skip to main content

More and more EHS professionals are realizing that environmental management is about more than just maintaining regulatory compliance and avoiding the unpleasantries of failure, like fines and reputational risks. Increasingly, industry leaders are finding the benefits of a robust environmental management system focused on achieving positives like resource conservation and cost savings— rather than just avoiding negatives —and are turning to ISO 14001 to guide their journey.

ISO 14001 isn’t new. The International Organization for Standardization (ISO) first published it in 1996, revised it once in 2004 and again in 2015, which is still the most recent version. The 2015 edition reflects the growing industry consensus of that time, which is even stronger now, regarding the importance of acknowledging “societal expectations for sustainable development, accountability, and transparency,” which form a central part of an Environmental, Social, and Governance (ESG) approach.

In this two-part series “An Overview of ISO 14001,” we’ll see how ISO 14001 can benefit your environmental performance and even support your journey toward greater ESG maturity.

In this first installment, we’ll break down some key aspects of ISO 14001 and explain how they can help EHS professionals determine their key environmental aspects and impacts and create an environmental management system that works.

ISO 14001 Overview

Before we begin talking about how ISO 14001 can help you better structure your environmental management system, we need to establish a couple of ground truths about the standard itself, and about what an environmental management system is – and isn’t.

How ISO 14001 (and Other ISO Standards) Work

Let’s start by clarifying ISO 14001 itself. ISO develops a number of guidance documents and standards on different aspects of business, which are intended to provide a framework of recognized best practices for organizations to voluntarily follow.

Standards ending with a “1”, such as ISO 14001 for environmental management; ISO 9001 for quality management; and ISO 45001 for occupational health and safety (OH & S) management, are intended for organizations to use for certification purposes. That is, if an organization decides to go all-in on following 14001, they will need to first get themselves in order, and then enlist an approved third-party service provider to complete an audit to ensure they’re doing what the standard, as well as their own policies and programs, say they’re doing. The auditor will consider any discrepancies identified to be nonconformances and classify them as either major or minor. An organization will generally need to correct and verify the correction of major nonconformances before completing the certification process. Once they do get their certificate, all operating locations covered under the certification will be on a 3-year recertification cycle. Within those three years, the auditing service will inspect the operational headquarters annually and inspect other locations on a schedule determined by the company’s management.

Standards that don’t end in a “1,” like ISO 31000 for Risk Management, are provided for general guidance only. Any organization can choose to follow that guidance and there is no certification to pursue, whether the company would have wanted to or not. Organizations can also choose to follow standards ending in a “1” but not pursue certification.

The key point, in either case, is that no ISO standard, including 14001, creates any additional legal or regulatory compliance requirements, and the decision to follow (or in appropriate cases, to certify to) a standard is always voluntary for any given organization. As I mentioned above, an organization that does make the choice to follow a standard will have additional responsibilities— doing what the Standard says they should do as well as what their own internal policies and programs say they’re doing and letting a third party come in to verify that. But, there is no regulatory oversight or enforcement for ISO standards, because the standards are not regulations.

What is a “Management System?”

This is a question I receive often, usually from someone inquiring about either an environmental or occupational health & safety management system. Related questions include, “Where can I buy one?” or “Does this technology/software/service ensure that I’m checking all the boxes to align with ISO 14001 or 45001?”

These questions show the common misunderstanding of what a management system truly is.

For starters, you can’t buy a management system as defined by ISO the same way you buy a new computer or a deli sandwich, because a management system is not something you can just buy. Alongside that, no one can sell you a management system, either.

To understand why, let’s look at how ISO 14001 defines the term “management system.” In its “definitions” section, 14001 defines a “management system” as a “set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives.” In an added note to the definition, 14001 further explains that “the system elements include the organization’s structure, roles and responsibilities, planning and operation, performance evaluation and improvement.”

