SBS - The Best Value in QMS software

Periodic Evaluation of Legal Compliance - ISO 14001 - 4.5.2.1 - Legal Requirements

tony wardle

Registered Visitor
#1
4.5.2.1. Reads that the organisation shall keep records of periodic evaluation of legal compliance (to international, national and local laws or bylaws).

Now, our concern is that our company and a few around us have had findings raised based on the fact that these evaluations have not been done suitably or by suitably qualified people - environmental lawyers for example.

Has anyone else had this experience? It appears that there a money makin opportunity for the lawyer, because Joe average does not always have access to or awareness of changes and inuendos of the applicable laws.
 
Elsmar Forum Sponsor
T

tigerfan51

#2
Re: Iso 14001 - 4.5.2.1 Legal requirements -

In Canada and the U.S. most regulatory compliance reviews are completed by environmental consultants. Consulting staff usually have an environmental engineering or science background. Lawyers may be involved if there are confidentiality concerns and/or the company has known/suspected compliance issues. A lawyer may serve two purposes - expert opinion on a complex piece of legislation and/or a method to restrict access to the report (ie. lawyer/client priviledge)

The person/group who conducts the compliance review should have a good knowledge of the legislation applicable to the operation and should provide a suitable report. The standard does not say specifically who must conduct the review or what qualifications are required. Most of the automotive manufacturing companies that I audit hire an engineering consuting firm to conduct compliance reviews because they do not have the in-house expertise. Most companies hire a consultant once every three years to conduct a full review.

As an EMS auditor, I briefly review the compliance review report and if it was prepared by a known ennironmental consulting firm and they appear to have covered all possible media/issues/requirements then I assume the review was comprehensive. I turn to the findings section, review the findings and then determine what action the client has taken to resolve any identified issues. If the company is working toward resolving the identified issues and making progress, then I would say they have met the intent of the standard and their regulatory compliance commitments.

On the other hand, if the report was not completed by a qualified consultant then it requires more work on the part of the auditor to determine if the report is adequate/sufficient/meets the requirements of the standard. More reading is necessary and this may also lead to a more thorough examination of the person's credentials and the methods used to complete the compliance review.

In some large firms there may be a corporate person who is responsible for conducting compliance reviews at the various sites owned by the company. I have seen several instances where the corporate environmental department has prepared a checklist or review protocol for each jurisdiction where they have production facilities. In these situations compliance reviews are completed by a corporate specialist using the targeted checklist/protocol. I have also found this to be acceptable, providing the checklist/protocol is sufficiently detailed for the local jurisdicition and the review appears to be adequately comprehensive.

My preference is to have a qualified outside environmental consultant conduct the compliance review. A third party brings a fresh perspective to the review and their staff usually have very broad experience with environmental requirements. And it generally means less work on my part if a qualified consultant completed the review.

As an auditor, however, I cannot dictate who completes compliance reviews - as long as there is a record (report), the report is sufficiently detailed, the review was comprehensive and effective actions are being taken to address any findings, then that is all an auditor can ask/expect.

Hope this helps.
 

Randy

Super Moderator
#3
Re: Iso 14001 - 4.5.2.1 Legal requirements -

In Canada and the U.S. most regulatory compliance reviews are completed by environmental consultants. Consulting staff usually have an environmental engineering or science background. Lawyers may be involved if there are confidentiality concerns and/or the company has known/suspected compliance issues. A lawyer may serve two purposes - expert opinion on a complex piece of legislation and/or a method to restrict access to the report (ie. lawyer/client priviledge)

The person/group who conducts the compliance review should have a good knowledge of the legislation applicable to the operation and should provide a suitable report. The standard does not say specifically who must conduct the review or what qualifications are required. Most of the automotive manufacturing companies that I audit hire an engineering consuting firm to conduct compliance reviews because they do not have the in-house expertise. Most companies hire a consultant once every three years to conduct a full review.

As an EMS auditor, I briefly review the compliance review report and if it was prepared by a known ennironmental consulting firm and they appear to have covered all possible media/issues/requirements then I assume the review was comprehensive. I turn to the findings section, review the findings and then determine what action the client has taken to resolve any identified issues. If the company is working toward resolving the identified issues and making progress, then I would say they have met the intent of the standard and their regulatory compliance commitments.

