Home » Compliance Management Blog- ESG, EHS, EHSQ » ISO 14001 Legal Compliance Obligations Register

ISO 14001 Legal Compliance Obligations Register

Jonathan Brun

What Does a Great ISO 14001 Compliance Obligations Register Look Like?

Nimonik has seen hundreds of ISO 14001 Compliance Obligations Registers and they seem to come in all shapes and sizes. Whether your organization is ISO 14001:2015, ISO 14001:2004 or even “following” the standard, building a proper legal compliance register or legal profile for your organization can be a big help for compliance. In the presentation below Nimonik’s CEO, Jonathan Brun, highlights some of the elements that contribute to great ISO 14001 legal and regulatory compliance registers.

We discuss the do’s and don’ts of building a great register and how to ensure it stays relevant for your organization over time. The presentation covers key elements such as the main difference between ISO 14001:2004 and ISO 14001:2015, the best elements seen in legal compliance registers and the importance of transferability to new employees. The presentation also addresses many questions from the audience such as the value of a high level summary and managing access to requirements.

It is interesting to see in the polls that we have conducted during the presentation that 73% of the attendees were certified or following ISO 14001, but they all had different reasons for doing so. Indeed, 71% of them are following it for good management practices, while 26% admitted to be following it at their clients’ request and 3% did not even know why this practice was in place in their organization.

Additionally, 81% of the respondents were planning on moving to ISO 14001:2015 this year or before 2018. It comes at no surprise that 73% of attendees were still using Word and Excel for their legal register or compliance obligations, but 10% of them were using an external service such as Nimonik.

ISO 14001 compliance obligations register poll by Nimonik

You can learn more about what makes great ISO 14001 legal registers, in the free presentation and slides below.

Great ISO 14001 Compliance Obligations and Legal Requirementsfrom Nimonik

For more information on this presentation, on legal registers or on other issues, simply reach out to us at info@nimonik.com. You can also register for a free trial of Nimonik’s easy solution today!

Nimonik Expert EHS Webinar Series: What Do Great ISO 14001 Legal Registers Look Like? from Jonathan Brun on Vimeo.

Webinar Transcript: What Do Great ISO 14001 Legal Registers Look Like

Nimonik Expert EHS Webinar Series – What Do Great ISO 14001 Legal Registers Look Like


Hello everyone and welcome to Nimonik’s EHS Webinar Series. Today’s webinar will be on What Great ISO 14001 Legal Registers Look Like.

Today’s webinar will walk you through the do’s and don’ts of building a great legal register and ensuring it stays relevant to your organization over time. But before we begin I’d like to briefly introduce Nimonik as a company, my role here, and of course our presenter for today. So Nimonik is a software service that provides EHS managers with the tools necessary to ensure environmental, health, safety and quality compliance in their operations. Nimonik is both a web service and an app that is designed to help auditors inspect their facilities for compliance issues as well as stay on top of legal updates and maintain a legal register. So my name is Kim Chanel and I am the Communications Manager here at Nimonik. I will be the one facilitating today’s webinar. So please feel free to ask questions throughout the presentation in the Go to webinar question box and we will gladly address as many as we can at the end of the presentation. Now to present this topic to us today we have Jonathan Brun, CEO of Nimonik, who is responsible for technological decisions, design and client relations. I’m happy to say that we have attendees from all over the world joining us today. So thank you all for participating and without further ado here’s Jonathan on What do Great ISO 14001 Legal Registers Look Like.

Jonathan Brun
Hello, everybody. Thank you so much for joining us today and thank you, Kim, for the lovely introduction. Today’s webinar, as Kim’s already mentioned, is all about building and managing a fantastic ISO 14001 legal register. We’re going to go through some examples of legal registers we’ve seen over the years, some do’s and don’ts and lessons learned. And we’re going to leave lots of time for questions from everybody to make this webinar as useful as possible for all the different EHS managers, coordinators and responsible people that are on the call today. We had over 200 sign-ups for this webinar so it’s really a topic that is of interest to a lot of people around the world and we hope to provide some tips that you can implement at your organizations.

The first thing I want to address this morning or our morning and maybe an afternoon or very early for you, but the first thing I want to address is why do organizations adopt Management Standards. ISO 14001 is, of course, a management standard, one of many different management standards. And we’ve seen a number of different reasons why organizations adopt it either to actually get certified or simply follow the standard’s structure and implement it into their own environmental management system or a more global management system.

So first and foremost a management system, whether it’s ISO 14001 or another one is really all about a framework that your organization can follow. So as opposed to trying to reinvent the wheel and develop your own environmental controls and environmental management system, ISO 14001 and other management standards is a framework that’s built on the best practices in industry knowledge.

So it’s lots of people around the world in different regions that come together through the different standards organizations try and build something that is really useful for a lot of people who want to implement good environmental practices at their organizations. That’s ideally why companies around the world adopt management standards. The other reason we see that some companies will adopt management standards is simply that their clients require it. We have a number of companies we work with that implemented environmental management systems as a response to a client that said “if you want to do business with us, you need to be certified to 14001 or 9001 or 18001 or a different management standard. And so they do it a little bit reluctantly.

And one of the downsides of doing it that way is often that the organization views the management standard as a cost center that eats up time, resources and financial resources, when in reality we believe here at Nimonik and obviously many organizations around the world believe that management standards can be a tremendous amount of value to an organization. They can structure your approach, they can help educate your team and we really encourage all companies to view this as a value creation, even though sometimes the paperwork can feel a little bit burdensome.

So we want to talk today about legal registers and how we can lighten the load on managing a legal register, how we can make it a higher value for your organization, more powerful and help you reduce any sort of risks related to environmental compliance.

