How many Standard Operating Procedures (SOPs) does your organization manage and what is your opinion on whether the number is sufficient? Insufficient? Over-the-top?

Peer InsightsIT Strategy & Roadmap
1.5k viewscircle icon3 Comments
Sort by:
Senior Solutions Architect / Senior Director in Insurance (except health)5 months ago

The number of Standard Operating Procedures (SOPs) our organization manages varies across departments and functions. I believe SOPs cannot follow a one-size-fits-all approach. The correct number and scope of SOPs depend on the nature and complexity of operations. In some cases, a single SOP can guide multiple teams through standard processes (rarely the case), while in others, it makes more sense to have team-specific or even situation-specific SOPs to address overlapping responsibilities or unique workflows. Most important is ensuring clarity, consistency, and usability—regardless of the total count. In my opinion, rather than focusing on whether the number is sufficient or excessive, the key is whether the SOPs are effective, adaptable, and aligned with operational needs. 

Director of IT in Healthcare and Biotech5 months ago

Our organization rationalized our SOP's as they were too many, overlapping and contained conflicting information - the more regulatory impact on your business the more the SOPs proliferate.  We now only publish SOP's for Policy and the majority of previous SOP's were found to be actually Work Instructions (WI) and were curated and republished as such.

Lightbulb on2 circle icon1 Reply
no title5 months ago

“Refresh, Revive, Revise” philosophy—refreshing outdated content, reviving critical SOPs with clear purpose, and revising the overall structure to improve usability and alignment with regulatory and operational needs. Also embedding a cycle of continuous improvement and periodic review to ensure the documentation remains current, relevant, and effective over time is the right way to go.

Lightbulb on1

Content you might like

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

What challenges are you encountering with implementation projects?

External delays26%

Unrealistic timeline40%

Bottlenecks35%

Insufficient staffing45%

Underestimated costs29%

Inadequate budget management15%

Delayed funding16%

Project plan lacks detail23%

Changes in scope30%

Changing client expectations15%

Changing internal expectations7%

View Results

We have 1000s of forms. Is anyone else using Azure AI to classify and report on large collections of forms by type and version? I’d like to connect with others doing this.

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

What challenges have you faced in implementing customer relationship management (CRM) software? Select all that apply.

Lack of communication24%

Tool is not adopted organization-wide30%

Lack of integration46%

Cost39%

Unclear objectives27%

Poor data quality28%

Implementation time is too long19%

Incorrect deployment type16%

Lack of training18%

Lack of resources13%

Lack of leadership oversight12%

Lack of scalability5%

Other (please list in the comments)

View Results