ISO 14001:2015 Clause 9.1.2 Evaluation of compliance

ISO 14001:2015 Requirements

Once the Compliance obligation has been determined, the organization should establish, implement and maintain the processes needed to evaluate fulfillment of its compliance obligations. The organization should determine the frequency from evaluation of compliance, action taken from evaluation of compliance, and maintain knowledge and understanding of its compliance status. The organization should retain documented information as evidence of the compliance evaluation results.

As per Annex A (Guidance on the use of ISO 14001:2015 standard) of ISO 14001:2015 standard it further explains:

The frequency and timing of compliance evaluations can vary‘ depending on the importance of the requirement, variations in operating conditions, changes in compliance obligations, and the organization’s past performance. An organization can use a variety of methods to maintain its knowledge and understanding of its compliance status, however, all compliance obligations need to be evaluated periodically. If compliance evaluation results indicate a failure to fulfill a legal requirement, the organization needs to determine and implement the actions necessary to achieve compliance. This might require communication with a regulatory agency and an agreement on a course of action to fulfil its legal requirements. Where such an agreement is in place, it becomes a compliance obligation.  A non-compliance is not necessarily elevated; to a nonconformity if, for example, it is identified and corrected by the environmental management system processes. Compliance-related nonconformities need to be corrected, even if those nonconformities have not resulted in actual non-compliance with legal requirements. 


1) Once the Compliance obligation has been determined, the organization should establish, implement and maintain the processes needed to evaluate fulfillment of its compliance obligations.

Once you have determined your Compliance Obligation, now you must evaluate your Compliance. Here you must plan and implement a process to evaluate if you meet the legal requirements that are applicable to you as determined above. This process needs to include:

  1. Frequency of compliance evaluation: How often you are going to check to see if you meet the requirements of particular legislation will vary from law to law, but your process needs to determine how often you will check each level of compliance. For example, you may need to continually check the concentration of chemicals you are emitting into the sewage system, but you may only need to periodically check on how well you are diverting recycling from your landfill waste.
  2. Evaluate compliance and take action: This is the step that everyone thinks about when it comes to the requirements of legal compliance, and this requirement has not changed. As an organization, you need to make an assessment against the applicable laws to see if you meet the requirements and take any actions necessary to become compliant if you are not.
  3. Maintain the status of your compliance: In other words, always know if you actually comply with your legal requirements. If a law changes, you need to know about it and know if the change affects your compliance with the law. If you make a change in your facility, you may need to evaluate whether you still obey all the laws, both during and after the change, even if you are not yet set to evaluate this according to your regular schedule.

Again, all of this evaluation needs to be kept as documented information for the use of you, your management system auditors, and any legal compliance auditors who may need to see it. One of the important aspect of Compliance evaluation is to keep up to date on legislation changes, ensures compliance with legislation, and manages your compliance, you are not only doing a good job at meeting the current requirements but will also be able to meet the updated requirements for environmental compliance obligations of the organization. As with any legal obligations for your company, the important thing is to know what is required of you in the legislation and to ensure that you are taking the actions necessary to meet the requirements. Not being caught off guard can protect you from unwanted and unnecessary fines – one of the benefits of having a good Environmental Management System. This is a crucial step in ensuring that the organization remains in compliance with relevant laws, regulations, standards, and other requirements. Here are some key steps and considerations in this process:

  1. Establish Clear Compliance Criteria: The organization should define clear and measurable criteria for evaluating compliance with each obligation. These criteria should be based on the specific requirements and expectations outlined in relevant laws and regulations.
  2. Assign Responsibility: Clearly designate individuals or teams responsible for monitoring and evaluating compliance with each obligation. This may involve appointing compliance officers or compliance teams.
  3. Develop Monitoring Processes: Create processes for ongoing monitoring and assessment of compliance. This may involve regular audits, inspections, reviews, or assessments to check if the organization is meeting its obligations.
  4. Document Compliance Activities: Keep records of compliance activities, including the results of evaluations, any non-compliance issues identified, and corrective actions taken.
  5. Risk Assessment: Conduct a risk assessment to prioritize compliance obligations based on their potential impact on the organization and regulatory consequences.
  6. Implement Corrective Actions: When non-compliance issues are identified, implement corrective actions promptly to address and rectify the issues. This may involve revising processes, training employees, or making necessary changes to meet the compliance obligations.
  7. Continuous Improvement: Continuously review and improve the compliance evaluation processes. Ensure that they remain effective and efficient in identifying and addressing non-compliance.
  8. Reporting: Establish a reporting mechanism for communicating compliance status to relevant stakeholders, both internally and externally when required.
  9. Training and Awareness: Ensure that employees and relevant stakeholders are aware of their roles and responsibilities in meeting compliance obligations and provide necessary training.
  10. Legal and Regulatory Updates: Stay informed about changes in relevant laws, regulations, and standards, and update the compliance evaluation processes accordingly.
  11. Documentation and Records: Maintain comprehensive documentation of compliance activities and records of compliance evaluations. This documentation is often crucial for demonstrating compliance to regulatory authorities.
  12. Third-Party Relationships: If applicable, include processes for evaluating compliance among third-party suppliers, contractors, or partners, as their actions can also impact the organization’s compliance.
  13. Conduct Regular Reviews: Periodically review and assess the effectiveness of the compliance evaluation processes to ensure they remain aligned with the organization’s goals and objectives.

