How do you ensure compliance with 4.3.2 - Legal & other requirements?

[batman1056]

I get updates from IEMA which is great for me as I am a member - we also corporatly subscribe to Barbour briefings - but I am sure their are other simialr services http://www.barbour.info/

 

[samsung]

Thanks _ I like this look of this - cleaner than what I am using - just need to find a complete version of it.

Sent a PM. Please check your 'inbox'.

 

[sally2012]

Infact what I was seeking is how do you know that a particular legal requirement (that exists in the checklist) applies to the organizational activities. Many organizations subscribe to legal update services which only send the information/updated or new legislation etc. but they don't tell us whether or not and how that update applies to our activities and as such this procedure cannot be used to claim compliance to 4.3.2.

Let me explain it further - suppose someone is set to establish a new industry, the management, through public domain, obtains a long list of rules and regulations that normally apply to this kind of industries. Now the company wishes to seek EMS certification. What specific tools/ methods/ rules of thumb etc. should it use to identify from the list which of the requirements (& also in what way) apply to a particular operation.

You may want to consider consulting government agency/municipality/ministry where your company is located. There you could get a first-hand info as which among those legal requirements you should comply. But be cautious when you go there as your company might be their "apple of the eye" for audit and inspection every time.

 

[John Binns]

Hi Samsung, my first post on the forum so please be kind! I work as a consultant setting up EMSs as well as related activities. I would not over complicate this, it actually requires something relatively simple.

Think about how you determine legal and other requirements such as subscribing to publications or checking on the web etc. A common output from this process that shows that you are doing this is a legal register. The register will often be in a table form identifying the name of the law and a short summary in addition to including information about how it is relevant to the organisation.

To comply with point B you could identify on your aspects and impacts register the relevant laws or provide a link from the aspect register to the relevant parts of the legal register.

Yes you can have more than one procedure, but it is unlikely you will need it.

Hope this helps!

 

[samsung]

Hi Samsung, my first post on the forum so please be kind! I work as a consultant setting up EMSs as well as related activities. I would not over complicate this, it actually requires something relatively simple.

Think about how you determine legal and other requirements such as subscribing to publications or checking on the web etc. A common output from this process that shows that you are doing this is a legal register. The register will often be in a table form identifying the name of the law and a short summary in addition to including information about how it is relevant to the organisation.

To comply with point B you could identify on your aspects and impacts register the relevant laws or provide a link from the aspect register to the relevant parts of the legal register.

Yes you can have more than one procedure, but it is unlikely you will need it.

Hope this helps!

Hi John,

A warm welcome to the forum and thanks for responding to the query. It doesn't appear to be as simple as it's for you as a consultant. I haven't yet arrived at a robust procedure "to identify and have access to the applicable..............".

As far as compliance matters, I'm now not so uncomfortable after having modified the existing procedure incorporating , among others, an exhaustive list of around 600 applicable (so far 'identified') requirements and having assigned responsibilities to concerned persons for timely monitoring/ compliance and review on monthly basis at 3 different levels but as you know, 4.3.2 and 4.5.2 are interdependent; if the former is not OK, you can't claim compliance to the later. A known non-compliance is not so bad since it's still manageable but what about the one that you aren't aware of.

In a nutshell I'm sot sure if I've identified 100% of the applicable requirements and I'm looking for a systematic and logical way that can generate 100% assurance with regard to 'identification' of all the applicable LORs.


Point # (3) of the original post is still unanswered. What I conclude after so much of discussion that there can be more than one procedures. e.g. one for initial identification (first time) and another for periodically updating the established system.

One more thing that I'm not yet sure of is how to "establish, implement and maintain a procedure(s) to have access to the applicable legal requirements"?

Any thoughts?

 

[John Broomfield]

Hi John,

A warm welcome to the forum and thanks for responding to the query. It doesn't appear to be as simple as it's for you as a consultant. I haven't yet arrived at a robust procedure "to identify and have access to the applicable..............".

As far as compliance matters, I'm now not so uncomfortable after having modified the existing procedure incorporating , among others, an exhaustive list of around 600 applicable (so far 'identified') requirements and having assigned responsibilities to concerned persons for timely monitoring/ compliance and review on monthly basis at 3 different levels but as you know, 4.3.2 and 4.5.2 are interdependent; if the former is not OK, you can't claim compliance to the later. A known non-compliance is not so bad since it's still manageable but what about the one that you aren't aware of.

In a nutshell I'm sot sure if I've identified 100% of the applicable requirements and I'm looking for a systematic and logical way that can generate 100% assurance with regard to 'identification' of all the applicable LORs.


Point # (3) of the original post is still unanswered. What I conclude after so much of discussion that there can be more than one procedures. e.g. one for initial identification (first time) and another for periodically updating the established system.

One more thing that I'm not yet sure of is how to "establish, implement and maintain a procedure(s) to have access to the applicable legal requirements"?

Any thoughts?

Samsung,

Are you referring to your organizational management system's process for deploying legal requirements to the system?

This process usually has as its objective something along the lines of: "assured compliance with relevant legal requirements by using and improving the management system".

You could capture this process and document its procedure to show how the subject matter experts plug into reliable sources of updates, review upcoming changes for relevance, determine which system documents need to be updated, work with the process owners to make the changes, provide training to process teams and periodically evaluate compliance with the legal requirements.

One of the reasons we have continual improvement processes is that we are never sure of 100% compliance.

John

 

[EHSnovelist]

Hi Forum Members,
I am new to this forum so please excuse if I have initiated discussion on the subject where already covered elsewhere.

I am the designated EHS coordinator for an electronics manufacturing services company. I have implemented sucessfully one 14001 certification project and now own improving and sustaining for my current company. I am "self-taught" on the subject and continue to learn more every day!

After some 14 audits with no issues related to 4.3.2, we recently got nailed for not meeting the objectives of identifying "Other". While we are pretty tight on the Legal aspects for both Environmental and OSH, I find myself having a tough time getting my arms around Other. This to me seems to be the more abstract part of the clause. I'm not sure how to go about specifically identifying the Other aspects to the satisfaction of the auditor and to insure full compliance with the expectations of this part of the clause.

I'd appreciate some ideas. I have yet to find any great resources to dealing with this part, mainly a lot of focus on the Legal requirements.

Thanks in advance!

 

[Randy]

What are required to do besides comply with legal requirements?

Well the 1st one is so easy nearly everyone meets it and it's.....ISO 14001 iself.....It becomes an "Other requirement" the second an organization chooses to meets its requirements


For "Other" examples (no pun intended) just use the standard itself, specifically clause A.3.2 in Annex A ....There is a great deal of information in Annex A

 

[Dr. L. Ramakrishnan]

Hi

"Other requirements" include
(a) customer requirements - e.g. RoHS requirements, REACH etc. (if your customer is Europe based)
(b) Industry Association requirements (if you are a member of the association) - e.g. Responsible Care
(c) Corporate Requirements - if you are a part of a large organization (e.g. Corporate Environmental programme)
(d) Requirements agreed with Stakeholders (e.g. issues related to EOL products)
(f) In specific cases requirements such as OECD Guidelines for Multinational corporations, Global Compact, ICC Code for Sustainable Development etc.

With kind regards,

Ramakrishnan

 

[EHSnovelist]

Thanks "Doc" and Randy!
I think I get the idea. I'll collaborate with our Marketing folks and upper management, I'll bet they have signed us up to several organizations and customer specific committments that I'm not even aware of and of course the IPC and "J" standards which we build to. Your examples helped to get my thought processes in order!