So I think Kim is going to launch a poll here and the first poll will simply be, you know, whether or not you’re ISO 14001 certified or do you follow it. So even if you don’t…even if you’re not certified but if you try to follow the standard through your own internal EMS, you would answer yes. And then if you don’t, then answer No. Just curious on this call to see how many people are 14001 certified or follow it. So I think we’re getting almost to 100% of votes and it seems to be trending about 70% of people are saying that they are either certified or they follow the standard. And then 30% or 28% are saying no, they don’t follow it or are certified.

Now I’m just going to switch the other slide here, the next slide. And it’s interesting that up to 30% of the people on the call today aren’t certified or don’t follow it, so maybe we’ll dive into that later. Now the next question after we’ve discussed why do we adopt management standards is Why a Legal Register? So a legal register is a requirement within ISO 14001, as well as other standards. And we’ll discuss it more in detail where exactly 14001 requires it, but a number of management standards not just 14001, but also energy standards such as 50001 and even 18001 require you to have a document that can be called a legal register or can be called a legal profile. But ultimately it’s a list of the laws, regulations, codes, statutes that apply to your organization within the subject matter of the standards, so in this case provided by the environment, 50001 is a standard for energy management that also requires knowledge of energy regulations. But ultimately all companies or all organizations and all people are subject to the law.

And you can’t plead ignorance in court. So if you have an environmental spill or some sort of other problem, you can’t simply say in court “we didn’t know this law existed, we didn’t know this regulation, so we didn’t know we had to file that report.” So ignorance is not an option. Of course, you can ignore certain laws, you never get caught and you never have a problem, but that’s a very dangerous game to play. So ultimately, all companies should have some sort of documentation to help their staff at all levels of the organization, whether it’s the upper management all the way down to the people on the shop floor understand what are their environmental regulatory requirements and of course, 14001 forces you to do this, which is a good thing, but in theory all companies should do this.

Now I want to go through the two versions of 14001. So there’s the version from 2004 and then there’s the version that was recently published for 2015. And just to highlight the two locations in the two versions of the standard where a legal register is required.

So in the 2004 version, it’s really Clause 4.3.2 that requires an organization to establish, implement and maintain a legal register, and the legal register has to identify and have access to applicable legal requirements and other requirements. So in terms of other requirements, we’re talking about anything from environmental permits that you’ve obtained from the appropriate government authorities to internal environmental standards that you’re implementing. And then, those should be related to your environmental aspect, so you will have already identified the environmental aspects that your organization is involved in, whether that’s air emissions, wastewater, CO2 or other environmental aspects. And so those we related back to the legal requirements.

And then the next big element of a legal register for 14001 is to determine how these requirements apply to the environmental aspect. So to have some context as to specifically for your organization, how do these requirements apply.

Now, in the 2015 version, this requirement was maintained, but it was shifted. The location was shifted to the, primarily I’d say to the Section 6 of the 2015 standard, and specifically, I’d say it’s really in 6.1.3 where the title of that sub clause is Study environmental aspects and compliance obligations. So they took the term legal and other requirements and changed it to something that’s a little bit broader, maybe a little bit more concise terms, this is compliance obligations. And if we look at a definition or an explanation that was provided by a consulting group that we really admire, they gave a good definition here that says “a compliance obligation is a requirement”. Period. I mean that’s like the best summary of this: compliance obligation is anything your organization is required to do. And there are different kinds of compliance obligations, you have mandatory ones and voluntary ones. The mandatory ones are ones typically that are found in codes, statutes, acts, regulations basically legally obligatory compliance obligations. And voluntary ones will be the ones that are found in industry standards or corporate standards that you’ve adopted internally. And so there’s no legal requirement for you to respect these. But they are, of course, highly encouraged whether they’re corporate and are pushed down for the head office or whether they’re an NFPA standard or a BSI or CSA or another standard that you’ve decided to adopt.

Between those two locations, mandatory and voluntary, you have what we call and what other people call a great law, which is voluntary standards, but that are referenced in law. So you have different standards that governments will reference in their legal documents, as opposed to rewriting the standard in the form of a law or statute.

And so those standards even though they’re voluntary because of the reference in law they’ve pretty much become mandatory. There haven’t been very many court cases where a company was found guilty of not respecting an industry standard that was referenced in law. But theoretically speaking, that’s certainly something you would want to be aware of when you’re building your legal register.

So the definition…we’re going into a little bit more details, you know, talking about mandatory compliance obligations include laws and regulations, voluntary ones are everything from contractual commitments, community engagements that you’ve made with local communities whether you’re expanding your plant or doing something you’ve engaged with the local community and promise them something that part of your voluntary requirements; industry standards that are voluntary ethical codes of conduct that you’ve adopted, and good governance guidelines, corporate guidelines, other things that you have implemented at your organization. So that’s really the two types of compliance obligations you really need to be aware of.

Let me just pause here. I think Kim has another poll for you. And Kim do you want to maybe just launch that next poll? And so the question of why I wanted to just pause and give everybody a bit of a pause here is Why do you follow ISO 14001? So what was the incentive for your organization to either adopt it or follow it, even if you’re not certified? And we spoke about it earlier, whether it’s for mandatory practices, which we hope that 100% of people say that, but we know that a number of people do it because the clients ask for it and that some people came into an organization and it hasn’t been clearly explained to them by management “Why do we do ISO 14001?” So we’re curious to know if that’s the case as well at your organization.

All right. So I think we have the majority of people who’ve answered here. So you have 72% of the respondents said “good management practices”. So that’s nice to hear that the vast majority of people have adopted 14001 due to good management practices. 26% though it’s, you know, still pretty substantial. “Did it because their client requires it”. So they’re not mutually exclusive. I mean you could adopt it because of good management practice and because your client requires it, but still over a quarter of the respondents said that they’re doing it because their client requires it, and then 3% said that “they don’t know”. They came into the position, Management never told them why they have to do this and so they’re just doing it because it’s part of the job requirements. But we encourage you to go speak with Management and see why they’re forcing you to do this. Sorry. I’m just having a small technical issue, but…

The three things I want to talk about in terms of obligations. So there are different types of obligations. There are operational requirements, that we often see and these are really things like permitting would be the main one and you could have things like monitoring programs where the government has issued you a permit to do something at your facility, but you need to issue, you need to respond to the government on a regular basis with for example water samples or results from your emissions stack. And this is becoming a bigger and bigger part of compliance efforts especially in the US with the EPA. There are more and more requirements around reporting and around respecting permitting requirements that are given to organizations.

