Clause 9.1.2 of ISO 14001 asks an organisation to evaluate fulfilment of its compliance obligations. In plain English, this means the organisation must check whether it is meeting the environmental legal, customer, contractual and other requirements it has identified — and take action where needed.
Clause 9.1.2 is about checking compliance in a planned and reliable way.
Earlier in the EMS, the organisation identifies its compliance obligations. Clause 9.1.2 asks the organisation to evaluate whether those obligations are actually being fulfilled.
The purpose is to make sure compliance is not assumed.
Evaluation of compliance should help the organisation:
Compliance obligations can carry serious consequences if they are missed.
Poor compliance evaluation can lead to:
Evaluation of compliance gives the organisation a structured way of asking: are we meeting the requirements we said apply to us?
ISO 14001 expects the organisation to establish, implement and maintain processes needed to evaluate fulfilment of its compliance obligations.
The organisation should:
This means the organisation should not simply keep a list of legal requirements. It should actively check whether those requirements are being met.
Evaluation of compliance depends on a good understanding of compliance obligations.
Compliance obligations may include:
If the compliance obligations register is incomplete or poorly understood, the evaluation process will also be weak.
Read the detailed SQMC guide to compliance obligations.
A common mistake is to treat compliance as acceptable simply because the organisation has not been fined, prosecuted or contacted by a regulator.
That is not enough.
Evaluation of compliance should be proactive. The organisation should check whether it is meeting the obligations that apply.
If waste transfer documentation must be retained, the organisation should sample records to check whether they are complete, accurate, available and retained for the required period. Waiting for a regulator to ask for them is not a compliance evaluation strategy.
ISO 14001 expects the organisation to determine how often compliance evaluation will take place.
The frequency should be proportionate to risk and importance.
Some obligations may need frequent checks, such as:
Other obligations may be evaluated less often, such as annual reporting duties, policy commitments or periodic legal register reviews.
The organisation should be able to explain why its evaluation frequency is suitable.
Evaluation of compliance can be carried out in different ways depending on the organisation and the obligation.
Methods may include:
The method should be strong enough to give the organisation confidence in its compliance status.
The organisation should maintain knowledge and understanding of its compliance status.
In practical terms, this means the organisation should know whether it is:
“We think we’re probably fine” is not a strong compliance status. It is a shrug wearing a hard hat.
ISO 14001 expects the organisation to take action if needed.
If a compliance evaluation identifies a gap, the organisation should decide what action is required.
Actions may include:
Serious or recurring compliance issues should normally be escalated to top management and considered during management review.
Where evaluation shows that a compliance obligation is not being met, the organisation should decide what action is needed to achieve compliance. In some cases, this may include communication with a regulator or another relevant party. Not every compliance gap automatically needs to become a formal nonconformity if the EMS identifies and corrects it appropriately, but compliance-related nonconformities still need to be corrected and followed through.
Evaluation of compliance and internal audit are related, but they are not exactly the same.
Evaluation of compliance focuses on whether the organisation is fulfilling its compliance obligations.
Internal audit checks whether the EMS conforms to ISO 14001, conforms to the organisation’s own requirements, and is effectively implemented and maintained.
An internal audit may include compliance-related sampling, but the organisation should still be able to show a planned process for evaluating compliance obligations.
An internal audit may check whether the compliance evaluation process exists and is followed. The compliance evaluation itself may check whether waste records, permit conditions and customer reporting duties are being fulfilled.
Compliance status should feed into management review.
Top management should understand:
Management review should not simply note that “compliance was discussed”. It should record useful decisions and actions where needed.
The organisation should retain documented information as evidence of compliance evaluation results.
Evidence may include:
Records should be clear enough to show what was evaluated, what evidence was checked, what conclusion was reached and what action was taken.
A practical evaluation of compliance process should answer:
The process should be practical, repeatable and specific to the organisation’s real obligations.
Auditors look for evidence that the organisation has evaluated compliance in a planned and meaningful way.
Evidence may include:
Pick one compliance obligation and follow it. How was it identified? How does it apply? What evidence shows it is being fulfilled? When was it last evaluated? What was the compliance status? Were actions needed?
“The organisation reviews environmental legislation annually and has had no enforcement action.”
This is weak because it does not show whether applicable obligations are being fulfilled, what evidence was checked, what compliance status was determined, or what action was taken where needed.
“The organisation evaluates compliance obligations twice per year using a compliance evaluation checklist. Waste, permit, monitoring, customer and contractor requirements are sampled. Each obligation is marked as compliant, partially compliant, non-compliant or not applicable, with evidence recorded and actions raised where gaps are found.”
This is stronger because it shows a planned process, evidence, compliance status and action.
A site generates several waste streams and must ensure waste is properly classified, stored, transferred and documented.
Evaluation of compliance may involve:
An auditor could test this by selecting recent waste movements and checking whether records support the organisation’s compliance status.
A customer contract requires an organisation to provide annual environmental performance data.
Evaluation of compliance may involve checking:
This shows that evaluation of compliance is not limited to legislation. It can include requirements the organisation has agreed to meet.
This page is part of SQMC’s ISO 14001:2026 guidance library for auditors, managers and QHSE professionals.
SQMC’s ISO 14001 Internal Auditor course helps you move from understanding the Standard to auditing it with confidence. Over two practical days, you’ll learn how to plan EMS audits, gather evidence, ask better questions, write nonconformities and report findings clearly.
Learn from anywhere in our Virtual Classroom, attend one of our training centres, or arrange private in-company training for your team.
Find out more and get qualified!