| Management review audit finding issues

photo

One of the most common questions we get asked is!

"Our management reviews have been a problem area in the past, we have had several Non-Conformances, but we want to maintain ISO 27001 or ISO 22301 certification. What are the common issues you see?"

We have put together a short response on the common issues we have found:

Auditor Finding 1
The management review does not follow the ‘Review Inputs’ and ‘Review Outputs’ that are clearly stated in the management part of the standard.

Response
Use the review input as the Meeting Agenda, and use the review output as the format for the ‘Minutes of Meeting’;

Auditor Finding 2
No clarity on Who, What, Where and When this management review took place.
Response
Always good to give anyone reading the management review some indication of responsibilities and actions to be taken;

Auditor Finding 3
Changing the format every other meeting still gives us non-conformities

Response
Try to be consistent in the approach, if the certification auditor says it meets the requirements of the standard, then it does. Auditor Finding 4
We will conduct Managment Reviews every 3 years

Response
Managment Reviews have to be atleast annual in order for you to determine how your Managment system is being maintained.

I will only use your Details to make contact, once any work is completed I will destroy the information

3 DAVENPORT PARK ROAD, STOCKPORT, SK2 6JU, UK