Climate change reaches management standards

Consequences of climate change reach ISO management system standards - re-evaluating the risks

This brief requirement currently has the status of a supplement and will be integrated into Clause 4.1 (context of the organization). It reads as follows: The organization shall determine whether climate change is a relevant issue [for their management system]. A note supplements the requirement in Clause 4.2 (Needs and expectations of interested parties): Relevant interested parties can have requirements related to climate change.

New requirement with immediate effect

The requirement and note have been valid since their publication. Still, they will only be included in the new "Harmonized Structure" base text, which will gradually replace the previous High-Level Structure in revisions or new publications. This affects 32 ISO management system standards, including ISO 9001, ISO 14001, ISO 27001, ISO 45001, and ISO 50001.

At the next planned audit (initial, surveillance, or recertification), standard users must expect that the auditor will want to see evidence of the assessment of climate change risks and possible requirements from interested parties. If relevant, suitable measures must be initiated when designing and implementing the management system. To clarify, the new requirement focuses on measures to combat climate change and adapting to its consequences.

Given the progress of climate change, it is expected that quite a few standard users and their interested parties will be affected by its impact. This is because it affects not only events that are limited in time or locally or regionally, such as floods, storms, or hail but also conditions that are changing more or less gradually, such as increasing average temperatures with ever-higher peaks - with all the negative consequences, e.g., droughts.

For example: ISO 45001

Depending on the ISO management system standard, there are differences in the risk priorities. For example, users of ISO 45001 will have to pay particular attention to the physical stresses that can result for employees from the consequences of climate change, especially when working outdoors. Potential hazards include high temperatures (cardiovascular stress, allergies, etc.), increasing exposure to UV radiation (skin cancer), more frequent storms, heavy rain, hail, thunderstorms (increased risk of emergency situations and accidents), etc. Factors such as psychological stress caused by extreme situations can also have an influence.

These risk factors form the basis for reviewing the risk assessment, which is carried out for all relevant workplaces and with a view to the most important interested parties - above all, the company's own employees. Subsequently, technical, organizational, or personal measures may have to be initiated, for example:

• Shading of outdoor workplaces (awnings, umbrellas, etc.)
• Adjustment of working hours (shift to cooler times of day)
• Use of suitable PPE (personal protective equipment for sun and UV protection)
• Air conditioning of workspaces
• Clear rules of conduct and adaptation of emergency plans to severe weather events
• Protective measures against heavy rainfall (e.g., consideration of roof loads or runoff volumes)

IMS: Each standard with its own risk assessment

In an integrated management system (IMS) or in coexisting management systems, a risk assessment must be carried out for each standard, e.g., quality (ISO 9001), environment (ISO 14001), etc. The focus is on different risk factors in the sense of analyzing risks and opportunities, whereby measures can coincide.

In the area of ISO 9001, this can lead to BCM scenarios. For example, it must be considered that as climate change progresses, production processes and/or supply chains may be interrupted regarding the availability and quality of raw materials (severe weather events, droughts, etc.). Interested parties - e.g., stakeholders - will be interested in ensuring that business operations do not result in a standstill; it will be important to have alternatives at hand, for example, for the supply chain, if the worst comes to the worst.

In this context, reference should be made to the ISO 14091 standard published in 2021, a cross-sector guideline on "Adaptation to climate change — Guidelines on vulnerability, impacts and risk assessment." It contains guidelines for assessing risks associated with climate change's effects. The aim is to make it easier for companies to adapt to climate change, set priorities, and initiate any necessary measures.

Conclusion

The new requirement, in conjunction with the equally new note, is aimed at risks arising from climate change that may affect the effectiveness of the management system or its influence on interested parties - i.e., that are relevant. Since the publication of these amendments, organizations certified according to one or more ISO management system standard(s) are obliged to identify and assess such risks and take appropriate measures if relevant. Due to the different orientations, a risk assessment with a corresponding focus must be carried out for each standard applied. Auditors will check compliance with the requirement in the next scheduled audit.

Julia Frigge is DQS product expert for EHS management systems and a DQS auditor for ISO 45001, SCC, ISO 14001, and ISO 9001, among others. She has several years of experience in integrated management systems and the development of QM, EM, and OHS management systems in the automotive supplier industry. She is a member of the ISO 45001 standardization committee and the SCC program committee.