And there is then operational requirements. I’m just having a small technical issue. Kim, could you maybe just take back the presenter for a moment here? I just need to fix something. My screen is hiding it from me. And can you maybe share your screen and then that way I can…if it lets you.

Kim: Yes.


The next thing is operational permits in terms of what’s outlined in laws and regulations. And this is probably the biggest chunk. It’s really things around air emissions criteria, wastewater, you know, actual requirements that are set forth in laws and regulations. And the third one is collaborative agreements, so training requirements that you implement to your organization, business opportunities, education awards, scholarships, environmental matters. So these are just agreements that you’ve implemented either internally or with external partners that would be part of your compliance obligations.

Now the next few slides that I want to share with you are examples of legal registers that we’ve received over the years from our different clients. Now, we have a lot of clients in a whole variety of different industries, everything from oil and gas, mining to food manufacturing, logistics, transportation. And so we’ve seen a lot of different legal registers over the years. And I just want to show you the variety and then what we’re going to do is I want to discuss what’s common amongst these different legal registers and what we think are the critical elements in a good legal register. But just to show you a little bit the typical way that a legal register is prepared in Excel often when an organization is getting certified, for the first time they have a consultant come in and build the legal register with them. And they’ll typically do it in a Microsoft Word or an Excel file and it will look something like this with a number of different columns. And we won’t go through this. I know it’s not very legible on your screen. I just want to show you a little bit the structure. This is a slightly smaller one with maybe only about 7 columns. Here’s another example. You’ll notice obviously there’s a similar sort of overall structure, but this one probably has, even more, data in it, probably it has about 15 different data points in here. And then another one here, where it goes everything from the revision date to the activities, the hazards, the name of the legislation. Now, I know you can’t read this but I want to just show you what it visually looks like when we get it from our clients in Word or Excel.

Now, amongst all the legal registers that we’ve seen, I’d say there’s only one common element. And this is kind of crazy to say, well, you know, all these companies that are certified as 14001, we build the registers that look remarkably different from each other, even though in theory they’re all following the same standard. And the only common element that we’ve really seen across all legal registers is legislation name so that the actual name of the legal document that they know applies to them. That’s the only thing that’s common about all these legal registers.

And what I would say are, you know, better common elements that we see in the majority of ISO 14001 legal register that we see, whether they’re based on the 2004 version or the 2015 version, that the better elements that we typically see, certainly legislation name, control measures that the companies have put in…this is particularly for significant aspects or aspects of your organization where there’s been an assessment that is a significant aspect, they were putting control measures, the jurisdiction that this legal requirement is coming from…So if you operate in multiple jurisdictions, then you obviously want to identify the jurisdiction. But even if you only have one location, you’re likely subject to both federal state and provincial depending on the country you’re in and municipal regulations, and other level, such as in California, you have air districts and so there’s a fourth level of jurisdiction that you want to be aware of. The last revision date. So this is pretty critical. We don’t see it in all the legal registers sadly, but the last time a specific legal requirement was revised to determine whether or not it had changed, whether it’s still applicable to your organization and how so. But that’s a critical element that we see in all the good 14001 registers. And then, of course, the environmental aspect. So this is a big one that you really need to have in your legal register to be ISO 14001 certified. So your legislation name, control measures, they should be tied back to the environmental aspect such as air emissions, wastewater, CO2, the different aspects that your organization is involved in. The last element that we’d say is fairly common, but even then we see 14001 registers without this, is the work area or impacted area of the organization. So if you have a plant with say shipping and an expediting section of the plant or manufacturing, waste treatment portion of the plant etc, you would want to identify which portions of your operations does a specific legal requirement or compliance obligation apply to it. It might apply to all of them. That’s quite possible, but it might…you know, the waste regulations might only apply to the waste portion of your operation. So identifying the Work Area can really help you filter the information in the legal register and then when someone’s pointing to the waste part of your operation, they say okay, these are the critical legal requirements that we should be looking at.

Now some additional elements that we definitely see in legal registers, but that are certainly not common to all and that are even and that’s even true of ISO 14001 legal registers. But these are elements that we think are pretty good. There are positives and negatives to each one including them in your legal register. The first is a summary of the requirement. So a summary of the requirement is really typically something between one and four sentences long and it’s a summary of the regulatory requirement or if it’s something else a voluntary requirement that you’ve implemented into your organization. It’s a summary of the requirement that’s not specific to your organization. So we’re talking about say describing exactly what the air emission regulation is trying to accomplish in the jurisdiction that you operate in. But it’s not talking about how that applies to your organization. A high-level summary of requirement. Some organizations will break out law or regulation or code or statute into specific sections or articles of that document that they feel apply to them. Now, that has a benefit of allowing you to trace back exactly where the information came from within the legal document. But the downside is often governments will switch sections, they’ll add sections, remove sections and so managing the accuracy of your sections and article references in your legal register is, I would say, one of the biggest time consumers we see at a lot of our client locations. So that’s just a sort of a buyer “beware” comment there. But definitely, some companies do it. And we’ve seen some legal registers that broke it down into excruciating detail of exactly which sections apply to them and it looks great on day one. And we’ll talk about this in a minute. But it costs a tremendous amount of resources over the long term.

