ISO 14001:2026 Clause 9.3
SQMC Technical Faculty
·
8 minute read
ISO 14001:2026 for Auditors > Clause 9.3
Explained: Management Review
Clause 9.3 of ISO 14001 asks top management to review the Environmental Management System at planned intervals. In plain English, this means senior leaders must look at EMS performance, compliance, risks, resources, audit results, improvement opportunities and previous actions, then make decisions to keep the system suitable, adequate and effective.
What is ISO 14001 Clause 9.3 trying to achieve?
Clause 9.3 is about making sure top management actively reviews the EMS and uses the results to make informed decisions.
ISO 14001:2026 presents management review through three subclauses:
- Clause 9.3.1 — general management review requirement;
- Clause 9.3.2 — management review inputs;
- Clause 9.3.3 — management review results.
The purpose is not simply to hold a meeting and file the minutes. The purpose is to give top management a clear view of whether the EMS is working, what needs attention, what resources are needed, and what improvement or change is required.
Why management review matters in an EMS
Management review connects EMS performance with leadership decision-making.
Without a useful management review, important EMS information may never reach the people who can make decisions about:
- resources;
- environmental objectives;
- compliance risks;
- operational controls;
- training and competence;
- suppliers, contractors or externally provided processes, products and services;
- changes affecting the organisation;
- continual improvement opportunities;
- strategic direction.
A weak management review becomes a ceremonial spreadsheet-reading event. A strong management review helps top management steer the EMS properly.
Clause 9.3.1 — General
Clause 9.3.1 sets the basic requirement for top management to review the EMS at planned intervals.
The review should help top management decide whether the EMS remains:
- suitable — appropriate for the organisation’s context, activities, culture, risks and environmental issues;
- adequate — sufficient to meet ISO 14001 requirements and the organisation’s own EMS needs;
- effective — achieving the intended outcomes of the EMS and supporting improved environmental performance.
Management review does not need to be a single, separate annual meeting. It can take place over time and may form part of normal board meetings, management meetings or integrated management system reviews, provided the necessary topics are reviewed and useful results are recorded.
Clause 9.3.2 — Management review inputs
Clause 9.3.2 identifies the information that should feed into management review.
These inputs help top management understand what has changed, how the EMS is performing, whether objectives are being achieved, whether compliance is under control, and whether resources or improvement actions are needed.
Management review inputs should include information such as:
- the status of actions from previous management reviews;
- changes in external and internal issues relevant to the EMS;
- changes in relevant interested party needs and expectations, including compliance obligations;
- changes in significant environmental aspects;
- changes in risks and opportunities;
- the extent to which environmental objectives have been achieved;
- environmental performance information and trends;
- nonconformities and corrective actions;
- monitoring and measurement results;
- fulfilment of compliance obligations;
- audit results;
- adequacy of resources;
- relevant communications from interested parties, including complaints;
- opportunities for continual improvement.
These inputs should not be treated as a lifeless agenda copied from one year to the next. They should help top management understand what is actually happening in the EMS.
Status of previous management review actions
Management review should consider whether actions from previous reviews have been completed.
This helps prevent management review becoming a talking shop.
Auditors may check:
- what actions were agreed last time;
- who was responsible;
- whether timescales were defined;
- whether actions were completed;
- whether overdue actions were escalated;
- whether completed actions were effective.
If the same actions roll forward every year untouched, the EMS may have a leadership follow-through problem.
Changes affecting the EMS
Management review should consider changes that may affect the EMS.
These may include changes to:
- business activities, products or services;
- sites, processes or equipment;
- staffing, roles or responsibilities;
- suppliers, contractors or externally provided processes, products and services;
- legal or other compliance obligations;
- customer expectations;
- environmental conditions;
- risks and opportunities;
- significant environmental aspects;
- organisational strategy or resources.
This connects management review back to context, interested parties, planning of changes and operational control.
Environmental performance review
Management review should consider environmental performance information and trends.
This may include:
- energy use;
- water use;
- waste generation and recycling performance;
- fuel consumption;
- emissions or discharge data;
- environmental incidents and near misses;
- complaints;
- contractor performance;
- progress against environmental objectives;
- monitoring and measurement results;
- trends in nonconformities and corrective actions.
The review should not only present data. It should interpret what the data means and decide whether action is needed.
Progress towards environmental objectives
Management review should consider the extent to which environmental objectives have been achieved.
Useful review questions include:
- Are objectives on track?
- Have targets or intended outcomes been achieved?
- Are actions being completed?
