Launch Checklist
This checklist must be completed before the first production deployment of any new product or major feature. The project lead is responsible for verifying every item. No item may be skipped without documented approval from the project lead and a justification recorded in the project channel.
How to Use This Checklist
- Copy this checklist into the project's launch issue or tracking tool at the start of the Test phase
- Assign an owner to each section
- Mark items as complete as they are verified
- The project lead performs a final review of all items before giving launch approval
Testing and Quality
- All automated tests passing -- Unit, integration, and end-to-end test suites pass on the staging environment with no failures or skipped critical tests
- Manual QA completed -- Key user flows tested manually on staging, including edge cases and error states
- Cross-browser testing -- Application verified on Chrome, Firefox, Safari, and Edge (latest two versions)
- Mobile responsiveness -- Application tested on mobile viewports (iOS Safari, Android Chrome) if applicable
- User acceptance testing (UAT) signed off -- Client or product owner has tested on staging and confirmed acceptance in writing (email or SuiteDash)
- No open P0 or P1 bugs -- All critical and high-severity issues resolved; P2 and below documented with a plan
Performance
- Page load benchmarks met -- Core pages load within target thresholds (typically under 3 seconds on a standard connection)
- Lighthouse score reviewed -- Performance, Accessibility, Best Practices, and SEO scores reviewed; critical issues addressed
- Database query performance -- Slow query log reviewed; no queries exceeding acceptable thresholds under expected load
- Load testing completed -- Application tested under expected peak traffic; no errors or degradation observed
- Asset optimization -- Images compressed, JavaScript and CSS bundled and minified, lazy loading applied where appropriate
Security
- Security scan completed -- Automated security scan run (e.g., OWASP ZAP, Snyk, or equivalent); no critical or high findings unresolved
- Dependency audit clean --
npm auditor equivalent shows no critical vulnerabilities in production dependencies - Authentication and authorization verified -- All protected routes require authentication; role-based access tested with multiple user types
- Environment variables secured -- No secrets hardcoded in the codebase; all sensitive values in environment variables or a secrets manager
- HTTPS enforced -- All traffic redirects to HTTPS; no mixed content warnings
- Input validation and sanitization -- All user inputs validated on the server side; no known injection vectors
Monitoring and Observability
- Application monitoring active -- Error tracking (e.g., Sentry, PostHog, or equivalent) configured and receiving events from production
- Uptime monitoring configured -- External health checks polling the production URL at regular intervals (e.g., every 1--5 minutes)
- Alert rules defined -- Alerts configured for error rate spikes, downtime, high response times, and resource utilization thresholds
- Alert routing verified -- Alerts route to the correct Slack channel (
#ops-alertsor project-specific) and on-call personnel - Logging functional -- Application logs are being collected and are accessible for troubleshooting
- Analytics instrumentation verified -- PostHog (or equivalent) receiving events; key funnels and dashboards populated with staging data (see Analytics Instrumentation)
Infrastructure and DNS
- Domain and DNS configured -- Production domain pointed to the correct hosting environment; DNS propagation confirmed
- SSL certificate installed and valid -- Certificate covers the production domain and any subdomains; expiry date is at least 30 days out
- SSL auto-renewal configured -- Automatic renewal enabled to prevent expiry
- CDN configured (if applicable) -- Static assets served through CDN; cache headers set appropriately
- Environment parity -- Production environment configuration matches staging (same runtime versions, environment variables structure, service connections)
Data and Backups
- Database backups configured -- Automated daily backups enabled for the production database
- Backup restoration tested -- At least one backup restored to a test environment to confirm the backup is valid and the process works
- Data migration completed (if applicable) -- Any data migration from a legacy system or staging seed data has been executed and verified
- Data retention policy documented -- How long data is stored, when it is purged, and compliance requirements (if any) are documented
Documentation and Runbook
- Runbook completed -- Operational runbook covers: service restarts, scaling procedures, log access, common troubleshooting steps, and rollback procedures
- Architecture diagram current -- Diagram reflects the production system topology, including all services, databases, and third-party integrations
- README updated -- Project README includes setup instructions, environment requirements, and deployment commands
- API documentation current (if applicable) -- All endpoints documented with request/response schemas
Client and Stakeholder Sign-Off
- Client demo completed -- Final pre-launch demo delivered to the client on the staging environment
- Client launch approval received -- Written confirmation from the client that they approve the production deployment
- Launch date and time confirmed -- Agreed-upon deployment window communicated to all parties
- Rollback plan communicated -- Client and team are aware of the rollback procedure if issues arise post-launch
- Post-launch support plan shared -- Client knows who to contact, expected response times, and how to report issues
Final Approval
- All checklist sections complete -- Every item above is checked or has a documented exception
- Project lead sign-off -- Project lead has reviewed the checklist and gives explicit go-ahead for production deployment
- Deployment scheduled -- Calendar invite sent to all team members involved in the deployment with the deployment window, rollback plan, and monitoring assignments