Clause 9.3 Management Review (secrets)

By
Table of Contents
[Open][Close]



This clause could be considered one of the cornerstones of the ISO 9001:2015 standard. It is guided by the principles of ‘check’ and ‘act’ from the Plan, Do, Check, Act model for continual improvement. The requirement states that you ‘shall’ conduct management reviews, but as usual it is non-prescriptive in that it does not offer guidance on the frequency of management reviews. Don’t miss-interpret this requirement as meaning your annual management review. You can have a management review as often as you desire. When you consider that management review is a crucial driver of continual improvement, it’s a good idea to have a management review as often as possible. If you already have a daily, weekly or monthly meeting where you discuss the process, safety and/or environmental issues then these are your management reviews.

There is no requirement for you to refer to any of these meetings as management reviews, you can call them whatever you like including but not limited to:

  • Update meeting
  • Action review meeting
  • Team cadence meeting
  • Idea generation meeting
  • Planning meeting
  • Problem-solving meeting
  • Decision-making meeting
  • Issue resolution meeting
  • Broadcast meeting

If any of the above names sound familiar to you then there is no requirement to change the name of your existing meeting. ISO 9001:2015 has specific requirements for agenda items for both the inputs and outputs of management review meetings, which you might have to make adjustments for, but you don’t have to change much else. There is a list of thirteen input requirements listed in clause 9.3.2 but these do not have to be included in their totality for ‘all’ management review type meetings. If you currently conduct a management review type meeting every month, then simply spread the list of thirteen input requirements across the 12 months.

There is no requirement for you to hold a physical meeting in a boardroom type situation. Your management review meetings can be held virtually using Teams, Zoom or a telephone conference call etc. What’s important is that in the eyes of ISO 9001:2015 your management review meetings contribute towards the continual improvement process. It’s important to note, the requirement begins with the statement ‘Top management shall’, this indicates that top management ‘must’ attend the meeting. ISO 9000:2015 defines the term ‘top management’ as:

person or group of people who directs and controls an organization at the highest level

ISO 9002 provides the following information:

For an organisation, “top management” may include, for example, the chief executive officer, managing director, general manager, chairman, board of directors, executive directors, managing partner(s), single owner, partner(s) and senior executives/managers. Top management has the power to delegate authority and provide resources within the organisation. If the scope of the management system covers only part of an organisation, then top management refers to those who direct and control that part of the organisation.
(Source ISO 9002:2015)



Management review is required by the standard so that your organisation can have a mechanism by which to align its strategic direction and achieve the objectives and intended outcomes of its business activities. This review process is a function of top-management and will therefor requirement commitment from leadership. The purposes of management review meetings are many, but from a high-level perspective they are used to determine if the management system is:

  1. Suitable and aligned with the needs of the organisation
  2. Implemented; is the management system implemented correctly?
  3. Maintained; is the management system maintained correctly?
  4. Effective; is the management system achieving continual improvement?

Management Review Inputs

Let’s now begin the thirteen management review input requirements of clause 9.3.2:

  1. The status of previous actions; most management review meetings begin with something along these lines: ‘the status of previous actions’ does that sound familiar? What also might be familiar is how the room now goes quiet as those who were supposed to complete last month’s actions have failed to do so. This is largely a matter of roles, responsibilities and authorities not having been correctly assigned resulting in accountability issues.

  2. Changes to internal/external issues; do you remember that PESTLE analysis that you performed way back at clause 4.1? These are the issues that determine your organisation’s context and as a reminder includes political, economical, social, technological, legal and environmental issues. This is the opportunity to ask yourself if anything has changed concerning these issues. It was for this reason that I mentioned back then that your PESTLE analysis is a dynamic process and subject to constant change.

  3. 1. Customer satisfaction; your customer/s are the centre of both your organisation and your management system. The management system is designed to continually improve your interactions with the customer and the sustainability of your organisation. Capturing and analysing customer feedback is crucial to these processes as we discussed back in clause 9.1.2.

