Management’s commitment to the quality management system is one of the key principles of ISO 13485. One of the ways management’s commitment is demonstrated is through management reviews (ISO Clause 5.6).
While management review is frequently seen as a box to check to meet ISO 13485 requirements, if properly executed, it can be a powerful force for change in an organization. It gives management a chance to come to terms with how the organization is performing from a quality perspective and any forces which could have an impact on the company.
This post will cover all of the basics of what is required from management review, and how it can be effectively implemented in a company to support an ISO 13485 QMS.
Table of Contents
What is ISO 13485 Management Review?
Management review, which is clause 5.6 in ISO 13485, is a time for top management to review the “suitability, adequacy, and effectiveness” of an organization’s Quality Management System. Management’s commitment is heavily emphasized throughout ISO 13485 as a means of securing resources and driving change.
Management review generally takes the form of Management Review Meetings (MRM), which take place at specified intervals throughout the year. In the MRM, management is presented with a variety of inputs covering the key aspects of the QMS and must choose how to allocate resources to resolve any issues or opportunities.
Besides the inputs that are covered below, the quality policy and quality objectives must also be reviewed at the MRM. Due to the importance of the quality policy in an ISO 13485 QMS, management needs to continually review the policy to ensure it is still in line with the organization’s purpose and is reviewed for suitability.
The quality objectives also need to be discussed to ensure they are still applicable to the organization as a whole and can be updated as part of the outputs of the MRM.
Who needs to attend Management Review Meetings?
While ISO 13485 states that top management needs to take part in the management reviews, it is up to the organization to specify which positions are classified as top management. At some organizations, this may be self-explanatory. But it could be more of a challenge at flatter or newer companies. Heck, if the organization is small enough, everyone in the company might attend a management review meeting.
If you are having trouble deciding who should come to management reviews, think of which departments have an impact on the quality management system. Some positions are almost always required, such as the Management Representative, the person in charge of the organization or facility, and the person in charge of operations.
Other departments that might be affected and should be represented at Management Review meetings include; supply chain/purchasing, engineering, sales, customer service, and accounting (part of management review includes looking at resource needs, which means money).
A management review meeting will also require someone to present the information to everyone. This could be just one person such as the management representative, or it could be a number of representatives who have more in-depth knowledge on each topic.
At the end of the day, there is no limit to who can attend a management review meeting, however, keep in mind that some of the topics discussed may be of a sensitive nature.
How often should ISO 13485 Management Review take place?
While ISO 13485 does not specify how often management review should take place, it is typically understood that it needs to happen at least once a year. This is to demonstrate management commitment, better respond to the inputs of the meeting, and have timely responses to resource needs.
That said, it is often beneficial to have management review meetings at more frequent intervals for all of the reasons listed above. This could mean biannually, quarterly, or even every month. An organization could also have a report created with all of the required inputs for management review sent out on a frequent basis (monthly, weekly, etc) so that management is constantly up to date on what is happening in the organization.
One thing to remember is that ISO 13485 requires you to document the planned intervals at which management review will take place. So, make sure the organization is setting realistic expectations, or including qualifying language such as “MRM will take place at least twice per year”.
What are the required inputs for Management Review?
The required inputs for management review are one of the rare times when ISO 13485 is surprisingly explicit about what is required. Let’s review the required inputs below, with a brief explanation for each input.
- Feedback: This is referencing clause 8.2.1. Many organizations either send out customer surveys or review supplier scorecards from their customers. The data that is gathered should be discussed at this time.
- Complaint handling: This is referencing clause 8.2.2. Complaint handling is one of the most essential elements of a successful QMS and generates a lot of data. Some of the things reviewed should be the number of complaints by different products or product types, the nature of the complaints, complaints that generated reporting, or any trends in complaints that should be addressed.
- Reporting to regulatory authorities: This is referencing clause 8.2.3. Any complaints that require reporting to a federal agency and any related actions should be reviewed.
- Audits: This can include internal, external, registration, or regulatory audits. Any major or minor findings should be reviewed, including any trends in findings.
- Monitoring and measurement of processes: This is referencing clause 8.2.5, and is a higher-level overview of the success of the quality management system. It can also include reviewing the success of processes like training.
- Monitoring and measurement of product: This is referencing clause 8.2.6, and can include data on inspections and non-conformances generated for products.
- Corrective action: This is referencing clause 8.5.2. Corrective actions are another essential element of a medical device QMS. At this time, management should review any open corrective actions, resources related to corrective actions, and general data about the number of corrective actions opened and closed through the interval.
- Preventive action: Similarly, any open preventive actions or data about preventive actions can be discussed at this time.
- Follow-up action from previous management reviews: For this input, any of the outputs that were generated at the last MRM, or incomplete tasks from previous MRMs should be reviewed.
- Changes that could affect the quality management system: This is very broad, and varies greatly based on the organization. Changes could include; developments in key personnel, moving facilities, updated standards, the inclusion of new product lines or equipment, or the introduction of new software which has an impact on the QMS.
- Recommendations for improvement: The recommendations could come from anywhere. It could be recommendations straight from the quality team, OFIs from previous external and internal audits, or recommendations that have been gathered from employees throughout the organization.
- Applicable new or revised regulatory requirements: New regulatory requirements can have a major impact on the QMS, and could require significant resources from management. This is a time to review the medical device or material regulatory changes.
What are the required outputs for Management Review?
Once you have gone over all of the inputs to management review, it’s time to sort out how any issues or opportunities will be addressed. The outputs can either be specific sections that are considered after the inputs, or they can be generated during the meeting, as each subject is discussed.
- Improvement needed to maintain the suitability, adequacy, and effectiveness of the quality management system and its processes: This is all about improvements in processes. For example, maybe there were three audit findings generated for the same processes in the meeting interval. This could be an indication to management that the process needs to be improved.
- Improvement of product related to customer requirements: This output is much more focused on improvements needed for the product instead of processes. Maybe there was a negative trend in complaints or non-conformances related to a product or product line. This is a chance to put more resources and attention into improving the product.
- Changes needed to respond to applicable new or revised regulatory requirements: As mentioned, changes to standards or regulations can have a significant impact on a medical device company. Now is the time for top management to list any changes that will need to take place so that the company maintains compliance.
- Resource needs: Resources needs are very broad, and can apply to any part of the organization. Perhaps a building or cleanroom needs to be expanded. Or changes to regulations will require more quality roles, or moving employees to different departments. Since top management ultimately has the power to make financial and personnel decisions, they need to establish a plan for addressing any glaring resource needs in the organization.
The outputs of an MRM are the heart of a good management review process, so if possible each output should be considered thoughtfully and seriously. Any ideas or actions generated should also be recorded so that there can be proper follow-up, or they can generate CAPAs if necessary.
Recording Management Review
One last thing to keep in mind is that the inputs, decisions, actions, and outputs of the management review meeting need to be recorded and saved as records. If the MRM included the presentation of a PowerPoint or similar tool, the PowerPoint can be saved, along with meeting minutes generated about the discussion and outputs.
It is also a good idea to have all of the attendees to the meeting sign some form of “sign-in” sheet, so that there is evidence that they attended the MRM.
Wrapping up
That was everything you need to know to master the management review section of ISO 13485. Hopefully, you can create a management review process that adds value to top management and helps address the needs of your company’s QMS.
If you have any questions or ideas, feel free to leave them in the comments below.
Finally, if you feel this article was useful, check out our ISO 13485 section to see similar articles or subscribe to our newsletter below.