At Spedan, we have many years of experience in supporting Clients with managing their ISO compliance obligations. Legislation is hard to manage and our Legal Update services supports SHEQ, IT and Compliance managers as they struggle to maintain the breadth of information that is needed.
Our legal update service supports SHEQ Managers and Information Security Compliance managers stay abreast of legal requirements for ISO and compliance obligations. We will complete a legal review of your products, services and activities to create a bespoke Register of Compliance Obligations for your sites. The Compliance Register contains summary guidance on what each piece of legislation requires as well as links to the primary legislation and resources that help you manage it.
On a monthly basis, you receive updates of legislation for ISO systems, so that you keep on top of changes and feed them into your compliance register. All through the year, you and the team will be able to access iSHEQ, the unique online resource provided by Spedan, that holds further detailed information, links and guidance.
Our approach is flexible to the needs of your organisation and we aim to work closely with your team. We are happy to provide partial support to a fully managed service. For example, we can maintain your environmental compliance register and communicate it to the relevant teams.
Ensure you protect your organisation; all ISO management systems require a commitment to remain compliant with legal and other obligations.
All ISO management systems require a commitment to remain compliant with legal and other obligations, but some organisations live under the illusion that because they have operated for a period of time with no problems, they remain compliant.
However, it is often the case that most organisations are breaking some ISO Compliance Obligations at some point or other. The reality with UK regulators is that unless something occurs that brings an organisation into their line of sight, the practices will go unnoticed. In most cases, this is not being done maliciously, but simply from a lack of understanding.
The business problem really arises when an incident occurs, such as employee having an accident, the regulators turn up and start investigating. In these cases, the organisation is then facing two challenges:
Failure to meet ISO compliance obligations can be costly financially and also affect brand and reputation. Regulators and the Courts can charge your organisation significant amounts of money for investigations and final prosecution charges. For example, in the UK, the Health and Safety Executive can issue a ‘Notice of Contravention’ for material breaches if Inspectors consider situations serious enough that they need formally addressing.
Many regulators now charge fees for intervention (FFI). For example, the HSE charge these at the rate of £154 an hour to cover all visits and time that the HSE takes to investigate. This accrues to very significant amounts.
To ensure that your organisation is up to date, it is crucial to have an ongoing process of identifying and understanding the legal requirements, and then embed them into your everyday processes.
Changing legislation is one of the top ten issues that could lead to a significantly disruptive incident on an organisation according to the Business Continuity Institute (2019).
We know that reading about legal updates isn't the same as a good chat. Speak to us to find out what it means to you and your business.SPEAK TO US
|Common Legislation for ISO 14001||Common Legislation for ISO 45001||Common Legislation for ISO 27001|
|Environmental Protection Act 1990||Health and Safety at Work etc. Act 1974||Computer Misuse Act 1990|
|Environmental Protection (Miscellaneous Amendments) (England and Wales) Regulations 2018||Management of Health and Safety at Work Regulations 1999||Data Protection Act 2018|
|Packaging (Essential Requirements) Regulations 2015||Management of Health and Safety at Work Regulations 1999||Anti-Terrorism, Crime and Security Act 2001|
|Waste (England and Wales) Regulations 2011||Health and Safety (Consultation with Employees) Regulations 1996||Copyright, Designs and Patents Act 1988|
|Fluorinated Greenhouse Gases Regulations 2015||Control of Substances Hazardous to Health Regulations 2002 (COSHH)||Sanctions and Anti-Money Laundering Act 2018|
|Other ISO 14001 Compliance Obligations||Other ISO 45001 Compliance Obligation||Other ISO 27001 Compliance Obligations|
|Customer Environmental Policies||Industry Guidance (INDG)||Information Commissioner Guidelines|
|UN Sustainable Development Goals||Sector Guidance||Customer Information Security Policies|
Organisations that have understood and implemented ISO standards correctly will have introduced processes that identify, manage and evaluate compliance obligations as an ongoing activity.
The International ISO Standards all require that legal requirements are understood and implemented. In Clause 4, the organisation is required to identify the context in which it operates. For example, guidance to the main ISO 45001 Occupational Health and Safety standard identifies specifically that the Context should list out legal requirements, and that they should be carried forward into and hazard identification and risk planning. Specific requirements in all the other ISO management standards state that legal, statutory, regulatory and contractual obligations should be managed to avoid breaches.
In line with the Plan-Do-Check-Act improvement cycle, the ISO management standards require that you evaluate legal compliance so that your organisation understands how it is performing in relation to those legal requirements. This is a useful tool to ensure that you meet the changing needs of legislation over time; updating the requirements where needed, or even identifying management practices no longer necessary.
A practical approach to managing compliance obligations is to maintain records such as an environmental compliance register, or a safety compliance register. This will allow you to track legal updates and actions that have been taken to manage them.
Organisations need to monitor and audit compliance obligations and provide evidence this has been done. This is usually presented to external auditors in the form of an audit report, that links the documentation, e.g. an environmental compliance register, to the operations being undertaken.
Take a look at our other services.
iSHEQ. A premium toolkit for ISO 9001 Managers,
packed with information and resources.