When do I need to revalidate equipment?

Modern guidance treats revalidation as a response to change, not a calendar event. A revalidation is needed when a change to the equipment, process, inputs, or environment has the potential to affect the validated state, as determined by risk assessment. Common triggers include equipment modifications, software or firmware updates, process or recipe changes, supplier or raw material changes, environmental or utility changes, and reassessment driven by adverse trends or accumulated deviations. Without a triggering change or signal, periodic review is the right activity, not revalidation.

Is annual revalidation required by FDA?

No. The FDA does not require calendar-based annual revalidation. Under the FDA Quality Management System Regulation (QMSR, effective February 2, 2026), which incorporates ISO 13485:2016 by reference, manufacturers must evaluate changes and deviations and perform revalidation where appropriate. The pre-QMSR QS Regulation expressed this at 21 CFR 820.75(c); the principle carries over. The FDA process validation guidance describes Stage 3 Continued Process Verification, which has shifted pharmaceutical manufacturer expectations away from calendar-based annual revalidation toward lifecycle monitoring. Annual periodic review remains a common procedural practice; annual full IQ/OQ/PQ rerun is hard to justify by default.

What is the difference between revalidation and periodic review?

Periodic review is a calendar-driven checkpoint that looks at the accumulated history of an asset since the last review. Its output is a documented finding which can be no action required, increased monitoring, or revalidation triggered. Revalidation is a response to a specific identified change or signal and is scoped by risk assessment. Periodic review is not itself a revalidation, though it can identify the need for one.

Do I need to revalidate after a software update?

It depends on what the update changes. An update touching only user interface or reporting is still a requalification that requires a documented impact assessment plus regression and user acceptance testing commensurate with intended use. It does not mean skipping with a smoke test. An update affecting control logic for a critical process parameter typically requires OQ revalidation of the affected parameters. EU manufacturers should layer GAMP 5 and Annex 11 expectations on top of the equipment qualification framework. The scope decision should be supported by a delta risk assessment identifying which qualified parameters could be affected.

Can I do partial revalidation instead of full IQ/OQ/PQ?

Yes, when the risk assessment supports it. Not every change affects every qualification phase. A like-for-like sensor replacement may require only IQ-equivalent verification with no OQ or PQ retest. A software update affecting only an operational range may require OQ revalidation without PQ, contingent on objective evidence that product-facing performance is not affected. Partial revalidation requires a documented scope decision tying each excluded phase to a risk-based rationale that an auditor can read and accept.

What documentation does an auditor want for a no-revalidation-needed decision?

A complete no-revalidation decision package contains five elements: a change control form describing the specific change, a risk assessment evaluating the change's potential effect on critical parameters, a scope decision stating no revalidation is required with rationale, the existing qualification records that remain valid, and a conclusion stating that the validated state is maintained, with required sign-offs. The decision itself is acceptable to auditors when it is documented and risk-based. An undocumented decision is not.

Does 21 CFR 820 require revalidation?

The FDA Quality Management System Regulation (QMSR), which restructured 21 CFR Part 820 effective February 2, 2026, incorporates ISO 13485:2016 by reference. The QMSR continues to require manufacturers to evaluate changes and deviations and perform revalidation where appropriate; the corresponding ISO 13485:2016 anchor for process validation is §7.5.6. The pre-QMSR QS Regulation expressed this requirement at 21 CFR 820.75(c) and teams with documentation predating the transition will still see that citation. The regulation does not prescribe specific revalidation triggers; it requires a risk-based assessment of changes with documented outcomes.

How does ICH Q9 apply to revalidation decisions?

ICH Q9 provides the quality risk management framework that supports revalidation scope decisions. The principles of severity, occurrence, and detection are applied to assess each change for its potential effect on the validated state. The output of a Q9-aligned risk assessment is what makes a partial revalidation or no-revalidation decision defensible. ICH Q9 itself is guidance, not regulation, but FDA and EU inspectors expect to see its principles applied in change-driven revalidation.

When is a supplier change a revalidation trigger?

