Home Certification Standards ISO 14001

Your Guide to Implementing ISO 14001

Benefits of Implementation

All “management ISO’s” have a similar fundamental benefit. They provide a framework of action that; if implemented appropriately, provides internal control. In the case of ISO 14001 the execution of the standard provides control for an organization’s activities, products or services and the interaction with the environment. This, in turn can increase the long term viability of the organization and where appropriate a higher regard for its asset value.

Whilst there other numerous benefits to achieving ISO 14001 (and some will be more appropriate depending upon what sector an organization operates) the following benefits are likely in most cases:


By testing environmental controls against the internationally recognized environmental Standard, an organization demonstrates ethical environmental leadership to their Stakeholders which includes customers, employees and Regulators.

The achievement of 14001 also provides assurance to a Board of Directors, Trustees or owners that there is management control regarding environmental risks inherent within an organization.


In a global market place where all sectors have to compete in some form or other, demonstration of ethical environmental leadership through “good environmental stewardship”, can be the deciding factor for being selected to supply the goods or services that an organization provides.

Having ISO 14001 also may give a Unique Selling Point (USP) that increasingly provides one of the fundamentals when promoting an organization. A fundamental part of the Standard is conformance to appropriate environmental regulatory requirements or other obligations that are deemed as important as a regulatory requirement.

A system which checks on adherence to legislation mitigates the risk of environmental liability prosecution. Whilst this is not a direct saving to an organization, the outcome of unregulated activities that deleteriously affect the environment will result in ever increasing fines.

Most organizations or businesses consume resources of one form or another. Whilst the Standard doesn’t direct an organization to measure something specifically, examining the resources that are consumed, for example energy, together with waste produced can lead to changes in use and fundamental savings.


ISO 14001 provides the framework to check what controls have been put into place through the use of internal audit and provides a way in which to monitor and improve. A Management Review process then allows Top Management to take a “step back” and determine how well the system is working within the context of the organization and whether it requires modification to meet future changes in a process, resources or regulatory framework.

Internal audits and Management Reviews when combined with an audit from a certification body, such as NQA, provide assurance that the EMS is meeting the requirements of the organization and the ISO 14001 Standard.

Risk Based Thinking/Audits

The Plan-Do-Check-Act (PDCA) cycle for process improvement, as described above, corresponds to proven risk management approaches. Many organizations have the process of risk management as a fundamental process particularly around information technology, finance and occupational health and safety.


The first step of implementing an EMS, as described below, is to gain an understanding the “context” of the organization or, paraphrasing, the macro issues that affect and are affected by an organization. As an organization is subject to a variety of influences, which can change, this can lead to risks in the form of potential threats and opportunities. Determining the risks that derive from this drives an organization to consider such changes or events, analyse their impacts and chances of an event occurring and then encouraging a planning or mitigation strategy.


Following the determination of the macro issues, 14001 asks an organization to determine the aspects and impacts of activities, products and services in some form of risk assessment process. This analysis informs an organization where there are significant issues (risks or opportunities) that need careful management, where objectives need setting, controls that need designing or where and to what frequency internal audits need carrying out.


Surrounding the determination of aspects and impacts is the assessment of whether an organization is complying with their legal framework. The concept of maintaining knowledge and understanding of its compliance status has built in risk assessment principles so that an organization can determine its compliance status and, per se, understand where it is not
complying and therefore devise strategies to minimise the risk.


Those organizations that need further assistance in ensuring that their risk assessment process is comprehensive can look towards ISO 31000 Risk management - Principles and guidelines. This provides generic guidelines although it is not intended to promote uniformity of risk management across organizations. Of course, the design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its
particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.


A risk based philosophy means that an organization can be better prepared for the impacts of uncertainty, which in turn means greater resilience. Moreover, risk-based thinking implicitly results in continual improvement, as an organization is always examining potential influences and changes.

Process Based Thinking/Audits

Some organizations that implement an EMS will look to integrate it with their Quality Management System (QMS). If this is the case, they will have heard of “process based” thinking. However, if not, it might be less understood how the process approach is applicable to the EMS requirements in ISO 14001:2015.

The ISO 9001 requirements for a QMS are founded on seven quality management principles, and one of these is the “process approach”. It is explained fully in the introduction of ISO 9001:2015, but as a paraphrased summation; a process approach is where more consistent results can be attained when consideration and management of activities are carried out as interrelated processes, which together, make up a system.

