This Family inherits the governance requirements defined in the Unified Governance Manual (SOP-QMS-GOV), including the Quality Manual, Risk Management Program (RMP), Internal Audit Program (IAP), and Material Review Board (MRB) governance (SOP-QA-MRB). All PROC responsibilities and WINs must align with these L2 authorities.
The Procurement (PROC) Process Family governs the controlled sourcing, qualification, evaluation, and ongoing oversight of suppliers providing components, ingredients, packaging, labels, and GMP-impacting services. PROC ensures that all purchased materials originate from qualified, approved, and verified suppliers and that procured materials meet GMP, regulatory, and internal specifications.
PROC provides WHAT-level governance for:
Procurement is critical because 21 CFR 111 requires manufacturers to:
NSF/ANSI 455-2 strengthens these requirements by mandating:
Key PROC risk themes include:
PROC requires strong cross-functional interaction with:
Risk Tier Classification: HIGH. Procurement is classified as HIGH risk because supplier failures can directly lead to adulterated materials, misidentified components, contaminated ingredients, specification failures, and systemic supply-chain noncompliance. As the entry point for all components and materials, PROC plays a foundational role in GMP compliance, product quality, and material integrity.
The following table includes all Procurement (PROC) SOPs from the frozen L2 hierarchy. Each SOP is mapped to its WHAT-level purpose, operational scope, applicable regulatory anchors, and Quality Control (QC) requirement anchors that are enabled or supported by Procurement activities. Procurement operates as a QC-Enabling domain and does not perform QC testing, acceptance, release, or disposition activities.
| SOP ID | SOP Title | Purpose (Control Intent) | Scope (Operational Boundary) | QC Requirement Anchors (QC-Enabling) | Regulatory Anchors |
|---|---|---|---|---|---|
| SOP-PROC-SOURCE | Sourcing | Establishes the controlled process for identifying, evaluating, and selecting suppliers capable of providing components, packaging, and services that meet GMP, safety, and regulatory requirements. | Applies to sourcing decisions, preliminary supplier reviews, capability checks, risk screening, and documentation required before initiating qualification or first purchase. Excludes testing, receiving, and post-approval supplier performance monitoring. | QC-CHG-002 (Impact & risk assessment) |
21 CFR:
111.70(aβd), 111.75(a), 111.123(b)(2), 111.255(a). NSF/ANSI 455-2: 4.3.1β4.3.3, 4.4.1, 4.5.1. |
| SOP-PROC-QUAL | Supplier Qualification | Defines the structured system for evaluating, qualifying, and approving suppliers based on risk, compliance history, documentation, capability, and material quality performance. | Applies to initial and ongoing qualification, supplier audits, risk scoring, documentation review, and approval or disqualification decisions. Excludes sourcing activities and day-to-day purchasing. | QC-MAT-003 (Supplier qualification status impact) QC-CHG-002 (Impact & risk assessment) |
21 CFR:
111.75(aβc), 111.103β111.105, 111.255, 111.415. NSF/ANSI 455-2: 4.3.4, 4.2.1β4.2.4, 4.5.2. |
| SOP-PROC-ASL | Approved Supplier List | Establishes controls to maintain an accurate, traceable, and risk-based Approved Supplier List (ASL), ensuring only qualified suppliers are used for GMP materials and services. | Applies to creation, maintenance, modification, and periodic review of the ASL; includes tracking of supplier status, risk level, approved materials, and disqualification decisions. | QC-MAT-003 (Supplier qualification status impact) |
21 CFR:
111.75(a)(2)(ii), 111.123(b)(2), 111.255. NSF/ANSI 455-2: 4.3.4.1, 4.4.2, 4.10. |
| SOP-PROC-P2P | Procure to Pay | Defines the controlled purchasing process to ensure materials are ordered from approved suppliers, match specifications, and comply with all internal and regulatory requirements. | Applies to purchasing authorization, PO creation, approved supplier verification, specification checks, and alignment of purchasing activities with material requirements. Excludes warehouse receipt or QC testing activities. | QC-MAT-003 (Supplier qualification status impact) |
21 CFR:
111.70, 111.75(a)(2), 111.123(a)(2), 111.165. NSF/ANSI 455-2: 4.3.4, 4.1.2, 4.2.4, 4.5.1. |
| SOP-PROC-DOCS | Supplier Documentation | Establishes controls for collecting, reviewing, maintaining, and periodically updating supplier documentation required to verify component quality and compliance. | Applies to COAs, specifications, questionnaires, certifications, allergen statements, MDR documentation, and any supplier-provided information required to ensure GMP compliance. Excludes internal production or QC testing documentation. | QC-MAT-003 (Supplier qualification status impact) |
21 CFR:
111.70(aβd), 111.75(aβc), 111.255, 111.320. NSF/ANSI 455-2: 4.4.2β4.4.6, 4.3.4.2, 4.1.1β4.1.3. |
Procurement (PROC) operates as a QC-Enabling domain. QC requirement anchors listed in this section identify where Procurement activities provide prerequisite controls, inputs, or documentation required for Quality Control decision-making. Procurement does not execute QC testing, acceptance, release, or disposition decisions, which remain governed by Quality-owned procedures.
