It doesn't matter whether you call it the management review, management evaluation, or the QM evaluation because these terms are synonymous. But if you don’t perform one, you’ll jeopardize your certification.
Nevertheless, bosses shouldn’t see the management review as a regulatory evil, but as a tool that can be very useful for them. For five reasons, as this article will explain.
Further down you can find a template for download. This makes documenting your management review even easier and ensures that you meet the regulatory requirements.
An organization’s “top management” must regularly – at least annually – assess whether the organization’s quality management system is still effective. This means bosses must check whether their QM system is working and thus ensures that:
After all, the health of patients, users and third parties is at stake.
If top management discovers that the QM system is no longer (sufficiently) effective, they must take actions immediately because standards and laws oblige them to have a compliant QM system at all times.
In addition to customer feedback, the management review is one of the most important feedback processes with which a company finds out how efficient its QM system is and whether the company is achieving its (quality) goals.
The standards speak of the "top management of the organization" responsible for the management review. To find out who is meant by this, two questions need to be answered:
The QM systems defines who the organization is. Typically, it is a company.
But sometimes, an entire group of companies has a common QM system and should therefore be understood as an organization. Sometimes only a part of a company forms this organization, for example, a department, a location or just the departments that develop, produce and sell medical devices.
The person or persons who run this organization form the “top management”. This is the boss, the managing director, the general manager or CEOs.
The implementation of the management review and the responsibility for it is the sole responsibility of this top management. They can get support with the preparation and follow-up. But the delegation of the management review is not allowed.
You cannot and should not assign your brainwork or your responsibility to your employees or even to third parties. Management review is your job. And only yours. Leadership is and remains the task of leadership.
In the next section, you can read why you should never give up the opportunity that the management review gives you.
Some managers have partially lost touch with reality: with customers, employees, and suppliers. They live in a world of meetings that have sometimes become ends in themselves.
The management review helps with the reality check: "Face the brutal facts". It helps to direct one's gaze to the bare and unadorned facts and figures of one's own company and to recognize all the deficits that can no longer be found in aggregated financial figures:
The management review forces the top management level to pause and reflect at least once a year:
Management review and strategy development go hand in hand.
The effectiveness of leadership stands and falls with the effectiveness of its communication. A good management review report explains in a comprehensible manner to the entire company,
Coherent communication helps the entire company to align itself and thus to understand better and achieve its goals. It is precisely such communication that is a hallmark of good leadership.
At the same time, the management review justifies communicating even unpopular decisions.
Smart management understands that the QM system is a valuable tool to structure the company and independent of individuals' heroic achievements. This, in turn, increases the value of the company, e.g. for potential buyers.
A manager who thoroughly carries out the management review signals to employees the importance of the QM system, strengthens and encourages the QM Representative, thus helps to increase conformity with the requirements of the QM system and this reduces regulatory risks and potential patient harm.
A good management review doesn't cost extra time. It even helps to save time:
The management review is a procedure that, like any procedure, transfers inputs into outputs.
Top management needs information to evaluate its own QM system and decide on the required actions.
Usually, the quality management deputy helps the top management compile and consolidate this information.
This information comes from both within and outside the company.
External sources of information include:
Companies have a wide range of internal sources of information:
The result of the management review is a report, which some call the management report or management review.
This report includes a description of:
The management report concludes with a final of the organization’s QM system.
The management should use the data to answer the following questions:
Typical actions include
This report is a controlled document, i.e., it must be reviewed and approved and protected against unintentional modification or deletions. You can download a template for the section structure here. This will help you to document your management review even more easily and to conform with the relevant standards.
The A-E-K method was created by the Swiss military. The three letters stand for:
These are the three steps that a management review should go through. Companies often get stuck on the first or second part, leading to non-conformities.
Top management should ensure that they have all the necessary information and that it is included in the management report.
For example, the report should give the number of complaints and the results of a complaint analysis:
The management should then evaluate this information and come to a conclusion about it. This should allow the management review to answer questions such as:
This second part is often missing or not robust enough.
Even more often, the actions required are missing from the report, even though they are obvious and may even have been implemented already.
In the above example, possible actions would be:
The FDA is particularly rigorous when it comes to checking whether the management review actually leads to action.
FDA inspectors start the inspection with the management process according to QSIT. They want to see what corrective actions management has introduced as a result of the quality management system review.
Based on this information, they look at the other systems and verify that the management's statements and findings regarding the QMS match the results of their inspection. If not, they conclude that management is not living up to its responsibility for the system.
An example: An FDA inspector has established that the management did not think corrective actions were necessary based on the results of the management review. The inspector then has management show her last year’s corrective actions. Here, she does not find any corrective actions for devices shipped to the United States. She then looks at all the complaints concerning the organization’s biggest selling device in the USA (or alternatively, the device with the highest risk class). When she reviews the complaints, she finds that systematic, repeatable device defects have occurred and asks why
If the management can’t give a coherent answer, she concludes that the CAPA process is not working and that management is not fulfilling its responsibility for the management system. She can’t conclude from the results of the management review that management is aware of quality problems and takes action when necessary. The warning letter includes both deviations.
If you conduct the management review more than once a year:
The DGQ has written the following on the management review for ISO 9001:
Conduct the management review more frequently: If you have developed a standard for your management review, it is a good idea to conduct it on a quarterly basis.
Integrate the management review into existing managerial or head of department meetings: use these meetings to regularly discuss the requirements of section 9.3 and the status of your QM system.
The management review is not a QM overhead that you should try to minimize by only conducting it once a year. The management review is a strategic management task. Leadership needs to continuous – and that doesn't mean annually
ISO 13485 has an important but also limited focus on the conformity and, therefore, safety of the medical devices and the company’s conformity. It doesn’t care about the survival and success of the company.
