ISO 14001: Application of International Environmental Management Systems Standards in the United States

Christopher L. Bell

Editors' Summary: After three years of work, the International Organization for Standardization (ISO) has essentially completed its voluntary environmental management systems standard—ISO 14001. This Article reviews the standard's development, summarizes its goals and key elements, and discusses potential approaches to conforming to the standard. Next, the Article analyzes potential domestic applications of the standard in the context of current federal efforts to encourage private compliance-assurance programs. Specifically, the Article focuses on the role of compliance-assurance programs in emerging alternatives to the "command and control" regulatory system and in enforcement-discretion and penalty-mitigation policies. Stressing that compliance with the standard is not the only way to design and implement an environmental management system, the Article concludes that federal guidance should remain consistent with ISO 14001, but that the government should not adopt the standard as law or guidance. The Article also concludes that regulatory applications of ISO 14001 should not be limited to enforcement considerations. Regulators should recognize the standard's potential as a foundation for regulatory reform.

[25 ELR 10678]

The International Organization for Standardization (ISO) is developing a series of wide-ranging international environmental standards to help companies manage, measure, improve, and communicate the environmental aspects of their operations in a systematic way. These standards will influence the design, manufacture, and marketing of products; the selection of raw materials; the type of environmental data that are gathered; and how those data are communicated internally, to governments, or to the public. These standards will have a direct impact on how U.S. companies manage their compliance obligations and should be taken into account by government entities as they develop policies on enforcement discretion, penalty mitigation, and regulatory flexibility.

Overview

The ISO environmental management systems standard, known as ISO 14001,¹ is based on the concept that better environmental performance can be achieved when environmental obligations are systematically identified and managed. ISO 14001 reflects the basic tenets of "total quality management," requiring companies that subscribe to the standard to establish an environmental policy, identify their key environmental issues, set targets and objectives, establish procedures to implement the policy and meet targets and objectives, and adopt training and documentation procedures. Companies seeking to conform to ISO 14001 must also establish programs for internal auditing and periodic management review. They must commit to continual improvement of their environmental management systems, compliance with applicable laws, and pollution prevention.

ISO 14001, which is essentially complete, represents a collaborative effort by experts from around the world to identify the core elements of an effective environmental management system. ISO 14001 is likely to become the leading voluntary environmental management systems standard inside and outside the United States. Members of the international community, including the U.S. ISO delegation, intend that it become one of the key standards against which organizations evaluate their environmental management systems. Ideally, the standard will help companies avoid the complication and expense of measuring their conduct against a variety of potentially conflicting standards.

Failure to conform to ISO 14001 might restrict business opportunities for companies that manufacture or sell products or services abroad. ISO 14001 will also become a domestic standard, affecting even companies that have no foreign operations or sales. The status of companies' conformance to the standard may be a significant factor in government enforcement decisions. Moreover, ISO 14001 has the potential to become an important part of efforts to achieve regulatory reform.

[25 ELR 10679]

ISO Standard Setting

What Is ISO?

ISO was founded in 1946 to promote international standards facilitating the exchange of goods and services. Over 100 countries belong to ISO, with the United States represented by the American National Standards Institute (ANSI). While ISO standards are voluntary, they are sometimes made mandatory by member countries, for example through product requirements. Additionally, there can be commercial pressure to conform to certain standards. Historically, ISO has addressed itself primarily to technical product or manufacturing standards. However, ISO has recently ventured into the broader arena of organizational behavior. This trend began with the establishment of the ISO quality control system standards, known as the ISO 9000 series of standards.

The ISO 9000 Series of Quality Systems Standards

In 1979, ISO responded to interest in the development of global standards for quality control systems used in commercial and industrial settings by beginning development of standards to harmonize different and sometimes conflicting commercial quality standards. The goal was to make it possible for purchasers in the international marketplace to ensure that products they bought were manufactured in accordance with known, verifiable, and accepted methods of controlling the manufacture and distribution of products.

This work resulted in the publication of the ISO 9000 series of standards on quality management and assurance. ISO 9000 establishes comprehensive standards that describe the elements necessary to establish or maintain quality management systems. The ISO 9000 series are systems standards; they do not establish specific quality criteria. Those criteria are established by customers in the market. But ISO 9000 does establish a framework within which companies can systematically identify and meet necessary quality criteria.

Conforming to the ISO 9000 quality standards has quickly become a condition of doing business in many parts of the world. Many firms have found that as a matter of commercial necessity, i.e., customer demand, they must not only have a quality system that meets ISO standards, but also must have their system audited and approved, or "registered," by a third party. Many customers, including some governments, will only purchase from ISO 9000 registered suppliers. Worldwide, almost 100,000 ISO 9000 registrations have been issued—approximately 10,000 in the United States. That number is growing at a rapid pace.