The process approach applies to an EMS because a comprehensive appreciation of an organizations processes and their interrelation needs to be known. The following are the main areas in an EMS where process thinking is attributable:

  • Context

A comprehensive appreciation of processes needs to be understood when considering the macro environmental issues which interrelate between the organization and the environment.

  • Environmental aspects and operational controls

In order to determine environmental aspects and impacts, risks and opportunities, an analysis of the inputs, activities and outputs needs to be determined. As part of the analysis the interactivity of one or more of the processes may need to be taken into account. If it is not, this environmental risk assessment may omit environmental aspects and impacts which in turn would result in no controls being devised. This could result in a deleterious impact upon the environment.

  • Performance and monitoring

In order to determine how successful a process is the result of the process (good/bad) needs to be evaluated.

  • Support/competence

In order to undertake a process, or a number of processes effectively, a person needs to be competent. When determining environmental competence needs, competence will need to be obtained or matched to the needs of the particular processes. If competence is not proven or appropriate to a particular process this could result in adverse environmental impact.

  • Internal audit

The processes which comprise the EMS need to be systematically audited over a time and frequency to determine whether they perform effectively.

  • Corrective action

A corrective action is an opportunity to correct a problem identified in an EMS. A process approach to this will start at root cause and finish at an appropriate and satisfactory sustainable solution.

Section 1: Scope

There are no specific requirements for an organization to adhere to within this section. However, it sets out the parameters within which ISO 14001 can be used and provides the overall intended outcome of an EMS as being:

  • Providing value for the environment, the organization itself and interested parties,

  • Enhancement of environmental performance;

  • Fulfilment of compliance obligations;

  • Achievement of environmental objectives

The section also sets out that the Standard is applicable to any organization, regardless of size, type and nature.

Section 2: Normative References

ISO/IEC Directives, Part two, Section 6.2.2, defines the inclusion of a normative reference as, “This conditional element [of the Standard] shall give a list of the referenced documents… in such a way as to make them indispensable for the application of the document.”

In other words, by citing something as a normative reference, it is considered as indispensable to the application of that particular Standard. However, unlike ISO 9001, there are no normative references in ISO 14001.

Section 3: Terms and Definitions

This section sets out the terms and definitions that are used in the Standard which may need further clarification in order to apply the Standard to a particular organization.

They are listed according to the hierarchy of the concepts (reflecting the sequencing of their introduction in the Standard). Terms are grouped by major clause title (i.e.
Context of the Organization, Leadership, Planning, etc.). ISO/ TC 207/SC 1/WG 5 agreed to order terms within the groupings such that:

  1. discipline-specified terms are presented consecutively after its generic form, and to the extent possible.

  2. present terms in the order in which they appear in the text. WG5 inserted an “Alphabetical index of terms”, which may be modified to reflect alphabetical listings in another language.

In addition to the term or definition there are also notes that seek to provide further information and clarity.

If an electronic version of the Standard has been purchased the definitions are hyperlinked to other definitions so that there interrelationship can be seen.

The following sections, 4 to 10, provide the requirements of the Standard. When reading the Standard it is important that as with past ISO 14001 versions, the word “shall” indicates the mandatory requirements that an organization must meet and external auditors, such as NQA, are required to verify conformance and effectiveness against.

In order to understand how each of the following clauses applies to each other the remaining text applies to the following diagram:


Section 4: Context of the Organization

This is a new concept in terms of ISO 14001:2015. Some organizations, prior to the introduction of “context” had performed a “baseline review”, which in some cases, provided a broad understanding of an organization prior to working out the “nuts and bolts” of trying to manage (in some form) the environmental impacts.
The clause is sequential as there is need to understand the organization and context (4.1), prior to identifying interested parties and understanding their needs and expectations (4.2), the output of both 4.1 and 4.2 allows determination of scope (4.3), and then ultimately designing the EMS (4.4):



The intent of “Context” is to provide a high-level, conceptual understanding of the important issues that can affect, either positively or negatively, the way an organization manages its environmental responsibilities. To put it another way, it is a comprehensive appreciation of the macro processes (and their interrelation) which can affect or be affected by an organization.

From ISO 14001:2015 Annex A, it suggests that the following are also appreciated when understanding “context”:

  • environmental conditions related to climate, air quality, water quality, land use, existing contamination, natural resource availability and biodiversity

  • external cultural, social, political, legal, technological, economic, competitive circumstances, where it operates

  • internal characteristics or conditions of the organization, and its capabilities

There are a number of methodologies that can be used to determine context. A good way of achieving this is to formulate a matrix setting out the requirements of the Standard (and Annex A) and then perform a series of interviews with appropriate employees, so that the knowledge of an organization can be harnessed. Where appropriate, this could be turned into a report.

