ISO 14001-2015 (Revision):
An environmental management system helps organizations identify, manage, monitor and control their environmental issues in a “holistic” manner.
Other ISO standards that look at different types of management systems, such as ISO 9001 for quality management and ISO 45001 for occupational health and safety, all use a High-Level Structure.This means that ISO 14001 can be integrated easily into any existing ISO management system.
ISO 14001 is suitable for organizations of all types and sizes, be they private, not-for-profit or governmental. It requires that an organization considers all environmental issues relevant to its operations, such as air pollution, water and sewage issues, waste management, soil contamination,
climate change mitigation and adaptation, and resource use and efficiency.
Like all ISO management system standards, ISO 14001 includes the need for continual improvement of an organization’s systems and approach to environmental concerns. The standard has recently been revised, with key improvements such as the increased prominence of environmental management within the organization’s strategic planning processes, greater input from leadership and a stronger commitment to proactive initiatives that boost environmental performance.
There are many reasons why an organization should take a strategic approach to improving its environmental performance. Users of the standard have reported that ISO 14001 helps :
- Demonstrate compliance with current and future statutory and regulatory requirements
- Increase leadership involvement and engagement of employees
- Improve company reputation and the confidence of stakeholders through strategic communication
- Achieve strategic business aims by incorporating environmental issues into business management
- Provide a competitive and financial advantage through improved efficiencies and reduced costs
- Encourage better environmental performance of suppliers by integrating them into the organization’s business systems
Why was ISO 14001 revised ?
All ISO standards are reviewed and revised regularly to make sure they remain relevant to the marketplace. ISO 14001:2015 will respond to the latest trends, including the increasing recognition by companies of the need to factor in both external and internal elements that influence their environmental impact, such as climate volatility and the competitive context in which they work. The changes also ensure that the standard is compatible with other management system standards.
Key improvements ?
ISO 14001:2015 now requires :
- Environmental management to be more prominent within the organization’s strategic direction
- A greater commitment from leadership
- The implementation of proactive initiatives to protect the environment from harm and degradation, such as sustainable resource use and climate change mitigation
- A focus on life-cycle thinking to ensure consideration of environmental aspects from development to end-of-life
- The addition of a stakeholder-focused communication strategy
It also allows for easier integration into other management systems thanks to the same structure, terms and definitions.
How do I get started with ISO 14001:2015 ?
A number of resources, including The ISO 14001 checklist for small business, provide detailed guidance on how to use the standard, but here are a few tips to get you started:
Tip 1 – Define your objectives. What do you want to achieve with this standard ?
Tip 2 – Get the buy-in from senior management. It is essential that the leaders of your organization support the objectives of an effective environmental management system and are committed to the process.
Tip 3 – Get a good overview of existing processes and systems that are relevant to your environmental impact. This will form the basis of your environmental management system and allow you to more easily identify any gaps.
ISO 14001:2015 is structured around the High-Level Structure proposed in Annex SL for all ISO management systems. It includes, in addition to the usual 3 introductory clauses, 7 basic clauses
common to all management system standards. They are: Context of the organization, Leadership, Planning of the EMS, Support, Operation, Performance evaluation and Improvement. They replace current EMS clauses 4.1, 4.2, 4.3, 4.4. 4.5 and 4.6. This structure is intended to provide a coherent presentation of requirements rather than a model for documenting an organization’s policies, objectives and processes.
Clause-4 CONTEXT OF THE ORGANIZATION:
4.1 Understanding the organization and its context
This clause is significantly more prescriptive than in the 2004 version of the standard, and requires the organization to determine all internal and external issues that may be relevant to achievement of the objectives of the EMS itself. This includes all elements which are, and may be capable of, affecting these objectives and outcomes in the future.
4.2 Understanding the needs and expectations of interested parties
The standard now requires the organization to assess who the interest parties are in terms of its EMS, what their needs and expectations may be, and consequently, if any of these should become compliance obligations.
4.3 Determining the scope of the EMS
The scope and boundaries of the EMS must now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the EMS functions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the EMS and kept critically as “documented information.”
The standard indicates that an EMS should be established to achieve the outcomes by using interacting processes and using the information specified in (4.1) & (4.2) to deliver continual improvement. The ultimate objective is to improve the organization’s environmental performance.