The following WHAT-level training requirements apply to all personnel who work within or support the Procurement (PROC) Process Family. Training expectations are grouped by governing SOP to improve clarity, traceability, and audit alignment. These requirements establish foundational GMP behaviors and do not include HOW-level task instructions or Work Instructions.
This section defines WHAT-level responsibilities and high-level controls for all L0-defined roles that perform, supervise, review, trend, escalate, or own any Procurement (PROC) Family obligations. No HOW steps or SOP/WIN references appear in this section.
| Role | Primary Responsibilities (WHAT) | High-Level Controls (WHAT Requirements) |
|---|---|---|
| Procurement Lead |
β’ Maintain oversight of sourcing and purchasing decisions aligned with approved supplier status. β’ Ensure material requirements, specifications, and supplier capabilities remain aligned. β’ Identify supplier risks, gaps, or documentation deficiencies requiring escalation. β’ Maintain visibility into supplier performance and reliability. β’ Ensure Procurement records are accurate, complete, and traceable. |
β’ Verify supplier approval status prior to purchasing activity. β’ Ensure procurement actions comply with specification, ASL, and qualification controls. β’ Apply risk-based controls to evaluate new or changing supplier conditions. β’ Maintain controlled purchasing pathways that prevent unapproved supplier use. β’ Ensure all procurement documentation aligns with L0 record-keeping requirements. |
| BPO |
β’ Own operational governance of Procurement workflows and requirements. β’ Ensure supplier-related controls are implemented consistently across the organization. β’ Evaluate systemic impacts of supplier changes or risks. β’ Maintain final review authority for Procurement-driven process alignment. β’ Oversee resolution of supplier-related deviations or systemic gaps. |
β’ Enforce alignment of Procurement processes with enterprise-level governance requirements. β’ Ensure supplier qualification, ASL management, and documentation controls remain robust. β’ Maintain enterprise visibility of supplier risks and control measures. β’ Apply risk-based prioritization to supplier issues, escalations, and process updates. β’ Validate that Procurement controls remain compliant with regulatory requirements. |
| BRM |
β’ Maintain cross-functional alignment on supplier requirements and material flows. β’ Identify systemic risks associated with sourcing, qualification, or supplier performance. β’ Ensure horizontal integration of Procurement processes with other Families. β’ Evaluate supplier-driven impacts on planning, production, and quality. β’ Support supplier-related change control, nonconformance review, and CAPA alignment. |
β’ Ensure Procurement decisions do not create misalignment across the QMS. β’ Apply enterprise-wide risk assessment to supplier categories and materials. β’ Maintain documentation supporting cross-functional coordination. β’ Validate that supplier changes reflect accurate and current process requirements. β’ Ensure supplier-related information is consistent across all Families. |
| Regulatory Affairs |
β’ Confirm regulatory acceptability of ingredients, components, and supplier claims. β’ Support evaluation of certifications, statements, and regulatory documents. β’ Identify regulatory risks linked to supplier-provided information. β’ Maintain awareness of regulatory requirements affecting supplier material categories. β’ Support alignment of supplier documentation with product claims and labeling. |
β’ Ensure supplier-provided data supports regulatory compliance of finished products. β’ Verify regulatory documentation meets applicable requirements before material use. β’ Evaluate regulatory impact of supplier changes or documentation gaps. β’ Maintain controlled review pathways for regulatory documentation. β’ Support risk-based controls for supplier regulatory compliance. |
| Warehouse Supervisor |
β’ Maintain control over material receipt, staging, and quarantine aligned with Procurement requirements. β’ Identify material issues, documentation conflicts, or suspected supplier defects. β’ Ensure proper segregation of materials based on supplier status and risk. β’ Maintain traceability of received materials to supplier records. β’ Support investigations related to supplier-related nonconformances. |
