Audit, Compliance and Risk Blog

Complying With ISO 14001 and OHSAS 18001 Requirements

Posted by Jon Elliott on Wed, Nov 19, 2014 Launches New Online Gap Analysis Tool

Auditors and Quality Managers across all manufacturing and service industries use ISO and OHSAS standards to put their Environmental and Health and Safety Management Systems into practice. These standards help implement effective and efficient EHS requirements, or VPP Occupational Health and Safety Management Systems. In this blog I review and summarize the two standards, their aims and obligations.

Using ISO 14001 to Establish Effective Environmental Management Systems

How do organizations meet their many environmental responsibilities–how do they comply with applicable laws and regulations, to protect employees and external stakeholders, and to meet their own internal policy objectives? Many organizations treat these responsibilities individually—pollution management is assigned to the operating unit that produces it, permitting to an environmental compliance office, training to Human Resources, external initiatives to Marketing, etc. Although these fragmented approaches may manage to meet the organization’s needs, they inevitably miss opportunities to do so more efficiently. And they typically fail to identify opportunities for enhancements that would become apparent with more strategic review.

Organizations can instead establish Environmental Management Systems (EMSs), to provide strategic consistency and create mechanisms to maximize the effectiveness of tactical-level activities. In most parts of the world, there are no regulatory mandates to do so—however, the International Organization for Standardization (ISO) provides worldwide guidance to organizations, in ISO Standard 14001 (Environmental Management Systems) and related Standards. In order to appeal to the widest range of organizations, these standards cannot be overly detailed or one-size-fits-all. Instead, ISO 14001 provides certain core elements that an effective EMS should contain, and offers third party certification procedures that allow participating organizations to assure themselves and their stakeholders of the effectiveness of their systems.

What Core Elements Appear in an EMS Compatible With ISO 14001 Requirements?

An organizational EMS consistent with ISO 14001 must contain the following core elements:

  • Environmental Policy, promulgated by the organization’s top management. This policy must include relevant commitments, including commitment to environmental compliance and to continual improvement in environmental performance.

  • Goal-setting, as part of strategic planning efforts, to identify desired outcomes and procedures and commitments to achieve them.

  • Implementation programs and procedures, including appropriate structures, processes and resources (budgets, qualified personnel and training programs, etc.).

  • Internal and external communication mechanisms and procedures.

  • Documentation and record keeping, to verify activities and outcomes.

  • Emergency incident planning, identification, response, and reporting procedures.

  • Monitoring and performance evaluation programs and procedures, including audits of EMS elements and the EMS as a whole, and periodic program evaluations.

  • Investigation and corrective action procedures (including periodic and triggered investigations, procedures for developing and implementing corrective actions, and for confirming actions are implemented and effective).

Why Conduct a Gap Analysis?

Even if an organization does not have a formal EMS, its policies, programs and procedures will contain some examples of the elements called for by ISO 14001 requirements. But how does the organization evaluate its existing systems, and create its roadmap to a comprehensive EMS and (perhaps) to ISO certification?

The first step toward evolving a home-grown program to meet ISO 14001 qualifications is to compare the two, using what’s commonly called a “gap analysis.” As the term suggests, a gap analysis is designed to find the “gaps” in an organization- or facility-level systems as compared to the specific provisions in ISO 14001. This is accomplished by detailed review of existing activities, designed to identify and document any deficiencies.

Gap analyses typically apply three levels of review:

  • Paper review (interviews and minor document review).

  • Reality review (interviews, significant document review, and facility inspection).

  • Pre-assessment review (more detailed reality review with significant probing for system defects).

Where Can I Go For More Information About ISO 14001?

Using OHSAS 18001 to Establish Effective Occupational Safety and Health Programs

The OHSAS 18001 Standard was published by the British Standards Institute (BSI) in 1999 (revised 2007), to provide OH&S management system guidance parallel to the ISO 14001 Environmental Management Systems standard. Although ISO has not formally endorsed OHSAS 18001, thousands of firms worldwide use it to organize their OH&S programs, and have sought third-party review and certification.

How do employers protect their employees from occupational hazards? Answers to this question involve several different perspectives:

  • Occupational health and safety (OH&S) laws and regulations establish specific requirements, associated with specific types of hazards: chemicals; electricity; moving equipment etc.

