Climate change has become a burning issue in recent years and impacts not only individuals but businesses at various levels. Considering this, the International Organization for Standardization (ISO) has taken a big step towards integrating climate change considerations into management systems standards.
This decision, in line with the ISO London Declaration on Climate Change, recognizes the need to consider how climate change affects achieving management system goals. These changes will affect existing standards and all new ones in development.
In this article, we'll explore what these changes are, how they can be implemented into your organization’s management system and the significance of ISO's move towards a greener future.
What are the changes in the amendment?
This amendment is incorporated into various management system standards, including ISO 9001, ISO 45001, ISO 14001, and ISO 27001. The key changes introduced in this amendment impact Clauses 4.1 and 4.2 of the affected standards. Clause 4.1 now requires organizations to consider the "changes in external and internal issues" that may impact their management system, with a specific focus on the effects of climate change. Clause 4.2, on the other hand, mandates that organizations identify the "needs and expectations of interested parties" that are relevant to their management system, including those related to climate change. These changes are effective from the 23rd of February, 2024.
How to implement the new requirements?
It is crucial to understand the implications of these new requirements and how they can be effectively addressed within your organization's management system. The simplest approach will be to incorporate the discussion of climate change impacts and interested stakeholder needs as part of your regular Management Review Meetings or Strategic Planning Meetings. This will enable you to assess the potential risks and opportunities presented by climate change and determine the appropriate actions to be taken. Also note that it is not necessary that your organization will be impacted by climate change or the impact or likelihood of the risk is too low for you to take any action. In such a case, you can document this as part of your management system clearly recording in management review minutes of meetings.
When addressing the ISO Climate Change Amendment, it is essential to consider the specific context of your organization and the management system standards you have implemented.
Let’s discuss a few examples relevant to different ISO standards:
- ISO 9001 (Quality Management System)
In the context of ISO 9001 (Quality Management), your organization may need to evaluate how climate change could affect their ability to consistently provide products and services that meet customer and regulatory requirements.
An example relevant to ISO 9001 could be that climate change may lead to natural disasters which could disrupt the supply chain. Businesses may run the risk of delayed raw material supplies which may impact the delivery of the products and services to the customer. This should be identified as an external issue while determining the context of the organization. This should also be identified as a risk and adequate controls should be implemented to mitigate this risk. An example could include researching an alternative supplier and putting a contingency plan in place.
- ISO 45001 (Occupational Health and Safety Management System)
Similarly, in the case of ISO 45001 (Occupational Health and Safety), you may need to assess the impact of climate change on the health and safety of your employees, particularly in the event of extreme weather events. As climate changes, temperatures are increasing around the globe. This could become a hazardous condition for the employees who work outdoors in extreme heat or in physically demanding jobs. The employees (interested parties) would expect adequate arrangements in the workplace for managing heat-related illnesses, such as heat stroke and exhaustion. This shall be identified as a “need and expectation of the interested party” and a hazardous condition requiring risk planning. Appropriate actions shall be taken to address this risk as part of the organization’s management system. Some examples of the actions could include the provision of weather appropriate Personal Protective Equipment (PPE), access to water and cool spaces and preparedness for emergencies.
- ISO 14001 (Environmental Management System)
ISO 14001 deals with the need to adapt to any change in environmental conditions, including those resulting from climate change. Apart from risks flowing down from the context of the organization, the Environmental Management System (EMS) requires that the organizations also understand greenhouse gas emissions-related environmental aspects and compliance obligations. Risk mitigation shall be planned in these areas which could include risks of failing to meet reduction objectives, risk of interested parties' demands or risk of not meeting the regulations. The organization shall identify methods to adapt to climate change by understanding how environmental conditions affect them and what risks can be posed due to these environmental conditions. Some examples of risks include a water shortage, flooding and solid erosion. The risks could also be related to the organizations’ activities and some examples could include resource shortages or supply chain disruptions.
- ISO 27001 (Information security management System)
ISO 27001-related internal and external issues may include infrastructure vulnerability, workforce unavailability due to extreme climatic conditions or a vendor dependency who may be impacted by climate change. Some examples of risks involved include damage to the infrastructure, supply-chain disruption and power outages (which would then lead to issues with data integrity and availability). Appropriate controls should be put in place to ensure the availability of infrastructure, networks and data that may be disrupted due to climate change-related conditions.
By proactively addressing the ISO Climate Change Amendment, small and medium-sized businesses can not only ensure compliance with the updated standards but also position themselves as responsible and forward-thinking organizations. This can lead to enhanced stakeholder trust, improved operational resilience, and ultimately, a stronger competitive advantage in the marketplace.