Eager to be legal

An intended attribute of a risk-based environmental management system (EMS) that meets ISO 14001:1996 (the EMS standard) is compliance with the appropriate legal framework.
David Powley, of DNV Certification, provides basic advice on how the management system can be used to full effect with a view to it withstanding an independent certification audit.

A management system can be regarded as a device to manage risks facing an organisation

– one such risk is that of falling foul of the law. Certification to the ISO

14001 standard entails a capability to deliver environmental regulatory compliance.

Within the standard itself there is enough to enable this.

Clause 4.3.2 requires a procedure ‘to identify and have access to legal and

other requirements….’ Clause 4.3.3 says ‘When establishing and reviewing

its objectives, an organisation shall consider the legal and other requirements…’

Clause 4.5.1 requires an organisation to ‘establish and maintain a documented

procedure for periodically evaluating compliance with relevant environmental

legislation and regulation’.

When looking at the meaning within all of the Standard-speak there are essentially

two main demands for an organisation. These are first of all to understand and

react to the governing environmental regulatory framework and secondly to periodically

check compliance with it.

The process of understanding and reacting to the environmental regulatory framework

is one of gathering and reacting to information and comprises a number of sub-processes

which have similarities to that which intelligence agencies and marketing functions

adopt. The sub-processes are collection/collation, interpretation, dissemination

and reaction.

Currently there are masses of opportunities of access to legal information

what with the internet, journals and regular subscription to information sources.

Information overload is a problem that can so easily be suffered. An example

collation process is one that results in a database that has legislation conveniently

arranged according to atmospheric emissions, discharges to the aquatic environment,

wastes management, nuisance, ecological aspects and resource usage issues. A

third-party audit (TPA) generally reveals that most organisations handle this

activity well but having the information is not the end game!

All for interpretation

Moving on to interpretation, at some stage the organisation through its appointed

personnel must decide on the meaning and applicability (to the organisation)

of the legislation as well as considering the implications of amendments. This

requires some expertise, which an auditor will always look for during a TPA.

It is all very well understanding and having access to information, but what

is done with it?

Dissemination is where many organisations can fall short. It does not mean

handing over copies of statutory instruments to operational personnel or quoting

directly from legal documents, which of course have their own idiom that can

baffle most normal people. The appropriate content of the legislation should

be communicated in a comprehensible form to the personnel most affected. For

example, the main requirements of Discharge Consent (e.g. limits, volumes etc)

should be understood by the supervision or management of the site’s effluent

treatment process. The TPA auditor will evaluate whether this dissemination

is being carried out.

Regulatory reaction

The fourth sub-process, reaction, basically means complying with the applicable

regulatory framework. This can be setting improvement objectives wherever there

is evidence of non-compliance or maintaining the use of appropriate procedures

in order to ensure the existing compliance.

For improvement objectives the TPA auditor will check that there is a high

degree of intention and commitment that achieves that improvement. In the case

of management by use of appropriate procedures, the auditor will check compliance

with these procedures (e.g. the operating instructions of the effluent treatment


The most efficient way of checking compliance with legislation is via the internal

(or first party) audit. For example, there is nothing more powerful or revealing

than a line-by-line compliance audit of the requirements set out in licence

conditions such as Discharge Consents, Process Authorisations, Site Licences

and other statutory conditions.

Any variances found can then be the subject of corrective action. There may

be other preferred ways of checking compliance but whatever method is used,

the TPA will want to see that some form of meaningful self-evaluation is carried

out by an organisation.

The above is merely a brief and simplistic account of a subject deserving more

detailed explanation. However the point worth bearing in mind is that the relationship

between environmental management systems and legislative compliance means something

more useful than accumulating information that is not reacted to. It means enabling

an organisation to actually comply with the law.

Action inspires action. Stay ahead of the curve with sustainability and energy newsletters from edie