Subject: ISO 14000 Forum
ISO 14000 Forum is a publication of ISO 14000 News and Views. It is intended to provide our readers with an oportunity to ask questions, provide feedback and make announcements. Please respond to both the reader and ISO 14000 News and Views at enlaw@lawinfo.com.
SOME THOUGHTS ON REGULATORY COMPLIANCE AND ISO 14001
Regarding the thread on how important compliance to environmental laws and
regulations is with respect to registration: I recently went through the
qualification process to qualify for conducting ISO 14000 EMS audits for a
major European Registrar. The position of that Registrar (which I am not
naming only because I have not received their permission to post this) is
that if a noncompliance to an environmental law or regulation is found, then
that is grounds for automatic failure of the registration audit. This is
because compliance with laws and regulations is part of the policy statement,
and is therefore a basic component of the EMS. If a company isn't complying
with the laws and regulations, then how can one say that its EMS is
effective? And if it isn't effective, then why should it be registered?
James L. Smith
jlsprof@aol.com
RESPONSE
1. The position of the registrar is clearly incorrect. The policy must
include a COMMITMENT to comply. Should a non-compliance occur, the system
should provide for corrective and preventive action. If the auditor reviews a
summary report of the company that lists non-compliances for a specified time
period, there should also be included within that summary what steps have
been taken to prevent such re-occurrences. To state that once there have been
non-compliances, the system is not valid is incorrect.
2. If you mean that the auditor DISCOVERS a legal non-compliance, then it
depends on the situation. If the company knew about it and did nothing,
that's a problem. If the company did not know about it prior to the auditor's
discovery, then some investigation into the company's system of internal
auditing is warranted.
3. In all of the above cases, nothing should be an AUTOMATIC
disqualification. There needs to be communication and discussion. The system
is being audited, the commitment to comply is being audited. There will be
many who say that the auditor will hardly ever, if ever, discover a
non-compliance because he/she should not be doing a compliance audit.
4. Finally, you did not disclose the name of the registrar but I think that
is important and the registrar representative should clearly explain their
policy.
Alan Schoffman
TEAM 14000, Inc.
aschoffm@aol.com
In general, whether regulatory noncompliance would be considered
noncomformance per se would probably depend on how the organization drafted
its environmental policy but a failure to address the noncompliance would
almost certainly constitute nonconformance with ISO 14001. Whether this
would create a paper trail would depend on the procedures and documentation
practices adopted for corrective action. There is no explicit ISO 14001
requirement that the corrective action be documented other than changes in
documented procedures must be recorded. However, there may be some pressure
on the organization to document these practices to make the system easier to
audit.
Frankly, it is unlikely that any communications from the registrar could be
kept confidential under the attorney-client privilege since the privilege
applies only to communications between attorney and client for the purpose
of obtaining legal services that are intended to be confidential. Since the
registrar is not a client of the organization's attorney, the privilege will
generally not apply.
Also, should the organization become involved in litigation, it is highly
likely that the correspondence between the registrar and the organization
would be discovered and reviewed by the adverse parties. A discussion of
regulatory noncompliance would at best add to the costs of defending the
lawsuit since the opposing attorneys would probably depose everyone
connected with communcations about noncompliance including the registrars.
At worst, someone at the organization could go to prison.
I do not intend to imply that registration or certification under ISO 14000
is imprudent because of legal risks but these risks should not be ignored.
Companies with serious noncompliance issues would probably be better off
getting their acts together before proceeding with certification.
Also, I recently wrote an article discussing the issues that attorneys
should consider when advising clients on implementing environmental
management systems based on ISO 14000 and am in the process of writing
another article intended for a more general audience. If anyone is
interested in getting a copy, please let me know. Abstracts of articles on
general compliance and permitting topics can be viewed at my website.
Bert P. Krages
Attorney at Law
900 S.W. Fifth Avenue, Suite 1900
Portland, Oregon 97204
(503) 226-3662
(503) 226-6304 (facsimile)
krages@ teleport.com
http://www.teleport.com/~krages/
To keep the debate going. . .
Since third party auditors are supposed to be using ISO 14001:1996 as the
audit scope, what does the standard say regarding compliance issues?
4.2 (c) says that the policy "...Includes a _commitment_ to comply with
relevant environmental legislation and regulations, and with other
requirements to which the organization subscribes;" [my emphasis]
4.3.2 "The organization shall establish and maintain a procedure to
identify and have access to legal and other requirements..."
4.3.3 "When establishing and reviewing its objectives, an organization
shall consider the legal and other requirements,..."
4.5.1 "The organization shall establish and maintain a documented
procedure for periodicall evaluating compliance with relevant
environmental legislation and regulations."
