There are many reasons why an organisation may want to implement an effective Information Security Management System (ISMS), and the vast majority choose to proceed to have this independently assessed for ISO 27001 certification to give their stakeholders, customers and employees confidence in their approach....
The Importance of management reviews
How to Plan and Conduct A Management Review
What is a management review?
Management review is a systematic assessment to ‘measure the effectiveness of the organisations’ management system. ISO standards require management reviews because they ensure that management systems remain focused on the direction of the business and continual improvement.
An inefficient management system leads to a lack of engagement, uncertainty and lack of clarity throughout the business. The idea behind the review process is to take a regular and systematic step back from day to day running of a business to review the performance of the management system by asking; are the current processes still suitable, adequate and effective?
Routinely reviewing and improving processes within an organisation is a critical element of continual improvement. Management review allows an organisation to make informed decisions using the Key Performance Indicators driven by their management system; identify opportunities for improvement and review and manage business risks.
In this article, we discuss management reviews and their links to an improvement focused business, the steps organisations can take to implement them, and the solutions management reviews provide.
Why are management reviews important?
Management review is a critical and required part of running an ISO certified Management System. They allow you to determine and evaluate management system performance, the need for change and improvement, and the suitability of business policies and objectives.
Management review allows an organisation to:
- Review actual results relating to the performance of the business and its systems
- Look at trends in problems encountered with a view of improving practices to eliminate their causes
- Review data on the performance in meeting the quality objectives and key performance measures for the organisation
- Learn from what has gone wrong
- Monitor subsequent corrective and preventive actions
When you take the time to look at how your management systems are working and not working, you can identify areas that are failing and plan to improve/fix them.
Who should perform a management review?
Responsible managers should be present an participate in management reviews. The person with the overall responsibility of the Management System should chair the meeting.
When should management reviews be conducted?
Aim to do a management review at least once a year, although for larger organisations it’s recommended that reviews should be conducted more frequently. Regular management reviews are a requirement of ISO standards and should be done routinely.
It is up to the organisation to set the frequency of the management review. However, ISO standards state that the frequency of reviews must be defined in the management system processes or related documented procedure for ISO certification.
Planning and conducting a management review
To ensure engagement from participants, it is recommended that reviews of separate management systems should be combined, where possible. This removes the need for potential duplication in discussion and therefore has less impact on the resource.
An agenda should be pre-communicated with team members, and this agenda should be fixed for each review meeting, to ensure consistency of discussions. The agenda may include items such as:
- Is the current management system achieving the expected results – competitive edge, efficiencies, customer satisfaction, etc.?
- Is it current/relevant and meeting the organisation’s requirements?
- Does it demonstrate continual improvement?
- Is the organisation compliant with relevant legislation?
- Are these the results we want? Are we working on the right things? What is the quality of our program?
- What resources are needed to address any issues, shortfalls, or improvements?
- What process improvements can be put in place?
Have all corrective actions/areas for improvement discussed at the previous management review been resolved
During the meeting, any anticipated challenges, performance gaps, or inefficiencies should be discussed in order that management can proactively address these issues. Recommended corrective actions should be agreed, documented, and assigned.
Scheduling, planning, implementing, and recording all of the information surrounding management review can be a difficult task without proper organisation and preparation. Activ ISO Management Software provides effective tools that can be used at all stages of management reviews. The software offers scheduling, tracking, and measurement tools, supported by follow up notifications, any sensitive discussion areas or plans can be kept confidential using privacy or data segregation tools.
Our management review template is a framework to help you plan and implement review meetings. Download now and see how this can assist you in your next meeting, or book a demonstration with us to see how this workflow can be automated in our Activ software
Measuring & Documenting management review
Activ’s broad suite of modules will enable you to not only house your ISO management system(s) but also clearly measure its effectiveness.
Together, the Audit Manager and Improvement Log modules aid senior management in planning, implementing and recording management reviews and all subsequent corrective actions or process improvements. The Audit Manager includes scheduling tools, enables pre-communicated agendas to be circulated for meetings/reviews and provides a comprehensive, centralised place to record metrics and minutes. The powerful Improvement Log module is used to track and monitor all assigned actions – from simple process adjustments to complex improvement projects involving multiple team members.
Would you like to see how Activ can help you improve your Management Review process? Book a demo with Activ to try out our Management Review modules.