2. Achieving objectives; time to discuss how well you are progressing against achieving both your global and local objectives. Analysis of key performance indicators and statistical data will help identify to what extent your objectives are being achieved. The achievement of objectives is a measure of where your organisation is concerning its strategic direction.

3. Non-conformity and process performance; are your processes implemented correctly and performing effectively? How could you answer that question? Well, it’s quite simple, you perform internal audits against process performance and product conformity. Process deficiencies will lead to product or service non-conformities. Non-conformances cost both time and money, and to avoid them, perform audits and management reviews regularly.

4. Non-conformities and corrective actions; will be discussed in more detail in clause 10.2. Suffice to say that corrective actions are imitated by the internal audit process and discussed at management review. Actions ‘open’, and actions ‘closed’ are agenda topics for management review. A review of the effectiveness of corrective actions should also occur with a management review meeting.

5. Results from monitoring and measuring; back a clause 9.1.3 we discussed the requirements for the analysis of the data from your monitoring and measuring efforts. Where’s the best forum to conduct that analysis? You guessed, management review of course.

6. Audit results; the output of your internal auditing includes your audit reports. Audit reports might contain opportunities for improvement (OFI’s), non-conformances and recommendations. Management review will discuss these in terms of resources, times, roles, responsibilities and authorities and finance etc.

7. External providers; begin by analysing the high-risk points first, those risk points that could potentially harm the customers if your contractors or suppliers cause an error. It’s quite impossible to deal with every subject and topic and so adopting a risk-based approach is the best cause of action. High on the list of discussion topics should be any applicable legal requirements.

(d) Resources; who ‘shall’ provide resources? Well, according to clause 5.1(e) – it’s the responsibility of top management. Management review is the place to do this and items for discussion might include: budgets, time, logistics, training, roles, responsibilities and authorities and management system maintenance.

(e) Risks and opportunities; your PESTLE analysis at clause 4.1 provided food for clause 6.1 where you are required to make plans to address those risks and opportunities. How effective are those plans? Well, a great place to ask that question would be a management review meeting don’t you think?

(f) Opportunities for improvement; now we get to the heart of the management system, continual improvement. Opportunities for improvement can come from all directions including: internal audits and the corrective action process, observations, customer feedback, employee suggestions, benchmarking competitors, innovation, technology, materials study and brainstorming sessions during management review etc.

Depending upon the context and complexity of your organisation, management review can be a complicated activity. Considering this, it’s best to have a planned, structured approach to conducting and recording your management review activities. A simple recording of the meeting minutes might not capture and record the complexities of the meeting in a structured approach. A table containing the following header fields might be a good idea:

  • Date/time
  • Attendance
  • Agenda
  • Actions
  • Roles, responsibilities and authorities
  • Time objectives
  • Actions open
  • Actions closed
  • Risks
  • Opportunities for improvement

Store this record according to time and date in a secure location that has document control applied and also ensure that it is backed up. Ensure that this document is available for inspection by both internal auditors and by any 3rd party auditor should they wish to do so.

Management Review Outputs

There are three categories of outputs from management review required by ISO 9001:2015 including:

  1. Opportunities for improvement; this describes the whole point of conducting management reviews and the objectives of ISO 9001:2015 – continual improvement. You are asking yourself how can we improve and do things better?” Of course, this question applies to everything that you do concerning the products and/or services to the customer. There may be issues of budget here, with an endless pot of money one could potentially apply endless improvements. Considering this, try to apply those opportunities that are close to positively affecting the customer.

  2. Applying changes; do you need to make a change to achieve improvement? If so, what might these changes be? Change might include: new equipment, new staff, training, changes to IT systems, changes to machinery, changes in the operating environment, changes to processes, changes in communication and changes in customer services etc.

