Book a free consultation

Determining OH&S Legal and Other Requirements

Table of Contents

ISO 45001, Clause 6.1.3 - Determining Legal and Other Requirements

Determining Legal and Other Requirements

An often misunderstood clause of ISO 45001 is the requirement for the organisation to comply with Clause 6.1.3 with regard to establishing, implementing and maintaining a process(es) to: 

  • Determine and have access to up-to-date legal requirements and other requirements that are applicable to its hazards, OH&S risks and OH&S management system; 
  • Determine how the legal and other requirements apply to the organisation, and what needs to be communicated; and 
  • Take these requirements into account when establishing, implementing, maintaining and continually improving its OH&S management system. 

When reviewing an organisation’s practices in this regard, it’s quite common to find a high-level process that commits the organisation to identifying and complying with legal and other requirements, though then ends with the production of a legal register which may be reviewed on an annual basis to identify if anything in the register has changed.  

What is often missing in this exercise is how the organisation: 

  • Ensures that all relevant legal and “other” requirements have been identified; 
  • Defines the context in which the legal and other requirements relate to the organisation’s operations; 
  • Outlines what processes and controls are in place to comply with legal and other requirements; 
  • Defines processes, roles and responsibilities for evaluating compliance with legal and other requirements (per Clause 9.1.2). 

Tips for Determining Legal and Other Requirements

I’m a big believer in the KISS principle (Keep It Simple Stupid), so it’s important that this element of an ISO 45001 Occupational Health and Safety Management System is approached in a way that is fit-for-purpose, and provides the necessary information to support your people. Some tips if you’re developing your Safety Management System: 

  • Identifying Requirements: Take the time to identify all relevant legal and other requirements that may pertain to your organisation. 
    • Annex A.6.1.3 of ISO 45001 provides examples of what to consider here, and will help you to get started. 
  • Documenting Requirements: Document how these requirements relate to your organisation and operations. 
    • Though there’s no requirement in ISO 45001 for a Legal Register, this is common practice as it is an easy way for the organisation to list and classify requirements in terms of their applicability (i.e. directly or indirectly applicable to operations), review frequency, and to capture a range of other meta-related information such as jurisdiction, compliance source type (e.g. legislation, agreements, contracts, permits, etc.). 
    • Documenting the applicability of legal and other sources can be a relatively easy exercise, as for some just a brief statement may suffice. 
    • For compliance sources that have substantial impact on the business (such as the core Work Health and Safety Act and Regulations), consider a deep dive review of the applicability of various sections, as some sections will be applicable while others won’t.  
ISO 45001 Legal Register (Example)
Legal Register (Example)
  • Access to Legal and Other Requirements: Where compliance sources are freely available from their source (e.g. regulator website), avoid relying on the use of downloaded copies.
    • Rather, provide a link in your Legal Register to the compliance source, ensuring that the most recent version is being accessed. 
    • This serves two purposes; (1) provides a basis for your people to go straight to the source if needed, and (2) provides the ability for links to these sources to be reviewed on a regular basis – if the link is broken it’s a pretty good indicator that something has been changed. 
    • If you choose to download compliance sources to your document management system, this will require you to regularly check that these are still current, and haven’t been superseded. 
    • Consider legal or other requirements that are confidential in nature, and determine how these will be maintained and made available to relevant persons.
  • Changes to Legal and Other Requirements: Consider how you’ll identify and capture any changes to legal and other requirements, and how they impact on your organisation.
    • You may decide to maintain a Register of Changes within your Legal Register, capturing the impact that changes have on your operations, and how you’ll address these (including communication with internal and external interested parties). 
ISO 45001 - Legal Compliance Source Assessment
Deep Dive Compliance Assessment

Naturally the course of action taken in one organisation will be different to that of others. Impacts will include the size of your organisation, the complexity and division of operations, and geographical spread will impact how you approach this exercise.  

An experienced ISO 45001 consultant can help you with the heavy lifting for this clause, so contact us to learn more about how DBell Consulting can assist you with managing your compliance requirements. 

Share the Post:
Related Posts
total fire ban and hot work
Total Fire Bans and Hot Work

A Total Fire Ban (TFB) is declared on days when fires are most likely to threaten lives and property. This is because of predicted extreme fire weather or when there are already widespread fires and firefighting resources are stretched.

Read More