A supplier change is a revalidation trigger when the change affects the equipment's process capability or the product. A new supplier providing material with identical specifications and confirmed equivalence typically requires supplier requalification but not equipment revalidation. A reformulated material or a supplier change with different physical or chemical properties may require PQ to confirm continued conforming output. The risk assessment determines scope, as with any other trigger.

What is Continued Process Verification and how does it relate to revalidation?

Continued Process Verification is Stage 3 of the FDA process validation lifecycle as described in current FDA guidance. It is an ongoing program of monitoring and data collection that confirms a process remains in a state of control between formal qualification events. For pharma manufacturers, Continued Process Verification has reduced reliance on calendar-based annual revalidation by providing steady-state assurance through data rather than periodic full requalification. Change-triggered revalidation still applies when specific changes occur; Continued Process Verification provides the between-events monitoring.

Back to Blog

revalidationvalidationchange-controlIQ OQ PQ

Revalidation: When Do You Actually Need to Redo IQ/OQ/PQ?

Valiqa Team|May 13, 2026|13 min read|

If you have been told to revalidate a piece of equipment and your first reaction was "do I really need to redo the whole thing," you are asking the right question. The honest answer is that modern validation guidance does not treat revalidation as a calendar event. It treats it as a risk-based response to a change with the potential to affect the validated state of the equipment. That framing changes both what you do and what you document.

This guide breaks down what the term "revalidation" actually means under current guidance, the six common triggers and how to scope each one, the documentation that makes a "no revalidation needed" decision defensible, and where teams get this wrong.

What revalidation actually means in modern guidance

"Revalidation" is a term you will hear used in two different ways, and the two meanings have moved apart over the last decade.

The older usage treated revalidation as a periodic, calendar-driven event: every twelve months, redo IQ/OQ/PQ on a piece of equipment because the calendar said so. Calendar-driven full requalification is hard to justify by default under current guidance. Lifecycle monitoring, risk-based periodic review, and change-triggered reassessment are the modern expectations, and they together generate less documentation effort for more meaningful assurance.

The current usage treats revalidation as a response to change. The trigger is not the calendar; it is a modification to the equipment, the process, the inputs, or the environment with the potential to affect the validated state. The scope is determined by risk assessment, not by reflex. The outcome can be a full requalification, a partial requalification covering only the affected aspects, or a documented decision that no requalification is required.

The regulatory anchors for this thinking sit at three layers.

The predicate regulations are 21 CFR Part 820 for US medical device manufacturers, now restructured as the FDA Quality Management System Regulation (QMSR) which took effect February 2, 2026 and incorporates ISO 13485:2016 by reference, and 21 CFR Part 210/211 for pharmaceutical manufacturers. The QMSR carries the same expectation that changes and deviations be evaluated and that revalidation be performed where appropriate; the corresponding ISO 13485:2016 anchor is §7.5.6 on process validation. The pre-QMSR QS Regulation expressed this requirement at 21 CFR 820.75(c), and teams with documentation predating the transition will still see that citation. Both express the same principle: risk-based reassessment when changes occur, with "where appropriate" doing real work in the sentence.

The consensus standards sit on top: ISO 13485, ISO 14971 for risk management.

The industry guidance fills in the practical detail. EU GMP Annex 15 covers periodic review under its Principle and Section 4 (Re-qualification), and addresses ongoing process verification and validation of modified processes under Section 5. EU Annex 11 governs computerized systems and adds expectations for software-change management on top of the validation framework. ICH Q9 gives the risk-management framework. FDA's process validation guidance describes Stage 3, Continued Process Verification, which provides steady-state assurance between formal qualification events and has shifted pharma manufacturer expectations away from calendar-based annual revalidation toward lifecycle monitoring.

The takeaway: when someone tells you the equipment "needs revalidation," the first question is which change triggered the conversation, and the second is what scope the risk justifies. Neither answer is "redo the whole thing because it has been a year."

