There are many reasons why an organisation may want to implement an effective Information Security Management System (ISMS), and the vast majority choose to proceed to have this independently assessed for ISO 27001 certification to give their stakeholders, customers and employees confidence in their approach....
Legal and other requirements
How to Review your Legal & Other Requirements
Outdated policies and procedures can put an organisation at risk. Old policies may fail to comply with new legislation and regulations. They may not address new systems or technology, which can result in illegal, inconsistent, and inefficient practices.
Organisations in every industry should regularly review and revise their legal and other requirements to stay up to date with legislation, regulations, technology, and industry best practices.
What is a ‘legal and other requirements’?
The legal requirement means any statute, ordinance, code, law, rule, regulation, order or other requirements, standard to procedure enacted, adopted, or applied by and governmental authority, including judicial decisions applying common law or interpreting any other legal requirement.
In short, a legal requirement is anything that a company legally must do. This can be different by industry and company.
As well as legislation, legal requirements can include statutory inspections such as LOLER and PUWER, for example.
Examples of other requirements could be Environmental Permits, Local Authority requirements, Guidance Notes, Codes of Practice and Contractual Obligations such as supplier and client contracts, and service level agreements.
Identifying and understanding the requirements that apply to your organisation can be a lengthy process. Organisations may lack the inhouse experience to identify all legal requirements that apply correctly, and the risk of overlooking a legal requirement can be high – your organisation could be functioning unlawfully by simply overlooking a requirement. The Legal Compliance Manager in Activ is a practical solution for organisations looking to identify, monitor and review their legal requirements. An interactive tick-box questionnaire immediately generates your bespoke legal register, plus the list of applicable legal requirements.
Once identified, you will need to determine if you are compliant with those legal requirements, the built-in legal compliance audit provides you with the tools to both evaluate and demonstrate evidence of compliance.
The Legal Compliance Manager provides a simple workflow form that guides you through evaluating compliance, recording the results, compiling your legal compliance audit report, and also includes an option to manage any corrective actions. As well as this, the software will keep you up to date with all relevant updates to legislation, ensuring that you can stay on top of any changes which will impact your legal compliance.
Let’s take a look at the process of reviewing your legal and other requirements.
The process to Review your Legal & Other Requirements
Step 1: Form a review team of relevant managers
Step 2: Identify the legal and other requirements that apply to your company.
Step 3: Review these requirements to determine if you are compliant or not
Step 4: Manage and Monitor
Form a team
To actively identify any relevant mandatory and voluntary legal and other requirements. This team should represent your whole business –Including those responsible for Health, Safety, Environmental, Information Security, Energy, Finance and Human Resources. Some businesses choose to use an independent advisor, such as an ISO consultant, to help them identify their other legal requirements specifically – Legal & Other Requirements.
You will need to go through all requirements and identify which apply to your company. A few that you should consider are:
- Best practice
- Local or Shire bylaws
- Environment measuring
- Internal measurement
As mentioned above, the Legal Compliance Manager is a powerful tool Which will assist you in compiling your Legal Register and managing your ISO legal compliance. Using a software tool such as Activ’s Legal Compliance Manager can remove hours, if not days, from a manual ISO legal compliance process.
In addition to the Legal Compliance Manager, Activ’s Agreements Manager provides a simple, systematic way to catalogue, manage and assess compliance against the ‘other requirements’ that an organisation is committed to, such as contracts, service level agreements and codes of practice. It can be used as a standalone tool, or in combination with the Legal Compliance Manager module, for comprehensive management of an organisation’s Legal and Other Requirements.
Once legislation and legal requirements have been identified, a review of compliance should be conducted. This is normally in the form of an audit, with any corrective actions clearly identified and resolved as required.
Let us take a Health & Safety Manager, for example. All organisations are required by UK Law to have access to competent health and safety advice. It is important that the H&S Manager reviews applicable safety-related and other relevant legal requirements. Maintaining the workplace and any equipment so that it is safe and works efficiently is a vital part of being an employer. When reviewing safety-related legal requirements, the H&S manager may:
- Describe how the legal requirements apply
- Describe what controls are in place to manage the requirement
- Describe what controls are in place to mitigate the related health and safety hazard
- Determine the level of compliance in respect of all the identified requirements from all the applicable legislation they apply to:
- Procedural requirements
- Operational requirements
- Monitoring requirements
- Conduct detailed risk assessments and determine their risk level. All risk-control methods must take the relevant legal requirements into account.
Throughout the review process, employers should identify areas for improvement and potential weaknesses with the organisations. Activ software has modules specifically designed to assist those responsible for legal compliance to define problems and identify root causes systematically. The Improvement Log enables the team to stay up to date, assign actions, track progress, and confirm that solutions have been effective.
Manage and Monitor
Once the legal register is in place, it is important to monitor compliance via regular audits. Still, also organisations will need to stay up to date with any changes to legislation which may impact their legal compliance.
Activ’s Legal Compliance manager includes notifications of all relevant changes to legislation and provides clear instructions as to whether or not these changes will impact on compliance. The unique updates function only sends out updates when they are relevant, therefore removing the need to trawl through irrelevant updates.
During external audits, organisations may be asked to provide evidence of their legal compliance and corrective action activities, for those using the software tools within Activ, all of this information is available at the click of a button and organised into comprehensive PDF reports.
Implications of non-compliance
Identifying all legal requirements which apply to an organisation can be a lengthy and daunting process. Busy managers may not have the time or scope to identify all the relevant requirements, making it easy to miss an important requirement, essentially making them non-compliant.
Some may lack the in-house legal expertise to understand requirements and the review process.
Others may not have a mechanism for staying up to date with legislation changes, or that mechanism may be time-consuming or ineffective.
These are some of the main reasons why organisations may not remain compliant with regulations or overlook them completely. What implications will this have?
- Major non-conformities may be issued by certification bodies, which could ultimately result in certification being lost
- Client, stakeholder or investor relationships may be impacted
- Legal action may be taken against the organisation
- Business reputation may be damaged
Activ can help!
In addition to the Legal Compliance Manager, Improvement Log, and Agreement Manager, Activ provides a wide range of software tools that make monitoring and controlling compliance, assigning responsibilities and tracking corrective actions simple and effective.
If you’re interested in streamlining your legal and other requirements processes with Activ, please book a demonstration to see how the software can help you to improve your processes and remain compliant.
Our webinar, introducing Activ’s Legal Compliance Manager, will provide a useful overview of how this proprietary tool can help you to manage your ISO Legal Compliance
Using Activ’s ISO Legal Compliance Manager, Activ Comply, to manage ISO Legal Compliance – December 2nd, 10 am – Register Here
If you would like to speak to Activ directly to explore our solutions, you can contact us on 0333 301 9001 or email us at firstname.lastname@example.org.