Evaluation of Compliance in ISO 14001:2015
Our regional Principal Assessor for Environment and Energy - Richard Walsh talks about the evaluation of compliance within ISO 14001 and the common misconceptions that may occur within the clauses.
Evaluation of compliance within ISO 14001 is often a weakness within an organization’s system and in many cases where I have audited, the process is not fully understood. Before I begin to say what it is, let me firstly say what it isn’t.
There is a common misconception that this clause is all about ensuring that the legal register is up to date and that all recently amended legislation has been included or updated. This was covered in the 2004 standard under clause 4.3.2 - Legal and Other Requirements. In the 2015 standard, updating knowledge of legislative requirements comes under clause 6.1.3 - Compliance Obligations.
ISO 14001:2015 clause 6.1.3. has two main requirements:
Identify and have access to applicable compliance obligations.
This is the important first step of making sure that you know all of the legal requirements related to the environmental aspects that are applicable to your company. Remember that these can originate at a local, regional, national, or even international level depending on the activities of your company. If you don’t know that a specific item of legislation exists, you will very likely not meet the requirements of the legislation.
Determine how these obligations apply to your organization.
Equally as important as knowing that a law exists that could be applicable to your environmental aspects is knowing if it actually applies to your situation and if so what obligations it places upon you. Whilst there is no formal requirement to have a legal register as such, the standard requires that documented information regarding compliance obligations is maintained.
Tucked away in a separate part of ISO14001:2015, section 9 (Performance Evaluation) is the requirement to evaluate “fulfilment of compliance obligations”.
So, once you have determined your Compliance Obligation, now you must evaluate your compliance. Here you must plan and implement a process to evaluate if you meet the environmental legal and other requirements that are applicable to your business. This process needs to include:
Frequency of compliance evaluation: How often you are going to check to see if you meet the requirements of a particular item of legislation will vary, but your process needs to determine how often you will check each level of compliance. For example, you may need to continually check the make-up of effluent that you discharge into the sewage system, but you may only need to periodically check on how well you are diverting recycling from your landfill waste.
Evaluate compliance and take action: This is the element that everyone thinks about when it comes to the requirements of legislative compliance, and this requirement has not changed. As an organization, you need to make an assessment against the applicable regulations or other commitments to see if you meet their requirements, and take any actions necessary to become compliant if you are not.
Maintain the status of your compliance: In other words, always know if you actually comply with your legal requirements. If a requirement changes, you need to know about it and know if the change affects your compliance with relevant obligation. If you make a change in your facility, you may need to evaluate whether you continue to meet all requirements, both during and after the change, even if you are not yet due to evaluate this according to your regular schedule.
Again, all of this evaluation needs to be kept as documented information for the use of you, your management system internal auditors, and any external certification auditor who may need to see it.
Organizations meeting the new compliance requirements of ISO 14001:2015 are probably in a far better position to understand their compliance risks, and reap the benefits from being able to demonstrate to stakeholders that they are fulfilling their commitments to environmental sustainability.
I have also been asked occasionally as an auditor to clarify NQA’s position with regard to evaluation of compliance. Certification Body auditorare required to audit conformity of an EMS to the requirements of ISO 14001. They are not required to make a direct evaluation of legal compliance since this is the requirement for the organization itself. Nor is the auditor required to conduct a compliance audit, which would be the role of the environmental regulator or an auditor/inspector contracted specifically for this purpose.
Author: Richard Walsh - UK Principal Assessor Environment & Energy