ISO management reviews are mandatory for certification—but most companies treat them as a compliance checkbox rather than a strategic tool. This guide shows you how to create a management review procedure that satisfies auditors, drives real improvement, and positions your organization for operational excellence.
What you'll learn:
- The 15-step process for creating an effective management review procedure
- How to gather and present data that leads to actionable decisions
- Why documented procedures matter (even though ISO doesn't require them)
- What auditors actually look for in management reviews
What Is an ISO Management Review?
An ISO management review is a formal, scheduled meeting where top management evaluates the performance, adequacy, and effectiveness of your quality management system (QMS). Think of it as a strategic board meeting focused on your ISO compliance and continuous improvement.
Key difference: Management reviews assess your system's performance. Operational reviews assess daily activities. Don't confuse the two.
Common terms: Executive Strategy Session, Leadership Review Meeting, Strategic Review Meeting, Top Management Review Session
Why Management Reviews Matter (Beyond Compliance)
According to ISO standards, management reviews must evaluate whether your management system remains suitable, adequate, and effective. But organizations that go beyond basic compliance see significant benefits:
Strategic Benefits
- System Performance Evaluation: Identify what's working and what needs improvement across your entire management system
- Risk Management: Proactively address risks before they become problems
- Resource Optimization: Make data-driven decisions about resource allocation
- Strategic Alignment: Ensure your QMS supports your business objectives
Operational Benefits
- Process Improvement: Spot inefficiencies and bottlenecks systematically
- Customer Satisfaction: Track and respond to customer feedback trends
- Employee Engagement: Give your team a voice in system improvements
- Audit Readiness: Impress auditors with organized, thorough reviews
Cultural Benefits
- Innovation Driver: Create a forum for new ideas and creative solutions
- Accountability: Hold departments responsible for their performance metrics
- Continuous Improvement: Embed quality thinking at the leadership level
Bottom line: Companies that conduct rigorous management reviews don't just maintain certification—they outperform competitors through systematic improvement.
The 15-Step Process: Building Your Management Review Procedure
This step-by-step framework works for ISO 9001, ISO 14001, ISO 45001, and other management system standards.
Step 1: Obtain Your Company's Procedure Template
Start with your organization's standard procedure format to ensure consistency across all QMS documentation.
What to include:
- Header with document control information
- Purpose and scope section
- Roles and responsibilities
- Process flow
- Records and references
Step 2: Identify the Process Owner
Assign a primary role responsible for the management review—typically the Quality Manager, Environmental Manager, or whoever owns the QMS.
Process Owner responsibilities:
- Schedule and coordinate reviews
- Gather required data from departments
- Prepare the agenda and presentation
- Document decisions and action items
- Track follow-up between reviews
Step 3: Review ISO Standard Requirements
Different ISO standards have specific management review requirements. Study your applicable standard carefully.
ISO 9001:2015 requires reviewing:
- Status of actions from previous reviews
- Changes in external/internal issues affecting the QMS
- Customer satisfaction and stakeholder feedback
- Quality objectives performance
- Process performance and product/service conformity
- Nonconformities and corrective actions
- Monitoring and measurement results
- Audit results (internal and external)
- Supplier performance
- Resource adequacy
- Effectiveness of risk and opportunity actions
- Opportunities for improvement
Step 4: Expand Scope to Include Leadership Requirements
Create a comprehensive leadership procedure that addresses multiple standard requirements in one document:
- Roles, responsibilities, and authorities (Clause 5.3)
- Communication requirements (Clause 7.4)
- Quality/Environmental policy (Clause 5.2)
- Objectives and planning (Clause 6.2)
- QMS planning and changes (Clause 6.3)
- Resource management (Clause 7.1)
- Risk and opportunity management (Clause 6.1)
- Monitoring and measurement (Clause 9.1)
Why this matters: A single, well-designed leadership procedure can satisfy multiple ISO clauses efficiently.
Step 5: Assign Data Requirements to Department Owners
Each piece of required data should have a clear owner responsible for collecting, analyzing, and presenting it.
Example data assignments:
| Data Requirement | Department Owner | Source | Analysis Required |
|---|---|---|---|
| Customer feedback | Customer Service Manager | CRM system, complaint logs | Trend analysis, satisfaction scores |
| Nonconformities | Quality Manager | CAPA system | Types, frequency, root causes |
| Audit results | Quality Manager | Audit reports | Findings, corrective actions status |
| Process performance | Operations Manager | KPI dashboards | Metrics vs. targets, trends |
| Supplier performance | Procurement Manager | Supplier scorecards | Quality ratings, delivery performance |
| Training effectiveness | HR Manager | Training records | Completion rates, competency gaps |
Instructions for data owners:
- Pull data from the past 6 months (or since implementation for new systems)
- Show trends graphically
- Compare actual performance to targets/requirements
- Reference any open corrective actions
- Be prepared to explain results and answer questions
Step 6: Define Required Attendees and Quorum
Specify who must attend by role/title rather than by name.
