Management review

A management review in accordance with an ISO standard (such as ISO 9001 for quality management, ISO 14001, EMAS or ISO 50001 for environmental management, ISO 27001 or ENIS for information security, or ISO 45001 for occupational health and safety) is a key tool for ensuring the continuous improvement of the integrated management system.

What does the Management Review achieve?

It provides top management with an overall view of the system’s performance, identifying both achievements and areas for improvement. It supports strategic decision-making based on:

  • data from process indicators.
  • the alignment of system objectives with the integrated management system policy, making it possible to assess whether the established objectives are being achieved.
  • the updated analysis of the context and interested parties, in order to understand their needs and expectations.
  • the evolution and update of risks and opportunities.
  • the identification of deviations that require corrective actions and their joint analysis.
  • management involvement and its commitment to the ISO system policy.
  • the allocation of appropriate resources to achieve the effectiveness and efficiency of the integrated management system.

The ISO management review procedure drives continual improvement, strengthens decision-making and demonstrates the organization’s commitment to excellence, sustainability and social responsibility.

Which ISO standards require revision?

Several management system standards include the requirement to carry out a periodic “Management Review” in order to ensure the system’s effectiveness, suitability and strategic alignment:

  • ISO 9001 – Quality management systems. It evaluates audit results, customer satisfaction, nonconformities, actions, indicator results, changes, risks and opportunities, among other aspects.
  • IATF 16949 – Quality in the automotive sector. It reinforces ISO 9001 requirements with more detailed content, including the review of supplier performance, continual improvement actions and other specific aspects.
  • ISO 14001 – Environmental management systems. It also includes legal compliance and environmental performance.
  • EMAS – European Eco-Management and Audit Scheme. Although it is not an ISO standard, it requires an annual environmental review, which performs similar functions to a management review.
  • ISO 50001 – Energy management systems. It evaluates progress towards energy objectives, energy efficiency, energy use, deviations and follow-up measures.
  • ISO 45001 – Occupational health and safety management systems. It requires consideration of OH&S-related risks and opportunities, worker participation, incidents and other relevant aspects.
  • ISO 27001 – Information security management systems. It adds specific considerations regarding threats, risk assessment results, implemented controls, security incidents and other information security issues.
  • ENS – National Security Framework. Although it does not refer exactly to a “management review”, it requires a periodic review of security measures, often led by the responsible governing body.
  • ISO 22301 – Business continuity management. It includes the review of test results, incidents, the effectiveness of the continuity system and other related aspects.
  • IQNet SR10 – Social responsibility. It includes a specific section on system evaluation, similar to the management review.

Through our ISO outsourcing service, we can help you carry out the Management Review.