Compliance Obligations Procedure Explained (ISO 14001)

What is a Compliance Obligations Procedure?

A compliance obligations procedure comprises a set of formalized instructions that outline the steps any organization can implement to ensure the identification and fulfilment of compliance obligations.

Compliance obligations that are related to your business’s environmental aspects and the needs and expectations of interested parties need to be documented and understood in terms of risk.

Contents

Compliance obligations will arise from mandatory requirements, and these include for example, applicable laws that require permits and regulations that apply to the environmental aspects of your business’s activities, products and services, and their associated environmental impact.

While voluntary commitments might arise from organizational and industry standards, supply chain relationships, commitments established in contracts and product specifications, principles of good governance, community relations, and ethical standards. Both voluntary and mandatory compliance obligations can result in risks and opportunities to the way you do business.

Environmental Aspect Compliance Obligation Risks Opportunities
Mandatory Voluntary
Use of f-gases in air conditioning units The Fluorinated Greenhouse Gases Regulations 2009 Annual sustainability and corporate responsibility reporting Compliance with emission limits Restrict hazardous substances in specifications
Disposal of waste batteries Waste Batteries and Accumulators Regulations 2009 Adopt a community environmental recycling project Time and resources Positive publicity
Generation of waste Control of Pollution Act (COPA) 1974 Agreement to meet a packaging reduction target Licence/permit compliance and reporting Increased revenue from waste recovery and recycling approaches

As such, the compliance obligations procedure describes how the processes needed to comply with the requirements of ISO 14001:2015, Clause 6.1.3 are identified, documented, controlled, and reviewed. What’s more, developing a compliance obligations procedure will allow you to identify areas where you need improvement so that you can start correcting them right away.

Purpose

The purpose of the compliance obligations procedure is to outline an organization’s methodology for identifying, complying and monitoring obligations which relate to your identified aspects in the context of your operations and product life cycle. The evaluation and review of relevant compliance obligations is often achieved through the provision of access to legal requirement databases and resources.

However, many organizations are unsure about how to put these compliance obligations into place, here we discuss the compliance obligations process in detail. Read on to learn its significance for your organization and the common pitfalls to avoid when implementing this procedure.

Compliance Safety Helmets

Why Implement a Compliance Obligations Procedure?

Implementing a compliance obligations procedure is critical in ensuring compliance with regulatory requirements. Therefore, it helps reduce the legal risks your business might face in its operations and can help to build a positive brand image.

The following are just some of the many reasons why it makes sense for organizations to develop such procedures:

  • Maintain ISO 9001 certification or remain compliant with the standard
  • Prevent and detect misconduct that may be illegal or harmful to the organization (e.g., fraud)
  • Avoid any negative consequences of violating mandatory regulatory requirements (e.g. FDA, OSHA) or industry standards (e.g. IATF 16949, ISO 9001)
  • Deal with adverse events such as infractions, warnings, or reviews
  • Minimize the risk of failures, develop more robust procedures, and comply with standards

This video summarizes the meaning and importance of compliance:

https://www.youtube.com/watch?v=xS3LBGtp_Lo

Crucial Elements of the Procedure

The following are some of the critical elements that should be included in a compliance obligations procedure:

  • A designated individual(s) responsible for overseeing compliance obligations and reviewing the procedure
  • A list of regulatory requirements that need to be complied with for each standard and a checklist identifying the actions required
  • A checklist for conducting periodic reviews
  • Guidelines on how to handle notices from regulators or other authorities

5 Steps

How To Implement a Compliance Obligations Procedure (5 Simple Steps)

Once you have decided that developing a compliance obligations procedure is the right thing for your organization, you can start working on the following steps:

1 Identify the Compliance Obligations

Identify the internal and external issues that can help or hinder the achievement of the intended outcomes of the environmental management system.

Compliance obligations will include requirements that are mandatory, such as laws and regulations, or those that your organisation has decided to comply with, whether contractually (customers) or voluntarily (environmental policy commitments).

Consideration should be given to compliance obligations that result from the needs and expectations of your interested parties that relate to known environmental aspects. For example, a compliance obligation might arise from a Logistics company’s desire to reduce the use of fossil fuels during its delivery activities.