  3. Resource requirements; if resources are required to drive change and continual improvement, management reviews are a good place to state your case and submit your requests for them. The key here is to demonstrate that the resources you require ‘will’ result in a continual improvement to products and services delivered to the customer, and the effectiveness of the management system. Let’s not forget the clause requirements of clause 5.1.1(e) and 7.1.1 where top management is required to provide the resources necessary for the implementation and maintenance of the management system.

You can refer to the issues raised for improvement during management review as actions, corrective actions, opportunities for improvement or anything that you want. The main thing is that they are captured and time frames, budgets, roles, responsibilities and authorities and objectives are assigned formally and entered into the management system process for continual improvement. You are required to maintain documented information about your management review process.

14001:2015 Requirements

ISO 14001:2015

Although the wording is slightly different, the requirements for ISO 14001:2015 remain essentially the same except for the following:

Inputs to management review

9.3(b3) Changes in environmental aspects; have you made changes to your documented environmental aspects that cause a change to your environmental impacts? For example, have you changed from using a toxic chemical to using a non-toxic equivalent? This would be a positive change to your environmental aspects.

9.3(d3) Fulfilment of compliance obligation; are you meeting both your legal compliance and the compliance to customer and management system requirements? How are you documenting this? Some organisations capture legal compliance into a form, which they refer to as a ‘legal register’. Clause 6.1.3 requires that you document your legal compliance obligation, but you can call the document whatever you wish.

9.3(f) Relevant communications and/or complaints from interested parties; the term ‘relevant’ is important here. You decide what’s relevant or not as the case may be. I would imagine that communications from regulators, insurance companies and customers etc. are relevant. Put complaints from customers at the top of the list of importance and resolve them quickly.

Outputs to management review

The suitability, adequacy and effectiveness of the management system; are your internal audits continuing to identify non-conformances? Are you receiving high numbers of customer complaints? Are you failing to achieve your objectives?

Opportunities to integrate the EMS with other business processes; can integrate your EMS requirements with those of the QMS systems? Process control, training, communication and resource requirements are easy to align with your QMS, are you able to do this?

Implications for the strategic direction of the organisation; are you achieving your objectives, business goals and the intended outcomes of your EMS?

ISO 45001:2018 Requirements

ISO 45001:2018

Inputs to management review

9.3.2(b2): See 9.3 (d3) above.

9.3(d) Incidents, non-conformities and corrective actions; are you capturing and recording your incidents and near-misses? Non-conformities’ should be identified during your internal auditing and reported through to management review so that corrective actions can be raised. Are you doing this?

9.3(d5) Consultation and participation of workers; are you discussing the results of consultation and participation of workers during your management review meetings? This consultation might include training requirements, hazard identification processes, hazard control processes, safe working environments, PPE and communications etc.

Outputs to management review

Excluding reference to environmental aspects and impacts, read the same as those for ISO 14001:2015 regarding OH&S in place of EMS.

For auditors:

  • Check the required agenda inputs to management review for ISO 9001:2015, ISO 14001:2015, and/or ISO 45001:2018 are being met.
  • Check the required outputs to management review for ISO 9001:2015, ISO 14001:2015, and/or ISO 45001:2018 are being met.
  • Check to establish that a line-of-sight is being understood and established between internal audits and customer complaints through to the management review process.
  • Check that corrective actions are being closed and reviewed for effectiveness.
  • Check for roles, responsibilities and authorities concerning the corrective action process.
  • Check that adequate resources are made available for effective management system implementation and effectiveness.
  • Check that the management review process results in continual improvement.

Other questions that I will answer in further articles:

  • How do you write a management review?
  • Who should attend the management review?
  • How do you do a management review meeting?
  • Who should chair a management review meeting?
  • What are the three 3 types of review meetings?
  • Why should meeting agendas be framed?
  • What is the scope of a management review?

References: www.iso.org

ISO 9000:2015

ISO 9002:2015

Please be kind, share and create a link back to this article.


(c) All content is copyrighted to ISO Training,UK All rights reserved 2022.

You cannot copy content of this page