Read summarized version with
I’ve audited a lot of SOPs over the past few years. Internal ones. Ones from acquired companies. Ones customers email over with a “hey, is this any good?”
The pattern is bleak and consistent. Most SOPs out there are missing at least three critical sections. Someone wrote down the steps, slapped on a title, and shipped it. Six months later, an operator hits an edge case the doc doesn’t cover, escalates to the wrong person, and the whole thing unravels.
I’m Yuval, CEO of Glitter AI. We build software that turns screen recordings into structured SOPs, so I spend a lot of time thinking about what actually belongs in a standard operating procedure, and what tends to get skipped.
This post is a reference. Bookmark it. Use it as an audit checklist when you’re reviewing existing SOPs, or as scaffolding when you’re writing new ones from scratch. Every section below answers three questions: why it matters, the most common mistake people make, and a real example you can copy.
Teach your co-workers or customers how to get stuff done – in seconds.
The 15 Sections Every SOP Needs
Before getting into details, here’s the full checklist. If your SOP is missing any of these, that’s a gap worth closing:
- Document Header
- Purpose & Scope
- Roles & Responsibilities (RACI)
- Prerequisites & Inputs
- Materials, Tools & Software
- Definitions & Acronyms
- Step-by-Step Procedure
- Decision Points & Branching Logic
- Quality Checks & Acceptance Criteria
- Outputs & Deliverables
- Exceptions & Escalations
- Compliance & Regulatory References
- Related Documents
- Change Log & Version History
- Approval Signatures
Quick audit tip before getting into specifics: most SOPs out there fail because they skip sections 8, 11, and 14 - branching logic, exception handling, and version history. If you only patch three things in your existing documentation, patch those.
1. Document Header
Why it matters: The header is how anyone (auditor, new hire, regulator) figures out what this document is, who owns it, and whether it’s still current. Without it, you’ve got an orphaned file.
Common mistake: Slapping on just a title and date. That tells the reader nothing about ownership or whether the content is stale.
What to include:
- Title - descriptive and specific (not “Sales Process” but “New Customer Onboarding for Mid-Market Accounts”)
- SOP ID - a unique identifier like
SOP-SALES-007 - Version number - semantic versioning works (v2.1)
- Document owner - a named person, not “the team”
- Effective date - when this version went live
- Next review date - when it needs to be re-validated (annually at minimum)
- Department / function
Real example:
Title: New Customer Onboarding - Mid-Market Accounts
SOP ID: SOP-CS-014
Version: 3.2
Owner: Maya Chen, Head of Customer Success
Effective: 2026-04-01
Next Review: 2027-04-01
Department: Customer Success2. Purpose & Scope
Why it matters: This section tells readers whether they’re even in the right document. Skip it, and people end up using SOPs in situations they were never designed for.
Common mistake: Writing a vague purpose like “to ensure quality.” Useless. Be specific about what process is covered, and just as important, what’s not covered.
What to include: A 2-3 sentence purpose statement, then explicit scope boundaries.
Real example:
Purpose: Standardize the first 30 days of onboarding for mid-market accounts (ARR $50k - $250k) to ensure consistent time-to-value and reduce churn risk in the first quarter.
Scope: Applies to all accounts signed after 2026-01-01 in the mid-market segment. Does not apply to Enterprise accounts (see SOP-CS-018) or self-serve accounts.
3. Roles & Responsibilities (RACI)
Why it matters: When something breaks, the first question is always “who owns this?” If the SOP doesn’t answer clearly, you get finger-pointing.
Common mistake: Listing roles in prose (“the CSM is responsible for X, but the AE should also be informed…”). Use a RACI table. It’s faster to read and harder to misinterpret.
RACI stands for Responsible, Accountable, Consulted, Informed. Exactly one person is Accountable per task. Responsible is whoever does the actual work. Consulted gets input before. Informed gets a heads-up after.