5.1 Leadership and commitment
Again, this clause is far more prescriptive than in the 2004 version, with the user reminded that the
organization and top management retain responsibility for the performance of all internal and external
performance factors at all times. It therefore makes perfect sense that the environmental policy and
objectives are aligned with each other, and with the strategic policies and overall direction of the business, including integration with other business systems where applicable. Provision must be made for resources to ensure the EMS can be operated efficiently, and top management must ensure that the people with responsibility within the EMS have the correct support, training, and guidance to complete their tasks effectively. Communication is also critical from a leadership perspective, and communication methods and frequencies must be defined and established for both internal and external interested parties. In summary, it is the responsibility of the leadership of the organization to show an enhancedlevel of leadership, involvement, and co-operation in the operation of the EMS.
5.2 Environmental Policy
Top management have the responsibility to establish an environmental policy, which is appropriate for the organization in terms of the size, scope, activities, and ambitions of the organization, and provides a formal framework for setting objectives. Obviously, the policy should include a commitment to pollution prevention, environmental protection, and all factors contextual to the organization itself. Meeting compliance and regulatory factors is obviously a key element, and a method of capturing and recording this must be established. Finally, and vitally, the environmental policy must provide a commitment to the continual improvement of the EMS and its results. Critically, the environmental policy must be maintained as documented information, be communicated within the organization, and be available to all interested parties.
5.3 Organizational Roles, responsibilities and authorities
The standard states that it is the responsibility of top management to ensure that roles, responsibilities, and authorities are delegated and communicated effectively. The responsibility shall also be assigned to ensure that the EMS meets the terms of the 14001:2015 standard itself, and that the EMS performance can be accurately reported to top management.
6.1 Actions to address risks and opportunities
This clause replaced “preventive action” in the 2015 revision of the 14001 standard. The standard states that the organization should establish, implement, and maintain the processes required to address the requirements of the whole of the planning section itself. When planning the EMS, considerations need to be made on the context of the organization (section 4.1) and the needs and expectations of interested parties (section 4.2), as well as the scope of the EMS.
Risk and opportunity must be considered in respect of these elements, as well as legal and regulatory issues, and the organization’s environmental aspects themselves. This outcome needs to ensure that the EMS can meet its intended outcomes and objectives, that any external factors that may affect performance are avoided, and that continual improvement can be achieved.
In terms of emergency situations, the organization is required to determine any situations that may occur and have a resulting environmental impact. Again, it is vital that documented information is retained concerning the risks and opportunities considered and addressed in the planning phase in order to satisfy the terms of the clause.
6.1.2 Environmental aspects
ISO 14001:2015 asks organizations to consider, from a life cycle perspective – which includes carriage, disposal, and recycling as well as production – all environmental aspects of its products, services, and activities that are deemed to be within the organization’s control. Changes or planned future changes to services also have to be taken into account, as do any abnormal situations that may arise that are reasonable for the organization to predict – for example, if you are about to launch a new product that needs radically new packaging materials. Again, the organization needs to maintain documented information on this clause and its elements, and communication to the appropriate levels with effective frequency needs to be planned and undertaken. In terms of documented information, if you ensure that all actual and associated impacts, the criteria you use to define them, and your significant environmental impacts are documented, then you will satisfy the terms of this clause.
6.1.3 Compliance obligations
This is a relatively straightforward, but obviously vital part of the ISO 14001:2015 standard. The organization must decide what obligations are related to its environmental aspects and how to best access them, decide how they apply to the organization, and take them into consideration when establishing, operating, and delivering continual improvement through the EMS. Documented evidence needs to be recorded for these obligations, also.
6.1.4 Planning actions
In this clause, the standard states that the organization shall plan to take actions to address its
environmental aspects, risks and opportunities, and compliance obligations, all of which we have
discussed above. These also need to be implemented into the organization’s EMS and associated
business processes. The task of evaluating the effectiveness of these actions also must be considered, with technological, financial, and operational considerations all taken into account.
6.2 Environmental objectives and planning to achieve them
6.2.1 Environmental objectives
The standard advises that environmental objectives should be established at appropriate levels and intervals, having considered the identified environmental aspects, risk and opportunities, and compliance obligations. The characteristics of the set objectives are important, too; they need to be consistent with the organization’s environmental policy, measurable where possible,able to bemonitored, communicated effectively, and be such that they can be updated when circumstances require. Once more, it is mandatory that documented information is kept outlining this process and its outputs.
