Evaluation Of Compliance Of ISO 14001 EMS

The requirement to establish a procedure for periodically evaluating compliance with applicable legal and other requirements falls short of specifically requiring regulatory compliance audits but, in fact, a system of regular regulatory compliance audits may be the most practical means for meeting this requirement of the standard. In the U.S., determination of whether to conduct a compliance audit will be governed in part by the particular jurisdiction’s approach to allowing a legal privilege for the self-assessment audit.

Evaluation vs. Audit – The difference between an evaluation and audit can only be determined by looking outside of ISO 14001. Consulting a dictionary reveals that an evaluation involves a determination of value or worth and that an audit is an examination of accounts done by persons appointed for the purpose. A better definition `is the more specific ISO 19011:2002, Guidelines for Quality and/or Environmental Management Systems Auditing, which defines an audit as a “systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” Many organizations do not have a system for evaluating regulatory compliance other than their own records and the inspections of regulatory officials. This lack of a verification system can be a risky way to operate. Reports of enforcement actions and consent agreements show that many organizations are blindsided by rogue employees who violate rules and falsify documents to cover up environmental misdeeds. Although ISO 14001 does not prescribe a specific approach to evaluation of regulatory compliance, organizations should consider methods for going beyond verification of records by collecting and evaluating physical evidence.

REQUIREMENTS OF ISO 14001

REQUIREMENTS OF ISO 14001
In order to effectively implement and benefit from an ISO 14001 EMS, it is important to
have an understanding of the standard’s requirements. A quick review of the standard
shows that it is structured following the Plan, Do, Check, Improve philosophy of the
Total Quality Management movement, as follows:

PLAN
4.2 Policy
4.3 Planning

DO
4.4 Implementation and Operation

CHECK
4.5 Checking and Corrective Action

IMPROVE
4.6 Management Review

Within these five elements are 17 sub-elements stating the various requirements.

4.2 Policy

4.3 Planning
4.3.1 Environmental Aspects
4.3.2 Legal and Other Requirements
4.3.3 Objectives and Targets
4.4.4 Environmental Management Programs

4.4 Implementation and Operation
4.4.1 Structure and Responsibility
4.4.2 Training Awareness and Competence
4.4.3 Communications
4.4.4 EMS Documentation
4.4.5 Document Control
4.4.6 Operation Control
4.4.7 Emergency Planning and Response

4.5 Checking and Corrective Action
4.5.1 Monitoring and Measurement
4.5.2 Nonconformance, Corrective, and Preventive Action
4.5.3 Records
4.5.4 EMS Audit

4.6 Management Review

Within these 17 sub-elements are all of the requirements, or “shalls”, necessary to
conform to ISO 14001. There is no substitute for reading the standard in terms of
recognizing the requirements. As a matter of fact, no auditor should embark on an audit
without having easily available the criteria to which they are doing the audit. However,
below we briefly summarize the key points of the sub-elements. This summary is not
intended to be a replacement for ISO 14001, and should not be used exclusively as such
during an audit.

Detailed Section by Section Summary

4.2 Policy
ISO 14001 requires that the organization have a policy statement to drive the EMS.
These tend to be short, one page or less documents, and simply affirm the commitments.
There is no expectation that specific details be noted in the policy. For example, the
commitment to pollution prevention can simply be stated saying, “we are committed to
prevention of pollution”. The policy must be clearly endorsed by top management and
be available to the public and employees. Although the availability to the public can be
rather passive; i.e. “is here if they want it”, there is an expectation that the employee
awareness is more proactive. Section 4.2 of ISO 14001 lists the other requirements of the
policy.

4.3.1 Environmental Aspects
This element requires a procedure that not only identifies the aspects and impacts, but
also provides for determination of significance, and keeping the information up to date.
ISO 14001 does not prescribe what aspects should be significant, or even how to
determine significance. However, it is expected the organization will develop a
consistent and verifiable process to do so.

4.3.2 Legal and Other Requirements
This is a requirement for a procedure that explains how the organization obtains
information regarding its legal and other requirements, and makes that information
known to key functions. This is not the assessment or compliance audit requirement, but
rather a more up front determination of requirements.

