The call comes in on a Tuesday afternoon. A client is unhappy. The team member who handled the query followed the process as they understood it, which turned out to be different from how you do it, different from how the previous person did it, and not what the client was expecting. You spend twenty minutes sorting it out, then another ten explaining to the team what should have happened. Nobody did anything wrong deliberately. The process just lived in your head.
That is the problem an SOP solves.
What is a standard operating procedure?
An SOP is a written or recorded set of instructions describing how a specific, repeatable task gets done. It names who does the task, what tools or information they need, the steps in sequence, and where the task ends. The format can be a numbered checklist, a short video walkthrough, or a flowchart. What matters is that it is written down and consistently followed.
In plain English, an SOP is your business’s answer to the question: how do we do this? It spells out who starts, what they need, what happens at each stage, and what done looks like.
The scope is deliberately narrow. One SOP covers one task, with a single owner and a clear finish point. Penn State’s Extension writing guide describes the core aim as consistent execution across staff and over time, regardless of who carries out the task. If you want anyone on your team to do a task the way you’d do it, an SOP is the mechanism.
The format is secondary. Some teams prefer a numbered list. Others record a short video of the person who knows the task best. A checklist works for short tasks; a flowchart helps where there are decision points. Whichever format the team will actually consult is the right one.
Why do SOPs matter for an owner-managed business?
For an owner-managed business with a small team, SOPs have one practical purpose: getting routine work out of the founder’s head and into a format someone else can follow without needing to ask. Every repeated task done from memory carries risk. When you write it down once, you stop being the explanation every time someone starts that task, and you reduce the chance of variation a client will notice.
American Express’ business insights team makes the point directly: SOPs free founders and managers from having to answer the same questions repeatedly. That time compounds. A business with ten clearly documented processes has ten fewer reasons to interrupt someone senior each time a routine task begins.
There is also the question of what happens when the person who knows a task best is absent. If your client onboarding process lives in one person’s head, the business is exposed every time they take leave, get ill, or move on. Writing the SOP is insurance against that fragility.
Practical guidance from small-business operators like Sparent recommends reviewing SOPs every quarter to keep them accurate. That review cadence signals how the document is meant to be used: consulted regularly, tested against reality, updated when processes change. A document written once and filed is not a system.
Where will you come across SOPs in practice?
SOPs turn up wherever the same task runs on a schedule, involves a client, touches personal data, or gets passed between people. In a services firm, that covers quite a lot: client onboarding, quoting, sending invoices, handling complaints, managing offboarding, and access control when someone leaves the team. If personal data is in the picture, UK GDPR rules make documented procedures close to essential.
Under the UK GDPR, organisations must implement appropriate technical and organisational measures to protect personal data. The ICO, the UK’s data protection regulator, makes clear that accountability obligations extend to how data is handled day-to-day, not just how it is stored. An SOP for client data entry, subject access requests, or data retention decisions is often the most direct way to demonstrate that your firm’s controls are operational rather than theoretical.
For businesses using AI tools in client work, the picture sharpens. The ICO’s guidance on AI and data protection notes that organisations remain responsible for compliance even when using third-party AI systems. The NCSC’s guidance on using AI safely in organisations makes a parallel point: the fact that a tool is AI-powered does not exempt it from normal cyber-security controls. An SOP covering what staff can and cannot paste into public-facing tools, which outputs require human review, and who signs off before a result goes to a client is increasingly practical rather than optional.
Regulated firms face the most direct requirement. The FCA’s SYSC handbook requires firms to maintain effective systems and controls with clear allocation of responsibilities. For any FCA-authorised firm, or a service provider supporting one, documented procedures are not optional.
When should you write one, and when should you skip it?
The question to ask is whether a task is repeated, client-visible, regulated, or passed between people. If two or more of those apply, an SOP is worth writing. If the work is a one-off decision, entirely bespoke, or done by a single expert with no plans to delegate, the overhead of documenting it outweighs the benefit.
American Express’ guidance draws a similar line: one-time tasks and tasks requiring a high degree of creativity are generally not suited to SOP treatment. That carve-out matters for professional services firms where a meaningful share of the work is advisory and judgement-heavy.
The practical rule of thumb from process writers is to keep SOPs to fewer than eight steps where possible. If the list grows beyond that, the task probably contains two or three distinct procedures each worth their own document. Keeping each one narrow is what makes it usable in practice.
The more common failure is writing a procedure that nobody consults. A document that was accurate when drafted but was never updated, never tested by a team member, and never reviewed ends up as shelfware. The test of a working SOP is whether the person doing the task can tell you what is missing or wrong with it. If they can, the procedure is live. If they have never read it, it serves no operational purpose.
Start narrow. Pick your five to ten most repeated client-facing or data-bearing tasks, write a single page for each, and have a colleague test it before relying on it. That is a working system. An SOP for every conceivable task in a ten-person business is not, and trying to build one will likely produce none.
How does an SOP relate to the other systems in your business?
A policy sets a rule; an SOP explains how to follow it. A process map shows the overall flow; an SOP is the step-by-step detail at each stage. In practice, founders often start with checklists, which are a compressed form of SOP. The fuller version adds context: who owns the task, what the trigger is, and what good output looks like.
If you ever build an operations manual, SOPs are what go inside it. An operations manual is a collection of procedures, typically organised by function: client delivery, finance, people, and IT. Building it starts with the individual procedures; the manual is the container they fill.
For any founder working on reducing personal dependency in the business, SOPs are the foundation layer. Delegating a task without a clear procedure asks someone to guess. Writing the procedure is the act of transferring the knowledge, which is what makes the handover real. A business where the key tasks are documented is more resilient, more scalable, and easier to hand to a team.
As AI adoption grows in owner-managed businesses, SOPs for how AI tools are used become as important as SOPs for any other client-facing process. The FCA’s AI and machine learning survey published in 2024 reinforced that governance and oversight matter as adoption increases. That governance lives in operating procedures rather than in policy statements alone. If you’ve documented your key tasks and want to layer AI on top of them, you are starting from the right place.
