The objective of management reviews is for top management to examine the effectiveness, appropriateness, applicability, and adequacy of the quality management system as well as safeguarding the products safety, effectiveness, and quality.
ISO 13485:2016
ISO 13485:2016 requires management review meetings to be held at ‘planned intervals’, with no requirement for them to be held at defined frequencies. There is no requirement for the full agenda of the management review meeting to be discussed in one sitting or to duplicate parts of the agenda that have previously been discussed and documented. Management reviews may be combined with other business activities like strategic planning, business planning, operations meetings, process reviews/councils, customer requirements or functional reviews. Indeed, an organisation can carry out an integrated management review encompassing quality, environment, health and safety, security, and other management systems.
The standard allows for the organisation to set the format, frequency, and intervals of the management review meetings, and to define the planned interval within their quality management system. Management review could be the most critical clause of the standard and therefore should be carried out at frequent intervals. However, in small organisations where the quality team informally meets with management daily and is given ample opportunity to discuss on going issues, should they then be required to carry out formal management review meetings monthly. That said, in MNCs where the quality team has limited interaction with top management is it then sufficient to limit management reviews to once per year.
One of the most significant changes to the ISO 13485:2016 standard from the 2003 standard was the introduction of risk-based thinking. Risk-based thinking allows for the standard to be applied to the business on the premise of all risks been addressed and mitigated; and fundamentally to continually improve the business processes, product and overall customer satisfaction.
How Often Must Management Review Meetings Be Conducted
By utilising risk-based thinking the quality team or representative should assess the business. They should determine how often management review meetings should be carried out based on the associated risk to the business. Management review meetings create an opportunity for process objectives, metrics, and goals to be reviewed and assessed. These meetings also highlight opportunities for improvement to be brought to management’s attention. Where deficiencies in the QMS are failed to be noticed on time there is a risk of not only losing ISO certification but there is also a threat to the integrity of the QMS and product quality. Therefore, limiting formal management review meetings to an annual occurrence may in some cases pose a very high risk to the business. In contrast, requiring management reviews to be held more frequently may be completely unnecessary and time consuming in other cases.
While establishing the QMS it is difficult to determine how often management reviews should be carried out. Taking this year for example, the current pandemic could not have been predicted nor the effect it has had on businesses worldwide. If a business had carried out a management review in March 2020 and planned the next review for March 2021; multiple risk factors would have presented, possibly without ever been formally communicated and discussed with management, ultimately leading to catastrophic effects on both the QMS, strategic direction of the business and product safety and quality.
I recommend companies should document in their QMS that management reviews shall be held at least annually. This statement allows businesses to carry out more frequent reviews where a risk presents itself such as product recall, process change or supplier issues while also not committing themselves to unnecessary more frequent reviews.