The benefit of this is that it provides a cohesive explanation and a good reference to support present and future business strategy. (It can also be reflected upon when undertaking a Management Review (See Section 9 Performance evaluation below).


Whilst the term “interested parties” may not be new within ISO 14001, most organizations will probably understand the term “Stakeholder” better. From an understanding of the context i.e. the conceptual or macro important issues in the organization, determination of the stakeholders or interested parties will provide an understanding of who can be affected by the environmental impacts of the organization.

Determination of interested parties can be formulated by creating a “Map” i.e. those internal and external parties who interact with an organization in some way:


Once this has been created then the interested parties relevant needs and expectations need to be determined. There again, this can just be an iterative process, listing the interested parties needs and expectations e.g. as customer may require ISO 14001. What is important though is the drawing out of issues from interested parties that an organization may consider to become compliance obligations (see later for a description of compliance obligations).


From an understanding of the context, interested parties and the interested parties needs and expectations, the scope of the EMS can be determined. The “scope” sets out a description of the extent and breadth of the EMS.

Sometimes, at the initial stages of an implementation, it can be problematic to finalise the scope because sometimes there needs to be more knowledge of the organization through implementation of the remainder of the Standard (particularly when determining environmental aspects and impacts from the activities, products and services of an organization).

However, the scope should be documented in some form within the EMS. Where a scope is particularly complicated, perhaps because certain parts of a business are excluded from the EMS because of legitimate reasons, then a clear description in a manual or other document should be undertaken. Where, the scope is relatively straight forward then a good place to have it is in the Environmental Policy Statement.

As a publically facing document, the Environmental Policy Statement may provide a good location for describing scope. A clear description of the scope within the Policy Statement can inform the reader succinctly of who the company is, what it does and what the remainder of the policy relates to. Of course you may choose to have scope defined in both places but if the scope changes, both statements will have to be changed!


The final section in clause 4 sets out that as a result of the above, an organization then has to determine, implement and continually improve an EMS. The remainder of this document will look at the how this is to take place.

Section 5: Leadership

The Standard states that top management must demonstrate leadership, commitment and take accountability for the “effectiveness of the EMS.” This sets the tone for Section 5 and the operation of the whole of the EMS.

It’s overall success and environmental performance level will depend upon the extent to which top management are committed in most aspects of the establishment, implementation and continual improvement of the EMS.

The following examples are how leadership can be demonstrated within an EMS:
  • Ensuring that the strategic plans of the organization and the EMS objectives are compatible and integrated within the organization.
  • Provision of appropriate resources.
  • Considering and integrating environmental concerns in business planning and strategy.
  • Understanding what good environmental performance is or “looks-like” and then responding appropriately.
  • Facilitating the culture of continual improvement.
  • Communicating appropriately amongst interested parties.
One potentially “public facing” example of demonstration of leadership is of course Top Management signing the Environmental Policy Statement, to say that as a Leader of the organization, “this is what we are going to achieve”...or... “these are our intentions”. Whilst this alone cannot solely been seen as a demonstration of leadership, it provides a framework so that the actions as described above can be implemented.

Whilst the main thrust of leadership requirements is within Section 5, as the Standard is holistic, there are other implied “leadership” requirements in the following sections:

  • Planning
An appropriate understanding of the environmental aspects, actions, and compliance obligations and the corresponding risks and opportunities, require strategic guidance from Top Management.
  • Support
There are many instances where it is Top Management’s role to provide a steer or “sign off” in order to support the aims of the EMS. This includes provision of resources, gaining competence, ensuring awareness, effective communication, and appropriate documented information.
  • Operation
Certain operational control and emergency planning need in many cases Top Management’s insight and strategy.
  • Performance evaluation
Top Management need to understand the output of internal audit, measurement and monitoring results and be actively involved in the Management Review process.
  • Improvement
Top Management influences the culture of continual improvement and has the power to enable effective continual improvement and ultimately have the final say on how poor results are dealt with. For example, this could be approval of monies for additional resources or realigning the organizational strategy.

Section 6: Planning

This section sets out a framework that asks an organization to analyse itself to determine the aspects, impacts, risks and opportunities of its activities, products and services and then how to manage the result of this analysis.


This is a fundamental part of the EMS, as without understanding the environmental implications of an organization’s activities, products and services there can be no plans to either minimise, mitigate or manage environmental impact.

