Internationally recognised ISO certification brings companies an extensive range of benefits from increasing the credibility of an organisation to enhancing a company’s performance through the implementation of an effective management system. The system ensures consistency and compliance throughout the organisation which in turn increases efficiency and productivity.

Whether your organisation already has achieved ISO certification and have an approaching audit, or you are seeking to gain certification for the first time, it is important to understand the ISO standard in full, not simply to impress the auditor but to ensure you have an effective management system in place that not only manages processes and risks within in your business but also gives some assurance of compliance with legislation.

An increasing number of companies are receiving major nonconformities when audited against ISO 14001 Environmental Management Systems and ISO 45001 Occupational Health and Safety. Major nonconformities can act as a barrier in either gaining or retaining ISO certification.

The problem:

Many companies are not conforming with clause 9.1.2, ‘Evaluation of Compliance’. It is important to understand the clauses which relate to clause 9.1.2, and clause 9.1.2 itself, to ensure you do not risk losing your certification.

Many organisations are simply identifying the legal requirements (clause 6.1.3) and putting controls in place (clause 8.1) however, this alone is not enough. How do you know the controls you have put in place are working and that you are compliant with the applicable legislation (clause 9.1.2)?

Step 1: Clause 6.1.3 “Determination of legal requirements and other requirements”

This clause is about identifying and understanding which legal requirements and other requirements are applicable to your organisation, determining how they apply to your organisation and taking this into account when establishing, implementing, maintaining and improving your management system.

Step 2: Clause 8.1 “Operational planning and control”

This clause relates to putting the controls in place to make sure you are compliant. For example, consider operational control for environmental aspects/impacts and a hierarchy of controls for identified hazards.

It is important to put controls in place to meet the legal requirements you have identified under clause 6.1.3.

Step 3: Clause 9.1.2 “The organization shall establish, implement and maintain a process(es) for evaluating compliance with legal requirements and other requirements”

Clause 9.1.2 requires you to prove you are compliant with the legislation identified and provide evidence of this. For example, what processes do you have to check you are compliant? This may include activities such as regular inspections and audits. It is great if you are doing this already, however, remember it is important to document this as the clause states “the organization shall retain documented information as evidence of the compliance evaluation result(s).”

The solution:

There is no set rule as to how to demonstrate your compliance to clause 9.1.2, management systems are designed to enhance your company and therefore you should identify a solution which works for your organisation.

One suggestion would be to add a couple of columns into your legal register so that you have the legislation, how this applies to your organisations, what you do to check compliance and the current status of compliance, which hopefully will state ‘Yes’. Another option would be to retain documented information on the checks you have done or the audits you have conducted to establish your compliance status.

If you would like more support to ensure you are compliant with legislation or to discuss how we can manage your compliance obligations please contact us on 0333 123 9001 or email

Cheryl Savage

Management Systems Trainer & Consultant