Compliance obligations will arise from primary environmental aspects associated with:

  • The use of natural resources (mining, water withdrawal)
  • Purchased raw materials
  • By-products: air, waste and waste emissions
  • Transportation and movement of products
  • Use of products and services
  • End of life-cycle issues associated with the ease of recycling and disposal

Once the needs and expectations of interested parties are identified, your organisation should determine which of these should become a compliance obligation that your organisation will manage, going forward.

When doing so, your organisation should consider internal and external issues and compliance obligations, their organisational units, functions, physical boundaries, activities, products and services and their authority and ability to exercise control or influence.

Consider the risks and opportunities when determining which compliance obligations to address. Ensure the process for determining which interested party needs and expectations become compliance obligations is based on an informal assessment of the risks and opportunities presented by not complying.

Your business’s process for identifying compliance obligations may be informal, for example whereby the organisation’s managers discuss the issues and come to a documented consensus on which of your stakeholders’ needs and expectations should be adopted as a compliance obligation. A number of related departments should be consulted before a compliance obligation is adopted and transferred to the compliance obligations register.

Other, more formal methods for identifying compliance obligations might include for example, using qualitative and/or quantitative approaches such as evaluating and prioritising each stakeholder and their requirements (needs and expectations) based on the level of influence the stakeholder has over the organisation.

Following an initial assessment of the stakeholders of your environmental management system, it is suggested that your organisation holds several workshops with relevant functions to review the findings of the initial assessment in order to consolidate the list of interested parties, their known needs and expectations and compliance obligations.

The organisation must update the compliance obligations register when new knowledge is made available and as part of the management review process.

2 Identify Legal Requirements

First and foremost, your organization must ensure that, at a minimum, all legal requirements that apply to the work-place are identified and met; and those environmental practices related to significant aspects are incorporated, where necessary, to establish and maintain an environmental management system that effectively supports the implementation of best available techniques.

Compliance obligations include legal requirements, for example to obtain permits, and those the organisation has voluntarily adopted. The latter may include expectations which have been established without being formalised, for example regular meetings or correspondence with a neighbour or community group.

In order to document and implement your organization's compliance obligations, you should create a compliance obligations register (ISO 14001:2015) or update an existing Legal and Other Requirements register (ISO 14001:2004), where available to take into account the additional compliance obligations.

The Environment & Sustainability Manager should assess all relevant legislation and related legal requirements, regulations and Approved Codes of Practice (ACoPs) using http://www.legislation.gov.uk to ensure that all identified environmental aspects and stakeholder environmental needs and expectations are evaluated and understood in terms of current legislation, including as appropriate:

  • The Control of Pollution (Oil Storage) (England) Regulations 2001 (SI 2001/2954)
  • Water Industry Act 1991 as amended by Water Industry Act 1999
  • Contaminated Land (England) Regulations 2006 SI 1380 as amended SI 2012/263
  • The Environmental Damage (Prevention and Remediation) Regulations 2009 (SI 2009/153) as amended SI 2009/3275, SI 2010/587
  • The Environmental Noise (England) Regulations 2006 (SI 2006/2238) as amended SI 2008/375, SI 2009/1610, SI 2010/340
  • The Environmental Protection (Disposal of Polychlorinated Biphenyls and other Dangerous Substances) (England and Wales) Regulations 2000 (SI 2000/1043) as amended SI 2000/3359
  • The Environmental Protection (Controls on Ozone-Depleting Substances) Regs 2011 (SI 2011/1543)
  • The Ozone-Depleting Substances (Qualifications) Regulations 2009 (SI 2009/216);
  • The Fluorinated Greenhouse Gases Regulations 2009 (SI 2009/261)
  • Clean Air Act 1993 as amended SI (2014/3318)
  • The Smoke Control Areas (Authorised Fuels) (England) Regulations 2014 (SI 2014/2366)
  • Control of Pollution Act (COPA) 1974: Part III as amended by the Environmental Protection Act 1990, Water Resources Act 1991, Water Industry Act 1991, Noise and Statutory Nuisance Act 1993
  • Anti-Pollution Works Regulations 1999 (SI 1999/1006)
  • Control of Pesticides Regulations 1986 (SI 1986/1510) as amended SI 2007/188
  • The Plant Protection Products (Sustainable Use) Regulations 2012 (SI 2012/1657)
  • The Control of Substances Hazardous to Health (COSHH) Regulations 2002
  • The Control of Asbestos in the Air Regulations 1990 (SI 1990/556)
  • Control of Asbestos Regulations 2012 (SI 2012/632)
  • Radioactive Substances Act 1993
  • The Environmental Permitting (England & Wales) Regs 2010 (SI 2010/675)

3 Document Your Compliance Obligations

In order to document your organization’s compliance obligations, you should maintain an electronic spreadsheet or table comprising an indexed list of relevant legal requirements, and other obligations.