Typical attendees:
- CEO or General Manager (required)
- Quality Manager (required)
- Operations Manager
- Sales/Customer Service Manager
- Production Manager
- HR Manager
- Department heads
Quorum recommendation: Minimum of CEO + Quality Manager + 50% of department heads
Step 7: Establish Review Intervals
MSI Recommendation: Conduct management reviews every six months (bi-annually).
Why six months?
- Sufficient time to see trends in data
- Aligns with typical audit surveillance cycles
- Frequent enough to address issues proactively
- Matches most organizations' strategic planning cycles
Alternative schedules:
- Quarterly (for organizations undergoing rapid change)
- Annually (minimum—only for very stable, mature systems)
Step 8: Schedule Reviews Strategically
Don't leave scheduling to chance. Build management reviews into your corporate calendar.
Best practice timing:
- Schedule 2-3 months before surveillance audits
- Allow time for internal audits to cover the management review process
- Avoid busy season conflicts
- Block 2-4 hours minimum (depending on organization size)
Pre-set reviews on the corporate calendar to ensure executive attendance and prevent last-minute rescheduling.
Step 9: Create Controlled Presentation and Agenda Formats
Develop standardized templates for consistency across reviews.
Agenda should include:
- Review of previous action items (status update)
- Changes affecting the management system
- Customer satisfaction data
- Quality/Environmental objectives performance
- Process performance metrics
- Nonconformities and corrective actions
- Internal and external audit results
- Supplier performance
- Resource adequacy review
- Risk and opportunity updates
- Opportunities for improvement
- Action items and decisions
Pro tip: Distribute the agenda 1 week in advance and require attendees to come prepared. No distractions—full focus required.
Step 10: Document Training Requirements
Specify how personnel will be trained on the management review process.
Training topics:
- Purpose and importance of management reviews
- Roles and responsibilities
- Data collection and analysis expectations
- How to prepare and present information
- How to contribute effectively to discussions
Training methods:
- Initial training for new managers
- Refresher training annually
- One-on-one coaching for presenters
- Review of procedure documents
Step 11: Define Process KPIs
How will you measure whether your management review process is effective?
Example KPIs:
- Percentage of action items completed on time
- Number of improvement opportunities identified
- Attendance rate (target: 90%+)
- On-time review completion (target: 100%)
- Audit findings related to management review (target: 0)
- Number of strategic decisions made
- Customer satisfaction trend improvement
Step 12: Plan Employee Communication
Certain information from management reviews should be shared company-wide to keep everyone informed about organizational performance.
Information to share:
- Overall quality/environmental performance trends
- Major achievements
- Strategic direction changes
- Resource investments planned
- Recognition of department successes
Communication methods:
- Town hall meetings
- Internal newsletter
- Department meetings
- Intranet updates
What NOT to share:
- Confidential business strategy
- Personnel issues
- Sensitive financial data
- Competitive intelligence
Step 13: Establish Minutes Documentation Process
Clear, actionable minutes are essential for follow-through.
Best practices:
- Assign a dedicated note-taker (not a presenter)
- Record the meeting (if possible) for transcription accuracy
- Use speech-to-text technology to streamline documentation
- Consolidate action items in a trackable format (spreadsheet or project management tool)
- Include: decision made, assigned to, due date, status
Minutes should be finalized within 1 week and distributed to all attendees and relevant stakeholders.
Action item tracking:
- Create a master action log
- Review at the start of each management review
- Track progress monthly
- Escalate overdue items
Step 14: List Associated Records and Documents
Document all related records and reference documents.