Real example:
| Task | CSM | AE | Solutions Engineer | VP CS |
|---|---|---|---|---|
| Kickoff call scheduling | R | I | - | - |
| Technical setup | C | I | R, A | - |
| Success plan draft | R, A | C | C | I |
| Executive intro email | R | A | - | I |
| 30-day review | R, A | I | I | C |
4. Prerequisites & Inputs
Why it matters: Steps that quietly assume “you already have X” are how SOPs break. Spell out everything the operator needs before they start.
Common mistake: Burying prerequisites inside Step 1. Pull them out so a reader can scan them up front and bail before wasting an hour.
Real example:
Before starting this SOP, confirm you have:
- Signed order form in CRM with deal stage = “Closed Won”
- Customer’s primary technical contact email
- Access to the CS workspace in Notion
- Salesforce permissions for “Account Owner” handoff
5. Materials, Tools & Software
Why it matters: Tells the operator what tabs to open before they start, and helps IT know which licenses to provision for someone running this SOP.
Common mistake: Naming a tool but not the version, the URL, or the access level required. “Use Salesforce” isn’t enough. Which Salesforce instance, with what role?
Real example:
- Salesforce (production, role: CSM or above) -
https://company.lightning.force.com - Notion CS workspace - must be Editor on “Customer Health” database
- Gainsight (read access minimum)
- Loom or Glitter AI for recording walkthroughs (Loom produces a video viewers must scrub through; Glitter produces both a video and a scannable written guide from the same recording)
6. Definitions & Acronyms
Why it matters: New hires have no clue what “MQL” or “PRR” or “the green path” means. Internal jargon quietly destroys SOP usability.
Common mistake: Skipping it because “everyone knows what these mean.” They don’t. Especially not on day three.
Real example:
- TTV - Time to Value, measured from contract signature to first successful production use
- Health Score - composite metric (0 - 100) calculated weekly in Gainsight
- Sponsor - the named executive champion at the customer, identified during sales
Glitter angle: When you record an SOP through Glitter, this section gets auto-extracted. We pull tool names, UI labels, and recurring terms straight from the recording, so you don’t have to sit there writing the glossary yourself.
Teach your co-workers or customers how to get stuff done – in seconds.
7. Step-by-Step Procedure
Why it matters: This is the meat of the SOP. It’s also the section people botch most often, either by being too vague or absurdly detailed.
Common mistake: Mashing what to do together with why to do it in the same sentence. Keep steps imperative and atomic. If you need to explain rationale, drop it in a callout.
What to include: Numbered steps written in plain imperative voice. One action per step. Add screenshots or screen recordings for any UI-driven step.
Real example:
- Open the account in Salesforce (
Accounts → search by company name). - Verify the deal stage is “Closed Won.” If not, stop and contact the AE.
- Click New Case → select case type “Onboarding Kickoff.”
- In the case description, paste the success plan template from Notion.
- Assign the case to yourself and set priority to High.
For a deeper walkthrough of structuring this section, see my guide on how to write an SOP.
8. Decision Points & Branching Logic
Why it matters: Real processes have forks. “If the customer is on Enterprise, do A. If they’re on Pro, do B.” If your SOP doesn’t model these forks out loud, operators guess. And they guess inconsistently.
Common mistake: This is the number one missing section in audited SOPs. Authors write the happy path and ignore the branches. Then they wonder why the process produces inconsistent outputs.
What to include: Explicit decision blocks with criteria and the path to follow for each outcome. A simple format works fine:
DECISION: Is the customer on Enterprise?
→ YES: Schedule white-glove technical kickoff (see SOP-CS-018)
→ NO: Continue to Step 9 belowFor more involved branching, link out to a Mermaid flowchart or a separate decision-tree document. Don’t try to nest three levels of “if/else” inside numbered steps. It becomes unreadable.
9. Quality Checks & Acceptance Criteria
Why it matters: “Done” is subjective unless you define it. Acceptance criteria let an operator self-verify, and let a reviewer audit objectively.
Common mistake: Writing acceptance criteria as feelings (“the customer should feel welcomed”). Make them observable and binary.