What this really means is that the reason you can’t just buy and unbox a management system is because it consists of all the people, programs, policies, metrics, job-specific work instructions, and cultural aspects that collectively affect your environmental performance. A safety management system consists of your EHS team, all your employees from the shop floor to the C-suite, your individual facility’s environmental policy manual, and all the standard operating procedures (SOPs) for all work tasks that have environmental aspects. A good shorthand to remember is that your system consists of “people,” “policies,” and “places”, as shown in the images below.

People Places Programs 1024x446 1

Obviously, this is highly specific to your organization and each of the facilities included in your management system, and something that you must build up purposefully and organically.

Modern technology and software tools can help develop your system a great deal, yes. They can play an important role in simplifying your key management tasks, capturing and providing access to your data, and facilitating the kind of engagement in your environmental programs that you need to be successful. But, we should never mistake the tools for the management system itself.

Keeping all of that in mind, let’s move on to see how following ISO 14001 can help improve our management system performance.

Context of the Organization

Internal and External Context

Let’s start with the big picture. Section 4.1 of 14001 states that an organization must determine “the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its environmental management system.”

It’s important to think holistically at this stage because so much of what’s to come depends on it. When looking at our internal context, we need to look at the obvious things like our operations, the nature of our facilities (Large? Small? New? Old?), the types of raw materials used and stored, and how much of them wind up as waste, emitted into the air or discharged into the water. But it also includes less obvious things, like some of the gaps we may have in resources or communication that keep us from achieving better environmental performance.

When examining our external context, we need to look at the evolving regulatory framework, including the agencies and specific regulations with oversight over your organization? But you should also look beyond that at broader trends, such as public and external stakeholder expectations. For example, an increasing focus on ESG is prompting many organizations to start tracking all of their greenhouse gas emissions (GHGs), examining the full life cycle of their products, and making safer and more sustainable choices when it comes to their resources and product ingredients.

We’ll talk more about how ISO 14001 can help you navigate your ESG journey in the next installment of this series.

Needs and Expectations of Interested Parties

Section 4.2 states that the organization must determine the interested parties relevant to the environmental management system. ISO 14001 defines an “interested party” as a “person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity,” and explains that the category includes not only employees, but also customers, communities, suppliers, regulators, non-governmental organizations. The standard states that the organization must assess the relevant needs and expectations of those interested parties, and which of those needs and expectations create regulatory compliance obligations.

In other words, the “needs and expectations” of regulatory agencies must receive their due weight, because those can actually create environmental compliance obligations. This reinforces the idea that a proper understanding of the organization’s internal and external context is tightly connected to, and a foundation for, managing its environmental compliance.

ISO 14001 Environmental Management System

Here’s where an organization uses its analysis of context and interested parties to, in the words of Section 4.3, “establish, implement, maintain and continually improve an environmental management system.”

A take-away here, hearkening back to an earlier point, is that an effective environmental management system needs to be highly specific to the company implementing it. No other organization has the exact same external and internal issues, and no other is likely to have the same “needs and expectations” of interested parties as your organization. That means your environmental management system needs to be as unique as your organization.

Another key aspect of your approach according to 14001 (as well as all ISO standards!) is a commitment to continuous improvement via the Plan-Do-Check-Act (PDCA) model, as shown below. Organizational leadership is central to the PDCA process, and when it is applied to all aspects of the environmental management system, it increases the likelihood of achieving the intended goals and outcomes.

Pdca Cycle 1024x425 1

Aspects and Impacts of ISO 14001

Section 6.1.2 of 14001 states that the organization must identify “those aspects that have or can have a significant environmental impact.” An Aspects & Impacts analysis is a kind of risk analysis in which you take a broad view of your organization’s activities, with an eye focused on those with some form of environmental significance. In doing so, you also need to remember the context of your organization and should consider any aspects linked to your business that are not under your direct control, such as Scope 3 GHG emissions from off-site third-party incineration of wastes.