The next big thing that in theory, all 14001 registers should have is applicability text. So this should be again one to four sentences and it should be how does this legal requirement or this compliance obligation apply to our organization or specifically how does this apply to this operation. So if you have a multi-operational company with different operations in different locations, each location should have an applicability text for a specific compliance obligation. So even if you have two plants in the state of New York, you would want to have two different versions of the applicability texts for each plant. A lot of companies will cheat and they’ll only have one version of applicability text because their plants are fairly similar. But really you should have two versions of the applicability texts to make it as relevant as possible to a specific operation.

Some organizations will also indicate which authority issued the compliance obligation, which department or the government or which ministry, depending on the country you’re in. That can be helpful in terms of digging deeper and say you come in and you want to see more context as to the compliance obligation and you’re able to see how this was put out by the air district or this was put up by the EPA or this was put up by the ministry of such and such. Well, then you know which website you should be going to look for more context on how a specific compliance obligation might be applied in a given jurisdiction.

The other additional element that we think is quite critical and sad that we don’t see it in all registers is the last revision person or group. So earlier we spoke about the last revision date. You want to definitely indicate when you last revised a compliance obligation, as to how it applies to you and why it applies to you, but you also want to indicate who did that revision. And this is a big thing for external ISO 14001, and it’s that when they come in they want to see not only that your register is up-to-date, but they also want to see when it was the last revision done and who did it. So you can do follow-up questions with the appropriate people. And so indicating the person or the group of people, whether it’s an environmental committee or a specific environmental manager that did the revision, it’s critical. And then you can go to a further level of detail and associate your compliance obligations to specific hazards or specific assets. So if you have a specific hazard at the work place, whether it’s handling fuel oil, handling transfers of fuel or say, your transportation fleet moving that around, and there are environmental requirements around that, you could indicate specific hazards. And then specific assets, when asset typically we view it as a piece of equipment, so if you have an outdoor above ground sewage tank for oil, for example, or underground one for that matter or a generator, you might want to associate specific compliance obligations to specific pieces of equipment.

So in summary, I mean really what you want to do is link each of your business activities with applicable environmental law and then organize it by aspect, so air, wastewater, different things like that, and have a short and sweet applicability text, so a short and sweet text as to how does this specific compliance obligations impact my business, what do I need to do to make sure I’m respecting it. And it has to be short. And then the metric, we like to encourage clients to use when they’re building a legal register is: “Is your legal register actionable?” I mean can a new employee, say you hire a new environmental manager coordinator tomorrow, can that new employee come in and take your legal register, read it, and take action within a couple of days after having of course familiarized themselves a bit with the operations, but can a new employee read this document and take action? And a lot of times, people say oh, ISO 14001 is a lot of papers, aren’t really that useful and I think that a lot of that is because the documents they build within the frameworks such as a legal register, they don’t make them actionable enough, they don’t make them client or operational specific enough and it ends up just being paperwork as opposed to being a document that is genuinely useful for new and current staff. And the other metric we’ll encourage our clients to use is: Can a new employee understand the critical environmental legislation, how it applies to your operations in under 8 hours? So in addition to reading the document being a take to action, you really want so you bring someone in from a different state or you bring even someone new from a different country that’s not familiar with the legal requirements in the State of New York or the State of California, they’re not the auditors, someone’s coming up from the US into Canada or coming from Germany or the UK etc and they aren’t say familiar with the country’s specific or the jurisdiction specific legislation. If your legal register is properly built, and properly managed, ideally I would say a new employee who still has a training in environmental issues in general of course, but they [29:38] come in and say oh, in the United Kingdom these are the main environmental legislation, and this is how it could impact us and this is how we can take action. So if you have to communicate say to the rest of your team as to how to read your legal register, or how to improve it, I would say you use these two metrics as a real key one to increase the value of your legal register.

And let me just pause there. I think Kim that you’ll have another poll and maybe…So this poll just I’m curious to know whether or not your organization, the 70% or so of people who said that they would be that they follow or are certified to 14001. How many people are planning to move from the 2004 version to the 2015 version and what timeline they’re planning to use? So we’ll just let…I think we’ve got the votes are coming in here with 67% of people are voting and 70%, 75%. So it looks like 5, oh no 6% of companies have already moved from 2004 to 2015. So it’s still a small percentage. 8% more are planning to do it by the end of this year and the vast majority 72% are saying that they are planning to do the move to the 2015 version before 2018. So another two years, about two and a half years. So it’s interesting that a lot of companies are still planning to move to 2015, but haven’t done it yet. All right. Great. Let’s close the poll, Kim and we’ll go back to the presentation.

So we address whether or not the legal register is actionable and if someone coming into a new your jurisdiction understands the legislation quickly. I mean those are, in our mind at least the two best metrics.

The other thing that folks often say would be very useful for them is a legal register that can be converted to an audit. So the difference between a legal register and an audit, there’s a number of differences, but if I had to summarize it I would say a legal register is a living document. It’s a document that you keep up-to-date as the laws and regulations change and as your operations change. Whereas an audit is really all about a point in time portrait or picture of your operation and its compliance with the relevant laws and regulations that you’re auditing against.

So that’s really the main difference here: it’s a point in time picture versus a living document. And with certain tools, you can do it manually for sure, but with certain tools, you do have the ability to convert your legal register into an audit protocol. So if the legal register is properly built, if it’s up-to-date, if it’s tied to your operational reality, you should be able to at the click of a button take that legal register and generate a list of audit questions that you can take over into the field and then go down into a different level of detail and create a point in time portrait of your compliance efforts. So legal register is this living document that gives you a portrait of your organization as the laws, regulations in your operations change. But it could be converted into an audit protocol to give you that point in time picture.

