There are similarities between the requirements in the ISO 14001 and OHSAS 18001 standards. Section 4.3.2 of OHSAS 18001 – like Section 4.3.2 in ISO 14001 – requires that an organization establish a procedure to identify its applicable legal and other requirements.
Many companies use some sort of matrix – to document the results of their determination of which legal and other requirements are applicable to them. This is often called a Legal Register. This matrix or Legal Register provides the answer to the question – “What are the legal and other requirements we must comply with?” Development of the legal register is a best management practice and not a requirement of ISO 14001 or OHSAS 18001.
It is not only a requirement to determine the applicable OHS requirements but to also “ensure that these applicable legal requirements and other requirements to which the organization subscribes are taken into account in establishing, implementing and maintaining its OH&S management system.”
An example would be:
Activity – Storage and handling of anhydrous ammonia in abc and xyz department(s)
Regulatory and Other Requirements Citations – 29 CFR 1910.111, ANSI B31.5, ASTM A-53-69
Identified Legal and Other Requirements –
- Inspect all equipment and systems used for the storage and handling of anhydrous ammonia to determine they meet the following specified requirements in the OSHA standard and the ANSI and ASTM consensus standards (actual requirements spelled out here in detail, or even better, in a detailed checklist that can be used for the inspection)
- Mark all containers with nameplates and markings.
- Train individuals in anhydrous ammonia unloading procedures
When identifying legal requirements, it is helpful to start out with an “action word” such as inspect, mark, train, notify, record, document, establish….etc. The most important legal requirements are the ones that require that some action be taken and it is important to clearly identify what that action is. In some cases, this will require careful reading of the regulation or standard to determine what action is needed to ensure compliance.
What OHSAS 18001 does not require, but ISO 14001 does, is the identification of how each identified legal and other requirement applies to the aspects the organization has identified. First, there is no such thing as “aspects” in an OHSAS 18001 OHSMS. What you need to identify in your OHSMS is OH&S hazards not aspects. In addition, each OH&S hazard is not required to be tied to a specific legal requirement nor are identified legal requirements required to be tied to specific OH&S hazards. However, I have done many risk assessments where we do link the requirements to specific hazards and this does help control overall compliance activities.
What is important is that you (1) identify WHAT needs to be done to be in compliance, (2) establish processes to take the required actions as an integral part of your OHSMS and (3) evaluate whether or not the appropriate compliance actions has been completed (see Section 4.5.2 of OHSAS 18001).