-
- Certification
- Topics
- Climate change
Climate change
Since 23.02.2024, two new requirements apply to several ISO management system standards in section 4.1 on the context of the organisation and in 4.2 on the requirements and expectations of interested parties.
Climate change considerations are to be included.
Contact
Reason
The London Declaration on Combating Climate Change through Standards was adopted by all ISO member organisations at the 2021 General Assembly and defines ISO's commitment to implementing the global climate agenda.
At the ISO Technical Board meeting on 19 September 2023, the TMB (Technical Management Board) agreed that an addendum on climate change will be added to the overarching ISO/IEC Directives Annex SL (specifically: Part 1, Consolidated ISO addendum, Annex SL, Appendix 2 (Harmonised structure for MSS (management system standards)). This means that an amendment will be published for all ISO standards for management systems to publicise this change to Annex SL.
On 23 February 2024, ISO and IAF published a communiqué on the inclusion of climate change in management system standards. The purpose of this communiqué is to draw attention to the publication of the "Climate Action Amendments" to existing and new ISO standards for management systems (MSS).
This is to ensure that climate change issues are considered by the organisation in the context of the effectiveness of the management system, in addition to all other aspects. These added statements in each management system standard ensure that this issue is not overlooked but considered by all organisations in the design and implementation of the management system.
The Changes
The amendments consist of two added statements:
4.1 Add the following sentence at the end of the subclause:
The organisation shall determine whether climate change is a relevant issue
4.2 Add the following note at the end of the subclause:
NOTE Relevant interested parties can have requirements related to the climate change.
From now on, these two points must be audited when management systems are audited by certification bodies.
The additional requirements relate to 31 existing standards. These include the frequently applied standards.
ISO 9001:2015, ISO14001:2015, ISO 20000-1:2018, ISO 21001:2018, ISO 22000:2018, ISO 22301:2019, ISO/IEC 27001:2022, ISO 45001:2018, ISO 50001:2018.
IAF will issue directives for certification bodies.
Explanations
These are not new requirements, but rather a clarification. The general intention of the requirements in sections 4.1 and 4.2 remains unchanged. These sections already include the need for the organisation to consider all internal and external aspects that may influence the effectiveness of its management system.
The new elements are intended to ensure that climate change is considered in the management system. ISO wants to express that climate change is an external factor that is important enough for society to require organisations to take it into account.
It should be noted that climate change can have a different impact on each type of management system. For example, the impact on a quality management system may be quite different from that on an occupational health and safety management system.
The amendments are not intended to turn, for example, an occupational health and safety management system audit or a road transport safety management system audit into an audit that takes climate change disproportionately into account, which of course is not to underestimate the importance of climate change.
IAF and ISO would like to emphasise that climate change is an important issue, and that the addition of climate aspects is very important. The standards for management systems have so far already included the need for the organisation to consider all issues related to the management system. Therefore, many organisations that have implemented a management system have already taken climate change into consideration.
The topic is addressed in the audits. The standard version does not change. No new certificates are issued.
Conclusions
The measure seems somewhat hectic and unconventional when you consider the procedure for the further development of ISO standards. Due to the "ISO London Declaration" (24 September 2021), it was probably necessary to take visible measures.
No transition period is planned.
The added requirements do not demand the use of a specific method and are vaguely formulated.
In principle, influences due to climate change from the context and the demands of interested parties are already included in the standards if they are relevant. The additions mean that climate change must be mentioned by name.
To base the influence on organisations solely on the direct consequences of an increase in the average temperature by more than 1.5 °C is certainly not enough. On the other hand, to see an influence on the climate behind every activity of an organisation is going too far. The influences of the environment as a whole and the interested parties are manifold. New laws can be expected (climate protection law), suppliers can change products (circular economy, recycling, upcycling), transport costs can rise, transport routes can be influenced. Customers can make demands (CO2 neutral production) etc.
Millions of organisations have implemented and are certified to one or more of the ISO management system standards across a wide range of industries, types and sizes of organisations operating in different geographical, cultural, and social conditions. Climate change is an issue that can impact many different areas of an organisation: Supply chains, employee health and safety, availability and use of resources and energy, business continuity and resilience, asset management and meeting customer, consumer and contractual requirements and other expectations of relevant stakeholders.
A common misconception is that climate change considerations are limited to organisations that have chosen to implement an environmental management system such as ISO 14001. In fact, most organisations are likely to be affected by climate change in one way or another and may need to adapt to it to continue to meet their objectives and strategic purpose. Organisations may also choose (or be required by relevant interested parties) to take action to mitigate climate change as part of their operations. Both elements, climate change adaptation and climate change mitigation, are now addressed in the harmonised structure for management systems.
For users of management system standards, determining the issues that are relevant to their scope and purpose is not a new requirement. Many organisations have already considered how climate change may impact their business and have determined whether it is a relevant issue to address in their context. This in turn will have been incorporated into their policies and objectives and implemented as part of their risk and opportunity management processes.
For organisations that are now beginning to understand how climate change adaptation and mitigation could impact their operations, this change in the text of the Harmonised Structure will provide additional motivation.