Typical records:
- Management review agendas
- Management review minutes
- Presentation materials/data packages
- Action item logs
- Attendance sheets
Related documents:
- Quality/Environmental policy
- Organizational context analysis
- Risk and opportunity register
- Strategic plan
- Previous internal/external audit reports
Step 15: Review, Approve, and Publish
Before finalizing your procedure:
Quality checks:
- Compare against ISO standard requirements (ensure nothing is missing)
- Review with key stakeholders for input
- Pilot test the format with one practice review
Approval process:
- Submit to top management for approval
- Maintain record of approval (signature/date)
- Post on company-wide network in uneditable format (PDF)
- Communicate availability to all relevant personnel
Document control:
- Assign version number and date
- Add to document control system
- Archive superseded versions
- Schedule periodic review (annually)
Conducting Effective Management Reviews: Execution Tips
Having a procedure is one thing—executing it well is another. Here's how to make your management reviews genuinely valuable:
Before the Meeting
- Distribute materials 1 week early so attendees can review
- Set expectations: This is strategic discussion, not just information sharing
- Prepare presenters: Coach them on analysis, not just data dumps
- Block distractions: No phones, laptops (except for presenters), or multitasking
During the Meeting
- Start on time (respect everyone's schedule)
- Follow the agenda but allow flexibility for important discussions
- Ask probing questions: “Why did this happen?” “What's the root cause?” “What's the impact if we don't address this?”
- Make decisions: Don't defer everything—commit to actions
- Assign accountability: Every action needs an owner and due date
- Encourage participation: Draw out quiet voices; manage dominant ones
After the Meeting
- Finalize minutes within 1 week
- Communicate decisions to relevant personnel immediately
- Track action items monthly (don't wait 6 months)
- Update documentation if process changes were approved
- Inform employees about key outcomes affecting them
Common Management Review Mistakes (And How to Avoid Them)
Mistake 1: Treating It as an Audit Prep Exercise
The problem: Only conducting reviews right before audits, rushing through data to “check the box”
The fix: Schedule reviews consistently regardless of audit timing. Use them strategically for business improvement, not just compliance.
Mistake 2: Data Dump Without Analysis
The problem: Presenters show raw data without interpretation, insights, or recommendations
The fix: Require data owners to analyze trends, compare to targets, identify root causes, and propose actions. The review should focus on “what does this mean?” not “here are numbers.”
Mistake 3: No Follow-Through on Action Items
The problem: Great discussions lead to decisions, but nothing happens before the next review
The fix: Create a robust action tracking system. Review progress monthly. Hold owners accountable. Escalate delays.
Mistake 4: Wrong People in the Room
The problem: Sending delegates instead of decision-makers, or excluding key perspectives
The fix: Make attendance mandatory for top management. Include cross-functional representation. Ensure attendees have authority to make decisions.
Mistake 5: Too Infrequent or Too Frequent
The problem: Annual reviews can't catch issues in time; monthly reviews don't allow enough time for trends to develop
The fix: Conduct reviews every 6 months for most organizations. Adjust based on your rate of change and business complexity.
Mistake 6: No Documentation or Poor Documentation
The problem: Inadequate minutes make it impossible to track decisions, demonstrate compliance, or maintain continuity
The fix: Assign a dedicated note-taker. Use templates. Record meetings if possible. Finalize and distribute promptly.
Management Review Templates: Save 20+ Hours
Creating a management review procedure from scratch takes significant time and expertise. Our Management Review Template Toolkit provides:
✅ Ready-to-use procedure templates for ISO 9001, ISO 14001, ISO 45001, and other standards
✅ Agenda and presentation formats that cover all required inputs
✅ Data collection worksheets for each department
✅ Minutes templates with action item tracking
✅ Training materials for management and presenters
✅ Example KPIs for measuring process effectiveness
✅ Communication templates for employee updates
Why use templates?
- Ensures you don't miss required ISO elements
- Saves 20+ hours of development time
- Based on best practices from thousands of implementations
- Professionally formatted and ready to customize
- Includes guidance notes and examples
Get the Management Review Toolkit →
Frequently Asked Questions
Do I really need a written management review procedure?
ISO standards don't explicitly require a documented procedure for management reviews, but we strongly recommend it. Here's why:
- Consistency: Ensures reviews follow the same structure every time
- Completeness: Prevents missing required ISO elements
- Continuity: Protects against knowledge loss when personnel change
- Training: Provides clear guidance for new managers
- Audit evidence: Demonstrates a systematic approach to auditors
How long should a management review take?
Typical duration: 2-4 hours depending on organization size and complexity
Factors affecting length:
- Number of departments presenting
- Complexity of data being reviewed
- Number of issues requiring discussion
- Decision-making style of leadership
Pro tip: If reviews consistently run over 4 hours, you're trying to cover too much detail. Focus on strategic issues and trends, not operational minutiae.
Can we combine management reviews for multiple ISO standards?
