Stay ahead of the competition and meet your legal compliance requirements with the Spedan Compliance Evaluation Service.

Choose from our flexible options

Our legal compliance evaluation helps you to understand and stay up to date with the ever-changing legislation relevant to SHEQ, Information Security and Business Continuity. We offer two flexible solutions to suit the needs of your organisation.

Evaluate and Update

Our ‘Evaluate and Update’ option for compliance evaluation is suited to organisations that have internal resources to maintain their ISO management standards. In this option, we carry out an evaluation of your activities to identify legislation relevant to the scope of your management system and provide your team with monthly updates of any changes to the relevant legislation.

Fully Managed

Our ‘Fully Managed’ option is perfectly suited to Organisations looking for support to ensure a higher level of compliance. On top of the initial evaluation and monthly updating, we will provide training to relevant members of your team and carry out annual audits of compliance against the scope of your ISO management standard.

The everchanging legal landscape is a big issue for organisations

The Business Continuity Institute has even identified that ‘Changes to legislation’ are one of the top ten issues that could lead to a significantly disruptive incident on an organisation.

Hand in glove with operating an ISO management system is the commitment to remaining compliant with legal and other obligations. Some organisations take this granted, because they live under the illusion they have been operating for a period of time with no problems, so therefore they are compliant.

However, it is often the case that most organisations are breaking regulations at some point or other. The reality with UK regulators is that they are very busy, so unless something occurs that brings an organisation into their line of sight, the practices will go unnoticed. In most cases, this is not being done maliciously, but simply from a lack of understanding.

The business problem however, is that when something happens, such as employee having an accident, the regulators turn up and start investigating. In these cases, the organisation is facing two challenges:

  1. The situation or accident that has occurred
  2. The practice that has been breaking regulations

When this occurs, it can be costly in terms of time, resource, and brand and organisational reputation. Regulators and the Courts can charge your organisation significant amounts of money for investigations and final prosecution charges. In the UK, the Health and Safety Executive can issue you with a notice of contravention (NoC) after they have visited, if you have made a material breach.

“A material breach is something which an inspector considers serious enough that they need to formally write to the business requiring action to be taken to deal with”
HSE, 2018

Fees for Intervention (FFI are then charged by the HSE, at the rate of £154 an hour. This will be charged to cover all visits and time that the HSE take to investigate, and as a result can accrue to very significant amounts.

To ensure that your organisation is up to date, it is crucial to have an ongoing process of identifying and understanding the legal requirements, and then translating it into the everyday processes.

This can be a challenge because:

Where do ISO Standards help with Legal Requirements?

The ISO management standards do not in themselves constitute as a legal ‘pass’ and conformity to the ISO standard does not in itself guarantee that you are operating legally.

However, organisations that have understood and implemented the ISO standards correctly will have introduced processes that identify, manage and evaluate legislation as an ongoing activity. In simple terms, the process is in place that meets the challenges .

The International ISO Standards all require that legal requirements are understood and implemented. In Clause 4, the organisation is required to identify the context in which it operates. Guidance to the main ISO 45001 Occupational Health and Safety standard (BS 45002), identifies specifically that the Context should list out legal requirements, and that they should be carried forward into and hazard identification and risk planning. Specific requirements ISO 14001, ISO 45001, ISO 27001 and ISO 22301 all state that legal, statutory, regulatory and contractual obligations are understood in order to avoid breaches.

Evaluate Legal Compliance

In line with the Plan-Do-Check-Act improvement cycle, the ISO management standards require that you evaluate legal compliance. Simply put, this means understanding how you are performing in relation to those legal requirements.

If you have a good process for updating the legal requirements applicable to your organisation, you will be in a good place to evaluate legal compliance effectively. This is not an additional bureaucracy that ISO have introduced to burden you, but a useful tool to ensure that you meet the changing needs over time. Where the legal requirements have changed, you are ensuring that you’ve changed with the times. In some cases, that might include stopping some tasks that are no longer applicable.

Further into the ISO standards, the monitoring and auditing requirements require that the organisation evaluates it’s compliance to the legislation and provides evidence. This is usually presented to external auditors in the form of an audit report, that links the legislation to the operations being undertaken. The report will show that the organisation has evaluated the legislative requirements so that actions taken are appropriate, and then audited the processes and provided evidence that they conform.


Contact Spedan to request further information about our services.