REQUIREMENTS OF ISO 14001

REQUIREMENTS OF ISO 14001In order to effectively implement and benefit from an ISO 14001 EMS, it is important tohave an understanding of the standard’s requirements. A quick review of the standardshows that it is structured following the Plan, Do, Check, Improve philosophy of theTotal Quality Management movement, as follows:
PLAN4.2 Policy4.3 Planning
DO4.4 Implementation and Operation
CHECK4.5 Checking and Corrective Action
IMPROVE4.6 Management Review
Within these five elements are 17 sub-elements stating the various requirements.
4.2 Policy
4.3 Planning4.3.1 Environmental Aspects4.3.2 Legal and Other Requirements4.3.3 Objectives and Targets4.4.4 Environmental Management Programs
4.4 Implementation and Operation4.4.1 Structure and Responsibility4.4.2 Training Awareness and Competence4.4.3 Communications4.4.4 EMS Documentation4.4.5 Document Control4.4.6 Operation Control4.4.7 Emergency Planning and Response
4.5 Checking and Corrective Action4.5.1 Monitoring and Measurement4.5.2 Nonconformance, Corrective, and Preventive Action4.5.3 Records4.5.4 EMS Audit
4.6 Management Review
Within these 17 sub-elements are all of the requirements, or “shalls”, necessary toconform to ISO 14001. There is no substitute for reading the standard in terms ofrecognizing the requirements. As a matter of fact, no auditor should embark on an auditwithout having easily available the criteria to which they are doing the audit. However,below we briefly summarize the key points of the sub-elements. This summary is notintended to be a replacement for ISO 14001, and should not be used exclusively as suchduring an audit.
Detailed Section by Section Summary4.2 PolicyISO 14001 requires that the organization have a policy statement to drive the EMS.These tend to be short, one page or less documents, and simply affirm the commitments.There is no expectation that specific details be noted in the policy. For example, thecommitment to pollution prevention can simply be stated saying, “we are committed toprevention of pollution”. The policy must be clearly endorsed by top management andbe available to the public and employees. Although the availability to the public can berather passive; i.e. “is here if they want it”, there is an expectation that the employeeawareness is more proactive. Section 4.2 of ISO 14001 lists the other requirements of thepolicy.
4.3.1 Environmental AspectsThis element requires a procedure that not only identifies the aspects and impacts, butalso provides for determination of significance, and keeping the information up to date.ISO 14001 does not prescribe what aspects should be significant, or even how todetermine significance. However, it is expected the organization will develop aconsistent and verifiable process to do so.
4.3.2 Legal and Other RequirementsThis is a requirement for a procedure that explains how the organization obtainsinformation regarding its legal and other requirements, and makes that informationknown to key functions. This is not the assessment or compliance audit requirement, butrather a more up front determination of requirements.
4.3.3 Objectives and TargetsThere is no requirement for a procedure in this element, only that objectives and targetsbe documented. It does require that certain items be considered in developing theobjectives, such as legal requirements and prevention of pollution. It is sometimeseasiest to develop a procedure anyway for this element to be able to verify theseconsiderations were made.
4.3.4 Environmental Management Programs (EMP)EMPs are the detailed plans and programs explaining how the objectives and targets willbe accomplished. These EMPs usually note responsible personnel, milestones and dates,and measurements of success. Noting monitoring and measurement parameters directlyin the EMP facilitates conforming to 4.5.1 on Monitoring and Measurement discussedbelow.
4.4.1 Structure and ResponsibilityISO 14001 requires that the relevant management and accountability structure be definedin this element. This usually takes the form of an organizational chart. Also, theorganization must denote the Management Representative who is responsible to overseethe EMS and report to management on its operation.
4.4.2 Training Awareness and CompetenceThe key point in this element is that personnel must receive applicable training regardingthe EMS. Specific requirements are itemized in ISO 14001, and include general,company-wide items such as knowing the policy, to more function-specific training onaspects and emergency response. An organization usually responds to this element with atraining matrix, cross-referencing to training materials and records.
4.4.3 CommunicationsProcedures are required for both internal and external communications. Note that ISO14001 only requires procedures, and allows the organization to decide for itself thedegree of openness and disclosure of information. Whatever the decision in terms ofdisclosure, that decision process must be recorded.
4.4.4 EMS DocumentationThis requirement is simply that the organization has documented the system in eitherelectronic or paper form such that it addresses the elements of the standard and providesdirection to related documentation. Not all ISO 14001-required procedures need to bedocumented, as long as the system requirements can be verified.
4.4.5 Document Control.Procedures are required to control documents, such as system procedures and workinstructions, and to ensure that current versions are distributed and obsolete versions areremoved from the system.
4.4.6 Operational ControlThis element is the one which connects the EMS with the organization as a whole. Here,the critical functions related to significant aspects and objectives and targets are identifiedand procedures and work instructions created to ensure proper execution of activities.Requirements for communicating applicable system requirements to contractors are alsoaddressed.
4.4.7 Emergency Planning and ResponseAlthough typically addressed through conventional emergency response plans, thiselement also requires that a process exist for identifying the potential emergencies, inaddition to planning and mitigating them. A linkage to the aspects analysis, whereimpacts are assessed, is appropriate. Emergency incidents include those that may not beregulated, but may still cause significant impact as defined by the organization.
4.5.1 Monitoring and MeasurementProcedures are required describing how the organization will monitor and measure keyparameters of operations. These parameters relate to the significant aspects, objectivesand targets and legal and regulatory compliance. In order to properly manage the system,measurements must be taken of its performance to provide data for action. Responses tothis element usually cross reference to many other specific procedures and workinstructions describing measurement and equipment calibration. It is in this element thatwe find the requirement for what is commonly referred to as a compliance audit.
4.5.2 Nonconformance, Corrective, and Preventive ActionThis element requires procedures for acting on Non-conformances identified in the system,including corrective and preventive action. Non-conformances may be identified throughaudits, monitoring and measurement, and communications. The intent is to correct thesystem flaws. Typically, Corrective Action Report (CAR) forms are the norm, noting thenonconformance, the suggested fix, and closure of the action when completed. Note thatthis requirement does not imply in any way that the party identifying the nonconformancemust be the one to suggest the fix. Instead, it is expected that the system provide for theinformation to be routed to the most appropriate party to address the concern.
4.5.3 RecordsRecords are expected to exist to serve as verification of the system operating. Forexample, records include audit reports and training records. Unlike controlleddocuments, records are “once and done” documents, resulting from the execution of someprocess or procedure. Procedures in this element are required for the maintenance ofrecords.
4.5.4 EMS AuditsISO 14001 requires that the system provide for internal audits. This procedures(s) willinclude methodologies, schedules, and processes to conduct the audits. Interestingly, theEMS audit will in essence, audit the audit process itself!
4.6 Management ReviewThis element requires that periodically, top management will review the EMS to ensure itis operating as planned. If not, resources must be provided for corrective action. Forareas where there are no problems, the expectation is that with time, management willprovide for improvement programs. Usually there is no detailed procedure for thiselement, although records of agendas, attendance, and agreed upon action items aremaintained as verification.