Management review revisions for ISO 13485:2016

The article explains management review revisions required for ISO 13485:2016 compliance. The article tells a story about a recent re-certification audit nonconformity and how the revised ISO 13485:2016 Standard will help prevent this type of quality issue in the future. The article includes links to information about new and revised regulatory requirements, how to write a procedure, and there is a link for downloading a free management review webinar.

Management Review 20161 Management review revisions for ISO 13485:2016

One of my clients recently had a re-certification audit in December with their Notified Body, and they received a nonconformity in the first couple of hours of the four-day audit. Here’s what happened.

First, they had an opening meeting with the auditor from 8:30 am – 9:05 am. Next, they took the auditor on a tour of the facility to show her some of the areas of the facility that had been renovated since last year’s surveillance audit. The management representative and the auditor returned to the conference room at 9:40 am, and the auditor began with a review of the management review revisions to the procedure. The procedure had not changed since the previous year, so the auditor asked to see the most recent management review. The company conducted a management review on Tuesday, December 8, 2015. The audit reviewed all the required inputs since the previous management review–which was held on Tuesday, December 9, 2014.

When the auditor reviewed the data analysis of complaints, she noticed a spike in complaints related to shipping errors that occurred from February through May. When she asked for an explanation, the management representative explained that the renovations caused some misplacement of inventory that resulted in shipping delays and a few mistakes. The auditor asked when the trend was first observed. The management representative indicated that the pattern was observed in April, and the warehouse manager made corrections in May. The trend was confirmed to have reversed in the data from the third quarter.

The auditor asked if a formal corrective action was implemented. The management representative said that no formal CAPA was initiated because the problem did not appear to be a systemic problem due to the small volume of complaints relative to the large volume of shipments. The auditor asked if shipping complaints were a quality objective. The management representative confidently indicated that they were. The auditor then asked when top management was notified of the negative trend and reviewed the spike in the performance of the quality objective. The management representative said that the objective quality performance is evaluated by top management during the management reviews. Since the corrections appeared to be effective, no further action was warranted.

The auditor responded that she would be issuing a minor nonconformity against the management review process. The reason the auditor provided was that top management and the management representative did not maintain the effectiveness of the quality management system during a major renovation, because they did not monitor quality objectives on a sufficient frequency to react to quality issues in a timely manner. Furthermore, they failed to modify their planned interval for management reviews to take into account significant changes in the facility that could negatively impact quality.

At the closing meeting, top management asked what should have been done to avoid this finding. The auditor was hesitant to provide advice, but she indicated that management could have been more proactive and taken measures to prevent the shipping complaints in the first place. A quality plan for the renovation could have included increased management oversight and a more frequent review of quality objectives related to the areas being renovated. Instead of reviewing quality metrics quarterly, a monthly schedule might have been used during the renovations. Instead of scheduling the management review for December, top management might have planned a management review during or immediately after the renovations to address any quality issues with corrective actions or action items in the management review outputs. Another possible and less proactive approach would have been for the warehouse manager to initiate a formal corrective action as soon as the negative trend was observed. Then top management would have been aware of the quality issue through the CAPA process. Unfortunately, none of these actions were taken.

The auditor indicated that she could have written the finding against a number of different clauses (e.g., CAPA, monitoring, and measurement of processes, quality system planning). She chose to reference the management review process in the finding because the company will need to make management review revisions in 2016 to document the justification for management review intervals. There are also management review revisions required to address new and revised regulatory requirements in the meeting outputs. Therefore, the company’s corrective action plan might also address the requirements of the revised ISO 13485:2016 Standard.

Management review revisions to the frequency of planned intervals

Most companies satisfy the requirement for conducting a management review (i.e., 21 CFR 820.20 and ISO 13485, Clause 5.6) in one of the following ways:

  1. conducting one meeting each year
  2. conducting one meeting each quarter

If your company is conducting only annual reviews, your reviews will be far more useful if you switch to a quarterly schedule. In the case of my client, top management would have discussed the negative trend in shipping complaints in April 2015 instead of December 2015–8 months earlier. Reviewing data from 9-10 months ago is too late to take action.

