Rank: Forum user 
|
Hi Can anyone advise or provide an example of how I can document the methodology for evaluating legal compliance? For those who are 45001 familiar, is 9.1.2 in the standard. My advice is that it doesn't need to be over detailed. It basically needs to answer the question: how do I know I am complying with each relevant piece of legislation. I will need the method and the manner in which I document it. Hope thats not to vague Thank you
|
|
|
|
|
|
Rank: Super forum user 
|
I do this using a register of requirements, as follows.
First of course I need the register. I make this as a spreadsheet with columns for: title of the requirement with link to it (mostly this is legislation but I include the "other requirements" as well); summary of the requirements relevant to the organisation; summary of how the organisation complies with these requirements; and who in the organisation is accountable for the compliance.
Then to evaluate the compliance, I go through this spreadsheet and do an audit of whether we do the things it says we do. In some cases this is simple and objective (so if we say we display the insurance cert in certain places, I check we have an up to date insurance cert in these places), and for other it is more complex and requires judgement (so if we say we have suitable and sufficient risk assessments for all work activities, I might pick a sample of work activities and look at whether they are covered by risk assessments and how well). Then I record and date my findings on new columns in a copy of the spreadsheet, and pass on any recommendations or actions that are needed to restore compliance.
This is a separate activity from reviewing whether the legislation and other requirements in the register are up to date, which also needs to be done.
|
 2 users thanked Kate for this useful post.
|
|
|
|
Rank: Super forum user 
|
I do pretty much as Kate says in her post. The only diference is I used to record the audit findings in the last column of the register but now do a separate audit proforma based on the Internal Audit process. I didn't think this was required but our internal (Consultant) systems auditor repeatedly didn't agree and I tired of arguing my case. The ISO Certification auditor was perfectly happy with Kates approach. Dont forget the 'Other Requirements' as this is part of the ISO9001/14001/45001 standards. Ironically you can state these standards in your 'Other Requirements' section.
|
1 user thanked Holliday42333 for this useful post.
|
|
|
|
Rank: Forum user
|
We had this raised in our 2022 audit so we have started picking 5 (one per team member) pieces of legislation applicable to the business, looking the at the requirements and documenting how we meet these requirements. Documenting gaps etc.
Submitted then as part of the management review. Seems auditors want more and more every year.
|
1 user thanked N Hancock for this useful post.
|
|
|
|
Rank: Super forum user
|
I have a slightly different approach. Create your legal (and other) register. Map your management system against the legal requirements, i.e., your accident and incident procedure will cover RIDDOR reporting requirements, and your manual handling training programme may meet with the MHOR (1992) to ‘reduce the risk of injury’. This mapping exercise can be done in a spreadsheet. When you audit your management system, this will assist in ensuring the evaluation of legal compliance because your management system has been mapped against the statutory requirements. Out of interest, our auditors have never explored this clause; they seem to always go for the low-hanging fruit, i.e., ensuring your legal register is up to date or coming up with some obscure piece of legislation you may have missed, etc.
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.