But ISO 9001:2015 does take a more comprehensive view. It takes all interested parties into account and requires management to also consider the company's opportunities and risks.
It would be even more helpful to widen the scope even further and look at all aspects that are crucial for the success of a business. How about including DIN SPEC 77555-1 on innovation management or DIN SPEC 77224 on achieving delight through service excellence.
Avoid describing the management review too generally in the quality management handbook or in the corresponding standard operating procedures, or even simply repeating the requirements contained in the relevant standards.
It is better to precisely define exactly who has to do what, when and how:
What you should establish
Tips and tools
Who is responsible for which activities? Who collects the data, who processes it, who follows up on actions?
Detailed SOPs help ensure that even a year in the future you know exactly what has to be done, which tools have to be used and how the data will be analyzed.
How often and at what time points/occasions do you conduct the management review?
A typical time point is one month before the external audit. More regular reviews would be better (see above).
What inputs do you provide for the management review?
You can use templates, in which the QMD enters all the data, for this.
How are the results and actions documented?
Again, a template helps you to quickly create the management report and to remember all the important aspects.
How are the actions tracked?
Task management tools, such as ticket systems (e.g., Jira), or project management tools, such as OpenProject, help you maintain an overview of tasks and ensure project progress.
How are the results communicated?
Examples of communication channels include staff meetings, company magazines, emails, video messages, Q&A sessions with management.
There is a reason that the standards require “top management” to conduct management reviews. It is because this evaluation is an essential management task, i.e., a management task that shouldn’t and can’t be delegated.
The QM deputy can help with preparations and follow-ups; but managers should not outsource the brainwork. If it did, management would have to ask itself why it is still there and whether the QM deputy shouldn’t be part of the management.
However, the two regulations require the:
to be defined.
As manufacturers usually cite conformity with ISO 13485, which explicitly requires management reviews (see below), the obligation arises at least indirectly.
In the Quality System Regulation (QSR), in 21 CFR Part 820.20 to be exact, the US Food and Drug Administration describes the requirements for the management review:
(c) Management review. Management with executive responsibility shall review the suitability and effectiveness of the quality system at defined intervals and with sufficient frequency according to established procedures to ensure that the quality system satisfies the requirements of this part and the manufacturer’s established quality policy and objectives. The dates and results of quality system reviews shall be documented.
Sec. 820.20 Management responsibility
For management assessments according to 21 CFR Part 820 QSR, companies have the right to refuse to allow inspection of the management review. At the same time, they must demonstrate that a management review has been conducted.
Therefore, if the FDA asks for your management review as part of an inspection, you should have the following documents ready:
Be sure to reference the QSR (21 CFR Part 820 QSR) in all documents as well, not just ISO 13485.
ISO 9001 is the basic standard. It sets the requirement that the top management of an organization must evaluate the performance of a QM system.
In section 9.3.1 it requires:
Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.
ISO 9001:2015 section 9.3.1
ISO 9001 also specifies:
A lot of other standards specific to this topic and sector also include these requirements, sometimes word for word.
Of the sector-specific standards, ISO 13485 is the most relevant for medical device manufacturers. Its requirements are very similar to those of ISO 9001, e.g., the following:
Top management shall review the organization’s quality management system at documented planned intervals to ensure its continuing suitability, adequacy and effectiveness. The review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.
Medical devices — Quality management systems — Requirements for regulatory purposes
Medical laboratories — Requirements for quality and competence
Explosive atmospheres — Part 34: Application of quality management systems for Ex Product manufacture
DIN EN 9100
Quality Management Systems – Requirements for Aviation, Space and Defence Organizations
DIN EN 15224
Quality management systems – EN ISO 9001:2015 for healthcare
Food safety management systems – Requirements for any organization in the food chain
Learning services for non-formal education and training — Basic requirements for service providers
For medical device manufacturers, the quality management standard ISO 13485 is of particular importance. But a lot of many manufacturers use other topic-specific standards. The focus of the management reviews differs accordingly. For example, it could be on:
General requirements for the competence of testing and calibration laboratories
Environmental management systems
Energy management systems
Safety Certificate Contractors
Information technology — Security techniques — Information security management systems — Requirements
Measurement management systems — Requirements for measurement processes and measuring equipment
Compliance management systems – Guidelines
DIN EN 60300-1
Dependability management – Part 1: Guidance for management and application
DIN SPEC 77224
Achieving Customer Delight Through Service Excellence
Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements
Conformity assessment — Requirements for accreditation bodies accrediting conformity assessment bodies
Conformity assessment — General requirements for proficiency testing
Conformity assessment — Requirements for bodies certifying products, processes and services
General requirements for the competence of reference material producers
Security and resilience — Business continuity management systems — Requirements
Facility management — Management systems — Requirements with guidance for use
Risk management — Guidelines
Anti-bribery management systems — Requirements with guidance for use
Occupational health and safety management systems — Requirements with guidance for use
Asset management — Overview, principles and terminology
DIN SPEC 77555-1
Innovation Management – Part 1: Innovation Management System
The management review shouldn’t, under any circumstances, be seen merely as a burdensome regulatory duty by top management. Instead, management should use the management review as a powerful management tool.
A company rots from the head down if its management does not perform its leadership duties or even believes that it can delegate the management review to QM deputies.
The quality of the QM system stands and falls with the quality of the management review. And the quality of the company and its products stands and falls with the quality of the QM system.
For top management, this means: do your job!
If you need help with your management review then get in touch with us using the contact form: The Johner Institute’s advisors will be happy to help you design your management review and align your quality management system with your goals so that you can safely pass audits and become even more successful as a company.