ISO 9000 Management Review in a Small Company - Everyone knows what's happening


Don Winton

Management Review

I have an area I would appreciate comment on. An individual I was advising recently asked this question: “Does ‘Management Review’ mean that we have to hold management review meetings? We are a small company and everyone knows the status and what is going on.” My response (summarized below) was this:

ISO 9001 4.1.3 states “The supplier’s management with executive responsibility shall review the quality system at defined intervals sufficient to ensure its continuing suitability and effectiveness is satisfying the requirements of this American National Standard and the supplier’s stated quality policy and objectives (see 4.1.1). Records of such reviews shall be maintained (see 4.16).”

ISO 8402 3.9 defines management review as “formal evaluation by top management of the status and adequacy of the quality system (3.6) in relation to quality policy (3.1) and objectives.”

The majority of companies comply by holding annual or semi-annual Management Review meetings where face to face discussions are entered into. It does not, however, state that “meetings” shall be held. My response also indicated that meetings are usually the preferred method because things may arise that may not be considered on an individual basis. However, they are not essential. I offered the following example:

Section states “The supplier’s management with executive responsibility shall appoint a member of the supplier’s own management who, irrespective of other responsibilities, shall have defined authority for…reporting on the performance of the quality system to the supplier’s management for review and as a basis for improvement of the quality system.” Since this report must be prepared anyway, use it as a management review tool. Prepare the report outlining and describing performance and include the items detailed in 4.1.3. Include items such as internal audit results, noncompliances found, status of corrective actions, etc. After the report is complete, circulate it with a cover sheet that explains the content and purpose of the report. Include on the cover an area where comments can be recorded. Require that the receivers’ sign and date the cover indicating they have read the report, circulate to all recipients and have the original returned to you. Copy the recipients afterward and keep the original as your objective evidence.

Was I completely off base? Comments would be appreciated.



Fully vaccinated are you?
Don't over complicate the matter - take a look at Mgmt_rev.pdf

Free Files Directory A Simple Management Review form

This was for a small firm (14 souls) and the registrar easily bought it. The VP Operations scheduled the review on his yearly calander (hanging on his wall). He and the other VP 'met' at least once a year, completed the form and all was well with the world! And with the registrar!

Don Winton

Thanks. That is much better than my suggestion. The form is GREAT. Will advise the individual who originated the question and reply if additional questions are raised. Thanks again, Marc.


Fully vaccinated are you?
Since I'm such a loud mouth, I'll say again to everyone:

Don't over complicate any system for the sake of compliance. Do what is appropriate for the employees, the business, the product and the processes.

Keep It Simple!

At the same time, remember that what satisfies ISO 900x does not automatically satisfy QS9000!

[This message has been edited by Marc Smith (edited 08-27-98).]

Don Winton

You are correct. I seemed to have forgotten the primary rule, "Do not read in what is not there." Thanks for the reminder.



Fully vaccinated are you?
My main concern - why this web site is here - is to provide, to anyone who wants to take the time (none of this horse REDACTED of 'Please explain to me what ISO9000 is') to READ, information in how to comply with QS and/or ISO 900x 'requirements'.

I continue to contend:

1) Can you explain: What are you doing?
2) Explain how you meet the requirement.

If you are copying 'requirements' into your level 2's, you are not meeting the overall intent:

Can You Explain How You Comply?
Keep it Simple! It must be appropriate for your business and product(s).

[This message has been edited by Marc Smith (edited 09-09-98).]

Christian Lupo

Maybe its does not need to be said, but I'm going to say it anyway because many quality professionals have translates the advive "Keep it Simple" into "Get out of it Easy". I totally agree with Marc that you should keep it simple, but not at the risk of compromising the intent of the standard. It has been my experience that small companies tend to do this more than large, not true in all cases, but small companies tend to wanna "get out of it easy". I personnaly know a quality manager who is always saying "all you ISO guys wanna do is complicate things". Mostly in response to sound business practices, such as initialing and dating cross-outs on permanent quality records. His contention is if it does not say it in ISO his company dont have to do it. His consultant told him to "keep it simple", but now he wonders why ISO hasn't benefitted his company. I'm not saying that passing an agenda around to the management team does not work, or is a bad idea, but there is a lot to be said for having face to face meeting to discuss the health of the business system, no matter if the company is 2 people or 2,000. Yes while it is technically true that ISO does not require meetings, conducting meeting has its genesis in sound business practices, and has become the prefered practice for conducting management review.


Fully vaccinated are you?

I agree with you for the most part. Along with Keep It Simple is the fact that it must work. In general, the smaller the company the less complex it is thus the simplier the systems. One company of about 12 people I worked with was the source of the 'management review'. As I said (I think) they do meet once or twice a year - just the owner and the one vice-president - but it suffices for what they do.

You stated:

"His contention is if it does not say it in ISO his company dont have to do it. His consultant told him to "keep it simple", but now he wonders why ISO hasn't benefitted his company."

I contend that has nothing to with keeping anything simple - it has to do with the attitude of the person who wondered why ISO wasn't 'helping' his company. If the person was being guided by a consultant, well - there are bad consultants - lots of bad consultants as a matter of fact. The expectation that ISO is a magic bullet, or that ISO is "all you have to do" is just plain stupid thinking.

I suggest that the failure for ISO to 'benefit' his/her company is that person's fault and is unrelated to ISO requirements. ISO is just a set of required minimum business systems. I tell my clients that I cannot really remember an implementation where problems weren't found and addressed (typically fixed) but that it is very possible that ISO will provide no outstanding evidence that it has helped the company in any way and that, in fact (as almost always happens), the first 'evidence' is typically new customers who had a choice between the company and others and they wanted (specifically) an ISO registered firm to buy from.

There are two types of companies in my world - those which have good business practices to begin with and those which don't. Take them both and implement ISO and see what you get.

To say Keep It Simple is, I admit, in its self simplistic (just as Say What You Do and Do What You Say is simplistic) - there is more to it than just keeping it (whatever 'it' is - I assume 'it' to be a system or series of systems) simple - we all know that, yes? Better said might be Keep It Appropriate for Your Company.

Company 'qualifiers' I consider when addressing system(s) requirements include:

Facility Size
Number of Facilities
Location of Facilities Geographically
Number of Personnel in (Each) Facility
Dispersion of Facilities Geographically
Management Demeanor (Both Upper- and Mid-)
Hourly Demeanor
External Customers and their Requirements (Ford? GE? Motorola? Sue's Sandwich Shop? Wal-Mart? SAM's Discount Club?)

From now on I personally pledge to say:

Keep It Appropriate

instead of Keep It Simple.

barb butrym

Quite Involved in Discussions
with all of that digested....simple is easier to say than appropriate..also easier to spell...much simpler..wouldn't you say?....LOL.


Fully vaccinated are you?
You wouldn't want me to break my pledge in the name of simplicity, would you barb?
Top Bottom