Monitor compliance or comply to Legal requirements

M

Mike Smith

I am getting ready for our stage 1 audit next week. The question I have is "Does the system require that you adhere to all legal requirements or just have a system to identify your legal requirements". Our company hired a environmental specialist to help us identify requirements. He came up with stuff that we had no idea we would have to comply with. Some of it will take months to finish since I am the only one working on it. Will this satisfy the auditor in that we have set dates to comply and show continual improvement. The way I see the standard, we must only identify and evaluate our compliance.:confused:
 

Randy

Super Moderator
Duh! What does the standard say?

ISO 14001:1996
4.3.2 The organization shall establish and maintain a procedure to identify and have access to legal and other requirements to which the organization subscribes, that are applicable to the environmental aspects of its activities, products or services.

Or even better....

4.2 Top management shall define the organization’s environmental policy and ensure that it:
.....-includes a commitment to comply with relevant environmental legislation and regulations, and with other requirements to which the organization subscribes.


What do you think?


Now further....

4.5.1 .....The organization shall establish and maintain a documented procedure for periodically evaluating compliance with relevant environmental legislation and regulations.


There you have it. Make it happen.
 
M

Mike Smith

OK Randy, Lets be professionals here. I posted the question, you talked around the question. Here is the question again (duh!) in case you did not understand the first time. Will the auditor be satisfied in that we have a procedure to identify legal requirements and are making a commitment to comply?

Is this a roadblock towards our certification?
 

howste

Thaumaturge
Trusted Information Resource
Since Randy's answer got lost from the database last night, I'll repost it here from my forum email notification:

Originally posted by Randy
Here's a simple answer from an auditor Mike that just went through this little dance with a client last week. NO!!

You must also provide evidence that you are proactively managing compliance and that you are evaluating your compliance program. This is not doing inspections, this is actually evaluating the effectiveness of the compliance program and the inspections that you do.

A simple list of laws and a promise to be good isn't going to cut it.

I wasn't trying to be nasty with the initial response. Read what the standard is saying, line by line. Answer every "Shall" and be able to provide objective evidence that each and every "Shall" has been addressed. If you cannot provide a procedure for "evaluating" your compliance program and actual evidence of having done so a competent auditor should be able to identify this as a non-conformance. I'm not trying to rain on your parade, I'm being very honest because you asked.
 
D

Dean P.

Keep in mind, regardless of what ISO14001 states, you still have to meet the law! I would think that meeting the regulations in your country / state / community should take precendence over complying with the ISO14001 standard.

Advise your managers, not meeting ISO14001 could mean a nonconformance report from the auditor. Not meeting local environmental regulations could mean $$$ and/or jail time for them.
 
D

db

Another twist

I know of a company that has a permitted aspect they are unable to meet. Every day they pay a fine because they exceed the threshold value of the permit. Because they claim they do not have the technological, or financial capability (the cost of meeting the permit is higher than the cost of the fines), they do not even list this as a significant aspect! They claim that 14K doesn't require all regulated aspects to be classified significant.

Their registrar is aware of the situation, and allows this to occur. I disagree because they have no plan on meeting the permit. In my opinion, if they are paying a fine for non-compliance, then the aspect must be significant.

----------------------------------------------------------------------

Will this satisfy the auditor in that we have set dates to comply and show continual improvement

Mike,

Does this plan show a committment to comply? Are these requirements related to your significant aspects? If you can answer the questions posed by Randy (from the standard), then you might be okay. The evidence would be more than just a "promise to be good", it would be the plan and evidence that the plan is being worked.

I would begin with a second compliance audit. It might be possible that the first may be trying to apply laws that do not pertain to you. For each confirmed compliance issue I would then generate a Corrective Action. The CA would contain dates and specific actions that can be verified to ensure they are being adequately addressed. Give this plan to the auditor, and see what he/she says.

But don't stop there. Make sure you have a plan (procedure) to periodically assess your legal and other. Also, compliance audits address the "legal", but what about the "other"? Haw do you know what those are?

Hope this helps
 
M

Mike Smith

Thanks db, This does help. It confirms what I am currently doing.
I have issued Corrective Actions for all regulations and legislation for which we currently are not up to speed. They have implementation dates and assigned responsibility (me). As a matter of fact, our environmental specialist did identify laws that currently did not apply to us. As for other requirements, the only ones I could think of related to customer requirements. I am willing to listen if you have suggestions on other requirements.
 

Manoj Mathur

Quite Involved in Discussions
We have achieved ISO 14001 in the year 2002 but before that also We were complying all legal reuirements. I mean that is primary and MUST.

For further guidelines, A new requirement (Legal Env. Issue) has come in the year 2002 (Late Year). We made an EMP (Sort of Project) for complience of it. But our EMS auditor declined as consider as EMP. According to him, complying Law is basic, either you have EMS or not you have to comply all legal requirements.

Manoj
 

Randy

Super Moderator
Manoj Mathur said:
We have achieved ISO 14001 in the year 2002 but before that also We were complying all legal reuirements. I mean that is primary and MUST.

For further guidelines, A new requirement (Legal Env. Issue) has come in the year 2002 (Late Year). We made an EMP (Sort of Project) for complience of it. But our EMS auditor declined as consider as EMP. According to him, complying Law is basic, either you have EMS or not you have to comply all legal requirements.

Manoj


To a certain degree Manoj....You have to comply with RELEVENT legal requirements. However, applying 4.3.2 to EMP's (4.3.4) might be a tough sell unless you've had some negative regulatory issues. If that's so, you should take those negative issues (regulatory non-compliances), set O&T's for them, then the EMP's (4.3.4) and apply 4.4.6 and 4.5.1 (the key characteristics and metrics portion) to help track improvement of your compliance. Then use the portion of 4.5.1 to evaluate your compliance program. You will also be able to tackle issues with regards to 4.5.4, 4.5.2 and others.
 
Top Bottom