How to Maintain Compliance Obligations for your ISO-based Management Systems: An Overview

Do you currently have an ISO-based management system implemented? Are you keeping up with the necessary compliance obligations? Do you understand the risks to your business by not meeting compliance obligations?
​
Read on to find out how to maintain compliance obligations for your ISO-based management systems.

If your business is currently operating with an ISO-based management system (ISO 14001:2015 for environmental, ISO 45001:2018 and/or OHSAS 18001 for occupational health & safety), then it is important, at a minimum, to maintain compliance obligations for your business to succeed. Compliance obligations refers to mandatory legal requirements that your business must comply with and other requirements which your business chooses to comply with. Examples of compliance obligations include applicable laws and regulations, industry standards, corporate requirements, codes of practice, agreements with non-governmental organizations, and other voluntary commitments. 

One of the basic requirements of both the ISO 14001 and OHSAS 18001 standards is maintaining compliance with legislation and regulations. Here is an overview of the steps to ensure that your compliance obligations are on target.

1. Identify applicable compliance obligations. 
2. Ensure your business have access to the applicable legal and other requirements.
3. Periodically check for updates in legislations and regulations in order to maintain your prepared list of compliance obligations.
4. Ensure that proper processes, activities and procedures are implemented in order to comply with the identified legal requirements.
5. Periodically evaluate compliance with applicable legal requirements.

IDENTIFY RELEVANT LEGISLATION, REGULATIONS AND OTHER REQUIREMENTS
One of the key elements of the ISO standards mentioned above is identifying applicable compliance obligations. The identified legislation and regulations that are applicable to your business must also relate to the environmental and/or OHS aspects of your business. Identifying all relevant legislation and regulations involves extensive database searches that cover federal, provincial and municipal requirements. Don't forget the other requirements that must be identified, including corporate policies, customer standards, industry standards, agreements, etc.

KEEPING UP TO DATE WITH COMPLIANCE OBLIGATIONS
A list of compliance obligations for your business must be maintained and kept up to date, especially when regulatory authorities publish changes to legislation and regulations. It is therefore, important to keep track of these changes and evaluate how they may affect processes and activities. Identify a person (in-house or out-sourced) to keep track of legislative and regulatory changes, who can assess the applicability of the legislation and regulations to your business, and communicate the changes to other staff members. Tracking changes can be conducted periodically (monthly, quarterly, annually). 

The person responsible for keeping track of and evaluating the legislation and regulations must be competent to do so. A strong knowledge of regulatory requirements within all government levels is necessary to successfully identify the legal requirements applicable to your business. 

LINKING COMPLIANCE OBLIGATIONS TO YOUR ACTIVITIES AND PROCESSES
Upon identification of your compliance obligations, it is important to link compliance obligations with the environmental and/or OHS aspects of your activities and processes. This connection will help to prepare a proper operational procedure outlining who is responsible for overseeing the compliance obligations related to the environmental and/or OHS impacts on the business.

EVALUATION OF COMPLIANCE OBLIGATIONS
Another important element of the ISO-based standards is the periodic evaluation of compliance obligations. The frequency and timing of conducting an evaluation can vary depending on level of importance, operating conditions, changes in compliance obligations, and past performance of your business. The evaluation includes a review of all relevant documented information and/or records that has been retained as evidence of compliance. The evaluation can be in the form of a compliance audit. 

MANAGEMENT OF RISKS
Maintaining a current list of compliance obligations for your business is one way to help reduce environmental and/or OHS risks. Some of the risks can be in the form of environmental impacts such as air pollution, major spills of hazardous liquid materials, financial costs in the form of environmental fines and penalties, or OHS risks such as injuries to a worker. An evaluation of compliance obligations is a method to manage and potentially lower the risks of non-compliance.

Maintaining compliance obligations and conducting periodic evaluation of compliance are necessary to ensuring your management systems are effective. Of course there are other key elements of the ISO Standards that are required for a successful management system, which were not the focus of this article and it is strongly encouraged to refer to the ISO Standards for further details. 

Are you struggling to find the time to keep up with your compliance obligations list? Envirolum Consulting Inc. can help! Contact Connie Lum at connie@envirolum.com for a complimentary consultation.  ​