The six common triggers and how to scope each one

In practice, most revalidation conversations are driven by one of six categories of change. Five are planned changes; the sixth is reassessment driven by data rather than a deliberate modification. Each has a typical scope decision; each requires a documented risk assessment to support it.

Equipment modification

A hardware change to the qualified equipment. Common examples: replacing a sensor, swapping a motor or pump, adding an instrument, upgrading a fixture, or modifying tooling.

Scope decision depends on what was changed and whether the change affects a critical parameter. A like-for-like sensor replacement using the same model number and calibration range typically requires only IQ-equivalent verification of the new sensor, with the existing OQ and PQ remaining valid. A motor replacement on a critical process step may require OQ revalidation of the operating ranges. A modification that changes the equipment's process capability requires PQ.

The documentation has to make the scope decision defensible by tying each excluded phase to a risk-based rationale.

Software and firmware updates

A change to the embedded software, control system firmware, PLC logic, or SCADA configuration. This trigger has become more common as connected equipment receives vendor-pushed updates. Computerized-system expectations under GAMP 5 (industry guidance) and EU Annex 11 (binding GMP expectation for EU manufacturers) sit on top of the equipment qualification framework.

Scope decision depends on the change's effect on process control logic. A vendor update touching only the user interface or reporting is typically a low-risk requalification, but "low risk" still means: a documented impact assessment, regression testing of the affected functionality, and user acceptance testing commensurate with intended use. It does not mean "skip with a smoke test." An update that changes the control algorithm for a critical process parameter requires OQ revalidation of the affected parameters, with the regression and acceptance evidence captured under the change.

We wrote separately about the specific case of equipment receiving software updates in our post on how to handle validation when equipment gets a software update.

Process or recipe changes

A change to the validated process: new operating ranges, modified setpoints, new product variants running on the same equipment, or revised SOPs that affect how the equipment is operated.

Scope decision depends on whether the change moves the process outside the validated range. Operating inside the previously qualified envelope typically does not require revalidation, though the change still needs documented review. Operating outside the validated range requires OQ or PQ extension to cover the new conditions. Adding a new product to a multi-product line typically requires PQ for the new product with risk-based bracketing.

Supplier or raw material changes

A change to a qualified supplier or to a critical raw material. Common examples: a new supplier for a component or input material, a reformulated raw material from an existing supplier, or a change to packaging material specifications.

Scope decision depends on whether the change affects the equipment's process capability or the product. A supplier change with identical specifications and confirmed equivalence typically does not require equipment revalidation, only supplier requalification. A material change with different physical or chemical properties may require PQ to confirm the equipment still produces conforming product.

Environmental or utility changes

A change to the environment or utilities supporting the qualified equipment. Common examples: HVAC modifications, water system changes, compressed air or gas supply changes, or facility relocations.

Scope decision depends on whether the utility or environment was a qualified input to the equipment. A change to a utility that was within the qualified scope (water for injection, compressed gas at a specific specification) typically requires IQ and OQ revalidation of the affected interfaces. A facility relocation typically requires full IQ/OQ/PQ at the new location.

Deviations, trends, and drift

A reassessment driven not by a planned change but by data. Common signals: an out-of-trend pattern in monitoring data, an accumulation of deviations on the same equipment or process step, a single significant deviation, or a finding from continued process verification that suggests the validated state may no longer hold.

Scope decision depends on whether the data points at a specific qualified parameter that may have drifted. A trend in seal-strength variability on a packaging line may point at the seal-temperature OQ or the dwell-time OQ; the scope is the affected qualification phase, not full requalification. A pattern of unrelated minor deviations across multiple parameters may indicate the periodic review window is overdue more than a specific revalidation trigger.

This bucket is where ICH Q9 risk principles and EU Annex 15 ongoing-verification expectations connect to the FDA's Stage 3 Continued Process Verification language. The data is what makes the trigger; the risk assessment scopes the response.

Full vs partial: scoping the right test plan

A common source of wasted effort in revalidation is the reflex to redo every protocol when only one phase is actually affected. The risk-based framework gives you a way out of that reflex.

