6.1.3 Determination of Legal and Other Requirements [ISO 45001 Procedure]

Is it a requirement to maintain documented information on legal and other requirements?

Why?

Risks and opportunities to your organization may arise from them. These may be positive or negative and should be investigated and monitored using a 'Requirements Register.'

Examples

Applicable laws and regulations or voluntary commitments — such as organizational and industry standards, contractual relationships, principles of good governance and community and ethical standards.

Step 1: Identify Relevant Health and Safety Legislation

Maintain an indexed list of relevant legal requirements and other requirements, such as standards and procedures, in connection with identified safety-critical tasks and associated hazards by referencing the minimum acceptable legal, industry standards, and technical specifications against the associated equipment and operating routines.

Ensure that all identified occupational health and safety hazards are evaluated and understood in terms of current legislation, including as appropriate:

• Health and Safety at Work Act 1974
• Health and Safety (First Aid) Regulations 1981
• The Regulatory Reform (Fire Safety) Order 2005
• Workplace (Health, Safety and Welfare) Regulations 1992
• Management of Health and Safety at Work Regulations 1999
• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013
• Control of Substances Hazardous to Health Regulations (COSHH) 2002
• Safety Representatives and Safety Committees Regulations 1977
• Lifting Operations and Lifting Equipment Regulations (LOLER) 1998
• Provision and Use of Work Equipment Regulations (PUWER) 1998
• Health and Safety (Consultation with Employees) Regulations 1996
• Building Regulations 2000

Legal and other requirements which are relevant to your organization can be identified using websites such as:

• www.hse.gov.uk/guidance/index.htm
• www.legislation.gov.uk
• www.cedrec.com/home/index.htm
• www.croner.co.uk

Step 2: Evaluate Legal Requirements Arising from Legislation

The Health and Safety Manager should assess all relevant occupational health and safety-related legal requirements, regulations, and Approved Codes of Practice (ACoPs) using http://www.legislation.gov.uk that are applicable to your operations, have been identified and evaluated to assess their potential impact on the company’s operations.

The company should evaluate its compliance with legal requirements on an annual basis. This will involve reviewing current and any new legislation. The Legal Requirements Register will be used to evaluate legal compliance. (Codes of Practice and HSE & Environmental Agency guidance will also be considered.)

Where regulations, permits, and consents contain specific compliance requirements, these should be incorporated into your objectives and your mechanism for setting targets. Other requirements will be identified through interested parties, such as insurance brokers' and insurers’ requirements, those imposed by the Institute of Occupational Safety & Health (IOSH), or the requirements of Membership to ROSPA, IOSH, CRONER, etc.

Step 3: Document Legal Requirements

The evaluation of legal requirements should be documented within a Legal Requirements Register in order to identify and demonstrate the applicability of how the company complies with current health and safety legislation.

Following the initial assessment of the legal requirements, consider capturing the relevant information in a document. A spreadsheet may be useful for this purpose. The Legal Requirements Register includes a brief description of each regulation's requirements and how your company complies with them.

Other requirements will also be identified and considered by interested parties. Any requirements will be entered on the Legal Requirements Register. Additionally, the Legal Requirements Register should be saved on the company network to ensure staff access.

Step 4: Determine Applicability of Other Requirements

Other requirements include those of interested parties and workers, national and international standards, contract requirements, business codes, guidance notes, codes of practices, technical memoranda, and practice notes produced by government agencies and professional institutions.

• Subscription to publisher legal update newsletters
• Membership of trade associations
• Research via reputable government websites
• Use of competent consultants
• Competent employee membership of occupational health and safety institutes
• Employee attendance of occupational health and safety training courses

Other requirements can result in risks and opportunities for your organization. The needs and expectations of interested parties only become requirements for an organization if it chooses to adopt them.

Step 5: Review the Legal Requirements Register

The Legal Requirements Register (included in our OH&S Template) should be reviewed for adequacy (both for new regulations and updated regulations) at least once a year by the Health and Safety Manager who will report findings during the Management Review meetings. HSE updates occur during April and October each year.

The Health & Safety Manager evaluates compliance with legal and other requirements on an ongoing basis and through various means, and via http://www.legislation.gov.uk, which assists your organization in complying with its legal and other requirements.

Any changes to our legislative requirements must be communicated to the workforce and any other person who may be affected, e.g., contractors and where required, additional training should be provided for anyone affected by the changes.

Step 6: Monitor Compliance

Monitoring compliance with legal requirements and regulations is necessary to ensure that safety risk controls, applied in the form of regulations, are effectively implemented and monitored by your organization. The causes and contributing factors of any non-compliance should also be analyzed and addressed.

The legal compliance audits are conducted by competent, in-house personnel or a qualified, independent third party. Competent personnel/third parties should hold a minimum of 2 years of on-the-job training or an equivalent combination of training and formal education in health and safety law and legal compliance.

When repeat compliance audits find zero non-compliances, the frequency of compliance audits should be reduced. The auditor should report legal compliance audit findings at the next Management Review meeting. Where additional legal requirements are identified when the compliance auditor reviews the list of legal requirements, these must be reviewed and considered by Top management.

Ensure that the requirements of any new legislation that may be placed on your organization are communicated to all relevant levels and functions within the business and are assessed through the internal audit process.