ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e., cause adverse changes to air, water, or land) (b) comply with applicable laws, regulations, and other environmentally oriented requirements, and (c) continually improve in the above. ISO 14000 is similar to ISO 9000 quality management in that both pertain to the process of how a product is produced, rather than to the product itself. ISO 14001:2015 sets out the criteria for an Environmental Management System (EMS). It does not state requirements for environmental performance, but maps out a framework that a company or organization can follow to set up an effective EMS. It can be used by any organization that wants to improve resource efficiency, reduce waste, and drive down costs. Using ISO 14001:2015 can provide assurance to company management and employees as well as external stakeholders that environmental impact is being measured and improved. ISO 14001 can also be integrated with other management functions and assists companies in meeting their environmental and economic goals. ISO 14001 is voluntary, with its main aim to assist companies in continually improving their environmental performance, while complying with any applicable legislation. Organizations are responsible for setting their own targets and performance measures, with the standard serving to assist them in meeting objectives and goals and in the subsequent monitoring and measurement of these. The standard can be applied to a variety of levels in the business, from organizational level, right down to the product and service level. Rather than focusing on exact measures and goals of environmental performance, the standard highlights what an organization needs to do to meet these goals. ISO 14001 is known as a generic management system standard, meaning that it is relevant to any organization seeking to improve and manage resources more effectively. This includes:
- single-site to large multi-national companies
- high-risk companies to low-risk service organizations
- manufacturing, process, and the service industries, including local governments
- all industry sectors including public and private sectors
- original equipment manufacturers and their suppliers.
Plan Do Check Act Methodology of EMS
Plan–establish objectives and processes required
Prior to implementing ISO 14001, an initial review or gap analysis of the organization’s processes and products is recommended, to assist in identifying all elements of the current operation and, if possible, future operations, that may interact with the environment, termed “environmental aspects” . Environmental aspects can include both direct, such as those used during manufacturing, and indirect, such as raw materials. This review assists the organization in establishing their environmental objectives, goals, and targets, which should ideally be measurable; helps with the development of control and management procedures and processes; and serves to highlight any relevant legal requirements, which can then be built into the policy .
Do–implement the processes
During this stage, the organization identifies the resources required and works out those members of the organization responsible for the EMS’ implementation and control . This includes establishing procedures and processes, although only one documented procedure is specified related to operational control. Other procedures are required to foster better management control over elements such as documentation control, emergency preparedness and response, and the education of employees, to ensure that they can competently implement the necessary processes and record results . Communication and participation across all levels of the organization, especially top management, is a vital part of the implementation phase, with the effectiveness of the EMS being dependent on active involvement from all employees.
Check–measure and monitor the processes and report results
During the ‘check’ stage, performance is monitored and periodically measured to ensure that the organization’s environmental targets and objectives are being met. In addition, internal audits are conducted at planned intervals to ascertain whether the EMS meets the user’s expectations and whether the processes and procedures are being adequately maintained and monitored.
Act–take action to improve the performance of EMS based on results
After the checking stage, a management review is conducted to ensure that the objectives of the EMS are being met, the extent to which they are being met and that communications are being appropriately managed; and to evaluate changing circumstances, such as legal requirements, in order to make recommendations for further improvement of the system. These recommendations are incorporated through continual improvement: plans are renewed or new plans are made, and the EMS moves forward.
PDCA cycles at strategic and operational levels
Continual Improvement Process
The core requirement of a continual improvement process (CIP) is different from the one known from quality management systems. CIP in ISO 14001 has three dimensions:
- Expansion: More and more business areas get covered by the implemented EMS.
- Enrichment: More and more activities, products, processes, emissions, resources, etc. get managed by the implemented EMS.
- Upgrading: An improvement of the structural and organizational framework of the EMS, as well as an accumulation of know-how in dealing with business-environmental issues.
Overall, the CIP concept expects the organization to gradually move away from merely operational environmental measures towards a strategic approach on how to deal with environmental challenges.
Concepts of environmental control:
We all have an impact on the environment by the mere act of living from day-to-day. An EMS, in its simplest form, asks us to control our activities so that any environmental impacts are minimized. However unstructured approach may lead us to improve in the wrong direction or, indeed, may leave us without any clear direction at all. It is tempting to control and minimize those impacts we feel we can tackle easily. Our attitude towards environmental issues is influenced by a topical environmental event, and therefore, we can be influenced to act without thoroughly understanding some of the more complex issues. We may focus on, and minimize, environmental impacts which are trivial in nature compared with other impacts which are far more significant and require more considered thought processes. Unless a structured approach is taken the organization may focus on what it believes to be its environmental impacts, a belief based upon ‘gut feel’ and ease of implementation. In reality, this does not address real issues but promotes a ‘green’ feel-good factor or perceived enhancement of image – both internal and external to the organization – which is not justified. For example, a company engaged in the extraction of raw materials by mining may have an environmental objective to save energy. By implementing a ‘save energy by switching off lights’ campaign in its site offices it may feel it has achieved ‘green’ status and may proudly boast of such an environment-friendly approach. There will be some energy saved by administration personnel switching off lights and heating when they are not being used for long periods. However, such savings in energy are trivial compared to the massive impact that the mining industry has on the environment: the visible impact of the site and surrounding land, the associated increased noise levels from the operation of such a site, the high use of energy both in extraction technology and transport activities, the use of chemicals in the purification process and of course, the use of non-renewable resources (the raw material that is being mined). Unless the mining company considers the relative scale and significance of environmental impacts, then by claiming to be ‘green’ it has really missed the whole point of environmental control and impact minimization.An organization must move away from this ‘gut feel’ approach to a structured system that demands as a minimum from the organization, an understanding of the concepts behind and strong linkages between:
- Identifying all environmental aspects of the organization’s activities.
- Using a logical, objective (rather than subjective) methodology to rank such aspects into order of significant impact upon the environment.
- Focusing the management system to seek to improve upon and minimize such significant environmental impacts.
Benefits of ISO 14001
ISO 14001 was developed primarily to assist companies with a framework for better management control that can result in reducing their environmental impacts. In addition to improvements in performance, organizations can reap a number of economic benefits including higher conformance with legislative and regulatory requirements by adopting the ISO standard. By minimizing the risk of regulatory and environmental liability fines and improving an organization’s efficiency, benefits can include a reduction in waste, consumption of resources, and operating costs. Secondly, as an internationally recognized standard, businesses operating in multiple locations across the globe can leverage their conformance to ISO 14001, eliminating the need for multiple registrations or certifications. Thirdly, there has been a push in the last decade by consumers for companies to adopt better internal controls, making the incorporation of ISO 14001 a smart approach for the long-term viability of businesses. This can provide them with a competitive advantage against companies that do not adopt the standard ). This in turn can have a positive impact on a company’s asset value. It can lead to improved public perceptions of the business, placing them in a better position to operate in the international marketplace. The use of ISO 14001 can demonstrate an innovative and forward-thinking approach to customers and prospective employees. It can increase a business’s access to new customers and business partners. In some markets, it can potentially reduce public liability insurance costs. It can serve to reduce trade barriers between registered businesses. There is growing interest in including certification to ISO 14001 in tenders for public-private partnerships for infrastructure renewal.
ISO 14001 can be used in whole or in part to help an organization (for-profit or not-for-profit) better manage its relationship with the environment. If all the elements of ISO 14001 are incorporated into the management process, the organization may opt to prove that it has achieved full alignment or conformity with the international standard, ISO 14001, by using one of four recognized options. These are:
- make a self-determination and self-declaration, or
- seek confirmation of its conformance by parties having an interest in the organization, such as customers, or
- seek confirmation of its self-declaration by a party external to the organization, or
- seek certification/registration of its EMS by an external organization.
ISO does not control conformity assessment; its mandate is to develop and maintain standards. ISO has a neutral policy on conformity assessment. One option is not better than the next. Each option serves different market needs. The adopting organization decides which option is best for them, in conjunction with their market needs.
Option 1 is sometimes incorrectly referred to as “self-certify” or “self-certification”. This is not an acceptable reference under ISO terms and definitions, for it can lead to confusion in the market. The user is responsible for making their own determination. Option 2 is often referred to as a customer or 2nd-party audit, which is an acceptable market term. Option 3 is an independent third-party process by an organization that is based on engagement activity and delivered by specially trained practitioners. The fourth option, certification, is another independent third-party process, which has been widely implemented by all types of organizations. Certification is also known in some countries as registration. Service providers of certification or registration are accredited by national accreditation services such as NABCB in INDIA or UKAS in the UK.
