ISO 14001:2015 - What exactly are "compliance obligations"?
The 2015 version of the Environmental Management Systems Standard (ISO 14001:2015) has been released and there are some significant changes in what constitutes “compliance obligations” (a new term introduced in the 2015 standard) and how they are managed. The aforementioned term replaces “legal and other requirements”.
Compliance obligations may be mandatory (eg. Acts and Regulations), or voluntary (eg. contractual relationships, codes of practice and agreements and even expectations of third parties). Voluntary undertakings become compliance obligations once an organisation decides to adopt them. See Sections 3.2.9 and A.6.1.3 of the new standard for more information.
Under the new standard, organisations are required to “maintain documented information of their obligations” (6.1.3, A.1), and “determine how these obligations apply to the organisation” (6.1.3). Importantly, when documenting obligations, organisations must now analyse interested party expectations and requirements, and include these in the organisation’s compliance requirements (4.2).
Note: An interested party is now defined as a person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity. Pretty wide definition!
In the new standard, obligations must be considered in the:
- EMS Scope (4.3) – obligations cannot be “scoped out” of the EMS (A.4.3)
- Environmental policy (5.2)
- Determining the significance of environmental aspects (A.6.1.2)
- Environmental objectives (6.2.1)
- Staff competence and awareness in ensuring obligations are fulfilled (7.2, 7.3)
- Communication of obligations, including with interested parties (7.4.1, 7.4.3, A.7.4)
- Documentation – to demonstrate fulfilment of obligations (7.5.1)
- Monitoring, measurement, analysis and evaluation (9.1.1)
- Management review (9.3).
Furthermore, periodic evaluations (and corrective actions) are now required for all compliance obligations (9.1.2, A.9.1.2).
The new standard highlights that compliance obligations can create “risks and opportunities”. The example given of an “opportunity” is an organisation performing beyond its obligations to enhance its reputation (A.6.1.1).
In-a-nutshell, the new standard, like the old standard, requires organisations to (A.5.2):
- Determine and document obligations
- Act in accordance with these obligations
- Evaluate fulfilment of the obligations
- Correct nonconformities.
Article by Tim Hamilton – Copyright 2015