Changes in ISO documentation

ISO/IAF has announced an amendment to almost all management system standards at very short notice with a clarification that must be implemented immediately. Since, contrary to normal practice, this should be taken into account during inspections immediately, we are providing you with the first information with this email. Additional information on the application of a particular scheme will be provided by the scheme managers as soon as possible within ExEx and by adapting templates of documents such as the audit report.

The background to this amendment is that the International Organization for Standardization (ISO) wants to play an active role in the fight against climate change within the framework of the so-called London Declaration (09/2021), so that in addition to standardization activities with a clear climate reference, all other activities must also be aligned with this goal.

For this reason, most of the management system standards were supplemented by Amendment 1 in February 2024. There is now a specific reference to climate change mitigation and adaptation that must be addressed by certified organizations. This includes standards such as ISO 9001, ISO 14001, ISO 45001, ISO 50001, ISO 22000, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO 28000, ISO 37001, etc.

Content of the amendment:
For all amended standards, references to climate change have been included in sections 4.1 and 4.2 of the HLS:
- Section 4.1: Organizations shall now consider whether climate change is a relevant issue as part of the contextual assessment: "The organization shall determine whether climate change is a relevant issue".
- Section 4.2: Organizations are now expected to consider stakeholder requirements in relation to climate change: "Note: Relevant stakeholders may have requirements related to climate change."

What do our clients need to do?
ISO-certified organizations should include climate change in their analysis of the business context (section 4.1), as well as the question of whether stakeholders have climate change-related requirements (section 4.2). If climate change is considered relevant, the management system should be aligned with the resulting requirements so that it can fulfill its objectives.
It should be noted that relevant climate issues can arise from both the need for mitigation measures (e.g. in the context of energy conservation or decarbonization) and the need to adapt to climate change (e.g. the impact of extreme weather events on locations and supply chains). The question is: to what extent is climate change affecting the company/governance system and its governance system and, conversely, what is the impact of climate change on the company/governance system?
The perspective will differ depending on the management system standard, so the expected topics and impacts (e.g., in an environmental management system versus an information security management system) will be different, as they are aimed at different applications and purposes. The impact will also vary by geographic location and type of organization in terms of scope, processes, products and services, etc.
There will certainly be a lot of sharing on this in the near future, e.g. in the next experience exchange or through additional information from individual scheme leaders. Please find attached an Excel file with some first ideas on the most common standards. For the different standards (e.g. ISO 45001, ISO 14001), ISO is planning to develop new documents on the subject. However, this should not lead to ignoring Amendment 1 while waiting for all possible issues to be clarified.

Impact on auditing and certification
According to the IAF, the amendments are not new requirements, but rather a clarification of an existing requirement. Thus, no new certificates need to be issued (the date of publication of the standard remains unchanged) and there is no transition period. On the other hand, this means that it should be applied immediately, i.e. from now on during every audit.

Depending on the severity of the impact on the effectiveness of the management system and given the short-term nature of the change, it may be necessary to identify a non-compliance if:
- The client did not assess at all in the contextual analysis whether climate change is a relevant issue or whether stakeholders have climate-related concerns.
- The client decided that climate change was relevant, but the management system was not set up accordingly.
- The client has decided that climate change is not relevant, but the decision-making process has been ineffective (e.g., with the wrong outcome, e.g., if climate relevance is obvious but not taken into account, e.g., ISO 14001 certification of a steel mill).


    © 2023 MNC Group
    • Oleksandr Smyrnov, Director of MNC Group
    • Address: Ukraine, Kharkov, Nauki avenue, 60