A good approach to understanding the environmental implications of an organization is by starting to understand the business itself. The parameters of the organization have already been understood in the determination of scope.

Therefore, it is a matter of “filling in the gaps” with the detailed activities, products and services (processes) which comprise the organization.

Assembling this information together into a matrix allows consistency and the data to be presented logically. If appropriate this information could be referenced to a location plan of the organization so that referencing to physical location can be achieved.

From determination of activities, products and services the environmental aspects and impacts need to be determined. Environmental aspects are defined as “element of an organization’s activities or products or services that interacts or can interact with the environment”.

Environmental impacts are defined as the “change to the environment whether adverse or beneficial, wholly or partially resulting from an organization’s environmental aspects”. This process should take into account potential emergency situations.

An example of an interaction of a process causing an aspects and impact:


After generating a list of aspects, the aspects need to be “sieved” to determine which can have a significant
environmental impact. The principal reason for doing this is to work out which are the most important and need either control/ management or need their impact reducing to an acceptable level.
The Standard says that in order to determine significance an organization should use “...established criteria”. In assessing the significance it is suggested though that the following are considered:

  • The likelihood of the impact occurring

  • The scale of the environmental damage

  • The level of concern within interested parties

  • The requirements of appropriate compliance obligations (legal and other requirements).

Each of the above can be quantified in some way and scored. At the end of this process it is important to sense check that what has been scored as significant - is significant!


In order to determine the appropriate compliance obligations and how they apply to the organizations processes
and aspects a great deal of research may be needed, particularly if the organization is complex or highly potentially environmentally damaging. This is sometimes where organizations need specialist help.

However, from the list of compliance obligations there may be areas where lack of compliance or non-compliance is a risk to an organization and it is important to identify this and put into place appropriate plans to bring the process into compliance.

From the aspects and impacts analysis, “risks” will be produced (as defined in the Standard as “effect of
uncertainty”). However, there may also be opportunities i.e. where there is an activity that gives rise to significant environmental impact there may be an opportunity to reduce environmental impact.

Whilst this appears to be a process that is undertaken just once, in reality it needs to be proactive and reactive. It needs to be proactive in order to determine the environmental implications of planned or new developments. It also needs to be reactive; to determine when a process changes or when a compliance obligation changes.


The Standard says that an organization has to “establish environmental objectives at relevant functions and levels taking into account...significant environmental aspects and associated compliance obligations and considering...risks and opportunities”.

If the analysis (above) has been undertaken comprehensively, it should be obvious what needs to be worked on and where an objective needs to be set to bring about change. Of course, an organization’s objectives do not need to derive from the above analysis – but it’s a good place to start!

The Standard sets out explicitly the framework it requires for achieving objectives and a good way of depicting this, meeting the Standard and having an “Action plan” to manage the objectives is to form a table of the Standards’ requirements:


The latter column in the table above - “How will result be evaluated?” is an interesting requirement that is worthy of consideration. The Standard directs an organization into including indicators for monitoring progress towards achieving its objectives. Whilst the intimation is that there needs to be a quantitative measure, it is quite reasonable for the evaluation to be qualitative e.g. if an organization had set an objective to say produce a report – an organization will know when the objective has been met if the report is produced!

The overall theme of ensuring that the EMS is integrated within the business is inherent within this part of the Standard. The best objectives will, of course, be meaningful to the business and therefore be integrated into the organizations’ processes.

Section 7: Support

This section looks at the resource, communication and documentation of an EMS. The requirements really underpin an EMS and ensure that it runs effectively.


In order to operate an EMS there are a variety of resources required which can include financial resources, inventory, human skills, production resources and information/computer technology. As considered in Section 5, “buy-in” from Top Management is essential, as ultimately they have the decision to deploy or invest in the resources for the EMS.

An organization also has to identify the correct resources it requires. As part of identifying resources, an organization needs to look at the information produced within Section 6 to acknowledge the risks/opportunities and resulting objectives that have been identified and need deployment of resources to mitigate or manage them.

Usually, the greatest challenge is to provide competent and knowledgeable personnel to support the requirements of the EMS. This is especially so when an EMS is first being implemented. Creating a “training-needs” matrix based upon what competency or awareness is required amongst organizations’ personnel will highlight when competency has been achieved or is required. For example, if it has been identified that there is a spill risk, then there needs to be appropriate competency and materials to deal with such
a situation.