On the other hand, if the report was not completed by a qualified consultant then it requires more work on the part of the auditor to determine if the report is adequate/sufficient/meets the requirements of the standard. More reading is necessary and this may also lead to a more thorough examination of the person's credentials and the methods used to complete the compliance review.

In some large firms there may be a corporate person who is responsible for conducting compliance reviews at the various sites owned by the company. I have seen several instances where the corporate environmental department has prepared a checklist or review protocol for each jurisdiction where they have production facilities. In these situations compliance reviews are completed by a corporate specialist using the targeted checklist/protocol. I have also found this to be acceptable, providing the checklist/protocol is sufficiently detailed for the local jurisdicition and the review appears to be adequately comprehensive.

My preference is to have a qualified outside environmental consultant conduct the compliance review. A third party brings a fresh perspective to the review and their staff usually have very broad experience with environmental requirements. And it generally means less work on my part if a qualified consultant completed the review.

As an auditor, however, I cannot dictate who completes compliance reviews - as long as there is a record (report), the report is sufficiently detailed, the review was comprehensive and effective actions are being taken to address any findings, then that is all an auditor can ask/expect.

Hope this helps.
Focus on the competency of whoever performs the evaluation and that includes competence in all areas where "compliance" must occur. Just because one is an environmental lawyer doesn't make them "competent" is all aspect of environmental compliance management. Remember, lawyers "practice" the law. The compliance evaluation is actually best performed by "professionals" with requisite competentcies.
 
T

tyker

#4
The appropriate process for evaluating compliance is going to vary for different organizations. Whilst the use of specialist lawyers and consultants may be appropriate for organizations with complex legal issues, it may not be right for others.

My company is a relatively small (130 people) metal bashing firm. Our activities are clean and not subject to specific legal permits. We emit nothing nasty out of the chimney and pour nothing unpleasant down the drain. Our only significant legal issue for environmental compliance is disposal of our waste. There is nothing difficult about keeping up to date with legislation and the evaluation of legal compliance is simply built into our audit programme and carried out by the Health, Safety, Environment Manager.

There's nothing magic about environmental legislation. We have to demonstrate compliance with all kinds of legislation to run the business. We don't get specialists in for day to day matters in other areas and see no need to do so for this one.

I accept that "dirtier" more complex organizations will need a different approach but, without knowing more about Tony's situation, I find it impossible to advise what the right solution there would be.
 

Manoj Mathur

Quite Involved in Discussions
#5
I will share our compliance to this requirement mentioned in ISO 14K standard. In India we have one publication ELUS (Environment Legislation Updatation Standard) which give complete information about any new update. Besides this we have subscribed our national site for keep us posting any new update. This is all about National Issues and for Local Environment Issues (Which at times are quite different from National Issues, for example Fugitive Emissions norms differ from one area to another) we used to visit Local Environment Office once in a Two Month time to keep us fresh on local issue.
That is all we have mentioned in our Environment Manual and used to do as per manual.
 
N

Nette

#6
We too are a small organisation. We cover our compliance and review by using a consultant once a year who specialises in environmental law and how to show compliance. In addition we work close with our local Environmental Agency and local council who keep us informed of any changes that may be taking place.
 
B

BSMITH

#7
Re: Iso 14001 - 4.5.2.1 Legal requirements -

In Canada and the U.S. most regulatory compliance reviews are completed by environmental consultants. Consulting staff usually have an environmental engineering or science background. Lawyers may be involved if there are confidentiality concerns and/or the company has known/suspected compliance issues. A lawyer may serve two purposes - expert opinion on a complex piece of legislation and/or a method to restrict access to the report (ie. lawyer/client priviledge)

The person/group who conducts the compliance review should have a good knowledge of the legislation applicable to the operation and should provide a suitable report. The standard does not say specifically who must conduct the review or what qualifications are required. Most of the automotive manufacturing companies that I audit hire an engineering consuting firm to conduct compliance reviews because they do not have the in-house expertise. Most companies hire a consultant once every three years to conduct a full review.

As an EMS auditor, I briefly review the compliance review report and if it was prepared by a known ennironmental consulting firm and they appear to have covered all possible media/issues/requirements then I assume the review was comprehensive. I turn to the findings section, review the findings and then determine what action the client has taken to resolve any identified issues. If the company is working toward resolving the identified issues and making progress, then I would say they have met the intent of the standard and their regulatory compliance commitments.

