Review and Approval: Understanding the True Meaning and Current Practices

Introduction

In pharmaceutical companies, medical device manufacturers, Contract Research Organizations (CROs), and vendor companies, document and record reviews and approvals are conducted daily. However, the reality is that very few organizations are implementing the reviews and approvals truly required by regulatory authorities and international standards such as ISO.

The True Meaning of “Review” in ISO 9001

In ISO 9001, the keyword “review” appears frequently. How do readers translate “review”? In many cases, it is likely translated as “confirmation” (確認). It is particularly common to translate “reviewer” as “confirmer” (確認者).

However, this is incorrect. According to the definition in ISO 9000:2015 (Clause 3.11.2), “review” is defined as “an activity undertaken to determine the suitability, adequacy, and effectiveness of the subject matter to achieve established objectives.” Therefore, the appropriate translation is “examination” (審査) or “assessment” (照査).

Understanding Suitability, Adequacy, and Effectiveness

To properly conduct a review, it is essential to understand the three key concepts:

Suitability refers to whether the quality management system is appropriate for the organization’s size, purpose, and business operations. In English, this is expressed as “suitable,” meaning “fit for purpose.” The evaluation focuses on whether the system is qualitatively appropriate and aligned with organizational characteristics.

Adequacy refers to whether there is sufficient quantity or quality for the intended purpose. In English, this is “adequate,” meaning “sufficient in quantity or quality for a specific purpose or need.” The evaluation examines whether efforts are sufficient or if there are deficiencies (Muri, Muda, Mura – unreasonableness, waste, and unevenness).

Effectiveness is defined in ISO 9000:2015 (Clause 3.7.11) as “the extent to which planned activities are realized and planned results are achieved.” ISO emphasizes that success should not be evaluated solely by outcomes (“the ends justify the means”). Instead, effectiveness is demonstrated when both planned activities are executed and planned results are achieved. This ensures reproducibility – the ability to repeat successes and prevent the recurrence of failures.

The Nature of Review as Examination

Since review is an “examination” (審査), it should result in a pass or fail determination. When errors or inconsistencies are found, the reviewer must point them out and provide guidance for corrections. Because the reviewer provides guidance, they must have more experience and knowledge than the document creator. Otherwise, meaningful guidance cannot be provided.

The author frequently receives requests for external audits. During such audits, interviews with reviewers are always conducted to confirm what kind of “guidance” was provided during the review. However, in most cases, the review has become a mere formality, with reviewers simply signing the cover page. This cannot constitute quality assurance. It is essential to remember that the job of managers and supervisors is “to develop their subordinates.”

The Role and Responsibility of Approval

On the other hand, what does “approval” mean? Approvers cannot scrutinize every record in detail. So how do they approve documents and records?

The approver approves after confirming that:

1. A reviewer with the necessary skills for the document or record has conducted an examination (review)
2. The reviewer has provided comments
3. The creator has resolved all issues in accordance with the comments

In other words, the approver bears responsibility for ensuring that proper reviews (examinations/assessments) have been conducted and that quality is assured.

Current State and Regulatory Requirements

ISO 9001:2015 and the Upcoming 2026 Revision

ISO 9001:2015 is the current version of the quality management standard and incorporates a risk-based thinking approach through the Plan-Do-Check-Act (PDCA) cycle. The standard was last reviewed and confirmed in 2021. A revised version of ISO 9001 is expected to be published in September 2026, which will present an excellent opportunity for organizations to review and update their quality management systems.

The management review requirements in ISO 9001:2015 (Clause 9.3) mandate that top management review the organization’s quality management system at planned intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization.

Pharmaceutical Industry: FDA cGMP and ICH Q10

In the pharmaceutical industry, the U.S. Food and Drug Administration (FDA) Current Good Manufacturing Practice (cGMP) regulations (21 CFR Parts 210 and 211) establish minimum requirements for the methods, facilities, and controls used in manufacturing, processing, and packing of drug products. The cGMP regulations emphasize the importance of documentation, including:

• Written procedures and specifications
• Record review and approval by qualified personnel
• Quality unit independence in reviewing and approving production data before batch release

The International Council for Harmonisation (ICH) Q10 Pharmaceutical Quality System guideline further reinforces the importance of management review and knowledge management throughout the product lifecycle. ICH Q10 describes a comprehensive model for an effective pharmaceutical quality system based on ISO quality concepts and includes applicable cGMP regulations.

Medical Device Industry: FDA QSR/QMSR and ISO 13485

For medical device manufacturers, significant regulatory changes are occurring. The FDA Quality System Regulation (21 CFR Part 820) is being transformed into the Quality Management System Regulation (QMSR), which will take effect on February 2, 2026. This represents the first major revision of Part 820 since 1996.

The new QMSR incorporates by reference ISO 13485:2016, the international standard for quality management systems for medical devices. This harmonization will align U.S. requirements with international standards while retaining specific FDA requirements in areas such as:

• Device labeling and packaging controls (§820.45)
• Records management (§820.35)
• Complaint handling requirements
• Service records

Document control requirements under both the current QSR and the upcoming QMSR mandate that:

• Documents must be reviewed and approved by designated individuals
• Approvals must be dated and documented
• Changes to documents must be reviewed and approved before implementation
• Obsolete documents must be promptly removed from use

Japanese Regulations: GMP and QMS Provincial Ordinances

In Japan, pharmaceutical manufacturers must comply with GMP Provincial Ordinances (医薬品及び医薬部外品の製造管理及び品質管理の基準に関する省令), while medical device manufacturers must comply with QMS Provincial Ordinances (医療機器及び体外診断用医薬品の製造管理及び品質管理の基準に関する省令). The QMS Provincial Ordinances are based on ISO 13485 and incorporate similar review and approval requirements.

