New ISO requirements:
Climate change becomes the focus of management system standards
Background
The International Organization for Standardization (ISO) and the International Accreditation Forum (IAF) recognized some time ago that the climate crisis and its effects present many major challenges. Unforeseen weather events and rising temperatures have a direct impact on the safety and health of people in general and employees in particular, which subsequently leads to changes in working conditions. This in turn has a direct impact on supply chains, damages or affects production facilities under certain circumstances and has an impact on productivity and product quality in every sense.
As a result, ISO and IAF published a joint communiqué two months ago, on February 22nd, 2024. This presented the measures – already announced in the so-called 'London Declaration' – on how the most important and relevant management system standards should address climate change issues. These requirements have been valid since February 23rd, 2024.
New requirements
This communiqué sets out changes to ensure that companies and organizations address these issues. These changes are anchored in chapters 4.1 - Understanding the organization and its context and 4.2 - Understanding the needs and expectations of interested parties and are as follows:
- Kapitel 4.1 Added: ‘The organization shall determine whether climate change is a relevant issue.’
- Kapitel 4.2 Added: ‘NOTE: Relevant interested parties can have requirements related to climate change.’
The aim of ISO and IAF is to ensure that, in addition to the topics already covered, organizations also address the issues of climate change and the resulting impacts that arise for them. Anchoring these topics in context symbolizes the holistic nature of the approach for the organization, as the requirements can, should and must be taken into account in all other aspects of the standard on this basis (see also the "What happens next" section in this article).
Effects on organizations
For certified companies, nothing will change as the certificates (as previously issued) will remain valid. The new requirements will be reviewed by auditors in the respective audits.
However, certified companies must ensure that they address the issue of climate change and the resulting challenges by addressing the issues (as defined above) in context and taking into account the requirements of interested parties accordingly. Based on these findings, the organization must define measures that are deemed appropriate. As with most other topics, the risk-based approach applies here.
What happens next?
These requirements are included in all type A management system standards (certifiable standards) and subsequently included in the harmonized structure of Appendix 2 of Annex SL.
Subsequently, the Auditing Practices Group, an informal ISO group consisting of experts, auditors and users, has issued guidance on how these topics can be queried as examples in an ISO 9001 audit. This guidance can serve as a basis for organizations to query and anchor the above-mentioned topics for themselves.
How does Quality Austria provide support?
Our qualityaustria auditors are prepared to deal with the relevant issues in the audits and to consider and query them in an integrated manner. If you have any further questions, please contact us or your responsible auditor.
Affected standards
According to the above-mentioned communiqué, the following standards are currently directly affected:
- ISO 14298:2021 Graphic technology — Management of security printing processes
- ISO 16000-40:2019 Indoor air — Part 40: Indoor air quality management system
- ISO 22163:2023 Railway applications — Railway quality management system - ISO 9001:2015 and specific requirements for application in the railway sector
- ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements
- ISO 28000:2022 Security and resilience — Security management systems — Requirements
- ISO 29001:2020 Petroleum, petrochemical and natural gas industries — Sector-specific quality management systems — Requirements for product and service supply organizations
- ISO 30301:2019 Information and documentation — Management systems for records — Requirements
- ISO 34101-1:2019 Sustainable and traceable cocoa — Part 1: Requirements for cocoa sustainability management systems
- ISO 35001:2019 Biorisk management for laboratories and other related organisations
- ISO 37301:2021 Compliance management systems — Requirements with guidance for use
- ISO 46001:2019 Water efficiency management systems — Requirements with guidance for use
- ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
- ISO 21401:2018 Tourism and related services — Sustainability management system for accommodation establishments — Requirements
- ISO 30401:2018 Knowledge managemhttps://www.qualityaustria.com/en/product-groups/information-security/iso-iec-27001-information-security/ent systems — Requirements
- ISO 50001:2018 Energy management systems — Requirements with guidance for use
- ISO/IEC 20000-1:2018 Information technology — Service management — Part 1: Service management system requirements
- ISO 19443:2018 Quality management systems — Specific requirements for the application of ISO 9001:2015 by organizations in the supply chain of the nuclear energy sector supplying products and services important to nuclear safety (ITNS)International Organization for Standardization ISO internal ID 4
- ISO/IEC 19770-1:2017 Information technology — IT asset management — Part 1: IT asset management systems — Requirements
- ISO 21001:2018 Educational organizations — Management systems for educational organizations — Requirements with guidance for use
- ISO 37001:2016 Anti-bribery management systems — Requirements with guidance for use
- ISO 41001:2018 Facility management — Management systems — Requirements with guidance for use
- ISO 44001:2017 Collaborative business relationship management systems — Requirements and framework
- ISO 14001:2015 Environmental management systems — Requirements with guidance for use
- ISO 15378:2017 Primary packaging materials for medicinal products — Particular requirements for the application of ISO 9001:2015, with reference to good manufacturing practice (GMP)
- ISO 18788:2015 Management system for private security operations — Requirements with guidance for use
- ISO 21101:2014 Adventure tourism — Safety management systems — Requirements
- ISO 22000:2018 Food safety management systems — Requirements for any organization in the food chain
- ISO 37101:2016 Sustainable development in communities — Management system for sustainable development — Requirements with guidance for use
- ISO 39001:2012 Road traffic safety (RTS) management systems — Requirements with guidance for use
- ISO 45001:2018 Occupational health and safety management systems — Requirements with guidance for use
- ISO 9001:2015 Quality management systems — Requirements