Management review in food safety is the scheduled meeting where top management examines how the food safety system is actually performing, audit results, complaints, recalls, KPI trends, and resource needs, and makes documented decisions about what to change. Every GFSI-recognized scheme requires it, at least annually, with records that prove leadership was engaged.
Done as a checkbox, it is an hour of slides no one acts on. Done well, it is the loop that keeps a food safety system honest: the moment when the people who control budgets and priorities look at the evidence and commit resources. This post covers what goes in, what must come out, how often to run it, and what the standards actually require.
What is management review in food safety?
Management review is a formal, recurring evaluation of the food safety and quality management system by senior management, ending in decisions and assigned actions. It exists to answer one question with evidence: is the system working, and if not, what will we change and resource? The key word in every standard is top management this is not a QA meeting that leadership hears about later; it is leadership's own review of the system they own.
It parallels the management review clause in ISO management-system standards (ISO 22000 clause 9.3), and it sits on top of the same food safety foundation as HACCP and your prerequisite programs. The difference between a strong program and a weak one is usually visible here: whether the review produces funded decisions or just minutes.
What inputs go into the review?
A management review is only as good as what it looks at. Standards expect a defined set of inputs so the meeting sees the whole system, not just the metrics that look good. The core inputs:
- Status of actions from previous reviews what was decided last time and whether it got done.
- Internal and external audit results findings, nonconformities, and trends from your own audits and third-party or regulatory audits.
- Customer complaints and feedback volume, categories, and trends, including anything food-safety related.
- Recalls, withdrawals, and holds every event, its root cause, and the effectiveness of the response.
- Verification and monitoring results CCP monitoring, environmental monitoring trends, sanitation verification, and testing data.
- KPI and objective trends performance against food safety objectives (complaint rates, positive rates, on-time CAPA closure, audit scores).
- Corrective and preventive action status open CAPAs overdue items, and recurring root causes.
- Changes new products, processes, suppliers, regulations, or equipment that affect food safety.
- Resource adequacy whether people, training, equipment, and budget are sufficient to keep the system effective.
What outputs must be documented?
The outputs are what separate management review from a status meeting. Every standard requires documented decisions and actions covering: improvements to the food safety system's effectiveness, resource needs, and any revision of the food safety policy and objectives. Each decision should have an owner, a due date, and a place it will be verified, usually the next review's "status of prior actions" input.
Concretely, the record of a review shows: what was reviewed, what was decided, who owns each action, when it is due, and what resources were committed. If a review surfaced a rising complaint trend and the only output is "continue to monitor," that is a finding waiting to happen. The output that auditors reward is a funded, assigned action that closes the loop. This is why management review anchors a real food safety culture: it is the visible proof that leadership acts on evidence.
How do you run an effective management review?
Run it as a working agenda, not a presentation. A reliable sequence:
- Open with prior actions. Walk every action from the last review first, closed, in progress, or overdue, so accountability is set before new business.
- Review audits and findings. Internal, external, and regulatory audit results, with nonconformity trends, not just counts.
- Examine complaints, recalls, and holds. Look at trends and root causes, and confirm the effectiveness of responses to any recall or withdrawal.
- Read the verification and KPI data. CCP monitoring, environmental monitoring trends, testing results, and performance against food safety objectives.
- Assess CAPA and recurring root causes. Open and overdue corrective actions and any problem that keeps coming back.
- Evaluate changes and resources. New products, suppliers, regulations, and whether current people, training, and equipment are adequate.
- Decide, assign, and resource. Convert the picture into owned actions with due dates and committed resources, recorded in the review minutes.
How often should management review happen?
No GFSI standard prescribes a single universal frequency, but all require it at a defined, planned interval, and at least once a year is the floor every scheme expects. In practice, an annual "big" review is too coarse for a living system, so strong programs run a full review annually and shorter interim reviews quarterly or after any significant event: a recall, a failed audit, a major change, or a spike in a food safety KPI.
The right cadence layers with the data. Floor teams review monitoring daily; supervisors review trends weekly and monthly; management review sits on top, quarterly and annually, looking at the system rather than the shift. The trigger-based interim review matters most, a recall or a serious audit finding should not wait for the calendar.
What do GFSI standards require?
All GFSI-recognized schemes, SQF, BRCGS, and FSSC 22000, require a documented management review by senior management at a defined frequency, and their auditors treat it as evidence of top-management commitment. The details differ in wording, not in substance:
| Scheme | What it expects | Frequency |
|---|---|---|
| SQF | Senior management reviews the food safety system, including policy, objectives, audits, complaints, and corrective actions, with records | At least annually |
| BRCGS | Documented management review of the food safety and quality system with defined inputs; senior management demonstrates commitment | At a scheduled, defined frequency (at least annually) |
| FSSC 22000 / ISO 22000 | Management review per ISO 22000 clause 9.3, with specified inputs and documented outputs and decisions | At planned intervals |
Whichever scheme you certify to, the auditor is checking the same three things: that the review happened at the required frequency, that it covered the required inputs, and that it produced documented decisions and resources. Choosing among the schemes is covered in our GFSI certification guide, with scheme-specific detail in BRCGS and FSSC 22000.
Facts worth pinning, from the standards themselves:
- ISO 22000 (the basis for FSSC 22000) requires management review at planned intervals with defined inputs and documented outputs, in clause 9.3.
- GFSI-recognized schemes are benchmarked to equivalent food-safety outcomes, and all require documented management review by senior management (GFSI recognition).
- Management review outputs must include decisions on system improvement and resource needs closing the loop to prior actions (ISO 22000 clause 9.3).
Who has to attend?
Top management has to be in the room, the site leader plus the functional owners who control resources: operations, quality/food safety, maintenance, HR, and often supply chain. The food safety team leader typically presents, but the review belongs to management, and an auditor will notice if the "management review" was actually run without any manager who can commit budget. Attendance is part of the record.
The failure mode is familiar: inputs scraped together the night before from binders and spreadsheets, a review that reports numbers no one can act on, and actions that evaporate before the next meeting. When the underlying audit, complaint, CAPA, monitoring, and KPI data already live in one place with live trends, the review stops being a data-gathering exercise and becomes a decision-making one, the same shift from paper to real-time that Harmony brought to CLS's floor (see how CLS did it). Management review is where that data earns its keep: leadership looking at reality and committing to change it. Tie its actions to your master sanitation schedule your CCP verification and your recall readiness and the loop actually closes (see the platform).