Management reviews that prove leadership actually leads.

Clause 9.3 is where auditors — and enterprise buyers doing supplier due diligence — check whether governance is real or performative. ISO-STANDARD.app assembles the inputs automatically, structures the discussion, records the outputs and locks the minutes on finalise. Built for SMEs and consultants by a founder with 25+ years engaging boards, stakeholders and buyer trust committees.

What ISO 9.3 actually asks for

ISO 27001, 9001, 42001 and 20000-1 all mandate a management review at planned intervals. The standards list the inputs (status of actions from previous reviews, changes in external and internal issues, KPI trends, audit results, nonconformities and CAPAs, risk assessment results, opportunities for improvement) and the outputs (decisions on continual improvement, resource needs, changes to the management system).

Most organisations recreate this from scratch each year in a slide deck. By the next audit nobody can find the minutes and the "actions from previous review" input is blank. That's the finding.

Inside the workspace

Clause 9.3 template

Inputs and outputs pre-structured against the standard your workspace is running — no more "what does 9.3 want again?" mid-meeting.

Auto-populated inputs

Open risks, audit results, CAPA effectiveness, control coverage and policy status pulled straight from your workspace into the review pack.

Minutes and outputs

Capture decisions, actions, resource needs and changes to the management system in structured fields — not free-text notes that get lost.

Finalise and lock

When the review is signed off, the record locks. The audit trail proves who reviewed and when — the evidence surveillance audits actually inspect.

Attendees and roles

Record the attendees and their role in the review — top management involvement is an explicit clause 9.3 requirement.

Continual improvement register

Actions from previous reviews stay linked to the next review, so the "status of actions from previous management reviews" input is always live.

Who it's for

ISMS/QMS managers preparing for annual review

Pain: Rebuilding the review pack from scratch each year, chasing inputs by email.

With ISO-STANDARD.app: Inputs auto-assembled from the live workspace; last year's actions carried forward automatically.

Boards and top management with ISO oversight duty

Pain: Reviews are opaque and hard to defend to an external auditor.

With ISO-STANDARD.app: A structured, timestamped record that shows top management engaged with the mandated inputs and produced the mandated outputs.

Run your next management review with the inputs already in place

Start free, connect your risks, audits and CAPAs, and hold your first clause-aligned management review inside the workspace your ISMS already runs on.

Prefer a conversation? Email hello@iso-standard.app — a practitioner responds within one business day.

MM
Michael McCarroll
Founder · 25+ years
IT governance · Information security · AI
Why this platform exists

Enterprise-grade governance — built for the SMEs and consultants enterprise GRC forgets.

I've spent 25 years in corporate governance — aligning technology, controls and compliance with what the business is actually trying to do. Time and again, the same pattern: the organisations that win new clients aren't the ones with the biggest GRC budget. They're the ones who can demonstrate trust on demand. This platform is the tool I wanted for the SMEs and consultants I've worked with — institutional-grade governance without an institutional price tag, built on the way audits and buyer reviews actually happen.