Carlos Pereira da Cruz
December 1, 2020
Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
All required policies, procedures, and forms to implement an ISMS according to ISO 27001.
Train your key people about ISO 27001 requirements and provide cybersecurity awareness training to all of your employees.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.
All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.
Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.
Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.
All required policies, procedures, and forms to implement a QMS according to ISO 9001.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.
All required policies, procedures, and forms to implement an EMS according to ISO 14001.
Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.
Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.
All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.
Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.
Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.
All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.
Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.
Compliance products for the European Union’s Medical Device Regulation.
All required policies, procedures, and forms to comply with the EU MDR.
Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.
All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.
Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.
All required policies, procedures, and forms to implement a BCMS according to ISO 22301.
Implementation products for testing and calibration laboratories according to the ISO 17025 standard.
All required policies, procedures, and forms to implement ISO 17025 in a laboratory.
Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.
All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.
Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.
All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.
Implementation, maintenance, training, and knowledge products for consultancies.
Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.
All required policies, procedures, and forms to implement various standards and regulations for your clients.
Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.
Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.
Implementation, maintenance, training, and knowledge products for the IT industry.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance, training, and knowledge products for essential and important organizations.
Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for manufacturing companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for transportation & distribution companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for schools, universities, and other educational organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for telecoms.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for local, regional, and national government entities.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for hospitals and other health organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the medical device industry.
Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the aerospace industry.
Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the automotive industry.
Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for laboratories.
Documentation to comply with ISO 17025 (testing and calibration laboratories), ISO 9001 (quality), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
All organizations interact with the environment, and, most likely, that interaction is subject to compliance obligations, established either by governments, by local authorities, by customers, or by industry organizations. So, an important activity within any Environmental Management System is to periodically evaluate the organization’s compliance, communicate the results to top management, and develop actions to overcome any detected situations of noncompliance.
ISO 14001 considers as compliance obligations mandatory requirements, like laws and regulations, as well as voluntary requirements, like the ones included in contracts or codes of practice, and even expectations of relevant interested parties. Voluntary requirements become mandatory once an organization decides to embrace them.
Implementing an Environmental Management System and getting ISO 14001 certification requires determining all compliance obligations applicable to an organization and complying with them. This requirement is so important that top management assumes that commitment in a public and highly visible document called the Environmental Policy. You can learn more about environmental policies from this article: How to write an ISO 14001 environmental policy.
Organizations start by determining compliance obligations and, for each one, determining the requirements and actions needed. See an example in the table below:
Then, organizations need to know if those compliance obligations are applicable. So, after determining compliance obligations, the organization has to determine how it interacts with the environment. This is done by determining environmental aspects to confirm which are applicable compliance obligations. To learn more about the environmental aspects, read this article: Catalogue of environmental aspects.
Some compliance obligations are always applicable; if the organization determines a certain environmental aspect, then it is automatically applicable. For example, if an organization discharges industrial wastewater, that discharge must be authorized by a license issued by a competent authority, and the quality of such wastewater must comply with the requirements established either by general regulations or by a particular license. If the organization does not generate industrial wastewater, then compliance obligations related to that are not applicable.
Other compliance obligations depend on the quantities involved. For example, in certain countries the consumption of electricity or solvents above a certain amount per year makes a set of requirements and obligations applicable, while below this limit value, these obligations are not applicable. You can see an example below.
To learn more about environmental aspects and obligations, read this article: 4 steps in identification and evaluation of environmental aspects.
Compliance evaluation is about periodically comparing compliance obligations requirements and the actual situation of an organization. In order to achieve this, an organization has to keep an updated list of compliance obligations and compliance obligations requirements.
Firstly, you have to check if compliance obligations are applicable, and then translate them into a set of specific requirements, known as compliance obligations requirements. For example, in some countries, compliance obligations about volatile organic compounds are only applicable if an organization works in certain economic sectors and if annual consumption is above a certain amount.
Once you determine the compliance obligations, you can start getting a picture of the current situation: Does your organization comply with the requirements arising from its compliance obligations?
In some cases, the answer will be a clear yes. In another cases, the answer will be a no or a partial compliance only – for example, comparing last year’s electricity consumption with the threshold level in the regulation to check if the organization is still on the non-applicable side, or checking that the industrial wastewater discharging license is still valid and quality parameters are complied with.
In order to respect the commitment made in the Environmental Policy, according to ISO 14001:2015, all situations of total or partial non-compliance must be eliminated and converted into a state of compliance through a set of actions. Those actions to implement a state of compliance will change the organization’s way of working and create a new reality.
One way of checking the effectiveness of those actions is through an internal audit (clause 9.2). However, an internal audit is always based on a sample. In order to have a complete picture of the situation, concerning the compliance obligations, an organization with an Environmental Management System according to ISO 14001:2015 has to perform a systematic compliance evaluation (clause 9.1.2). All compliance obligations requirements have to be checked; just sampling is not enough. This checking operation should be done by someone with knowledge and understanding of compliance obligations. In some organizations, that checking operation is done by a compliance officer; in others, it’s done by the environmental manager or even the quality manager.
To learn more about the internal audit process, read this article: Five Main Steps in ISO 9001 Internal Audit.
According to ISO 14001:2015, compliance evaluation is done based on the requirements of clause 9.1.2, which can be translated into:
Frequency – determine the frequency of compliance evaluation according to the needs of the organization. Different organizations in different economic sectors, with different past performance, and subjected to different degrees of changes in compliance obligations can have different frequencies. While determining frequency, particular importance must be given to the potential consequences of non-compliance for the environment.
Execution – perform the compliance evaluation and keep records of the results of that assessment. Be sure that the person or team responsible for assessing compliance obligations is/are competent. Competence includes knowledge of legislation and regulations and knowledge of the organization’s activity.
Reporting – report the results of the assessment to top management. Top management cannot claim ignorance of the environmental compliance situation.
Action – act when the results of the compliance evaluation identify non-compliances to restore the state of compliance. When appropriate, treat a non-compliance as a non-conformity.
Communication – When applicable, communicate with official entities.
Status – the organization knows it status against compliance obligations and understands its situation.
A periodic compliance evaluation exercise is important to ensure that the organization and its top management are aware of their situation regarding their compliance obligations, that they communicate what is relevant and required to external competent entities, and that they act in a timely manner to correct any situations of non-compliance and abide by their commitments. A well-done compliance evaluation is a due diligence exercise that can prevent fines, a bad reputation, and even the closure of facilities imposed by authorities.
To learn more about the evaluation of compliance and other requirements of ISO 14001, download this free white paper: Clause-by-clause explanation of ISO 14001:2015.
You may unsubscribe at any time. For more information, please see our privacy notice.