β’ Enforce receiving checks that verify supplier approval and documentation completeness. β’ Maintain controlled material movement in alignment with ASL and qualification status. β’ Ensure material issues are escalated and documented in a timely manner. β’ Support material disposition decisions linked to supplier performance. β’ Maintain L0-compliant records for material receipt and supplier-linked deviations. |
| Document Control |
β’ Maintain controlled document lifecycle for supplier documentation and Procurement records. β’ Ensure controlled templates are used for Procurement-related records. β’ Maintain traceability of revisions to supplier documentation and forms. β’ Ensure controlled distribution of current Procurement documents. β’ Maintain secure storage of supplier documents and related records. |
β’ Enforce document-control rules for supplier documentation, ASL updates, and qualification records. β’ Maintain metadata, approval, and version integrity across all Procurement documents. β’ Prevent use of outdated or unapproved supplier documents. β’ Maintain consistent archival standards for Procurement evidence. β’ Ensure cross-functional access to controlled Procurement documents. |
| Training & Competency |
β’ Maintain competency requirements for personnel involved in Procurement activities. β’ Ensure supplier-related training is completed prior to performing associated tasks. β’ Update training programs following changes to Procurement requirements. β’ Maintain traceability of training records supporting supplier compliance. β’ Verify training alignment with Procurement templates and documentation needs. |
β’ Enforce training completion before personnel perform Procurement tasks. β’ Align training content with current Procurement and supplier requirements. β’ Maintain ALCOA+ integrity of Procurement-related training records. β’ Support enterprise-level training consistency during supplier changes. β’ Maintain linkages between document revision and mandatory training updates. |
Quality Unit roles (QA, QC, QA-SOD, QC-SOD) are intentionally excluded from this section.
Their responsibilities are defined globally in the L0 Unified Governance Document and detailed within the
QA and QC Family Packs, and therefore apply uniformly across all Process Families.
| # | SOP | WIN | AA Doc ID | Type | Frequency | Description (Purpose, Scope, Control Intent & Auditor Focus) |
|---|---|---|---|---|---|---|
| Supplier Governance | ||||||
| 1 | SOP-PROC-SOURCE | WIN-PROC-SOURCE-VERIFY | AA-PROC-SOURCE-VERIFY | CHK + REC | Per Source Selection |
Purpose: Document risk-based sourcing decisions prior to supplier qualification or purchasing. Scope: New suppliers, new materials, or significant sourcing changes. Control Intent: Ensure sourcing risk is evaluated and approved before supplier use. Auditor Focus: Evidence of documented risk review and approval. |
| 2 | SOP-PROC-QUAL | WIN-PROC-QUAL-APPROVE | AA-PROC-QUAL-APPROVE | CHK + REC | Per Qualification |
Purpose: Verify completion of supplier qualification and formally approve suppliers for GMP use. Scope: Initial qualification and periodic re-qualification. Control Intent: Prevent use of unqualified suppliers. Auditor Focus: QA approval, completeness, and system enablement. |
| 3 | SOP-PROC-ASL | WIN-PROC-ASL-MAINTAIN | AA-PROC-ASL-MAINTAIN | LOG | Ongoing |
Purpose: Maintain an authoritative record of approved suppliers and status changes. Scope: Supplier additions, removals, and status changes. Control Intent: Ensure purchasing aligns with approved supplier status. Auditor Focus: Traceability of changes and linkage to approval. |
| Procurement Execution | ||||||
| 4 | SOP-PROC-P2P | WIN-PROC-P2P-AUTHORIZE | AA-PROC-P2P-AUTHORIZE | REC | Per Transaction |
Purpose: Document authorized procure-to-pay transactions. Scope: Purchasing with qualified, active suppliers. Control Intent: Prevent purchasing from unapproved suppliers. Auditor Focus: Authorization, supplier status, and traceability. |
| Supplier Documentation | ||||||
| 5 | SOP-PROC-DOCS | WIN-PROC-DOCS-VERIFY | AA-PROC-DOCS-VERIFY | CHK + REC | Periodic / Upon Change |
Purpose: Verify and approve supplier documentation required for continued use. Scope: Quality agreements, certifications, regulatory documents. Control Intent: Maintain ongoing supplier compliance. Auditor Focus: Documentation completeness and approval evidence. |
All Auditable Artifacts (AAs) defined in this section leverage a common, Quality Assurance (QA)βowned Quality Event escalation process. Deviations, excursions, or failures to meet defined acceptance criteria are identified within the executing domain and escalated using WIN-QA-EXCEPTION-ESCALATION.