Other obligations might include standards and procedures in connection with operational tasks and associated hazards by referencing the minimum acceptable legal, industry standards and technical specifications against the associated equipment and operating routines at your facility.

Information in the Compliance Obligations register for each requirement includes but is not limited to:

  • Interested parties and their environmental needs and expectations
  • Title and description of the related legal requirement
  • Description of how the legal requirement applies and whether relevant licenses or approvals are required
  • The related risks, opportunities and mitigation actions
  • The title and description of supporting documents that demonstrate compliance
  • How compliance is verified

The compliance obligations register must be reviewed and updated for adequacy, both for new regulations and updated regulations, on a quarterly basis and communicated to relevant staff whose responsibilities or actions can affect compliance.

4 Monitor Changes in Existing Legislation

The introduction of new legislation, changes to existing legislation, or new government agendas, charters or policies, are monitored by the Environmental and Sustainability Manager.

Those that are of particular relevance and importance to your organization are then cascaded to relevant employees as quickly as practicable. It is often the responsibility of the Environmental and Sustainability Manager to review the Compliance Obligations Register, specifically to:

  • Determine whether a piece of amended legislation, or new legislation is ‘relevant’ or ‘irrelevant’
  • Determine whether our organization is compliant with the legislation whilst describing how the requirements apply and what controls are in place to manage the requirement and mitigate related environmental aspects
  • Undertake a periodic review of legal requirements, and other standards and codes of practice when changes are planned to ensure continued compliance
  • Determine whether other legal requirements relevant to our organization and those that we have adopted whilst describing how the requirements apply and what controls exist to remain compliant

After you have made the changes required to bring your organization into compliance, it is crucial that your employees are aware of their role in maintaining compliance (e.g., to ISO 14001). This will help to ensure that compliance obligations are effectively cascaded throughout the organization.

5 Monitor EMS Compliance Status

An organisation, in addition to evaluating the fulfilment of its compliance obligations, is also expected to maintain a knowledge and understanding of its compliance status. Evaluating performance includes evaluating the fulfilment of compliance obligations.

With reference to the evaluation of compliance, organizations have to set up a process that will involve the determination of the frequency of the evaluation, the execution of the evaluation and the actions that need to be taken.

If during a compliance evaluation, a failure to fulfill a compliance obligation is identified, the organization needs to take action to achieve compliance. This may require getting in contact with a regulatory agency to agree the action. Once that agreement is in place, it becomes another compliance obligation.

As per ISO 14001:2015, Clause 9.1.2, an understanding of the organisation’s compliance status must be demonstrated. Therefore, your organization must have the means, via inspections, tests, and audits, that are frequent and robust enough to ensure that the knowledge and understanding of compliance status is maintained.

The management review meeting attendees ensure that applicable environmental aspects are identified and are understood in terms of stakeholder requirements and current legislation. It is the responsibility of the Environment and Sustainability Manager to maintain and review the Compliance Obligations Register, specifically to determine:

  • Whether a piece of legislation, amendment to current legislation or new legislation is ‘relevant’ or ‘irrelevant’
  • Whether our organization is compliant with the legislation whilst describing how the requirements apply and what controls are in place to manage and mitigate the requirement and related environmental aspects
  • Whether other compliance obligations relevant to our organization and those that we have adopted whilst describing how the requirements apply to and what controls are in place to remain compliant
  • Update the register quarterly and communicate to relevant staff whose responsibilities or actions can affect compliance

Maintain your compliance obligations procedures by performing periodic reviews, updating them as necessary, and documenting all changes made during each assessment.

An excellent way to make sure you’re on track is to regularly discuss the progress of your compliance obligations with your management team. This will help prevent problems from occurring later on due to inadequate understanding of the process among senior managers.

Solution

How To Avoid Problems

Internal Auditing

Evaluating performance includes evaluating the fulfilment of compliance obligations.

