Blog ISO Management Review Meetings – An overview

What is a Management Review?

A management review is a structured, formal meeting involving executive management and heads of departments and as stated above, takes place at regular periods throughout the year. It is a critical part of the embedment and for the continuous improvement of the management system. Depending upon the size, complexity and criticality of your operations, these management reviews may take place more often.

There is a difference between the ISO management review and business management meetings. The management review is purely dedicated to the requirements and efficiency of the ISO management system within its scope, whereas business meetings revolve around the day to day running of the business, production or delivery of services, staff issues, etc.

Why does a review need to happen?

The review is to check that the management system is effective, remains compliant to the standard’s requirements and is aligned to the organization’s strategic direction.  Depending upon which standard you are looking to get certified to, or are already certified to, you may include as part of your management review any regulatory or statutory requirements that your organization may be subjected to.

You will be evaluating:

• The effectiveness of the management system in place
• Any requirements to amend or improve areas of the management system
• The continued suitability of the policies, objectives, processes and procedures associated within the scope of the management system.

This is also an ideal opportunity to ensure that every level of management are aware of the status of your management system, and any changes or updates that have been incorporated since the last ISO management review meeting.

Objectives of a management review

There are numerous objectives that can be achieved through conducting management review meetings, among them are:

• Take advantage of potential improvements in areas of the organization
• Identify and address potential risks
• Assess changes that have occurred within the organization that could have an affect upon the management system
• Identify trends in the organization such as recurring complaints or problems

Who is responsible for the ISO management review meeting?

It should be a senior manager but depending upon the size and organization of your management structure it may be delegated to a junior manager. However, it must be endorsed and supported by the Managing Director, as stated in clause 5 of the ISO standard – Leadership.

The junior manager may have the responsibility for organizing the actual meeting, collecting the relevant data, but the nominated executive manager, who has overall responsibility for the management system is ultimately accountable for the review meeting and monitoring its outcomes and relevant actions.

The ISO management review process

The process for conducting the management review meeting is in 3 stages:

• Pre-meeting preparation
• The management review meeting
• Outcomes and actions

Pre-meeting preparation

This stage will help create a successful meeting. It covers the:

• When the meeting is going to take place
• Where the meeting is going to be held
• Who is required
• What the agenda comprises of

As stated previously, the meeting must take place at least annually, though for organizations that have just been certified twice a year would be better, to help identify any changes that need to be made as you settle into your ISO management system.  So a schedule should be drawn up and shared to all the stakeholders needed for the meeting.

The review meeting is chaired by the person who is responsible for the management system.  They will be responsible for informing the senior managers who are required and any others that may need to present to clarify or discuss specific issues that have arisen since the previous meeting.

The standard, clause 9.3.2, provides a comprehensive agenda for the ISO management review meeting. However, you can add additional agenda items if they will help evaluate the effectiveness and compliance of your management system.

The agenda should include (this example is related to ISO9001 but are similar in the other management systems):

• Review of outputs from previous management review meeting
• Risks and opportunities – clause 6.1
• Any changes in issues that affect your management system – clause 6.3
• External supplier performance – clause 8.4
• Customer satisfaction – clause 9.1.2
• Audit results – clause 9.2
• Nonconformities and corrective actions taken – clause 10.2

Evidence to reflect the requirements must be examined. Evidence would include:

• Previous meeting minutes
• Internal and external audit reports
• Management system documents (standard operating procedures, work instructions etc)
• Relevant logs, registers and records (customer complaints register, corrective action log, incident log, etc.)
• Policies
• Corrective actions and close-out of any management information reports
• Legal requirements register
• Interested parties and their requirements register

It is also a good time to review critical processes and their continued fit for purpose to the business.  For other standards like ISO14001 environmental and ISO22301 business continuity, you would include any new mandatory or statutory requirements that have been implemented or to be implemented, review of the annual business impact analysis.

You should review every aspect of your management system to ensure that it still performs efficiently across its scope.  It is important that all evidence presented during the management review meeting is carefully examined, if no evidence for an input is available, then this needs to be addressed immediately after the meeting.

What are the expected outcomes of the management review meeting?

Generally, the following outcomes should arise from the management review meeting:

• Improvement to business processes
• Actions to improve the management system
• Amendments to management system objectives
• Any amendments to policies and supporting documents
• Identified trends that could be risks or opportunities for the business
• Actions raised during the management review meeting
• Minutes of the management review meeting

The management review report

The minutes of the review meeting should be written up and distributed to the relevant staff, especially those who have actions that were agreed during the meeting.  Any changes that were agreed during the meeting should also be included such as:

• Any changes to the management system’s objectives and relevant actions associated with them
• Any changes to policies, processes and documented information that affect the management system
• All opportunities for improvements with relevant actions associated with them
• Any changes to current business plans, resources for the management system and budgets

Relevant areas of the minutes need to be shared to all staff, so they remain informed of upcoming changes, and can see areas of success or opportunities.

Actions after the management review meeting

A designated member of staff (senior executive) should check that any actions agreed during the meeting have been started, in progress or completed.  Those that aren’t should be investigated and further actions taken if necessary.

Assess any changes to policies, objectives, or processes to ensure that they fulfil their expected requirements. These would be done on a departmental basis that are within the scope of the management system.  Outcomes of these actions will be reviewed at the next management review meeting.

Written by Ted Spiller, CertiKit’s Compliance Consultant

More ISO Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.

More ISO Guidance