🏭Building Your First ICM Factory: An in-depth example for Builders

Bas Rosario

12h (edited) • 💬 General discussion

The last post I made was about the "what" and "why" of ICM.

This one will be the "how."

Actual folder structures, actual contracts.

(If you've been wanting to try this but didn't know where to start, this is your blueprint.)

⭐ I'm going to walk through a real use case:

(➡️ Adapt this to your own SOP)

(Client) You're an IT Manager at a life sciences company and you need to automate SOP (Standard Operating Procedure) change control.

If you've worked in pharma, biotech, or medtech, you know this pain. A single SOP change touches document control, impact assessment, reviewer routing, training assignments, and compliance sign-off.(or its supposed too anyway 😅)

It's manual, it's slow, and it generates audit findings constantly.

📝Note* Every audit finding costs real money and real time. A single finding can trigger a CAPA (Corrective and Preventive Action), which means someone has to investigate the root cause, document the fix, implement the fix, verify the fix worked, and then prove all of that to an auditor. That's hours of work per finding, across multiple people.

🥅 The goal of the workflow below is to take an SOP change request, from the moment someone submits it, all the way through to a revised document with the right reviewers assigned and the right people flagged for retraining, without a human having to manually route, classify, chase approvals, or figure out who needs to be retrained.

We're going to build an ICM workspace that handles the intake-to-approval pipeline. And we're going to do it using the 60/30/10 ratio so you can see exactly how the layers map to real architecture.

Now for the 👇

🗂️ The Folder Structure ( Your 60%) ←

✅ This is your deterministic (predictable) infrastructure.

It doesn't change, it doesn't need AI, and it does most of the heavy lifting.

sop-change-control/

├── CLAUDE.md

├── CONTEXT.md

├── _config/

│ ├── compliance-rules.md

│ ├── reviewer-matrix.md

│ ├── sop-template.md

│ └── training-requirements.md

├── references/

│ ├── change-categories.md

│ └── impact-assessment-criteria.md

└── stages/

├── 01-intake/

│ └── CONTEXT.md

├── 02-impact-assessment/

│ └── CONTEXT.md

├── 03-reviewer-routing/

│ └── CONTEXT.md

├── 04-draft-revision/

│ └── CONTEXT.md

└── 05-training-assignment/

└── CONTEXT.md

💭 Notice what's happening here. The folder structure IS the workflow. There are No frameworks, no orchestrations libraries, no dependency graph in code. Just folders, and markdown files (.md)

A new team member (or a new AI agent) can open this directory and immediately understand what happens, in what order, and where to look.

💪 That's the 60%. It's just files and folders. And it's doing most of the work. 🗝️

Now for the 👇

📜 The Stage Contracts (Your 30%) ←

This is orchestration. Rules, routing logic, guardrails.

Each stage has a CONTEXT.md that acts as a contract.

(When I first started ICM, this was the place I spent the most time refining, it still is)

Here's what a real one looks like:

📜 (Stage 01: Intake Process Contract)

# Stage 01: Intake

## Input

Submitted form → Change request details (contains SOP ID, requested change, justification)

_config/compliance-rules.md → GxP classification rules (determine regulatory impact)

references/change-categories.md → Category definitions (classify as Minor, Major, or Critical)

## Process

1️⃣ Step 1: Extract change request fields

Pull SOP ID, section affected, change description, submitter, justification.

2️⃣ Step 2: Validate completeness

Confirm all required fields are present. If missing, flag and return to submitter.

3️⃣ Step 3: Classify the change

Using change-categories.md, assign exactly one category: MINOR, MAJOR, or CRITICAL.

4️⃣ Step 4: Tag regulatory impact

Using compliance-rules.md, flag if change affects GxP-regulated content (21 CFR Part 11, EU Annex 11).

## Output

Classified change request:

{ sop_id, section, description, submitter, category, gxp_flag, justification }

## Completion

Pass classified request to stages/02-impact-assessment/ ️ ⬅️️ Moves to the next steps

🧨 (Stage 02: Impact Assessment)

# Stage 02: Impact Assessment

## Input

Stage 01 output > Classified change request with category and GxP flag

_config/compliance-rules.md > Regulatory requirements (determine submission needs)

references/impact-assessment-criteria.md > Risk scoring framework

## Process

1️⃣ Step 1: Evaluate patient safety impact

Using impact-assessment-criteria.md, determine if the change affects processes

that touch patient safety, product quality, or data integrity.

2️⃣ Step 2: Evaluate cross-department scope

Determine if the change affects SOPs referenced by other departments or shared processes.

