Posted By Tim Sagar
Having operated under ISO14001 for a few years and also OHSAS18001:1999 with only the usual minor problems. Following upgrade to 18001:2007 we are having a major issue in respect of section 4.5.2.1 "compliance with applicable legal requirements" and our external verifiers interpretation of this clause. Can anybody share their exprience and what they've done to satisfy it. The guidance we had raed prior to conversion stated that "if you opaerte under ISO14001 legal complaince section would be no problem" but it is!

Posted By Brian Horrocks
A nice example of why 18001 is a waste of space.

I totally agree, a company should know what legislation applies to its undertaking.

But what clear benefit does having a written list give to a company?

Its so easy to find such information out these days - with the wonders of the t'internet etc.

The manhours wasted compliing such a list could be put to much better use.

I guess from the auditors point of view, its justifies their existence....

ISO14001 & 18001 are so over rated, yet companies/organisations continue to be guillible and drawn into the whole money making accreditation/registration scam by those organisations who have a vested interest in the promotion of them and associated auditing etc.

Posted By 99|Cadok|99
My understanding is that section 4.5.2.1 of 18001 is that you need to evaluate your legal compliance.
For example The Health and Safety (information for employees) Regulations 1989 requires that an approved poster entitled, "health and safety-what you should know", is displayed.

The evaluation of this is that you have this poster in place.

To do this the company has a legal register which is basically a list of legislation that applies to the company. once a month an evaluation of compliance is raised from the list and we check to ensure we are doing what the legislation requires us to do.

I hope this is of help.

Iain T

Posted By stephen smith
Hi Brian,

The standard is only as good as theauditors conpetence and that goes for all standards. I Have seen 14001 and 18001 given whenb the paperwork is completely wrong never mind a full audit, so please don't bash the standard.

The register, really the legal list of principle hazards, should be seen a bit like an umbrella where you can hang off all your risk assessments and method statements etc. It should not be used as a single entity but in conjunction with other documents and dovetailing in with principle hazards identification and risk reduction

Regards stephen

Posted By Ken Dickson
Tim,

Demonstrating compliance with 4.5.2.1 of 18001 is, in effect, a two stage process. You should be able to demonstrate that you have an awareness of the legal (and other) requirements under which the organisation operates, and that you are complying with the requirements. The first part is easily established with a register of legislation and other requirements. The second part is demonstrating how you comply.

Taking the instance of the H&S Law poster. If an organisation displays the poster it does not evidence that they organisation knows why the poster must be displayed. Similarly the fact that a poster is not displayed does not evidence that the organisation is not aware of the legislation. It simply evidences that the poster is not displayed. There are two ways of complying with the legislation and the organisation may choose the second method, i.e. distributing the approve leaflet, or the organisation may be aware of the requirement and is simply not complying with it.

Ken

Posted By Clare Gabriel
You need to demonstrate that you have addressed what legislation applies and if you have 14001 already there may well be some overlaps - we have a dual register even though we are registered to 14001 but not (yet) 18001. the advice we were given by our auditor (and lets face it - I took it as it is he who is auditing us!!!) is that we need to identify the legislation - up to you if you want to go as far as Reg number etc, identify which areas apply, then a short script on evidence of how you comply - then you need a back sheet or some sort of addition to be able to demonstrate the legislation has been reviewed and evidence on continued compliance - email me if you need an example

Posted By Safety officer
Good thread Tim.

You have to identify what legislation is applicable to your organisation, then evaluate if you are complying with the legislation or not. (List in your procedure the methods you use to keep up to date and who does the check.)

Now you can do this in several different ways and companies will already be doing this regardless of if they have the standard or not so best brain storm and list all the things you are already doing.

A round of audits to verify the things you are doing comply should suffice. It is a good idea to have some sort of cross reference from your register to the different methods of compliance you use, it will also ensure that there is a some sort of compliance check for everything on your register.

Posted By Mike Foulds
Tim

We are about to go for 18001 registration, the legal register is something that I too need to understand.

Reading the comments so far, it does not appear that anyone has given you a real example of how the register is set out, does anyone with 18001 have a copy of what they use as a guide or template?

I am not work shy but it could save many hours if there is a good example of how its laid out to keep the audit crew happy.

Thanks

Mike

Posted By b318isp
We have enlisted a company who have reviewed all applicable laws, which they make available through the internet. On each of these, there is an interpretation on how the law applies to our business.

The real key is that we can self score our compliance with the law - there is a section by section questionaire per main piece of legislation - which can be rated N/A to 10, and an overall score is accumulated.

For an auditor, we can show a list of applicable EHS legislation, an intepretation of these, a measure of compliane and a review process (with continual improvement).

Posted By Dee
Tim et al,

Hopefully this posting may help you as an 18001 auditor this is how I go about auditing Clause 4.5.2 - Evaluation of Compliance (which by the way is the clause that most companies I have audited since the standard changed have struggled to understand so you are not alone)

As other have pointed out it ties with the clause for identifying the legal and other requirements - it is the next step on.

A combination of things I accept as an auditor to meet with this clause are:

Documentation reviews (company has identified legislation/ACOP and reviews their own procedures against this to determine they are covering the requirements)

Audits (internal, clients) evaluating compliance on a specific operation control/legislative topic such as COSHH, Working at Height (helps you show you are looking at your Operational Controls also) - could be against an ACoP or the Company's internal procedure

Non Conformance Reports, Incident Reports, Near Miss data which shows correlation to compliance

The evaluation of compliance should be something you can do for already existing proactive (and to some extent) reactive measures within your Company.

No auditor should expect you to evaluate every single piece of legislation in one go but what I do expect is the company to have identified their key areas of risk within the business and prioritised their evaluation accordingly - if audit schedules, training, etc., demonstrates that the high risk areas are being reviewed this is again continued demonstration of compliance.

A number of companies will have a legal and other requirements register but cross reference against the legislation what they have in house which demonstrates their compliance with the requirements of that legislation.

I am more than happy to provide further guidance or assistance, feel free to email me off line.

Best Regards - Donna