Commitment and Compliance with Legal & Regulatory Requirements

S

SaintStan

...is it a requirement of 14k to COMPLY with relevant legal (& other) requirements ?
Maybe it's just me, and maybe it's been too many late nights and early starts, but I've just noticed:
there's a requirement to include a commitment to comply in a policy;
a requirement to evaluate compliance;
and a requirement to identify what those relevant legal (& other) requirements are.

If Company X has a huge compliance black hole, is it a 14k non-conformance ?
Can I raise an internal corrective action to fix it before doomsday and comply with 14k ?
Or do I only have to acknowledge a deficiency during evaluation of compliance reviews where non-compliance is an issue ?

4.5.2 only states requirement to evaluate compliance, doesn't state you have to do anything about it, which I find surprising.

Or is it just time for bed...
 

Sidney Vianna

Post Responsibly
Leader
Admin
Re: Call me stupid, but...

If Company X has a huge compliance black hole, is it a 14k non-conformance ?
This issue has been discussed here numerous times. The same way ISO 9001 attempts to put systems in place to prevent non-conforming products, it recognizes that, from time to time, defects will happen. The organization is expected to deal with the situation from both a correction and corrective action perspectives.

Similarly, ISO 14001 is designed in a way for systems to be robust enough to prevent environmental regulatory non-compliance. However, if breakdowns happen, the organization should have processes in place to correct and (when applicable) prevent it's recurrence. Since an effective EMS should minimize the chances of E regulatory non-compliances, if this is not being accomplished in a systemic, comprehensive and on-going manner, the EMS is not effective and should not be deemed compliant/certifiable to ISO 14001.

ISO 14001 conformity/certification is not a synonym to regulatory compliance just like ISO 9001 conformity/certification does not equate to defect free products. It is not clear what you mean by "compliance black hole". If non-compliance is rampant and there are no extenuating reasons for the situation, yes, it is a MAJOR discrepancy against ISO 14001.
Can I raise an internal corrective action to fix it before doomsday and comply with 14k ?
Or do I only have to acknowledge a deficiency during evaluation of compliance reviews where non-compliance is an issue ?
You can and probably should do both. The main thing to remember is that since management has committed to comply with environmental regulations, they must provided the resources for that to happen. If it is not happening, they (top management) must be held accountable to it.
 
Last edited:

Paul Simpson

Trusted Information Resource
The only point I would add to Sidney's post is that - just by raising a bit of paper to place over the cracks you are not now "safe" for the 3rd party audit.

The CB should expect a proportionate response. Let me explain:
  • If it is a technical breach discovered yesterday and fixable with a bit of paper going to the regulator - then not much action expected
  • If it is a big breach involving pollution of the whole of the Eastern seaboard that has been known about for ages then your little CAR raised 10 minutes before the auditors arrive isn't going to save you. ;)

The point is that if you want to fulfil your policy commitment then you shouldn't allow a breach of legislation to occur and if it does then some serious investigation needs to take place to understand how it did and take effective corrective action to prevent recurrence.

Sleep well! :bigwave:

Sorry forgot to say 4.5.2 (compliance monitoring) is followed by 4.5.3 (corrective action).
 
Last edited:
Top Bottom