What is evaluation of compliance and how to do it according to ISO 14001?

All organizations interact with the environment, and, most likely, that interaction is subject to compliance obligations, established either by governments, by local authorities, by customers, or by industry organizations. So, an important activity within any Environmental Management System is to periodically evaluate the organization’s compliance, communicate the results to top management, and develop actions to overcome any detected situations of noncompliance.

What are compliance obligations in ISO 14001?

ISO 14001 considers as compliance obligations mandatory requirements, like laws and regulations, as well as voluntary requirements, like the ones included in contracts or codes of practice, and even expectations of relevant interested parties. Voluntary requirements become mandatory once an organization decides to embrace them.

Implementing an Environmental Management System and getting ISO 14001 certification requires determining all compliance obligations applicable to an organization and complying with them. This requirement is so important that top management assumes that commitment in a public and highly visible document called the Environmental Policy. You can learn more about environmental policies from this article: How to write an ISO 14001 environmental policy.

Organizations start by determining compliance obligations and, for each one, determining the requirements and actions needed. See an example in the table below:

 

ISO 14001 evaluation of compliance: What is it and how to do it?

 

Then, organizations need to know if those compliance obligations are applicable. So, after determining compliance obligations, the organization has to determine how it interacts with the environment. This is done by determining environmental aspects to confirm which are applicable compliance obligations. To learn more about the environmental aspects, read this article: Catalogue of environmental aspects.

Applicability of compliance obligations

Some compliance obligations are always applicable; if the organization determines a certain environmental aspect, then it is automatically applicable. For example, if an organization discharges industrial wastewater, that discharge must be authorized by a license issued by a competent authority, and the quality of such wastewater must comply with the requirements established either by general regulations or by a particular license. If the organization does not generate industrial wastewater, then compliance obligations related to that are not applicable.

Other compliance obligations depend on the quantities involved. For example, in certain countries the consumption of electricity or solvents above a certain amount per year makes a set of requirements and obligations applicable, while below this limit value, these obligations are not applicable. You can see an example below.

 

Applicability of compliance obligations in ISO 14001

 

To learn more about environmental aspects and obligations, read this article: 4 steps in identification and evaluation of environmental aspects.

What is compliance evaluation?

Compliance evaluation is about periodically comparing compliance obligations requirements and the actual situation of an organization. In order to achieve this, an organization has to keep an updated list of compliance obligations and compliance obligations requirements.

Firstly, you have to check if compliance obligations are applicable, and then translate them into a set of specific requirements, known as compliance obligations requirements. For example, in some countries, compliance obligations about volatile organic compounds are only applicable if an organization works in certain economic sectors and if annual consumption is above a certain amount.

 

What is compliance evaluation in ISO 14001

 

Once you determine the compliance obligations, you can start getting a picture of the current situation: Does your organization comply with the requirements arising from its compliance obligations?

In some cases, the answer will be a clear yes. In another cases, the answer will be a no or a partial compliance only – for example, comparing last year’s electricity consumption with the threshold level in the regulation to check if the organization is still on the non-applicable side, or checking that the industrial wastewater discharging license is still valid and quality parameters are complied with.

In order to respect the commitment made in the Environmental Policy, according to ISO 14001:2015, all situations of total or partial non-compliance must be eliminated and converted into a state of compliance through a set of actions. Those actions to implement a state of compliance will change the organization’s way of working and create a new reality.

One way of checking the effectiveness of those actions is through an internal audit (clause 9.2). However, an internal audit is always based on a sample. In order to have a complete picture of the situation, concerning the compliance obligations, an organization with an Environmental Management System according to ISO 14001:2015 has to perform a systematic compliance evaluation (clause 9.1.2). All compliance obligations requirements have to be checked; just sampling is not enough. This checking operation should be done by someone with knowledge and understanding of compliance obligations. In some organizations, that checking operation is done by a compliance officer; in others, it’s done by the environmental manager or even the quality manager.

To learn more about the internal audit process, read this article: Five Main Steps in ISO 9001 Internal Audit.

How do you evaluate compliance?

According to ISO 14001:2015, compliance evaluation is done based on the requirements of clause 9.1.2, which can be translated into:

Frequency – determine the frequency of compliance evaluation according to the needs of the organization. Different organizations in different economic sectors, with different past performance, and subjected to different degrees of changes in compliance obligations can have different frequencies. While determining frequency, particular importance must be given to the potential consequences of non-compliance for the environment.

Execution – perform the compliance evaluation and keep records of the results of that assessment. Be sure that the person or team responsible for assessing compliance obligations is/are competent. Competence includes knowledge of legislation and regulations and knowledge of the organization’s activity.

Reporting – report the results of the assessment to top management. Top management cannot claim ignorance of the environmental compliance situation.

Action – act when the results of the compliance evaluation identify non-compliances to restore the state of compliance. When appropriate, treat a non-compliance as a non-conformity.

Communication – When applicable, communicate with official entities.

Status – the organization knows it status against compliance obligations and understands its situation.

Does the organization abide by its commitments?

A periodic compliance evaluation exercise is important to ensure that the organization and its top management are aware of their situation regarding their compliance obligations, that they communicate what is relevant and required to external competent entities, and that they act in a timely manner to correct any situations of non-compliance and abide by their commitments. A well-done compliance evaluation is a due diligence exercise that can prevent fines, a bad reputation, and even the closure of facilities imposed by authorities.

To learn more about the evaluation of compliance and other requirements of ISO 14001, download this free white paper: Clause-by-clause explanation of ISO 14001:2015.

Advisera Carlos Pereira da Cruz
Author
Carlos Pereira da Cruz
Carlos Pereira da Cruz has over 30 years of experience working as a consultant, trainer, and auditor with ISO 9001 and ISO 14001. He is a university teacher and author of several books on strategic management, ISO 9001, and ISO 14001, as well as an ISO 9001 author.