The steps below are not a comprehensive list. They are meant to help you.

1. Read the official F5 Upgrade Guide: https://support.f5.com/csp/article/K84205182
2. Read the release notes of the version you plan to upgrade to. There is a dedicated section regarding upgrading procedures. Here is an example from v15.1.0. In these release notes, F5 details if you have to upgrade to a prior version before upgrading to the version you really want.
3. Check if your license needs to be reactivated. Licenses have an internal timestamp that prevents users from upgrading freely from older versions to new ones without an active service contract in place.
4. Create UCS backups of all units involved. Remember to download the UCS backup to your machine.
5. Create a qKview of the units involved in the upgrade.
6. If your system contains iRules, you should check if all the commands on it are still supported on the new version.
7. If you have TLS enabled virtual-servers that use DEFAULT cipher-suites, check these articles: K10262 (v10.x), K13156 (v11.x to 13.x), K54125331 (v14.x) and K2202090 (v15.x). What you should be aware of is that your TLS applicantion could be working perfectly because your clients and nodes are using a weaker cipher-suite. Since you are using a default list that changes from version to version, F5 tends to prefer stronger ciphers on newer versions. You could end up with an application issue due to stronger default cipher-suites.
8. If you have an active/standby setup, test everything in one unit before upgrading the second one.
9. Remember that connection mirroring could be compromised during upgrades because both units should have the same TMOS version for mirroring to work properly, so when you failover from one unit with one version to the other with a different version, connection mirroring could not work. This is normal behavior. Schedule a maintenance window.
10. After upgrade is completed on all units, create new UCS backups and qKviews.