Clause 4.5.2 within ISO 14001:2004 and OHSAS 18001:2007 is often a weakness within an organisations system and in most cases the process is not fully understood. The European Co-operation for Accreditation produced a guidance document (EA-07/4) on this subject which can be downloaded here (EA-7-04) but some of the detail is shown below.
While certification of an Environmental Management System against the requirements of ISO 14001:2004 or OHSAS 18001:2007 is not a guarantee of legal compliance, (neither is any other means of control, including government or other type of control and/or legal compliance inspections), it is a proven and efficient tool to achieve and maintain such legal compliance.
Accredited ISO 14001:2004 or OHSAS 18001:2007 certification should demonstrate that an independent third-party (Certification Body) has evaluated and confirmed that the organisation has a demonstrably effective EMS or H&S to ensure the fulfilment of its policy commitments including legal compliance.
Certification Body auditors are required to audit conformity of an EMS or H&S to the requirements of ISO 14001:2004 or OHSAS 18001:2007. They are not required to make a direct evaluation of legal compliance since this is the requirement for the organisation nor is the auditor required to conduct a compliance audit, which would be the role of the environmental regulator or an auditor/inspector contracted specifically for this purpose.
It is the organisation’s responsibility, and a function of the EMS or H&S, to ensure that the organisation periodically evaluates compliance with each and every applicable legal requirement & it is aware of its compliance status. An EMS or H&S certified as meeting the requirements of ISO 14001:2004 or OHSAS 18001:2007 is expected to be able to identify the organisation’s compliance status.
The IMS auditor should be able to determine whether the organisation has established the necessary procedures and evaluated their legal compliance in sufficient depth to demonstrate legal compliance.
An IMS Auditor will evaluate the effectiveness of the organisations evaluation through:
- sampling the organisation’s determination of compliance with examples of specific legal compliance
- looking for evidence of compliance such as reviewing the waste transfer documentation
- reviewing the organisations evaluation process to ensure that the process has covered all legal requirements
- verify the capability of the evaluation, this may be through the competencies of the personnel performing the evaluations
The responsibility for legal compliance stays with the organisation, therefore the evaluation process you perform is significant to the effectiveness of your EMS or H&S Systems.
The evaluation process is similar to an internal audit process but the organisation should pay specific attention to the legislative requirements and if they are being effectively met.
As an example; waste transfer notes are currently required to be retained for 2 years for non hazardous waste and 3 years for hazardous, you also need to ensure that the organisation taking the waste is licensed and take the waste to a licensed facility for that type of waste. To evaluate compliance to this an auditor could select a number of waste transfer notes for the different types of waste streams within the organisation, ensure that the records are available, the person taking/collecting the waste has a valid waste carriers license and there is a copy of the waste management license/environmental permit for the disposal site which is valid for the type of waste received. The evaluation notes/evidence should be able to clearly demonstrate that documents and records have been reviewed and are satisfactory for ensuring legal compliance.
There is not necessarily a right or wrong way of evaluating your legal compliance but the auditor should have confidence in the system that you have implemented.