Tracey Evans Once a testing or calibration laboratory has implemented ISO/IEC 17025:2017 as part of its management system, it moves into a maintenance and monitoring phase. This is a not a dormant, but rather a dynamic phase of operation, where processes are monitored and trends are reviewed. During this “live” operational phase, it is time to review the system.
Steps in documenting management review according to ISO 17025:
- Document the mandatory input review items of ISO/IEC 17025.
- Document the process owner.
- List the review materials required.
- Note the output record of decisions and actions.
This article will help you gain a better understanding of what management review (MR) means, as well as its importance and value. It will provide some practical guidance on how to go about the management review and how to structure your documents to meet ISO 17025:2017 clause 8.9 requirements.
What is management review in ISO 17025?
Management review is neither an audit nor a report-back discussion. It is not about reporting measurements, but evaluating to what extent the management system fulfills its functions and goals. Management review is a strategic planning opportunity. The purpose of a management review is for top management and personnel involved in the decision-making processes to systematically evaluate the overall performance of the laboratory and its Quality Management System.
To learn more about the maintenance of the ISO 17025 management system, read this: Maintaining and improving quality management in laboratories according to ISO 17025:2017.
Why is it important to perform management reviews?
Organizations and stakeholders (including the accreditation body) need to be assured of the continuing suitability, adequacy, and effectiveness of the laboratory’s management system, along with its stated policies and objectives. When shortcomings are identified through management review, provisions can be made for necessary changes and required resources.
Efficiency should also be evaluated to ensure best use of allocated resources. There are, therefore, four key parameters that are considered during management review in ISO/IEC 17025:
- Suitability. Are the correct processes and operations included to enable/support the activities of the laboratory?
- Adequacy. Evaluate if all the mandatory ISO 17025 contractual, organizational, and regulatory requirements are met.
- Effectiveness. Evaluate the extent to which the management system is capable of accomplishing the purpose of producing the intended or expected result, i.e., doing the right things.
- Efficiency. Evaluate the best use of resources – the relationship between the results achieved and the resources used, i.e., doing things right.
How often, how, and when should management review be conducted?
To clarify a misconception about management reviews, note that the review doesn’t have to be a singular annual meeting covering all requirements. The management review can be conducted over a number of meetings with previously written agendas, where partial inputs may even be evaluated via email or other collaborative platforms at different levels within the laboratory. Responsibility is usually assigned to the top laboratory manager, who will conduct a final review with the gathered information and contributions. This can be done in a review meeting.
To meet the intent of the review, typically, at least one review of the entire management system should be performed each year. The output of the review is to set goals and objectives for the forthcoming period, so it is good practice to align the review period with the organization’s financial year, parent company strategy sessions, and the laboratory’s accreditation assessments. It makes sense to complete the review in a timely manner for budget input. Processes or annual programs, such as auditing, should in turn be aligned to the MR period, meaning that the audit program should be completed before the MR meeting.
How do you perform and document a management review in ISO 17025?
Since the quality goal of the ISO 17025 management review is the careful analysis and evaluation of the management system, a well-designed Management Review Record should be used as the core document of the activity. It can be used for planning, recording the inputs, and recording and monitoring progress of agreed actions. There is no mandatory requirement for documents such as an agenda or minutes, so the Review Record can be used for both purposes.
The record is used to document the following:
- The mandatory input review items of ISO/IEC 17025:2017, being:
- status of actions from previous management reviews;
- outcome of recent internal audits and assessments by external bodies;
- changes in internal and external issues that are relevant to the laboratory;
- changes in the volume and type of the work or in the range of laboratory activities;
- assurance of the validity of results;
- results of risk identification;
- corrective actions;
- complaints, customer and personnel feedback;
- other relevant factors, such as monitoring activities and training;
- policies and procedures and fulfillment of objectives;
- implemented improvements; and
- resources.
- The process owner: the person responsible for providing data and information for evaluation, and executing agreed actions. Note: It is crucial that that all personnel are aware of their role – what is required from them, and by when. Process owners and department managers must understand what kind of input and feedback is required from them, to contribute to the review meeting.
- The review material required: for example, the latest risk procedure, risk register, pie chart depicting percentage breakdown of risk levels (low, medium, high). Note: Data and summaries of detectable trends should be presented in visual format to provide insight into trends. PowerPoint presentations can be used to present reports, as well as dashboards of graphs and charts.
- The output record of decisions and actions, including:
- Notes on the extent to which the management review parameters are met (the suitability, adequacy, effectiveness, and efficiency of the input item)
- Any improvement notes related to the fulfillment of the requirements
- Any provision of required resources
- Any need for change
- Parameters met: the register covers all key requirements, personnel are skilled to perform risk assessments on an ongoing basis, risk identification is integrated into other activities such as audits and corrective actions.
- The laboratory personnel have improved in identifying risks proactively and updating the register during corrective actions.
- No additional resources required.
- No need for changes.
For example, for the input “Results of risk identification,” the outputs could be the following:
Make sure that the management review is successful
It is important that all personnel are informed about the results of management reviews, the conclusions, and new quality aims. The information and communication can even be via email, as long as personnel have access to the latest management review record, and follow-up is ongoing and engaging through discussions and meetings.
Some tips for effective follow-up, monitoring, and closing actions are:
- Ensure that individuals have the required level of support, time, and resources to enable actions to be properly implemented.
- Encourage communication regarding any problems.
- Encourage suggestions and regular feedback during quality meetings.
- Integrate the process, and include follow-up in the audit program.
A final tip: Do not forget to ask all involved personnel for feedback to evaluate the success of the completed management review process, as an input to improve the next one!
To learn more about the management review process and other requirements of ISO 17025, download this free white paper: Clause-by-clause explanation of ISO 17025:2017.
