On February 23, 2024, ISO issued a controversial ↗️ amendment to most its management systems, mandating organizations to assess the impact of climate change.
| Requirement | Amendment |
|---|---|
| 4.1 Understanding the organization and it’s context | (…) The organization shall determine whether climate change is a relevant issue. |
| 4.2 Understanding the needs and expectations of interested parties | (…) Note 2: Relevant interested parties can have requirements related to climate change. |
Impact on the management system
In most cases, climate change will already have been taken into account in your management system, e.g. while addressing risks and opportunities.
The potential impact of climate change will differ on the nature of the management system:
| Management system | Potential impact |
|---|---|
| ISO 27001:2022 | If the scope of the ISMS contains a data center that is located in an area that is susceptible to flood or extreme weather |
| ISO 9001:2015 | If the quality of the products or processes in scope of the QMS would suffer from climate change |
| ISO 14001:2015 | There could be impact, but that would already have been part of the EMS due to the nature of that standard |
| ISO 20000-1:2018 | If one or more services in scope of the SMMS are delivered from a data center in an area susceptible to flood or extreme weather |
| ISO 22301:2019 | If one or more production facilities in scope of the BCMS are located in an area that is susceptible to flood or extreme weather |
| ISO 45001:2018 | If one or more production facilities in scope of the OHSMS are located in an area that is susceptible to flood or extreme weather |
Documentation changes
Even though clauses 4.1 and 4.2 do not require any documented evidence, it may be smart to state somewhere (e.g. in the management review minutes) that “without understating the importance, climate change was deemed to have no effect to the xxx management system”.
Impact on the audit
Although the changes to the standard are not more than a side note, it is generally expected that auditors will draw attention to this fact during your upcoming (re-)certification or surveillance audit.