Structure of ISO 14001:2015
ISO 14001 was revised in 2015 to bring it up to date with the needs of modern businesses and the latest environmental thinking. It’s based on Annex SL, the new high-level structure (HLS) which is a common framework for all ISO management systems. This helps keep consistency, align different management system standards, offer matching sub-clauses against the top-level structure and apply common language across all standards. It makes it easier for organizations to incorporate their environmental management system, into core business processes, make efficiencies, and get more involvement from senior management. Perhaps the biggest difference between the old and the new standard is the structure. This is because the new edition uses the new Annex SL template. According to ISO, all future management system standards (MSSs) will use this new layout and share the same basic requirements. As a result, all new MSSs will have the same look and feel.A common structure is possible because basic concepts such as management, requirements, policy, planning, performance, objective, process, control, monitoring, measurement, auditing, decision making, corrective action, and nonconformity are common to all management system standards. A common structure should make it easier for organizations to implement multiple standards because they will all share the same basic language and the same basic requirements.
There have been changes in clause structure and some of the terminology in the new ISO 14001:2015 standard to be in align with other standards such as ISO 9001:2015 and ISO 27001:2013. This, however, does not mean that the organization has to change its organization’s environmental management system documentation. There is no requirement to replace the terms used by an organization with the terms used in the new international Standard. Organizations can choose to use terms that suit their business, e.g. “records”, “documentation”, or “protocols”, rather than “documented information”.
The layout of ISO 14001:2015
2 Normative References
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the Environmental management system
4.4 Environmental management system
5.1 Leadership and commitment
5.2 Environmental policy
5.3 Organizational roles, responsibilities and authorities
6.1 Actions to address risks and opportunities
6.2 Environmental objectives and planning to achieve them
7.5 Documented information
8.1 Operational planning and control
8.2 Emergency preparedness and response
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10.2 Nonconformity and corrective action
10.3 Continual improvement
This section explains the scope of the standard – i.e. what it is for and what it encompasses. It introduces the requirements of an environmental management system which supports the fundamental ‘environmental pillar’ of sustainability, together with the key intended outcomes of a management system including:
- enhancement of performance;
- conforming to compliance obligations;
- fulfilment of objectives
This section also makes clear that any organization claiming compliance with the revised standard should have incorporated all requirements of the standard within their environmental management system.
2. Normative references
There are no normative references associated with ISO 14001:2015. The clause is included simply in order to maintain consistent alignment with the ISO High-Level Structure (HLS).
3. Terms and definitions
This clause lists the terms and definitions that apply to the standard – these are referenced, where necessary back to other ISO 14001 standards (e.g. ISO 14031:2013). The ISO 14001:2015 standard extends the list of terms and definitions from the ISO 14001:2004 standard, combining the mandated HLS terms and definitions together with the more specific terms and definitions associated with environmental management systems.
Some of the core concepts of ISO 14001:2015 are:
|Context of the organization||The range of issues that can affect, positively or negatively, the way an organization manages its environmental responsibilities.|
|Issues||Issues can be internal or external, positive or negative and include environmental conditions that either effect or are affected by the organization.|
|Interested parties||Much more detail about considering their needs and expectations, then deciding whether to adopt any of them as compliance obligations.|
|Leadership||Requirements are specific to top management who is defined as a person or group of people who directs and controls an organization at the highest level.|
|Risk and opportunities||Refined planning process replaces preventive action. Aspects and impacts now part of risk model|
|Communication||There are explicit and more detailed requirements for both internal and external communications.|
|Documented Information||Replaces documents and records|
|Operational planning and control||Generally more detailed requirements, including consideration of procurement, design and the communication of environmental requirements ‘consistent with a life cycle perspective’|
|Performance evaluation||Covers the measurement of EMS, operations that can have a significant environmental impact, operational controls, compliance obligations and progress towards objectives.|
|Nonconformity and corrective action||The more detailed evaluation of both the nonconformities themselves and corrective actions required.|
Clarification of concepts
The use of the word “any” implies selection or choice. We cannot interchange the words “appropriate” and “applicable”. are not interchangeable. “Appropriate” means suitable (for. to] and implies some degree of freedom, while “applicable” means relevant or possible to apply and implies that if it can be done, it needs to be done. The word “consider” means it is necessary to think about the topic but it can be excluded; whereas “take into account” means it is necessary to think about the topic but it cannot be excluded. “Continual” indicates duration that occurs over a period of time, but with intervals of interruption (unlike “continuous” which indicates duration without interruption). “Continual” is therefore the appropriate word to use when referring to improvement. The word “affect” is used to describe the result of a change to the organization. The phrase “environmental impact” refers specifically to the result of a change to the environment. The word “ensure” means the responsibility can be delegated, but not accountability. The term “interested party”; the term “stakeholder” is a synonym as it represents the same concept.
Some new terminology used in ISO 14001:2015 and not available in ISO 14001:2004 are
- The phrase “compliance obligations” replaces the phrase “Legal requirements and other requirements at to which the organization subscribes” used in ISO 14001:2004. The intent of this new phrase does not differ from that of the previous edition.
- “Documented information” replaces the nouns “documentation”, “documents” and “records” used in ISO 14001:2004 . To distinguish the intent of the generic term “documented information”, ISO 14001:2015 now uses the phrase “retain documented information as evidence of….” to mean records, and “maintain documented information” to mean documentation other than records. The phrase “as evidence of….’’ is not a requirement to meet legal evidentiary requirements; its intent is only to indicate objective evidence needs to be retained.
- The phrase “external provider” means an external supplier organization (including a contractor) that provides a product or a service.
- The change from “identify” to “determine” is done to harmonize with the standardized management system terminology. The word “determine” implies a discovery process that results in knowledge. The intent does not differ from that of previous editions.
- The phrase ‘intended outcome” is what the organization intends to achieve by implementing its environmental management system. This includes enhancement of environmental performance, the fulfilment of compliance obligations and achievement of environmental objectives. Organizations can set additional intended outcomes for their environmental management system. For example, consistent with its commitment to the protection of the environment, an organization may establish an intended outcome to work towards sustainable development.
- The phrase “person doing work under its control” includes persons working for the organization and those working on its behalf for which the organization has responsibility (e.g. contractors). It replaces the phrase “persons working for it or on its behalf” and “persons working for or on behalf of the organization” used in ISO 14001:2004. The intent of this new phrase does not differ from that of the previous edition.
- The concept of “Target” used in ISO 14001:2004 is now termed “environment objective”
4. Context of the organization
This is a new clause that establishes the context of the EMS and how the business strategy supports this. ‘Context of the organization’ is the clause that underpins the rest of the standard. It gives an organization the opportunity to identify and understand the factors and parties that can affect, either positively or negatively, the EMS. Unlike the old standard, the new one expects you to understand your organization’s external context and its internal context before you establish its environmental management system (EMS). This means that you need to identify and understand the external issues and the external environmental conditions that could influence your organization’s EMS and the results that it intends to achieve. It also means that you need to identify and understand the internal issues and internal environmental conditions that could influence your EMS and the results in intends to achieve. The new ISO 14001: 2015 standard also expects you to identify the interested parties that are relevant to your EMS and to identify their needs and expectations. Once you’ve done this, it expects you to study these needs and expectations and to figure out which ones have become compliance obligations. But why is all this necessary? It’s necessary because your EMS will need to be able to manage all of these influences. Once you understand your context, you’re expected to use this knowledge to help you define your EMS and the challenges it must deal with.
4.1 Understanding the organization and its context
This clause requires the organization to consider a wide range of potential factors which can impact on the management system, in terms of its structure, scope, implementation and operation. The areas for consideration including;
- environmental conditions related to climate, air quality, water quality, land use, existing contamination, natural resource availability and biodiversity, that can either affect the organization’s purpose or be affected by its environmental aspects;
- the external cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive circumstances, whether international, national, regional or local;
- the internal characteristics or conditions of the organization, such as its activities, products and services, strategic direction, culture and capabilities (i.e. people, knowledge, processes, systems).
4.2 Understanding the needs and expectations of interested parties
Clause 4.2 requires the organization to determine the need and expectations of “interested parties”, both internal and external. Interested parties could include;
- Non-Governmental Organizations (NGOs)
- Parent organizations
What is clear is that whilst the consideration of context and interested parties need to be relevant to the scope and the standard, the assessment needs to be appropriate and proportionate. What is also clear is that the output from clauses 4.1 and 4.2 is a key input to the assessment and determination of risks and opportunities required in clause 6. There are various methods and approaches which can be used to capture these inputs. As with any significant revision to standards, hopefully, there will be the development of a range of methods and examples for this. Some current examples include;
Internal and External Issues
- Key economic and market development can impact an organization. Your organization is probably acutely aware of what is happening in its markets but this may be undertaken in a very ad-hoc way,
- Technological innovations and developments is also an area critical to your business success and is also probably being monitored and discussed at numerous levels,
- Regulatory developments – there is a whole range of external regulations being monitored by your organization; if you miss them then it could seriously damage your business, or if you capture early intelligence on them you can more effectively manage any risks,
- Political and other instabilities – if for example, you rely on raw materials from one particular country which experiences major instability, your whole business could be jeopardized; or if there are major environmental concerns regarding a source of materials or goods this could have significant reputational consequences,
- Organizational culture and attitudes – an effective and motivated workforce will give you positive impacts, and many organizations canvas feedback from employees.
