The Party’s Over (Almost)
The nitty-gritty of meeting the revisions of ISO 14001
by Thea Dunmire
In 1967, Willie Nelson released an LP called "The Party’s Over." In the title song, Nelson laments, "Turn out the lights, the party’s over. They say that, all good things must end.’’1
The most recent revisions of ISO 9001 and ISO 14001 are scheduled to be published as final revised standards in 2015. The revision process will be over, but then the real work starts. Users will need to figure out how to modify their management systems to conform to the new standards.
For ISO 14001, the environmental management system (EMS) standard, this is the first major revision and restructuring since it was initially published in 1996. There was a revision in 2004, but it focused on clarifying the existing requirements. The new revision is quite different—a total restructuring and rewrite, with little that remains unchanged.
There are two primary drivers for the changes currently being made to ISO 14001. The first is the requirement for alignment of International Organization for Standardization (ISO) management system standards in conformance with the requirements set out in Annex SL of Part 1 of the ISO/IEC directives.2
According to ISO, this change was made to facilitate the implementation of integrated management systems by organizations that want to certify they are in conformance with multiple ISO management system standards. Annex SL requires that all ISO management system standards use the same required high-level structure, consistent defined terms and the same "shall" clauses for core management system elements.
The second revision driver is a requirement to address the themes set out in what is referred to as "The Future Challenges Report."3 This document, finalized in 2010, sets out 11 themes to be considered or addressed in the ISO 14001 revision.
Among the recommendations in this report are:
- Introduce a more systematic approach for identification of, consultation and communication with stakeholders on environmental issues.
- Address the concept of demonstration of commitment to compliance.
- Strengthen link to strategic planning.
- Address life-cycle thinking and a value chain perspective more clearly.
Obvious and less apparent changes
Taken together, these two drivers have resulted in a standard that is longer, with interactions between the clauses that are more complex. It is more prescriptive in some clauses, yet provides more flexibility in others. There are both obvious changes and changes that are less apparent.
First, the obvious changes:
The most obvious change to ISO 14001 is structural. The clauses of the previous version that are retained have moved and been renumbered, and requirements have changed location within the standard (management review, for example) or been eliminated (record control, for example). The overall plan-do-check-act structure of the standard is gone.
Figure 1 shows the following:
- Determination of the scope of the EMS is part of clause 4.
- The requirements for the organization’s policy can be found in the leadership clause (clause 5).
- The ISO 14001:2004 planning requirements are now split between clauses 4 (context of the organization) and 6 (planning).
- The implementation requirements have moved to clauses 5 (leadership), 7 (support) and 9 (operational planning and control).
- The checking requirements can now be found in clauses 9 (performance evaluation) and 10 (improvement).
- Management review is part of performance evaluation in clause 9.
The second obvious change is that virtually every requirement to establish, implement and maintain a procedure is gone from the new version. In the current draft, ISO/DIS 14001:2014, the only requirement left for a procedure is for emergency response.
Requirements for procedures have changed to performance requirements. There are no longer requirements to have a specified way of carrying out particular management system activities. The requirement is to achieve a stated output.
Some of the requirements for a procedure have been rewritten as requirements to establish a process. A process is not a procedure. A procedure is a specified way of conducting an activity. A process is defined, in accordance with Annex SL, as a set of interrelated or interacting activities that transforms inputs into outputs. Again, the focus of the requirements is primarily on the outputs to be achieved, not the way the organization seeks to achieve them.
ISO 14001:2004 requires an organization to have a procedure in place that results in individuals being aware of the requirements of the EMS and of their related roles and responsibilities (clause 4.4.2). For conformance with the 2004 standard, the focus is on establishing effective procedures to achieve employee awareness.
Auditors can determine conformance with the standard by first reviewing the adequacy of the procedures in place, and then sampling to determine the effectiveness of the procedures in achieving the desired results—in this case, awareness of individuals’ EMS roles and responsibilities.
ISO/DIS 14001 states, "Persons doing work under the organization’s control shall be aware of … their contribution to the effectiveness of the environmental management system" (clause 7.3). For conformance with the revised standard, therefore, actual awareness on the part of each covered individual is the requirement.
