PROC Governance Position Paper

Domain: Procurement (PROC) — QC-Enabling

Purpose: Define and lock governance boundaries for sourcing, supplier qualification enablement, purchasing controls, and supplier documentation governance so GMP materials and services originate only from approved, controlled sources under Quality Unit authority.

Position Statement: Procurement is a QC-Enabling domain. PROC does not perform QC testing, acceptance, release, or disposition; it enforces upstream gating so only approved suppliers and controlled specifications are eligible to enter receiving and manufacturing flows.

Authority Model: Quality Unit (QU) retains final, non-delegable authority for quality-impacting decisions. QA administers QMS workflows under QU governance. PROC executes controlled procurement activities and generates evidence.

Table of Contents

1. Scope & Governance Boundary

This position paper governs Procurement controls that impact GMP materials and GMP-impacting services, including components, ingredients, packaging, labels, and outsourced providers whose outputs can affect product identity, purity, strength, composition, safety, or regulatory compliance.

PROC Owns (WHAT):
  • Sourcing governance and supplier selection screening
  • Supplier qualification enablement and status gating (ASL / scope-of-approval)
  • Procure-to-pay controls that enforce supplier status and intended use
  • Supplier documentation collection, verification, and controlled review cycles
  • Supplier change-signal detection and escalation entry (change triggers)
PROC Does NOT Own:
  • QC testing, sampling, or laboratory verification
  • Material acceptance/rejection or release status assignment
  • Deviation closure, CAPA approval, or final disposition decisions
  • Specification approval authority (owned under QU-governed pathways)
  • Receiving execution (owned by WH) or manufacturing execution (owned by PROD)

Procurement controls are effective only when they are integrated with downstream domains (Warehouse receipt/status control, Quality oversight, and Production execution) and when exceptions are controlled through QA-owned workflows.

2. Authority & Decision Rights

Quality Unit (QU): retains final authority for quality-impacting decisions, including supplier approval outcomes where governance defines non-delegable decision rights, and any authorization of exceptions that could impact product quality or regulatory compliance.
Decision Area PROC Role Quality Role Non-Delegable / Escalation Rule
Supplier status eligibility for GMP use (ASL, scope-of-approval) Executes gating and maintains records QA/QU governs approval model PROC may not override supplier status; exceptions require QA-owned workflow and QU authorization where required
Purchasing authorization (PO release / equivalent) Must block or escalate when supplier is not eligible QA governs exception pathway Any bypass of status gating requires documented exception authorization before transaction execution
Supplier documentation acceptability (COA, certifications, agreements) Collects/maintains; flags gaps and change signals QA/QU defines acceptance rules Missing/expired/unverifiable documentation must stop progression or enter exception workflow
Material acceptance/release/disposition Not permitted QU (and QA under delegated authority) controls PROC cannot change material status or authorize use

3. Mandatory PROC Gating Conditions

Gating Rule: Procurement activities that enable receipt or use of GMP materials/services may proceed only when all of the following are true:

Hard Stop: If supplier status is not eligible for the intended use, Procurement must block purchasing (or equivalent) until the issue is corrected or a QA-owned exception authorization is issued and documented.

Change Trigger Detection: Any signal of supplier/site/specification/supply-condition change (including documentation revisions that imply such a change) must be evaluated for Quality impact and routed into controlled escalation (e.g., Change Control) prior to continued implementation.

4. Required Evidence (Auditable Artifacts)

PROC governance is demonstrated through controlled evidence. The following artifacts are the minimum expected evidence set:

Evidence Type Control Intent Minimum Evidence Content
Sourcing Verification Record Prove sourcing decisions are risk-based and approved Supplier identity, intended use, risk screening, approval outcome, and change-trigger determination
Supplier Qualification Approval Record Prove supplier eligibility is authorized Qualification basis (initial/requal), scope-of-approval, risk tier, approvals, and effective dates
ASL Maintenance Log Make status gating enforceable and traceable Status category, scope-of-approval, effective dates, rationale, and linkage to approvals/change control
P2P Authorization Record Prevent purchases from ineligible suppliers Supplier status at time of authorization, intended use check, who/when authorization, exception ID if used
Supplier Documentation Verification Ensure documentation supports quality and compliance Doc list, validity/authenticity checks, gaps resolution, change-signal evaluation, escalation linkage when required

5. Exceptions, Escalation, and Stop Rules

Stop-Execution Conditions (PROC):
Escalation Rule:

When a stop condition is met, Procurement must initiate the QA-owned exception pathway and/or Change Control (as applicable) before proceeding. Procurement may support investigation inputs, but does not independently authorize bypass, continued use, or disposition outcomes.

Controlled Exceptions:

If governance permits an exception (rare, risk-based), it must be explicitly documented, approved by the appropriate Quality authority (including QU where required), and traceable to the impacted transaction(s), supplier(s), and intended use scope.

6. Outsourced Manufacturing & GMP Service Providers

Contract manufacturers and GMP-impacting service providers are treated as suppliers under Procurement governance. They must be qualified, approved, and maintained under the ASL with defined scope-of-approval (service, site, intended use).

Minimum Governance Requirements:

Procurement enables eligibility and governance; execution controls for manufacturing remain within Production and Quality oversight.

7. Cross-Domain Interfaces

Interface PROC Provides Partner Domain Provides Key Failure Mode Prevented
PROC ↔ WH (Warehouse) Supplier eligibility, documentation package, PO traceability Receipt, quarantine/status control, traceable storage/issuance Receiving or staging materials from ineligible suppliers
PROC ↔ QA/QU Change signals, supplier risk signals, evidence completeness Approval decisions, exception governance, QMS workflow administration Uncontrolled exceptions or unreviewed supplier changes
PROC ↔ QC/Lab Ops COA packages, supplier doc traceability, verification planning inputs Testing/verification evidence and requirements per QC framework Reliance on unverifiable supplier claims without verification controls
PROC ↔ PROD Supplier status constraints, lead-time/supply eligibility visibility Material demand signals and intended use constraints Scheduling pressure driving purchases from non-approved sources

8. Compliance Anchors & Data Integrity

Regulatory intent alignment (non-exhaustive): 21 CFR Part 111 supplier/material controls; NSF/ANSI 455-2 supplier oversight expectations; and enterprise ALCOA+ requirements for attributable, contemporaneous, legible, original, accurate (and complete/consistent/enduring/available) records.

Electronic records: Where electronic systems are used to maintain ASL status, approvals, and procurement authorizations, records must be attributable, audit-trailed, access-controlled, and retained per QMS record lifecycle governance.

Reference Implementation: This position paper aligns to the structure and controls already represented in your Procurement Family Pack (QMS-FP-PROC). Use it as the governance “front door” and boundary lock statement for PROC. (Source file: :contentReference[oaicite:0]{index=0})

End of Position Paper.