Your Questions Answered: What Does A Good Quality Legal Register Look Like?
>> WATCH THE WEBINAR HERE <<
This blog by Hannah Williams from The Compliance People, answers your questions and addresses some common queries around generating and maintaining effective legal registers below:
Q: If a piece of legislation applies to your industry but does not apply to you because you are below the company/turnover size etc., should you still include it in your register with a note to say does not apply due to size? Or as it is non-applicable should you leave it out?
Answer: This would mostly depend on how close you are as an organisation to the company size/turnover thresholds. It is worth including the legislation if you are reasonably close to the thresholds, for example if you have 220 employees currently and the threshold for a piece of legislation to apply is 250. It could be said it is reasonably foreseeable that you may be over the threshold in the future so it would be useful for that piece of legislation to be retained for information in case that happens. You would therefore be including the legislation as relevant due to the potential for it to apply in the near future.
Q: How does one know which legislation is relevant to their organisation?
Answer: A very common question we am asked a lot by organisations!
Unfortunately, there is not really a short answer to this but to give you a starting point, a competent person who has experience in HSE practises should be undertaking this activity. Qualifications and experience a competent person has will hopefully have provided them with information on HSE legislation. This person should fully understand all the activities the organisation carries out, how they are carried out, equipment that is used and present around site, types and quantities of materials used/stored, etc. Then resources around legislation from HSE and the environmental regulators (EA, NRW, SEPA, NIEA etc.) can be used to start linking the activities carried out to legislation that applies.
If you are struggling with understanding what legislation is relevant there is additional support you can draw on from companies like The Compliance People.
Q: Is it easier to a) define the list of legislation and then link to our business activities, or b) define a list of our activities and then find the legislation to match it?
Answer: There is no right or wrong way, whichever way works for your organisation and those managing the legislative part of this, but personally we would start with your activity list first to ensure you have fully captured everything the organisation does and has and then begin linking to relevant legislation.
Q: When the word "specific legislation" is used, would this exclude "obvious" legislation such as Employer's Liability (Compulsory Insurance) regulations, Modern Slavery Act, Working Time Regulations, etc?
Answer: The legal register should certainly include any legislation that has compliance duties for the organisation and the legislation you have referred to as ‘obvious’ is definitely relevant and should be included within a legal register as they have compliance duties for organisations.
Q: Would you recommend working with ISO experts or occupational H&S lawyers to build a register?
Answer: Absolutely, we have helped hundreds of organisations personally to build legal registers and as a company we have nearly 30 years experience of helping organisations manage compliance. If there is not somebody competent or with the time and resource to conduct this activity within the organisation it can be a real benefit to invest in external support as you then have the confidence the register is correct and can be completed in much less time than doing it yourselves.
Q: What is the difference between evaluating the compliance and the status of compliance?
Answer: Evaluation of compliance is the actual activity/audit undertaken to evaluate compliance with legislation – so taking the compliance duties that the legislation puts on your organisation and ensuring this is taking place.
Compliance status is the level of compliance with a piece of legislation i.e. fully compliant, partially compliant, non-compliant etc. So you can only determine what the status of compliance is with a piece of legislation by evaluating compliance with that legislation.
Q: Would you use the legal register as the criteria and go down piece of law to see if the activity is complying to it? I am struggling to do this in my organisation as it is a 26 acre site, which is mainly lab facilities.
Answer: If you are trying to conduct evaluation of compliance exercise you need to understand what each piece of legislation requires you to do as an organisation so you can then check this is happening.
If your legal register provides you with information on the compliance duties of each piece of legislation that applies then the register can be used during this exercise. If it doesn’t currently have this information then this is something you are going to need to pull together first so you can understand what activities, documents and records need to be checked to evaluate compliance.
If you need any further support with evaluating compliance please do get in touch with The Compliance People, we conduct health & safety and environmental legal compliance audits regularly for organisations.
Q: Do you have to provide evidence that you have identified a requirement is NOT relevant? [why it is not in the register?]
Answer: Evidence does not need to be provided for identification of legislation that has been deemed not relevant but someone within the organisation needs to understand this process and be able to explain how it was determined which legislation is relevant to the organisation – depending on your organisation you may feel it is useful to write this process down.
