Bringing sustainability and safety to the world’s most complex environments

REVISION OF ISO 14001New Developments in June 2013

This report was prepared by: Nigel Leehane and reviewed by: Bryan Hughes

900002 August 2013 2

Revision of ISO 14001

New Developments in June 2013

TABLE OF CONTENTS

1.0 Introduction

1.1 Background

1.2 Wherecanyoufindoutmore?

2.0 Environmental aspects and business risk: One or two processes?

3.0 The need for documenting management system processes

4.0 The ongoing debate about controlling the value chain

5.0 Enhanced emergency preparedness and response

6.0 What performance criteria should organisations measure?

7.0 Revised timeline and milestones for the revision process

8.0 How can CRA help with the transition to ISO 14001:2015?

3

33

4

5

6

7

8

9

10

900002 August 2013 3

Revision of ISO 14001

New Developments in June 2013

1.0 INTRODUCTION

1.1 Background

ISO 14001:2004 is being revised. The International Organisation for Standardisation (ISO) working group responsible for revising the text met at the end of June, with the objective of developing a new draft for consultation. Unfortunately, the group did not have enough time to review all comments from the previous consultation, and so the next draft will not be issued until after another meeting, scheduled for early October 2013.

However, the consultation responses on many of the clauses were addressed, with some clauses being substantially re-written. Areas of development include:

1. The relationship between environmental risks (aspects) and business risks;

2. The need for documenting management system processes;

3. Addressing the value chain in its upstream and downstream phases;

4. Emergency preparedness and response plans; and

5. Determining the criteria against which performance is measured.

Thisreporttakesyouthroughthesefiveareasofdevelopment, with the aim of keeping you abreast of the progress towards the new standard, and what you can expect once it is released in 2015.

1.2 Wherecanyoufindoutmore?

CRAwillbepublishingbriefingsthroughouttherevision process on our website. If you would like to receive updates on this and other topics, then please subscribe to our quarterly newsletter via our website. Existing subscribers will automatically receive the newslettersandanyotherISO14001briefings.

This e-book is the second CRA has produced on the revision of ISO 14001. Earlier this year, following the production of the March 2013 draft of the standard, CRA produced an e-book titled “Key Changes ProposedintheMarch2013Draft”whichidentifiedseven major changes that are planned for the standard. This e-book, which explains these changes in detail, aims to help you appreciate the key themes of the revision, and what auditors may expect from you once ISO14001:2015 is released. This ebook is still available for download from our website home page.

Nigel Leehane is one of the UK’s technical experts appointed to the ISO working group revising 14001. Please contact him on 0115 965 6700 or nleehane@cra.co.uk if you would like to know more about the changes to ISO 14001 and the implications for your organisation.

900002 August 2013 4

Revision of ISO 14001

New Developments in June 2013

2.0 ENVIRONMENTAL ASPECTS AND BUSINESS RISK: ONE OR TWO PROCESSES?

The ISO Future Challenges report on the revisionofISO14001didnotmakeanyspecificrecommendations in relation to the treatment of risk, but it did recommend the strengthening of the relationship between environmental management and the core business, especially at the strategic level and in the context of business opportunities. The High Level Structure for management systems also provided core text on addressing risk, including taking into account the organisation’s context and stakeholder expectations.

In the last draft (Committee Draft 1 (CD1)), circulated for comment earlier this year, these had been incorporated in a clause which made reference to an overall assessment of risk, including context and environmental aspects, and with subsequent requirements explaining how to identify and assess environmental aspects and identify legal requirements. Thisdidnothavealogicalflow.

The latest draft text, taking account of comments on CD1, has a new structure:

• Identifyingenvironmentalaspects;

• Identifyinglegalrequirements;

• Assessingthesignificanceofaspects,takingaccountoflegalrequirementsandorganisationalcontext;

• Evaluatingthebusinessrisksandopportunitiesresultingfromtheenvironmentalaspects;

• Planningtotakeactiontoaddressenvironmentalaspects;and

• Planningtotakeactiontoaddressbusinessrisks and opportunities.