A non-exhaustive list of considerations to review in your analysis includes:

  • Which process operations have associated wastewater discharges? Are those discharges likely to contain contaminants and require coverage under a discharge permit?
  • Which processes in my operations generate waste? Do I know if those wastes are hazardous? If they’re hazardous, do I know my generator status, and am I in compliance with the associated requirements? Are there waste minimization strategies that I can use to drop to a lower generator status and reduce compliance burden?
  • Which operations have associated air emissions? Do the emissions levels of regulated contaminants such as HAPs and VOCs trigger air emissions permitting requirements? Don’t forget to consider emissions from on-site boilers, which are sometimes out of sight, out of mind but can often require coverage under air emissions permits, including local permits.
  • Do you store bulk quantities of hazardous chemicals? If so, it’s possible that you’d trigger specific regulatory requirements such as OSHA’s Process Safety Management (PSM) rule, EPA’s Risk Management Plan (RMP) rule, or EPA’s Spill Prevention Countermeasure and Control (SPCC) Plan rule. You may also trigger Hazardous Chemical Inventory Form (Tier II) reporting, especially if any chemicals in your inventory are listed as Extremely Hazardous Substances (EHSs) in 40 CFR Part 355, and are reportable at much lower storage thresholds.
  • Do you store chemicals or conduct operations outdoors? If so, there is a greater risk of environmental and community impacts in the event of an accidental release of chemicals. There is also a likelihood that outdoor activities may impact stormwater pathways and require coverage under a stormwater discharge permit.
  • Which aspects of your business consume the most energy? Be sure to look at process operations as well as energy consumed in comfort heating and air conditioning, and energy consumed in off-site activities.
  • Start forming a picture of all your GHG emissions across all 3 scopes. Scope 1 emissions are from sources under your direct control, Scope 2 include indirect emissions such as utility sources, and Scope 3 include external sources not controlled by (but related to) company activities. Depending on your management maturity level, you don’t necessarily want to leap straight into trying to track and manage all 3 scopes, but it’s a good idea to be aware of them, because internal and external stakeholders including investors increasingly focus on GHG management as a central facet of ESG, and demand better performance and better transparency.

The standard specifically states that in determining its aspects and impacts, the organization needs to take into consideration:

  • Planned changes, including new developments, and new or modified activities, products, and services; and
  • Abnormal conditions and reasonably foreseeable emergency situations.

These considerations show an important connection to management of change (MOC) and emergency planning, which we’ll discuss in the next installment of this series.

Key Takeaways on ISO 14001

Here are some key takeaways for now, with more to come in our second installment!

As we can already see, ISO 14001 has many insights to offer on how to most effectively structure our environmental management practices. Here are some key takeaways from what we’ve covered so far:

  • Environmental management systems are not “one size fits all.” They’re not “just add water and grow,” and you can’t buy them because they’re not for sale. Your system consists of the people, policies, and places unique to the challenges and opportunities of your organization.
  • To get environmental management right, you need to have the kind of integrated view of your organization and its operations that can only come from engagement with key stakeholders inside and outside of your company doors.
  • You need to think carefully about which of your organization’s activities have environmental impacts, such as wastewater discharges or waste generation.
  • You must widen your consideration beyond your operations as they are under normal conditions, and develop and implement emergency plans and MOC procedures.

Be on the lookout for the second and final installment of our Overview of ISO 14001, in which we’ll cover how you can use the standard to inform your environmental compliance strategy, establish environmental objectives, targets and programs, evaluate your performance, and support your journey from EHS to ESG.

Let VelocityEHS Help!

VelocityEHS Environmental Compliance gives you the visibility and control to improve all facets of environmental management. We can help you manage your air emissions, water discharges, and wastes, with ability to access your most important data in one place and streamline key regulatory reporting responsibilities.

As always, please feel free to contact us to learn more about how we can help you reach your environmental and ESG goals.

Introducing ESG QuickTakes: A Sustainability E-Newsletter!

Master ESG with our NEW quarterly publication. Get expert insights on regulations, energy management, and sustainability delivered straight to your inbox.

Subscribe Now