Effective and efficient internal and external communication is “key” to running an EMS. The Standard is helpful in providing a framework in order to depict the communication process within an organization. By turning this into a table and with reference to the “interested parties” or “stakeholder” analysis undertaken in 4.2 a communications “plan” can be formed:


Of course, the columns can be re-arranged if necessary!

One important stakeholder, particularly in connection with compliance obligations, are Regulators. If an organization is heavily regulated and perhaps has a permit or discharge consent then there may be a communications plan between organization and Regulator solely for the discharge of the conditions – and to remain in compliance.

One area that is often forgotten is communication with “persons doing work under the organization’s control”. As a “rule of thumb” it is advisable to treat contractors or outsourced operations as if they were “direct” employees and communicate in a manner that is effective and so that the communication is two-way. By adopting this philosophy it ensures that the “persons doing work under the organization’s control” can contribute to continual improvement.


The Standard gives clear direction as to what documentation it requires. The 2015 Standard is less prescriptive than other iterations although it still requires the following:

Clause Documentation Requirement
4.3 (Scope) The scope shall be maintained as documented information and be available to interested parties.
5.2 (Policy) The environmental policy shall be maintained as documented information.
6.1.1 (General) The organization shall maintain documented information of its:
  • risks and opportunities that need to be addressed;
  • processes needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned.
6.1.2 (Environmental aspects) The organization shall maintain documented information of its:
  • environmental aspects and associated environmental impacts;
  • criteria used to determine its significant environmental aspects;
  • significant environmental aspects
6.1.3 (Compliance obligations) The organization shall maintain documented information of its compliance obligations.
6.2.1 (Environmental objectives) The organization shall retain documented information on the environmental objectives.
7.2 (Competence) The organization shall retain appropriate documented information as evidence of competence.
7.4.1 (Communication - General) The organization shall retain documented information as evidence of its communications, as appropriate.
7.5.1 (Documented information - General) The organization’s environmental management system shall include: a) documented information required by this International Standard; b) documented information determined by the organization as being necessary for the effectiveness of the environmental management system.
NOTE: The extent of documented information for an environmental management system can differ from one organization to another due to:
  • the size of organization and its type of activities, processes, products and services;
  • the need to demonstrate fulfilment of its compliance obligations
  • the complexity of processes and their interactions;
  • the competence of persons.
8.1 (Operational planning and control) The organization shall maintain documented information to the extent necessary to have confidence that the processes have been carried out as planned.
8.2 (Emergency preparedness and response) The organization shall maintain documented information to the extent necessary to have confidence that the process(es) is carried out as planned.
9.1.1 (Monitoring, measurement, analysis and evaluation - General) The organization shall retain appropriate documented information as evidence of the monitoring, measurement, analysis and evaluation results.
9.1.2 (Evaluation of compliance) The organization shall retain documented information as evidence of the compliance evaluation result(s).
9.2.2 (Internal audit programme) The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.
9.3 (Management review) The organization shall retain documented information as evidence of the results of management reviews.
10.1 (Non-conformity and corrective action) The organization shall retain documented information as evidence of:
  • the nature of the nonconformities and any subsequent actions taken;
  • the results of any corrective action.


After these mandatory requirements, it is up to the organization to decide whether it requires further documentation. ISO 14001 says that the organization should determine appropriate documentation “as being necessary for the effectiveness of the environmental management system”.

Therefore, it is up to the organization to decide when and where they need documentation and of course what form that should take, whether it be a procedure, flow chart or some other way of describing and managing the way in which a particular process is carried out.

Where documented information is produced it needs to be created, updated and controlled consistently. An organization should look to do this in as simple a way as they can as the greater degree of complexity - the more it can go wrong! As a minimum, a version number, date and page numbers should be on each document.

Section 8: Operation

One of the foundations of the Standard is mitigation, management and control of an organization’s environmental impact and that is why designing, implementing and continually improving the way in which processes or operations occur is essential to an effective EMS.


The extent of operational control will be dependent on the organization’s activities, products and services and specific compliance obligations. Also factored into this is the analysis described earlier to determine significant aspects. An organization would want to look at controlling its significant aspects as a minimum so that they do not increase in magnitude (or potentially cause pollution). This could be undertaken by writing a procedure and ensuring that people are competent.

Operational control and competency go hand in hand and whatever form operational control takes the people operating in that process should be able to carry it out effectively.