I do not read in the standard that "being in compliance" is a requirement.
Can an organization perform these above requirements and still be out of
compliance? I would guess yes. I believe non-conformance depends upon
how the organization's system responds to discovering the compliance
issue. Having worked in industry and consulting, my experience would be
willing to lay some money on the table to say that if being out of
compliance with a single regulatory mandate is grounds for failing an EMS
audit, I could count on one hand all organizations who would have a 14001
certificate to hang in their lobby.
For what it's worth,
Russ DeVilbiss
ISO 14000/EMS Product Manager
ERAtech Environmental, Inc.
rdevilbiss@eratech.com
800.848.4990 x126
937.859.8998 x126
(f) 937.859.9132
I cannot agree with this statement more. In fact quoting from ANSI-RAB EMS
NAP Document 3.0 Section 4.1.3.1 Middle of paragraph one "Data on
compliance with relevant legislation and regulations gathered during the
registration review and surveillances are relevant and necessary to
determine whether the organization conforms with the standard." Paragraph
two goes on to say "A registration audit is an audit of a management system
to determine conformance to the standard and while compliance is a part of
the management system, the registration audit is not an audit of the full
compliance with all applicable regulatory requirements."
I believe the standard the Registrar community is held to is quite clear on
this point. Registrars DO NOT evaluate compliance. Registrars evaluate if
the organization is adequately evaluating compliance with relevant
environmental legislation and regulations. E 3.0 states clearly that an
organization can be registered even if observed noncompliances exist
provided the organization addresses them and when taken in aggregate such
noncompliances are not determined to indicate a major nonconformity.
Additionally, registrars are not allowed to "whistle past the graveyard."
Again from E 3.0, section 4.1.3.2 requires registrars to have a method of
handling noncompliances that are discovered during a registration audit and
the method must comply with relevant law. The registrars that I am aware of
typically "handle" this by notifying the Management Representative (in
writing).
To continue this thread a little further, allow me to toss out the question;
Does (or should) a regulatory noncompliance represent an EMS nonconformance
from the standpoint of internal to the organization? For example, an
employee of an organization during the course of his normal duties observes
a regulatory noncompliance. Should the EMS consider this to be a
nonconformance? What would be the pros or cons of doing this? Would this
create a noncompliance "paper trail" that could be discovered by regulatory
agencies? Or can it be "cloaked" under attorney privilege?
I look forward to your comments.
Robby G. Smith
robbys@mhent.com
Oh god -- re: Don Sutherland's recent post, most of which I agree
whoelheartedly with, but -- Compliance auditing is very different from EMS
auditing; CPAs, without additional training (like graduate school) in
environmental topics, are not qualified to deal with either, in my opinion.
They are related because environmental compliance, as documented through
audits, public disclosure, or any other appropriate methods, is the baseline
for ISO 14000. If you are out of compliance, as measured by whatever
yardstick, your EMS is out of conformance. Period.
My worst (ISO) fear is that "an army of CPA auditors" will somehow get their
mitts on EMS auditing the way they screwed up ISO 9000 (and I know a lot of
CPAs, most of whom have the good sense to stay out of things they aren't
qualified to deal with, like EMSs).
Cheers. Leslie Wildesen (Member, US TAG to TC 207)
Re: Importance of compliance with environmental laws for ISO 14001
certification/registration
I have been involved in a couple EMS implementation projects in Taiwan at
sites that have gone on to receive ISO 14001 certification. I am surprised
to hear that a European ISO 14001 certification body will not certify a site
that has "a non-compliance" with relevant laws. If that is the case, then
the European certification bodies operating in Taiwan (i.e. DNV, SGS,
Lloyds, TUV) have all certified companies in violation of the registration
body's "position" mentioned in a previous posting (included below for
reference). Among other reasons, it is simply impossible to comply with
certain environmental regulations in Taiwan (specifically, regulations for
disposal of hazardous industrial solid waste -- the laws exist, but legal
disposal facilities do not).
It is my understanding that a certification body in Taiwan will reject (more
likely delay) certification if an organization *consistently* operates
outside of compliance. If an organization's records demonstrate occasional
instances of non-compliance, then that organziation must have programs in
place to bring it into compliance.
As for the problem concerning haz. solid waste disposal, organizations that
generate such waste must demonstrate to the certification body that they are
addressing the issue. One company I know of does this by showing that it
actively participates with other manufacturers and the government to find
solutions to the lack of disposal facilities. Apparently, this is good
enough for the certification body; the company has just passed its first
follow-up assessment.
