How to perform an ISO 13485 management review

Updated: September 30, 2023

Many companies see management review as an unpleasant necessity for maintaining compliance with ISO 13485. If used properly, however, this is far from the truth. Regardless of how you organize your ISO 13485 management review, either through routinely scheduled meetings or a more continuous review process, the act of reviewing the available data can be one of the biggest drivers of improvement in the Quality Management System (QMS). Learn more about the ISO 13485 management review requirements in this article.

ISO 13485 management review inputs list
  1. Feedback and compliance handling
  2. Reporting to regulatory authorities
  3. Audits
  4. Monitoring and measurement of processes
  5. Corrective and preventive action
  6. Follow-up from previous management review
  7. Changes that could affect the QMS
  8. Recommendations for improvement
  9. Applicable new or revised regulatory requirements

What is the ISO 13485 clause for management review?

Requirement 5.6 of the ISO 13485 standard covers the management review process. This involves evaluating the effectiveness and suitability of the Quality Management System, identifying opportunities for improvement, and making changes to the system as needed. The ISO 13485 management review process is a critical component of maintaining compliance with the standard and driving QMS improvement.

What is the purpose of management review in ISO 13485?

The purpose of the ISO 13485 management review is to evaluate the effectiveness and suitability of an organization’s Quality Management System and identify opportunities for improvement. This process involves reviewing mandatory inputs such as customer feedback, audits, and regulatory reporting, and making changes to the Quality Management System as needed. By properly conducting an ISO 13485 management review, organizations can use the available data to drive QMS improvement and achieve greater customer satisfaction.


What does ISO 13485 require for a management review?

ISO 9001 doesn’t require documented procedures for management review and, in general, tends to require fewer mandatory procedures with its latest version (for more information, see: Infographic: ISO 9001:2015 vs. 2008 revision – What has changed?). ISO 13485, however, is aligned more with 21 CFR 820.20(c), which says: “Management … shall review … according to established procedures ….” For more information, see: Differences and similarities between FDA 21 CFR Part 820 and ISO 13485.

The management review needs to be conducted at planned intervals to ensure the continuing suitability, adequacy, and effectiveness of a QMS based on ISO 13485. It also needs to include the assessment of opportunities for improvement and changes in the QMS. Finally, the records of the management review need to be kept as evidence of compliance.

ISO 13485 management review inputs

Although other inputs could be added as desired by the company, ISO 13485 has a minimum list of 12 inputs that top management need to review to assess the health of the QMS. Without holding meetings, there are several smaller reviews that need to happen in order to determine if the QMS is adequate for your needs.

Feedback and compliance handling. Generally, this is a review of data and metrics directly correlated with the customer experience (e.g., customer complaint metrics, customer survey results), product performance, and pre-existing, product-specific continuous improvement projects.

Reporting to regulatory authorities. The organization needs to review its process for reporting to the regulatory authorities, as well as the reasons for reporting.

Audits. Does the company management representative review the audit reports and ensure that they are included in the audit planning for the year? If so, then you have someone in management who is reviewing the results of audits and how they are improving the management system. Any audit reports, if they include this review information, are not only records of the audits, but also records of the management review.

Monitoring and measurement of processes. Does your company keep metrics of the main processes, sometimes called key performance indicators (KPIs), which are used to judge the adequacy of the processes? If these KPIs are in place, reviewed by the top management, and used to make resource decisions on improvements to the processes, then management review is taking place.

Corrective and preventive action. The top management doesn’t have to review every single corrective action. Instead, in order to define actions for improvement, they should be informed of the effectiveness of the actions taken and trends in nonconformity occurrences.

Follow-up from previous management review. This requirement is accomplished if the previously mentioned actions receive follow-up to ensure they were implemented. The best way to ensure this is to review the minutes from the last ISO 13485 management review meeting. The most important thing is to ensure that the records show this follow-up review.

Changes that could affect the QMS. The organization needs to track outside influences that could affect the system, such as the new version of the standard. In addition, reviews regarding internal information will address changes within the organization, such as recommendations for improvement or internal audits.

Recommendations for improvement. Some recommendations for improvement, such as those coming out of the internal audit, can be addressed as part of that system as stated above. Other recommendations, such as those from an employee suggestion system, will often be tracked on a log that can be reviewed.

Applicable new or revised regulatory requirements. The top management needs to be updated on changes in regulations that could impact the QMS and/or the business.

ISO 13485 management review outputs list

What are the required management review outputs?

The headings below are the mandatory outputs of management review, and records of the above queries need to be maintained to show that management review successfully addressed them and identified the outputs for the QMS.

Improvement of the effectiveness of the system. Improvement is the big driver of the ISO 13485 QMS, and it can be the largest benefit for a company that implements it. Process improvement is measured by savings in time, money, and resources, and this can be fed back into greater profits or driving the system to improve even further.

Improvement of product related to customer requirements. Again, by improving the product or service to make it more effectively meet the requirements of the customer, you can have greater customer satisfaction. More customers will return for your product or service, or tell their friends about it to drive in new customers.

Resource needs. Using management review to try to focus on improvements can help drive savings in costs and resources by making sure they are applied in the right place from the start. Using data to drive decisions helps to ensure that those decisions are accurate.

Changes needed to respond to new or revised regulatory requirements. The top management needs to define the actions necessary to achieve compliance with regulatory requirements and keep the organization current with laws and regulations.

When all of these elements are included in the ISO 13485 management review meeting minutes, they provides an overview of all the activities that the organization undertook within the defined period.

ISO 13485 management review can be a key driver for improvement

Once you go through the ISO 13485 management review, you will see that this process highlights all the areas to make sure the top management are monitoring and controlling the necessary resources to keep the company functioning. Instead of being a burden, management review should become one of the main elements of QMS improvement. Management review is all about reviewing the available data to confirm that adequate resources are present to ensure customer satisfaction and improve the QMS and the product.

Click here to download a free white paper: Clause-by-clause explanation of ISO 13485:2016 to learn which requirements need to be implemented before the management review takes place.

Advisera Strahinja Stojanovic
Author
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.


Advisera Kristina Zvonar Brkic
Contributor
Kristina Zvonar Brkic
Kristina Zvonar Brkic is an experienced consultant, auditor, assessor, and trainer for ISO 13485 and the EU MDR. She runs a thriving ISO 13485 consulting practice and helps companies and consultants to build their businesses. In her career, she also worked as an ISO 9001 and ISO 22716 consultant and lead auditor, and as an auditor and assessor for the MDD.


The portfolio of medical devices for which she has approval is plastic products with measuring function, various creams and gels, different systems for wound care, disinfectants, different catheters, panels for operating rooms and clean rooms, accessories and kits for performing surgical procedures of non-woven materials, medical gases, and various dental materials.