Internal and External Parties
- Stakeholder engagement exercises are already widely used to consult with interested parties and map out concerns and issues. More often used by larger organizations engaging with corporate social responsibility initiatives,
- Consultation meetings with neighbourhoods and NGOs on environment, planning and development issues are often used by major industrial plants with significant HSE risks,
- Meetings and other interactions with regulators can encompass, for example, critical issues on product specifications and conformity from an environmental perspective, as well as issues with regulators on compliance and developing compliance against emerging requirements and standards,
- Employee meetings, consultations and feedback activities – this should be happening already, but maybe this will prompt more efforts to improve an area which has been at risk of “lip service” to ISO 14001:2004,
- Supplier reviews and relationship management- many organizations are trying to get much more mutual benefit from the supplier-client relationships which are critical to mutual success.
- Client/customer reviews and relationship management – of course, this is a fundamental pillar of all standards and a key to success.
It may be that when you reflect on how you capture key issues, and how many interested parties you engage with already, you may be pleasantly surprised. It may be that you only engage with a limited number of internal and external parties, but now is the time to start thinking about whether that is enough, and whether you are missing some good opportunities. There will be many ways in which to capture this – and hopefully some improved and new approaches might emerge as this part of the standard is considered. Approaches could include;
- Summary information from the range of existing approaches used as listed above (e.g. a brief report),
- The information summarised as part of inputs to risk and opportunity registers (e.g. for ISO 14001 this could be an additional process in the identification of environmental aspects and impacts),
- Recorded in a simple spreadsheet,
- Logged and maintained in a database,
- Captured and recorded through key meetings.
These clauses are asking organizations to think clearly and logically about what can internally and externally affect their management systems, and to be in a position to show that this information is being monitored and reviewed. It also requires organizations to elevate the discussions to the highest levels, since capturing the above range of information is hard to achieve without a high-level approach.
4.3 Determining the scope of the environmental management system
This clause should be familiar to most organizations since ISO 14001:2004 clause 4.1 clearly requires the definition of the scope of the management system. For ISO 14001:2015 the scoping requirements have become clearer, stronger and require the organization to consider the inputs from 4.1 and 4.2, along with the products and services being delivered. This should encourage a clearer and more logical approach to scope, driven by external and internal requirements – it should not be used to exclude activities, processes or locations which have significant environmental aspects and impacts and should not be used to avoid areas with clear compliance obligations. The scope should be clearly documented and made publicly available. These clearer requirements on scoping will drive clarity in the thinking of organizations in scoping the management system. Certification bodies will, as before, look at how an organization has defined its scope, ensuring that this is both appropriate and is reflected accurately by the management system and also in the scope of any certificate issued.
4.4 Environmental management system
This clause basically states that the organization needs to establish, implement, maintain and continually improve a management system in order to achieve its intended outcomes, including enhancement of environmental performance. This should also be familiar to organizations which implement management systems in order to deliver compliance and improvement. This clause is also more focused in requiring organizations to understand more about the range of processes relevant to the scope of the management system. The term process is defined as; “a set of interrelated or interacting activities which transforms inputs into outputs”.
For those who are committed to a management system which is at the core of your business then this will probably be an integral part of your management system. You may however need to review how effectively you connect those processes and understand the influence and impact of those processes on each other and on the business. This should also elevate the system in terms of its importance and value to the business because it should drive more meaningful analysis of the key business processes and critical aspects of those processes. In practical terms, it will require an organization to more fully analyse its processes and ensure that there is a good understanding of how they interact with each other – and not operate as isolated procedures without overlap.
Clause 4 introduces some significant innovations to the management system world and could represent a challenge to some organizations who have not viewed the management system as essential to the business, focused as it is on raising management systems to a higher level and to be more central to the way an organization works – an approach which is entirely correct and logical.
This clause is all about the role of “top management” which is the person or group of people who directs and controls the organization at the highest level. The purpose is to demonstrate leadership and commitment by integrating environmental management into business processes. Top management must demonstrate a greater involvement in the management system and need to establish the environmental policy, which can include commitments specific to an organization’s context beyond those directly required, such as the ‘protection of the environment’. There is a greater focus on top management to commit to continual improvement of the EMS. Communication is key and top management have a responsibility to ensure the EMS is made available, communicated, maintained and understood by all parties. Finally, top management needs to assign relevant responsibilities and authorities, highlighting two particular roles concerning EMS conformance to ISO 14001 and reporting on EMS performance.
5.1 Leadership and commitment
This clause encompasses a range of key activities which top management need in order to “demonstrate leadership and commitment with respect to the management system”. Therein lies one of the innovations delivered by the common HLS – top management must show leadership of the management system rather than just demonstrate the commitment to it. The standard is driving the oversight of the management system to the highest level of management and making it a key component of the organization and its core business processes and activities. It doesn’t mean that the leadership has to be able to regurgitate the policy or recite the objectives and targets – what it means is that an internal or external interested party should feel entitled to have a discussion with leadership about core and critical aspects of the business because these are at the heart of the management system. This sub-clause is a significant innovation to the structure of management systems but should be viewed as a ‘positive challenge’ to organizations and an opportunity to enhance the role of the environmental management system and place it at the centre of the business.
5.2 Environmental policy
The Environmental Policy is an important document because it acts as the driver for the organization. It provides the direction and formally establishes goals and commitment. Top management should ensure that the policy is appropriate, compatible with the strategic direction and not a bland statement that could apply to any business. It should provide clear direction to allow meaningful objectives to be set that align with it. The new standard focuses on the commitment to ”protection of the environment” rather than solely addressing “prevention of pollution” in the 2004-edition. This indicates a broader environmental view and more in line with current and future environmental challenges. Commitments to protect the environment can, in addition to prevention of pollution, also include climate change mitigation and adaptation, sustainable resource use and protection of biodiversity and ecosystems. The policy needs to be communicated to all employees and they need to understand the part they have in its deployment. The policy must be documented and available externally.
5.3 Organizational roles, responsibilities and authorities
For a system to function effectively, those involved need to be fully aware of what their role is. Top management must ensure that key responsibilities and authorities are clearly defined and that everybody involved understands their roles. Defining roles is a function of planning, ensuring awareness can then be achieved through communication and training. It is common for organizations to use job descriptions or procedures to define responsibilities and authorities. In ISO 14001:2015 top management are more directly identified as being responsible for ensuring that these aspects of the system are properly assigned, communicated and understood. The specific role of a Management Representative has been removed – the standard still contains all of the key activities and responsibilities of that previously identified role, but these now lie more directly within the core structure of the organization – including top management. This has a positive implication for the environmental management system- there is a clear expectation for consistent and appropriate ownership from top-to-bottom within an organization.
Clause 5 contains much familiar content, but with greater emphasis on leadership and commitment, and the expectation that top management will be more actively engaged with the management system.
Unlike the old standard, the new ISO 14001 standard expects you to determine risks and opportunities. So what does this mean and what does the new standard expect you to do? It expects you to start by establishing a risk planning process. It then expects you to use this process to identify risks and opportunities related to your organization’s unique context, its interested parties, its compliance obligations, and its environmental aspects. It then expects you to define actions to address all of these risks and opportunities. And to make sure that these actions will actually be carried out, it asks you to make these actions an integral part of your EMS, and then to implement, control, evaluate, and review the effectiveness of these actions and these processes. While risk planning is now an integral part of the new ISO 14001 standard, it does not actually expect you to implement a formal risk management process.
6.1 Actions to address risks and opportunities
In basic terms, this clause requires the organization to;
- Consider in planning the EMS the context of the organization and the scope of the system 6.1.1;
- Determine risk and opportunities relating to environmental aspects 6.1.2, compliance obligations 6.1.3 and other issues and requirements identified in 4.1 and 4.2. (6.1.1);
- Also consider potential emergency situations which could arise and constitute risk (6.1.1)
- In addition, and as required already by ISO 14001:2004, determine the range of environmental aspects and
impacts and determine those impacts which are of significance to the organization within the defined scope (6.1.2);
- Consider all compliance obligations applicable to the organization and how these may present threats or opportunities (6.1.3);
- The organization then needs to consider appropriate actions to address the significant aspects/impacts (6.1.2), compliance obligations (6.1.3) and risks and opportunities identified (6.1.1).