- Are resources adequate?
- Are objectives still relevant?
- If objectives have not been achieved, why not?
- Should objectives be updated, replaced or extended?
- What improvement opportunities have been identified?
Objectives should be connected to real EMS performance, not treated as a separate poster on the wall with noble intentions and no legs.
Compliance status
Management review should consider fulfilment of compliance obligations.
Top management should understand:
- current compliance status;
- results of compliance evaluations;
- new or changed compliance obligations;
- any non-compliance or potential non-compliance;
- actions taken to address compliance gaps;
- regulator communications;
- customer or contractual compliance issues;
- resources needed to maintain compliance.
Compliance status is too important to be buried in a folder nobody opens until audit week.
Internal audit results
Management review should consider internal audit results.
This may include:
- audit programme completion;
- audit findings;
- nonconformities;
- repeat findings;
- areas of strong performance;
- audit conclusions on EMS effectiveness;
- corrective action status;
- audit programme changes needed for the next period.
Internal audit should give top management useful information about how the EMS is performing and where attention is needed.
Nonconformities and corrective actions
Management review should consider nonconformities and corrective actions.
This includes asking:
- What nonconformities have occurred?
- Are there recurring issues?
- Are corrective actions completed on time?
- Are corrective actions effective?
- Are root causes being properly addressed?
- Do repeated issues point to a deeper system weakness?
- Are resources or leadership decisions needed?
Management review should help prevent the same problems returning again and again wearing different hats.
Adequacy of resources
Management review should consider whether resources for the EMS are adequate.
Resource needs may relate to:
- people and time;
- training and competence;
- monitoring equipment;
- emergency equipment;
- maintenance or infrastructure;
- external specialist support;
- software or data systems;
- budget for improvement projects;
- internal audit resources;
- compliance evaluation resources.
If the EMS repeatedly fails because people lack time, tools or authority, management review should identify and address that.
Communications from interested parties
Management review should consider relevant communications from interested parties, including complaints.
These may include communications from:
- customers;
- regulators;
- neighbours or local communities;
- contractors;
- suppliers;
- employees;
- certification bodies;
- parent companies or investors;
- emergency services;
- landlords or site owners.
Relevant communications may include complaints, praise, information requests, audit findings, regulator letters, customer sustainability requirements or stakeholder concerns.
Opportunities for continual improvement
Management review should consider opportunities for continual improvement.
Improvement opportunities may arise from:
- monitoring and measurement results;
- audit findings;
- incident investigations;
- nonconformities and corrective actions;
- compliance evaluations;
- employee suggestions;
- customer or stakeholder feedback;
- changes in technology;
- supplier improvements;
- new environmental objectives;
- resource efficiency opportunities.
Improvement does not always mean a dramatic project. It may involve better controls, clearer communication, improved records, stronger competence, or more reliable monitoring.
Clause 9.3.3 — Management review results
Clause 9.3.3 focuses on the results of management review.
Management review should lead to useful conclusions, decisions and actions. In practical terms, the review should result in clear decisions about what stays the same, what needs to change, what needs resources, and what improvement action is needed.
Management review results may include:
- conclusions on whether the EMS remains suitable, adequate and effective;
- decisions about continual improvement opportunities;
- decisions about changes needed to the EMS;
- decisions about resource needs;
- actions needed when environmental objectives have not been achieved;
- opportunities to improve integration of the EMS with business processes;
- consideration of implications for the organisation’s strategic direction.
The key point is that management review should not stop at discussion. It should produce results that can be acted on and followed up.
Documented information for management review
The organisation should keep evidence of management review results.
Evidence may include:
- management review agenda;
- management review minutes or notes;
- performance reports;
- objective progress reports;
- compliance status reports;
- audit summaries;
- nonconformity and corrective action summaries;
- resource decisions;
- action logs;
- records of decisions made;
- follow-up evidence for agreed actions.
Records should show not only that review happened, but that relevant topics were considered and useful results were produced.
Practical implementation guidance
A practical management review process should answer:
- When will management review take place?
- Who needs to attend or provide input?
- What information must be reviewed?
- How will compliance status be reported?
- How will environmental performance be evaluated?
- How will objectives and actions be reviewed?
- How will resource needs be identified?
- How will decisions and actions be recorded?
- Who will own each action?
- How will actions be followed up?
- How will management review results feed into improvement and future EMS planning?
The process should be useful to the organisation, not just designed to impress an auditor for ten minutes and then vanish into a folder.