This new approach has much to recommend it, as it clearly links environmental issues to business strategy. However, it appears to mandate a two-stage risk evaluationprocess,firstlyinvolvingenvironmentalaspects and then broader business considerations. In reality, organisations may elect to apply a single stage risk evaluation process, and it is not clear that the current text allows this.

Also, the current text under-emphasises the implications of changing environmental conditions for thebusiness.Thecurrentdefinitionofasignificantenvironmentalaspectisonethatcanhaveasignificantenvironmental impact. The evaluation of business risks, basedonsignificantenvironmentalaspects,thereforeexcludes the consideration of environmental impacts on the business, and planning for adaptation.

900002 August 2013 5

Revision of ISO 14001

New Developments in June 2013

3.0 THE NEED FOR DOCUMENTING MANAGEMENT SYSTEM PROCESSES

When developing a management system, a question often asked is “what has to be covered by a procedure?” The2004versionofthestandarddefinedaprocedureas“aspecifiedwaytocarryoutanactivityoraprocess”, which can be documented or not. A total of twelve clauses state that a procedure is needed, for example for aspects assessment, communications, monitoring and auditing. However, the only requirement for documented procedures is for operational control. In reality though, most organisations document their procedures for many of the processes in the management system, in an effort to ensure that the requirements are understood and are implemented consistently.

In some cases, the proliferation of procedures in a management system has resulted in a reluctance to follow them, as to do so would take up too much time andnotnecessarilydeliveranybenefit.Unfortunately,the term “procedure” has come to represent unnecessarybureaucracyandinefficiency.

The ISO High Level Structure (HLS) common text for management systems does not use the term “procedure”. Instead, it explains that a management system establishes a set of inter-related processes, which can be documented. The individual clauses do not specify that a process is needed to achieve the required outcome, but simply explain what that outcome should be. For example, the clause on auditingspecifiesthattheorganisationwillcarryoutaudits, but not that it has a process for doing this. The earlier explanation that a management system will bebasedonasetofprocessesissufficienttoimplythat processes will be established (and documented) where the organisation itself determines that this will beuseful.Theonlyspecificreferencetoprocessesisin the clause on operational control.

So, will the HLS ensure that the revised ISO 14001 hasamoreflexibleapproachtotheimplementationofproceduresorprocesses?Notexactly!Theworkinggroup decided that there is a need to ensure that certain environmental management processes are documented. The revised text uses the term “specify the way it will implement and maintain a process”, for thefollowingfiveEMSprocesses:

• Identificationandassessmentofenvironmentalaspects;

• Identificationoflegalrequirementsandvoluntaryobligations;

• Emergencypreparednessandresponse;

• Evaluationofcompliance;and

• Non-conformances.

So, although there is no mandatory requirement for documenting procedures for many management system processes, the revised standard emphasises the need to ensure that certain processes critical for environmental management are set out. In practice, organisations inevitably will document the way in which they intend to manage their activities and their EMSs, to ensure that objectives are achieved and policy commitmentssatisfied.Itisuptothemtodeterminethe level of documentation needed, and hopefully to develop effective and user-friendly tools (whether called “procedures”, “processes or anything else) for the job.

900002 August 2013 6

Revision of ISO 14001

New Developments in June 2013

4.0 THE ONGOING DEBATE ABOUT CONTROLLING THE VALUE CHAIN

The ISO working group did not conclude its work on the further development of requirements for ISO 14001 relating to the value chain. The previous draft of the standard focused on addressing procurement and outsourced processes, with expectations that organisations should exercise some degree of control of these, and also with regard to design. This attracted asignificantnumberofcommentsfromconsultees,some favourable and others urging caution in relation to imposing unrealistic requirements, especially for SMEs.

The response of the working group was an attempt toclarifythescopeoftherequirements,definingprocurement and outsourcing as being upstream functions, and retaining the text in relation to those beingcontrolled.Itdefinedasdownstreamthedelivery, use and disposal of products, and suggested that design and communication should be applied there. Unfortunately, this does not adequately address some of the concerns relating to the earlier draft, and it is also potentially confusing. For example, if an organisation procures a service to deliver its products, is this to be viewed as an upstream (procurement) or downstream(delivery)stageinthelifecycle?