On the other hand, if the report was not completed by a qualified consultant then it requires more work on the part of the auditor to determine if the report is adequate/sufficient/meets the requirements of the standard. More reading is necessary and this may also lead to a more thorough examination of the person's credentials and the methods used to complete the compliance review.

In some large firms there may be a corporate person who is responsible for conducting compliance reviews at the various sites owned by the company. I have seen several instances where the corporate environmental department has prepared a checklist or review protocol for each jurisdiction where they have production facilities. In these situations compliance reviews are completed by a corporate specialist using the targeted checklist/protocol. I have also found this to be acceptable, providing the checklist/protocol is sufficiently detailed for the local jurisdicition and the review appears to be adequately comprehensive.

My preference is to have a qualified outside environmental consultant conduct the compliance review. A third party brings a fresh perspective to the review and their staff usually have very broad experience with environmental requirements. And it generally means less work on my part if a qualified consultant completed the review.

As an auditor, however, I cannot dictate who completes compliance reviews - as long as there is a record (report), the report is sufficiently detailed, the review was comprehensive and effective actions are being taken to address any findings, then that is all an auditor can ask/expect.

Hope this helps.
Based on my experience as an auditor for two registrars (mostly of small organizations) and as an Environmental Manager or Scientist for 4 U.S. Government offices, routine evaluation of legal and regulatory compliance usually does not involve consultants and/or lawyers. Consultants and/or lawyers may get involved if there is a particular issue requiring their expertise, but that does not happen routinely. Typically an ES&H or environmental professional has the job of keeping current with changing environmental legal, regulatory, and other requirements. At least for the U.S. Department of Energy (DOE), it involved keeping current with changes to DOE Headquarters requirements and reviewing publications (books, newsletters, journals), legal/regulatory CDs, and EPA and state regulatory agency websites. It also involved attending professional meetings to stay current with legal and regulatory issues, environmental technology, and best practices. In recent years, subscriptions to some expensive publications and CDs have been discontinued and websites have become the primary tool.
 
T

tigerfan51

#8
Two issues are being discussed here:
1 - Identification and having access (as well as keeping current) on legal requirements - Section 4.3.2, and
2 - Periodic review of compliance - Section 4.5.2.1

1 - Usually does not require outside assistance and can be satisfied by reviewing web sites, subscription services and contacting regulatory agencies - as stated by BSmith

2 - 95% of the companies that I audit hire an outside consultant to conduct compliance reviews because they do not have the in-house expertise and/or time. A compliance review evaluates the level of compliance achieved by the organization in areas such as operating permits/approvals to confirm that conditions are satisfied and operating limits are being followed, waste disposal practices/manifests to confirm appropriate procedures are being followed, preventive maintenance on environmental equipment, water discharges, air emissions, noise, local bylaws/ordnances (like backflow prevention, noises, truck idling, unsightly premises, etc.), IAQ/industrial hygiene issues, asbestos management, PCB management, UST management, etc., etc. I believe many automotive manufacturers hire this out because of the number of applicable issues.

Most of the sites I audit have >100 and <1500 staff and the majority are automotive manufacturers/suppliers.
 

tony wardle

Registered Visitor
#9
Thanks for the responses - pretty much paints a complete picture. In our situation, we use copious amounts of water and chemicals and energy which probably compounds the issue. I can now also appreciate the auditors comments as being valid based on the responses from you guys.
 
P

priyareddy

#10
Re: Periodic Evaluation of Legal Compliance - ISO 14001 - 4.5.2.1 - Legal Requirement

Dear manoj

i m working in ISO 14001 implementation projects. I have issues in evaluating the legal requirements of different scope of works. kindly help in this.