Risks and Opportunities
The ISO 14001 standard also introduces the concept of “considering a life cycle perspective” for its products, services and activities. This makes the previous concepts of the upstream and downstream aspects clearer, and also introduces language now in common use across other standards as well as Corporate Social Responsibility (CSR) and product assessment standards. The overall strength of this clause lies in both introducing the principles of risk and opportunity to management systems standards via the HLS, and by connecting it very clearly to the processes defined under Clause 4. A well-established approach to managing this range of inputs, risk analysis and prioritisation already implemented by many organizations is the use of risk registers, which if properly managed and implemented can effectively identify and assess risks and opportunities across a wide range of areas and issues. There will also be other approaches which result from the various relevant clauses
of 14001 (e.g. the results from clause 4.1 and 4.2 and the requirements of 6.1.1, 6.1.2, 6.1.3 and 6.1.4) along with management of change, with an overall analysis and review resulting in objectives, targets and plans. The depth and complexity of approach will depend significantly on the size and complexity of the organization, as well as other factors which could include level of external regulation, existing requirements for public reporting, shareholder interests, public profile, numbers and types of customers, range and types of suppliers. Hence there will be a range of approaches that will be appropriate for the wide spectrum of organizations.
6.2 Environmental objectives and planning to achieve them
This clause requires the organization to establish environmental objectives and plans, ensuring that these are clear, measurable, monitored, communicated, updated and resourced. As part of the planning process, top management needs to set environmental objectives driven by the outputs from the analysis of risks arising from threats and opportunities (i.e. the range of activities undertaken in 6.1), with the aim of delivering compliance, performance improvement and effective risk management. Objectives should be consistent with the Environmental Policy and be capable of being measured. Documented information needs to keep in relation to objectives and there will need to be evidence regarding monitoring of achievement.
The new ISO 14001 standard no longer uses the term preventive action. We’re now expected to use risk planning concepts and to think of the entire EMS as a system of preventive action. ISO 14001 2015 section A.10.1 says there is no longer a single clause on preventive action because “One of the key purposes of an environmental management system is to act as a preventive tool. This concept of preventive action is now captured in 4.1 (i.e., understanding the organization and its context) and 6.1 (i.e., actions to address risks and opportunities).” So, according to the new standard, these two sets of requirements cover the old concept of preventive action. Evidently, once we realize that the entire EMS can be used to manage risks and opportunities, we no longer need a separate clause on preventive action. It’s redundant.
This clause is all about the execution of the plans and processes that enable an organization to meet its EMS. Simply expressed, this is a very powerful requirement covering all EMS resource needs. Organizations will need to determine the necessary competence of people doing work that, under its control, affects its environmental performance, its ability to fulfil its compliance obligations and ensure they receive the appropriate training. In addition, organizations need to ensure that all people doing work under the organization’s control are aware of the environmental policy, how their work may impact this and implications of not conforming with the EMS. Finally, there are the requirements for ‘documented information’ which relate to the creation, updating and control of specific data.
The main intention behind this general requirement is that the organization must determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the environmental management- covering all aspects of people and infrastructure. Whilst not contained in the ISO 14001 standard, the ISO 9001 standards contains a very interesting additional requirement termed “organizational knowledge”, which relates to ensuring that the organization understands internal and external knowledge needs and can demonstrate how this is managed. This could also include knowledge management of resources, and ensuring that there is effective succession planning for personnel, and processes for capturing individual and group knowledge. It isn’t a documented requirement of ISO 14001 but it is relevant and useful as a general principle.
In order to determine competence, competence criteria need to be established for each function and role relevant to the environmental management system. This can then be used to assess existing competence and determine future needs. Where criteria are not met, some action is required to fill the gap. Training or reassignment may even be necessary. Retained documented information is required to be able to demonstrate competence. Recruitment and induction programmes, training plans, skills tests and staff appraisals often provide evidence of competence and their assessment. Competency requirements are often included in recruitment notices and job descriptions. The standard is clear that documented information is required as evidence of competence.
Personnel need to be made aware of the environmental policy, significant aspects and impacts of relevance to their activities, how they contribute to the environmental objectives, environmental performance and compliance obligations, and the implications of failures in compliance.
Effective communication is essential for a management system. Top management needs to ensure that mechanisms are in place to facilitate this. It should be recognised that communication is two-way and will not only need to cover what is required but also what was achieved. With ISO 14001:2015 the importance of internal communications and external communications are emphasized. This is a natural legacy of the existing ISO 14001:2004 and the importance of interested parties in environmental issues. This sub-clause also makes very clear the importance of ensuring in relation to environmental reporting and associated communications that the organization shall “ensure that environmental information communicated is consistent with information generated within the environmental management system, and is reliable”. This is an excellent addition and consistent with other corporate reporting standards. It also emphasizes the need to plan and implement a process for communications along with the familiar ‘who, what, when how’ principles.
7.5 Documented information
The new ISO 14001 2015 standard has also eliminated the long-standing distinction between documents and records. Now they’re both referred to as “documented information”. Why ISO chose to abandon two common-sense concepts and replace them with one that is needlessly awkward and esoteric is not entirely clear. According to ISO’s definition, the term documented information refers to information that must be controlled and maintained. So, whenever ISO 14001 2015 uses the term documented information it implicitly expects you to control and maintain that information and its supporting medium. However, this isn’t the whole story. An annexe to the new ISO 14001 2015 standard (A.3) further says that “this international standard now uses the phrase ‘retain documented information as evidence of’ to mean records, and ‘maintain documented information’ to mean documentation other than records.” So, whenever the new ISO 14001 standard refers to documented information and it asks you to maintain this information, it is talking about what used to be referred to as documents, and whenever it asks you to retain this information, it is talking about what used to be called records. So sometimes documented information must be maintained and sometimes it must be retained (contrary to what ISO’s official definition says). So, while the official definition of the term documented information abandons the distinction between documents and records, through the use of the words “maintain” and “retain” and because of what this means (according to Annex A), the main body of the standard actually restores this distinction. In other words, while documents and records were officially kicked out the front door, they were actually allowed back in through the back door.
The old ISO 14001 standard asked organizations to establish a wide range of procedures. These included an environmental aspects procedure, a legal requirements management procedure, an awareness procedure, a communications procedure, a documents procedure, an operational procedure, emergency preparedness and response procedure, a monitoring and measurement procedure, a compliance evaluation procedure, a nonconformity management procedure, a record-keeping procedure, and an audit procedure. Now, only one procedure is left. The new ISO 14001 2015 standard asks you to establish an emergency preparedness and response procedure in section 8.2, and that’s the only one. Instead of asking you to write procedures, the new standard expects you to maintain and control a wide range of documents (i.e., documented information). Since the new standard doesn’t tell you what to call these documents, you can call them procedures if you like. And, of course, you still need to have documents except that now they’re called “documented information”. So, while on the surface this looks like a radical change, it probably isn’t.
Mandatory documents and records required by ISO 14001:2015
Here are the documents you need to produce if you want to be compliant with ISO 14001:
- Scope of the EMS (clause 4.3)
- Environmental policy (clause 5.2)
- Risk and opportunities to be addressed and processes needed (clause 6.1.1)
- Criteria for the evaluation of significant environmental aspects (clause 6.1.2)
- Environmental aspects with associated environmental impacts (clause 6.1.2)
- Significant environmental aspects (clause 6.1.2)
- Environmental objectives and plans for achieving them (clause 6.2) Operational control (clause 8.1)
- Emergency preparedness and response (clause 8.2)
And, here are the mandatory records:
- Compliance obligations record (clause 6.1.3)
- Records of training, skills, experience and qualifications (clause 7.2)
- Evidence of communication (clause 7.4)
- Monitoring and measurement results (clause 9.1.1)
- Internal audit program (clause 9.2)
- Results of internal audits (clause 9.2)
- Results of the management review (clause 9.3)
- Results of corrective actions (clause 10.1)
There are numerous non-mandatory documents that can be used for ISO 14001 implementation. However, I find these non-mandatory documents to be most commonly used:
- Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
- Procedure for identification and evaluation of environmental aspects and risks (clauses 6.1.1 and 6.1.2)
- Competence, training and awareness procedure (clauses 7.2 and 7.3)
- Procedure for communication (clause 7.4)
- Procedure for document and record control (clause 7.5)
- Procedure for internal audit (clause 9.2)
- Procedure for management review (clause 9.3)
- Procedure for management of nonconformities and corrective actions (clause 10.2)
This clause deals with the execution of the plans and processes that enable the organization to meet its environmental objectives. There are specific requirements that relate to the control or influence exercised over outsourced processes and the requirement to consider certain operational aspects ‘consistent with a life cycle perspective’. This means giving serious consideration to how actual or potential environmental impacts happening upstream and downstream of an organization’s site-based operations are influenced or (where possible) controlled. Finally, the clause also covers the procurement of products and services, as well as controls to ensure that environmental requirements relating to design, delivery, use and end-of-life treatment of an organization’s products and services are considered at an appropriate stage.