Real example:
The onboarding is complete when all of the following are true:
- Kickoff call held and recording uploaded to Gong
- Success plan signed by customer sponsor (PDF in account folder)
- At least 3 power users created and logged in once
- Health score ≥ 70 in Gainsight
- Case closed with disposition “Onboarding Complete”
Glitter angle: Acceptance criteria get auto-suggested from your recording. Click “Save” or “Submit,” or land on a confirmation screen, and Glitter flags that moment as a likely completion checkpoint and proposes it as an acceptance criterion.
10. Outputs & Deliverables
Why it matters: Tells downstream teams what they’ll get when this SOP wraps up, and where to find it.
Common mistake: Listing only the primary deliverable and forgetting the artifacts that other teams depend on (logs, signed forms, updated records).
Real example:
When this SOP is complete, the following artifacts exist:
- Signed Success Plan in the account’s Google Drive folder
- Closed kickoff case in Salesforce with full notes
- Updated
Onboarding Stage = Completefield on Account record - Calendar invite for the 60-day business review
- Slack notification posted to
#cs-handoffs
11. Exceptions & Escalations
Why it matters: When the happy path breaks, who do you call? An SOP without escalation paths leaves operators stranded, and they end up inventing their own escalations, usually badly.
Common mistake: Same story as section 8. Most SOPs just omit this. The author assumes nothing will go wrong, which may be the most expensive assumption in operations.
What to include: A list of common exceptions, the trigger condition for each, and the named owner to escalate to.
Real example:
| Exception | Trigger | Escalate To | SLA |
|---|---|---|---|
| Customer technical contact unresponsive 5+ days | No reply to 3 outreach attempts | AE + VP CS | 24h |
| Product blocker discovered during setup | Cannot complete Step 4 of technical setup | Solutions Engineer + Product PM | 4h |
| Contract terms unclear | Conflicting fields between order form and CRM | Deal Desk + Legal | 48h |
| Customer requests pause | Sponsor explicitly asks to delay | VP CS | 24h |
12. Compliance & Regulatory References
Why it matters: If your SOP touches anything regulated (PII, PHI, financial data, export controls), you need to cite the regulation. Auditors will ask. So will lawyers, the moment something goes wrong.
Common mistake: Assuming compliance “lives somewhere else.” It doesn’t. The SOP is the operational artifact auditors trace controls back to.
Real example:
- This procedure handles customer PII. All data access governed by SOC 2 CC6.1 (logical access controls).
- Customer health data shared with EU sponsors requires GDPR Article 28 processor terms in MSA. Verify before sharing.
- Data retention: account artifacts retained 7 years per internal Data Retention Policy DR-001.
13. Related Documents
Why it matters: SOPs don’t exist in isolation. Linking related documents (parent processes, child SOPs, policy documents) creates a navigable web instead of an island.
Common mistake: Linking every document in the company “just in case.” Be selective. Only link documents an operator actually needs while running this SOP.
Real example:
- Parent process: Customer Lifecycle Master SOP (SOP-CS-001)
- Predecessor: Sales-to-CS Handoff (SOP-SALES-009)
- Successor: 60-Day Business Review (SOP-CS-022)
- Policy: Customer Data Handling Policy (POL-INFOSEC-004)
- Template: Success Plan Template v4.1 (TPL-CS-003)
14. Change Log & Version History
Why it matters: Without a change log, nobody knows what changed between v1.4 and v2.0, when it changed, or why. That’s a compliance gap and a coordination disaster. Half the team is operating on the old version.
Common mistake: This is the third member of the missing-section trio (alongside 8 and 11). Authors update the SOP, bump the date, and don’t record what they changed. So when someone asks “did we used to do it differently?”, nobody can answer.
What to include: A simple table. Version, date, author, summary of change.
Real example:
| Version | Date | Author | Change Summary |
|---|---|---|---|
| 3.2 | 2026-04-01 | M. Chen | Added decision branch for Enterprise accounts |
| 3.1 | 2026-01-15 | M. Chen | Updated escalation table; new Solutions Engineer rotation |
| 3.0 | 2025-11-10 | J. Park | Major rewrite for Gainsight migration |
| 2.4 | 2025-08-22 | J. Park | Tightened acceptance criteria |
15. Approval Signatures
Why it matters: Approvals close the loop. They show this document got reviewed by the right people, who took accountability for its accuracy.
