Management Reviews – Do they catch you out?

Management Reviews are a requirement of all the ISO Standards that I audit/ consult. It is very clear what is required as the inputs and outputs are listed in Clause 9.3. Many companies have certification to more than one of the Standards and tend to use ISO 9001 as the base standard. They have then (sensibly) used the items listed in the Clause as the standard agenda for the meetings – a great way of making sure that nothing gets forgotten. However, care must be taken when doing this as not all Standards have the same requirements – there are specifics relating to the individual Standard which can be missed if looking only at ISO 9001. For example: ISO 14001 includes compliance obligations, significant environmental aspects, fulfilment of its compliance obligations; ISO 45001 includes legal requirements and other requirements, trends in incidents, evaluation of compliance with legal requirements, consultation and participation of workers.

The Standards do not state how often Management Reviews should be carried out. It does state that Top Management shall review the lists of items and it might be beneficial to have other staff included – think consultation and participation of workers (ISO 45001). Some companies have one Management Review a year, others have them more frequently, I have seen 6 a year.

I consider one of the best approaches is to have regular management reviews – Do they catch you out?, use the Clause (being careful to include all Standards as above) as an agenda template and to identify which scheduled Management Review meeting will consider which of the inputs. For example you may want to review your Aspects and Impacts Register once a year, Risks and Opportunities every quarter, objectives at each meeting.

Please note that the Standard has listed what is required. There is no reason why you can include other items, such as Christmas party arrangements.