We’ve run SOP gap analyses across a wide range of organizations: device manufacturers, pharma sponsors, CROs, and clinical sites.

Each engagement starts with a different set of procedures and standards to assess against. Sometimes we’re evaluating clinical investigation SOPs against ISO 14155. Sometimes it’s GMP documentation, quality system controls, supplier qualification processes, or CAPA. The organization, regulatory context and procedures are different. But what isn’t different, or not nearly as different as you’d expect, is the pattern of what’s wrong when we put procedures under the microscope.

We always tell teams that a gap analysis isn’t a pass/fail audit; it’s a diagnostic. The goal is to identify where your documented procedures fall short of the applicable requirements before an inspector or notified body does the same review. In our experience, that review tends to surface the same categories of problems regardless of what type of SOP is on the table.

Below are five findings we see consistently enough that we go looking for them at the start of every engagement. These trends are pulled directly from the last ~18 months of gap analyses.

1. The SOP was written against a standard that has since been revised

This happens a lot with companies that have been operating for a while. The SOPs get written when the standard is current, the standard gets revised, and nobody updates the procedure.

• The language still maps to the old version.

• Requirements added or changed in the revision aren’t addressed.

• In some cases, the SOP explicitly references the superseded document by name and number.

This has recently come up a lot with device firms that haven’t reconciled their quality procedures to the QMSR, which amended 21 CFR Part 820.

The fix isn’t always a full rewrite. Sometimes it’s a targeted amendment that addresses only the delta between versions. But you can’t know what you’re dealing with until you do a section-by-section comparison against the current version. That comparison is usually the first thing we do.

2. The scope statement and the procedure cover different things

The purpose and scope section is supposed to tell you what the procedure governs and who it applies to. In practice, it’s often the part that was pulled from a template early on and never really touched again.

We tend to see two versions of this:

Both versions create the same audit risk. A reviewer who reads the scope statement and then reads the procedure is going to notice when they don’t describe the same thing.

Here’s a quick test: read the scope, then read the procedure, and ask whether someone who had never seen this process before could execute everything described in the scope using only what’s in the procedure. If not, you’ve found a gap.

3. Responsibilities are assigned to roles that are poorly defined, vacant, or gone

This is easy to miss in a document review because it looks fine on paper and doesn’t call attention to itself as much as other problems.

The SOP assigns ownership to a named role (QA Manager, Study Coordinator, Regulatory Specialist) and if that role exists somewhere in the org chart, the procedure gets approved. Whether the person in that role knows they own the step, and whether their qualifications match what the SOP actually requires, are separate questions.

We’ve reviewed SOPs that point to roles from a previous organizational structure eliminated years earlier. We’ve also seen responsibilities handed to an unspecified “Designee” with no guidance on who designates, what qualifications apply, or how the designation gets documented. We’ve seen tasks split between two roles in a way that creates a handoff gap neither party noticed because each assumed the other was handling it.

Updating role names gets you partway there. The more useful step is confirming that the people filling those roles know about the responsibility and have the training to execute it. If your SOP assigns a critical review step to the QA Manager and your QA Manager doesn’t know that’s their job, you have a gap in your training records as much as in your procedure.