01 January 2016

Practical impacts on your EMS from the new ISO 14001:2015 standard

This article discusses how the new ISO 14001:2015 standard for Environmental Management Systems (EMS) will impact current ISO14001:2004 based systems.  Some of the in the changes in the new standard are catching up with what was has become good practice in EMS, so mature systems may find they have already met many of the requirements of the 2015 standard.


The first impact from the new standard is more reading.  The 2004 standard was just 9 pages, whereas the 2015 standard is 17 pages (not including the annexure).  The extra words come from the new High Level Structure, expanded requirements, more explanation and a general increase in ISO-speak wordiness.

The High Level Structure

Another change that will be obvious from a first look at the 2015 standard is the new High Level Structure, which has reordered the clauses of the standard.  The only direct impact from this change is for EMS manuals that were structured with the same order as standard, which have now obviously lost that similarity.

Practical Impact:-
The reordered structure does not require any changes in your EMS on its own, but you might consider realigning your documentation to match the standard.  This is especially useful if your EMS is integrated with an ISO9001 Quality Management System, ISO50001 energy management system or the upcoming ISO OHS standard.  Now that the ISO14001 and ISO9001 standards have the same structures, it is much easier to write an integrated management system manual and this may be enough reason to update your manual.

Terms and Definitions

ISO has adopted uniform definitions across all of its management system standards as part of the High Level Structure, a useful advantage of the new standard.  For ISO14001 this has led to generalised Terms and Definitions with terms like "management system" and "top management" added to the definitions.

There are 2 major changes in terminology:
  • Compliance Obligations – replacing Legal and Other Requirements.  Legal and other requirements is listed as an "admitted term"
  • Documented Information – which replaces both Documents and Records.  In practice document and record control will work the same as previously, but the changes in the standard are enough to affect the structure of document and record control procedures.

There are several other changes in terminology:
  • Many of the terms have been generalised to match the other management systems, so are no longer specific to the environment.  For example, Continual Improvement was previously defined as a recurring process of enhancing the EMS to improve environmental performance.  It now has the more general definition as a recurring activity to enhance performance. 
  • Preventive Action is no longer defined – in practice the subtlety of the difference between preventive and corrective action was not commonly understood. 
  • Interested Party – has been broadened to include a person or organisation that would "perceive itself to be affected".
  • Environmental Condition – a new term defined as a characteristic of the environment.
  • Risk is added – defined as the "effect of uncertainty".
  • Risks and Opportunities are added – defined as potential adverse and beneficial effects.
  • Outsource is added – with a note specifying that an outsourced function or process is included in the scope of the EMS.
  • There are several other new terms, including life cycle, effectiveness, indicator and performance.  

Practical Impact:-
There is no direct requirement to change an EMS based on the change in definitions, but as documentation is updated it could be adapted to reflect the new terminology.

Context of the Organisation

The 2015 standard's formal requirements begin with the context of the organisation, which feeds into a more detailed scope of the EMS.  The 2004 standard required a documented scope, but did not provide direction on what should be included.  For the new standard the context from "external and internal issues" and the "needs and expectations of interested parties" are the starting points for defining the scope (and they are also inputs to other key areas of the EMS).  The following items should be considered in determining the scope:
  • external issues – including environmental conditions (climate, air/water quality, resource availability), cultural, political, regulatory, financial, technological or competitive circumstances
  • internal issues – activities, products, services, strategic direction, culture and capabilities
  • compliance obligations – derived from the needs and expectations of interested parties (including regulators)
  • organisational units, functions, boundaries
  • activities, products, services
  • authority and ability to exercise control or influence

A significant change is the requirement to go beyond considering the organisation's affect on the environment to how the environment could affect the organisation.

These issues only need to be considered at a general, "high level" and applying too much detail would basically be recreating the planning clause.  In some ways the new structure around scope could be seen as an extra formality for already established systems, but it may be useful for organisations with somewhat complicated boundaries.

Practical Impact:-
Scopes were already documented in the previous standard, but it is unlikely they covered all of the material expected to be considered in 2015.  The most significant additions are the impact of the environment on the organisation and the input from interested parties.

The scope must be available to interested parties, which may see it become a stand alone document rather than just a section within the EMS manual.

Leadership

This is another new clause for the EMS standard, but it includes the requirements for an environmental policy and top management's responsibilities which were in the previous standard.

The clause begins by outlining the requirements of top management.  It includes requirements to integrate the EMS requirements into business processes and achieve the intended outcomes, in line with ISO's aim of increasing the prominence of environmental management within strategic planning processes.