Having procedures in place to achieve awareness will be less important. To determine conformance, auditors will need to devise ways of determining actual awareness on the part of numerous individuals. In this case, it is awareness of their individual contribution to the effectiveness of the EMS.
Awareness on the part of every person doing work under the organization’s control may be difficult for organizations to achieve—yet this seems to be what the revised standard may require.
Another readily apparent change is related to documentation. In accordance with Annex SL, the use of the words "document" and "record" in the 2004 version of the standard have been replaced by the phrase "documented information." Rather than separate provisions for document control (ISO 14001:2004, clause 4.4.5) and record control (ISO 14001:2004, clause 4.5.4), the revised standard has a single clause that covers creating, updating and controlling documented information.4
This change has been made in recognition of the ongoing move to managing information in electronic form rather than on paper where the distinction between documents and records can become blurred.
Less apparent changes
In addition to the obvious changes to the ISO 14001 standard, there are also changes that may be less apparent, including:
- Expanded requirements for top management (leadership) engagement.
- New requirements for engagement with external interested parties.
- Expanded requirements associated with ensuring compliance with legal requirements.
- New requirements for risk-based planning and controls.
- Expanded operational control requirements—driven by life-cycle considerations.
Taken together, the obvious and not-so-obvious changes to ISO 14001 will present significant challenges to users seeking to maintain or obtain third-party certification to the revised standard.5 That is likely one of the reasons ISO has already announced a three-year transition period for conformance with the revised standard.
The first inclination for many organizations may be to take a wait-and-see approach to the revision—in other words, to do nothing until the end of the transition period draws near. For some organizations that may be an option, but it might be important for others to start making transition plans now. There will be plenty to do.
At a minimum, organizations should begin to explore the impact the revision will have on the scope and extent of their existing management system. There will be increasing pressure from a variety of stakeholders to expand their EMS to include outsourced processes6 and the environmental aspects and impacts of any products sold.
This is particularly true for products with important life cycle considerations and end-of-life disposal concerns. An expanded management system will definitely require the investment of additional resources.
For organizations with multiple certifications or multisite certifications (several locations covered under one certification) making management system changes will likely involve getting approvals and buy-ins from multiple organizational stakeholders. This may require starting the transition planning earlier.
Resources and time will be required to make the transition for all organizations—even if the scope of the EMS is unchanged:
- Changes will need to be made to EMS documentation.
- Individuals with assigned responsibilities for the EMS will need to obtain the required competence.
- Leadership will need to be briefed on its new obligations.
- Internal audit protocols will need to be revised.
Willie Nelson’s song ends, "Let’s call it a night, the party’s over. And tomorrow starts the same old thing again. And tomorrow starts the same old thing again."
Even in song lyrics, the end of the party doesn’t mean anything must end. It is simply the opportunity to get started again.
References and notes
- To listen to Willie Nelson, go to www.youtube.com/watch?v=71n3PtdQWF4.
- Annex SL, International Organization for Standardization, www.iso.org/iso/home/standards_development/resources-for-technical-work/iso_iec_directives_and_iso_supplement.htm.
- "Future Challenges Report," ISO Technical Committee 207, subcommittee 1, www.iso14001expert.com/wp-content/uploads/2014/10/ST1-N-09-Future-Challenges.pdf.
- For more on this change, see Thea Dunmire, "Missing in Action," Quality Progress, September 2014, pp. 52-53.
- For more information about these changes, go to www.iso14001expert.com.
- The Annex SL definition of "outsource" is to make an arrangement when an external organization performs part of an organization’s function or process. Outsourced processes are to be considered within the scope of a management system under certain specified conditions. For more information, review the Annex SL guidance available on the ISO website (see reference 2).
Thea Dunmire is the president of ENLAR Compliance Services, where she specializes in helping organizations implement management systems. She has participated internationally in the development of multiple ISO standards. She is currently the chair of the ANSI Z1 auditing subcommittee, which focuses on alignment of auditing requirements across the ISO management system standards. Dunmire has a law degree from Syracuse University in New York.