6.2.2 Planning to achieve environmental objectives
The standard advises on the elements that need to be determined to ensure objectives can be achieved. This can be thought of in terms of what needs to be done, when it needs to be done by, what resources are required to achieve it, who is responsible for the objectives being achieved, how results are to be measured and progress ensured, and consideration on how these objectives can be implemented into existing business systems.
Simply put, the standard advises the organization that resources to achieve stated objectives and show continual improvement must be made available.
Employee competence must meet the terms of the ISO 14001:2015 standard by ensuring that the people given responsibility for EMS tasks are capable and confident. Related to this, it stands to reason that the experience, training, and/or education of the individual must be of the required standard, and that any training required is identified and delivered – with measurable actions taken externally or internally to ensure that this level of competence exists. Predictably, this process and its outputs need to be recorded as documented information for the EMS.
Awareness is closely related to competence in the standard. Employees must be made aware of the
environmental policy and its contents, any current and future impacts that may affect their tasks, what their personal performance means to the EMS and its objectives, including the positives or improved performance, and what the implications of poor performance may be to the EMS.
Processes for internal and external communication need to be established and recorded as documented information within the EMS. The key elements that need to be decided, actioned, and recorded are what needs to be communicated, how it should be done, who needs to receive the communication, and at what intervals it should be done. It should be noted here that communication outputs should be consistent with related information and content generated by the EMS for the sake of consistency.
7.4.2 Internal communication
The standard advises the organization that information should be communicated at various levels and with various frequencies as deemed suitable, and to ensure that the nature and frequency of
communication allows continual improvement to result from the communication process itself.
7.4.3 External communication
Once again, the organization is advised by the standard to ensure that communication relevant to the EMS takes place as per the established process, with the goal of ensuring compliance obligations and objectives are met.
7.5 Documented information
“Documented information,” which you will have seen mentioned several times during this guide, marks another change implemented in the 2015 standard. The change is designed to allow each organization to have the ability to shape documented information to their own requirements in general, with the exception of the mandatory components mentioned specifically in the standard and, therefore, this guide. The ISO 14001:2015 standard advises us that the EMS should include all documented information that it declares mandatory, and also anything viewed as critical to the EMS and its operation. It should also be noted that the amount of documented information that an organization requires will differ according to the size, operating sector, and complexity of compliance obligations faced by the business.
7.5.2 Creating and updating
The standard advises that documentation created by the EMS should be available and fit for purpose
where and when needed, reasonably protected against damage or loss of integrity and identity, and the processes of distribution, retention, access, retrieval, preservation and storage, control and disposition are adequately provided for. It should be noted that documented information from external sources should be similarly controlled and handled, and that viewing and editing access levels should be carefully considered and controlled.
7.5.3 Control of documented information
The standard advises that documentation created by the EMS should be available and fit for purpose where and when needed, reasonably protected against damage or loss of integrity and identity, and the processes of distribution, retention, access, retrieval, preservation and storage, control and disposition are adequately provided for. It should be noted that documented information from external sources should be similarly controlled and handled, and that viewing and editing access levels should be carefully considered and controlled.
8.1 Operational control and planning
While the standard acknowledges that operational control will greatly depend on the size, nature,
compliance obligations, and environmental aspects of an organization, the scope is given to the individual organization to plan and ensure the desired results are achieved. The methods suggested by the standard are that processes be designed in such a way that consistency is guaranteed and error eliminated, technology is used to improve control, and it is ensured that personnel are trained and competent. Processes should be performed in an agreed and prescribed manner; those processes should be measurable, and the documented information should match the requirements to ensure operational control.
Outsourced processes must also be considered and controlled. Appropriate measures must be made to define and control the competency of outsourced service suppliers, including consideration of their resources, knowledge, competence, and ability to meet objectives. Consideration must be made for the degree to which the organization and the outsourced provider share process control, and also how control can be made through established elements such as the existing procurement process. As ever, opportunities for improvement must always be considered and identified.
The standard also recognizes that the degree of control the organization has over an outsourced product or service can vary from absolute, if taking place onsite, to very little, if the activity takes place remotely. However, it is suggested that there are factors that nonetheless should be considered. As expected, compliance obligations should be considered and controlled, all direct and associated environmental impacts should be evaluated and controlled, and risks and opportunities associated with the provision of the service itself.
