| Management review audit finding issues
One of the most common questions we get asked is!
"Our management reviews have been a problem area in the past, we have had several Non-Conformances, but we want to maintain ISO 27001 or ISO 22301 certification. What are the common issues you see?"
We have put together a short response on the common issues we have found:
Auditor Finding 1
The management review does not follow the ‘Review Inputs’ and ‘Review Outputs’ that are clearly stated in the management part of the standard.
Use the review input as the Meeting Agenda, and use the review output as the format for the ‘Minutes of Meeting’;
Auditor Finding 2
No clarity on Who, What, Where and When this management review took place.
Always good to give anyone reading the management review some indication of responsibilities and actions to be taken;
Auditor Finding 3
Changing the format every other meeting still gives us non-conformities
Try to be consistent in the approach, if the certification auditor says it meets the requirements of the standard, then it does. Auditor Finding 4
We will conduct Managment Reviews every 3 years
Managment Reviews have to be atleast annual in order for you to determine how your Managment system is being maintained.