And almost done with my presentation. Then I want to leave lots of time for questions. But this is a bit of a summary slide and I think there’s one more conclusion slide after this. The maintainability. I have addressed that a couple of times in some of the other slides, but the maintainability of your legal register is a big element. Don’t think of the cost your legal register is the cost of building it. That’s a small cost. The cost of a legal register is really about maintaining it over the long term. It’s like a kid, you know, it’s very low cost to have a kid. It’s a lot higher cost to raise the kid. So you want to bring your legal register, you want to structure it in such a way that your maintenance costs are not excruciatingly high. Now there are a few ways to do that. Some companies, what they do is they do it in Word and Excel and they keep the broad, you know, they only have the legislation name, there’s some very high-level information about the organization, and you can do that. But that really gives you a low-cost solution. Okay. Fair enough. Because you’re low-value solution. I mean you’re not going to get much information by just knowing the top 15 piece of legislation that applies to you and that’s it. Now, you can also do that with a software, so as opposed to using Word and Excel in the bottom left-hand portion of this quadrant, you can do the same thing with a piece of software, whether it’s Nimonik or [34:21], or STP or another company and you get that same low cost, but you still have the low value. As soon as it stays broad, it’s going to be low value.

Now with some more additions to the ones that are adventurous or for some reason the vice president gives them a good budget this year, they’ll build a very complicated very specific document in Word and Excel that is high cost, certainly a high cost to maintain if you’re breaking the articles and sections of the different documents and tie them to your aspects and tie them to your control measures etc. So there’s a high cost to build it and a very high cost to maintain it, but it does provide a high value. I mean those are the types of documents that someone can come in, read, take action on and familiarize themselves with the applicable legislation in a given jurisdiction. So that’s great. I mean is high cost, high value and if your organization has money to burn and if you are very profitable, then that’s a great solution. But of course at Nimonik, and you know, I’ll admit we have a bit of a biased opinion here, but where we see the great relationship between value and cost is by embedding your operational knowledge with a good piece of software, a great database of regulatory information. And so whether it’s us or other companies like [35:41] or STP, there’s other companies out there that offer software solutions, but it does allow you to reduce the cost of maintaining your legal register, while keeping that high-value organization specific information and keeping up-to-date along with the date that people revised the changes on and the names of the people or the committees that revised the changes. So in my humble opinion, you want to try and bring your legal register into that bottom right-hand quadrant and go for that low cost, high-value proposition and make it legal register valuable so 14001 is not viewed as simply a cost centre.

Now we have one last poll. This is the fourth and last one. So sorry for all these polls, but we’re just curious what your organization looks like. So the last poll here is: What format is your legal register compliance obligations currently in? I mean: Are you using Word and Excel, do you have an internal software that you’ve built, an external service such as [36:42] or STP or another company or do you just don’t have a legal register? So we’ll just let this poll run for a few more seconds. The numbers are climbing here. And then we’re almost done and the last turn for questions. All right. So we’ve got: almost 80% of people responded. So 76% have said that they still have their legal register in Word and Excel. 6% are using an internal software system. So a pretty small percentage there. And 11% are using an external service. And then 6% “don’t have a legal register.” So those may be some of the folks that are not following 14001 or are not certified. So it’d be understandable they don’t have a legal register. But the vast majority are still doing with Word and Excel, which is totally understandable, we’re all familiar with Word and Excel and it’s sort of the default option.

Now last slide and then we’ll break for questions. So in conclusion, I mean this webinar was about building a great legal register and if we have to summarize the last half hour or so I would say that you want to know your compliance obligations. So I mean that’s the purpose of a legal register, it’s to know what your compliance obligations are for the jurisdictions and the industry you operate in. You want to link those compliance obligations to your business activities so, you know, we shouldn’t be too general saying these are compliance obligations for the mining industry or for the food and beverage industry. They should be linked specifically to your operations. You want to be able to demonstrate to an external auditor that you have made efforts to stay compliant on an ongoing basis. I mean this is one of the big things they’ll look for and one of the most common findings that happens during an ISO 14001 audit, is that there’s no demonstration that the legal register has been maintained and kept up-to-date over the long term. Often companies will scramble to “oh, we have an ISO 14001 audit next month. Let’s run and hire a consultant to update our legal register.” Well, that’s not really respecting the spirit of the standard. And so you aren’t going to demonstrate ongoing efforts to stay compliant by putting that revision date on the items in the legal register and by putting the people or, you know, the committees that are doing the revisions. So that’s a critical part of demonstrating a true legal register that respects the spirit of the standard.

And in the last point we spoke already quite a bit is…is this document easily transferable to new employees? So you bring in a new coordinator, you bring in a new manager. Can they pick up your legal register and say “oh, okay, I understand what the plant is subject to. I understand what parts of the plant have to respect which obligations and how those obligations apply to them.” I mean that’s not an easy thing to do. Don’t get me wrong. I’m not saying it’s easy, but that should be your end goal. You should have a document, whether it’s online or pen and paper or Word or Excel. But the purpose of that document, the capacity of that document should be to transfer that information easily and efficiently to new staff or to external people that want to see it.

So if I have to summarize everything that I’ve seen in a great legal register, it’s really those four things. And if you can accomplish those four things, I would say you have a fantastically register and resolution. So that’s what I want to share with everybody today. And I’m happy to address any questions that anybody might have. And we can go into more details on specific points that I made. So thank you for your time today and I’ll maybe let Kim, pass over here to Kim. And I notice some questions have been coming in throughout the webinar. So I’ll probably start with those. But to ask a question you simply click on the question box, on the right-hand side and go to the meeting and you can just type something in. Kim will do a little bit of moderation and try and pick up some of the top questions here.

Kim: Super. So thank you, Jonathan, for that incredibly informative session on great ISO 14001 legal registers. So attendees, as Jonathan just said, please drop down any last minute questions you may have and then I’ll proceed to share these with Jonathan. But before I do, I just wanted to quickly point out that Nimonik would love to be part of your efforts to improve your regulatory compliance, so please feel free to give us a call or send us an email for more info. And with that in mind, we’ll tackle a few questions. So, Jonathan, I have the first question here for you. Where in ISO 14001 does it actually require to have a legal register like the ones you’re talking about?

