The CRM Governance SOP Template
A practitioner checklist for teams who are done with dirty data, broken dashboards, and pipeline numbers that do not match reality.
"I have spent fifteen years inside marketing ops and RevOps functions at Deloitte, Tesco, Tata, and Godrej. The single most consistent failure I saw was not tool selection. It was governance. Teams would invest in Salesforce or HubSpot, spend six months configuring it, and then watch it degrade within a year because nobody owned the data model, nobody controlled field creation, and nobody could agree on what a qualified lead actually meant. This checklist is the operating model I use when I start a CRM governance engagement."
— Tejas Dhabalia, Co-founder, DS Consulting
Why this matters
Recent IBM’s 2025–2026 research shows that poor data quality is still a major commercial risk. IBM says more than a quarter of organizations now estimate annual losses of over USD 5 million from poor data quality, while Salesforce reports that siloed systems and poor data quality remain the top barriers to AI-driven personalization. At the execution level, only one in four marketers are satisfied with how they use data for personalized engagement, and Validity found that 76% of CRM users say less than half of their CRM data is accurate and complete. This checklist is the operating model I use when I start a CRM governance engagement. It is the minimum you need to stop the bleeding and build something sustainable.
Section 1: Data model and taxonomy
Define a single owner for each core object: Lead, Contact, Account, Opportunity.
Ownership means accountability for field standards, required fields, and data quality within that object — not just admin access.
Publish a field glossary with approved definitions for all fields used in reporting.
Include: field name, object, definition, who populates it, and acceptable values. A field without a definition is a liability.
Agree on a single definition of 'qualified lead' across marketing, sales, and RevOps — in writing.
Store it in the CRM description field and your internal wiki. If it is not written down, it does not exist.
Set required fields at each lifecycle stage transition.
A lead should not be able to move to MQL without meeting defined criteria. Enforce this in the platform, not just in policy.
Document and enforce a naming convention for all custom fields.
Example: [Team]_[Category]_[Descriptor]. The convention must be enforced before any new field is created, not retroactively.
Section 2: Lifecycle stage governance
Document every lifecycle stage with entry criteria, exit criteria, and an SLA.
Entry: what must be true to enter. Exit: what triggers movement. SLA: how long a record can sit before escalation is triggered.
Implement automated stage-move rules where the criteria are objective.
Manual stage movement is the leading cause of stage drift and reporting unreliability. Automate what can be automated.
Define what happens to a record when it fails to progress past SLA.
Recycle to nurture, reassign, or disqualify — it must be documented, automated, and owned.
Set up a weekly stage health report: volume, velocity, and SLA adherence by stage.
This report should go to the revenue leadership team without prompting. If it requires manual assembly, it will not survive.
Document lead routing rules by geography, segment, account size, and product line.
Routing exceptions must also be documented. Unrouted leads are invisible leads — they exist in your system but not in anyone's accountability.
Section 3: Change control
No new custom field created without a written request stating the business use case.
Include: requestor, use case, reporting dependency, field owner, approval sign-off. A field request is a data model change.
All workflow and automation changes logged in a change register before deployment to production.
Log: change description, expected impact, deployment date, owner, and rollback plan. No exceptions for 'quick fixes.'
A sandbox environment exists and all changes are tested there before production.
Zero-day production changes are not acceptable for any workflow that touches revenue data or reporting.
A quarterly audit of unused fields, inactive workflows, and orphaned records.
CRM entropy compounds. Without scheduled cleanup, technical debt becomes a migration project within three years.
A named admin owns the CRM change control process.
This does not require a full-time role. It requires a named, accountable person. Shared ownership means no ownership.
Section 4: Measurement and reporting governance
Publish a single metric definition document that all teams sign off on.
Include: MQL, SQL, SAL, Opportunity, Win Rate, CAC, LTV, Churn — and the exact CRM logic behind each definition.
All executive dashboards source from the same CRM reports, not from manual exports.
If the CEO's pipeline number differs from the CRO's, you have a governance problem, not a data problem.
Finance and CRM pipeline reconciliation happens monthly, not quarterly.
The further apart these reconciliations happen, the larger the discrepancy becomes, and the harder it is to trace.
All attribution rules are documented, versioned, and approved before any model change.
Changing attribution methodology mid-year without documentation makes all historical comparison invalid.
Section 5: Integrations and data flows
Document every integration: source system, destination system, sync frequency, and field mapping.
If you cannot draw a complete data flow diagram in 30 minutes, you do not have enough documentation.
Identify the system of record for each data type: contact data, account data, deal data.
Two systems cannot both be the source of truth for the same field. Decide once, document it, enforce it.
Set up integration error monitoring with named ownership and a response SLA.
Silent sync failures are the most dangerous category of data quality problem. By the time someone notices, months of data may be corrupt.
Map the data flow from web form to CRM to MAP to finance for your top three lead sources.
Gaps in this map are where leads disappear without anyone knowing. These gaps are invisible by definition until you look.
How to score yourself
You have a defensible operating model. Focus on maintenance and edge cases.
Visible gaps that will compound. Prioritise Sections 3 and 4 first.
Revenue is leaking and you cannot see it. This is the most common state.
If you scored below 60%, the gaps in Sections 3 and 5 have the longest remediation lead times. Start there before investing in new automation or AI capabilities.
Common questions
What is a CRM governance SOP?
A CRM governance SOP (Standard Operating Procedure) is a documented operating model that defines who owns each data object, how fields are created and named, what change control process applies to automation and workflow changes, how lifecycle stages are defined, and how reporting definitions are locked and maintained. Without it, CRM data degrades within 12 to 18 months of go-live regardless of platform.
How do I know if my CRM governance is broken?
The symptoms are consistent: leadership cannot agree on a single pipeline number, marketing and sales use different definitions of a qualified lead, dashboards require manual reconciliation before every board meeting, duplicate records grow faster than they are cleaned, and new automation creates unintended consequences nobody can trace.
Does this checklist apply to HubSpot and Dynamics, or only Salesforce?
The governance principles apply to any CRM platform. The terminology in this checklist is platform-agnostic. Whether you run Salesforce, HubSpot, Microsoft Dynamics, or a combination, the same data model discipline, change control, and lifecycle governance is required.
Get the PDF checklist
Download the complete CRM Governance SOP Template as a PDF — formatted for team use, with fillable checkboxes and methodology notes.
Marketing Ops and MarTech leader. Former Deloitte, Tata, Tesco, and Godrej. Specialises in CRM governance, lifecycle orchestration, and revenue operations.
LinkedIn →Not sure where you stand?
Take the Leaky Funnel Audit to get your Revenue Visibility Score in under 5 minutes.
Take the audit