Environmental legal register: ISO 14001 and ISO 45001

Defining a "legal register"

The phrase has become common parlance for EHS professionals involved in implementing and maintaining site, country, regional or company-wide EHS environmental management systems. But what is a legal register?

Our services were designed for legal compliance, and have evolved to meet the needs of the main EHS standards used around the world today — most notably ISO 14001 and OHSAS 18001 (replaced by ISO 45001 in March 2018).

However, pinning down the exact standardized concept of a legal register, or an environmental legal register, becomes quite complex with myriad opinions from different authorities.

But one of the main agreeable definitions is that a legal register is a comprehensive list of legal instruments, such as legislation or regulation (mandating a legal requirement in a topic, industry, or sector) which apply to certain business operations.

The standards for legal registers

Legal register: ISO 14001

ISO 14001 is an international standard for businesses to design and implement their own environmental management system (EMS) to improve their environmental and compliance status.

Section 6.1.3 of ISO 14001 (2015) on Environmental Management Systems states that organizations must:

• Identify the legal requirements they have to comply with
• Have access to  these legal requirements
• Understand how the compliance obligations apply to their organization
• Maintain documented information

Legal register: ISO 45001

ISO 45001 is an international standard that details compliance requirements for occupational health and safety (OH&S) management systems to reduce risks in the workplace.

It replaced OHSAS 18001 with a sharper focus on engaging leadership, risk-based thinking and decisions, and alignment with other ISO management system standards.

Section 6.1.3 (Determination of legal requirements and other requirements) of ISO 45001 (OHS MS) has a similar obligation to ISO 14001, but focuses also on the need to have a process in place to be aware of, and stay on top of legal and other requirements like environmental regulation, while also keeping related documented information up to date.

Interestingly, the term “legal register” isn’t mentioned anywhere in the standards — it has just become the standard all-encompassing phrase for what these provisions require.

Meeting the legal obligation of both these Sections 6.1.3 requires a process that starts with the need to identify and have access to the applicable regulation, based on the company’s environmental or health and safety aspects.

The provisions of Sections 6.1.3 in both standards make perfect logical sense — and would indeed seek to describe what perhaps has become the “conventional” understanding of a legal register.

Environmental legal registers on compliance obligations

Section 9.1.2 of both standards relates to the evaluation of compliance, where organizations will need to “maintain knowledge and understanding”, “action” and “document” their compliance evaluation. Each of these mandatory requirements go beyond a simple list or “register” of laws.

Under Section 9.1.2, companies must ensure that their organization:

• Periodically evaluates compliance against compliance obligations
• Documents its evaluation
• Is aware of its compliance status to obtain certification for their management system

Finally, it’s also critical to mention the wording in Sections 9.3 of both standards, relating to Management review. This requires top management to review the overall management system periodically, with particular consideration to compliance obligations/legal requirements and conformity assurance. As well as sites, regional and corporate level managers also need to have visibility of their company’s compliance status.

Ongoing global compliance management — beyond a “legal register”

The best practice we’ve seen with our clients is to adopt a global approach that allows ongoing compliance management. This involves creating living “compliance registers” for each of your sites around the world which fulfils the dual purpose of both making companies aware of which laws apply to them, as well as creating the possibility to assess, record and verify your compliance status continuously — not just when an audit is scheduled.

This approach brings many benefits. One of the key benefits is that the global aspect fosters a corporate-wide strategy and approach to managing EHS compliance and seeks to embed those values deep into the culture of the organization, across all locations.

Another key advantage is that this can streamline your external and internal compliance audit program. If you have more visibility of your EHS compliance status and performance on an ongoing basis, it means audits can be more targeted, effective, and efficient.

However, ongoing compliance management can be easier said than done, especially when the challenge is multiplied across locations in global companies. Laws are constantly changing and evolving. Legal language is very often a quagmire of references, cross-references, legal phraseology and obscure definitions.

It’s a time-consuming and often complex business to navigate hundreds of legal obligations, determining which are relevant to your organization, even before you assess your compliance against them. This is why many practitioners turn to external providers of services to help them stay aware of their obligations and comply.

There are many providers of “legal register” services in every country where a certification for a management system has been sought. However, when different, local, in-country solutions are used across a multinational organization they are likely to be very different in terms of coverage, quality, reliability and ultimately, effectiveness.

More specifically, what a decentralized, local-only approach will not do is:

• Make it easier to instill a global corporate EHS compliance culture (or even start to develop one)
• Give a global, coherent and reliable view on EHS compliance performance and liabilities
• Provide greater confidence in your ability to say you are compliant in any given location
• Give individual site-locations the impression that compliance with EHS laws is taken seriously across the company, and right to the top

It’s therefore hard to justify not taking a global view, while leveraging local knowledge and expertise every step of the way.

How Enhesa can help

This is why Enhesa’s services are designed to allow on-going compliance management across your organization. We help you: 

• Identify regulations and requirements and determine applicability 

• Have clear, consolidated knowledge and understanding of your obligations 

• Have a clear demonstrable, central and standardized process in place to evaluate and maintain knowledge of compliance 

• Allow monitoring and recording of actions 

• Provide a continuous view on the status of the process and the status of compliance at site, regional and global level 

Learn more about EHS Intelligence’s suite of tools to reduce risk and improve organizational compliance. 

EHS solutions