Current legal register for QMS documentation (ISO 9001 template)

It is important for certification that you can present an up-to-date legal register. The ISO 9001 template completes the QMS documentation through the “Legal Register” module. In this article we want to look at the need for an ISO 9001 legal register template.

Why do you need a legal cadastre?

The legal register represents a list of all laws and regulations relevant to the company. In addition to the ISO 9001:2015 standard (quality management), ISO 14001:2015 (environment), ISO 27001:2022 and ISO 45001:2018 (occupational health and safety) also require a legal register.

Where does the ISO standard require a legal register?

The ISO 9001:2015, ISO 27001:2013 and ISO 45001:2018 standards require the maintenance of a legal register:

  • According to section 4.3.2, the ISO 9001:2015 standard requires the determination and monitoring of the relevant legal requirements in connection with the company’s products and services.
  • The older ISO 27001:2013 standard already requires the identification of the legal, regulatory and contractual requirements that are relevant to the information security management system (ISMS) due to section 4.2.1b.
  • According to section 4.5.2, ISO 45001:2018 also expects the identification and access control of relevant legal and other requirements that apply to the occupational health and safety management system (HSE-MS).
The phases, costs and requirements are explained in the initial consultation.

How do you create a legal cadastre?

Creating a legal register can be time-consuming. Auditors often notice that the most important laws or regulations are missing from the legal register. This can be remedied quickly, but the resulting gaps in the management system are not so quickly closed. During the project phase, a large number of regulations must be collected. Each regulation could be relevant due to the organization’s activities. In the areas of the environment, occupational safety, health protection and information security, the legal register contains up to 150 different laws, regulations and guidelines. The number of items to be taken into account depends heavily on the industry and the scope of the business activities.

What needs to be considered when creating the legal register for ISO 9001?

In order to deal with every possible position in the legal register, you should take the time to look at the legal details. It makes a lot of sense to deal with the respective laws and regulations in groups. The many legal obligations require that you acquire the necessary content knowledge.

It is not enough to just put together a list of laws and regulations in a “legal register Excel table”. You should provide a commentary on each law or regulation. Auditors from a certification body will demand proof of implementation and continuous monitoring of compliance with the legal obligations during the audit.

Are different legal registers needed for the United Kingdom and Eurozone?

For those operating internationally, the legal register must take into account the laws and regulations of the countries in which they do business. Therefore, an organization operating in the EU Zone should maintain a legal register with all laws and regulations relevant to the 27 member states of the European Union. 

Recommendation: Group the contents of the legal register according to legal areas, such as occupational health and safety, environmental protection or product law. This way you can keep track of the sometimes overwhelming number of regulations.

Are different legal registers needed for Austria, Switzerland and Germany?

If you are targeting a particular region that has very similar characterists, then you can follow a regional strategy. Countries such as Austria, Germany and Switzerland speak German and have similar legal systems. This allows you to set up the legal register listing the laws and regulations of those countries. Therefore, an organization operating in the German speaking region should maintain a legal register with all laws and regulations relevant to Germany, Austria, Switzerland and the European Union. 

Recommendation: Group the contents of the legal register according to legal areas, such as occupational health and safety, environmental protection or product law. This way you can keep track of the sometimes overwhelming number of regulations.

Work Instructions for the Legal Cadastre

The ISO 9001 standard expects organizations to provide clear procedural instructions on how the legal register is to be created and maintained. The continuous monitoring of compliance with legal obligations must also be clearly specified in the procedural instructions.

What does the legal register for ISO 9001 contain?

A template of an ISO 9001 compliant legal register must contain the following information:

  • Title of the legal or regulatory requirement
  • Status of the requirement
  • Abbreviation of the requirement
  • Type (law, requirement, regulation, …)
  • Level of the requirement (European, federal, state, …)
  • Relevant paragraph/section
  • Brief description of the relevant requirement
  • Area affected
  • Person responsible for compliance
  • Compliance status (implemented, partially implemented, not implemented)
  • Evidence of compliance
  • Last review of the requirement
  • Brief description of the change

Summary

A legal register contains a compilation of all relevant legal requirements (laws, regulations, standards and guidelines). The register takes into account the currentness and binding nature of the information. Compliance with legal requirements should thus be monitored and documented more sustainably. The legal register is an important component of an effective compliance program and risk reduction measures.

Related Posts