6.1 Actions to Address Risks and Opportunities [ISO 14001]
ISO 14001:2015 requires organisations to consider risks and opportunities in relation to internal and external issues, environmental aspects and compliance obligations which themselves may be a source of risk or opportunity.
Section 6.1 requires an organization to maintain documented information of the process(es) needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned.
Documentation for clause 6.1 identifies, outlines, and acknowledges the company's environmental risks and any opportunities that it may encounter.
These would include any abnormal risks and all and any emergency situations that may arise.
It also needs to show any opportunities the company may face to make any positive environmental changes or impacts.
The ISO 14001 standard does not prescribe a particular risk process or methodology to be documented; however, the onus is placed on the company to demonstrate a sound risk-based system is being followed.
The system the company follows should be easily explainable.
The approach should be evidence-based, auditable documentation provided along with a sound and viable operational plan
Link the policy to the various ISO 14001 clauses to assist in the analysis when needed
Review any existing environmental aspect evaluation processes so that an identification of risks and opportunities is undertaken for each environmental aspect and related compliance obligation
Determine the environmental aspects of activities, products and services, and their environmental impacts, considering a life cycle perspective
Ensure the process for determining which interested party needs and expectations become compliance obligations is based on risks and opportunities
Identify risks and opportunities that need to be addressed in relation to internal and external issues
Establish environmental objectives at relevant functions and levels
Undertake a SWOT analysis as part of your organisation’s business strategy to identify the external risks and opportunities, and plan actions to address them. Formal business risk assessment performed by your organization should take into consideration its context, associated risk and opportunities and mitigation plan.
Using the process approach, identify sources of input, activities, output, receiver of output, performance indicators to control and monitor processes, the risks and opportunities associated with them and action plan to address them.
Outcomes and Options Include
Avoiding the risk
Taking risk in order to pursue an opportunity
Eliminating the risk source
Changing the likelihood or consequences
Sharing the risk with stakeholder
Retaining risk by informed decision
Updated: 24th October 2021 Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards. Learn more about Richard
Don’t Try to Manage It All Alone!
Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.
Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your documentation without missing a single input or output.
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.