Also debated, with no conclusion being reached by the end of the meeting, was the moving of design into the operational control clause, on the grounds that design isameansofcontrollingorinfluencingdownstreamenvironmental aspects. Obviously, the same argument could be used for the control of procurement (the 2004 version addressed the purchase of goods and services in the operational control section). The Future Challenges study recommended that more emphasis be given to the value chain, and merging design, and potentially procurement, into operational control seems a perverse way of achieving this.

It is to be hoped that the working group dispenses with the categorisation of control measures into the upstream and downstream approaches, and instead focuses on the necessary controls themselves, regardless of where they are applied in the value chain. Retaining the robust text developed previously for the management of procurement and outsourcing, and developing similarly explicit requirements for design (whether of processes, goods or services is irrelevant) would be far more helpful to the user. Also, in order to address the concerns that these requirements are too onerous for SMEs, the use of “as appropriate” would provide organisations with the opportunity to justify exclusions, where genuinely warranted.

900002 August 2013 7

Revision of ISO 14001

New Developments in June 2013

5.0 ENHANCED EMERGENCY PREPAREDNESS AND RESPONSE

“14001-conforming” organisations have a procedure for identifying and evaluating potential emergency scenarios and planning to respond in the event that an incident occurs. Many such organisations also develop emergency response plans as a key part of this process. However, having an emergency response plan is not a requirement of the 2004 edition of ISO 14001.Itsrequirementsaretheidentificationofpotential emergencies and responses, responding to emergencies, review of procedures after an emergency and periodically testing the procedures.

Thelatestdraftoftherevisedtextspecificallyrequiresthe development of an emergency preparedness and response plan, which sets out how the organisation willrespondtotheidentifiedemergencyscenarios.Thisisafarmorepragmaticapproach,reflectingactualpractices in emergency control. The remainder of the clause focuses on the application of the emergency response plan, its testing and revision.

The emergency preparedness and response clause drafttextalsospecifiesthattheresponsetoanincident should be appropriate to the magnitude of the emergency and the potential environmental impact, again applying common sense to an important area of environmental management. There have been too many examples of organisations responding inappropriately or too robustly to an incident, resulting in greater impacts than those from the emergency situation itself.

As always, organisations should ensure that emergency preparedness and response plans are modifiedtoreflectchangingcircumstances,andthat these new requirements are documented and communicated to all relevant staff. There is no excuse forstaffhavingtorelyonoutdatedemergencyplans!

900002 August 2013 8

Revision of ISO 14001

New Developments in June 2013

6.0 WHAT PERFORMANCE CRITERIA SHOULD ORGANISATIONS MEASURE?

The 2004 edition of the ISO 14001 standard specifiesthatorganisationsshouldmeasure“thekey characteristics of its operations that can have a significantenvironmentalimpact”,inotherwords,ofitsenvironmental aspects. It went on to elaborate that the organisation’s monitoring procedure should address the monitoring of performance, applicable operational controls, and “conformity with the organisation’s environmental objectives and targets”.

The latest draft of the revised text is based on the High Level Structure, but also incorporates the use of performance indicators for monitoring and measuring key environmental factors, as recommended by the Future Challenges report. It is also more specificregardingwhatshouldbemonitored,andis clearer in this than the 2004 version. The draft provides a bulleted list, which includes, in addition to characteristics which may have an environmental impact and operational controls:

• Characteristicsnecessaryfortheevaluationofcompliance;

• Characteristicsrelatedtovaluechaincontrol(ifappropriate);and

• Progresstowards(notconformitywith)environmental objectives.

Importantly, this emphasises the need to monitor or measure the operational and other factors relating to compliance, encouraging organisations to better understand their compliance status, almost on a real time basis, rather than just after a compliance audit. Similarly, the emphasis on objectives is not just to conform to them, i.e. be able to demonstrate that they have been achieved after a period of time, but to understand how the organisation is making progress towards them. In both these cases, the standard is using monitoring and measuring as a management tool, rather than a test of conformity.

The inclusion of the value chain is likely to prove contentious, but the current wording does specify that this should only be undertaken if appropriate. The testwillbethesignificanceofthevaluechainaspectsand the organisation’s ability to exercise effective and beneficialcontrol.