Jonathan: Well, in the 2004 version it’s really that 4.3.2 Clause. Now the term legal register which is what I used for this webinar is a term that a lot of organizations use, but not everybody. I mean some people call it a legal profile or some legal requirements document or now with the 2015 version, where that requirement has moved into 6.1.3, it’s now called compliance obligation. So you could call it compliance obligations document, you can call it at least a compliance obligation. I mean ultimately you can call it whatever you want, but if you want to respect the standard you need to demonstrate that you understand your compliance obligations and that they’re linked to your aspects and to your business activities. That’s what the audit is going to be looking for. They’re not going to be looking for a document that says legal register on the top of it. That doesn’t matter so much. We call a legal register legal profiles. There are different terms for it used by different parts in different parts of the world you see different terms, but those are the two clauses that really require it. And most EMSs do require you to have a knowledge, an understanding of how environmental legal requirements apply to your, compliance obligations apply to you. So unless you have someone who can memorize all this information that [42:51] typically you need to have it documented somewhere. So 4.3.2 for the 2004 version and 6.1.3 for the 2015 version. There are also some requirements in Section 9 of the 2015 version that touches on a legal register. But again legal register is just a term a lot of companies use including ourselves, but it’s not a term that’s necessarily defined specifically in the ISO standard.

Kim: Great. So another question here for you. Can you make it clear about how many elements you spoke of, that are required by ISO 14001, versus typically done by many companies are one good way of approaching this?

Jonathan: Sure. It’s a good point. I mean it’s true that ISO 14001 doesn’t go into a tremendous amount of detail about specifically what needs to be in your register or in your documentation and that’s probably the source of a lot of confusion and why we have so many attendees today and why we help companies. Because there isn’t a hard list of this is exactly what needs to be in a legal register and if you have all of these tick boxes in your legal register or in your documentation you pass and you don’t have a finding for 14001. It’s really more about the spirit of the requirement and the standards. So I mean the spirit of the requirement and standard is you should be able to understand which environmental requirements apply to your business and how they apply to your business and relate that also to your aspects and demonstrate that you are managing that on an ongoing basis and that you don’t just create the document when you get certified or when you implement the EMS and then you don’t touch it for three years and then the auditor looks at it three years later. It’s about having the spirit of wanting to know and wanting to ensure that you respect the environmental laws. So I mean that’s the spirit of the requirements. There’s no hard list of exactly what needs to be in your legal register, I mean besides obviously the name of the laws and regulations. And if you don’t have that, then it’s definitely not going to work.

But I mean, think of it as a spirit. You should be able to give a document to your colleagues and say “this is our legal compliance obligations or our compliance obligations for environmental issues at this facility. And this is how we aim to respect them.” That’s the spirit of the requirement. And most of the elements that we spoke about in the presentation here and why we’re really making the slides and the presentation available to everybody, most elements that you hear are things that certainly move you along the path to getting there, but don’t confuse the creation of a legal register with sort of the respect of the ISO standard. The ISO standard is about embedding in your organization a philosophy of minimizing your environmental risk, your environmental impacts and a legal register or a document of your compliance obligations is part of that effort. It’s obviously not the whole standard. So it’s really about being able to understand what your environmental compliance obligations are and how you came to respect them on an ongoing basis. I know I didn’t really answer the question, but there isn’t a hard list. That’s part of the tricky part of all this.

Kim: Great. Thank you, Jonathan. So another question for you. Do you think it would have been a good idea to include an example of a good compliant legal register included as part of the ISO 14001, 2015 as an annexe?

Jonathan: So your question…I mean, yeah, probably. I mean I’m an engineer by training so I’m all above, you know, adding technical specifications to documents and making them as specific and as detailed as possible, so there’s a little confusion. So yeah, I agree. I think that would have been a good idea. I wasn’t on the committee for the new version of the standard. We should certainly maybe make that recommendation for the next revision of the standard. It probably would be helpful. I don’t know if you could get everybody to agree on what a good register looks like. But certainly it would be helpful and it might reduce a number of consultants that need to be hired by companies if you did that. But yeah, I mean I think it would be helpful for sure. And that’s a good point that maybe we should…if anybody on the call is involved with the ISO organization for the next version of the standard, we should start working on that now because with ISO it tends to move quite slowly. So you might want to start putting those ideas in now if we want to see them in 2025.

Kim: Great. So we have a question here specifically for Nimonik, I guess. Would it be possible to show participants an example of what the software solution would look like?

Jonathan: Yeah, for sure. I mean, the webinar today I wanted to be really informational and try and provide you with some guidance on what a great legal register looks like. If you’re interested in seeing our particular software, you know, I don’t want this webinar at all to be a sales pitch. So if you’re interested in seeing our version of the software, simply send us an email or give us a phone call. And one of my colleagues will be more than happy to show you through the software and show you what it looks like. But again I want to focus this discussion today on what a great legal register looks like, whether it’s on our platform, on [48:27] STP or whether it’s in Word or Excel. It’s really about…that’s what the calls are going today and then if you’re interested in the software solution, just send us an email and we’ll be more than happy to give you a personal one on one webinar about our specific software.

Kim: Okay. So does the legal register address business risk of legal requirements such as past, current and future remediation liabilities?

