1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hello and Welcome to The Quality Forum Online...Continuing in the spirit of People Helping People !
    Dismiss Notice
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Is it an NC if Legal register contained outdated legislation?

Discussion in 'ISO 14001:2004 - Environmental Management Systems' started by Speran, Dec 25, 2016.

  1. Speran

    Speran Member

    Joined:
    Dec 25, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi all, I'm new to this standard. Could you please advise if during the audit it was found that legal register contained out dated pieces of legislation, would it be a non conformity and what clause it would relate to?
    Many thanks.
    Speran
     
  2. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    397
    Likes Received:
    231
    Trophy Points:
    42
    Location:
    Laguna Philippines
    Normally, legal registers include old versions of regulations since there are laws where only part of them are amended and some, if not most, are retained. More importantly, organizations must ensure that evidence/s of compliance are maintained for applicable legal requirements. Though I don't consider such an issue an NC, auditors might tie this up to Clause 4.4.5g.
     
  3. Speran

    Speran Member

    Joined:
    Dec 25, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thanks Tony. You are probably looking at it from the internal auditor perspective. What concerns me is how the CABs, third party auditors, look at this. Thank you
     
  4. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    511
    Likes Received:
    382
    Trophy Points:
    62
    Location:
    USA
    The organization is required to identify legal and other requirements relevant to its operations. It of course is expected that current requirements be identified. Not doing so would typically result in nonconformance issued to 4.3.2 of ISO 14001:2004.
     
    charanjit singh likes this.
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    397
    Likes Received:
    231
    Trophy Points:
    42
    Location:
    Laguna Philippines
    IMHO, auditors whether internal or external should not have different perspective in determining conformance. They both use the same audit criteria and should draw out judgment and conclusion as advised by the same standard both internal and external auditors' used as reference i.e. ISO 19011.
     
    Jennifer Kirley likes this.
  6. Speran

    Speran Member

    Joined:
    Dec 25, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thanks all, certification bodies are governed by accreditation standards like ISO 17021-1 when ISO 19011 is purely for the internal auditors. Unfortunately the accreditation standard does not give me an answer to my question. There are so many interpretations of a simple scenario " legal register contained outdated pieces of legislation". Can it contain new as well as outdated laws? What should be driving the frequency of updating legal register the procedure referred to in cl 4.3.2 or 4.5.3? Thank you.
     
  7. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    511
    Likes Received:
    382
    Trophy Points:
    62
    Location:
    USA
    Neither 17021 or 19011 is going to be of any use for questions like this. 17021 is for rules registrars must follow, and 19011 addresses competence. Even the Technical Committee's web site ISO/TC 207/SC 1 does not specifically answer your question. Registrars may have internal procedures and/or provide training on the question, but the client has little or no visibility to that.

    It leaves us, then, to ask ourselves "Why would we want to list outdated regulatory requirements?"
    - Are the permits written to previous version(s)?
    - Do municipalities apply additional requirements that do not match federal regulations?
    - Are the requirements' changes in a phase-in period?
    - Is the site "grandfathered" in writing to a previous requirement?

    There may be other factors, but I can't think of any. Absent any of these or likewise documented exceptions, I would expect a first, second or third party auditor to issue nonconformance if an organization is not adhering to current requirements. It isn't just about the standard. It is about the law, and oh yes the standard asks us (in so many words) to recognize and obey the law.
     
    Speran likes this.
  8. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    397
    Likes Received:
    231
    Trophy Points:
    42
    Location:
    Laguna Philippines
    I believe the issue here is not about noncompliance on applicable legal requirement, it's about a register with outdated pieces of legislation.

    Typically, internal procedures specify the person responsible for maintaining such registers. The timeframe for review and updating is usually defined. Since there is no ISO 14001 clause that explicitly require that registers must be up to date the moment a statute or law is enacted or amended, an auditor cannot raise this issue comfortably against an ISO 14001 clause.

    A requirement must be present to complete an NC. Hence, it is defined as "non-fulfillment of a requirement".
     
    charanjit singh and Speran like this.
  9. Speran

    Speran Member

    Joined:
    Dec 25, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thank you so much tony and Jennifer.
    I'm more inclined to take Tony's view. Depending on what the internal procedure states regarding the timeframe for updating the register, the question is what procedure "legal and other requirements" 4.3.2 or "evaluation of compliance"
    4.5.3?

    Jennifer, I agree the standard asks to comply with the law, what exact requirement of the standard would you raise a NC?

    Thank you both!
     
  10. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    511
    Likes Received:
    382
    Trophy Points:
    62
    Location:
    USA
    I have noticed that the question was originally asked under the 2004 version of the standard.

    Therefore, 4.3.2 Legal and other requirements applies. It requires a procedure (it does not say the procedure must be documented) to identify, have access to and determine how legal and other requirements apply to your environmental aspects.

    The register (list) does not need to be a controlled document either. I have seen clients use an aspects and impacts "register" with a column added to list applicable legal/other codes, and compliance calendars with the same approach. Such documents can be tools: "living documents" with limited access and Track Changes turned on to identify who changed which cell and when. A process owner can make updates when receiving news of a change in requirements - there is no need, indeed it is not acceptable to wait for a 2 or 3 year periodic review such as documented procedures very often have. If the law changes and is enacted/if your permit changes etc., a controlled document's periodic review schedule will not (should not) save you from a nonconformity.

    I have seen the compliance calendar used as a very good type of Evaluation of compliance checklist. Its process owner can periodically (I usually see it done annually) review the codes to see if the required process controls, measurements and reporting are current in their definition, have been performed properly and in a timely way, even if required training (such as for handling hazardous waste) has been kept up. This activity, which is done periodically but is not required to be done all at one time, is called Evaluation of compliance as per 4.5.2. A record of the evaluations can be kept on a separate tab, in internal audit records (why not do some of this evaluation of compliance as part of internal audit?) and even during Management Review if the persons are knowledgeable enough and have the needed time and information to do so.
     
    Speran likes this.
  11. Speran

    Speran Member

    Joined:
    Dec 25, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Dear Jennifer, thank you for your invaluable expertise and advice!
     

Share This Page