The clause for the environmental policy has similar requirements to the 2004 standard, with two significant changes:
  • The commitment to prevention of pollution has now become a commitment to protect the environment (including prevention of pollution and other specific commitments). 
  • The commitment to continual improvement has changed to "continual improvement of the EMS to enhance environmental performance". 
The term "management representative" is no longer used, but similar responsibilities must still be assigned under Clause 5.3.

Practical Impact:-
It will be interesting to see how the leadership and commitment of top management responsibilities are audited, particularly for requirements such as integrating the EMS into business processes (would an annual management review cover this requirement or should each business process address the EMS?).

For the policy there are some obvious changes in wording to new commitments, but the intent of those changes goes beyond just the wording of the policy.  The Guidance (A.5.2) makes it clear that protection of the environment is a broader commitment than prevention of pollution.  ISO has said the "expectation on organizations has been expanded to commit to proactive initiatives to protect the environment."  For the commitment to continual improvement, ISO has said there "is a shift in emphasis with regard to continual improvement, from improving the management system to improving environmental performance."  Both of these policy commitments have broader impacts on your EMS than the simple change of wording for policies.

While the requirement of specific management representatives is removed, in practice the system still has to be established, implemented and maintained, so this will not change much within your EMS.

Planning

The Planning clause includes the elements for aspects, compliance (legal and other requirements) and objectives, just as in the 2004 standard.  The 2015 standard begins with a General clause (Cl. 6.1.1) of contextual information (which it could be argued makes the standard overly repetitive).

The General clause has a new requirement to document "risks and opportunities that need to be addressed", which the Guidance advises "can be related to environmental aspects, compliance obligations, other issues or other needs and expectations of interested parties".  These risk and opportunities should then be addressed when considering aspects and compliance.  The 2004 standard did not specifically mention risk and its only perspective on opportunities was "beneficial" environmental impacts.  These changes demonstrate the new focus for the standard to:
  • look at the environmental impacts on the organisation rather than just the organisation's impact on the environment (the example given by the Guidance is climate change induced flooding of the organisation's premises. 
  • consider the upside of opportunities for environmental management

The clause on aspects (Cl. 6.1.2) has been reworded and now explicitly requires a life cycle perspective and abnormal conditions / foreseeable emergencies to be assessed.  Mature EMS could have already done this under the 2004 standard.  The Guidance advises that "thinking carefully about the life cycle stages that can be controlled or influenced … is sufficient" for the life cycle perspective and a formal assessment is not required.  Documentation requirements for aspects are also clearly defined in the new standard and include criteria for significance.

The 2004 standard's "Legal and other requirements" has now become "Compliance obligations" (Cl. 6.1.3).  Requirements are similar, except that the compliance obligations shall be documented for 2015.  Another slight difference is determining how obligations apply to the "organisation", rather than apply to "aspects" as found in the 2004 standard.

Another new clause for Planning Actions (Cl. 6.1.4) has been introduced in 2015.  It requires planning to take actions for aspects, obligations and risk and opportunities (but it could be argued this clause is just adding to the wordiness of the standard).

The clause for environmental objectives (Cl. 6.2) has been restructured but retains similar requirements to the previous standard.  The term 'target' no longer appears and what was previously 'program' now seems to be 'planned actions'.  Risks and opportunities should be considered when establishing objectives.  There is a new requirement to determine how results of planned actions will be evaluated.

Practical Impact:-
The changes to the planning clause will have several impacts:
  • Risks and opportunities now have to be documented.  Many organisations already have qualitative risk assessments (through a risk matrix) documented as a part of aspects registers.  
  • Risks will also consider environmental effects on the organisation and compliance.  Identifying opportunities goes further than the previous beneficial impacts. 
  • If it was not already included, aspects should include abnormal/emergency situations. 
  • For aspects, documentation should include the criteria used to establish significance of the aspects. 
  • Compliance Obligations must be documented.
  • Rather than determining how Compliance Obligations apply to aspects, they can just be determined for the organisation, which seems to be a slight relaxing of the requirement.
  • Objectives have a new requirement to document an evaluation of the programs / planned actions.

Support

The Support clause includes the sections for Resources, Competence, Awareness, Communication and Documented information.

The Resources section is brief, as management responsibilities are now in the Leadership clause.  Requirements are much the same as the previous standard.

The Competence section is similar to the 2004 standard but competence is now required if it could affect environmental performance, rather than significant aspects.

The Awareness section also has similar requirements to 2004.  Required awareness includes the policy, significant aspects, contribution to and implications of not conforming to the EMS.

