To achieve multi-jurisdictional compliance under standards including ISO 14001 and 50001 and OHSAS 18001, understanding and applying the law of each jurisdiction in which your organisation operates is a necessity.
To this end, there are two key challenges for an organisation operating at multiple sites and/or in multiple jurisdictions:
- Understanding the legislation, regulations and directives (‘laws’) pertinent to the activities being undertaken in each jurisdiction
- Achieving confidence in the business’s level of compliance with those laws
What at face value appears to be a black and white situation quickly becomes grey as operators dig into the detail of their business. A number of questions may be exposed:
1. What jurisdiction(s) am I operating in?
Do you think you are running your business in Spain, Italy, and Germany? Perhaps you should consider that you actually operate in the Cantabrian Autonomous Community, the Marche Region, and Hesse Lander. Taking these three, relatively complex, European Union members as an example, in just three countries, you could be operating in 53 jurisdictions (and that does not consider the added complexities of local byelaws which may exist in single cities and provinces).
2. What level of detail do I need to cover?
From a pragmatic perspective, the creation of central legal registers to collect laws at a European, National, Regional, and Local level should be (in the writer’s opinion) considered in light of the law of diminishing returns. Any organisation operating in multiple jurisdictions must decide what is important to include in its legal register from an EH&S perspective.
For example, Kirkby Lonsdale in the English County of Cumbria has a local bye-law prohibiting members of the public from jumping off a bridge at a local pleasure spot. It is fair to say that the benefit of including this bye-law (and assessing compliance against it) in a health & safety register for a local organisation would be marginal at best.
3. What can I afford to source?
There is also a cost angle to consider: to fully map all the law relevant in the Lugo province in Galicia is likely to require the engagement of a local individual. Alone this might be practical (if that individual can be found). However, can this scale across the other 49 provinces of Spain? In today’s competitive business environment, it is unlikely many organisations will have the financial resources to plough into this kind of activity. To an extent, this is the type of tacit knowledge you might expect your factory manager to have, in much the same way that you expect that he knows to direct 44 tonne trucks down certain roads to avoid structurally weak bridges.
4. What does my certification auditor expect to see?
As commercial operations, certification bodies are under similar constraints to the organisations they audit with regards to having a full understanding of local law. The certification body must be given confidence that you present a well-organised, proactive organisation with well-documented legal registers. However, they are highly unlikely to work through endless lists of local ordinances seeking to ‘catch you out’.
5. How can we feel confident that compliance is being assessed?
There is one person who really cares about feeling confident about compliance: you – hence this section catching your eye. You probably sit in a QHSE role responsible for several sites, perhaps at a country or pan-continental level.
But why do you want to feel confident about compliance? There are two main drivers within the multi-jurisdictional business:
- The desire to retain your certification
- But most importantly: ensuring that corporate does not find out about non-compliance first through local or national media.
Clauses 4.5.2, 4.3.2 and 4.6.2 of the previously mentioned standards all stipulate a requirement to assess compliance with applicable legislation on an on-going basis. However, the practical business risk of negative publicity due to non-compliance is at least as important to many businesses.
Central visibility of dispersed activity increases corporate confidence in the operations’ legal compliance. When implementing an approach to provide confidence on compliance, the QHSE practitioner must consider two things: collecting enough information, balanced against ensuring that any approach taken can be easily mastered by non-specialists.
This can only be effectively achieved at reasonable cost through the delivery of questionnaires via technology – be this MS SharePoint, an internal reporting solution, or a contracted solution like thePegasus Legal Register.
Conclusion
Achieving and maintaining legal compliance can be a huge challenge for companies operating a number of sites across multiple jurisdictions. Addressing this challenge means organisations must take a closer look at their businesses requirements and constraints and make an informed choice about the level of compliance risk that is acceptable to their operations. While there are a number of methods for identifying relevant legislation and monitoring your company’s compliance, cost, comprehensiveness, quality and corporate visibility should all be considered when selecting a solution.
The standard will provide guidance for improving worker health and safety and will be overseen by ISO Project Committee (PC) 283, Occupational health and safety management systems – requirements.