I hope to see further discussion/clarification on how certification
companies handle the legal compliance issue, especially when regulatory
contradictions or other complications make it extremely difficult for
organizations to comply with the law. Perhaps different certification
standards and guidelines are used out here in East Asia. Perhaps
certifiers' governing boards are just too far away.
ISO 14001 implementation seems to be growing fastest in the countries where
environmental regulatory systems are still young (newly developed, export
dependent countries). Organizations seeking certification and the
certification bodies themselves don't want to wait for the bugs to be worked
out of the legal system.
ISO 14001 CONSULTANTS WANTED FOR PAKISTAN
Dear Mr. Rosenbaum:
I would like to take this opportunity to introduce myself, to the ISO
14000 specializing law firms in the US, interested in exploring their
business in Pakistan. I am working as a Corporate Environmental
Counsel at the US based environmental firm in Pakistan, Hagler Bailly
Pakistan. I have done LL.M. in environmental law from the Pace
University School of Law, New York. The environmental law program at
the Pace Law School is ranked third in the US, according to the US News
of World Report, 1996.
Presently, in Pakistan there is a big demand of consultants in ISO
14000, because the European Union from the 1st January, 1998 will not
allow any imports which do not have ISO 14000 Certification. Also, in
order to compete in other international markets, all Pakistani
businessmen will be needing ISO 14000 Certification.
If any consultant or law firm interested in exploring the Pakistani
market, then please tell them to contact me at the adress below:
Jawad Hassan, Advocate
Hagler Bailly Pakistan
Center One, #1, Street 15
Khayaban e Iqbal, F 7/2
Islamabad 44000, Pakistan
Tel: ++ 92-51-276113
Fax: ++92-42-824484
ISO 14001 SELF CERTIFICATION
We are planning our 14001 effort. I am trying to get a
clear idea of the requirements for self-declaration. It is
my undersatanding that for self-declaration, we create our
EMS policy, processes necessary to follow it, and
continuosly improve. If someone asks us, we declare that
we meet 14001 requirements. If we are doing things right,
we will have documentation that proves we are doing the
job. Do we need a certification body or authority to
declare our self-declaration satisfactory or is it up to us
to prove to anyone who asks that we meet the requirements?
thanks in advance.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"This book has nothing but words in it!"
Will, my four year old, after looking at a dictionary
David Turner
YSI Safety Coordinator
1725 Brannum Lane
Yellow Springs, Ohio 45387
Email: DTurner@YSI.com
Phone 1-513-767-1685 ext. 270
Facmetaphor: 1-513-767-9353
MULTI-STATE ISO 14001 WORKING GROUP
mr. rosenbaum. congratulations on an excellent e-mail news edition (27 may)
regarding iso 14000 and related issues. fyi: the multi-state working group on
environmental mangement systems has developed a draft project evaluation matrix
for "guidance on the evaluation of pilot projects evaluating the environmental,
economic and compliance performance of organizations implementing iso 14001
environmental managment systems". the matrix will allow organizations and
states to evaluate performance in the following areas:
ENVIRONMENTAL PERFORMANCE
a. envirnmental performance
b. envirnmental indicators
c. environmental compliance
MANAGEMENT PROCESS
a. management framework
b. pollution prevention
c. cost-benefit
STAKEHOLDER CONFIDENCE
a. stakeholder confidence
the matrix is being peer reviewed and should be available in early summer. the
multi-state working group is operating under the umbrella of the environmental
council of states which has asked for the development of an independent data
base which can receive iso 14001 pilot project data. states involved in the
multistate working group are: az, ca, il, ma, mn, nc, or, pa, tx, wi. data
collection and management are to be handled by the university of north carolina
- chapel hill.
jeff smoller, wisconsin dnr
REQUEST FOR SAMPLE POLICY STATEMENTS
Wayne,
Thank you for replying to my phone message the other day. We are a
small, full service environmental management consulting firm based in
Long Beach. Our service areas include the performance of EMS audits (we
are in an ANSI-RAB accredited lead auditor course this week, in fact),
training on EMS and compliance programs, as well as the development of
environmental management programs. We would like to put together and
provide it to both our clients and to our students a number of example
environmental policies (e.g. Company Policy Statements) - sanittized to
omit company names, if needed. We have several, though they are several
years old and generally do not reflect the influence of ISO14000.
Do you have any example policy statements from your clients or contacts?
We would appreciate your input. My fax number is 714-0256
We would also would be happy to participate in the forum you mentioned.
Please let us know how we can help.
Thanks!