Q: Can we record at the monthly EH&S that we have reviewed legislation compliance for updates?
Answer: Yes absolutely, this is good way to provide evidence that you are regularly reviewing changes in legislation as a team.
Q: What is the best way to add amendments to legislation, if the main legislation still applies? Should the amendments be recorded as a separate legislation piece?
Answer: You should record amendments to legislation as an ‘update’ to the main legislation, rather than a separate piece/entry within the register. This is because legally, the amendment legislation only has the effect of changing the main legislation, so you need this information to sit together in order to fully understand how the main legislation has been updated.
Q: What are the consequences if we don't capture 'other requirements' because we forgot/ran out of time etc.?
Answer: You would likely have a minor non-conformance raised at your external management system certification/surveillance audits if there are other requirements that apply to the organisation that have not been captured within the legal register or any other management system documentation.
Q: Is legislation.co.uk the most comprehensive website to use to find changes in legislations?
Answer: Yes this is where all legislation is published by the UK government including changes to legislation.
Q: Can you have one legal register that captures both ISO 45001 & ISO 14001 together?
Answer: Yes you could have one legal register for the organisation as long as within it there is a distinction between the legislation i.e. it clarified what legislation was for ISO 14001 and which was for ISO 45001.
It is much more common to have separate registers however mainly due to the potential length and complexity if it was one document.
Q: If you have determined that you are not fully compliant with a legislation, is it ok to show you are working towards full compliance without being penalised?
Answer: Certainly, there should be no issue with you showing you are working towards full compliance. As with all types of internal audits, it is common to find issues and things that are missing/incorrect within organisations so just ensure you have a clear and realistic action plan in place with responsibilities and deadlines set.
I have very rarely conducted an evaluation of compliance audit for an organisation and not found any issues or actions that need to be carried out but it's all part of your continual improvement.
Q: In view of ISO 9001 clause 4.2, is there a general move by CBs to require legal registers for that standard too?
Answer: There is no requirement in ISO 9001:2015 to have a legal register, you may have some Standards that you need to be aware of/compliant with from a quality perspective which could be recorded within a document if you felt this was needed for the organisation.
Clause 4.2 requires you to identify interested parties relevant to the quality management system and what their needs and expectations are in relation to the quality management system. There is not a specific requirement to document compliance obligations.
Q: Since ISO 45001 is relatively new, is it acceptable just to tackle new legislation, rather than go back to 1974 HSAWA?
Answer: For the Standards you need to determine and have access to all relevant compliance obligations/legal requirements so this includes any legislation that has been around for a while such as the Health & Safety at Work Act 1974.
Some of the principles of that Act are duplicated in other major pieces of H&S law such as the Management of Health & Safety at Work Regulations 1999 but the 1974 Act is core to H&S, I find it is actually useful to focus on this Act during evaluation of compliance audits for health and safety.
Q: How do you recommend linking to environmental aspects?
Answer: Within your environmental aspects register, have an area within each aspect such as a column or box where you can identify and record any legislation that might be applicable. So for an aspect related to waste for example, you would have main waste legislation that applies to the organisation linked. Depending on what system/format your aspects register is within this could be in the form of legislation titles, or references/codes/hyperlinks from the legal register.
Q: Do service providers (i.e. Environmental Consultant) need to include all legislations as it applies to our clients?
Answer: This depends on what you want the legal register to be for – if the legal register is an information system to provide you with updates to all environmental legislation so you can pass these onto your clients then yes you would need to include all environmental legislation so you ensure everything is captured. If it was a document for your activities and own management system then you should potentially also have a register showing what your compliance obligations are as an organisation i.e. what legislation applies to your activities/premises.
Q: Could you use your 'Interested Parties' as a lead or reference guide for looking at 'other' requirements?
Answer: Yes you should certainly consider the needs and expectations of your interested parties in relation to other requirements – this potentially will be one of the main sources of other requirements.
There is a specific requirement within clause 4.2 of both ISO 14001:2015 and ISO 45001:2018 to determine which needs and expectations of interested parties become compliance obligations/ legal requirements and other requirements.
If you need any further guidance or advice please contact The Compliance People here or email the friendly NQA team here.