8.2 Emergency preparedness and control
Emergency preparedness and control is a key element of mitigation of environmental risk. The standard informs us that it is the responsibility of the organization to be prepared, and a number of elements should be considered and planned for. Actions to mitigate incidents must be developed, as well as internal and external communication methods and appropriate methods for emergency response. Consideration of varying types of environmental incidents needs to be considered, as does root cause analysis and corrective action procedures to respond to incidents after they occur. Regular emergency response testing and relevant training needs to be considered and undertaken, and assembly routes and evacuation procedures defined and communicated. Lists of key personnel and emergency agencies (think clean up agencies, local emergency services, local environmental office or agency) should be established and made available, and it’s often good practice to form partnerships with similar neighboring organizations with whom you can share mutual services and provide help in the event of an environmental incident.
Clause-9 Performance evaluation:
9.1 Monitoring, measuring, analysis and evaluation
The organization not only has to measure environmental progress, but should consider its significant
aspects, compliance obligations, and operational controls when tackling this clause. The methods established should have considerations to ensure that the monitoring and measuring periods are aligned with the needs of the EMS for data and results, the results are accurate, consistent, and can be reproduced, and the results are consistent and can be used to identify trends. It should also be noted that the results should be reported to the personnel with authority and responsibility to initiate action on the basis of the outputs themselves.
9.1.2 Evaluation of compliance
The standard recognizes that evaluation requirements will vary from organization to organization based on factors such as size, compliance obligations, sector worked in, past history and performance, and so on, but suggests that regular evaluation is always required. If the result of a compliance evaluation reveals that a legal requirement is unfulfilled, the organization needs to assess what action is appropriate, possibly up to contacting a regulatory body and agreeing on a course of action for repair. This agreement will now see this obligation become a legal requirement. Where a non-compliance is identified by the EMS and corrected, it does not automatically become a non-conformity.
9.2 Internal Audit
Internal audits and auditors should be independent and have no conflict of interest over the audit subject, the standard reminds us, and it should be noted that non-conformities should be subject to corrective action. When considering the results of previous audits, the results of previous internal and external audits and any previous non-conformities and resulting actions to repair them should be taken into account.
9.2.2 Internal audit program
The 14001:2015 standard refers us to ISO 19011:2011 for the internal audit program, but when you are establishing your program there are several rules you can subscribe to in order to ensure your program is effective. Base your internal audit frequency on what is reasonable for your organization in terms of size, sector you operate in, compliance obligations, and risk to the environment from your activities. Decide what is reasonable for you, whether that is bi-annual, quarterly, or whatever you deem suitable. Keep in mind that this schedule can be changed, preferably through management review and leadership guidance in the event of changes that necessitate extra internal audit activity.
9.3 Management Review
It should be noted that, contrary to popular belief, the management review need not be done all at once; it can be a series of high-level or board meetings with topics tackled individually, although it should be of a strategic and top management level. Complaints from interested parties should be reviewed by top management with resultant improvement opportunities identified. It should be remembered that the management review generally is the one function that must be carried out accurately and diligently to ensure that the function of the EMS and all resulting elements can follow suit. It goes without saying that all details and data from the management review must be documented and recorded to ensure the EMS can follow the specific requirements and general strategic direction for the organization detailed there.
Outputs from management reviews, internal audits, and compliance and performance evaluation should all be used to form the basis for improvement actions. Improvement examples could include corrective action, reorganization, innovation, and continual improvement programs.
10.2 Nonconformity and corrective action
Prevention of incidents is a key facet of the EMS, and this is specifically addressed in the definition of organizational context (4.1) and assessing risks and opportunities (6.1).
ISO 14001:2015 provides organizations with guidance to mitigate environmental risk and reduce impacts with the ultimate goal being environmental protection, but delivering all of the clauses of the standard and truly understanding them can benefit your organization, as well as the greater environment, in many ways. Accreditation and compliance can bring reputational, motivational, and financial benefits to your organization through improved efficiency and reductions in waste, along with improvements in your supply chain. All of these elements are closely related to your organization’s ability to deliver satisfaction to your customer, and fulfill the expectations and wishes of your stakeholders, while protecting the environment for future generations. Bearing all this in mind, can your organization afford not to have ISO 14001:2015?