8.1 Operational planning and control
The overall purpose of operational planning and control is to ensure that processes are in place to meet the environmental management system requirements and to implement actions identified in 6.1 and 6.2. There are some clearer and stronger requirements relating to outsourced processes and control of changes. In addition, requirements around the life cycle perspective approach are defined in more detail, covering the key elements of:
- Environmental requirements for procurement of products and services
- Establishing controls to ensure environmental requirements are addressed in the design and development phase
- Communicating environmental requirements to providers (including suppliers, contractors and others)
- Providing key environmental information on products and services in the context of the life cycle (e.g. end-of-life information).
The organization needs to determine and evaluate the level of control and influence over the different life cycle elements, based on the context of the organization and the consideration of significant environmental aspects, compliance obligations and risks associated with threats and opportunities. Overall ISO 14001:2015 requires a structured approach to all aspects of the products and services with a strong reference point to life cycle perspective. As discussed under Clause 7.5, there is no specific requirement for documented procedures in ISO 14001:2015, but there is a clear requirement for ensuring that there is documented information to provide assurance that the processes are in place and implemented effectively. That requirement could cover process maps, procedures, specifications, forms, records, data and other information across any media.
8.2 Emergency Preparedness and Response
This clause is clear in requiring the organisation to establish, implement and maintain processes needed to handle potential emergency situations identified in 6.1.1. The more detailed requirements cover the need to ensure:
- That the organization plans actions to mitigate or prevent environmental consequences;
- The organization responds to actual emergency situations;
- Takes action to prevent or mitigate the consequences of emergency situation;
- Periodic testing of any procedures, plans and response mechanisms;
- Periodic reviews and updates of procedures and plans based on experience;
- Provision of relevant information and training to relevant interested parties.
9 Performance Evaluation
This is all about measuring and evaluating your EMS to ensure that it is effective and it helps you to continually improve. You will need to consider what should be measured, the methods employed and when data should be analysed and reported on. As a general recommendation, organizations should determine what information they need to evaluate environmental performance and effectiveness. Internal audits will need to be carried out, and there are certain “audit criteria” that are defined to ensure that the results of these audits are reported to relevant management. Finally, management reviews will need to be carried out and “documented information” must be kept as evidence.
9.1 Monitoring, measurement, analysis and evaluation
This sub-clause encompasses two key areas:
- Monitoring, measurement, analysis and evaluation of environmental performance and the effectiveness of the system;
- Evaluation of compliance with all legal and other obligations.
The range of monitoring and measurement required needs to be determined for those processes and activities which relate to significant environmental aspects/impacts, environmental objectives, key areas of operational control and processes, and also for evaluating the meeting of compliance obligations. For the monitoring and measurement determined as required, the organization also needs to determine key criteria and requirements, including:
- Methods for monitoring, measurement, analysis and evaluation;
- Key performance indicators and performance evaluation metrics;
- When, where, how and by whom the monitoring, measurement, evaluation and analysis is carried out;
- Specification, management and maintenance of key monitoring equipment and data handling processes.
The output from these activities provides key inputs for a range of other elements of the environmental management system, including management review, and in determining the internal and external communications required on the environmental management system and its performance.
The other key aspect of this sub-clause is the organization will need to demonstrate how it evaluates compliance with other requirements. Most organizations fulfil this clause via their internal audit processes, but other compliance audits, checks and reviews can be used. The organization should define its processes for evaluating compliance with legal and other requirements and must maintain documented information relating to these activities. The process must cover:
- Frequency of evaluation
- Evaluation approach
- Maintain knowledge on compliance status
This area is similar to the requirements under ISO 14001:2004, but with clearer and more detailed requirements. As with ISO 14001:2004, this is not about reviewing which compliance obligations are applicable to the organization, it is about evaluating actual compliance with the range of compliance obligations applicable to the organization.
Relationship of elements of ISO 14001:2015 standard relevant for compliance management.
9.2 Internal audit
Internal audits have always been a key element of ISO 14001 in helping to assess the effectiveness of the environmental management system. An audit programme needs to be established to ensure that all processes are audited at the required frequency, the focus being on those most critical to the business. To ensure that internal audits are consistent and thorough, a clear objective and scope should be defined for each audit. This will also assist with auditor selection to ensure objectivity and impartiality. To get the best results, auditors should have a working knowledge of what is to be audited, but management must act on audit results. This is often limited to corrective action relating to any nonconformities that are found, but there is also needs to be consideration of underlying causes and more extensive actions to mitigate or eliminate risk. Follow up activities should be performed to ensure that the action taken as a result of an audit is effective. This clause is largely the same as ISO 14001:2004.
9.3 Management review
The main aim of management review is to ensure the continuing suitability, adequacy and effectiveness of the quality management system. Only through conducting the review at sufficient intervals (remember, management review does not have to be just one meeting, held once per year), providing adequate information and ensuring the right people are involved can this aim be achieved. The standard details the minimum inputs to the review process. Top management should also use the review as an opportunity to identify improvements that can be made and/or any changes required, including the resources needed. The input to management review should include information on;
- Status of previous actions from management reviews;
- Changes in internal/external inputs, significant aspects/impacts and compliance obligations;
- Achievement and progress on environmental objectives;
- Information on environmental performance;
- Communications from external interested parties;
- Opportunities for continual improvement;
- Adequacy of resources for the environmental management system.
The output from the management review should include any decisions and actions related to;
- Conclusions on the suitability, adequacy and effectiveness of the system;
- Continual improvement opportunities,
- Changes to the environmental management system, including resources;
- Actions relating to objectives not achieved;
- Implications for the strategic direction of the organization.
Documented information pertaining to the management review is required to be retained.
This clause is largely the same as ISO 14001:2004, but with some broader topics and alignment with the new language of risks and opportunities, and the context of the organization.
This clause requires organizations to determine and identify opportunities for continual improvement of the EMS. The requirement for continual improvement has been extended to ensure that the suitability and adequacy of the EMS—as well as its effectiveness—are considered in the light of enhanced environmental performance. There are some actions that are required that cover handling of corrective actions. Firstly organizations need to react to the nonconformities and take action. Secondly, they need to identify whether similar nonconformities exist or could potentially occur. This clause requires organizations to determine and identify opportunities for continual improvement of the EMS. There is a requirement to actively lookout for opportunities to improve processes, products or services; particularly with future customer requirements in mind.
This states that the organization shall determine opportunities for improvement and implement necessary actions to achieve intended outcomes.
10.2 Nonconformity and corrective action
The main aim of the corrective action process is to eliminate the causes of actual problems so as to avoid recurrence of those problems. It is a reactive process, in that it is triggered after an undesired event (e.g. a pollution event). In essence, the process uses the principles of root cause analysis. A basic approach to problem-solving is “cause” and “effect”, and it is the cause that needs to be eliminated. Action taken should be appropriate and proportionate to the impact of the nonconformity. As part of the corrective action process, the effectiveness of action taken must be checked to ensure it is effective. For this clause on nonconformity and corrective action, much of the content is familiar and similar to ISO 14001:2004 but the term “preventive action” has now been completely deleted from the standard. This is because the new HLS is built on the fundamental principles of risk management, which embodies the need to identify risk and manage those risks, with the ultimate goal of risk elimination. The overall approach is one of mitigating and where possible eliminating risk, with the use of corrective action to deal with the impacts of realised risks.
10.3 Continual improvement
This sub-clause of ISO 14001:2015 effectively summarises the key aim of an environmental management system: to continually improve the suitability, adequacy and effectiveness of the environmental management system to enhance environmental performance. This was also embodied in ISO 14001:2004 but is separately stated in ISO 14001:2015. Improvement does not have to take place in all areas of the business at the same time. The focus should be relevant to risks and benefits. Improvement can be incremental (small changes) or breakthrough (new technology). In reality both methods will be used at some point in time.
Other clarifications and modifications
The old ISO 14001 standard asked you to “define and document the scope of its environmental management system” (4.1), but it didn’t say anything about how this should be done. The new ISO standard clarifies how this ought to be done (4.3). It now asks you to consider your compliance obligations, your corporate context, your physical boundaries, your products and services, your activities and functions, and your authorities and abilities when you define the scope of your EMS. And it asks you to include all products, services, and activities that have significant environmental aspects. The new term “compliance obligation” has replaced the rather cumbersome phrase: “legal requirements and other requirements to which the organization subscribes”. However, the meaning is the same. There are two kinds of compliance obligations: mandatory compliance obligations and voluntary compliance obligations. Mandatory compliance obligations include laws and regulations while voluntary compliance obligations include contractual commitments, community and industry standards, ethical codes of conduct, and good governance guidelines. A voluntary obligation becomes mandatory once you decide to comply with it. The new standard no longer refers to environmental targets. According to section A.6.2, “The concept of “target” used in prior editions of this International Standard is captured within the definition of “environmental objective”. You can, of course, still set targets and call them targets if you wish. The only real difference is that the new ISO 14001 standard thinks of a target as a type of objective.