3️⃣ Step 3: Score overall risk

Apply the risk scoring framework (1-5 scale) based on safety impact, scope,

and regulatory exposure.

4️⃣ Step 4: Flag regulatory submission

If the change affects GxP-regulated content and risk score is 4+,

flag for regulatory submission package.

## Output

Risk-scored assessment:

{ sop_id, section, description, submitter, category, gxp_flag, risk_score,

patient_safety_flag, cross_dept_flag, regulatory_submission_required }

## Completion

Pass risk-scored assessment to stages/03-reviewer-routing/ ⬅️️ Moves to the next steps

🔍 (Stage 03: Reviewer Routing)

# Stage 03: Reviewer Routing

## Input

Stage 02 output > Impact assessment with risk score (determines approval level)

_config/reviewer-matrix.md > Department approval chains (route to correct reviewers)

_config/compliance-rules.md > Regulatory sign-off requirements (add QA if GxP-flagged)

## Process

1️⃣ Step 1: Match department to approval chain

Using reviewer-matrix.md, identify the reviewers for the affected SOP's department.

2️⃣ Step 2: Escalate based on category

MINOR: Department lead only.

MAJOR: Department lead + QA representative.

CRITICAL: Department lead + QA + Regulatory Affairs + Site Director.

3️⃣ Step 3: Add GxP overlay

If gxp_flag is true, add Quality Assurance as mandatory reviewer regardless of category.

4️⃣ Step 4: Build reviewer list with deadlines

Assign review deadlines: MINOR = 5 business days, MAJOR = 10, CRITICAL = 15.

## Output

Reviewer assignment:

{ sop_id, reviewers: [{ name, role, deadline }], escalation_level, gxp_review_required }

## Completion

Pass reviewer assignment to stages/04-draft-revision/ ⬅️️ Moves to the next steps

See the pattern? Each stage reads specific files, follows numbered steps, and produces structured output for the next stage. The AI doesn't decide what to do. The contract tells it. That's the 30%.💪

✏️ (Stage 04: Draft Revision)

Stage 04: Draft Revision

##Input

Stage 03 output → Reviewer assignment with approved change details

_config/sop-template.md → Standard SOP document format

_config/compliance-rules.md → Regulatory language requirements (GxP phrasing constraints) Current SOP document → The existing version of the SOP being changed

##Process

1️⃣ Step 1: Load the current SOP version

Retrieve the existing document for the SOP ID from the change request.

2️⃣ Step 2: Identify the affected section

Using the section field from the change request, locate the exact section to revise.

3️⃣ Step 3: Draft the revision

Using sop-template.md for structure and compliance-rules.md for required language, integrate the approved change into the existing section. Preserve all unchanged content. Maintain document formatting, numbering, and cross-references.

4️⃣ Step 4: Flag compliance language

Verify the revised section uses required regulatory phrasing. If the change touches GxP-regulated content, confirm 21 CFR Part 11 language is intact.

5️⃣ Step 5: Generate revision metadata Record version number increment, revision date, change summary, and author (submitter from original request).

##Output

Draft revision package: { sop_id, version_new, revision_date, changed_section, draft_text, compliance_check_passed, revision_summary }

##Completion

Pass draft revision package to stages/05-training-assignment/ ⬅️ Next stage

🎓 (Stage 05: Training Assignment)

Stage 05: Training Assignment

##Input

Stage 04 output → Draft revision package with changed section

details _config/training-requirements.md → Role-to-SOP mapping (which roles use which SOPs) _config/reviewer-matrix.md → Department structure (identify affected teams)

##Process

1️⃣ Step 1: Identify affected roles

Using training-requirements.md, cross-reference the changed SOP ID and section against the role mapping. Pull every role that references this SOP in their required training.

2️⃣ Step 2: Determine training scope

MINOR change: Read-and-acknowledge only (employees confirm they've read the update). MAJOR change: Read-and-acknowledge plus competency verification (quiz or supervisor sign-off). CRITICAL change: Full retraining session with documented assessment.

3️⃣ Step 3: Build training assignment list

For each affected role, generate an assignment with: employee role, training type, completion deadline (30 days from SOP effective date), and the specific section that changed.

4️⃣ Step 4: Flag cross-department impact

If cross_dept_flag from Stage 02 is true, extend training assignments to roles in all affected departments, not just the SOP owner's department.