The Pharmaceuticals and Medical Devices Agency (PMDA) conducts GMP/QMS conformity assessments to verify that manufacturing sites properly implement these standards. These assessments evaluate whether appropriate review and approval processes are in place and functioning effectively.

The Problem of Formalized Reviews

Despite these regulatory requirements, reviews in many organizations have become formalized, with reviewers merely signing cover pages without providing substantive feedback. This practice fails to fulfill the true purpose of review as defined by international standards and regulatory requirements.

Consequences of Inadequate Reviews

When reviews become mere formalities:

• Quality issues may go undetected
• Staff development opportunities are lost
• The organization’s quality management system becomes ineffective
• Regulatory compliance may be compromised
• Patient and user safety may be at risk

Root Causes

Several factors contribute to the formalization of reviews:

• Misunderstanding of the review concept as mere “confirmation” rather than “examination”
• Insufficient time allocated for proper reviews
• Lack of reviewer competency and training
• Absence of clear review criteria and checklists
• High workload preventing thorough examination
• Organizational culture that prioritizes speed over quality

Best Practices for Effective Reviews and Approvals

To implement proper reviews and approvals in accordance with regulatory requirements and international standards, organizations should:

1. Establish Clear Roles and Responsibilities

Define the specific qualifications, responsibilities, and authority of reviewers and approvers. Ensure that reviewers possess greater knowledge and experience than document creators in the relevant subject matter.

2. Develop Review Standards and Criteria

Create detailed review checklists and criteria based on:

• Regulatory requirements (cGMP, QSR/QMSR, GMP/QMS Provincial Ordinances)
• International standards (ISO 9001, ISO 13485, ICH guidelines)
• Company-specific quality standards
• Risk assessment outcomes

3. Provide Comprehensive Training

Implement ongoing training programs for both reviewers and approvers that cover:

• The true meaning and purpose of review as examination
• Relevant regulatory requirements and standards
• Document-specific technical content
• Communication and coaching skills for providing guidance
• Use of review tools and documentation systems

4. Allocate Sufficient Time and Resources

Recognize that meaningful reviews require adequate time. Organizations should:

• Plan review timelines realistically
• Adjust workload to allow for thorough examinations
• Consider the complexity and criticality of documents when scheduling reviews
• Implement workload balancing to prevent reviewer burnout

5. Document Review Activities Thoroughly

Maintain comprehensive records of:

• Review comments and guidance provided
• Creator responses and corrective actions taken
• Final approval with justification
• Review duration and completion dates

This documentation serves multiple purposes:

• Demonstrates regulatory compliance
• Provides evidence of quality assurance activities
• Facilitates continuous improvement
• Supports knowledge transfer and training

6. Implement Quality Metrics and Monitoring

Track key performance indicators such as:

• Number and types of review comments per document category
• Time to complete reviews
• Frequency of post-approval corrections
• Reviewer effectiveness metrics
• Training compliance rates

7. Foster a Quality-Focused Culture

Leadership must:

• Emphasize the importance of thorough reviews
• Recognize and reward effective reviewers
• Address barriers to quality reviews
• Model proper review behaviors
• Support subordinate development through the review process

Comparison Table: Review vs. Approval

Aspect	Review (審査/照査)	Approval (承認)
Definition	Activity to determine suitability, adequacy, and effectiveness to achieve established objectives	Authorization given after confirming proper review and quality assurance
Primary Role	Examination and guidance	Authorization and responsibility
Required Qualifications	Greater knowledge and experience than creator	Authority to accept responsibility for quality
Key Activities	– Identify errors and inconsistencies- Provide guidance for corrections- Assess against standards and requirements- Ensure technical accuracy	– Verify proper review was conducted- Confirm all issues resolved- Accept responsibility for quality- Authorize implementation
Output	Comments, guidance, and recommended corrections	Authorization signature/approval
Focus	Technical content and compliance	Process integrity and overall quality assurance
Regulatory Requirement	Required by ISO 9001, cGMP, QSR/QMSR, GMP/QMS ordinances	Required by cGMP, QSR/QMSR, GMP/QMS ordinances
Relationship to Quality	Directly ensures quality through examination	Indirectly ensures quality through process oversight

Conclusion

The concepts of review and approval, as defined by regulatory authorities and international standards, are fundamental to quality assurance in regulated industries. Review is not merely “confirmation” but rather a comprehensive “examination” that requires reviewers to provide guidance and ensure that documents and records meet all applicable requirements.

Approvers, in turn, bear responsibility for ensuring that proper reviews have been conducted and that quality is assured. When reviews become formalized and lose their substantive nature, quality assurance breaks down, and the organization’s compliance with regulatory requirements becomes questionable.

To maintain robust quality systems in pharmaceutical and medical device industries, organizations must:

• Understand the true meaning of review as examination
• Ensure reviewers have appropriate qualifications and authority
• Allocate sufficient time and resources for meaningful reviews
• Document review activities comprehensively
• View reviews as opportunities for staff development
• Recognize that management’s job includes subordinate development through the review process

With the upcoming changes in medical device regulations (QMSR taking effect in February 2026) and the planned revision of ISO 9001 (expected in September 2026), now is an opportune time for organizations to reassess and strengthen their review and approval processes. By implementing proper reviews and approvals in accordance with regulatory requirements and international standards, organizations can ensure product quality, protect patient safety, and build sustainable quality management systems that support long-term business success.

As regulatory landscapes continue to evolve and harmonize internationally, the importance of effective reviews and approvals will only increase. Organizations that invest in developing robust review processes and cultivating reviewer competency will be better positioned to meet these challenges and maintain compliance in an increasingly complex regulatory environment.