Jonathan: So your question, yes. A business risk because of remediation issues, site closures, things like that, definitely you can include it in your legal register. Certainly, organizations that we work with such as mining companies, we’ve seen legal registers where they create the legal register based on the lifecycle of the entire property, because a mine has a lifecycle so that it will go everything from exploration activities to drilling, to actual mine operation, to closure and remediation. And so they can break out the legal requirements that they have for those different phases of the project and then keep those up-to-date. And of course, the requirements might change over time if you build a project today and you’re closing it in 30 or 40 years. You want to keep up-to-date as to what the remediation requirements will be at that time because they’re likely to change in the next 30 to 40 years. And then if you have known liabilities such as contaminated sites they are already managing, in my mind that would be a business activity, the remediation or a contaminated site that you’re managing and that you know you need to remediate by a certain date or what have you, you could identify that as a business activity in your legal registers that we have these contaminated sites and then have a list of the applicable environmental compliance obligations that apply to contaminated sites and keep those up-to-date. And then with permitting, you know, often there’ll be grandfather requirements, so if you had a contaminated site and you’re [50:33] permit, sometimes the new version of the legislation actually won’t apply to you because you had an agreement with the government in place to remediate according to certain specifications. So there’s that to manage as well, it’s not just about having the newest version of the legislation, it’s actually sometimes about having old versions of the legislation when a project was first approved or first built or first agreed to with the government. And that’s true as well of standards. A lot of companies don’t have grandfather clauses round having to respect certain standards. So you might be working on the 1990 version of a standard as opposed to the 2010 version of the standard based on your specific agreements with government authorities or other things. So yeah, business risk definitely you would want to break that up into the different types of business activities that have those risks, so whether it’s contaminated sites or other things, you could include that for sure in your legal register.

Kim: Great. Thank you all for giving us your questions. We have so many right now. So let’s go with another one. What kind of regulatory requirements do you find most challenging to identify and follow by program or media?

Jonathan: So the regulatory requirements that we find most challenging to identify and follow. That’s a good question. I would say some requirements that are maybe a bit more challenging to identify are typically ones that are vague. I mean, when it gets very specific and says, you know if you have an oil storage tank above 10000 litres or above 10000 gallons, you’ve got to do X, Y and Z. That’s pretty clear. And you can tell whether or not your storage tank is that big or bigger. Where it becomes a little bit more challenging to identify whether or not stay in place for an organization is whenever it is a big requirement. So if you operate air emissions within a reasonable distance of a community that is significant, then you need to put in place control measures to avoid dust and noise.

I mean as soon as you’ll see that in by-laws at the municipal level, where they’ll say if you’re within a reasonable distance of a community, you need to have consultations with that community or you need to have dust suppression methods, but it won’t be [52:59 suppressible/ feasible], it won’t be, you know…if X number of people live within three miles of your operation…So, as soon as you get into the vagueness of the law, that’s I’d say where it becomes more challenging. And as soon as you turn to jurisprudence and then case law to identify whether or not you might be at risk of a compliance issue…but that’s typically where it gets a little vaguer. And that’s why people end up going to court over these different requirements because the company doesn’t think this applies to them, but the community nearby does think this requirement applies to them. And then it gets eventually resolved in court. So that’s…as soon as there’s vagueness, there’s confusion. And sometimes that’s unavoidable, but that’s where we see the most challenging part of identifying legal requirements. So I mean, I just want to…we’ve got a lot of questions coming in and they’re fantastic questions. I’m going to stay on the call as long as we have questions. But just so that everybody knows it is already 11:54 Eastern time. If anybody, you know, has other meetings, we will be sharing a copy of this presentation along with the question and answer period online. I’ll keep answering questions and everybody is welcome to stay on the call as long as they like, but just so you know that we’ll share that after…after this, we’ll send you by email.

Kim: Perfect. So someone else here asks. What is the value of a high-level summary? It cannot be used to audit compliance because too many details are left out. Also, how do you decide what to mention and what to leave out?

Jonathan: That’s a good question because we write summaries of the laws and regulations and codes and statutes and that’s, we face the same challenge. I mean, in terms of the value, what’s the value? I would say the value of a high-level summary of a compliance obligation is really about somebody who’s new to the jurisdiction or new to the type of industry and it’s coming in and just doesn’t really know which laws, regulations, codes, statutes exist for say Ontario or New York or what have you. And so the high-level summary, you’re right, it’s not actionable, it’s not something that’s going to let you go and do an audit. It’s not something that’s going to tell you “this way we’re going to do at the facility.” It’s more of a blurb on hey, this air emissions regulation in the state of New York, it generally is aiming to do this, this and this and that applies to all businesses that operate in the state. So it’s about giving the introductory text to, a bit of context, to somebody who’s coming in for the first time or maybe somebody who hasn’t looked at environmental requirements in a specific jurisdiction for quite some time. And we write these summaries for pretty much everything in our database. I think we have about 7000 or 8000 laws in our database and we write summaries for all of them. And the goal’s yeah, it’s just an introductory paragraph. What’s the value? I’d say the value is first really for somebody who’s not familiar with the documents or the compliance obligations in a specific jurisdiction. If you’ve been working in one location for 20 years, yeah, it’s not very useful. I agree with you. But if you’re coming fresh to somewhere new, I think it can be useful to have that high-level overview. But it does take time and effort to write them, which often that time and effort are better spent on organization’s specific information and try to leverage existing databases of information, either commercial or public to get your summaries. So not to rewrite what’s already on the government website or not to rewrite what’s already offered by companies like ourselves or others. But yeah, that’s…I mean, I agree your point is valid.

Kim: Great. Do you need to show evidence of why you didn’t adopt a legal requirement?

Jonathan: Yeah. This is a very good point, actually. I really didn’t mention that. So more and more we see this, for some reason we see this more in Europe and even in Asia than we do in North America. In Europe, they are very big on being able to demonstrate that you assessed your organization to the environmental requirements or obligations in a specific jurisdiction and demonstrate that for the ones where you assessed it to be not applicable to you, then you can demonstrate that. And so a lot of our European clients will ask for the functionality we have in our system, but you could do it pen, paper as well, is to be able to show that we’ve looked at this law, we deemed it was not applicable to us because we don’t have operations to do this, we don’t have operations to do that and document that. So in Europe, that’s definitely a big thing. I’m not sure why exactly more so in Europe, but they tend to be stricter on that front. In North America they seem to be in general and this is not, you know, a statement to say this is always the case, but in general they seem to be happy with just having that list of the compliance obligations that you know you have and not necessarily having to demonstrate everything you assessed yourself against. But when you’re building a register for the first time, I assume it doesn’t hurt to keep that documentation. And again that’s also probably helpful for transferring to new staff or transferring to new employees, is to be able to say “look, we assessed against this stuff, we deemed it wasn’t applicable to us, and here’s the documentation.”