Perform regular audits to make sure the process is implemented correctly. An organisation, in addition to evaluating the fulfilment of its compliance obligations, is also expected to maintain a knowledge and understanding of its compliance status.

Auditing helps you ensure that your management team executes the process according to how it was initially designed and enables you to perform necessary adjustments as changes occur within your organization.

The compliance audit frequency is reduced when repeat compliance audits find zero non-compliances.

Where additional legal requirements are identified when the list of legal requirements is reviewed by the compliance auditor, these are reviewed and considered by Top management.

Nonconformities resulting from the legal compliance audits are recorded, actioned and tracked according to your Nonconformity & Corrective Action Procedure.

Competence and awareness

Develop a training plan for all employees who will be involved in implementing the process.

Personnel who require knowledge of relevant legislative requirements and regulations to undertake their work, should be trained and updated as required. Encourages workers’ membership of organizations that promote awareness and training on safety topics.

The legal compliance audits should be conducted by competent, in-house personnel or a qualified, independent third party. Competent personnel/third parties must hold a minimum of 2 years on-the-job-training or an equivalent combination of training and formal education in environmental law and legal compliance.

The statutory inspection of equipment should be undertaken by competent person(s) in order to fulfil the legal requirements, e.g., the annual thorough examination of an item of lifting equipment.

To ensure that adequate impact management competency levels are achieved and maintained, your organization should provide regular training courses in the impact management process and its application.

  • Specific impact management training sessions should be held on an annual basis, aimed at providing an overview of the management framework
  • The training should be facilitated by the Environment & Sustainability Manager. Additional ad-hoc training can be provided as required
  • Instruments providing training on appropriate controls include job descriptions, inductions, policies, procedures, terms of reference, charters, performance planning and review programs, contracts and delegations

There should be both written and oral training requirements that ensure each employee fully understands their role and what is expected of them to complete tasks efficiently and effectively.

Communication

Communications concerning changes in compliance obligations may be in the form of an email, link or article provided on the intranet, dissemination through working groups, or articles in the company newsletter or other internal publications. Awareness of and compliance with legal obligations is evaluated by one or more of the following:

  • Internal compliance audits
  • Document and/or records review
  • Facility inspections/tours
  • Staff appraisals and meeting
  • Management Review

Incentives

Develop incentives that encourage managers to monitor and enforce management responsibilities throughout the organization

This can be done by establishing an incentive system that rewards managers for implementing and enforcing requirements within the organization. This will help ensure that employees understand what is expected of them and that managers are held accountable for maintaining compliance.

Conclusion

A compliance obligations procedure is the best way to ensure your company stays out of legal and ethical trouble. It helps you to avoid making costly mistakes, since it helps define how employees should behave in certain situations, what items need to be reported when they are found, who approves for projects or procedures, and more.

By following the steps listed above, you can ensure your compliance obligations procedure is up-to-date and in good shape.

Author: Richard Keen
Updated: 05th October 2021

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO Checklist

Don’t Try to Manage It All Alone!

Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.


  QMS
ISO 9001
EMS
ISO 14001
OH&S
ISO 45001

Compliance Obligations Procedure

The purpose of this procedure is to outline your organization’s methodology for identifying, complying and monitoring environmental obligations which relate to our identified aspects in the context of our operations and product life cycle.

Forms & Reports also included:

  • Compliance Obligation Register
  • Environmental Aspect & Impact Register
  • Interested Party Analysis
  • PESTLE Analysis Template
  • Risk & Opportunity Register
  • SWOT Analysis Template

>> Free Download - Control of Calibrated Equipment Procedure - this will give you a good idea of what to expect when you purchase the procedure.

>> I'm looking for more Procedures

 

$19 USD

add to cart

 

  • Supplied as fully-editable MS Word or Excel files
  • All the templates use styles – making reformatting and rebranding a breeze
  • Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Credit card, PayPal or ApplePay

money back guarantee


We are 100% confident in the quality and contents of our products. Used by thousands of organizations around the world, our templates have been sold online since 2002.

Please read our Money Back Guarantee.

 

Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

  • Small Businesses – dentists, accountants, engineers
  • Large organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates and quality manuals is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.

 

FAQs About Our Templates

Ask Us a Question

More Information

 

ISO 9001 Client images