Yes—this is highly recommended. If you're certified to multiple standards (e.g., ISO 9001 + ISO 14001 + ISO 45001), conduct one integrated management review covering all systems.
Benefits:
- More efficient use of leadership time
- Holistic view of organizational performance
- Reduced meeting fatigue
- Better understanding of system interactions
How to do it:
- Use a combined agenda covering all standard requirements
- Include data relevant to each system
- Make integrated decisions where appropriate
What's the difference between a management review and an operational review?
Management Review (Strategic):
- Focus: QMS/EMS effectiveness
- Attendees: Top management
- Frequency: Every 6-12 months
- Scope: System-level performance, compliance, strategic direction
- Output: System improvements, resource decisions, policy updates
Operational Review (Tactical):
- Focus: Daily/weekly/monthly operations
- Attendees: Department managers, supervisors
- Frequency: Daily to monthly
- Scope: Process metrics, production issues, staffing
- Output: Immediate corrective actions, process adjustments
How do I get top management to take reviews seriously?
Top management buy-in is critical. Here's how to gain it:
- Frame it as a business tool, not compliance: Show how reviews drive improvement and reduce risk
- Provide meaningful data: Don't waste their time with fluff—present actionable insights
- Keep it efficient: Respect their time with focused agendas and preparation
- Demonstrate value: Track and communicate outcomes from previous reviews
- Make decisions: Ensure reviews lead to concrete actions, not just discussion
- Link to strategy: Connect QMS performance to business objectives they care about
What if we're not certified yet—should we still do management reviews?
Absolutely. Management reviews are valuable even without certification. Use them as a roadmap for building your management system and preparing for certification.
Benefits for pre-certification companies:
- Establishes leadership discipline around system thinking
- Identifies gaps before the certification audit
- Creates documentation that demonstrates maturity
- Builds habits that will serve you after certification
How detailed should management review minutes be?
Minutes should capture:
- Who attended
- Key data presented (high-level summary, not every number)
- Issues discussed
- Decisions made
- Action items (what, who, when)
- Resources allocated
What NOT to include:
- Verbatim transcripts of discussions
- Excessive technical detail
- Confidential personnel matters (document separately)
- Every opinion shared
Balance: Detailed enough to demonstrate compliance and enable follow-through, but concise enough to be useful.
Can we conduct management reviews virtually?
Yes—virtual reviews are acceptable and increasingly common. They're particularly useful for multi-site organizations.
Best practices for virtual reviews:
- Use video conferencing (not just audio)
- Share presentations and data in advance
- Use screen sharing for data presentation
- Record the session (with consent) for documentation
- Use collaborative tools for action item tracking
- Ensure all attendees can participate fully
- Test technology beforehand
Caution: Virtual reviews require more discipline to maintain engagement and prevent multitasking.
What should we do with action items that aren't completed by the next review?
Overdue action items indicate a breakdown in accountability. Address them systematically:
- Review at the next meeting: Start by examining what didn't get done and why
- Reassess priorities: Was this truly important? If yes, why wasn't it done?
- Check resources: Was the assigned person given adequate resources and authority?
- Reassign if needed: Maybe the original owner isn't the right person
- Set consequences: If accountability is lacking, escalate
- Track systematically: Don't rely on memory—use a tracking system
Red flag: If more than 30% of action items are incomplete, you have a follow-through problem that needs attention.
Taking the Next Step
Implementing an effective management review procedure transforms ISO compliance from a burden into a strategic advantage. The process we've outlined ensures your reviews satisfy auditors while genuinely improving your organization's performance.
Your action plan:
- Download our Management Review Template Toolkit to save 20+ hours and ensure compliance
- Customize the templates to fit your organization's structure and standards
- Train your team on the process and their roles
- Schedule your first review and commit to the bi-annual cadence
- Refine based on experience – your procedure should improve with each review
Need expert guidance? MSI has helped thousands of organizations build world-class management review processes across all major ISO standards. Our consultants can help you customize our templates, train your team, and prepare for certification audits.
Get the Management Review Toolkit →
Conclusion
A well-designed management review procedure isn't just about satisfying ISO requirements—it's about creating a discipline of strategic reflection that drives continuous improvement. When executed properly, management reviews become the control room where leadership makes informed decisions about your organization's future.
The 15-step process outlined in this guide provides the blueprint. Our templates provide the tools. Your commitment provides the momentum.
Stop treating management reviews as a compliance obligation. Start using them as the strategic weapon they were designed to be.
Ready to build a management review process that actually drives improvement? Get our complete toolkit and start implementing today.
Download the Management Review Toolkit →