thank you
priya
 
Thread starter Similar threads Forum Replies Date
R Periodic evaluation of suppliers - ISO 17025 4.6 Purchasing services and supplies ISO 17025 related Discussions 3
A TGA - Annual Report or Periodic Safety Update Report? Other Medical Device Regulations World-Wide 0
B SAP Audit trail Periodic Review EU Medical Device Regulations 2
eule del ayre Documented Information - Periodic Review of Documents? IATF 16949:2016 / ISO 9001:2015 IATF 16949 - Automotive Quality Systems Standard 34
D CSV - Periodic Review Qualification and Validation (including 21 CFR Part 11) 1
Marc Interesting Discussion The periodic table is 150 years old - March 2019 Coffee Break and Water Cooler Discussions 3
P Periodic Review - Deviations/incidents that are reviewed Qualification and Validation (including 21 CFR Part 11) 5
M FDA or CE requirements for periodic checks of data backups and retrievals EU Medical Device Regulations 4
T Regulation (EU) 2017/745 and PSUR (periodic safety update report) EU Medical Device Regulations 9
V Periodic review criteria for reviewing/updating SOPs US Food and Drug Administration (FDA) 1
P EU MDR and PSUR (Periodic Safety Update Report) EU Medical Device Regulations 43
V Periodic Audit Trail Review - Scope, Content & Frequency Qualification and Validation (including 21 CFR Part 11) 11
B IATF 16949 Cl. 8.5.1.5 - Requirement for Periodic Overhaul IATF 16949 - Automotive Quality Systems Standard 10
S How to document revisions after Periodic Review of documents ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
I Does ISO 13485 have a Periodic Document Review Requirement? ISO 13485:2016 - Medical Device Quality Management Systems 7
A Current Control Periodic Document Reviews - Process Updates in the FMEA FMEA and Control Plans 3
F Periodic Review Requirements for Software - Medical DeviceS Software Quality Assurance 2
T Periodic Quality Manual and Procedure Review Requirements General Auditing Discussions 5
S Is hiring a CB for certification and periodic audits an outsourced activity? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
V Where & How to Capture Details of Periodic Reviews of Change Control & CAPAs Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 8
T Clause for Maintenance - Periodic Maintenance Activity (Oil change) Internal Auditing 4
C API Q1/ISO-TS 29001 Periodic Assessment of Stock Oil and Gas Industry Standards and Regulations 3
S Auditing our own activity - Periodic audit of our documentation Internal Auditing 11
B Can I Claim That Periodic Calibration is Not Required? ISO 13485:2016 - Medical Device Quality Management Systems 6
Q Computerized System Periodic Review Requirement - Pharma Company Qualification and Validation (including 21 CFR Part 11) 7
R Do Engineering Standards require periodic review? ISO 9001 4.2.4 (b) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
M Documents of External Origin - Periodic or annual verification of revision status ISO 13485:2016 - Medical Device Quality Management Systems 10
M Surface plates - Questioning the need for periodic calibration of surface plates General Measurement Device and Calibration Topics 12
I Periodic Review of Process and Equipment Validation Qualification and Validation (including 21 CFR Part 11) 4
R Periodic / Maintenance Audits Schedule ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
D Periodic Product Requalification Process IATF 16949 - Automotive Quality Systems Standard 1
K Periodic validation of raw material test reports (7.4.3) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K Review complete, no changes needed - When a Procedure is due for a periodic review? Document Control Systems, Procedures, Forms and Templates 10
T QP-5.6.0 - Management Review should be both periodic and continual Management Review Meetings and related Processes 14
S ISO 14001 - Periodic External Audit by Consultant Requirement? ISO 14001:2015 Specific Discussions 99
A Meeting the ISO 14001 Periodic Audits Requirement - Internal vs. External Auditing ISO 14001:2015 Specific Discussions 11
D ISO 9004 6.2.2.2 has listed "periodic refresher programs for people already trained" General Auditing Discussions 6
M What does the APQP manual mean by the term 'Periodic Requirements' FMEA and Control Plans 2
J Document Control NCR - Periodic Reviews Document Control Systems, Procedures, Forms and Templates 3
M Doubt about the element 15.3 (VDA) - Periodic cross-check and repeated inspections VDA Standards - Germany's Automotive Standards 3
M Procedure for clinical evaluation according to new MDR EU Medical Device Regulations 0
Q Process map Evaluation and Analysis Method Process Maps, Process Mapping and Turtle Diagrams 5
M Supplier evaluation Supplier Quality Assurance and other Supplier Issues 5
I QMS monitoring, measurement, analysis and evaluation requirement - Template ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
shimonv Clinical evaluation report for class I device EU Medical Device Regulations 3
A Applicability of Photobiological Safety Evaluation for LED used in medical devices Reliability Analysis - Predictions, Testing and Standards 2
P GSPRs / Clinical Evaluation EU Medical Device Regulations 3
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
M NICE Medical Technology Evaluation Programme - Recommendations Service Industry Specific Topics 0

Similar threads

Top Bottom