ISO 13485 is a regulatory standard whose focus is meeting customer requirements, including regulatory requirements, and maintaining the effectiveness of the Quality Management System (QMS).
Section 5 of the standard requires management involvement and responsibility for the effectiveness of the QMS. Some consider this section’s mandate to be the most critical and important as it is the mechanism whereby those with strategic policy and financial decision-making authority come face to face, for better or worse, with the current state of their QMS.
The management review meeting represents the forum where process objectives, metrics and goals are reviewed and assessed. Couple that activity with section 5.4.2 of the standard that requires the QMS be continually improved. Fail to correct QMS deficiencies effectively and risk losing the ISO certification and, perhaps, the business opportunities that were a factor in the decision to pursue certification in the first place.
Suffice to say, management review requirements are serious business and must be conducted in earnest and without any superficiality. Correction of deficiencies must be tracked, monitored and documented. The frequency in which management reviews are conducted is an internal decision, however it is not uncommon for companies to conduct them quarterly or minimally semi-annually.
Let’s zero in on the factors and components that comprise an effective management review meeting:
- Management review meeting agenda
- Management review meeting attendance record
- Review of meeting minutes from the last management review meeting
- Safety: generally a review data and metrics focused on employee and customer safety related matters.
- Customer feedback: generally a review of data and metrics directly correlated to the customer experience (e.g., customer complaint metrics, customer survey results), product performance and pre-existing product specific continuous improvement projects.
- Internal feedback: generally a review data and metrics focused on non-conforming events, CAPA activities, planned deviations, and internal audit findings.
- Supplier performance: generally a review data and metrics focused on a supplier scorecard mechanism and how those results translate into business risk.
- Key initiatives: status review of critical continuous improvement projects and key initiative updates.
- Training: generally a review data and metrics focused on the status and adequacy of internal training programs.
- Process performance: generally a review data and metrics focused on manufacturing and/or service performance. Examples include process yields, cycle times, labor utilization, etc.
- Resource review: an examination of human resources and their strategic deployment. Verification that there are sufficient resources available to address the needs of the QMS and continuous improvement projects.
- New or revised regulatory requirements: Updated view of regulatory dynamics that could impact the QMS and/or the business.
- Functional review: an examination of changes and business factors that could affect the QMS.
- Assessments and recommendations for improvement: open discussion regarding opportunities for improvement.
- Management Review Scorecard: an assessment of previously established quality system objectives and their status.
- Meeting minutes: updated meeting minutes reflecting information and actions resulting from the most recent review meeting.
For ISO auditing purposes and in addition to electronic copies, it is common to store all of the above in a Management Review binder. The binder serves as proof that management review meetings are being conducted and also creates a paper trail should an auditor wish to drill deeper into any particular component.