This standardized escalation mechanism is applied consistently across Warehouse, Quality Control (QC), Manufacturing, and other GMP domains to ensure independent QA oversight, uniform investigation, and controlled disposition in accordance with Quality Assurance procedures.
Domain-specific SOPs and Work Instructions (WINs) define exception identification triggers only and do not establish independent escalation, investigation, or disposition pathways.
This section defines the minimum required content and evidentiary intent for each Auditable Artifact (AA) listed in Section 5. These requirements establish WHAT must be captured to demonstrate effective control of Procurement (PROC) activities.
The AA set is intentionally risk-based, consolidated, and sufficient. Each AA represents the authoritative GMP evidence for its associated procurement control domain. No additional PROC-specific records are required beyond those defined in Section 5.
Individual executions are distinguished through operational metadata (e.g., date, supplier, material, transaction ID, system user), not through creation of additional forms or document variants.
This artifact provides evidence that sourcing decisions are risk-based, documented, and approved prior to supplier qualification or purchasing.
Minimum evidentiary expectations include:
Auditor focus: confirmation that suppliers are not engaged or advanced without documented, risk-based sourcing approval.
This artifact provides evidence that supplier qualification requirements are fulfilled and formally approved prior to supplier use.
Minimum evidentiary expectations include:
Auditor focus: ability to reconstruct why a supplier is approved, restricted, or disqualified based on documented evidence.
This artifact provides continuous evidence that the Approved Supplier List (ASL) is accurately maintained, controlled, and traceable.
Minimum evidentiary expectations include:
Auditor focus: confirmation that only qualified suppliers are authorized and that ASL changes are controlled and justified.
This artifact provides evidence that purchasing transactions are executed only with approved suppliers and for approved materials or services.
Minimum evidentiary expectations include:
Auditor focus: verification that purchasing does not bypass supplier qualification, ASL, or specification controls.
This artifact provides evidence that required supplier documentation is current, complete, reviewed, and approved.
Minimum evidentiary expectations include:
Auditor focus: confirmation that material quality and compliance are supported by controlled and reviewed supplier documentation.
This section defines the WHEN, WHO, and CONTROL OUTCOME expectations for execution of Procurement (PROC) controls. Work Instructions (WINs) enforce SOP requirements and generate the Auditable Artifacts (AAs) defined in Section 5. Procedural step-by-step HOW is intentionally excluded.
Governs controlled, risk-based sourcing decisions prior to supplier qualification or purchasing activity.
Control outcome: Only risk-evaluated and Quality-approved suppliers progress to qualification or purchasing.
Governs execution of supplier qualification activities and formal approval or disqualification decisions.
Control outcome: Supplier approval decisions are risk-based, documented, and authorized prior to use.
Enforces controlled creation, maintenance, and modification of the Approved Supplier List (ASL).
Control outcome: The ASL remains accurate, current, and authoritative for all GMP procurement decisions.
Governs authorization and execution of procure-to-pay transactions.
Control outcome: Purchasing activities are executed only with approved suppliers and approved requirements.
Governs collection, review, and approval of required supplier documentation.
Control outcome: Supplier documentation reliably supports material quality, compliance, and regulatory expectations.
This Family Pack inherits all enterprise-level governance defined in the L0 Unified Governance Document (L0-QMS-UGD), which serves as the authoritative source for quality, documentation, data integrity, and system requirements. All SOPs, WINs, and FORMs within this Family must be created, maintained, and executed in alignment with L0 rules, including:
L0 requirements apply uniformly and supersede all Family-level content. This Family Pack does not replace or modify L0 governance and operates fully within the enterprise-wide QMS architecture.
Exception conditions that intersect with Procurement activities are governed under the Quality Assurance (QA) Process Family. Procurement-controlled activities related to supplier nonconformance, documentation failures, deviations, complaints, and corrective and preventive actions (CAPA) inherit authority, evaluation, and disposition requirements from QA-governed SOPs.
Procurement does not authorize supplier approval, material release, deviation closure, or final disposition decisions that fall under QA-governed exception handling.