Implementation
The consequences of the additions are different for each organisation. The aim is to analyse the situation with suitable measures to determine the relevance of the issues and then implement measures:
4.1 Add the following sentence at the end of the subclause:
The organization shall determine whether climate change is a relevant issue
Procedure: The organisation includes climate change as an external issue in the analysis. The organisation makes a statement on this in the management review.
4.2 Add the following note at the end of the subclause:
NOTE Relevant interested parties can have requirements related to climate change
Procedure: When analysing the requirements of interested parties, the needs and demands in connection with climate change must also be considered.
The need for measures to be defined and implemented results from the analysis. This corresponds to the familiar procedure in improvement management (keyword: PDCA).
The organisation makes a statement in the management review.
Supplementary guidelines
The management of an organisation is responsible for dealing with the context and interested parties. It is one of the fundamental considerations and provides information for defining the vision, mission, mission statement/policy and strategy. Experience from many audits in recent years shows that many organisations struggle with these two topics. Context and interested parties are mixed up. The context is hardly considered, although there is certainly something about it in every description of the strategy. The topic of interested parties is not analysed comprehensively enough and the measures derived from it are not recognisably linked. There is too little recognition that there are two issues that need to be addressed by management and that should have an impact on many activities in the organisation.
For example, if you want to maintain a good relationship with suppliers, this should be recognisable in communication and interaction. Suppliers should be paid on time and, as a result, be considered in liquidity planning. If official regulations have a major influence, developments should be monitored in such a way that changes can be recognised early on, and the company can adapt to them. There are many more examples.
Context
The organisation must determine external and internal issues that are relevant to its purpose and strategic direction and that impact its ability to achieve the intended results of its management system.
The organisation should determine which external and internal issues may lead to risks to its sustainable success or opportunities to improve sustainable success.
The organisation must monitor and review information about these external and internal issues.
The intention is to provide a basic conceptual understanding of important issues that can affect, positively or negatively, the way an organisation manages and implements its management system-related commitments. Issues may be priorities for the organisation, problems that are under debate and discussion, or changing circumstances that affect an organisation's ability to achieve the intended outcomes it has set for its management system.
Examples of internal and external issues that may be significant in the context of the organisation include, for example, for environmental management systems: environmental conditions relating to climate, air quality, water quality, land use, existing contamination, availability of natural resources and biodiversity that may either affect the purpose of the organisation or be affected by the organisation.
An understanding of the context of an organisation serves to establish, implement, maintain and continuously improve its management system. The internal and external issues can lead to risks and opportunities for the organisation or for the management system. The organisation determines those that need to be considered, controlled and monitored.
It is not enough to simply present the context. The resulting measures must be implemented. The context has an influence on the consideration of risks and opportunities, on the planning of measures, on the objectives, on the support (resources, competences, awareness and communication) as well as on the operation, the management evaluation and on improvement processes.
When considering external and internal issues, the organisation should consider relevant information from the past, its current situation and its strategic direction.
Based on the identification of these issues, senior management should decide which of these risks and opportunities should be addressed and initiate the establishment, implementation and maintenance of the necessary processes.
The organisation should consider how to establish a process for monitoring, reviewing and evaluating external and internal risks and opportunities to protect against surprises and take advantage of opportunities.
Interested parties
Interested parties are those who are affected or may be affected by a decision or activity of the organisation. The organisation should determine which interested parties are relevant. These relevant interested parties can be both external and internal, including customers, and can have an impact on the organisation's ability to achieve sustainable success.
The organisation should determine which interested parties pose a risk to the organisation's sustainable success if their needs and expectations are not met and what opportunities these parties can offer to improve sustainable success.
Once the relevant interested parties have been identified, the organisation should identify their relevant needs and expectations and determine which of these should be met to then establish the necessary processes to meet the needs and expectations of the interested parties.
The organisation should consider how it can build lasting relationships with stakeholders to reap benefits such as improved performance, shared understanding of goals and values, and increased stability.
An organisation is expected to have a general understanding (i.e. in principle, not in detail) of the expressed needs and expectations of internal and external stakeholders identified by the organisation as relevant. The organisation considers the knowledge it has obtained to determine which of these needs and expectations it must, or chooses to, conform to, which are its binding commitments.
The needs and expectations of individual interested parties may differ, may be consistent with those of other interested parties, or may conflict and change rapidly. The way in which the needs and expectations of interested parties are expressed and met can take a variety of forms, for example collaboration, negotiation, outsourcing or termination of an activity, so the organisation should consider the relationships between interested parties when addressing their needs and expectations. The composition of interested parties can change significantly over time and between organisations, industries, cultures and nations.
Requirements of interested parties are not necessarily requirements of the organisation. Some interested party requirements reflect needs and expectations that are binding because they are embodied in laws, regulations, permits and licences issued by government or court decisions. The organisation may voluntarily agree to or adopt other requirements of interested parties (e.g., enter a contractual relationship, sign a voluntary initiative). If the organisation adopts them, they become requirements of the organisation (i.e., binding obligations) and it takes them into account when planning the management system.
The organisation must be aware that relationships with interested parties run through individuals. Corporate governance and compliance requirements must be considered.