Regards,
Steve
GCOE BRINGS TOGETHER EXPERTS ON ISO 14001 IMPLEMENTATION FOR
FOUR ONE DAY CONFERENCES IN CALIFORNIA
The Government Conference on the Environment has successfully presented
valuable seminars and workshops to both the public and private sector
for the past three years. GCOE educational programs have been developed
with the GCOE Advisory Board, having representatives from; US EPA Region
IX, Cal/EPA, The Resources Agency and private industry. The quality and
the content of these GCOE programs have been rated Excellent or Good by
more than 90% of the attendees. We are enhancing GCOE by expanding the
educational program to include one day seminars & workshops throughout
California.
HOW TO GET THE MOST OUT OF AN ISO-14000 EMS
Learn from the experts how to create and implement environmental
management strategies that reduce costs, open new markets, and improve
operational and bottom-line performance.
The Certification Process. How it works.
EPA#018#s Current Enforcement & Regulatory Policies What is the ISO 14000
relationship with audit/self-policing?
Legal Benefits and Pitfalls of ISO 14000.S What are the protections in
the areas of insurance, civil, regulatory and criminal liability
actions?
Case Studies - ISO 14000 Success Stories A tool to increase performance
and create financial incentives and benefits.
Sacramento Holiday Inn June 3, 1997
Newark-Fremont Hilton June 17, 1997
Anaheim Hyatt Alicante June 24, 1997
Marriott Mission Valley July 8, 1997
Presenters:
The workshop presentations offer a unique blend of federal, state &
local perspectives and industry hands on experience on how to create
solutions to complex environmental issues. Open discussion periods, Q &
A, networking at hosted breaks and lunch (included in registration),
enable participants to maximize learning opportunities. Presenters and
case studies may vary by location to ensure local concerns are
addressed.
CALIFORNIA CHAMBER OF COMMERCE - This organization has a comprehensive
program of publications providing help to thousands of businesses in
complying with complex government regulations.
CALIFORNIA TRADE AND COMMERCE AGENCY - A state agency designated by
the
Governor to promote economic development, financial, management and
technical assistance.
URBAN AND REGIONAL INFORMATION SYSTEM ASSOCIATION - An
interdisciplinary professional organization with interests in the
effective application of information technologies.
BAY AREA AUTOMATED MAPPING ASSOCIATION - A non-profit, professional
organization dedicated to GIS education.
ENVIRONMENTAL SYSTEMS RESEARCH INSTITUTE, INC. - For more than 25
years,
ESRI has been helping people manage and analyze geographic information.
SGS INTERNATIONAL CERTIFICATION SERVICES, INC. - A recognized leader in
quality and environmental management system registration and training.
CHAMBERS GROUP - For nearly 20 years, Chambers Group#018#s staff of urban
and regional planners, wetland specialists, archeologists, wildlife
biologists and geographers has provided a comprehensive range of
inter-disciplinary environmental consulting services.
THE LAW OFFICES OF S. WAYNE ROSENBAUM - Our purpose is to assist our
clients develop a sound overall strategy for reducing environmental
liabilities by providing legal counseling, property redevelopment
strategies (Brownfields), and other consultation concerning ISO 14000
Environmental Management Systems. We help our clients balance these
strategies against cash flow constraints and the desire to manage real
estate transactions while protecting assets for other corporate
opportunities.
Who Should Attend GCOE Workshops
City, County and State Environmental Specialists, Fire/Safety and Risk
Managers, Environmental Project Managers, Planning Directors, Industry
Compliance Officers, Federal Agencies, HazMat Managers and Specialists,
AQMD Specialists, Comptrollers, Geologists, Public Affairs Officers,
Regulatory Coordinators, Environmental Attorneys, Petroleum Executives,
Military Environmental Specialists, Consultants, Legislative Analysts,
Engineers, Environmental Data Managers, Environmental Health
Directors.
ADDITIONAL INFORMATION
Contact John Jones at GCOE
Phone: 800-877-GCOE
Fax: 916-334-5334
WWW.gcoe.net
NATIONAL ASSOCIATION OF ENVIRONMENTAL PROFESSIONALS SPONSORS
MAJOR ISO 14001 TRAINING WORKSHOP IN SAN DIEGO.
The National Association of Environmental Professionals, in cooperation with Business
Development Associates, is sponsoring what may be the premier ISO 14001 training
program of the year. The workshop will be held August 4 thorough 6 at Le Meridian San
Diego, California.
For more information contact
Business Development Associates
BDACCI@aol.com
BUSINESS AND THE ENVIRONMENT OFFERS ENVIRONMENTAL &
INTEGRATED MANAGEMENT SYSTEMS TRAINING IN SAN DIEGO JULY 21
THROUGH 24.
This course is approved for National Registry of Environmental Professionals CEQA
registration.
For more information contact
Margret Takaki
Phone 602-277-5135