Server Validation/Qualification

How do you go about validating a new server ?

If a migration utility tool is being used those this have to be

validated also ?



Hi Gokeeffe

It all depends on the SOP’s of your organisation.

Some people like to call it server qualification while other actually perform a server validation without the OQ of course.

The five main documents that need to be generated in my experience to fully
qualify/validate a server are

  1. URS
  2. FRS
  3. Initiate TM at this stage
  4. IQ/IQ Summary Report
  5. Server Configuration checklist

It might seem a little bit of document overload but it also depends on what
the server is actually doing.

Does it house business critical applications ?

<img src=/uploads/db7093/original/1X/4ed82917f621e3680b2694c3c0854d48abe14522.jpg">

Here the point of validating Migration Tool is important it must be validated too…usually we do Migration to improve the business function …which is always maintained as top priority and it’s continuity …also how you will say that system that you have migrated to is fully validated and will work as intended in future

How about Gap Analysis between two systems ?


How would you go about validating a migration tool, usually these tools are complex applications with a series of wizards that are used to migrate
operating systems, databases , applications etc.

Would it not be better practice to validation the application, data being migrated to ensure that everything is consistent.

Very interested to hear how you validate the migration tool as a separate entity ?

Kind Regards


Hey I am going to jump into this. Do you intend to migrate to new servers multiple times? That would be my only reason to validate a migration tool. That way the next time I migrated, you would have to do a lot less work. Other than that, I would just consider the migration tool a black box and verify that you got what you expected on the other side. I would probably accomplish this through some PQ scripts that you ran with the original validation. Probably strengthen this approach with a risk analysis pertaining to how the OS and the tool do not affect the application. or that the tool was tested by the vendor (who successfully was audited by us) and therefore low risk. I am rambling…

As far as the qualification of servers, we qualify the platform (the first instance) and then use a checklist for subsequent installs. Much the same rationale as above for the tool, if you are going to install multiple servers then qualify and leverage, if only one then just roll into the validation.

I try to steer away from the overly conservative method of computer validation that has prevailed recently and focus on the application. It has been my experience that you are better off performing a comprehensive PQ than wasting all your time and effort on a detailed IQ.

Hi Meyert,

You are making really good points there and what you are saying really does make sense especially concentrating mainly on doing the PQ for the migration tool.

Having one validation study for all the servers depending on whether they are all the same sounds like a good idea in theory, but I would more be inclined to have a separate set of val documents for my servers as some server may be more critical than others. Then again if you make a good justification in your Validation Plan then this would probably suffice aswell.

Do you know what the offical stance on server validation / qualification is as I am unclear.

Sometimes I wish their “guidlines” were alittle more concrete.



We do all our servers the same. Basically, we point back to set of documents that includes the platform qualification.

As far a official stance, I know of none. I know two things with the agency, do what your plan says, and validate your application. Recently, it has been easier for the agency to just write up companies for validation infractions (so called predicate rules) than to write up Part 11 violations.


We do all our servers the same. Basically, we point back to set of documents that includes the platform qualification.

So you have a checklist for each server and in that checklist you point back to a set of documents.

Is that correct ?

Yes, that is correct.