Building an Effective ISO 14001 Legal Compliance Register

The ISO 14001 standard defines the criteria for a successful Environmental Management System (EMS). An EMS helps businesses manage their environmental impact and improve their sustainability practices. Organizations need an ISO 14001 compliance register, a key element of an effective EMS, to get an ISO 14001 certification.

In this article, we'll examine what legal registers are, how businesses can benefit from maintaining up-to-date legal registers, and how ISO 14001 certification can help companies to meet their compliance obligations.

What is ISO 14001:2015?

ISO 14001:2015 is an internationally recognized Environmental Management system (EMS) standard that outlines industry best practices for organizations to manage their environmental responsibilities systematically and effectively.

The standard encourages continuous improvement in environmental management by setting up a Plan-Do-Check-Act Cycle (PDCA) cycle. By following this cycle, organizations can reduce their impact on the environment, comply with environmental regulations, and improve their overall sustainability.

ISO 14001 standards are designed to apply to any type of organization, regardless of its size, location, or industry. Some organizations adopt it for certification; others incorporate it into their management system without pursuing certification.

Understanding ISO 14001 Legal Requirements: Factors to Consider?

A legal register lists all the environmental laws and regulations that apply to a particular organization's operation and is a mandatory element of ISO 14001 standards. Several factors determine the list of ISO 14001 legal requirements that an organization must comply with, including:

Location

It pertains to legal documents that impact the geographical locations where your company conducts business, such as construction sites in particular countries or facilities and surroundings, such as offices or warehouses. Legislation for certain activities, such as handling hazardous materials or managing personal data, can vary depending on the activity's location.

Operations

It involves legal documents specific to the kind of operations your business is engaged in, such as laws governing manufacturing operations and waste disposal. Various forms of legislation will impact the operations and activities of your business.

Structure

Among the factors considered are the size and sector of your business, turnover, and staffing levels. Additionally, some regulations may apply only to certain types of companies or sizes, such as corporations or SMEs.

The Benefits of Having A Legal Register

A legal register has the following advantages:

• Knowing the impact of legislation and regulations on each part of the operations
• Access to relevant legislation for leaders, managers, contractors, employees, and teams in an effective and controlled manner
• Establish compliance with stakeholders, such as investors, customers, and enforcement agencies
• Reducing the risk of legal action, fines, and penalties due to non-compliance with regulations
• Conform to the legal requirements for ISO certification for specific ISO standards

How Does a Legal Register Relate to ISO 14001 Other Requirements?

Legal registers are an obligatory element of ISO management systems such as ISO 14001 Environmental (EMS), ISO 27001 Information Security (ISMS), and ISO 45001 Occupational Health and Safety (OHS) management systems. These standards mandate that legal registers be part of the certification requirements.

Clause 6.1.3 Compliance Obligations of ISO 14001:2015 states the following.

"The organization should determine and have access to the compliance obligations related to its environmental aspects. The organization must also determine how these compliance obligations apply to the organization. The organization must take these compliance obligations into account when establishing, implementing, maintaining, and continually improving its environmental management system. The organization must maintain documented information about its compliance obligations. Compliance obligations can result in risks and opportunities for the organization."

Although the term' legal register' isn't used within the standards with ISO 14001 using the term' compliance obligations,' the term' legal register' has become the standard terminology for EHS professionals implementing and maintaining site, country, regional, or company-wide EHS management systems.

ISO 14001 Other Requirements List

Compliance obligations include ISO 14001 other requirements list related to the EMS that the organization is required to adopt or chooses to adopt, such as:

• Partnership agreements with non-profits or community groups
• Customer or public authority agreements
• Policies and procedures required by the organization
• Principles or codes of practice, such as standards set by trade groups
• Environmental commitments or voluntary labeling
• Contractual obligations with the organization
• Standards relevant to an organization or industry

Although compliance obligations comprise the bulk of the legal register, they're more than just regulatory requirements. Compliance obligations encompass environmental factors, which may lead to legal obligations , such as:

• Governmental requirements or requirements from other relevant authorities
• Laws and regulations at the international, national, and local levels
• Permits, licenses, or other authorization requirements
• Regulations, rules, or guidance from regulatory agencies
• Cases decided by courts or administrative tribunals

What Format Should a Legal Register Be In?

Different organizations maintain legal registers in various formats. Below are some examples of common formats.

Binders

It's the most traditional format for storing legal registers. They're convenient to store due to their portability; however, they are difficult to maintain and update since they require significant space and manual labor.

Spreadsheets

This format is more efficient than binders since spreadsheets are easily searchable and updated. They also have the advantage of holding more information than binders, such as associated documents or links to external resources. However, they're inefficient for manual data entry and prone to errors.

In-house Software

It's another efficient way to store and maintain legal registers. It requires minimal manual data entry, provides easy searching capabilities, and can quickly update information. However, this option can be costly to maintain. Also, integration becomes more challenging if you integrate regulatory content from an external party with your in-house software .

Software-as-a-Service (SaaS)

SaaS software is becoming increasingly popular with modern organizations due to its cost-effectiveness. It requires minimal setup and offers on-demand documents, record-keeping systems, and automated updates, allowing users to stay on top of regulation changes . Furthermore, SaaS solutions are usually cloud-based, allowing users to access legal registers from any device.

What Makes a Good Legal Register?

