One of the most difficult aspects of maintaining an Occupational Health & Safety Management System (OHSMS) compliant with ISO 45001 is keeping up with changing legal requirements. On the one hand, your organization must pivot when necessary to meet these new requirements, but you must be careful not to fail to meet other requirements you set for your OHSMS.
ISO 45001 contains two clauses that, when taken together, can help you to implement a continuous cycle of identification of new requirements, updating your OHSMS, and evaluating compliance with both old and new requirements.
ISO 45001 clause 6.1.3 “Determination of legal requirements and other requirements” and clause 9.1.2 “Evaluation of compliance” are related in an overall process to manage OH&S legal requirements in the OHSMS.
What does clause 6.1.3 require?
ISO 45001 requires that your OHSMS include a process to determine the up-to-date requirements that are applicable to your hazards, OH&S risks, and the OHSMS in general, which will include legal requirements. This process then needs to determine how these requirements apply to your organization, and how you need to communicate information about the requirements, such as legal reporting. You need to have documentation about what these requirements are, and ensure that it is updated to reflect changes in the requirements.
You then need to take these requirements into account as you put in place all of the processes of your OHSMS. Clause 6.1.3 is part of a larger set of requirements where you:
- identify your OH&S hazards, as well as the risks and opportunities associated with the hazards and the OHSMS;
- determine the legal and other requirements that we just discussed; and
- perform planning actions to address all of these (per clause 6.1.4).
These planning actions are then put in place for your operations to control the prevention of injury and ill health in your workplace, including gathering data to assess the controls and communication both internally and externally.
You can read a bit more on the identification and management of OH&S legal requirements in the article: How to identify and comply with legal requirements in ISO 45001.
What does clause 9.1.2 require?
ISO 45001 includes clause 9.1.2, Evaluation of compliance, as part of the larger clause on monitoring, measurement, analysis, and performance evaluation. It is in this clause that the standard requires you to have a process in place to evaluate if you meet the legal requirements and other requirements that were identified and documented in clause 6.1.3.
This process must include determining how often this evaluation of compliance needs to happen, conducting the evaluation and taking any necessary actions, and determining a way of knowing and understanding whether or not you meet your OH&S legal and other requirements. The clause also requires that the results of your compliance evaluation be documented.
In short, clause 9.1.2 is there to have you check that you are meeting the OH&S requirements that you have identified as applicable to you.
Performance against legal requirements is only part of the OHSMS performance evaluation, and you can read a bit more in the article: How to establish and evaluate key performance indicators for ISO 45001.
The cycle of legal requirement identification and compliance evaluation
So, what the ISO 45001 standard requires overall is that you identify your legal requirements, list them out, have a way of keeping up to date on changes in clause 6.1.3, and then check that you are actually meeting these requirements as part of compliance obligations in clause 9.1.2. Although these clauses are separate in the standard, they are really both part of one larger process of making sure that you meet your OH&S legal and other requirements.
It should be noted that this is not a one-time thing. The process of identifying OH&S requirements needs to have a way to continually check for changes and updates to these requirements, because if the requirements change, then your response to them will need to change as well. Likewise, you will need to routinely evaluate your compliance with the OH&S requirements to ensure that you continue to meet them on an ongoing basis.
This is often where organizations have problems with their certification audit. They have the process in place to identify and document the OH&S requirements, but they fail to check that they actually meet the requirements and document that they have done so.
The importance of the OH&S requirements cycle
One of the things that can be easily forgotten when dealing with occupational health & safety is that requirements change, as does our ability to meet those requirements. Since we are always striving to improve our ability to prevent injury and ill health in the workplace, some changes for improvement may mistakenly drift away from meeting the requirements that have been identified.
This cycle of continually checking what the OH&S requirements are, and also routinely checking that you continue to meet those requirements, ensures that you do not end up in a situation where you accidentally fail to do what is required of you in your OHSMS.
Simplify compliance with OH&S legal requirements using our ISO 45001 Premium Documentation Toolkit that includes the Procedure for Determining Context and Interested Parties, List of Interested Parties, and Compliance Evaluation Record.