There are different types of operational control, including:

  • Electronic or mechanical technology to reduce emissions

  • Routine preventive maintenance programs to reduce wear and breakdown of equipment

  • Monitoring and observation of equipment performance

  • Procedures

  • ​Signs

  • Log Books

  • Check lists

  • ​Flow charts

Operational control should also cover those activities that are outsourced. The Standard acknowledges that in some circumstances an organization will be able to control the outsourced activities e.g. when say a contractor is working directly on the organizations site but in some circumstances the influence of the organization will be limited.

When devising operational control, ISO 14001 states that an organization should have a “life cycle perspective”. A life cycle perspective includes consideration of the environmental aspects of an organization’s activities, products, and services that it can control or influence.

Typical stages in a life cycle include acquisition of raw materials, design, production, transportation/ delivery, use, end of life treatment, and final disposal. The organization should consider those stages, from an operational control perspective, in the life cycle over which it has the greatest control or influence as these may offer the greatest opportunity to reduce resource use and minimise pollution or waste.

The Standard also states, in line with only having appropriate and relevant documentation that:

“The organization shall maintain documented information to the extent necessary to have confidence that the processes have been carried out as planned.” This, in itself, is a judgement call for the organization but one that is important to make to ensure that an EMS is not overloaded with ineffective “paperwork”.


Planning for unexpected events is a good all-round organizational discipline. In ISO 14001, the aspects and impacts analysis will have highlighted potential emergency situations where a negative environmental impact potentially could take place. It is up to an organization, therefore, to determine the plans that can be put in place in order to avoid or minimise environmental damage.

Typical emergency preparedness includes having a good understanding of what may go wrong and then the measures in place to mitigate the impacts. A good example is that within the aspects and impacts analysis a particular activity may have been identified as having the potential for spills.

Emergency preparedness knows what to do if there is a spill; people are competent (have the appropriate experience/training) in dealing with a spill; there is the right equipment e.g. spill kits and that there has been a test (where practicable) to ensure that the process will work! As best practice there should also be process in place that if an emergency situation has taken place a post mortem occurs so that if appropriate the emergency process can be improved.

Once again, the Standard, says that documented information is required only to the extent necessary to have confidence that the emergency preparedness and response process is carried out.

​Section 9: Performance Evaluation

Performance evaluation comprises; measuring and evaluating an EMS to ensure that it is effective and it helps continual improvement.


An organization should check, review, inspect and observe its planned activities to ensure that they are occurring as intended. An organization must make sure they have determined the appropriate processes so that they can evaluate how well they are performing. Monitoring generally indicates a process or processes that can check whether something is occurring as intended or planned.

For example, a monitoring process may comprise checks for good housekeeping at a frequency of say once a week. Measurement tends to mean that the size or magnitude of a particular process is measured i.e. calculated with the assignment of a numerical value. The type of measuring and monitoring will differ from organization to organization.

In high energy use organizations, how much electricity and gas and related carbon dioxide output may be critical to the business operation. In other organizations the amount of potable process water used may be more appropriate. In administrative environments how much paper is consumed per person may be an appropriate indicator. It is up to the particular organization to decide.

Additionally, any equipment used to determine the measurement “indicator” should be calibrated so that a high level of confidence is gained that the numbers are indeed a true representation of the facts.

The Standard also asks an organization to determine a process to “evaluate the fulfilment of its compliance obligations”. In so doing, the organization has to:

  • determine the frequency that compliance will be evaluated;

  • evaluate compliance and take action if needed;

  • maintain knowledge and understanding of its compliance status.

In practice, this means referring to the list of compliance obligations (see Section 6) and determining if compliance is being achieved. In many organizations this will entail “an audit(s)”, perhaps annually or more depending upon the type of organization to determine that the specific legal and other requirements are being met for each and every activity, product or service.

The result of such an audit will establish the “compliance status”. If this can be translated into say a Pie chart, so that an organization can see their percentage of compliance, this can be very powerful in provoking change. This can lead to prevention of prosecution due to breach of environmental law.


A fundamental to continual improvement and a dynamic EMS is an effective internal audit process. The expectation of internal auditing by organizations should be to determine whether the performance of the organization conforms to the:

  • organization’s own requirements

  • requirements of ISO 14001
Therefore, an organization needs to check “are we doing - what we say we are doing?” To carry an internal audit out effectively an auditor should use ISO 19011:2011 guidelines for auditing management systems as a framework. This sets the Standard for carrying out an audit and should be part of the competency requirements of internal auditors.

An audit should check that an organization is meeting the requirements of ISO 14001. Some organizations mistakenly think that this can be carried out as part of certification activities that companies such as NQA carry out.

