Compliance Obligations – Definition
ISO 14001:2015 defines Compliance obligations as “legal requirements that an organization has to comply with any other requirements that an organization has to or chooses to comply with”. In the note, it further states “Compliance obligations can arise from mandatory requirements, such as applicable laws and regulations, or voluntary commitments, such as organizational and industry standards, contractual relationships, codes of practice and agreements with community groups or non-governmental
The organization determines, at a sufficiently detailed level, the compliance obligations it identified in 4.2 that are applicable to its environmental aspects, and how they apply to the organization. Compliance obligations include legal requirements that an organization has to comply with any other requirements that the organization has to or chooses to comply with. Mandatory legal requirements related to an organization’s environmental aspects can include, if applicable:
a) requirements from governmental entities or other relevant authorities;
b) international, national and local laws and regulations;
c) requirements specified in permits, licenses, or other forms of authorization;
d) orders, rules, or guidance from regulatory agencies;
e) judgments of courts or administrative tribunals.
Compliance obligations also include other interested party requirements related to its environmental management system which the organization has to or chooses to adopt. These can include, if applicable:
- agreements with community groups or non-governmental organizations;
- agreements with public authorities or customers;
- organizational requirements;
- voluntary principles or codes of practice;
- voluntary labelling or environmental commitments;
- obligations arising under contractual arrangements with the organization;
- relevant organizational or industry standards.
9.1.2 Evaluation of compliance
-
Once the Compliance obligation has been determined, the organization should establish, implement and maintain the processes needed to evaluate fulfillment of its compliance obligations. The organization should determine the frequency from evaluation of compliance, action taken from evaluation of compliance, and maintain knowledge and understanding of its compliance status. The organization should retain documented information as evidence of the compliance evaluation results.
-
The frequency and timing of compliance evaluations can vary‘ depending on the importance of the requirement, variations in operating conditions, changes in compliance obligations, and the organization’s past performance. An organization can use a variety of methods to maintain its knowledge and understanding of its compliance status, however, all compliance obligations need to be evaluated periodically. If compliance evaluation results indicate a failure to fulfill a legal requirement, the organization needs to determine and implement the actions necessary to achieve compliance. This might require communication with a regulatory agency and an agreement on a course of action to fulfil its legal requirements. Where such an agreement is in place, it becomes a compliance obligation. A non-compliance is not necessarily elevated; to a nonconformity if, for example, it is identified and corrected by the environmental management system processes. Compliance-related nonconformities need to be corrected, even if those nonconformities have not resulted in actual non-compliance with legal requirements.