Management of change is an important part of maintaining the environmental management system that ensures the organization can achieve the intended outcomes of its environmental management system on an ongoing basis. Management of change is addressed in various requirements in ISO 14001:2015 Standard, such as
- maintaining the environmental management system (4.4);
- environmental aspects (6.1.2);
- internal communication (7.4.2);
- operational control ( 8.1);
- internal audit programme (9.2.2) and
- management review(9.3).
As part of managing change, the organization should address planned and unplanned changes to ensure that the unintended consequences of these changes do not have a negative effect on the intended outcomes of the environmental management system. Examples of change include:
- planned changes to products, processes, operations, equipment or facilities;
- changes in staff or external providers, including contractors;
- new information related to environmental aspects, environmental impacts and related technologies;
- changes in compliance obligations.
ISO 14001:2015 has introduced the requirement for a “life cycle perspective” in environmental management systems (EMS). The new standard does not require a formal life cycle analysis, or quantification, but does require organisations to look upstream and downstream of the processes performed on-site and try to reduce environmental impacts. Specifically, the life cycle perspective is related to the organisation’s environmental aspects and impacts. It requires careful consideration of the life cycle stages that the organisation can control or influence, including the acquisition of raw materials, production and transportation, use and maintenance, and recycling or disposal. In doing this, the organisation needs to create records as evidence that they have considered each lifecycle stage. The standard also requires the organisation to provide information to its external service providers and contractors about the potentially significant environmental impacts of its products and services. It must also consider the need to provide this information to transporters, end-users and disposal facilities. By providing this information, the organisation can potentially prevent or mitigate adverse environmental impacts during these life cycle stages.
The life cycle perspective can be applied in choosing, for example:
- raw materials (environmental impacts of their production, distance transported and mode of transport)
- products to manufacture and offer for sale (same considerations as well as disposal or recycling options at end-of-life)
- services used by organisation (environmental credentials, chemicals used, waste generated)
- equipment purchases (distance transported, options for recycling at end-of-life, waste generated in their use).
Why has this life cycle requirement been added to the standard? The introduction to the new standard explains that a life cycle perspective can be used to benefit the environment in areas where the organisation has “control or influence” and also “prevents environmental impacts from being unintentionally shifted elsewhere within the life cycle”. Life cycle considerations were largely ignored by the old standard. Now they’re central. ISO 14001 now expects you to use a life cycle perspective to “identify the environmental aspects and associated environmental impacts of its activities, products and services that it can control and those that it can influence”. The term “management representative” has been officially dropped. The management duties and responsibilities that were previously assigned to someone called a “management representative” may now be assigned either to one person or to many. Of course, you may continue to use this job title if you wish.
ISO 14001:2015 clause
ISO 14001:2015 requirements
|4 Context of the organization||The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its environmental management system. Such issues shall include environmental conditions being affected by or capable of affecting the organization.||Evaluate their position with respect to trade associations, customer requirements, Climate change agreements, compliance schemes. Local issues with air quality for example, Sensitive receptors nearby e.g. Godavari river||See evidence that an evaluation has been carried out on their current issues|
|4.1 Understanding the organization and its context||
The organization shall determine:
|This is not a new requirement but is now more explicit -stakeholder concerns. A stakeholder could be a packaging waste compliance scheme how does the company ensure their obligations fulfilled in the collection of data (and indeed its accuracy)||Auditors must check there is evidence that the company have evaluated what are the needs of interested parties particularly important are where there are legal obligations such as the submission of data to the Environment Agency for Pollution prevention and control(PPC)|
|4.2 Understanding the needs and expectations of interested parties||The organization shall determine the boundaries and applicability of the environmental management system to establish its scope.
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the compliance obligations referred to in 4.2;
c) its organizational unit(s), function(s), and physical boundaries;
d) its activities, products and services;
e) its authority and ability to exercise control and influence
|Again not new but better defined;
Make sure you have a site plan
External issues may be movement of goods, Impact on local community noise nuisance
That processes are understood in manufacture and the effect on emissions discharges (internal issues)
Compliance: Pollution prevention and control (PPC) department permit conditions for example
Products-life cycle issues see later
Upstream and downstream influence e.g. customers and suppliers
|The auditor should check the scope of activity covers things like permit conditions for a site eg for a waste management licence
It should cover buildings such as on an industrial estate the unit numbers it applies to.
If the company has delivery on its scope then it should cover its logistics operation.
Please note this scope is NOT the scope that appears on the ISO 14001 certificate but is the scope of controls to be covered under the documented ems
|4.3 Determining the scope of the environmental management system||The organization shall determine the boundaries and applicability of the environmental management system to establish its scope.
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the compliance obligations referred to in 4.2;
c) its organizational unit(s), function(s), and physical boundaries;
d) its activities, products and services;
e) its authority and ability to exercise control and influence
Once the scope is defined, all activities, products and services of the organization within that scope need to be included in the environmental management system.
The scope shall be maintained as documented information and be available to interested parties
|The scope now should be determined usually in a top tier policy document or in preparatory environmental review (PER)
Needs to be documented hence suggestion to put in a top tier manual or similar
|The auditor will need to review the documented information and see that it has been circulated or made available to their interested parties|
|4.4 Environmental management system||To achieve the intended outcomes, including enhancing its environmental performance, the organization shall establish, implement, maintain and continually improve an environmental management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.
The organization shall consider the knowledge gained in 4.1 and 4.2 when establishing and maintaining the environmental management system.
|Reference to processes now explicit and the recognition the part they play e.g. have you a process for waste management
The intended outcome, for example, to maintain your waste hierarchy and meet the duty of care
And achieve your targets on recycling (improvement)
i.e. remember the extent and scope of your system which may include supplier development e.g. transport/logistics reducing journeys choosing routes that avoid congestion zones
|The auditor must evaluate the processes needed to manage the ems|
|5.1 Leadership and commitment||Top management shall demonstrate leadership and commitment with respect to the environmental management system by:
a) taking accountability for the effectiveness of the environmental management system;
b) ensuring that the environmental policy and environmental objectives are established and are compatible with the strategic direction and the context of the organization;
c) ensuring the integration of the environmental management system requirements into the organization’s business processes;
d) ensuring that the resources needed for the environmental management system are available;
e) communicating the importance of effective environmental management and of conforming to the environmental management system requirements;
f) ensuring that the environmental management system achieves its intended outcomes;
g) directing and supporting persons to contribute to the effectiveness of the environmental management system;
h) promoting continual improvement;
i) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.
|More involvement from people at the top
Reviews (these don’t have to be one meeting any more mentioned in guidance)
The policy should align with group policy for example if the company is a member of a trade group do they have any special direction similarly could have an annual report to shareholders
Integration is now easier so consider processes that control quality and health safety information security etc.
Resources should be allocated to budgets, manpower, etc.
The transparency that the system is effective
Noticeboards, newsletters etc.
Target setting (now much more prescriptive)
No longer a management rep but recognition it may be a team of people
E.g. with example earlier support of procurement for the choice of logistics company
|The auditor must ensure any objectives and targets link up to strategic objectives
Auditors cannot demand there is a management rep
There should be evidence that the system is supported with the allocation of resources BUT there is no requirement for this to be documented!
During an audit, it is expected that the auditor will interview Directors/Senior Management
|5.2 Environmental Policy||Top management shall establish, implement and maintain an environmental policy that within the defined scope of its environmental management system:
a) is appropriate to the purpose and context of the organization, including the nature, scale and environmental impacts of its activities, products and services;
b) provides a framework for setting environmental objectives;
c) includes a commitment to the protection of the environment, including prevention of pollution and other specific commitment(s) relevant to the context of the organization;
NOTE Other specific commitment(s) to protect the environment can include sustainable resource use, climate change mitigation and adaptation, and protection of biodiversity and ecosystems.
d) includes a commitment to fulfil its compliance obligations;
e) includes a commitment to continual improvement of the environmental management system to enhance environmental performance.
The environmental policy shall:
be maintained as documented information;
be communicated within the organization;
be available to interested parties;
|The main change here is the protection of the environment not just the prevention of pollution.
The requirement to commit to any other business requirements related to the environment
|The policy should be documented and auditor, therefore, should review this against 5.2
And note in his audit trail its current status (issue date etc)
|5.3 Organizational roles, responsibilities and authorities||Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.
Top management shall assign the responsibility and authority for:
a) ensuring that the environmental management system conforms to the requirements of this International Standard;
b) reporting on the performance of the environmental management system, including environmental performance, to top management.
|Now no specific management rep but can split the roles and responsibilities||The auditor should check evidence of allocation of responsibility and evidence of reporting mechanisms being in place|
|6.1 Actions to address risks associated with threats and opportunities|
|6.1.1 General||The organization shall establish, implement and maintain the processes needed to meet the requirements in 6.1.1 to 6.1.4.