The other element on that, just saying on this question, is it can be useful to have that information, so that when a document or a compliance obligation changes at the government level, so say there was a requirement to report greenhouse gases if you admitted over 10000 tons a year, and then in five years, so you say “we don’t emit 10000 tons a year, so it doesn’t apply to us.” But then in five years, they reduce the ceilings. So they say “now everybody that’s above 5000 tons a year has to report.” And so if you have that documentation where you showed that you did the original assessment, you can keep that as a bit of a safety net. And if those laws change, even though you’ve deemed them to not be applicable to you, you still can get a check for the updates and then determine whether or not it might apply to you today. So there’s a benefit there. It’s a bit of actual work, but it definitely is a safety net that we recommend you do. But again, you know, it’s a question of cost and value. Doing it in pen and paper, Word and Excel is quite costly but using some automated databases can help speed that up. But in Europe, they’re really big on demonstrating that assessment process.

Kim: Two more questions. Other than the new term compliance obligations, what is the major legal register change between 2004 and 2015?

Jonathan: It’s a great question. I’d say it’s not a massive change. If anything had actually got a little bit less specific…if you look at the 4.3.2 version and I can maybe switch back to my slides here. Let me go back. We’re back to 4.3.2…Here we go. So, an organization shall establish, implement, maintain a procedure, to identify and have access to a place…I won’t read the whole thing, but it’s actually fairly specific and it says these applicable legal requirements and other requirements are taken into account when establishing, implementing, and maintaining its environmental management system. It’s quite specific in a certain sense, very tied to aspects, very tied to demonstrating that you’ve assessed these things as you’ve built all your EMS, whereas you go to the 6.1.3 version…and I have another PowerPoint presentation I did a few months ago, more specifically on the differences between 2004 and 2015 that we can include in our e-mail, but it’s more…Here’s a study Environmental Aspects and Compliance Obligations and identify in 6.1.2, identify significant environmental aspects/ impacts. It’s a little bit vaguer and I’d say maybe there’s a little bit more room for interpretation, but it’s all about that spirit of the requirement rather than the specificities of it. So, you know, I think actually I’ll probably do a bit more research on to this specific question and then come back to because it’s a valid question. And I know I’m not doing a fantastic answer but if anything, I would say it broadens it from legal and other requirements to just general compliance obligations, so that if anything makes your job a little bit bigger, and at least a little bit more [01:01:52] for how you’re going to try and respect that. But the philosophy of it is still the same.

Kim: Great. So once you have identified the requirement or obligation, what have you seen with respect to managing the access to the requirement?

Jonathan: Yes. That’s a good question. So I’m sure it will vary a lot based on the management structure you have in your organization and whether or not you are facility-based environmental management or whether or not you are more corporate-based environmental management. So the corporate-based companies that we’ve worked with, you know, still they will have a team of people at their corporate headquarters that entrust management environmental issues across the operations and then they’ll delegate certain things to facilities managers or general foremen depending on the type of operations, but they’re more action items, rather than sort of assessments. So the corporate will go out, do an audit where they’ll be monitoring a legal register. They’ll say oh, okay, now we’ve got to put in place this and this because of a compliance issue and then they’ll just have the maintenance crews do it. So who has access to a legal requirement? It’s going to depend really on the way you manage your business. There’s no one size fits all here, but I guess the key thing I would say is the right people should have access to the right information at the right time. That’s an easy answer. It’s obviously a lot harder to do in the real world. But giving people who have no environmental training access to the requirements and the compliance obligations and the legal documents often can create more work than it solves. These people have no training, it’s not a part of their day to day position, so they end up just looking at it, clients will not really doing it or not really understanding it and then it creates other problems. So I’d say you want to have the people that have the competency to answer or to address compliance obligations, should have access to them and then it has to be modified based on the way you manage your organization, ideally someone [01:04:03 at the issue] facility should have a good understanding of environmental risk and environmental management, and then even if it’s management headquarters and you want them to have access to it…But it’s going to vary a lot by the organization, so it’s really all about who has the knowledge and the ability to take action on a specific item and they should have access to the compliance obligations that are relevant to them.

Kim: Great. So we have our last question here. Does Nimonik provide industry specific items for any South American countries?

Jonathan: Sure. So we cover about 65 countries around the world with about a little over 200 jurisdictions if you count the states and the provinces in the different countries where that’s relevant. And we have everything in our database and this is probably true of other companies as well. And maybe [01:04:59 give you an idea] organized by industry. So whether it’s manufacturing, food and beverage, oil and gas etc. and so we won’t be telling a client who’s in the food and beverage industry about some new requirement for petroleum offshore oil rigs. We know that may not be interesting for them. And then for South America, yeah, we cover most of the South American countries. I’d say we don’t cover every single one, but we cover the best majority and we do have industry specific categorization on that content. So we could tell you oil and gas requirements in Brazil or food and beverage requirements in Paraguay. So that’s the type of information we think it’s important in our database, depending on your industry, and depending on your location. And the best is just email us and we can get back to you with a more specific answer based on your operations and your needs.

Kim: Great. So thank you so much, everyone, for asking these very interesting questions and of course thank you, Jonathan, for giving us this informative presentation. So if anyone has any last minute points, I would then redirect you to info@nimonik.com and we’ll be able to answer any questions. Please note that we will send you a copy of the slides and the recording of this presentation later on today. So one last big thank you to everyone. Have a great day and we’ll hopefully hear from you soon.