##Output

Training assignment plan: { sop_id, version_new, effective_date, assignments: [{ role, department, training_type, deadline, changed_section }], total_affected_roles, cross_dept_training_required }

##Completion

🎯 Final stage. Output the complete change control package:

Classified change request (Stage 01)
Risk assessment (Stage 02)
Reviewer assignments (Stage 03)
Draft revision (Stage 04)
Training plan (Stage 05)

Ready for human review and approval. ✅

Now for the 👇

🧠 The AI Judgment (Your 10%) ←

🤖 Here's where the AI actually earns its keep, and notice how small this layer is:

1️⃣ In Stage 01, the AI reads a free-text change justification and classifies it against the category definitions. That's judgment. A human wrote the justification in natural language, and the AI interprets whether it's a Minor formatting fix or a Critical process change.

2️⃣ In Stage 02, the AI reads the impact assessment criteria and scores risk. It's weighing factors like "does this change affect patient safety" or "does this change cross departmental boundaries." The criteria are deterministic (that's the 30%) but applying them to a specific change request requires interpretation (that's the 10%).

3️⃣ In Stage 03, the AI does almost nothing. Reviewer routing is a lookup against the reviewer matrix, escalation follows fixed rules based on category, and deadlines are hardcoded. This is the stage that proves the point. If you built this whole pipeline and Stage 03 is basically a deterministic lookup with zero AI judgment, that's the 60/30/10 working exactly as intended. Not every stage needs the AI to think. Most shouldn't.

4️⃣ In Stage 04, the AI drafts the revised SOP section using the existing template and the approved change description. It's writing, but it's writing inside tight guardrails: the template structure is fixed, the compliance language is fixed, the only creative work is integrating the specific change into the existing document flow.

Everything else, the folder structure, the reviewer matrix, the compliance rules, the routing logic, the training requirements, is deterministic. (predictable)

💡It doesn't need AI. It needs good files.

📋 The Workspace Router (CLAUDE.md)

🪢 This is what ties it all together.

Your L1 router tells the agent what to load and what to ignore at each stage:

# SOP Change Control Workspace:

(L1) Automate SOP change request intake through reviewer assignment and training notification.

## What to Load

stages/{current}/CONTEXT.md > Always > Current stage contract

_config/compliance-rules.md > Stage 01, 02 > GxP classification

references/change-categories.md > Stage 01 > Change classification

references/impact-assessment-criteria.md > Stage 02 > Risk scoring

_config/reviewer-matrix.md > Stage 03 > Approval routing

_config/sop-template.md > Stage 04 > Revision drafting

_config/training-requirements.md > Stage 05 > Training assignment

## What NOT to Load

Full SOP document library > Only load the specific SOP being changed

HR system data > Reviewer matrix is the source of truth

Previous change requests > Each request is independent

Audit trail history > Not needed for processing

## Stage Progression

1. 01-intake: Classify the change request

2. 02-impact-assessment: Score risk and regulatory impact

3. 03-reviewer-routing: Assign reviewers based on category

4. 04-draft-revision: Draft the SOP revision

5. 05-training-assignment: Identify affected roles and assign retraining

That "What NOT to Load" section is critical. Without it, the agent will try to be helpful and pull in the entire SOP library, previous change records, HR data, whatever it can find. The exclusion list gives it permission to stay focused.

🎯 Now for what it takes to 👇

🔧 Get This Running

You don't need special tooling. Here's the actual setup:

1 Create the folder structure above in your project directory

2 Write your CLAUDE.md at the root level that routes to this workspace

3 Fill in your _config files with your actual data (reviewer names, compliance rules, SOP template)

4 Open Claude Code (or your agent of choice) and point it at the workspace

5 Give it a test change request and watch it walk through the stages

The agent reads L0 (root router), finds the workspace, reads L1 (load tables), enters Stage 01, reads L2 (stage contract), and executes. When it finishes Stage 01, the completion instruction tells it to pass output to Stage 02 and continue.

📝Note: Your first run may be rough. (mine was)

That's fine. The beauty of ICM is that debugging is just reading markdown files and asking, "did the contract say the right thing?" If the output was wrong, fix the contract, not the prompt.

📚 Resources

If you want to go deeper into the methodology and the thinking behind it:

Jake's full Foundation lesson: 0.1: Where All Of This Leads

The full CliffNotes classroom: CliffNotes Classroom

The original ICM repo: RinDig/Interpreted-Context-Methodology

The academic paper: Folder Structure as Agentic Architecture

Jake on TikTok for short-form breakdowns: TikTok

If you try this, or a variation, let me know how it went or what your workflow is handling below. 🤙

👋😊❤️‍🔥 Bas

We learn together, We grow together, We win together! 🏆

12 comments