This is not the case; an organization should determine, through internal audit, that they are meeting the requirements of the Standard (at a suitable frequency). Many organizations undertake this kind of audit on a yearly basis and do so by turning the Standard into a questionnaire and then systematically going through each part of the EMS to determine if particular requirement within the Standard is being met.

In a similar way to evaluation of compliance obligations, where this is turned into percentage compliance (with the Standard) this can be an effective way of demonstrating performance and reporting upon it.

As explained previously, the principal of plan, do, check and act is inherent within ISO 14001. The same is true within this section. The Standard asks an organization to produce documented information as evidence of the implementation of an audit programme and audit results.

An audit programme in its simplest form sets out when and what is going to be carried out over a period of time. Organizations may have programmes which cover many years (or perhaps a certification cycle) but as a suggestion a minimum of a programme covering twelve months should be produced.

The Standard also says that auditors should conduct audits to ensure objectivity and the impartiality of the audit process. This is sometimes inherently difficult as internal auditors (by their name) have a close relationship with the organization being audited. However, sensible guidelines so that internal auditors do not audit their own processes should be strived for.

When an audit has been carried out and the results of that audit produced (in a documented form e.g. an audit report) it is important that they are efficiently communicated to appropriate stakeholders including appropriate management.

Some of the best performing organization ensures that the results (which can include non-conformities – see section 10 below) are fed also into “Top Management”. This can be important, especially where an audit has found deficiencies within the system and resources are needed to rectify the situation.


The most wide ranging and strategic evaluation of performance is the management review process. The management review must be carried out by Top Management and should essentially be based upon factual input (generated by the system) in order to make recommendations and improvements going forward (outputs).

The Standard is helpful in providing a framework of what a management review should entail and it is suggested that these headings are used in the documented information that is produced by an organization:
Note: comments on each section have been included to provide guidance when carrying out the Management Review.

Excerpt from 9.3 of ISO 14001 Comment
a. the status of actions from previous management reviews; This should be a summary to what extent previous management review actions have been carried out or not carried out and the reasons why. Some organizations produce a comparative table.
b. changes in:  
1. external and internal issues that are relevant to the environmental management system; This is a review of the context review detailed in section 4. Changes in relation to external and internal issues should be explained.
2. the needs and expectations of interested parties, including compliance obligations; Again, this is a review of the context review detailed in section 4. Changes in relation to the needs and expectations of interested parties, including compliance obligations will need to be noted.
3. its significant environmental aspects; If there have been any changes to significant aspect they should be explained. This will of course depend realistically if there have been any changes to processes.
4. risks and opportunities; If there are any different or changes to the risks within the EMS these should be noted and explained. Any opportunities should also be brought out although this can be brought out in g) below.
c. the extent to which environmental objectives have been achieved; Reviewing whether environmental objectives have been achieved needs to be carried out. It is suggested that the formulation of a table to show the extent of objective realisation is included within the Management Review. This will allow a review of performance and the extent of continual improvement achieved.
d. information on the organization’s environmental performance, including trends in:  
1. nonconformities and corrective actions; This should be a review of the non-conformities and corrective actions that have taken place since the last management review. If there have been particular trends in either corrective actions or non-conformities they should be brought out as there may be decisions needed to be taken to mitigate there occurrence.
2. monitoring and measurement results; As detailed earlier in this section, a depiction should be created to determine whether the monitoring and measurement that is carried out is meeting the expectations of the organization. Where the information that is provided shows underperformance then the Management Review process can provoke change.
3. fulfilment of its compliance obligations; Whether an organization is meeting its compliance obligations is fundamental to an EMS. To satisfy this part of the Standard, it can be as simple as saying that the organization is “meeting its compliance obligations”. However, if an organization has decided to depict (as detailed above) a pie chart to show its “compliance status” then inserting this into the documented information will meet this requirement. On a practical level, if a particular compliance obligation is proving tricky to comply with then this should be highlighted too.
4. audit results; The results of audits carried out since the last Management Review should be appraised. To cover this comprehensively it should include both internal and external audits. The depth to which this is carried out will differ from organization to organization and the quantity of audits carried out.
e. adequacy of resources; A review as to whether resources are adequate to run the EMS broadly or resources to carry out individual process should be appraised. Very often “Top Management” need to informed about inadequacy of resources (in whatever form) so that change can be provoked.
f. relevant communication(s) from interested parties, including complaints; There may have been comments, complaints or other communications from interested parties. By reviewing them this may give an external perspective as to how well the EMS is performing. If there is a particular issue that needs resolving that has been highlighted by an interested party “Top Managements” assistance to resolve it may be required.
g. opportunities for continual improvement. Opportunities for continual improvement may have been brought out of other sections of the Management Review although any other opportunities for improved environmental performance should be reflected upon.