Common mistake: Treating signatures as a formality. They’re not. For regulated industries (healthcare, finance, manufacturing), absent or incorrect approvals invalidate the SOP entirely from a compliance standpoint.
Real example:
| Role | Name | Signature | Date |
|---|---|---|---|
| Document Owner | Maya Chen | signed electronically | 2026-04-01 |
| Process Owner (VP CS) | Daniel Roy | signed electronically | 2026-04-01 |
| Compliance Reviewer | S. Almeida | signed electronically | 2026-04-02 |
For regulated environments, capture signatures in a system that produces an immutable audit trail. DocuSign, Adobe Sign, or whatever your QMS supports.
Teach your co-workers or customers how to get stuff done – in seconds.
How Glitter Auto-Generates Half the Checklist
I’ll be straight with you. Filling 15 sections from a blank page is the reason most SOPs never get written. So we built Glitter to take the heaviest lifting off your plate.
When you record an SOP with Glitter’s SOP generator, three sections get auto-generated from your recording:
- Section 6 (Definitions & Acronyms) - pulled from UI labels, tool names, and recurring terms
- Section 7 (Step-by-Step Procedure) - every click, type, and navigation, with annotated screenshots
- Section 9 (Quality Checks) - confirmation screens and submit actions get flagged as likely acceptance checkpoints
You still write the strategic sections yourself (purpose, scope, RACI, decision logic, escalations), because those require judgment, not transcription. But the mechanical parts? Those are done in 30 seconds.
If you want a deeper template walkthrough, my SOP template guide covers different formats for different process types. For formatting guidance like fonts, hierarchy, screenshots, callouts, see the SOP format best practices guide.
Free SOP Checklist (Copy & Paste)
Here’s the checklist as a markdown file you can drop into Notion, Confluence, or a markdown editor:
# SOP Audit Checklist
## 1. Document Header
- [ ] Title (specific and descriptive)
- [ ] SOP ID
- [ ] Version number
- [ ] Document owner (named person)
- [ ] Effective date
- [ ] Next review date
- [ ] Department / function
## 2. Purpose & Scope
- [ ] 2-3 sentence purpose statement
- [ ] Explicit "in scope" boundaries
- [ ] Explicit "out of scope" exclusions
## 3. Roles & Responsibilities
- [ ] RACI table present
- [ ] Each task has exactly one Accountable
- [ ] All named roles exist in current org chart
## 4. Prerequisites & Inputs
- [ ] All required upstream artifacts listed
- [ ] All required access / permissions listed
- [ ] All required information listed
## 5. Materials, Tools & Software
- [ ] Each tool named with version / URL
- [ ] Required access level specified per tool
## 6. Definitions & Acronyms
- [ ] All internal jargon defined
- [ ] All acronyms expanded on first use
## 7. Step-by-Step Procedure
- [ ] Steps numbered and atomic
- [ ] Imperative voice
- [ ] Screenshots for UI-driven steps
## 8. Decision Points & Branching Logic
- [ ] All branches modeled explicitly
- [ ] Criteria for each branch are observable
## 9. Quality Checks & Acceptance Criteria
- [ ] Acceptance criteria are binary / observable
- [ ] Self-verification possible by operator
## 10. Outputs & Deliverables
- [ ] Primary deliverable named with location
- [ ] Secondary artifacts (logs, records) listed
## 11. Exceptions & Escalations
- [ ] Common exceptions listed
- [ ] Each has a named escalation owner
- [ ] Each has an SLA
## 12. Compliance & Regulatory References
- [ ] Relevant regulations cited
- [ ] Internal policies linked
## 13. Related Documents
- [ ] Parent / child / sibling SOPs linked
- [ ] Templates and policies linked
## 14. Change Log & Version History
- [ ] Table present with version, date, author, summary
- [ ] Most recent change documented
## 15. Approval Signatures
- [ ] Document owner signed
- [ ] Process owner signed
- [ ] Compliance reviewer signed (if regulated)Run this against any existing SOP and you’ll find gaps. That’s the point. Fix them before they cost you in an audit, an incident, or a botched onboarding.
