If we are fully in compliance with the environmental laws and regulations, doesn’t that mean that we are fully in conformance with the requirements of ISO 14001:2004?
I came across this question very recently during one of my third party ISO 14001 environmental management system (EMS) audits. In my experience, when auditors or other environmental professionals mainly with a regulatory background are being introduced to ISO 14001 or any other EMS, the transition phase might sometimes be a little struggle. I know, because I’ve gone through the same phase.
First off, let me clarify the terminology: we will use the term “compliant” when we talk about laws and regulations and the term “conformant” when we talk about an EMS.
Let’s come back to our question: Does full compliance mean full conformance? The million dollar answer is “No”.
You can be fully compliant with all applicable laws and regulations, however you can still be nonconforming to the requirements of your own EMS and/or ISO 14001. Remember, compliance is mainly mentioned under 4.3.2 Legal and Other Requirements and 4.5.2 Evaluation of Compliance sections of ISO 14001. However, there are 16 more clauses on the standard. So you can be fully compliant with the laws, but if you have not conducted a management review meeting (which is not a regulatory requirement) or you’ve never identified potential emergencies at your site, then you will be issued nonconformities by the auditor.
This brings me to another conflict between Evaluation of Compliance and Internal Audit:
Evaluation of compliance (4.5.2) is mainly evaluating your facility’s compliance with the applicable legal and other (i.e. corporate, insurance, trade associations, etc.) requirements. On the other hand, internal audit (4.5.5) is evaluating whether your EMS conforms to your own identified procedures, documents and requirements within your EMS, and to the requirements of ISO 14001. In other words, during an “internal audit”, you also cover and review “evaluation of compliance”.
Please also note that “internal audit” can be conducted either internally (someone from your company) or externally (by a third party consultant). The same condition goes for evaluation of compliance. I think that sometimes, the term “internal” causes some confusion. You can easily replace this term with “EMS”, and call it an environmental management system audit, which can be conducted internally or externally as long as the objectivity and impartiality is ensured.
Hope this helps clarifying a little bit the difference between the two concepts.