Management Review
Purpose
This procedure ensures systematic, regular evaluation of our AI Management System to maintain its effectiveness and continuous improvement. It establishes the quarterly management review process for Rygen Technologies’ AI Management System (AIMS) in accordance with ISO/IEC 42001:2023 Section 9.3.
Scope
This procedure applies to the systematic review of AIMS performance, suitability, adequacy, and effectiveness by top management.
Management Review Framework
Regular management reviews ensure our AIMS remains aligned with business objectives, addresses emerging risks, and continuously improves based on performance data and stakeholder feedback. This systematic approach demonstrates our commitment to maintaining effective AI governance at the executive level.
AIMS Strategic Themes
Strategic Themes are leadership-set priorities that shape AIMS direction without being formal objectives under ISO 42001 Clause 6.2. They are used when a priority is material enough to warrant standing executive attention but is not yet practicably measurable as an objective with KPIs and targets.
A Strategic Theme has:
- a directional statement,
- a designated owner, and
- a standing report-out at every quarterly management review.
Strategic Themes do not have numerical KPI targets. They are reported on narratively under Clause 9.3.2 inputs (changes in internal/external issues; opportunities for continual improvement). When tracking infrastructure matures sufficiently to support measurement, top management may promote a theme to a formal AIMS objective at an annual objectives review.
Strategic Themes adopted by top management are recorded in the management review minutes that authorized them. Their current status is reflected in each subsequent management review report under the standing review input below.
Review Schedule
Management reviews are carried out on a quarterly basis, with the following attendees:
| Role | Required | |
|---|---|---|
| CEO | Yes | |
| CTO | Yes | |
| Principal AI Engineer | Yes | |
| Other executives | Optional |
Review Process
Preparation (1 week prior)
Principal AI Engineer prepares:
- Management Review Report (using template)
- AIMS Objectives performance data
- Risk register updates
- Incident reports and corrective actions
- Quarterly service provider SLA and availability performance summary
Review Meeting Agenda
| Topic | Duration | Purpose |
|---|---|---|
| Meeting Overview | 10 min | Purpose and expected outcomes |
| Status of Previous Actions | 15 min | Review action items from last meeting |
| AIMS Implementation Progress | 20 min | Current implementation status, certification progress |
| Context Changes | 15 min | External/internal changes affecting AIMS, interested party updates |
| Strategic Themes | 5 min | Status of active AIMS Strategic Themes |
| AIMS Performance | 30 min | AIMS objectives performance review, incidents and corrective actions, audit results |
| Opportunities for Improvement | 15 min | Strategic opportunities, process improvements |
| Decisions and Actions | 15 min | Resource allocation decisions, AIMS changes needed, next steps |
Required Inputs (per ISO 42001 9.3.2)
The following inputs shall be considered for each management review. Not all inputs are required at every review; the review agenda should indicate which items are covered based on relevance and timing.
Standing Items (every review):
- Status of actions from previous management reviews
- Changes in external and internal issues relevant to AIMS (including climate change considerations per ISO/IAF MD 26:2024)
- Changes in needs and expectations of interested parties
- Status of AIMS Strategic Themes
- Opportunities for continual improvement
Performance Information:
- Trends in nonconformities and corrective actions (NCs/CARs)
- Trends in monitoring and measurement results
- Audit findings and observations
- AI system performance against objectives
Periodic Items:
- SWOT analysis (quarterly, aligned with strategic planning cycle)
Required Outputs (per ISO 42001 9.3.3)
Each management review shall produce documented decisions and actions regarding:
- Continual improvement opportunities and their prioritization
- Changes to the AIMS, including:
- Policy and objective updates
- Process modifications
- Risk treatment adjustments
- Resource needs (personnel, tools, training, budget)
- Actions to address identified gaps or weaknesses
- Updates to AI system development or operational practices
Documentation
Meeting Records
Principal AI Engineer maintains:
- Meeting minutes with decisions made
- Action items with owners and deadlines
- Attendance record
Follow-up
- Distribute minutes within 3 business days
- Track action items in monthly status reports
- Update AIMS documents as decided
Storage
Meeting records stored in:
- Location: Confluence > AI > AIMS > Performance > Management Reviews
- Retention: 3 years minimum
- Access: AI Governance team and executives
Emergency Reviews
Ad-hoc reviews may be called by CEO, CTO, or Principal AI Engineer for:
- Critical incidents
- Major regulatory changes
- Significant business changes affecting AI
Revision History
| Version | Date | Author | Summary of Change |
|---|---|---|---|
| 1.0 | 2025-06-05 | Field Bradley | Initial draft. |
| 1.1 | 2025-09-02 | Field Bradley | Migrated to markdown and gitlab |
| 1.2 | 2026-01-07 | Field Bradley | Added external provider performance summary to preparation checklist (NCR-006, CAR-005) |
| 1.3 | 2026-01-13 | Field Bradley | Enhanced inputs/outputs per ISO 42001 9.3.2/9.3.3; added trends analysis, SWOT, coverage flexibility (AI-1195) |
| 1.4 | 2026-01-16 | Field Bradley | Added climate change to standing items per ISO/IAF MD 26:2024 (AI-1230) |
| 1.5 | 2026-05-06 | Field Bradley | Added AIMS Strategic Themes concept and standing review item (AI-1495) |