Eager to be legal
An intended attribute of a risk-based environmental management system (EMS) that
meets ISO 14001:1996 (the EMS standard) is compliance with the appropriate legal
David Powley, of DNV Certification, provides basic advice on how the management system can be used to full effect with a view to it withstanding an independent certification audit.
Clause 4.3.2 requires a procedure 'to identify and have access to legal and other requirements .' Clause 4.3.3 says 'When establishing and reviewing its objectives, an organisation shall consider the legal and other requirements '
Clause 4.5.1 requires an organisation to 'establish and maintain a documented procedure for periodically evaluating compliance with relevant environmental legislation and regulation'.
When looking at the meaning within all of the Standard-speak there are essentially two main demands for an organisation. These are first of all to understand and react to the governing environmental regulatory framework and secondly to periodically check compliance with it.
The process of understanding and reacting to the environmental regulatory framework is one of gathering and reacting to information and comprises a number of sub-processes which have similarities to that which intelligence agencies and marketing functions adopt. The sub-processes are collection/collation, interpretation, dissemination and reaction.
Currently there are masses of opportunities of access to legal information what with the internet, journals and regular subscription to information sources. Information overload is a problem that can so easily be suffered. An example collation process is one that results in a database that has legislation conveniently arranged according to atmospheric emissions, discharges to the aquatic environment, wastes management, nuisance, ecological aspects and resource usage issues. A third-party audit (TPA) generally reveals that most organisations handle this activity well but having the information is not the end game!
All for interpretation
Moving on to interpretation, at some stage the organisation through its appointed personnel must decide on the meaning and applicability (to the organisation) of the legislation as well as considering the implications of amendments. This requires some expertise, which an auditor will always look for during a TPA. It is all very well understanding and having access to information, but what is done with it?
Dissemination is where many organisations can fall short. It does not mean handing over copies of statutory instruments to operational personnel or quoting directly from legal documents, which of course have their own idiom that can baffle most normal people. The appropriate content of the legislation should be communicated in a comprehensible form to the personnel most affected. For example, the main requirements of Discharge Consent (e.g. limits, volumes etc) should be understood by the supervision or management of the site's effluent treatment process. The TPA auditor will evaluate whether this dissemination is being carried out.
The fourth sub-process, reaction, basically means complying with the applicable regulatory framework. This can be setting improvement objectives wherever there is evidence of non-compliance or maintaining the use of appropriate procedures in order to ensure the existing compliance.
For improvement objectives the TPA auditor will check that there is a high degree of intention and commitment that achieves that improvement. In the case of management by use of appropriate procedures, the auditor will check compliance with these procedures (e.g. the operating instructions of the effluent treatment plant).
The most efficient way of checking compliance with legislation is via the internal (or first party) audit. For example, there is nothing more powerful or revealing than a line-by-line compliance audit of the requirements set out in licence conditions such as Discharge Consents, Process Authorisations, Site Licences and other statutory conditions.
Any variances found can then be the subject of corrective action. There may
be other preferred ways of checking compliance but whatever method is used,
the TPA will want to see that some form of meaningful self-evaluation is carried
out by an organisation.
The above is merely a brief and simplistic account of a subject deserving more detailed explanation. However the point worth bearing in mind is that the relationship between environmental management systems and legislative compliance means something more useful than accumulating information that is not reacted to. It means enabling an organisation to actually comply with the law.