Revalidation decision tree starting from a change control document, branching through a risk assessment into three terminal outcomes: no revalidation, partial revalidation, and full revalidation, with partial revalidation highlighted as the typical risk-based result

For each change, work through three questions before deciding scope.

First, what was qualified initially? Look back at the original IQ, OQ, and PQ. What were the critical parameters, the acceptance criteria, the test conditions? You are asking: which of these is the change capable of affecting?

Second, what is the risk? Use the existing risk assessment for the equipment, or perform a delta risk assessment specifically for the change. The output is a defensible statement of which critical parameters could be affected and what severity-occurrence-detection profile each carries after the change.

Third, what is the minimum scope that demonstrates the validated state is maintained for the affected parameters? That is what you revalidate. Phases not affected by the change can typically be excluded with a documented rationale.

A worked sensor-recalibration example: a temperature sensor on a CIP skid is replaced with the same model from the same supplier, calibrated to the same range, with the same response characteristics. The original IQ included documentation of the sensor model, calibration certificate, and installation. The original OQ tested the temperature control loop across the operating range. The original PQ ran the equipment through full production cycles.

The risk assessment for this change identifies that the sensor characteristics are equivalent and the new sensor's calibration certificate confirms range and accuracy. The defensible scope decision: IQ-equivalent verification of the new sensor (model, calibration certificate, installation), no OQ retest, no PQ retest, with the rationale that an equivalent sensor in an unchanged control loop does not affect the qualified operating range or process capability.

If instead the replacement sensor had a different response time or accuracy class, the scope would expand: OQ retest of the affected temperature ramp and steady-state criteria, with PQ left untouched only if the OQ confirms equivalent loop behavior.

Scope decisions of this type are not the engineer's preference. They are written rationales that an auditor reads and either accepts or challenges. We wrote separately about the upstream judgment calls that drive validation scope in our post on how to determine if you need IQ only or full IQ/OQ/PQ.

The documentation that makes a revalidation decision defensible

Whether the decision is "full revalidation," "partial revalidation," or "no revalidation needed," what makes it defensible is the documentation around it. A common audit finding is not that the team made the wrong scope decision; it is that the team made no documented decision at all.

A complete revalidation decision package contains five elements.

A change control form referencing the specific change being assessed. The change should be described concretely: what is being modified, why, when, and by whom.

A risk assessment for the change. This may extend the existing equipment risk assessment or be a stand-alone delta. The output identifies which critical parameters could be affected and the severity-occurrence-detection profile after the change.

A revalidation scope decision with rationale. This states which qualification phases will be re-executed and which will not, with the risk basis for each exclusion. "No revalidation needed" is a valid outcome here when the risk assessment supports it.

The executed protocol or protocols, per the agreed scope. If the decision was no revalidation, this section is replaced by the documented rationale itself.

A conclusion stating that the validated state of the equipment is maintained after the change, with sign-offs by engineering, quality, and any other required functions.

This package is what an auditor reads when they ask "how did you handle this change." A team that produces it consistently is in a much stronger position during inspection than a team that performed the revalidation work without the documentation, even when the underlying technical work was correct in both cases.

The audit-readiness of this package is one of the dimensions we use to evaluate validation tools. We wrote about that framework in our guide to choosing validation software for equipment qualification.

Periodic review vs change-triggered revalidation

These are two distinct activities and they get conflated all the time.

Periodic review is a calendar-driven activity. Annual cadence is common for qualified equipment or validated processes, though the specific cadence is a procedural choice tied to the team's QMS. It is a checkpoint, not a revalidation.

The purpose of periodic review is to look at the accumulated history of an asset since its last review: changes that have occurred, deviations that have been logged, trends in performance data, supplier changes, environmental shifts. The output is a documented finding, which can be no action required, increased monitoring required, or revalidation triggered.

Change-triggered revalidation is a response to a specific change, driven by the risk assessment and scope decisions described above. It is not on the calendar; it happens when a change happens.

