ISO 45001 State, Local and Federal Regulations

How to identify and comply with legal requirements

Complying with legal regulations is one of the most important requirements of ISO 45001. When it comes to occupational health and safety (OH&S), this should be your organization’s number one priority. ISO 45001:2018 provides a framework for identifying and monitoring compliance with local, state and federal regulations regarding OH&S. When your organization is working towards meeting the requirements of ISO 45001, you must also identify and meet the legal requirements that apply to your organization. One way to ensure that your organization is meeting legal requirements is by using Key Performance Indicators. 

Where does ISO 45001 standard mention legal requirements?

ISO 45001 mentions legal requirements in several places. The introduction of ISO 45001 states that legal requirements must be considered throughout the plan-do-check-act cycle. 6.1.3 is the most important clause of the standard when it comes to legal requirements of OH&S. Several other clauses such as 5.2, 6.2, 9.1.2 and 9.3 also acknowledge legal requirements. We will discuss legal requirements in context of ISO 45001 in numeric order.

5.2 OH&S Policy

The first time legal requirements is mentioned in the ISO 45001:2018 standard is in clause 5.2. 5.2 states: when an organization establishes, implements and maintains an OH&S policy that it includes a commitment to fulfil legal requirements and other requirements.

6.1.3 Determination of Legal Requirements and Other Requirements

6.1.3 is the most important clause in regards to legal requirements. The organization must adhere to the following:

1. Verify and have access to current legal requirements along with any other requirements that are applicable to its OH&S management system.
2. Determine how the legal requirements and other requirements relate to the organization and what the organization needs to communicate. To keep up to date with the requirements you may consider subscribing to a service like Nimonik.com or BLR.com.
3. Take these legal requirements and other requirements into consideration when establishing, implementing, maintaining and continually improving its OH&S management system.

Furthermore ,it is a requirement for the organization to maintain documented information on its legal requirements and any other documents that are necessary to show that it is up-to-date with the current regulations that apply to the organization.

6.2 Objectives

When your organization is determining its objectives it is mandatory that you consider all legal requirements that may affect these goals. The organization needs to document how they plan to comply with legal requirements. When you are identifying applicable legal requirements that the organization is either not compliant with or only partially compliant with, it is now that you should create a plan to become compliant. In the implementation phase, the organization should have instruments in place for dealing with legal requirements.

9.1.2 Evaluation of Compliance

Periodic evaluations are mandatory to ensure that your organization is compliant with legal and other requirements. Being compliant must be ongoing and records of periodic evaluations need to be kept.

If a noncompliance is found during an evaluation, the organization is required to take corrective action immediately. In some cases, corrective action might entail informing authorities depending on the specific legal requirements and the extent of the noncompliance.

9.3 Management review

Clause 9.3 requires that top management reviews the OH&S management system. Management must be aware of any nonconformances and ensure that the organization is meeting all requirements of ISO 45001 along with any legal regulations. The results of an evaluation of compliance are one of the mandatory inputs in the management review.

When your organization implements ISO 45001, it is a proven and efficient tool to achieve and maintain legal compliance as well. When you meet the requirements of ISO 45001, you will be compliant with legal requirements which will prevent your organization from unintentional violation of legislation, and possibly prevent ill health and injuries in the workplace.