Sky high thinkers

Welcome to the Libryo blog
close

Categories

Subscribe to Email Updates

Popular Stories

Is it EHS, SHE, HSE, HSSE, SHEQ or OHS and what’s the difference? Mar 26, 2021
ISO 9001:2015 Legal Requirements - Why it's critical to drop manual approaches Jul 28, 2017
5 Simple Ideas For Your Company To Reduce its Environmental Impact Apr 25, 2023
What is a Legal Register? Jan 13, 2017
101 Guide to the Latest Sustainability Regulations and Standards Oct 24, 2023
Categories | Subscribe | Populars
Welcome to Libryo’s Sky high thinkers blog, where thoughts on legaltech, sustainability, law, compliance and technology converge. Filter by topic or popular reads and share your thoughts with us and others. If you have a topic that you’d like to see covered, drop us an email: info@libryo.com

Stay in the know by receiving monthly email updates directly into your inbox.

So, Your ISO 14001 Auditor Says You Need a Legal Register?

Written by Garth Watson
on November 25, 2024
 
Your auditor may actually be wrong...
 
Every company is at a different point in its legal compliance management journey. Whether your company is about to be certified in terms of an ISO or other standards, or has maintained its certification for a number of years, or you have an audit coming up or just passed, you will (probably initially, but often eventually) hear your certification or recertification auditor (as the case may be) utter the words: "You need a legal register".
 
In making this finding or observation, your auditor will be referring to one of the sections of the management system standard.
 
In this post we'll call it "the requirement" and it reads something like this (this is a slightly edited version of a portion the ISO 45001 standard):
The organisation shall establish, implement and maintain in a procedure(s) for identifying and accessing the legal and other requirements that are applicable to it.
The organisation shall ensure that these applicable legal requirements and other requirements to which the organisation subscribes are taken into account in establishing, implementing and maintaining its management system.
The organisation shall keep this information up-to-date.
The organisation shall communicate relevant information on legal and other requirements to persons working under the control of the organisation, and other relevant interested parties.

Legal Registers: How the Requirement is Met

 
You'll notice that there is absolutely nothing in this wording that refers to a legal register. To date, legal registers have been the means by which organisations meet the requirement.
 
We typically find that customers who have maintained their management system certification for a number of years are required by auditors to meet the requirement in deeper and deeper ways.
 
This is to ensure that the organisation is continually improving in its management, which itself is one of the fundamental tenets of management system standards.
 
These deeper and deeper re-certification audit findings are typically as follows:
  • For each line in your risk assessment you need to identify the applicable legal requirements
  • Your company wide legal register is not enough, you need to make it specific to each operation in question.
Many organisations have a central legal register, which is updated from time to time. The site specific legal registers are then manually updated every so often and the legal requirements to risk assessments are then updated manually too. This method of updating of legal registers and risk assessments is normally performed by time-poor managers of management systems.
 

New Technology, New Methods, Even New Standards, but...

 
A lot has evolved and progressed since the initial ISO standards were developed to reflect the world and environment today. There has also been astounding leaps in technology and a fundamental shift in the way businesses consume software, with SaaS opening up a world of possibilities that previously were not possible. These changes have allowed companies to save time on their legal compliance and management system functions, allowing managers to focus on other important things.
 

However, the manner in which companies attempt to meet the standard doesn't always seem to align with these advances, with manual methods still being used to fulfil the deeper and deeper recertification findings.

It is possible to meet the deeper and deeper recertification requirement manually, in the same way that it is possible to reproduce the Bible through the work of a scribe! This only leads to time poor managers having to spend precious resources and immense cost to the organisation, to do something manually, that ought not to be.

 

LegalTech for Management Systems and Continual Improvement

Legal registers which are delivered in Microsoft Word, Excel or online in a Web 1.0 method have severe limitations in their ability to deliver on the deeper and deeper recertification requirements. These manual legal registers will ultimately cost an organisation in wasted time, human error and potential risk of non-compliance.

Fortunately, LegalTech has advanced to such a degree that it is now possible for any person, in any organisation, to know, understand and action its legal obligations through using the LegalTech. It can be delivered as a cloud-based solution and provide the precise legal requirements, per site, to any given organisation.

This means the continual improvement that is required by management system standards can be met with greater accuracy, without placing a huge drain on an organisation's most precious resources: its people.

So, the next time that you hear "You need a legal register", send them this blog as there is a better way!

 

📗 Suggested Next Read: Why Libryo Streams® have made legal registers obsolete