An audit is an evidence gathering process.
Evidence is used to evaluate
how well audit criteria are being
met. Audits must be objective, impartial,
independent, and the audit process must be both systematic and
documented. Audits can be either internal or external.
Internal audits are referred to as first-party audits while
can be either second or third party. They can also
be combined audits
(when two or more management systems of
different disciplines are
audited together at the same time).
Audit evidence includes records, factual
statements, and other verifiable
information that is related to the
audit criteria being used.
may be thought
of as a reference point and include policies, requirements,
other forms of documented
information. They are compared against
audit evidence to determine how well they are being met. Audit
is used to determine how well policies are being
implemented and how
well requirements are being followed.
Competence means being able to
apply knowledge and skill
intended results. Being competent means having the
knowledge and skill that you need and knowing how to apply it.
means that you’re qualified to do the job.
A compliance obligation
is a requirement. There are two kinds
of compliance obligations: mandatory
compliance obligations and
voluntary compliance obligations.
Mandatory compliance obligations
include laws and
regulations while voluntary compliance
include contractual commitments, community and
ethical codes of
conduct, and good governance guidelines. A voluntary
becomes mandatory once you decide to comply with it.
To conform means to meet a requirement (or a
Since there are many kinds of
requirements, conformity can take many
forms. You can
conform (or comply) with mandatory
laws and regulations or with voluntary
requirements such as contracts,
agreements, codes, and standards.
In the context of environmental
management, you can conform
(or comply) with (or to) the
ISO 14001 requirements (or obligations)
and to any additional
environmental management requirements
(or obligations) that your
organization establishes for itself.
An organization’s context is its business
environment. It includes
all of the issues, factors, and
conditions that could influence or be
influenced by an organization's
The new ISO 14001 standard now expects you to understand
your external context and your internal context when you
This means that you need to identify and understand the
issues and the external
environmental conditions that could
influence your organization's EMS and the results that it
achieve. It also means that you need to identify and
internal issues and internal environmental
conditions that could
influence your EMS and the results it
intends to achieve.
In the context of this EMS standard,
continual improvement is a set of
activities that organizations use to enhance their environmental
performance. Environmental performance is
enhanced whenever the
environmental aspects of activities,
processes, products, services, and
systems are controlled and
whenever adverse environmental impacts
are reduced and beneficial
environmental impacts are produced.
Corrective actions are steps that are taken to
by eliminating the cause or causes of an
The corrective action process tries to
make sure that existing
nonconformities don’t happen again.
The term documented information
refers to information that
must be controlled
and maintained and its supporting medium.
can be in any format and on any medium
and can come from any
Documented information includes information about
management system and
related processes. It
also includes all the
information that organizations need to
operate and all the information
that they use to document the
results that they achieve (aka records).
Effectiveness refers to the degree to which a
planned effect is achieved.
Planned activities are effective if
these activities are actually carried out
and planned results are
effective if these results are actually achieved.
The term environment refers to an organization’s
natural and human
surroundings. An organization’s environment
extends from within the
itself to the global system, and includes air, water, land,
and fauna (including people), and natural resources of all kinds.
An environmental aspect is an element or
characteristic of an activity,
product, or service that interacts
or can interact with the environment.
aspects can cause
impacts. They can
have either beneficial impacts
or adverse impacts and can have a
direct and decisive impact on the
environment or contribute only
partially or indirectly to a larger
are states or characteristics of the
environment at a particular point in time.
ISO 14001 expects you to
identify the environmental conditions that are capable of affecting or
being affected by your organization and to figure out what you
to do to prevent or reduce the risk
that these conditions could
adversely affect its environmental
An environmental impact
is a change to the environment that is
caused either partly
or entirely by one or more
An environmental aspect can have either
a direct and decisive impact
on the environment or contribute only
partially or indirectly to a larger
environmental change. In
addition, it can have either a beneficial
environmental impact or
an adverse environmental impact.
An environmental management
system (EMS) is one part of a larger
management system and is a set
of interrelated or interacting elements
that organizations use to implement their environmental policy, to
their environmental objectives, to meet their environmental
obligations, to manage
their environmental aspects, and
their environmental risks and
These elements include structures, programs,
practices, plans, rules, roles, regulations,
contracts, agreements, documents,
records, methods, tools, techniques,
technologies, and resources.
An environmental objective is an environmental
result your organization
intends to achieve. Your organization’s
environmental objectives should
be based on or derived from its
environmental policy and must be
consistent with this policy.
The term environmental performance refers to the
results that are achieved whenever the
activities, processes, products, services,
systems, and organizations
are managed and controlled.
Environmental performance is improved
environmental aspects of activities, processes, products,
systems, and organizations are managed and controlled and
impacts are reduced and beneficial
environmental impacts are
produced. You can measure environmental
using indicators to compare environmental results
environmental objectives and environmental policies
A policy is a commitment, direction, or intention
and is formally stated
by the top management of an organization.