4.3.3 Objectives and Targets
There is no requirement for a procedure in this element, only that objectives and targets
be documented. It does require that certain items be considered in developing the
objectives, such as legal requirements and prevention of pollution. It is sometimes
easiest to develop a procedure anyway for this element to be able to verify these
considerations were made.

4.3.4 Environmental Management Programs (EMP)
EMPs are the detailed plans and programs explaining how the objectives and targets will
be accomplished. These EMPs usually note responsible personnel, milestones and dates,
and measurements of success. Noting monitoring and measurement parameters directly
in the EMP facilitates conforming to 4.5.1 on Monitoring and Measurement discussed
below.

4.4.1 Structure and Responsibility
ISO 14001 requires that the relevant management and accountability structure be defined
in this element. This usually takes the form of an organizational chart. Also, the
organization must denote the Management Representative who is responsible to oversee
the EMS and report to management on its operation.

4.4.2 Training Awareness and Competence
The key point in this element is that personnel must receive applicable training regarding
the EMS. Specific requirements are itemized in ISO 14001, and include general,
company-wide items such as knowing the policy, to more function-specific training on
aspects and emergency response. An organization usually responds to this element with a
training matrix, cross-referencing to training materials and records.

4.4.3 Communications
Procedures are required for both internal and external communications. Note that ISO
14001 only requires procedures, and allows the organization to decide for itself the
degree of openness and disclosure of information. Whatever the decision in terms of
disclosure, that decision process must be recorded.

4.4.4 EMS Documentation
This requirement is simply that the organization has documented the system in either
electronic or paper form such that it addresses the elements of the standard and provides
direction to related documentation. Not all ISO 14001-required procedures need to be
documented, as long as the system requirements can be verified.

4.4.5 Document Control.
Procedures are required to control documents, such as system procedures and work
instructions, and to ensure that current versions are distributed and obsolete versions are
removed from the system.

4.4.6 Operational Control
This element is the one which connects the EMS with the organization as a whole. Here,
the critical functions related to significant aspects and objectives and targets are identified
and procedures and work instructions created to ensure proper execution of activities.
Requirements for communicating applicable system requirements to contractors are also
addressed.

4.4.7 Emergency Planning and Response
Although typically addressed through conventional emergency response plans, this
element also requires that a process exist for identifying the potential emergencies, in
addition to planning and mitigating them. A linkage to the aspects analysis, where
impacts are assessed, is appropriate. Emergency incidents include those that may not be
regulated, but may still cause significant impact as defined by the organization.

4.5.1 Monitoring and Measurement
Procedures are required describing how the organization will monitor and measure key
parameters of operations. These parameters relate to the significant aspects, objectives
and targets and legal and regulatory compliance. In order to properly manage the system,
measurements must be taken of its performance to provide data for action. Responses to
this element usually cross reference to many other specific procedures and work
instructions describing measurement and equipment calibration. It is in this element that
we find the requirement for what is commonly referred to as a compliance audit.

4.5.2 Nonconformance, Corrective, and Preventive Action
This element requires procedures for acting on Non-conformances identified in the system,
including corrective and preventive action. Non-conformances may be identified through
audits, monitoring and measurement, and communications. The intent is to correct the
system flaws. Typically, Corrective Action Report (CAR) forms are the norm, noting the
nonconformance, the suggested fix, and closure of the action when completed. Note that
this requirement does not imply in any way that the party identifying the nonconformance
must be the one to suggest the fix. Instead, it is expected that the system provide for the
information to be routed to the most appropriate party to address the concern.

4.5.3 Records
Records are expected to exist to serve as verification of the system operating. For
example, records include audit reports and training records. Unlike controlled
documents, records are “once and done” documents, resulting from the execution of some
process or procedure. Procedures in this element are required for the maintenance of
records.

4.5.4 EMS Audits
ISO 14001 requires that the system provide for internal audits. This procedures(s) will
include methodologies, schedules, and processes to conduct the audits. Interestingly, the
EMS audit will in essence, audit the audit process itself!

4.6 Management Review
This element requires that periodically, top management will review the EMS to ensure it
is operating as planned. If not, resources must be provided for corrective action. For
areas where there are no problems, the expectation is that with time, management will
provide for improvement programs. Usually there is no detailed procedure for this
element, although records of agendas, attendance, and agreed upon action items are
maintained as verification.