DEV Community

Priya Nair
Priya Nair

Posted on

Management review that isn't a slide show — genuine quality signals

I used to dread management-review season. The folder would arrive with ten slide decks, two long PDFs, and a hopeful calendar invite. Management would attend for 20 minutes, nod politely, and we'd file the slides. Then a notified-body auditor would ask for the "evidence of management decisions being implemented" and the room would go quiet.

Management review is a regulatory requirement (see ISO 13485:2016 clause 5.6 and, for MDR manufacturers, your QMS obligations under Article 10(9)). To be fair, the requirement is short on prescriptive detail — it tells you what to review, not how to show you actually acted. In practice this means the difference between a theatre piece and a living management system. Here is what I use to keep ours in the latter category.

What management review should signal (not merely state)

Think of the review as a control point, not a presentation. A genuine management review gives you these signals:

  • Traceable decisions. Every decision links to an action, an owner, and an expected completion date — and you can trace progress in the QMS.
  • Evidence of closure. When the review notes a CAPA or change, there is evidence the activity completed and was verified (not "we closed it" on a slide).
  • Risk posture updated. Risk files reflect any decisions — e.g. risk control implementation, benefit-risk re-evaluation, or new hazards identified through complaints/field data.
  • Resource alignment. If management approved more people or budget, that uplifts the capability and is visible in hiring or supplier contracts.
  • Measurable trends. You see controlled KPIs with acceptance thresholds and actions when thresholds are breached.

If you don't have those, it's a slide show.

Practical inputs I demand before the meeting

Auditors and regulators look for documented inputs. My checklist for the pre-read package is deliberately short and standardised:

  • Open CAPAs / top 10 CAPA status with root-cause and verification evidence.
  • Audit results (internal, supplier, and external) with corrective actions and trend commentary.
  • Product performance signals: complaints, vigilance reports, field corrective actions, and high-level trending.
  • Post-market activities: PMCF progress, and PSUR/periodic reporting summaries where applicable.
  • Supplier performance and critical supplier risks.
  • Changes under review: change-control summary with impact assessment.
  • Regulatory landscape: new guidance, notified-body findings, or market constraints.
  • Resource & training needs, and any unresolved financial constraints.

Package these as data tables, not slides. I want direct links to the records — minutes should point to the CAPA IDs, audit report IDs, and change-control numbers. Connected workflow matters; when CAPA #1234 is discussed, I should be able to open it from the meeting note.

Structure that forces action (what we actually do)

We run a two-part review:

  1. Tactical session (monthly, 45–60 minutes)

    • Short, evidence-based: top three risks, top three open CAPAs, supplier hot-spots.
    • Decisions are tactical: reallocate resources, escalate to strategic, approve urgent changes.
  2. Strategic management review (quarterly/annual as required)

    • Review trends, product portfolio risk posture, regulatory changes, and the QMS effectiveness measures.
    • Make strategic decisions and approve resource plans.

Both use the same minute template so audit trails are uniform.

Minute template — the non-negotiable fields

A good minute looks like a transaction record:

  • Unique meeting ID and date.
  • Attendees and their roles (attendance is an auditable control).
  • Inputs reviewed (list with links/IDs).
  • Decisions made (short sentence).
  • Action items: owner, due date, priority, link to CAPA/change ticket if applicable.
  • Follow-up verification: who will confirm completion and by when.
  • Sign-off by top management.

This gives you automated CAPAs and a controlled assistance feel: decisions turn into assignable, traceable tasks.

Red flags auditors ask for (and what fixes them)

Notified bodies repeatedly ask for three things:

  • Where did this decision come from? Fix: link minutes to the input record.
  • How do you know it worked? Fix: show verification records and risk-file updates.
  • Who is accountable? Fix: assign owners with due dates and follow-up evidence.

If you cannot show traceable links, you will get a finding.

Tech that helps — but don’t outsource judgement

An eQMS with connected workflow lets you mirror actions across modules: link a management-review decision to a Change Control, CAPA, and the affected Technical File document. This reduces transcription errors and improves reviewability.

That said, tools don’t replace judgement. Automated CAPAs or AI-assisted summarisation can help with the pre-read (pulling trends, flagging anomalies), but the human decision about residual risk, business impact, and resource trade-offs stays with management. Use technology for process automation and traceability — don’t let it perform the decision.

Quick list: tangible quality signals to show an auditor

  • Signed minutes with links to records and CAPA IDs.
  • A closed-loop example: decision → CAPA → verification → change logged in the Technical File and risk file updated.
  • Trend charts where thresholds trigger a management action, and evidence the action occurred.
  • Resource approvals followed by recruitment/hiring or supplier-contract changes tied to the decision.
  • Evidence that PMCF/PSUR outputs influenced decisions.

Final note

If your management reviews feel like theatre, start small: require the pre-read data pack, standardise your minute template, and force one decision into the QMS workflow every meeting. You’ll trade theatrical slides for auditable transactions — and that is exactly what regulators want to see.

How have you turned one management-review finding from a notified body into a permanent process change in your organisation?

Top comments (0)