Periodic review and change-triggered revalidation feed each other. A periodic review may surface a pattern of small changes whose cumulative effect warrants a revalidation that none of the individual changes triggered on their own. Conversely, a triggered revalidation may reset the clock on the next periodic review by documenting current performance.

A common failure mode is teams that conflate the two and conclude that periodic review is itself a revalidation. It is not. Periodic review without an identified trigger is a documented checkpoint with a documented finding, not a redo of IQ/OQ/PQ.

A worked example: firmware update on packaging equipment

Consider a piece of mid-complexity packaging equipment in a medical device manufacturing line. The vendor releases a firmware update affecting the seal-temperature control logic. The seal temperature is a critical process parameter previously qualified during OQ with a defined operating range and acceptance criteria tied to the URS.

Step 1: change control form. The form references the vendor advisory, lists the affected equipment by asset ID, identifies the version change (from current firmware to new firmware), and includes the vendor's release notes describing the changes.

Step 2: risk assessment. The team performs a delta risk assessment. The seal-temperature control loop is the affected subsystem. The severity of a control failure is high because seal integrity is a patient-safety concern. Occurrence is judged moderate given the firmware change is in production-critical logic. Detection is supported by existing in-process monitoring.

Step 3: scope decision. Based on the risk assessment, the team concludes that the firmware change affects the OQ-qualified operating range of the seal temperature control loop. IQ is not affected, because the equipment installation is unchanged. PQ is potentially affected because seal integrity is a product-facing CQA, and the team does not exclude PQ at this stage; they decide to re-execute the OQ first and re-assess PQ based on OQ results plus available continued process verification data. The scope decision is documented as "OQ revalidation of seal-temperature control loop required; IQ revalidation not required because equipment installation unchanged; PQ revalidation to be re-assessed after OQ results and CPV review."

Step 4: execution. The team re-runs the OQ test cases covering the seal-temperature control loop. The original OQ acceptance criteria still apply. The criteria pass.

Step 5: PQ re-assessment and conclusion. With the OQ confirming equivalent control loop behavior and continued process verification data showing no shift in seal-integrity output, the team documents that PQ revalidation can be reduced to a focused verification rather than a full re-execution, with the rationale captured in the scope decision. If the CPV data had shown a shift, or if there were no contemporaneous data to draw on, full PQ would have been required. The team documents that the validated state is maintained after the firmware change. The change control is closed with sign-offs.

Where teams get this wrong

A few failure modes account for many revalidation problems in practice.

The first is reflexive full revalidation. Every change triggers a redo of IQ/OQ/PQ regardless of risk. The team is technically correct but wildly inefficient, and they paralyze operations by treating low-risk changes the same as high-risk changes. Auditors do not credit overdocumentation; they credit risk-based justification.

The second is undocumented no-action decisions. The team assesses a change informally, decides no revalidation is needed, and moves on without writing it down. When the auditor asks how the change was handled, the answer is verbal. That answer becomes a finding. The fix is procedural: every change goes through change control, every change gets a risk assessment, and "no revalidation needed" is a documented outcome with rationale, not an unstated default.

The third is calendar-based annual revalidation as a substitute for change control. The team performs a full IQ/OQ/PQ once a year regardless of whether any changes occurred, treating this as the revalidation program. Calendar-driven full requalification is hard to justify under current guidance when lifecycle monitoring and change-triggered reassessment cover the same ground with better risk discrimination. Annual periodic review remains a common procedural practice; annual full requalification is the part that is hard to defend by default.

A fourth, less common but worth flagging: skipping the risk assessment step entirely and going straight from change identification to scope decision. The risk assessment is what makes the scope decision defensible. Skipping it is the difference between a defensible package and a finding waiting to happen.

Frequently Asked Questions

Ready to automate your validation documentation?

Generate audit-ready IQ/OQ/PQ protocols in minutes, not weeks.

Get Started

We use essential cookies for authentication and security. With your consent, we also use Microsoft Clarity on our marketing pages to understand how visitors navigate the site. Learn more.