6 Ways to Make the Most of a QMS Review - ISO 9001 Clause 9.3.1

QMS Auditing tips

The periodic management system review is an opportunity not to be missed


ISO 9001 Clause 9.3.1 requires that  'Top management shall review the organization's quality management system, at planned intervals, to ensure its continuing suitability, adequacy, and effectiveness.'

Is this just a 'rubber stamp' activity or do you seek to benefit from the requirement?  If your answer is the latter, here are some examples of what you can do to make the most of periodic ISO 9001 audits.

1: Take full advantage of the Process Approach

Check that you have a Process Map that is up to date. Have any new processes, procedures been introduced this past year? What do internal and external audits and the analysis of non-conformances tell you about how well processes are controlled; which ones have the greatest risk for the organization; where additional controls are needed are the critical processes accurately identified? A brainstorming session to review and revise a process map might be very rewarding.

2: Apply Risk Management methods progressively for all critical Processes

Review your risk assessment and risk treatment plans against outcomes - again the results of the internal and external audit - and the analysis of non-conformances. If you're not using formal risk assessment and risk treatment, now is the time to start. 

While it is not a requirement of ISO 9001, there are real business benefits to be had, mistakes to be avoided and profit to be made. Focus most attention on the critical processes as it is these that are most likely to affect customer satisfaction. 

Risk assessments are 'live' documents and must be updated in light of experience and changes in the organization, its products and services and customer requirements and so on.

Don't underestimate how much time and effort is needed to create and later revise risk assessments. Prioritise your critical processes and plan sessions once a week or once a month to address them.New call-to-action

3: Integrate Quality Objectives

If your organization has KPIs (Key Performance Indicators), don't consider them to be different from Quality Objectives. That's because KPIs are Quality Objectives and their integration into your Quality System will build credibility in the usefulness of the Quality System especially with those who view it solely as a  burden on the business.

4: Introduce adequate Calibration Control

Inadequate calibration control is a common area of weakness for many businesses for whom accurate monitoring and measurement are critical to success.  Too often there are no dependable records to justify the adequacy of the measurement devices chosen. 

And the frequency of recalibration is dictated by calibration laboratories to maximise income and/or suit the schedules of calibration technicians (if too infrequent, erroneous results may be being recorded).  If either of these situations apply to your organization, you need to take action.

In particular, you should consider the need for switching rules to a higher or lower frequency of calibration check based on the history of adjustments to calibrated devices. 

5: Exploit your Internal Auditor training especially regarding improvement

Internal auditing should not be a 'box ticking' exercise but, rather, an engagement between the auditor and the interviewees to confirm the compliance with requirements (the primary purpose of the audits - see ISO 9001 Courses) but also to elicit suggestions for improvement. 

The occasion of the audits is one of the few times in the year when the opinion of those who are most intimately involved in the day-to-day work of the organization can be collected.  The opportunity is there; so, make sure you make the most of it. 



Trained Internal Auditors are critical to exploiting the benefits of a QMS


6: Promote your QMS Certification, and the capabilities and Customer Satisfaction it affirms

This may seem obvious but it is surprising how often organizations do not publicise on promotional websites, publicity materials and elsewhere the ISO Certification they hold. 

With prospective customers especially, your Certification goes beyond being a piece of paper and offers independent proof of your organization's capabilities, and it is in this context that marketing and sales personnel should use it.  ISO Certification is not the 'property' of the Quality Department.

You should take action to ensure that every function is exploiting its potential for improved business.

To conclude:

We hope you find some of these improvement suggestions useful.  Perhaps they will 'spark' some other possibilities for you as well as provide some 'food for thought'.  

ISO 9001:2015 Lead Implementer 

Note: First posted in January 2019; revised and updated in October 2021.


Related Articles


deGRANDSON Global is an ISO Certified Educational Organization

InISO 21001 ISO 29993 ISO 29994  October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

  • ISO 21001, Educational Organizational Management System,
  • ISO 29993, Learning Services outside formal Education,  and
  • ISO 29994, Learning Services – additional requirements for Distance Learning.

We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems

Subscribe to Email Updates


Recent Posts

Posts by Topic