By establishing and maintaining these processes, organizations can demonstrate their commitment to compliance and reduce the risk of legal or regulatory violations. Additionally, it helps foster a culture of compliance within the organization, which is essential for long-term success.

2) The organization should determine the frequency from evaluation of compliance, action taken from evaluation of compliance, and maintain knowledge and understanding of its compliance status.

Determining the frequency of compliance evaluations, taking appropriate actions based on those evaluations, and maintaining knowledge and understanding of compliance status are critical components of an effective compliance management system. Here’s a breakdown of each of these aspects:

  1. Frequency of Compliance Evaluation:
    • The organization should establish a clear schedule for evaluating compliance with its obligations. The frequency of these evaluations may vary depending on the nature of the obligations, the industry, and regulatory requirements.
    • Some compliance evaluations may need to occur regularly, such as daily, weekly, monthly, or annually, while others may be triggered by specific events or changes in regulations.
    • High-risk compliance obligations may require more frequent and rigorous evaluations, while lower-risk areas may be evaluated less frequently.
  2. Actions Taken from Evaluation of Compliance:
    • When compliance evaluations are conducted, it’s essential to define a process for taking appropriate actions based on the results.
    • If non-compliance issues are identified, a corrective action plan should be developed and implemented promptly. This plan may include measures to address the root causes of non-compliance and prevent recurrence.
    • Corrective actions can range from process improvements and employee training to policy revisions and more stringent controls.
    • For instances of non-compliance that have legal or regulatory implications, legal counsel should be involved in determining the appropriate response.
  3. Maintaining Knowledge and Understanding of Compliance Status:
    • The organization should continuously track and maintain a clear understanding of its compliance status for all relevant obligations.
    • This involves keeping records of compliance evaluations, documenting corrective actions taken, and maintaining a compliance register or database to track obligations and their status.
    • Regular reporting to senior management and relevant stakeholders can help ensure transparency and accountability in maintaining compliance status.
    • It’s important to stay updated on changes in laws, regulations, and industry standards that may impact compliance status and adjust strategies accordingly.
    • Compliance awareness should be ingrained in the organization’s culture, with employees at all levels understanding the importance of compliance and their role in maintaining it.

By determining the appropriate frequency of compliance evaluations, taking effective actions based on those evaluations, and consistently maintaining knowledge of compliance status, organizations can proactively manage risks, demonstrate their commitment to compliance, and avoid potential legal and regulatory issues. These activities are essential for the long-term sustainability and success of the organization.

3) The organization should retain documented information as evidence of the compliance evaluation results.

To provide evidence of compliance evaluation results, an organization should maintain the following documents and records:

  1. Compliance Evaluation Plan: This document outlines the organization’s strategy for evaluating compliance with legal and other requirements. It should include details on the frequency and methods of evaluation, responsible individuals or teams, and the criteria used to assess compliance.
  2. Legal and Regulatory Registers: Maintain a register or list of all applicable environmental laws, regulations, permits, and other requirements that the organization must adhere to. This register should be kept up-to-date and include references to the specific legal provisions.
  3. Compliance Evaluation Reports: After each compliance evaluation, prepare comprehensive reports that document the findings. These reports should detail the results of the evaluation, including any instances of non-compliance, as well as any corrective actions taken or planned.
  4. Documentation of Corrective Actions: If non-compliance is identified during an evaluation, records of the corrective actions taken should be maintained. These records should show the steps taken to address non-compliance, responsible parties, and timelines for resolution.
  5. Evidence of Monitoring and Measurement: Any data or evidence collected during the compliance evaluation process should be retained. This may include monitoring data, inspection records, audit reports, and other evidence used to assess compliance.
  6. Records of Communication: If there is communication with external stakeholders, such as regulatory agencies or third-party auditors, records of these communications should be kept. This can include correspondence, meeting minutes, and any agreements or commitments made.
  7. Records of Training and Awareness: Maintain records of training and awareness programs related to compliance. This can include records of employee training sessions, attendance logs, and any materials distributed during training.
  8. Records of Changes: If any changes are made to processes, procedures, or policies in response to compliance evaluations, document these changes. This documentation should include the reasons for the changes and their impact on compliance.
  9. Review and Improvement Records: Records of management reviews related to compliance evaluation results should be maintained. These records should demonstrate how the organization has used compliance information to drive improvement in its environmental performance.
  10. Retention and Archiving: Ensure that all compliance evaluation records are retained for the required duration, as defined by applicable laws and regulations or the organization’s internal policies. This typically includes both active records and archived records.
  11. Document Control: Implement a document control system to manage and safeguard compliance-related documents and records, ensuring they remain accurate, complete, and accessible as needed.

