Defining and implementing operational control in ISO 14001:2015
One of the most critical clauses of ISO 14001:2015 is Section 8, which deals with “Operational planning and control.” Given that the very foundation of the 14001 standard is mitigation and control of an organization’s environmental impact, it is easy to see that effective operational planning and control lies at the heart of every effective EMS (Environmental Management System). So, given that this element is so important, it stands to reason that special care must be taken to ensure that all necessary precautions are completed to define and implement controls in an intelligent and efficient manner. In that case, what is the best way to undertake this task?
Definition and implementation of operational controls
The standard states that the methods defined to ensure operational control will be dependent on the organization’s activities, legal obligations, and significant operational controls. Therefore, an organization must decide how to construct and combine processes to ensure that total operational control of its environmental aspects is achieved. These methods of defining and implementing controls may include:
- constructing processes to ensure consistent results
- considering the life cycle of a product when establishing controls
- using technology to ensure results
- ensuring personnel are competent
- performing processes in a certain way
- monitoring and measuring of results
- deciding on the amount of documented information required to support the above
Therefore, it is clear to see that while organizations are given the scope to decide on the best practice for ensuring operational control, there are other vital elements. It is also vital that you consider what parts of your operational control process you need to record as documented information. Training methods and records are mandatory, and it may well be that processes of any complexity may need to be documented to ensure you can maintain necessary operational control to provide a consistent product or service.
Operational control of outsourced processes and services
So, what do we need to examine, define, and take action on to control in terms of outsourced processes? Well, given that the organization remains responsible for all activities and impacts of the outsourced provider, the 14001:2015 standard informs us that we must assess, define, and maintain control over the following elements – as well as recording them in “documented information”:
- resources knowledge, and, training/competence
- the ability of the provider to meet the stated EMS objectives
- the technical competence of the organization to define and assess the controls
- the potential effect of the product or service on environmental aspects
- how the control is shared between the parties
- how control is achieved via a procurement process
- opportunities for improvement
If an outsourced service provider is geographically close to the organization, then it stands to reason that the organization’s control over environmental impacts may be great. Conversely, if a service provider is in a remote location, then direct control over the resulting impacts may often be lessened. This is recognized by the standard; however, the following elements must be defined and actions put in place to control:
- environmental aspects and impacts
- risks and opportunities related to the organization’s goods or services
- compliance and legal obligations
Lastly, the standard reminds us that “interested parties” must be considered, as well as the environmental impact found during delivery, disposal, and end-of-life of product as well as general use. So, are there any general tips we can take on board to help us define and implement these controls?
Operational controls: Things to bear in mind
The standard allows an organization to define and action its own operational controls according to the industry it operates in and the aspects that arise from the resulting product or service. Despite that, there are certain elements of operational control that the ISO 14001:2015 standard insists be assessed, controlled, and captured as documented information, whether in the environmental policy itself or as separate documents:
- Legal and compliance requirements must be met.
- Environmental objectives must be assessed and set.
- Internal processes must be defined.
- External and outsourced processes must be defined and controlled.
- Training and competence needs must be assessed, implemented, and reviewed.
- Analysis and improvement measures must be undertaken.
Obviously, the standard itself must be consulted to ensure that all requirements are met, but considering the elements above will ensure that your operational control is defined, planned, and executed properly. In A new approach to documented information in ISO 14001:2105 we looked at the change in requirements that the 2015 standard brought, but you need to carefully consider what parts of your process need to be documented, and what the risks of not having documentation might be, according to your activities and their impacts. It may be that documented processes increase your chances of consistent behavior and, therefore, objectives being achieved. Similarly, considerations on what level of control and documented information need to be made in regard to how your outsourced product or service is managed – the key thing is that you need to realize that your organization retains responsibility at all times. Strong and accurate reporting of your outsourced services from the organization’s service providers is the key to ensuring that the environmental objectives can be met and the significant impacts dealt with. Treat your planning, definition, and implementation of operational controls with the utmost importance, and your EMS performance will benefit.
Why not try this free Internal Auditor Course to help you understand this and other ISO 14001:2015 elements better?