When planning for the environmental management system, the organization shall consider:
a) the issues referred to in 4.1;
b) the requirements referred to in 4.2;
c) the scope of its environmental management system; and determine the risks and opportunities, related to its:
d) environmental aspects (see 6.1.2);
e) compliance obligations (see 6.1.3);
f) other issues and requirements, identified in 4.1 and 4.2; that need to be addressed to:
g) give assurance that the environmental management system can achieve its intended outcomes;
h) prevent, or reduce, undesired effects, including the potential for external environmental conditions to affect the organization;
i) achieve continual improvement.
Within the scope of the environmental management system, the organization shall determine potential emergency situations, including those that can have an environmental impact.
The organization shall maintain documented information of its:
a) risks and opportunities that need to be addressed;
b) processes needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned.
|The aspects table always did look at the potential to pollute now needs to look at protecting the environment more generally e.g. climate change
Now mentions opportunities e.g.. an insulation company selling its product is, in fact, encouraging energy conservation so there is recognition there are positives to consider as well as negatives
Any stakeholder concerns need to be addressed
Always did have to look at emergencies but now specifically mentions ‘potential emergencies’ that could be external issues like a train crash or river flooding most companies usually look currently only at fire and spillage.
External conditions, here again, could be flooding the effect on a local neighbourhood with traffic congestion etc.
This small paragraph has potentially the most significance BUT like the quality standard the company must decide on the level of documentation required based on knowledge and competence of people and the degree of control currently
|The auditor needs to see Risks and opportunities have been identified and documented Processes needs to have been identified e.g. Compliance schemes, consent to discharge/treatment processes, scrubbers/afterburners maintenance and monitoring|
|6.1.2 Environmental Aspects||Within the defined scope of the environmental management system, the organization shall determine the environmental aspects of its activities, products and services that it can control and those that it can influence, and their associated environmental impacts, considering a life cycle perspective.
When determining environmental aspects, the organization shall take into account:
a) change, including planned or new developments, and new or modified activities, products and services;
b) abnormal conditions and reasonably foreseeable emergency situations.
The organization shall determine those aspects that have or can have a significant environmental impact, i.e. significant environmental aspects, by using established criteria.
The organization shall communicate its significant environmental aspects among the various levels and functions of the organization, as appropriate.
The organization shall maintain documented information of its:
a) environmental aspects and associated environmental impacts;
b) criteria used to determine its significant environmental aspects;
c) significant environmental aspects.
NOTE Significant environmental aspects can result in risks and opportunities associated with either adverse environmental impacts (threats) or beneficial environmental impacts (opportunities).
|Life cycle perspective is a significant change so the company must show they have considered this e.g. what about the ultimate disposal of their product –for example, WEEE directive and the effect this has had on disposal of PCBs
Upstream and downstream influences need to be considered.
Any new processes could seriously affect the impact on the environment
Normal abnormal and emergency conditions were in the original BS7750 and now its back more transparently
Clear that you have to have a documented process and an aspects table
This was always a requirement but the need for positive aspects was not highlighted
E.g. a company remanufacturing toner cartridges for printers is reducing the amount of product reaching end of life.
|6.2.1 Environmental objectives
||The organization shall establish environmental objectives at relevant functions and levels, taking
a) determine and have access to the compliance obligations related to its environmental aspects;
b) determine how these compliance obligations apply to the organization;
c) take these compliance obligations into account when establishing, implementing, maintaining and continually improving its environmental management system.
The organization shall maintain documented information of its compliance obligations.
NOTE Compliance obligations can result in risks and opportunities to the organization.
|This whole area is now much more prescriptive and requires SMART targets legal register this recognizes the information could be more remote i.e. as long as you can access the information this is OK
b) this is to stop standard lists of legal statutes which doesn’t actually state what you have to do to comply
c) is to take into account where legal obligations are required e.g. waste packaging regulations requirement for reducing and recycling waste where permit conditions require improvements
|Auditors should check for evidence of documented objectives that the company has evaluated its legal obligations and stated what they are and show how they tie up with its aspects (not a new requirement)|
|6.2.2 Planning actions to achieve environmental objectives||When planning how to achieve its environmental objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated, including indicators for monitoring progress toward achievement of its measurable environmental objectives (see 9.1.1).
The organization shall consider how actions to achieve its environmental objectives can be integrated into the organization’s business processes.
|Self-explanatory prescriptive much clearer requirements
KPI approach is familiar to many.
Encourages integrated objectives e.g. reduce scrap-reduce waste
|The auditor should check for documented information on how the planning of meeting objectives is stated|
|7.1 Resources||The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the environmental management system.||Level of resource applied to the system needs to be determined||The auditor should check for adequate resourcing (can be by interview)|
|7.2 Competence||The organization shall:
a) determine the necessary competence of person(s) doing work under its control that affects its environmental performance and its ability to fulfil its compliance obligations;
b) ensure that these persons are competent on the basis of appropriate education, training or experience;
c) determine training needs associated with its environmental aspects and its environmental management system;
d) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken.
NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the reassignment of currently employed persons; or the hiring or contracting of competent persons.
The organization shall retain appropriate documented information as evidence of competence
|This is saying you need to go through the process of formally looking at key tasks and work out the competence required and where necessary provide training to ‘raise the bar’ to the required level. But it does recognise the role of the consultant!
Records of competence have to be on file
|The auditor needs to check for Competence evaluations|
|7.3 Awareness||The organization shall ensure that persons doing work under the organization’s control are aware of:
a) the environmental policy;
b) the significant environmental aspects and related actual or potential environmental impacts associated with their work;
c) their contribution to the effectiveness of the environmental management system, including the benefits of enhanced environmental performance;
d) the implications of not conforming with the environmental management system requirements, including not fulfilling the organization’s compliance obligations.
|This area has been reinforced all employees and agency staff/subcontractors have to show they know and understand what the issues are: significant aspects
And how they might affect them positively and negatively
|The auditor should sample interview personnel during the walk around
To establish that awareness has been addressed.
|7.4.1 General||The organization shall establish, implement and maintain the processes needed for internal and external communications relevant to the environmental management system, including:
on what it will communicate;
a) when to communicate;
b) with whom to communicate;
c) how to communicate.
When establishing its communication process(es), the organization shall:
a) take into account its compliance obligations;
b) ensure that environmental information communicated is consistent with information generated within the environmental management system, and is reliable.
The organization shall respond to relevant communications on its environmental management system.
The organization shall retain documented information as evidence of its communications, as appropriate.
|This is recognizing the development of various means of communication more prescriptive self-explanatory.
Requires process approach
This requires the process to define on how for example the company collects and communicates data on waste packaging,
Meeting schedule requirements to the Environment Agency
And indeed that the information is accurate/reliable.
But equally, it may be the collection and transmission of information on carbon footprint /CO2 emissions
The importance here now has to be documented
|Communications should be audited by looking for evidence of legal compliance,
Supply of data/information to clients on request
|7.4.2 Internal Communication||The organization shall:
a) internally communicate information relevant to the environmental management system among the various levels and functions of the organization, including changes to the environmental management system, as appropriate;
b) ensure its communication process(es) enable(s) persons doing work under the organization’s control to contribute to continual improvement.
|No requirement to document!||This can be audited in the process of auditing the company’s environmental processes.|
|7.4.3 External Communication||The organization shall externally communicate information relevant to the environmental management system, as established by the organization’s communication process(es) and as required by its compliance obligations.||See 7.4.1 on the communication of data.
May also be complaints follow up
|Auditors should check in particular for evidence of communications with regulators where the fulfilment of legal obligations are required.|
|7.5 Documented Information|
|7.5.1 General||The organization’s environmental management system shall include:
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary for the effectiveness of the environmental management system.
NOTE The extent of documented information for an environmental management system can differ from one organization to another due to:
a) the size of the organization and its type of activities, processes, products and services;
b) the need to demonstrate fulfilment of its compliance obligations;
c) the complexity of processes and their interactions;
d) the competence of persons doing work under the organization’s control./td>
|The company can have additional information that they think is important included in the ems
This is like the new ISO 14001:2015 in that the documentation required is based upon the skill base the company have and how complex the processes are
If people are competent then process mapping may be quite simplistic
|Where documented information is a requirement of the standard the auditor shall check for evidence and note it on the audit record|
|7.5.2 Creating and updating||When creating and updating documented information, the organization shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
c) review and approval for suitability and adequacy.
|This is not new but is now clearly defined rather than implied||Essentially requires the auditor to see all documented information is suitably controlled|
|7.5.3 Control of documented information||Documented information required by the environmental management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
c) For the control of documented information, the organization shall address the following activities as applicable:
d) distribution, access, retrieval and use;
e) storage and preservation, including preservation of legibility;
f) control of changes (e.g. version control);
g) retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the environmental management system shall be identified, as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
|Now refers to documented information rather than documents
Covers information security.