It’s important to note that ISO 14001:2015 does not specify a specific retention period for these records. The retention period may vary depending on the nature of the records and legal requirements in your jurisdiction. Organizations should establish their own document retention policies in compliance with applicable laws and regulations.

Example of Compliance Evaluation Plan

Organization Name: [Your Organization’s Name]

Document Number: [CEP-001]

Revision Number: [Version 1.0]

Date of Issue: [Date]

Review Date: [Date]

1. Purpose: The purpose of this Compliance Evaluation Plan (CEP) is to establish a framework for systematically evaluating and ensuring compliance with environmental laws, regulations, permits, and other relevant requirements as part of our Environmental Management System (EMS).

2. Scope: This plan covers compliance evaluations related to environmental aspects identified in our EMS, including but not limited to air emissions, water discharges, waste management, and energy consumption.

3. Responsibilities:

  • Environmental Manager: Responsible for overall coordination of compliance evaluations.
  • Environmental Compliance Team: Comprising members from relevant departments, responsible for conducting compliance evaluations.
  • Legal and Regulatory Affairs: Responsible for keeping legal and regulatory registers up-to-date.

4. Frequency of Compliance Evaluations: Compliance evaluations will be conducted on an annual basis, with additional evaluations triggered by significant regulatory changes, incidents, or as deemed necessary.

5. Methodology: The compliance evaluation process will include the following steps:

a. Identify Applicable Requirements: Maintain a legal and regulatory register, regularly updated, listing all relevant environmental laws, regulations, permits, and other obligations.

b. Conduct Compliance Assessments: Evaluate the organization’s activities, processes, and facilities to assess compliance with identified requirements.

c. Document Findings: Prepare comprehensive compliance evaluation reports documenting findings, including any non-compliance issues and areas of improvement.

d. Corrective Actions: Develop and implement corrective actions for identified non-compliance issues. Document corrective action plans and follow-up to ensure resolution.

e. Management Review: Present compliance evaluation results to senior management during management reviews, ensuring that compliance information is used to drive continuous improvement.

6. Records: All records related to compliance evaluations, including legal registers, evaluation reports, corrective action plans, and management review records, will be retained in accordance with the organization’s document retention policy.

7. Communication: Effective communication of compliance evaluation results will be maintained with relevant internal stakeholders, external regulatory agencies, and interested parties as required.

8. Training and Awareness: Ensure that employees are aware of their roles and responsibilities in compliance evaluation. Conduct training sessions as needed and maintain records of training activities.

9. Document Control: This plan and all related documents will be controlled and managed in accordance with the organization’s document control procedures.

10. Review and Update: This Compliance Evaluation Plan will be reviewed annually or as necessary to ensure its continued effectiveness and relevance.

11. Approval: This Compliance Evaluation Plan is approved by:

[Your Name]


Environmental Manager

Example of Legal and Regulatory Register – Environmental Management System

Organization Name: [Your Organization’s Name]

Document Number: [LR-EMS-001]

Revision Number: [Version 1.0]

Date of Issue: [Date]

Review Date: [Date]

1. Purpose: The purpose of this Legal and Regulatory Register is to identify and maintain a comprehensive list of all environmental laws, regulations, permits, and other requirements applicable to our organization’s operations and activities as part of our Environmental Management System (EMS).

2. Scope: This register covers all environmental requirements that pertain to our organization, including but not limited to air quality, water quality, hazardous materials, waste management, and energy conservation.

3. Responsibility: The Legal and Regulatory Affairs department is responsible for maintaining and updating this register.

4. Register Contents:

Regulatory AuthorityLegal ReferenceDescription of RequirementApplicabilityReview Frequency
Environmental Agency AEnvironmental Act, 20XXEmission limits for [Specific Pollutant][Relevant Facility]Annually
Water Quality BoardWater Discharge Permit XXDischarge limits for effluent into [Specific Water Body][Facility A, B, C]Bi-annually
Occupational Safety and Health Administration (OSHA)Hazardous Chemicals StandardHandling and storage of hazardous chemicals[All Facilities]Quarterly
Department of Energy EfficiencyEnergy Conservation Act, 20XXMandatory energy consumption reporting[Facility D]Annually
Waste Management AuthorityHazardous Waste RegulationsProper disposal and labeling of hazardous waste[Facility B, E]Bi-annually
[Local Authority][Local Environmental Ordinance]Noise level limits during [Specific Operation][Facility F]As needed

5. Applicability:

  • “Regulatory Authority” identifies the government agency or authority responsible for the regulation.
  • “Legal Reference” specifies the specific legal document, law, regulation, or permit.
  • “Description of Requirement” briefly describes the compliance obligation.
  • “Applicability” indicates which facilities or operations are subject to the requirement.
  • “Review Frequency” defines how often the requirement is reviewed for changes or updates.

6. Review and Update: This Legal and Regulatory Register will be reviewed and updated as needed to ensure its accuracy and relevance. Any changes to regulations or permits will be promptly reflected in this register.

7. Approval: This Legal and Regulatory Register is approved by:

[Your Name]


Legal and Regulatory Affairs Manager

Leave a Reply