| Management review audit finding issues

photo

One of the most common questions we get asked is!

"Our management reviews have been a problem area in the past, we have had several Non-Conformances but we want to maintain ISO 27001 or ISO 22301 certification. What are the common issues you see?"

We have put together a short response on the common issues we have found:

Auditor Finding 1
The management review does not follow the ‘Review Inputs’ and ‘Review Outputs’ that are clearly stated in the management part of the standard.

Response
Use the review input as the Meeting Agenda, and use the review output as the format for the ‘Minutes of Meeting’;

Auditor Finding 2
No clarity on Who, What, Where and When this managment review took place.
Response
Always good to give anyone reading the management review some indication of responsibilities and actions to be taken;

Auditor Finding 3
Changing the format every other meeting still gives us non-conformities

Response
try to be consistent in the approach, if the certification auditor says it meets the requirements of the standard, then it does.