Compliance obligations and evaluation of Compliance.

Identification of Legal Requirements and Evaluation of these Requirements.

This blog post will describe the requirements within ISO 14001:2015 as well as ISO 45001:2018 under Clauses 6.1.3 and Clause 9.1.2.

Clause 6.1.3: Determine Compliance obligations

ISO defines Compliance obligations as “legal requirements that an organization has to comply with and any other requirements that an organization has to or chooses to comply with”. In the note, it further states “Compliance obligations can arise from mandatory requirements, such as applicable laws and regulations, or voluntary commitments, such as organizational and industry standards, contractual relationships, codes of practice and agreements with community groups or non-governmental organizations.”

The organisation should have a process to determine and have access to respective legal requirements and other requirements applicable to its ISO Management System, and to determine how these requirements apply to the Management System.

The process should cover:

  • What are the organisation’s legal and other requirements and how are they determined, accessed and kept up-to-date;
  • How do these legal and other requirements apply to the organisation’s activities, processes, plant & equipment, workforce, hazard profile & associated risks, the overall Management System and its performance;
  • How these legal and other requirements are taken into account when establishing, implementing, maintaining and continually improving the organisation’s Management System.

Compliance obligations also include other interested party requirements related to the Management System which the organization has to or chooses to adopt. These can include, if applicable:

  • agreements with community groups or non-governmental organizations;
  • agreements with public authorities or customers;
  • organizational requirements;
  • voluntary principles or codes of practice;
  • obligations arising under contractual arrangements with the organization;
  • relevant organizational or industry standards.

These could be captured within a Legislative Compliance Register.

Compliance obligations may be mandatory (eg. Acts and Regulations), or voluntary (eg. contractual relationships, codes of practice and agreements and even expectations of third parties). Voluntary undertakings become compliance obligations once an organization decides to adopt them. The revised standards requires the organization to take a high-level look at their “compliance obligations”, which include both regulatory requirements and voluntary commitments. The organization must determine the risks and opportunities associated with compliance obligations.

They must plan actions to address compliance obligations and to integrate these actions into the Management System or other business processes. they must determine the competence requirements needed to meet compliance obligations and ensure these are satisfied. They must ensure that awareness-raising and communications programs take account of compliance obligations. They must maintain processes for evaluating fulfillment of compliance obligations, determine to evaluate and take action after evaluation, and maintain knowledge and understanding of its compliance status and the management review should consider trends in the fulfillment of compliance obligations.

Clause 9.1.2: Evaluation of Compliance

Once you have determined your Compliance Obligation, now you must evaluate your Compliance. Here you must plan and implement a process to evaluate if you meet the legal requirements that are applicable to you as determined above. This process needs to include:

  1. Frequency of compliance evaluation: How often you are going to check to see if you meet the requirements of particular legislation will vary from law to law, but your process needs to determine how often you will check each level of compliance. For example, you may need to continually check the concentration of chemicals you are emitting into the sewage system, but you may only need to periodically check on how well you are diverting recycling from your landfill waste.
  2. Evaluate compliance and take action: This is the step that everyone thinks about when it comes to the requirements of legal compliance, and this requirement has not changed. As an organisation, you need to make an assessment against the applicable laws to see if you meet the requirements and take any actions necessary to become compliant if you are not.
  3. Maintain the status of your compliance: In other words, always know if you actually comply with your legal requirements. If a law changes, you need to know about it and know if the change affects your compliance with the law. If you make a change in your facility, you may need to evaluate whether you still obey all the laws, both during and after the change, even if you are not yet set to evaluate this according to your regular schedule.
  4. Set Objectives: The level of compliance create a golden opportunity to set an objective and program on how to improve the level of compliance within the organisation.

Again, all of this evaluations needs to be kept as documented information for the use of you, your management system auditors, and any legal compliance auditors who may need to see it.

Join our mailing list to receive upcoming posts:


Get In Touch

Scroll to Top