  • OH&S laws and regulations also assign employers a General Duty to provide safe (or at least safe enough) workplaces for their employees. These include generalized requirements for employers to establish broad OH&S program, such as:

    • Canadian requirements to establish Hazard Prevention Programs, overseen by the federal Labour Program and provincial agencies.

    • US guidelines for Health and Safety Programs provided by the federal Occupational Safety and Health Administration and state agencies, and reflected in mandates in some states (such as California’s Injury and Illness Prevention Program requirement).

  • Professional guidelines set by industry-level and professional associations target relevant situations.

Every workplace in North America faces a version of these provisions, but requirements and guidelines aren’t completely consistent. How are employers to design and implement their programs? Many multi-jurisdictional organizations establish consistent and comprehensive baseline programs by adhering to the OHSAS 18001 (Occupational Health and Safety Assessment Series), which is the most widely-used international voluntary certification system.

What Does OSHAS 18001 Do?

The Standard provides detailed a detailed framework for OH&S management systems, leaving organizations’ with flexibility to tailor specific elements to fit their individual needs – which will reflect applicable OH&S compliance requirements, organizational activities and policies, and probably insurance providers’ specifications as well. The Standard consists of broad elements, with substantial details to ensure that the following are evaluated systematically:

  • Identification of OH&S regulatory issues affecting entity/facility processes and products.

  • Existing organizational OH&S policies and procedures (including those incorporating or associated with environmental health and safety management program).

  • Organizational- and facility-specific policies in place and utilized to manage OH&S issues.

  • Evaluation of personnel training and expertise to evaluate that competent personnel are present to carry out OH&S policies, programs, and tasks.

  • Evaluation of organizational resources and support to address OH&S issues.

  • System in place to maintain all required OH&S records and documents.

  • Methods by which OH&S safety performance is measured and results communicated.

  • Management and oversight of organizational- and facility-specific OH&S issues.

Why Conduct a Gap Analysis?

In 2014, every employer’s organization will have some sort of OH&S management program, probably developed to provide OH&S compliance and probably with elements tailored by organization-specific activities and policies, insurance provider conditions, etc. The first step toward evolving this home-grown program to meet OHSAS OH&S is to compare the two, using what’s commonly called a “gap analysis.” As the term suggests, a gap analysis is designed to find the “gaps” in an organization- or facility-level OH&S management system as compared to the specific provisions in OHSAS 18001. This is accomplished by detailed review of an existing program, designed to identify and document any deficiencies that must be addressed to conform with OHSAS 18001 requirements, and also to assess the tasks and level of effort required to meet OHSAS 18001 certification requirements.

Gap analyses typically apply three levels of review:

  • Paper review (interviews and minor document review).

  • Reality review (interviews, significant document review, and facility inspection).

  • Pre-assessment review (more detailed reality review with significant probing for system defects).

Where Can I Go For More Information?

• British Standards Institute OHSAS 18001 webpage 

• OSHA Health and Safety Guidelines webpage 

To help with this process, STP has produced a Gap Analysis which allows users to see the relevant ISO/OHSAS guidelines, to follow the certification and compliance criteria, to produce a summary of any existing gaps in their Management Systems, and to create a corrective action plan to improve compliance performance.

Specialty Technical Publishers (STP) provides a variety of single-law and multi-law services, intended to facilitate clients’ understanding of and compliance with requirements. These include:

Like What You've Read? Subscribe to Our Blog Now

About the Author Elliott is President of Touchstone Environmental and has been a major contributor to STP’s product range for over 25 years. He was involved in developing 16 existing products, including Environmental Compliance: A Simplified National Guide and The Complete Guide to Environmental Law.

Mr. Elliott has a diverse educational background. In addition to his Juris Doctor (University of California, Boalt Hall School of Law, 1981), he holds a Master of Public Policy (Goldman School of Public Policy [GSPP], UC Berkeley, 1980), and a Bachelor of Science in Mechanical Engineering (Princeton University, 1977).

Mr. Elliott is active in professional and community organizations. In addition, he is a past chairman of the Board of Directors of the GSPP Alumni Association, and past member of the Executive Committee of the State Bar of California's Environmental Law Section (including past chair of its Legislative Committee).

You may contact Mr. Elliott directly at:

Tags: Corporate Governance, Business & Legal, International, Health & Safety, Environmental risks, Environmental, EHS