deGRANDSON Global Blog

ISO 9001 Management Review: DOs and DON'Ts

Written by Dr John FitzGerald | Jan 5, 2023


Practical advice on compliance with Clause 9.3 requirements: The periodic management system review is an opportunity not to be missed

ISO 9001 Clause 9.3.1 requires that 'Top management shall review the organization's quality management system, at planned intervals, to ensure its continuing suitability, adequacy, and effectiveness.'

Is this just a 'rubber stamp' activity, or would you like to benefit from the requirement? If your answer is the latter, here are some examples of how you can make the most of periodic ISO 9001 review meetings.

The diagram shows that Management Review is the top-level Control and Management activities common to all ISO Management System Standards. As such, it must be done well if the organization is to gain maximum benefit from the significant resources invested in implementing and maintaining an ISO Certification.

And here are some examples of DOs and DON'Ts relating to Management Reviews and getting the most from compliance with the requirements ...

Do's and Don'ts of Performing Management Reviews

 

DO's

 

  • Do take full advantage of the Process ApproachCheck that your Process Map is up to date. Have any new processes or procedures been introduced this past year? What do internal and external audits and the analysis of non-conformances tell you about how well processes are controlled? Which ones have the most significant risk for the organization, where additional controls are needed, and where the critical processes are accurately identified? A brainstorming session to review and revise a process map might be very rewarding.

 

  • Do apply Risk Management methods progressively for all critical Processes. Review your risk assessment and treatment plans against outcomes - again, the results of the internal and external audit - and the analysis of non-conformances. If you're not using formal risk assessment and risk treatment, now is the time to start.  While it is not a requirement of ISO 9001, there are real business benefits, mistakes to be avoided, and profits to be made. Focus on the critical processes that are most likely to affect customer satisfaction. Risk assessments are 'live' documents and must be updated regarding experience and changes in the organization, its products and services, customer requirements, etc. But don't underestimate how much time and effort is needed to create and later revise risk assessments. Prioritize your critical processes and plan sessions once a week or once a month to address them.

 

  • Do integrate Quality Objectives. If your organization has KPIs (Key Performance Indicators), don't consider them different from Quality Objectives. That's because KPIs are Quality Objectives, and their integration into your Quality System will build credibility in its usefulness, especially with those who view it solely as a  burden on the business.

 

  • Do introduce adequate Calibration Control (where applicable). Inadequate calibration control is a common weakness for many businesses for whom accurate monitoring and measurement are critical to success.  Too often, no dependable records justify the adequacy of the measurement devices chosen. The frequency of recalibration is dictated by calibration laboratories to maximize income and/or suit the schedules of calibration technicians (if too infrequent, erroneous results may be recorded).  If either of these situations applies to your organization, you must act. In particular, you should consider the need for switching rules to a higher or lower frequency of calibration checks based on the history of adjustments to calibrated devices. 

  • Do exploit your Internal Auditor training, especially regarding improvementInternal auditing should not be a 'box ticking' exercise but an engagement between the auditor and the interviewees to confirm compliance with requirements (the primary purpose of the audits - see ISO 9001 Courses) and elicit suggestions for improvement. The occasion of the audits is one of the few times in the year when the opinions of those who are most intimately involved in the day-to-day work of the organization can be collected.  The opportunity is there, so make sure you maximize it. 

 

 

Here is the image map of available ISO 9001 Courses. Click on any course you are interested in to learn more about it, including the course content, learning materials, etc.

 

  • Do promote your QMS Certification and the capabilities and Customer Satisfaction it affirms. This may seem obvious, but it is surprising how often organizations do not publicize their ISO Certification on promotional websites, publicity materials, and elsewhere. With prospective customers especially, your Certification goes beyond being a piece of paper and offers independent proof of your organization's capabilities.

    It is in this context that marketing and sales personnel should use it.  ISO Certification is not the 'property' of the Quality Department. It would be best if you took action to ensure that every function exploits its potential for improved business. And the Management Review Meeting is an ideal opportunity to consider how best to maximize the benefits of ISO 9001 Certification.

 

DON'Ts

  • Don't conduct a Management Review without a written agenda covering all the mandated inputs, outputs, and other requirements of Clause 9.3.

 

  • Don't hold the Review Meeting without top management present. It is for them to decide whether the management system's performance is satisfactory, decide on improvement actions required, and commit any additional resources needed.

 

  • Don't circulate reports at the Review Meeting, as that's too late. Issue reports seven days before the meeting so that attendees will have time to study the words, identify issues of concern, and consider options for performance improvement.

 

Click on the image thumbnail to see it in full size, or click the button on the other side to go to our ISO auditor overview page and learn more about our courses.

To conclude:

We hope you find some of these improvement suggestions helpful. Perhaps they will 'spark' other possibilities for you and provide some 'food for thought.'  

 

Related Articles

 

deGRANDSON Global is an ISO Certified Educational Organization

In October 2021, we secured Certification for three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

  • ISO 21001, Educational Organizational Management System,
  • ISO 29993, Learning Services outside formal Education,  and
  • ISO 29994, Learning Services – additional requirements for Distance Learning.

We have chosen ISO 21001 certification because it is based on independent third-party assessment, unlike IRCA and Exemplar badges (which we believe are commercially compromised).  It is a 'university grade' standard globally by schools, colleges, and universities to demonstrate competence.

We provide ISO9001, ISO 13485, ISO 14001, ISO 17025, ISO 27001, ISO 45001, GDPR, Risk Management, and other Courses.

 
View full post