Carrying Out OH&S Management Reviews Under ISO 45001
ISO 45001 Clause 9.3
Top management decides if the management system is fit for purpose - and the standard sets out exactly what they need to consider.
ISO 45001 Clause 9.3 - Management Review of the OH&S Management System
ISO 45001 Clause 9.3 requires top management to review the OH&S management system at planned intervals to confirm its continuing suitability, adequacy and effectiveness. The standard prescribes specific inputs that must be considered and specific outputs that must come out of the review.
Management review is not a meeting in the standard's terminology - it is a review process. Many organisations run it as an annual meeting, but some structure it as a series of shorter reviews across the year, or as a documented review distributed to top management for input. What matters is that the prescribed inputs are addressed and the required outputs are reached and recorded.
Required Inputs to Management Review
Clause 9.3 sets out the inputs that top management must consider:
- Status of actions from previous management reviews
- Changes in external and internal issues relevant to the OH&S management system, including the needs and expectations of interested parties, legal and other requirements, and risks and opportunities
- The extent to which the OH&S policy and OH&S objectives have been met
- Information on OH&S performance, including trends in incidents, nonconformities, corrective actions and continual improvement, monitoring and measurement results, results of evaluation of compliance with legal and other requirements, audit results, and consultation and participation of workers
- Adequacy of resources for maintaining an effective OH&S management system
- Relevant communications with interested parties
- Opportunities for continual improvement
Required Outputs of Management Review
The review must reach decisions on:
- Continuing suitability, adequacy and effectiveness of the OH&S management system in achieving its intended outcomes
- Opportunities for continual improvement
- The need for changes to the OH&S management system
- Resources needed
- Actions, where needed
- Opportunities to improve integration of the OH&S management system with other business processes
- Implications for the strategic direction of the organisation
Top management must communicate the relevant outputs of the management review to workers and, where applicable, worker representatives. Documented information must be retained as evidence of the results.
Practical Compliance Guidance
| alphaZ document | How to use it |
|---|---|
| ISO 45001 Toolkit | Complete document set for an ISO 45001 management system, including the management review form and supporting documents. |
| F-Q3 Management Review Form | The standard template that captures all the required inputs and outputs in one document. Used as the agenda and the record of the review. |
| ER1 Issues Actions Register | Captures the actions arising from management review through to closure. Status of actions from the previous review feeds back in as a required input next time round. |
For more on these documents see the ISO 45001 Toolkit.
The most efficient way to run management review is a single template that mirrors the standard's required inputs and outputs. Complete it once a year, with contributions from each function, and you have the evidence and the record in one place.
Management review does not have to be a meeting. If top management struggle to get into a room together, you can structure it as a documented review with email contributions, a circulated draft, and a sign-off. The standard cares about the substance, not the format. Some organisations even use a quarterly mini-review of OH&S performance to feed the bigger annual review with up-to-date data.
For me, management review is the chance to get health and safety performance information in front of all of management at once. Trends, near-misses, audits, training - all in one room.
I check that every required input was actually considered and every required output was actually decided. A management review with five inputs and three outputs is a finding. I also look at action close-out from the previous review.
How Often?
The standard says at planned intervals but does not specify a frequency. For most organisations annually is normal. Some run quarterly reviews of OH&S performance with a deeper annual review. The frequency should match the maturity of the management system and the rate of change in the organisation - a fast-growing business or one with a lot of incidents may need more frequent reviews.
Who Needs to be Involved?
Clause 9.3 specifies that top management conducts the review. That typically means the senior leadership team - directors, the OH&S responsible person, heads of operational functions. Worker consultation under Clause 5.4 means worker representatives should also have a route to contribute, even if they are not present at the review itself. The output communication requirement means workers receive the relevant findings, so the review is not a closed exercise.
Frequently Asked Questions
UK Legislation
Management review supports compliance with UK statutory duties for OH&S monitoring and review.