Recognises some media deteriorate over time
But controls remain largely unchanged
Statutes pollution prevention control guidelines etc need to be controlled and kept up to date
Access doesn’t mean the document is the company’s intellectual property
|8.1 Operational planning and control||The organization shall establish, implement, control and maintain the processes needed to meet environmental management system requirements, and to implement the actions identified in 6.1 and 6.2, by:
a) establishing operating criteria for the process(es);
b) implementing control of the process(es), in accordance with the operating criteria.
NOTE Controls can include engineering controls and procedures. Controls can be implemented following a hierarchy (e.g. elimination, substitution, administrative) and can be used individually or in combination.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
The organization shall ensure that (an) outsourced process(es) is (are) controlled or influenced. The type and extent of control or influence to be applied to the process(es) shall be defined within the environmental management system.
Consistent with a life cycle perspective, the organization shall:
a) establish controls, as appropriate, to ensure that its environmental requirement(s) is (are) addressed in the design and development process for the product or service, considering each stage of its life cycle;
b) determine its environmental requirement(s) for the procurement of products and services, as appropriate;
c) communicate its relevant environmental requirement(s) to external providers, including contractors;
d) consider the need to provide information about potential significant environmental impacts associated with the transportation or delivery, use, end-of-life treatment and final disposal of its products and services.
The organization shall maintain documented information to the extent necessary to have confidence that the process(es) has (have) been carried out as planned.
|The ems was never previously as prescriptive about process control
‘Downstream’ activities need to be controlled
E.g. surface treatments like galvanising, painting often done by subcontractors and which potentially have significant environmental impacts need to be controlled
Similarly, because this now considers the life cycle it should cover activities like shipping, logistics etc.
Legislative controls now come into play much more e.g. End of life vehicle controls etc.
Aspects tables, therefore, cover much more than the factory environment.
|The auditor needs to check that documented information is adequate to maintain control obviously if there is evidence of pollution, breaches in legislation then an auditor can raise a concern but care should be exercised as it may also be down to the competence of personnel|
|8.2 Emergency preparedness and response||The organization shall establish, implement and maintain the processes needed to prepare for and respond to potential emergency situations identified in 6.1.1.
The organization shall:
a) prepare to respond by planning actions to prevent or mitigate adverse environmental impacts from emergency situations;
b) respond to actual emergency situations;
c) take action to prevent or mitigate the consequences of emergency situations, appropriate to the magnitude of the emergency and the potential environmental impact;
d) periodically test the planned response actions, where practicable;
e) periodically review and revise the process(es) and planned response actions, in particular after the occurrence of emergency situations or tests;
f) provide relevant information and training related to emergency preparedness and response, as appropriate, to relevant interested parties, including persons working under its control.
The organization shall maintain documented information to the extent necessary to have confidence that the process(es) is (are) carried out as planned.
|Most companies have addressed these for fire and spillages but traffic accidents, rail crashes etc. have generally not been covered remember the previous section has alluded to the external issue of transport logistics etc.
The section is more expressive about ‘lessons learned’
Documented evidence is required that the system or process is working.
|The auditor must check to see there is documented evidence of emergency planning|
|9 Performance evaluation|
|9.1 Monitoring, measurement, analysis and evaluation|
|9.1.1 General||The organization shall monitor, measure, analyse and evaluate its environmental performance. The organization shall determine:
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;
c) the criteria against which the organization will evaluate its environmental performance and appropriate indicators;
d) when the monitoring and measuring shall be performed;
e) when the results from monitoring and measurement shall be analysed and evaluated.
The organization shall ensure that calibrated or verified monitoring and measurement equipment is used and maintained, as appropriate.
The organization shall evaluate its environmental performance and the effectiveness of the environmental management system.
The organization shall communicate relevant environmental performance information both internally and externally, as identified in its communication process(es) and as required by its compliance obligations.
The organization shall retain appropriate documented information as evidence of the monitoring, measurement, analysis and evaluation results
|Many small companies have not addressed this area well in the past but now they must measure how they are performing so waste generation amount of recycling occurring needs to be actually recorded.
Solvent reduction amount by how much etc.
Analysis, of course, could be management review (doesn’t say how you analyse)
This harks back to EMAS about publicly declaring data (many companies now have statements in their year-end accounts)
Similarly, as per MPCB, the company is legally obligated to provide this information-companies were doing this
|The auditor needs to check for documentary evidence of monitoring and measurement|
|9.1.2 Evaluation of compliance||The organization shall establish, implement and maintain the processes needed to evaluate fulfilment of its compliance obligations.
The organization shall:
a) determine the frequency that compliance will be evaluated;
b) evaluate compliance and take action if needed;
c) maintain knowledge and understanding of its compliance status.
The organization shall retain documented information as evidence of the compliance evaluation result(s).
|Most small companies have evaluated compliance in as much as checking their legal register was up to date but there was no requirement to actually have a process with corrective action follow up
c) is clearly saying you not only need to know what statutes apply but what the company’s specific obligations are.
The compliance check needs to be documented
|The auditor shall check for legal compliance results and evidence of actions taken if breaches are evident|
|9.2 Internal Audit|
|9.2.1 General||The organization shall conduct internal audits at planned intervals to provide information on whether the environmental management system:
a) conforms to:
1) the organization’s own requirements for its environmental management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.
Audit to company’s processes as well as the standard
Check no issues
|9.2.2 Internal audit programme||The organization shall establish, implement and maintain an internal audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting of its internal audits.
When establishing the internal audit programme, the organization shall take into consideration the environmental importance of the processes concerned, changes affecting the organization and the results of previous audits.
The organization shall:
a) define the audit criteria and scope for each audit;
b) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
c) ensure that the results of the audits are reported to relevant management.
The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.
|Internal audit programme has to say how often and how the audit will be conducted and how it is reported
Most companies already comply with these requirements
But transparent requirements self-explanatory
|The auditor shall check for evidence of audits being planned and evidence of their results|
|9.3 Management review||Top management shall review the organization’s environmental management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.
The management review shall include consideration of:
a) the status of actions from previous management reviews;
b) changes in:
1) external and internal issues that are relevant to the environmental management system;
2) the needs and expectations of interested parties, including compliance obligations;
3) its significant environmental aspects;
4) risks and opportunities;
c) the extent to which environmental objectives have been achieved;
d) information on the organization’s environmental performance, including trends in:
1) nonconformities and corrective actions;
2) monitoring and measurement results;
3) fulfilment of its compliance obligations;
4) audit results;
e) adequacy of resources;
f) relevant communication(s) from interested parties, including complaints;
g) opportunities for continual improvement.
The outputs of the management review shall include:
a) conclusions on the continuing suitability, adequacy and effectiveness of the environmental management system;
b) decisions related to continual improvement opportunities;
c) decisions related to any need for changes to the environmental management system, including resources;
d) actions, if needed, when environmental objectives have not been achieved;
e) opportunities to improve integration of the environmental management system with other business processes, if needed;
f) any implications for the strategic direction of the organization.
The organization shall retain documented information as evidence of the results of management reviews.
Most companies did trend analysis but didn’t report in detail
So the objectives and targets need to be better reported for example
The new requirement about resourcing
Much more evidence of decision making and action follow up
|The auditor shall check for evidence of actions and outputs from management reviews doesn’t actually say they have to be minuted as such so take care! But there must be documented information maintained!|
|10.1 General||The organization shall determine opportunities for improvement (see 9.1, 9.2 and 9.3) and implement necessary actions to achieve the intended outcomes of its environmental management system.||Not new|
|10.2 Nonconformity and corrective action||When a nonconformity occurs, the organization shall:
a) react to the nonconformity and, as applicable:
b) take action to control and correct it;
c) deal with the consequences, including mitigating adverse environmental impacts;
d) evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by:
e) reviewing the nonconformity;
f) determining the causes of the nonconformity;
g) determining if similar nonconformities exist, or could potentially occur;
h) implement any action needed;
i) review the effectiveness of any corrective action taken;
j) make changes to the environmental management system, if necessary.
Corrective actions shall be appropriate to the significance of the effects of the nonconformities encountered, including the environmental impact(s).
The organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.
|Much more analytical and in line with automotive/aerospace thinking e.g. FMEA root cause 5 whys etc.
Documented info required
|The auditor shall ensure that there is documented evidence of the raising of non-conformances and the outcomes (results of corrective action)|
|10.3 Continual Improvement||The organization shall continually improve the suitability, adequacy and effectiveness of the environmental management system to enhance environmental performance.||System improvements required as well as the reduction in impacts||Auditors should look for evidence of the ems improving in such a way that environmental performance has been enhanced.|