SIPOC diagrams

I am a huge fan of a SIPOC which stands for suppliers-inputs-process-outputs-customers. A SIPOC diagram is a quick broad overview of all the elements of a process and serves as a great visual scope.


Start with the process

Provide the key steps of the process in the middle column and briefly describe its key steps.  A SIPOC diagram is a high-level process map and is designed to get a birds-eye overview of the process. Do not include decision points or feedback loops.

Identify the outputs of the process

Focus on the key outputs of the process. In this step, write down the three or more main outputs. Use nouns for the most part and avoid categorizing your outputs into good or bad ones – that’s not the point of the diagram.

Identify the customers

List the people who benefit from the process. These don’t have to be the literal “customers.” E.g., if you are working on a diagram for an internal process, the “customers” are your coworkers. Think of who benefits from this process. Who would be upset if the process is not complete?

List the inputs for the process

List the inputs required for the process to function properly. Just like with every previous step, focus on the most important ones. Three to six main inputs should do.

Identify the suppliers of the inputs

List the suppliers based on what inputs the process uses. Be sure to mention any specific suppliers whose input has a direct influence on the output.

The template I use is here.

Examples of SIPOCs:

Release control process sipoc

Google does not share search terms for privacy reasons, so it is rare that a search term stands out on my blog.

So here you go.

SIPOC for disposition

This is purposefully a high level process.

Quality Review of Records: Batch Record, Packaging Record, the like

Lot Assessment: Evaluation of deviations, of change control and test results; but also of other inputs such as Critical Utilities and Environmental Monitoring Review. Ideally a holistic view.

Lot Disposition: Decision that the product meets all requirements of the GMPs and the market authorization.

Some important regulatory requirements:

  • United States: 21 CFR 211.22(a); 211.22(d)
  • EU: 1.4(xv); 1.9(vii); EU Annex 16
  • World Health Organization: Annex 3-GMP 1.2(g); Annex 3-GMP 9.11, 9.13, 9.15


One of the drivers for digital transformation, and a concept at route of the ICHs, is the idea of release by exception. Our systems will be tight enough, our design space robust enough, that most products are automatically released and sent into the market.



Change Management and Document Control

“If it isn’t documented, it didn’t happen” is an often-repeated and heavily loaded phrase. One that I want to unpack in a lot of ways on this blog.

Here I want to focus on the interaction between change management and document control, as I think the two are closely intertwined, and that close relationship can confuse you.

Change Management is all about how we assess, control and release our changes. Document control is how we create, review, modify, issue, distribute & access documents. Document control is part of knowledge management (an enabler of the enabler), it is a tool for change control, and is often a deliverable, but it is important to understand that change management is broader than document control, and the principles of change management should enwrap and permeate a document control system.

Let’s start with a SIPOC.

SIPOC for document control

Change Management here is all about the how of the change:

  • Assess – What is the impact of our changes
  • Handle – Implementing our changes
  • Release- Using the change

All three of these are a risk-based approach, the amount of effort and rigor depends on how risky the change is. There are a few principles to keep in mind when developing that risk-based approach:

  1. Changes come in different sizes
  2. Keep your type of change control mechanisms to a manageable minimum.
  3. Have a consistent way of performing that assessment and moving between your change control mechanisms.

When I review 483s and other inspection trends one of the consistent areas is changes not going through a rigorous enough change management. They faltered on assessment, handling and/or release. It is pretty easy to put everything in the document control system and then miss a lot. (For example, those specification changes that don’t end up being filed in all appropriate markets).

So what do I recommend?

Ensure change management sits around and through document control. Build a set of standardized decision-making principles that allow a document revision to end up in the right size change control process (which can just be a document change) and then ensure there is a way to document and review those decisions. This allows us to drive continuous process improvements in this decision making.

Change Control SIPOC

Always start with a SIPOC is a mantra many of us steeped in Six Sigma have heard a lot. There is some truth to having a good visual diagram that helps define a system or project. As this blog will be discussing change management and change control quite a bit, here is a SIPOC that governs change control.


This SIPOC represents change control from the perspective of a pharmaceutical manufacturing plant. But this will apply to many manufacturing industries, though the focus on regulatory might shift.