In February 2024, ISO published an amendment for climate action changes — not only to ISO 14001, but also to other major standards like ISO 27001, ISO 9001, and others. So, what do climate changes have to do with information security management, quality management, and other seemingly unrelated standards?
In February 2024, ISO published an amendment to all major standards like ISO 14001, ISO 27001, and ISO 9001 that integrates climate action. This amendment requires considering the impact of climate change on operations and interested parties’ requirements, emphasizing organizational responsibility toward climate-related issues.
What changed, what is new, and why?
Climate change considerations were added to 31 existing management systems standards as an amendment to reflect ISO’s climate action commitments. Among those standards are ISO 9001, ISO 14001, ISO 22000, ISO 22301, ISO 27001, ISO 45001, and ISO 50001. One exception is ISO 13485.
The amendment is exactly the same for all of these standards, and surprisingly, the changes are presented in only two sentences. One was added at the end of subclause 4.1, stating that organizations must assess the relevance of climate change to their operations. The second is a note that was added at the end of subclause 4.2, stating that interested parties may possess climate change-related requirements.
These changes are intended to:
- Ensure that organizations consider climate change as an external factor impacting the effectiveness of their management system.
- Align with the spirit of the London Declaration, a commitment made by ISO in 2021 to combat climate change through the development of international standards, emphasizing the importance of climate considerations.
- Remind organizations of their responsibility toward climate-related issues, even if it doesn’t directly lead to environmental actions like reducing carbon footprint.
Implications in your management system
Changes in subclauses 4.1 (internal and external issues) and 4.2 (requirements of relevant interested parties) may call for changing other parts of your current management system. You may need to consider:
- New risks and opportunities
- New compliance obligations
- New requirements for internal and external communication
- Changes in operations that may lead to changes in resources and/or required competence
- New monitoring requirements
How to implement climate action changes
You can manage this change as a three-step process:
Step 1 – Work on the context and interested parties.
Reflect on your management system’s objectives, and consider whether it’s reasonable to view climate change as a factor that could influence your ability to meet those goals. If climate change is likely to have an impact, then it’s important to revise and update your list of issues.
Think about the interested parties who have a stake in your organization and what they might need when it comes to climate change:
- Some may clearly communicate their expectations about climate change.
- Others may have implicit expectations that are not stated directly.
Understand that climate change can lead to risks and opportunities:
- This can affect how well your organization meets interested parties’ expectations. For example, climate change might impact your service-level agreements.
Update interested parties’ needs and expectations:
- Do this if you find that climate change affects your business commitments.
- Record any changes to needs and expectations.
Consider regulatory stakeholders:
- Some stakeholders might be regulatory bodies — they could have legal requirements for climate change that apply to your business area.
However, if you don’t find anything relevant to climate change for your management system, there’s no need to make any changes. Leave your management system as it is.
Examples of external and internal issues related to climate change include:
Standard | Internal Issues | External Issues |
ISO 27001 | Infrastructure vulnerability: The vulnerability of existing IT infrastructure to climate-induced events (like extreme temperatures or floods). Operational resilience: The ability of internal processes to adapt to climate change-related disruptions. Workforce availability: Impact on employee availability and productivity due to extreme weather events. |
Regulatory changes: New laws and regulations regarding business continuity in the face of climate change. Vendor management: Dependence on external vendors who may be affected by climate change, impacting service delivery. |
ISO 9001 | Process adaptability: The ability of internal processes to maintain quality standards under varying environmental conditions. Resource availability: Impact on the availability of resources, including raw materials, due to climate change. Equipment efficiency: Efficiency and performance of manufacturing equipment under altered climate conditions. |
Market demand shifts: Changes in customer preferences and demands due to climate change. Supply chain disruptions: Disruptions in the supply chain due to extreme weather events impacting suppliers. Regulatory compliance: Compliance with new quality standards and regulations that emerge in response to climate change. |
ISO 14001 | Emission control: Challenges in controlling emissions and managing waste under changing environmental conditions. Resource use: The impact of climate change on the availability and cost of natural resources used in operations. Infrastructure risks: Risks to physical infrastructure from extreme weather events and changing climate patterns. |
Stakeholder expectations: Evolving expectations from customers, investors, and the public regarding environmental responsibility. Legal and regulatory changes: New environmental regulations and legislation as a response to climate change. Market opportunities: Emerging markets for environmentally friendly products and services in response to climate change. |
Step 2 – Determine risks and opportunities.
