ISO 13485 & MDR Blog

How to perform management review according to ISO 13485

Many companies see Management Review as an unpleasant necessity for maintaining compliance with ISO 13485. If used properly, however, this is far from the truth. Regardless of how you organize your management review, either through routinely scheduled meetings or a more continuous review process, the act of reviewing the available data can be one of the biggest drivers of improvement in the QMS (Quality Management System).

The standard defines mandatory inputs and outputs for the management review, but the organization can also add other elements if it finds them important for the QMS.

What does the standard require?

ISO 9001 doesn’t require documented procedures for management review and, in general, tends to require less mandatory procedures with its latest version (for more information, see: Infographic: ISO 9001:2015 vs. 2008 revision – What has changed?). ISO 13485, however, is aligned more with 21 CFR 820.20(c) which says: “Management … shall review … according to established procedures …”. For more information, see: Differences and similarities between FDA 21 CFR Part 820 and ISO 13485.

The management review needs to be conducted at planned intervals to ensure continuing suitability, adequacy and effectiveness of a QMS based on ISO 13485. It also needs to include the assessment of opportunities for improvement, and changes in QMS. Finally, the records of the management review need to be kept as evidence of compliance.

Management review inputs

Although other inputs could be added as desired by the company, ISO 13485 has a minimum list of 12 inputs that Top Management needs to review to assess the health of the QMS. Without holding meetings, there are several smaller reviews that need to happen in order to determine if the QMS is adequate to your needs.

Feedback and compliance handling. Generally, this is a review of data and metrics directly correlated to the customer experience (e.g. customer complaints metrics, customer survey results), product performance and pre-existing, product-specific continuous improvement projects.

Reporting to regulatory authorities. The organization needs to review its process for reporting to the regulatory authorities, as well as the reasons for reporting.

Audits. Does the Company Management Representative review the audit reports and ensure that they are included in the audit planning for the year? If this is the case, then you have someone in management who is reviewing the results of audits and how they are improving the Management System. Any audit reports, if they include this review information, are not only records of the audits, but also records of the Management Review.

Monitoring and measurement of processes. Does your company keep metrics of the main processes, sometimes called Key Process Indicators (KPIs), which are used to judge the adequacy of the processes? If these KPIs are in place, reviewed by the top management, and used to make resource decisions on improvements to the processes then a Management Review is taking place.

Corrective and preventive action. The top management doesn’t have to review every single corrective action. Instead, in order to define actions for improvement, they should be informed of the effectiveness of the actions taken and trends in nonconformity occurrences.

Follow-up from previous management review. This requirement is accomplished if the previously mentioned actions receive follow-up to ensure they were implemented. The most important thing is to ensure that the records show this follow-up review.

Changes that could affect QMS. The organization needs to track outside influences that could affect the system, such as the new version of the standard. In addition, reviews regarding internal information will address changes within an organization, such as recommendations for improvement or internal audits.

Recommendations for improvement. Some recommendations for improvement, such as those coming out of the Internal Audit, can be addressed as part of that system as stated above. Other recommendations, such as those from an employee suggestion system, will often be tracked on a log which can be reviewed.

Applicable new or revised regulatory requirements. The top management needs to be updated on changes in regulations that could impact the QMS and/or the business.

What are the Required Management Review Outputs?

The headings below are the mandatory outputs of Management Review, and records of the above queries need to be maintained to show that management review successfully addressed them and identified the outputs for the QMS.

Improvement of the effectiveness of the system. Improvement is the big driver of the ISO 13485 QMS, and it can be the largest benefit for a company that implements it. Process improvement is measured by savings in time, money and resources, and this can be fed back into greater profits or driving the system to improve even further.

Improvement of product related to customer requirements. Again, by improving the product or service to make it better meet the requirements of the customer, you can have greater customer satisfaction. More customers will return for your product or service, or tell their friends about it to drive in new customers.

Resource Needs. Using Management Review to try to focus on improvements can help drive savings in costs and resources by making sure they are applied in the right place from the start. Using data to drive decisions helps to ensure that those decisions are accurate.

Changes needed to respond to new or revised regulatory requirements. The top management needs to define actions necessary to achieve compliance with regulatory requirements and keep the organization current with laws and regulations.

Management Review can be a key driver for improvement

The Management Review process highlights all the areas to make sure the top management are monitoring and controlling the necessary resources to make the company function. Instead of being a burden, Management Review should become one of the main elements of QMS improvement. Management Review is all about reviewing the available data to confirm that adequate resources are present to ensure customer satisfaction and improve the QMS and the product.

Click here to download a free white paper Clause by clause explanation of ISO 13485 to learn which requirements need to be implemented before the management review takes place.

Advisera Strahinja Stojanovic
Strahinja Stojanovic
Strahinja Stojanovic is certified as a lead auditor for ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.