The Communication section has been expanded from the previous standard with some explicit requirements for the communication process.  Processes shall now address the what, when, who and how of communication, but a documented procedure is not necessarily required.  Organisations must now respond to EMS relevant communications and retain documented information as evidence.

Internal communication shall now contribute to continual improvement in addition to communicating EMS relevant information.  External communication is only required for compliance obligations or the organisation's established communication processes.  The requirement to document a decision on communicating externally about significant aspects appears to have been removed and was only a bureaucratic exercise anyway.

The Documented Information section replaces the previous standard's clauses for Documentation, Control of Documents and Control of Records.  The most obvious change here is the terminology from 'procedures' and 'records' to 'documented information' in the new standard.  The change in terminology does not on its own necessitate a change in your procedures or documentation (according cl. 3.3.2 and the Technical Committee's workshop).

The basic requirements of the 2004 standard seem to remain, but are not set out as the steps in the previous standard.  The new standard has been modernised to consider electronic documentation (under formats and media) and protection (such as confidentiality).

Practical Impact:-
The changes from the Support clause have the following impacts:
  • Determining competency requirements should take a slightly broader view to look at general environmental performance.
  • Communications processes have to address more than the previous standard, although don't necessarily have to be documented into a procedure.
  • EMS relevant communications shall be responded to and recorded (if they were not already).
  • Documentation of the decision to communicate externally on significant aspects is no longer required.
  • Documented information has to address format, media and protection, but otherwise the control of documents/records is similar to before.

Operation

Operational Planning and Control is another section that has expanded in the new standard.  The basic requirements of the previous standard are retained, but the new standard also addresses:
  • controlling planned changes and outsourced processes
  • a life cycle perspective, with specific reference to design, procurement and providing information on the impacts of the products or services
Documentation of procedures is clarified as necessary to have confidence that processes have been carried out as planned.

Emergency Preparedness and Response has similar requirements to the previous standard, with extra description added to the requirements of the new standard.

Practical Impact:-
The changes from the Operation clause have the following impacts:

  • Controls for managing change and contractors are now required (if not already a part of your current EMS).
  • Operations should be 'consistent' with Life cycle factors such as design, procurement and product information (if not already a part of your current EMS).

Performance Evaluation

The Performance Evaluation clause replaces the 'Checking' clause of the 2004 standard and includes sections for monitoring, evaluation of compliance, internal audit and management review (corrective action has now been moved into its own clause).

The new standard provides a lot more detail on the requirements for monitoring and the focus has changed from the 'significant impacts' of 2004 to the more general 'environmental performance'.  There is a new requirement for communicating performance information internally and externally, but only as identified in the organisation's own "communication processes" and compliance obligations.

The sections for Evaluation of Compliance have new and improved wording, but the requirements are in practice the same as previously.  The Guidance for Evaluation now nominates there should be actions to achieve compliance when a failure to fulfil a legal requirement is found, although presumably that would already be expected from the policy commitment to fulfilling compliance obligations.

Internal audit also has new wording which spells out the requirements for audit programming.  The basis for the program has been expanded to look at changes affecting the organisation and results of previous audits in addition to environmental importance.

The Management Review section is more descriptive but retains similar requirements to the 2004 standard.  Adequacy of resources and risks and opportunities must now be considered in the review and there is more detail in the outputs.

Practical Impact:-
The new Performance Evaluation clause has the following impacts:

  • You EMS may need to expand to cover the extra detail in the monitoring requirements, but mature systems have probably already addressed the requirements.
  • Communication of environmental performance is a new requirement, but it will only have an impact if it is identified in your communication processes (or procedures).
  • Internal audit programs should target areas of change and non-conformances and poor performance from previous audits.
  • Management Review will need to consider adequacy of resources, risks and opportunities, and outputs include opportunities to improve integration of the EMS with other business processes and any implications for the strategic direction of the organization.

Improvement

The non-conformity and corrective action elements are the Improvement clause in the 2015 standard.  The term 'preventive action' no longer appears in the standard.  The new clause has expanded on the steps for the corrective action process, but otherwise the requirements are similar to 2004.  There is an extra requirement to continually improve the EMS to enhance environmental performance, but there was already a policy commitment along those lines anyway, so this does not have any impact on your system.

Practical Impact:-
It is no longer necessary to use the term Preventive Action, but non-conformances should still be proactively prevented wherever possible.  The steps set out for the corrective action process in the new standard are simpler to follow than previously, so may provide extra guidance for your system.  ​