What auditors typically look for
Auditors look for evidence that top management reviews the EMS at planned intervals and that the review leads to meaningful results.
Evidence may include:
- management review schedule;
- agenda or terms of reference;
- attendance records;
- management review minutes;
- reports used as inputs;
- records of conclusions, decisions and actions;
- status of previous actions;
- evidence of resource decisions;
- updated objectives or action plans;
- changes to EMS processes;
- evidence that results were followed up;
- interviews with top management and EMS owners.
Auditor tip
Do not only check that management review minutes exist. Check whether the required inputs were considered, whether conclusions were reached, whether decisions were made, and whether actions were followed through.
Common weaknesses in Clause 9.3
- management review is held irregularly or too late;
- required inputs are missing;
- minutes record discussion but no decisions;
- previous actions are not followed up;
- compliance status is not clearly reviewed;
- environmental performance data is presented without analysis;
- resource needs are ignored;
- top management is not properly involved;
- management review results do not lead to action;
- opportunities for continual improvement are not considered;
- the review does not conclude whether the EMS remains suitable, adequate and effective.
Weak example
“Management review is completed annually and covers audit results, objectives and environmental performance.”
This is weak if the record does not show meaningful review, decisions, actions, resource consideration, compliance status, improvement opportunities or conclusions about EMS suitability, adequacy and effectiveness.
Better example
“Top management reviews the EMS twice per year. The review covers previous actions, changes, compliance status, objective progress, environmental performance, audit results, nonconformities, resource needs and improvement opportunities. Results are recorded, assigned to owners where action is needed, and tracked through to completion.”
This is stronger because it shows management review as an active leadership process with inputs, results and follow-up.
Real-world example: manufacturing site
A manufacturing site reviews EMS performance after a year involving increased production, two spill incidents and repeated waste segregation findings.
Management review considers:
- increased waste and energy use linked to production growth;
- spill incident investigations;
- corrective action effectiveness;
- audit findings on waste segregation;
- compliance evaluation results;
- resource needs for additional bund inspections and staff training;
- whether objectives need updating;
- whether contractor controls need strengthening.
Useful results may include updated objectives, additional training, revised inspection frequency, improved signage, contractor briefings and a targeted follow-up audit.
Real-world example: office-based organisation
An office-based organisation reviews its EMS after introducing hybrid working and changing its main IT supplier.
Management review may consider:
- changes to electricity use at the office;
- business travel patterns;
- home-working environmental data limitations;
- IT equipment procurement and disposal arrangements;
- progress against paper and travel objectives;
- supplier environmental requirements;
- internal audit results;
- whether EMS scope or aspects need updating.
This shows that management review should reflect real organisational change, even in lower-risk office environments.
Auditor questions for ISO 14001 Clause 9.3
- How often does top management review the EMS?
- Who is involved in management review?
- How are previous management review actions followed up?
- How are changes affecting the EMS considered?
- How is environmental performance reviewed?
- How is progress against environmental objectives reviewed?
- How is compliance status reviewed?
- How are internal audit results considered?
- How are nonconformities and corrective actions reviewed?
- How are resource needs considered?
- How are communications from interested parties reviewed?
- What opportunities for continual improvement were identified?
- What management review results were recorded?
- What decisions and actions resulted from management review?
- How does the organisation conclude whether the EMS remains suitable, adequate and effective?
Related ISO 14001 clauses
- Clause 4.1 — Understanding the organisation and its context
- Clause 4.2 — Interested parties
- Clause 5.1 — Leadership and commitment
- Clause 6.1.2 — Environmental aspects
- Clause 6.1.3 — Compliance obligations
- Clause 6.1.4 — Risks and opportunities
- Clause 6.2 — Environmental objectives
- Clause 7.1 — Resources
- Clause 8.1 — Operational planning and control
- Clause 9.1 — Monitoring, measurement, analysis and evaluation
- Clause 9.1.2 — Evaluation of compliance
- Clause 9.2 — Internal audit
- Clause 10.1 — Continual improvement
- Clause 10.2 — Nonconformity and corrective action
Continue learning
This page is part of SQMC’s ISO 14001:2026 guidance library for auditors, managers and QHSE professionals.
Ready to put ISO 14001 into practice?
SQMC’s ISO 14001 Internal Auditor course helps you move from understanding the Standard to auditing it with confidence. Over two practical days, you’ll learn how to plan EMS audits, gather evidence, ask better questions, write nonconformities and report findings clearly.
Learn from anywhere in our Virtual Classroom, attend one of our training centres, or arrange private in-company training for your team.