The ISO 9001 management review is one of the most powerful — and most frequently skipped — requirements of the standard. Done right, it transforms your QMS from a compliance exercise into a genuine strategic tool. Done poorly (or not done at all), it becomes the most common finding at surveillance audits. This guide tells you exactly what management review is, what to cover, and how to conduct it efficiently.
What is ISO 9001 Management Review?
The ISO 9001 management review (Clause 9.3) is a formal meeting where your top management reviews the performance of the quality management system and makes strategic decisions about its direction. It is not a routine team meeting — it is a deliberate, documented leadership engagement with the QMS.
The review serves three key purposes:
- Verify the QMS is achieving its objectives and remaining suitable for your business
- Make decisions about changes needed to the QMS, resources, or objectives
- Identify opportunities for improvement
How Often Must You Conduct Management Review?
ISO 9001 requires management review at "planned intervals" — the standard does not specify a frequency. However:
- Most companies conduct one management review annually — minimum to satisfy certification body expectations
- Larger companies or those with rapidly changing contexts may benefit from semi-annual reviews
- The review should be held within 12 months of the previous review — gaps over 12 months are a finding
- Time it 4-6 weeks before your scheduled surveillance audit so you can address any issues identified
Who Must Attend the Management Review?
ISO 9001 requires management review by top management. For a small business: the owner or MD. For a larger company: CEO/MD + functional heads (production, quality, sales, HR). Key points:
- Top management cannot delegate this entirely — at least the owner/MD must be present
- Quality manager typically facilitates the meeting and presents the QMS performance data
- Functional heads present data for their areas
- External parties are not required — this is an internal review
Mandatory Review Inputs — 10 Items ISO 9001:2015 Requires
Clause 9.3.2 lists specific items that MUST be reviewed. Missing any of these is a non-conformity:
| # | Required Input | Typical Evidence Presented |
|---|---|---|
| 1 | Status of actions from previous management reviews | Action register showing open/closed items from last review |
| 2 | Changes in external and internal issues | SWOT/PESTLE update — what has changed in your business environment? |
| 3 | Information on QMS performance and effectiveness | Summary of customer satisfaction, complaints, quality objectives, NC data, audits |
| 4 | Adequacy of resources | Are we adequately staffed, equipped, and funded for quality? |
| 5 | Effectiveness of risk and opportunity actions | Risk register update — are our actions working? |
| 6 | Opportunities for improvement | List of identified improvement opportunities |
| 7 | Customer satisfaction and feedback trends | Customer survey results, complaint trends, key account feedback |
| 8 | Quality objectives performance | KPI dashboard — targets vs actuals for all quality objectives |
| 9 | Process performance and product/service conformity | Defect rates, delivery performance, audit findings |
| 10 | Supplier performance | Supplier evaluation scores, non-conforming material data |
Mandatory Review Outputs — Decisions Required
Clause 9.3.3 requires that the management review produces decisions and actions for:
- Opportunities for improvement — What improvements will we implement? Owner and timeline assigned.
- QMS changes needed — Does the scope, policy, or any process need to change?
- Resource needs — Do we need additional resources for quality? People, equipment, training?
These outputs must be recorded — vague "general satisfaction" statements are not acceptable. Specific decisions with owners and target dates are required.
The Management Review Record
ISO 9001 requires that management review outputs are retained as documented information (records). Your management review record should include:
- Date, location, and duration of review
- Attendees (names and roles)
- All 10 input items and summary of information reviewed
- Decisions made for each output requirement
- Action items with owners and target completion dates
- Signature of top management (MD/CEO/Owner)
Elite Assured Provides Management Review Templates
Elite Assured provides ready-to-use management review agenda templates, presentation structures, and minute-taking formats as part of our post-certification support. Our templates ensure all 10 mandatory inputs are covered and outputs are properly recorded — audit-ready format.
Common Management Review Mistakes to Avoid
| Mistake | Why It's a Problem | How to Fix |
|---|---|---|
| Not conducting it | Major NC at surveillance audit | Schedule annually in advance — same month every year |
| Only quality manager attends | Top management not reviewing — major NC | MD/Owner must be present |
| Missing mandatory inputs | Non-conformity for incomplete review | Use Elite Assured template that covers all 10 inputs |
| No specific action decisions | "Satisfied with performance" is not an output | Specific actions with owners and dates required |
| No record of review | Cannot demonstrate it happened | Detailed minutes signed by top management |
| Actions never followed up | Open actions from Year 1 still open in Year 3 | Track action register; review status at next meeting |