; reviewed by operations team | Runbook document with review sign-off |
| On-call roster established | Verify roster coverage and contact information | 24/7 coverage for critical systems; all contacts verified reachable; escalation path documented | On-call schedule and contact verification |
| Incident management integration | Create test incident; verify routing and notification | Incidents route to correct team; SLA timers start correctly; notifications delivered | Test incident documentation |
| Service desk trained | Assess service desk knowledge through scenario testing | Service desk can handle Level 1 queries; escalation criteria understood; knowledge base articles accessible | Training completion records; knowledge assessment results |
| Change management process defined | Review change request documentation and approval workflow | Change process documented; CAB membership identified; emergency change procedure exists | Change management procedure document |
| Capacity monitoring configured | Review monitoring dashboards; verify threshold alerts | CPU, memory, storage, and network utilisation tracked; alerts configured at 80% threshold | Monitoring dashboard screenshots |
| Log retention configured | Verify log configuration and storage destination | Logs retained per policy (minimum 90 days operational, 12 months for audit); centralised collection operational | Log configuration documentation |
| Maintenance windows defined | Review maintenance schedule with business stakeholders | Regular maintenance windows agreed; communication process defined; change freeze periods documented | Maintenance schedule agreement |
User Readiness
User readiness confirms end users can effectively use the system from launch.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| User training completed | Review training attendance records; assess competency | All users in initial rollout group completed training; competency assessment pass rate above 80% | Training attendance and assessment records |
| User documentation available | Review documentation completeness against feature list | User guides cover all standard workflows; quick reference materials available; documentation accessible from within application | Documentation review checklist |
| Help desk knowledge base populated | Search for common scenarios in knowledge base | Articles exist for top 20 anticipated support queries; content reviewed for accuracy | Knowledge base content list |
| User accounts provisioned | Verify account existence and permissions for all initial users | All users have accounts; permissions match role requirements; users can authenticate | User provisioning verification report |
| User communication sent | Review communication and distribution | Go-live announcement sent to all affected users minimum 5 business days before launch; includes access instructions, support contact, key changes summary | Communication copy and distribution confirmation |
| Super users identified and prepared | Review super user list and additional training | Minimum one super user per 20 regular users; super users completed advanced training; super users understand escalation process | Super user list and training records |
Documentation Readiness
Documentation readiness confirms all required documentation exists and is current.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Technical architecture documented | Review architecture documentation against deployed system | Architecture diagrams match deployment; all components documented; integration points shown | Architecture document |
| Configuration documented | Review configuration management documentation | All non-default configuration values documented; configuration rationale explained; environment-specific values identified | Configuration documentation |
| API documentation current | Compare API documentation against implemented endpoints | All endpoints documented; request/response formats accurate; authentication requirements specified | API documentation |
| Data dictionary complete | Review data dictionary against database schema | All tables and columns documented; data types and constraints specified; relationships mapped | Data dictionary document |
| Operational procedures documented | Review procedures against operational scenarios | Procedures exist for routine operations, incident response, and disaster recovery | Operational procedure documents |
| Vendor contracts and support details accessible | Verify contract storage location and support contact information | Contracts accessible to authorised personnel; support contact details current; SLA terms documented | Contract storage verification |
Support Readiness
Support readiness confirms external support arrangements are in place.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Vendor support contract active | Verify contract status with vendor | Support contract covers production system; contract period extends minimum 12 months; support level matches requirements | Contract confirmation or portal screenshot |
| Vendor escalation contacts documented | Review escalation matrix | Named contacts for Level 2 and Level 3 support; contact information verified; escalation criteria defined | Vendor escalation matrix |
| Support hours aligned with business requirements | Review support contract terms | Support hours cover business-critical periods; out-of-hours support available for critical issues | Support terms documentation |
| Support access configured | Test vendor support access mechanism | Vendors can access system through approved secure method; access is logged and auditable; access can be revoked | Support access test log |
Rollback Readiness
Rollback readiness confirms the organisation can revert to the previous state if the deployment fails.
| Item | Verification method | Pass criteria | Evidence |
|---|---|---|---|
| Rollback procedure documented | Review rollback documentation | Step-by-step rollback procedure exists; tested in non-production environment; estimated duration documented | Rollback procedure document |
| Rollback decision criteria defined | Review go/no-go criteria | Specific, measurable criteria for rollback decision; decision authority identified; communication plan for rollback exists | Rollback decision matrix |
| Pre-deployment backup completed | Verify backup completion immediately before deployment | Full backup of all affected systems completed; backup verified restorable; backup retained until rollback window closes | Backup completion confirmation |
| Rollback tested | Execute rollback in non-production environment | Rollback completes within defined window; system returns to functional state; data integrity maintained | Rollback test documentation |
| Rollback resources available | Confirm availability of personnel and systems | Required personnel available for duration of rollback window; necessary system access confirmed; rollback environment accessible | Resource availability confirmation |
Exit Criteria
Go-live proceeds when all of the following conditions are met:
- All items in Functional Readiness, Technical Readiness, and Security Readiness categories pass without exception
- All critical and high-priority items in remaining categories pass
- Any medium-priority exceptions have documented risk acceptance from the system owner
- Business owner provides written go-live authorisation
- Technical owner provides written go-live authorisation
- Rollback procedure tested and personnel confirmed available
Exception Handling
When a checklist item cannot pass, follow this process:
- Document the specific gap: what is missing, why it cannot be resolved before go-live
- Assess risk: what is the likelihood and impact of proceeding without this item
- Identify compensating controls: temporary measures that reduce risk until full resolution
- Obtain approval: system owner approves exceptions for medium-priority items; steering committee or equivalent approves exceptions for high-priority items; critical items cannot be excepted
- Document resolution timeline: when and how the gap will be closed post-launch
- Add to post-implementation review: track exception resolution as part of deployment follow-up
Record all exceptions in the go-live decision log with approval signatures, compensating controls, and resolution commitments.