When creating a legal register for your business, using a structured approach that includes specific regulations rather than collecting all possible ones is recommended. Ideally, a legal register should include the following:

• Relevant legislation - Refers to the laws and regulations that apply to your organization and which you must comply with to operate legally and ethically. The compliance officer or risk manager usually compiles this legislation.
• Compliance details - These are the legal requirements that your organization must meet, such as permits, licenses, and certifications. It should also guide how to comply with these requirements, including policies and procedures.
• Definitions - Make sure your definitions are clear, concise, and consistent. Use simple, easy-to-understand language without jargon or technical terms whenever possible. It's also essential to ensure that your definitions are consistent throughout the register so that readers understand them.
• Legislation documents - Contain information about laws, regulations, and other legal requirements your business must adhere to. It can include national and international laws and regulations to industry-specific standards and guidelines.
• Supplementary information - This resource can help organizations understand the context and implications of those obligations. It can include links to guidance documents, industry standards and analysis, and best practices.
• Compliance information - These are the records of evaluation assessments against regulations, such as risk assessments and policy or procedure reviews. It includes the date of the evaluation, who conducted it, any actions taken as a result of the assessment, and any follow-up reviews or further action required.

Additionally, excluding certain items such as the following is recommended to keep the legal register current, efficient, and accurate.

• Data that lacks direct relevance or significance in terms of regulatory compliance and description
• Legislation that is no longer in effect due to either cancellation or replacement by updated regulations
• Regulations irrelevant to your business, for example, because of its size or location

Best Practices

When maintaining compliance status, consider these best practices:

Perform Regular Audits

Organizations must maintain awareness of their compliance status, and performing internal audits can assist in monitoring and adjusting management practices to remain aligned with organizational changes. Internal audit also helps ensure that processes are implemented correctly.

Create Competence and Awareness

Establishing a training program for employees involved in implementation is recommended, including those who require knowledge of legislative requirements and regulations. They should receive both written and oral training to ensure they understand their roles and what is expected of them. It's also essential to provide training updates regularly.

Additionally, ISO 14001 emphasizes the importance of making the legal register actionable and easily transferable to new employees. A well-built legal register should allow a new employee to understand the critical environmental legislation and how it applies to the organization in under 8 hours.

Utilize Different Communication Channels

Employees need to know their roles in the organization's compliance process, so use communication networks such as newsletters, emails, intranet sites, or other internal publications to remind people of their responsibilities. It'll help ensure everyone is aware of changes and updates in the legal register.

Establish Incentives Programs

Incentives can motivate managers to monitor and enforce organizational management responsibilities. Reward managers who execute requirements, leading to better employee comprehension of expectations and ensuring they're accountable for maintaining compliance.

4 Simple Elements to Build an Effective Legal Register

As you prepare for your ISO 14001 certification, follow these steps to create an effective legal register:

1: Determine the Compliance Obligations

An EMS must consider internal and external factors to ensure success. Compliance obligations, which can be mandatory (e.g., laws and regulations) or voluntary (e.g., environmental policy commitments), should be considered.

Consider compliance obligations that result from known environmental aspects and the needs and expectations of your interested parties. An example would be the desire of logistic companies to use fewer fossil fuels during their delivery processes.

2: Identify Legal Requirements

Your organization must identify and fulfill legal requirements related to the workplace and integrate relevant environmental practices for significant aspects using the best available techniques to ensure a successful EMS.

3: Document Your Compliance Obligations

Once you identify your legal requirements, the next step is to document them in a legal register. A legal register must include the following elements:

• Control measures
• An organization's regulatory jurisdiction, either provincial or federal (vital if it operates in multiple locations)
• Last revision date (last time a specific legal requirement was revised to determine if it has changed and if it still applies to the organization)
• Environmental considerations
• Organization's work area
• A summary of the requirement (between one and four sentences. It describes the requirement as it applies to your organization)
• Applicability text (one to four sentences explaining how the legal requirement applies to the organization's operations. Multi-operational companies should have an applicability text for each operation. For example, if an organization operates two plants in New York, it should have two versions of the application texts for each plant, even if the plants are similar).
• The department, government agency, or ministry that issued the compliance obligation (this helps gain a deeper understanding of the compliance obligation)
• The person or group responsible for the last revision (external ISO 14001 auditors want to see the up-to-date register and who made the previous revision so they can follow up with them)
• Assign compliance obligations to specific hazards or assets (e.g., if the organization's operations involve fuel oil or equipment, associate compliance obligations with those hazards and equipment).

4: Track Changes to Existing Laws

The Environmental and Sustainability Manager monitors the passage of new laws, amendments to existing laws, or new government agendas, charters, or policies. They then inform relevant stakeholders of any vital legislation applicable to the organization as quickly as possible. Additionally, the Compliance Obligations Register is reviewed by the manager, specifically for:

• Assess whether new or amended legislation is 'relevant' or 'irrelevant'
• Describe how regulatory requirements apply and what controls are in place to manage the requirements and mitigate any associated environmental impacts.
• Ensure continued compliance with legal requirements , standards, and codes of practice
• Describe how other legal requirements apply to the organization, including those adopted, and what controls are in place to ensure compliance.

Keep Legal Register Up-to-Date Easily with Nimonik

One of the essential ISO 14001 requirements is to maintain a legal register of applicable environmental laws and regulations. However, knowing the laws and regulations that govern your industry can be overwhelming. With Nimonik, a SaaS cloud-based solution, keeping your legal register up-to-date is easy and hassle-free.

Nimonik assures you that your legal register always complies with the latest requirements, irrespective of your industry. Here's how Nimonik can help you stay on top of your environmental compliance obligations:

• Conduct audits using any of the free 2,000 audit checklists available on the platform
• Schedule audits to ensure you're regularly evaluating your organization's compliance status
• Use the integrated corrective action tracking system to monitor, track and report on any deviations from the standard
• Upload your internal documents and extract relevant compliance obligations from them
• Rank risk obligations using a risk matrix and track their implementation
• Create and assign action items and monitor to completion
• Receive timely alerts about changes in legislation, policies, or procedures that might impact your organization
• Generate compliance reports in PDF, Word, or CSV formats to track performance and identify areas for improvement.