Determine risks and opportunities that emerge from your revised context, and which of these could be relevant to your interested parties. Examples related to climate change include:
Standard | Risks | Opportunities |
ISO 27001 at an IT service company | Infrastructure damage: Weather events can damage data centers and networks. Supply chain issues: Climate change can affect hardware and service availability. Cooling costs: Increased temperatures can raise the cooling costs of a data center. Data risks: Severe weather can cause power outages, threatening data integrity and availability. Compliance risks: New climate change compliance obligations could affect what your ISMS needs to do to follow the law. |
Sustainable IT demand: Increased need for sustainability-focused, energy-efficient IT services. Innovation: Climate change adaptation drives innovation in data storage, efficient computing, and disaster recovery. Remote work: The shift toward remote work offers opportunities for secure solutions, reducing carbon footprint. Efficient operations: Investing in energy efficiency reduces costs and improves environmental impact. Brand value: Addressing climate change enhances brand value and customer loyalty. New opportunities: Climate resilience can open new markets/services, like consulting for IT systems. |
ISO 9001 at a manufacturing company | Supply chain disruptions: Climate change can disrupt supply chains by affecting availability of raw material. Operational interruptions: Extreme weather events like floods, storms, and heatwaves can interrupt manufacturing operations, causing delays and increasing costs. Increased energy costs: Altered climate patterns may raise energy costs, affecting the operational budget. Quality control challenges: Changing environmental conditions could challenge product quality, requiring stricter quality control. Regulatory compliance: New environmental regulations in response to climate change may impose additional compliance requirements. Worker health and safety: Increased temperatures and extreme weather pose health and safety risks for employees, potentially affecting productivity and increasing legal liabilities. |
Innovations: Sustainable manufacturing spurs eco-friendly products and processes. Market demand: Consumer demand for sustainability creates new market opportunities. Efficiency: Climate adaptation can lead to lower-cost, energy-efficient processes. Supply chain: Risk mitigation encourages supplier diversification, reducing reliance on a single source. Brand reputation: A commitment to sustainability can boost brand reputation and customer loyalty. Certifications and partnerships: Green certifications and sustainability partnerships enhance competitiveness. |
ISO 14001 at a pharma company | Supply chain disruptions: Climate change can disrupt raw material availability, causing supply chain instability. Regulatory changes: New environmental regulations may increase compliance requirements and operational costs. Operational interruptions: Extreme weather can disrupt manufacturing and distribution networks. Product stability and quality issues: Temperature and humidity changes can affect pharmaceutical product quality and stability. Increased energy and resource costs: Climate change could increase the costs of energy and water, both key resources in pharmaceutical manufacturing. Environmental liability: Environmental liability risk could increase due to heightened operational impact, including waste and emissions. |
Pharmaceutical demand: Climate change may increase the need for new treatments for climate-related diseases. Sustainable operations: Market preference for sustainable companies can attract eco-conscious consumers. Energy efficiency: Energy-efficient processes can reduce costs and environmental impact. Innovative production: Opportunities exist for sustainable production and eco-friendly packaging innovations. Partnerships: Sustainability-focused partnerships can provide shared resources and reputation enhancement. Environmental leadership: Addressing climate change proactively can position the company as an environmental leader in the industry. |
You must evaluate your risks and opportunities and decide if your organization needs to act.
Step 3 – Determine implications to other clauses.
Based on the previous two steps, you have a set of risks and opportunities that you must evaluate and decide if your organization needs to act.
Again, if you don’t find anything relevant to climate change, there’s no need to make any changes; however, if your organization needs to act, you may need to update your management system in several ways:
- Update the list of compliance obligations.
- Change or create new operational practices and procedures.
- Invest in infrastructure and other resources.
- Provide additional training.
- Evaluate the need to start communicating about climate change requirements internally and externally.
- Include climate change monitoring requirements.
Can ISO 14001 help?
ISO 14001, focused on Environmental Management Systems, could address the amendment related to climate action, enhancing the effectiveness of other systems like quality management and information security management. It offers sustainable practices in quality management and eco-friendly supplier choices, and it integrates environmental considerations into product lifecycles and risk management. For the Information Security Management System, ISO 14001 guides efficient data center operations, plans for climate impacts, and promotes sustainable IT practices.
However, implementing ISO 14001 for this specific purpose might be overkill, as it encompasses a broad scope and extensive commitment that may go beyond the immediate requirements of the amendment. It’s a comprehensive approach, but a focused, targeted strategy could be more practical.
The significance of this climate action amendment can differ greatly based on the organization’s scale and industry, the nature of the products and services it offers, its role in the supply chain, its geographical location, and possibly other elements. Its importance could range from being completely irrelevant to highly relevant. It is up to each company to evaluate such relevance.
Download this free material: How can ISO 14001 help your business grow? to learn more about this leading environmental standard.