The draft also adopts High Level Structure text in relation to how monitoring and measurement should be carried out, including the selection of methods and criteria, etc. Importantly, it also requires that organisations determine “when the results from monitoring and measurement shall be analysed and evaluated”. This will help to ensure that monitoring resultsarenotjustfiled,butareusedtoidentifyopportunities for improvement.

Auditors, internal and external, should aim to determine conformance with these new requirements, thereby encouraging improved monitoring and measuring practices and the more effective use of the resultant data.

900002 August 2013 9

Revision of ISO 14001

New Developments in June 2013

7.0 REVISED TIMELINE AND MILESTONES FOR THE REVISION PROCESS

The working group responsible for revising the text met at the end of June, with the objective of developing a new draft for consultation. Unfortunately, the group did not have enough time to review all comments from the previous consultation, and so the next draft will not be issued until after another meeting, scheduled for early October 2013.

The intention is to produce a “Committee Draft 2”, which will be sent to ISO member bodies and their committees for comment, probably for 3 months from November 2013. Following this, a “Draft International Standard” will be completed in May 2014 and made available for public consultation for 3 months from September 2014. The revised standard will be completed by February 2015 and sent to the ISO member bodies to vote to accept it for publication. Assuming it passes the vote, it will be published in May or June 2015, rather than January 2015 as planned.

ISO 14001 Revision Timescales

Working Group Dates October 2013 May 2014 February 2015

Output Committee Draft 2 Draft International

Standard

Final Draft International

Standard

Consultees ISO Members and their

committees

ISO Members and the

public

ISO Members

Probable Consultation

Period

Nov 2013 - Jan 2014 Sept - Nov 2014 Vote Mar - Apr 2015

Publish May - Jun 2015

900002 August 2013 10

Revision of ISO 14001

New Developments in June 2013

8.0 HOW CAN CRA HELP WITH THE TRANSITION TO ISO 14001:2015?

CRA is in a unique position to provide support to organisations with the transition from ISO 14001:2004 to ISO14001:2015. Participating in the ISO working group carrying out the revision means that we have insights into the potential direction of future drafts leading up to 2015. We can also appreciate the intentions and reasoning behind the changes to the standard. CRA can help organisations, such as yours, develop a plan to review and modify their systems to meet the requirements of ISO 14001:2015.

Gap Analysis

The starting point is to undertake a gap analysis of existing systems being used by the client, not only the EMS, but other related business processes, with which ISO 14001:2015 will expect a greater degree of integration. Owing to the increased emphasis on higher level business management, this should also include processes for strategy development.

The gap analysis would focus on all the areas of change and would also explore how the new structure (based on the ISO high level structure for all management systems) can be accommodated. It is not a requirement to adopt the new clause numbering system, provided the new requirements are incorporated into the organisation’s system. We can provide guidance on how these requirements can be interwoven with an existing management systems structure.

The output of the gap analysis would include:

• RecommendationsforaddressingthenewrequirementsofISO14001:2015;

• GuidanceonintegratingtheseandexistingEMS arrangements further into other business processes;

• Anappropriateandachievabletimelineforsystemredevelopment;and

• Recommendationsfordevelopingandempowering a system review team.

Although the revised standard will not be published until 2015, there are advantages in undertaking a gap analysis now against the likely requirements, so that organisations can start to plan their system enhancements.

Additional Services

CRA can provide support in all aspects of system redevelopment, but at an early stage clients may wish to consider:

• Briefingstoseniormanagementontheimplicationsoftherevisedstandard;and

• TrainingEMSstaffincarryingoutdetailedreviewandsystemmodificationtasks.

For Further Information

Nigel Leehane is one of the UK’s technical experts appointed to the ISO working group revising 14001. Please contact him on 0115 965 6700 or nleehane@cra.co.uk if you would like to know more about the changes to ISO 14001 and the implications for your organisation.

Bringing sustainability and safety to the world’s most complex environments

CRA Europe

Synergy House, Unit 1, Calverton Business Park, Hoyle Road, Calverton, Nottingham, UK NG14 6QL

T: +44(0)1159656700 F: +44(0)1159655282E: info@cra.co.uk W: www.cra.co.uk