How Do I Build an Effective Legal Register?

The trick to figuring out your organization’s compliance obligations (6.1.3) is to start with what you don’t know.  A legal register that is merely a brain dump of what you already know is most likely missing something.  A more effective approach is to review, at a high level, the relevant regulations and do an applicability analysis. 

 

Once you have determined what could apply, it becomes much easier to determine what does apply.  Record this for posterity (because that is what a system is), and you’ll have a record of what applicability decisions were made.  So much better than second-guessing whether something was reviewed and determined to be non-applicable, or never considered at all.

What Constitutes a “Compliance Obligation”?

Compliance obligations are much more than just regulatory requirements, although they generally comprise the bulk of the legal register.   Mandatory legal requirements related to an organization’s environmental aspects may include:

  • requirements from governmental entities or other relevant authorities

  • international, national and local laws and regulations

  • requirements specified in permits, licenses or other forms of authorization

  • orders, rules or guidance from regulatory agencies

  • judgments of courts or administrative tribunals

 

Compliance obligations also include other interested party requirements related to the EMS which the organization has to or chooses to adopt, including:

  • agreements with community groups or non-governmental organizations

  • agreements with public authorities or customers

  • organizational requirements, like corporate policies and procedures

  • voluntary principles or codes of practice, like trade group or other standards

  • voluntary labeling or environmental commitments

  • obligations arising under contractual arrangements with the organization

  • relevant organizational or industry standards

 

How Do I Create an Effective Legal Register?

 

When you know the relevant and applicable requirements, then you can assess how your organization will comply – what the practical steps are that allow you to know that your organization is in compliance.  This might include inspections, training, documentation, reports, plans or procedures.  These are the actionable requirements – things someone must do.  Take the practical things that must be done to comply, and create an action item tracker, to-do list, or compliance calendar that reminds all parties involved what, how, when, who and where the compliance documentation is stored.

How Do I Keep My Legal Register Up-to-Date?

Inherent in this process is having access to the cited requirements.  This can take many forms, but the key here is to make sure there is a mechanism for staying up-to-date with new requirements and changes.  For U.S. federal requirements, the latest (within a day) regulations are codified at ecfr.gov.  State agencies often have ‘listserv’ subscriptions you can sign up for.  Don’t forget local (city and county) requirements, particularly in the major metropolitan areas.  If you’re lucky, you belong to a trade group that provides information specific to your industry.  For non-regulatory compliance obligations, the methods for staying on top of the requirements can vary widely.  And of course, all of this must be documented as well.

How Do I Integrate My Compliance Obligations?

The legal register should not stand alone – it is not an isolated document.  Review the register and look for ways to make sure it is linked to other key elements of the standard:  interested parties, environmental aspects, objectives, operational controls, training, and communications, to name a few. The environmental aspects and compliance obligations (legal register) are foundational pieces of the EMS and your attention and review to both of them is key to a successful EMS. 

How Do I Test My Legal Register?

If you can’t see how the environmental aspects fit with the compliance obligations, there is more work to be done.  If the compliance evaluation doesn’t effectively assess compliance with the obligations listed in the legal register, there is a gap.  If there are no processes to address compliance requirements, then compliance cannot be assured.  If compliance obligations aren’t included in the management review, then leadership is missing out on key information. All of these processes should be contributing to continual improvement. And finally, if there is no process for communicating the information in the legal register, there is a big gap in supporting the staff responsible for implementing the EMS.

In Summary

In summary, to evaluate whether you have an effective ISO 14001:2015 legal register, ask yourself five questions - does my legal register:

  • Identify relevant and applicable regulatory and other requirements (compliance obligations (6.1.3) and interested parties (4.2))? (e.g., Federal, state and local regulations; standards; company corporate programs; customer or contractual requirements)

  • Describe how those requirements apply to the organization, and what actions are required and taken to assure continued compliance (4.3, 6.1.4)?

  • Access the details of the cited requirements, and is it maintained in an up-to-date and documented form? Is it reviewed on a regular basis? Does it include a system for learning about new or changed requirements? (6.1.3)

  • Integrate with other elements of the EMS?​

  • Environmental Aspects (6.1.2)

    • Compliance Evaluation (9.1.2)

    • Management Review (9.3 (b)(2))

    • Continual Improvement (10.3)

  • Environmental Aspects (6.1.2)

  • Communicate how the compliance obligations are assured (7.4.1)?

 

Conclusion

 

It’s all in the details.  Make sure you have a copy of the standard and are using it to build and check your system.  That way, there won’t be any surprises at your next surveillance or re-certification audit.

Need help? Check out our EMS forms and templates in our ISO Help Store, or schedule time for a one-on-one phone call with an ISO Auditor at our ISO Help Consult page. We have a five-step process for building legal registers and it's much less expensive and much quicker than engaging a consultant. Contact us directly to find out more.

Interested in more information on our comprehensive suite of environmental services? E-mail us to request a copy of our Statement of Qualifications.

About the Author

Joyce Kristiansson, M.S., is a Certified Environmental Professional Auditor and part-time registrar auditor for an ISO certification body.  With more than 35 years of environmental experience, including twelve years in ISO 14001 Environmental Management Systems, Joyce has experienced EMS systems and processes from all perspectives:  developing, maintaining, sustaining and auditing (both internal and certification).  Recognizing the improved environmental performance and positive financial results that can result from an effective EMS, Joyce wants to make the process as simple and inexpensive as possible so that small and medium-sized businesses can have the same competitive advantages as larger companies - without using a consultant.