Management Review Revisions Medical Device Academy Made

You can download the management review procedure from this website that was just updated for compliance with ISO 13485:2016. If you have your procedure, you might want to read my blog about improving your management review procedure. The key to writing a procedure is to link the procedure to a template that will be used as a starting point for each management review. The template should include each of the eight required inputs (i.e., Clause 5.6.2), the 3 required outputs (i.e., Clause 5.6.3), and a slide for covering both the Quality Policy and the overall effectiveness of the Quality Management System. The procedure should be short, and the bullets should match the requirements verbatim.

Training Top Management

The biggest reason why management reviews are ineffective is that there is little engagement by most of the people in the room. Everyone in the room should be familiar with the requirements and contribute to the preparation for a management review and management review revisions. The best management representatives anticipate the needs of top management and give them tools that explain precisely what they need to do to prepare for a management review and their responsibilities during the meeting.

Additional Management Review Resources

If you are looking for more information on this topic, here are some resources:

  1. How to Improve Your Medical Device Management Review Procedure
  2. Management Review Procedure Case Study
  3. Management Review Webinar: Making your meetings more effective
  4. Medical Device Management Review Meetings: 3 Compliance Issues

Posted in: ISO 13485:2016, ISO Certification

Leave a Comment (11) ↓


  1. Rob Packard January 9, 2016

    Story details have been modified to protect the identity of my client, and similar circumstances have occurred at more than one client.

  2. Lilibet January 15, 2016

    Hi Rob,
    Thanks for this article; very timely since my company is about to be re-audited.
    I have a couple of questions:
    1. Can you confirm that auditors are not going to assess company’s on the new ISO 13485 regs until they have been formally issued? I checked with our EU Authorised Rep and was told that they could not.

    2. In the case that you cited, the problem was the lack of management review during the renovation to track progress and to ensure that quality objectives are being met. Would it have been acceptable had the company used another meeting forum (that was minuted) to do these?

    • Rob Packard January 15, 2016

      Hi Liz,

      1. Your EC Rep is correct. Auditors cannot issue findings against the new version until it is issued, however, when you choose to upgrade to the new version is up to you. You have a 3-year transition period typically. The only reasons why you would potentially need to upgrade earlier are if you are obtaining a new certification after the new version has been issued or if you are going through a recertification and the certification body indicated that they will no longer audit to the old version. I don’t expect that for at least a year.

      2. Another meeting forum is perfectly acceptable for discussing those issues as long as top management is made aware of the outcomes and recommendations of that meeting so that they can ensure adequate prioritization of resources.

      Thank you for your great questions.

  3. Mark August 16, 2017

    We are going through our surveillance audit Nov 2017. They are auditing to ISO 13485 2016 and will be issuing minor non-conformity even though our Certificate is 2003. Not really a grace period in my book if you are being written up during the grace period. I think they should be observations until we go through the recert audit.

    • Rob Packard August 17, 2017

      The certification body cannot force you to be audited to the 2016 version a year early. However, you may run into the need for a longer audit or a second upgrade audit if you wait until the end of 2018. Most auditors would only identify areas where you are not compliant with ISO 13485:2016 verbally. Otherwise they may be viewed as consulting. As an internal auditor you have more flexibility and you can write observations or recommendations for compliance with future requirements.

  4. Matt August 22, 2017


    You stated above, “the company will need to make management review revisions in 2016 to document the justification for management review intervals.” I have heard this justification before, but I don’t see that requirement in the standard. Can you elaborate? Thanks.

    • Rob Packard September 7, 2017

      The ISO 13485:2015 draft had a requirement for this, and some notified body auditors will ask you to justify the duration of your intervals. However, the requirement was not approved in the final ISO 13485:2016 text. I do, however, include this in my own procedure because I think it is important for effectiveness of the management review process.

  5. Beryl October 9, 2017

    Good day
    Bloemed is a small family business in South Africa. We are distributors for a large medical devices company in Europe.
    Staff consists of 2 manages (Father & Mother) and 3 adult children plus 3 other employees who follow instructions given to them on a daily basis.

    Question: What is required for us to be compliant with regard to Management Review ISO 13485

    • Rob Packard October 9, 2017

      Thank you for your question Beryl. The requirements for management reviews is defined in section 5.6 of ISO 13485, and you can learn more about how to implement those requirements in my blogs about management reviews. You can also download a recorded webinar on the topic and copy of my procedure: If you have trouble downloading the content, please email me at


Leave a Comment

Time limit is exhausted. Please reload the CAPTCHA.