Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO Climate Change Amendments – What Do They Mean?

 

It’s generally accepted now that man-made climate change is an issue (although in some quarters the debate still rages) and in the last few weeks ISO has taken steps to include it explicitly within the text of its most popular management system standards. On 23 February 2024 ISO published a set of “Climate Action Amendments” which make very slight changes to the standards to support a commitment made by ISO back in 2021 called the “London Declaration”. You could be forgiven for hoping that climate change itself proceeds at the same glacial pace as the ISO publication process.

Document showing "ISO Climate Change Amendments" on green background

What Are the Changes?

The changes are essentially amendments to the Annex SL text, which is used for all such management system standards, so as well as affecting current standards they will also appear in all future standards (in fact the new ISO42001 AI standard already has them).

There are two changes:

  1. A new sentence is added to Clause 4.1 (Understanding the organization and its context) that says:

“The organization shall determine whether climate change is a relevant issue.”

  1. A new note is added to Clause 4.2 (Understanding the needs and expectations of interested parties) that says:

“NOTE: Relevant interested parties can have requirements related to climate change.”

The Joint Communique from the IAF (International Accreditation Forum) and ISO makes it clear firstly that notes are not requirements anyway and also that there is already a requirement to consider internal and external issues within the existing text of the standards, so they are hoping that certified organizations have already thought about climate change. But if they haven’t, then now it’s an explicit requirement to do so.

Note however that the new requirement doesn’t obligate the organization to actually do anything about climate change, just to consider its impacts.

What Needs to be Done?

If your organization is certified or is working towards certification then you will need to ensure that you consider what the impact of climate change could be on your management system and its ability to achieve its intended results. This might lead to some more interested parties being identified perhaps (such as local environmental groups or the United Nations) and additional risks being added to your risk assessment, as well as a reconsideration of the likelihood of some existing ones.

The United Nations identifies the following possible effects of climate change:

  • Hotter temperatures
  • More severe storms
  • Increased drought
  • A warming, rising ocean
  • Loss of species
  • Not enough food
  • More health risks
  • Poverty and displacement

For most organizations it’s probably not hard to think of potential impacts on the management system (be it quality, environmental, business continuity or information security and privacy) if even one of these effects came to pass.

If you decide to take it further, there is an existing standard that deals with this topic at length – ISO 14090:2019 Adaptation to climate change — Principles, requirements and guidelines.

Is This a New Version of the Standard?

These changes are minor so they have been issued by ISO in the form of a set of amendments which can be downloaded free of charge from the ISO website. Don’t expect much however, they are very brief and simply state what the changes are.

So the versions of the current standards stay the same for now, for example ISO9001:2015, ISO/IEC 27001:2022 and ISO14001:2015, and they won’t be republished with the amendments included until a whole new version comes out.

How Long Will We Get to Do This?

We haven’t seen any announcements from certification bodies such as BSI on this yet, so the assumption is that the new requirement will take effect at your next scheduled surveillance audit, or at your certification audit if that hasn’t happened yet. If that is soon we would be surprised if a certification auditor would raise a nonconformity for not having addressed this requirement, but it will certainly be mentioned and looked at next time.

Will Certikit Be Updating its Toolkits?

We will be updating our Enhanced Gap Assessments to include the additional wording as soon as possible, and the new requirement will be incorporated in each of our Toolkits at their next scheduled update.

In Summary

Unless we humans do something drastic about it (which is not looking likely) then climate change will be here to stay and at least these minor changes from ISO are a very small step in the right direction. For a certified organization (or one working towards it) the changes are not big, but hopefully they will stimulate more discussion about an issue that has the potential to affect all of us.

 

Written by Ken Holmes, CertiKit’s Managing Director and Lead Toolkit Creator. Ken is a CISSP-qualified security and data protection specialist who also holds the internationally-recognised Certified Information Privacy Professional – Europe (CIPP/E).


How can CertiKit help with your ISO Implementation?

CertiKit’s ISO Toolkits and ISO Services are available help you understand and implement your chosen ISO standard(s). The toolkits include easy to understand templates and guides, plus a perpetual licence with ongoing updates and support, so you’ve got help whenever you need it.

Click the links to find out more the ISO Toolkits and ISO Services.

We’ve helped more than 7000 businesses with their compliance

Testimonials

The structure is excellent, clear, precise and easy to digest. The content is professional and the guidance is extremely helpful. I cannot fault it!

HSDC
UK

View all Testimonials