Frequently Asked Questions
What sections should every SOP include?
Every SOP should include 15 core sections: document header, purpose and scope, roles and responsibilities (RACI), prerequisites and inputs, materials and tools, definitions and acronyms, step-by-step procedure, decision points and branching logic, quality checks, outputs and deliverables, exceptions and escalations, compliance references, related documents, change log, and approval signatures. Skipping any of these creates ambiguity that operators have to resolve on their own.
What is the most commonly missed section in SOPs?
The three most commonly missed sections are decision points and branching logic, exceptions and escalations, and the change log. Authors typically write the happy path and skip the forks, the failure modes, and the version history. Adding these three sections alone dramatically improves SOP usability and audit readiness.
How do I audit an existing SOP?
Compare the SOP against the 15-section checklist and mark which sections are present, partial, or missing. Then check whether each present section is concrete (named owners, observable criteria, linked references) or vague. Most audit findings come from missing sections 8, 11, and 14, plus vague RACI tables in section 3.
What is a RACI table in an SOP?
A RACI table maps tasks to roles using four labels: Responsible (does the work), Accountable (owns the outcome, exactly one per task), Consulted (gives input before), and Informed (gets a heads-up after). Including a RACI table in the roles and responsibilities section eliminates ambiguity about who owns what when the process executes.
How long should a standard operating procedure be?
There is no fixed length. A simple administrative task might fit in two pages; a regulated manufacturing procedure might run to twenty. The right length is whatever covers all 15 required sections completely without padding. If you find yourself adding filler to look thorough, stop - concise SOPs get followed more often than long ones.
Do I need approval signatures on every SOP?
For regulated industries (healthcare, pharmaceuticals, finance, manufacturing under ISO or FDA scope), signatures are mandatory and absent signatures invalidate the SOP. For unregulated internal processes, signatures are best practice but optional - at minimum, the document owner and process owner should sign off.
What is the difference between scope and purpose in an SOP?
Purpose explains why the SOP exists and what outcome it produces. Scope defines the boundaries: which situations, accounts, products, or geographies the SOP applies to, and which are explicitly excluded. Purpose answers "why," scope answers "when does this apply." Both are required, and skipping scope is how SOPs end up misused.
How often should SOPs be reviewed and updated?
Review every SOP at least annually, and immediately after any of these triggers: a process change, a tool migration, an incident or near-miss, an audit finding, or a regulatory update. Set a "Next Review Date" in the document header and put it on the owner's calendar. SOPs that go more than 18 months without review are usually wrong.
Can SOP sections be auto-generated by software?
Some sections can be auto-generated from screen recordings: the step-by-step procedure, definitions and acronyms (extracted from UI labels and recurring terms), and quality checks (inferred from confirmation screens and submit actions). Strategic sections like purpose, scope, RACI, and escalations require human judgment. Tools like Glitter AI handle the auto-generated sections so authors focus on the strategic ones.
What goes in the change log of an SOP?
A change log table tracking every revision: version number, date of change, author, and a one-line summary of what changed. This creates an audit trail showing who modified the procedure and why, which is required for compliance in regulated industries and useful in any environment to coordinate teams operating under different SOP versions.
Wrapping Up
A complete SOP isn’t a long document. It’s a document where every required section is filled in deliberately. Fifteen sections sounds like a lot, but most of them are short. The discipline isn’t writing more, it’s writing the right things.
If you’re auditing existing documentation, start with sections 8, 11, and 14. Those are the highest-leverage gaps in almost every SOP I’ve reviewed. If you’re writing new ones, use the checklist above as scaffolding so you don’t ship something incomplete.
And if filling 15 sections from a blank page sounds painful, that’s exactly the problem we built Glitter to solve. Record your process, get the mechanical sections written for you, and spend your time on the strategic ones that actually require your judgment.