An environmental policy
should make a commitment to
protect the environment, to meet all
obligations, and to enhance environmental
An indicator is a “measurable representation”. It
is used to indicate
or measure the status or condition of an
operation or an activity. In
the context of this standard,
indicators can be used to
environmental performance. They can be
used to measure
how much success you’ve had and how much progress
relative to the environmental
objectives you wish to achieve and the
you wish to implement. Indicators can also be
monitor trends and to support decision making.
In general, an interested party is any person,
group, or organization who
can affect, be affected by, or believe
that they are affected by a decision
or activity. In the context
of this ISO 14001 standard, an interested party
who can affect, be affected by, or believe
that they are
affected by the
environmental performance of an organization.
In the context of this standard, the term
life cycle refers to the
consecutive and interlinked stages of a product system from the
acquisition of raw materials to end-of-life disposal. The
product system includes all associated
and services and
may include procured goods and services as
well as end-of-life
treatment, decommissioning, and disposal.
A management system is a set of interrelated or
that organizations use
to formulate policies and objectives and
establish the processes that are
needed to ensure that policies are
and objectives are
programs, procedures, practices, plans,
responsibilities, relationships, contracts, agreements,
records, methods, tools,
techniques, technologies, and resources.
There are many types of management systems. Some of these
environmental management systems, financial management
risk management systems,
continuity management systems,
food safety management
information security management
systems, occupational health and
management systems, compliance management systems,
emergency management systems.
Measurement is a
process that is used to determine a value.
To monitor means to determine the status of an
activity, process, or
system at different stages or at different
times. In order to determine
status, you may need to supervise and
to continually observe and
check the activity, process, or system
that is being monitored.
Nonconformity refers to the
“non-fulfilment of a requirement”.
When an organization
fails to meet a requirement, a nonconformity
Since there are many kinds of requirements, nonconformity
many forms. You can fail to conform (or fail to comply) with
mandatory requirements like laws and regulations or with voluntary
requirements such as contracts, agreements, codes, and standards.
An objective is a result you intend to achieve.
Objectives can be strategic,
tactical, or operational and
can apply to an organization as a whole or to
a system, process,
project, product, or service. Objectives may also be
referred to as targets, aims, goals, or intended outcomes.
An organization can be a single person or a group
that achieves its
objectives by using
its own functions, responsibilities, authorities,
relationships. It can be a company, corporation, enterprise, firm,
partnership, charity, or institution and can be
either incorporated or
unincorporated and be either
privately or publicly owned. It can also
be an operating unit that
is part of a larger entity.
When an organization makes an
arrangement with an outside
organization to perform part of a function
or process, it is referred
outsourcing. To outsource means to ask an external
to perform part of a function or process normally done
the outsourced organization is beyond the scope of
your EMS, the
outsourced process or function itself may fall within
According to ISO, the term performance refers to
a measurable result.
It refers to the measurable results
that activities, processes, products,
services, systems and
organizations are able to achieve. So whenever
services, systems, or organizations perform well
it means that
acceptable results are being achieved.
To prevent pollution means to avoid, reduce, or
control the creation,
emission, or discharge of contaminants or
waste materials. Pollution
must be prevented in order to reduce
adverse environmental impacts.
Organizations use a wide variety of methods,
processes, products, and services to
prevent pollution. These include
the reduction or elimination of
pollution at the source; the efficient use
materials, and energy; the reuse, recovery, reclamation,
recycling of resources; the
redesign of processes, products,
services; and the substitution of one type of energy source
substance for another cleaner energy source or substance.
A procedure is a way of carrying out a process or
Procedures may or may not be documented.
A process is a set of activities that are
interrelated or that interact
with one another. They transform
inputs into outputs. Processes
are interconnected because the
output from one process often
becomes the input for another
A requirement is a need, expectation, or
obligation. It can be stated or
by an organization, its customers, or other interested parties.
specified requirement is one that has been stated (in a
example), whereas an implied requirement is a
need, expectation, or
obligation that is common practice or
According to ISO 31000 2009, risk is the
“effect of uncertainty”
an effect is a positive or negative deviation from what
Risk is often expressed as a combination of two
and consequences. It asks
two questions: what is the probability that
potential event will occur in the future? And what
would this event produce
or what impact would it have if it occurred?
Uncertainty (or lack of certainty) is a state or
condition that involves
of information and leads to inadequate or incomplete
understanding. In the context of risk management,
uncertainty exists whenever
the knowledge or understanding of
an event, consequence, or
likelihood is inadequate or incomplete.
According to ISO 14001 2015, risks are potential
(or threats) and opportunities are
potential beneficial effects.
The term top management normally refers to the
people at the top of an
organization. It refers to the people who
provide resources and delegate
authority and who coordinate,
direct, and control organizations. However,
if the scope of a
management system covers only part of an organization,
term top management refers, instead, to the people who direct
and control that part of the organization.