Following the review, the Standard asks for the following “outputs”:

The outputs of the management review shall include:  
conclusions on the continuing suitability, adequacy and effectiveness of the environmental management system; This should be a wide ranging appraisal whether the EMS is suitable, adequate and effective.
decisions related to continual improvement opportunities; This can include changes to the EMS in its entirety, or specific parts of the EMS.
decisions related to any need for changes to the environmental management system, including resources; From the appraisal above it should be obvious what decisions need taking.
actions, if needed, when environmental objectives have not been achieved; Where environmental objectives have not been met, decisions whether they were too hard, or whether they could not be achieved for specific legitimate reasons need to be brought out where appropriate.
opportunities to improve integration of the environmental management system with other business processes, if needed; This should be an appraisal as to whether the EMS is integrated within the organization or whether further integration is required. To be an effective EMS the closer the integration is to the organization and its processes the more environmental benefit is likely to be achieved.
any implications for the strategic direction of the organization. Finally, really as a “catch-all” an organization should provide whether there are any implications as to the strategic direction. This can be far ranging in realigning the business say for greater environmental protection or perhaps removing a process which is say particularly environmental damaging.

Section 10: Improvement

This section draws together the fundamentals for achieving continual improvement i.e.:

  • Those items within section 9 in relation to the results from analysis and evaluation of environmental performance, evaluation of compliance, internal audits and management review.

  • Non conformity and corrective action.

If the EMS has been designed well, continuous improvement opportunities should arise, be captured and actioned in a timely manner. Key to this is pulling into an appropriate location those actions that provide continual improvement. Some organizations use their environmental programme framework to keep their continual improvement actions managed and so that they can be reviewed as part of this process.


The audit process, whilst evaluating the performance of an organization, can bring about non conformities and resulting correction actions.
A non-conformity can occur in an organization at any time whilst undertaking its processes. A methodology to capture, manage and resolve needs to be undertaken and the Standard asks for the following:

  • React to the nonconformity and, as applicable:

  • take action to control and correct it;

  • deal with the consequences, including mitigating adverse environmental impacts;

  • Evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by:

  1. reviewing the nonconformity;

  2. determining the causes of the nonconformity;

  3. determining if similar nonconformities exist, or could potentially occur;

  • Implement any action needed;

  • Review the effectiveness of any corrective action taken;

  • Make changes to the environmental management system, if necessary”.

The Standard says that this process should be documented. There are various ways to achieve this but usually this comprises a “Corrective Action Request” (CAR) for each corrective action and a “log” which is essential to record and manage the CAR’s. This is especially useful where numerous corrective actions are raised.

The “log” can be as simple as:


More complex systems can “code” different types of non- conformity. This can then be used to generate trend data that can be useful in on-going performance appraisal of the EMS and the Management Review process.


The Standard says that:

“The organization shall continually improve the suitability, adequacy and effectiveness of the environmental management system to enhance environmental performance.”

In practice, if all the above sections are established and implemented then continual improvement will occur.

Get the Most From Your Management System

Top tips to get the most out of your environmental management system:

  1. To have an effective EMS ensure that “Top Management” is committed to its establishment, implementation and continual improvement.

  2. Use the Standard to help bring environmental management to the boardroom.

  3. Use “Context” to understand the environmental impacts affecting the organization and how the organization affects the environment on a macro level.

  4. Integrate the EMS into your work processes so that it is not another thing to do – it’s just what you do!

  5. Be prepared to be flexible in approach to achieve the outcomes of your EMS.

  6. Use the data that is captured through your EMS to see if you are improving.

  7. Use the ISO 14001 Standard as a means to design your EMS.

  8. Have a robust methodology for assessment of aspects, impacts, risks and opportunities as this underpins the EMS.

  9. Ensure you have a good process in place to determine and assess your compliance obligations.

  10. Use the EMS to provide a sustainable approach to organizational work processes.

  11. See audits as a measure and means in which to improve performance.

  12. Use management review to provide strategic direction.

To get a quote for ISO 14001 certification simply click here and complete our online quote form.

You can download a PDF of this implementation guide here: NQA ISO 14001 Implementation Guide.

Environmental Toolkit

ISO 14001 FAQs

Download Certification Logos

ISO 14001 to ISO 50001 Gap Guide

Annex SL Comparison Tool

Gap Analysis