The Beginning of ISO's Work on Environmental Standards

During the development of ISO 9000, ISO began to consider the appropriateness and feasibility of incorporating environmental management systems into overall quality management systems criteria. Many stakeholders were beginning to recognize that, given the increasing complexity of environmental considerations facing companies, "end-of-pipe" pollution control systems might not be the most effective and efficient approach to protecting the environment or complying with applicable legal requirements. Just as managers have come to understand that product quality can be improved if quality objectives and systems are fully integrated into all aspects of a company's operations, there is a growing consensus that environmental protection and compliance can be best achieved if environmental factors are integrated into industrial operations in a systematic way—from design, raw materials selection, manufacture, and sale, to the ultimate disposition or disposal of the product.

In 1991, ISO formed a Strategic Advisory Group on the Environment (SAGE) to examine the need for standardization of environmental management practices. SAGE recommended that an ISO technical committee formally consider and produce final "consensus" standards on the subject. ISO consequently formed Technical Committee 207 in 1993, directing it to establish environmental standards in five areas:

(1) environmental management systems;

(2) environmental auditing;

(3) environmental labeling or claims;

(4) environmental performance evaluation; and

(5) environmental life cycle assessment.

Technical Committee 207 established subcommittees to address each of these sets of production standards.² This Article focuses on the environmental management systems standard, although this is not to discount the importance of the other standards the committee is developing.³

Technical Committee 207 held its first plenary meeting in Toronto in June 1993, attended by over 200 delegates from over 30 countries and nongovernmental organizations. The most recent plenary meeting was held at the end of June 1995 in Oslo, and was attended by over 600 delegates from over 50 countries and a number of nongovernmental organizations.

Technical Committee 207 has 47 "participating" delegations, i.e., delegations with a vote within the committee. Currently, the largest bloc of countries with voting rights is from Europe. In addition to the European delegations, the other delegations that have had a significant influence on the development of the ISO standards include those from the United States and Canada. From the Pacific Rim, Japan, South Korea, Australia, and New Zealand have also been important participants. South Africa fields the primary delegation from Africa. The recent meetings in Oslo also saw the emergence of several South American countries with strong voices. The non-European delegations have brought extensive practical experience and different perspectives to the negotiating table. As a result, the ISO documents differ in some significant respects from similar environmental standards developed in Europe.⁴

[25 ELR 10680]

U.S. Representation in ISO

ANSI, the U.S. representative in ISO, is the national umbrella organization for standard-setting bodies in the United States. ANSI in turn, organizes the U.S. ISO delegation, known as the Technical Advisory Group. ANSI is assisted in the administration of this group by American Society for Testing and Materials and the American Society for Quality Control. The Technical Advisory Group operates on a consensus basis, and any organization or individual is free to participate. The group currently has a membership of almost 500, and includes environmental professionals from industry, consulting firms, and various federal agencies. The U.S. Environmental Protection Agency (EPA) has been a significant participant in the development of U.S. positions that have been brought to the international bargaining table.⁵ Recently, there has been increased interest and input from the environmental community, both at domestic and international levels.

The ISO 14001 Environmental Management Systems Standard

Development of the Standard

Subcommittee One on Environmental Management Systems, which is chaired by the United Kingdom, is developing two environmental management systems standards. ISO 14001, also known as the environmental management systems specifications standard, is the standard to which companies may seek third-party registration if they so desire. The other ISO environmental management systems standard, ISO 14004, is a more general guidance document that is not intended for registration purposes.

After three years of intensive work, both of these documents are at the "draft international standard" phase. This means that the documents are currently being balloted at an international level for acceptance as final standards. The balloting is done by correspondence, and the standards might not become final until late 1996. However, it is generally expected that the final standards will be accepted with few changes from the current drafts.⁶ The United States, through the ANSI balloting procedures, will likely adopt ISO 14001 as our national environmental management systems standard by 1996.

Goals

Following the precedent set by ISO 9000, ISO 14001 does not contain specific environmental performance criteria. Rather, it establishes a management systems framework for addressing criteria set by law and corporate policy. ISO 14001 will assist companies in systematically identifying and managing their environmental obligations in order to operate in a manner that protects human health and the environment and complies with applicable legal requirements.

It is not the function of ISO, a voluntary nongovernmental organization, to establish what the substantive performance obligations of facilities around the world should be. Actual technical environmental compliance or performance obligations are set by the countries within which particular facilities operate. Technical Committee 207 is barred by its mandate from attempting to set such obligations. Indeed, it would be an unacceptable intrusion into national sovereignty for it to do so. Thus, ISO 14001 will not be a "stand alone" document that, by itself, will improve environmental protection or performance. It must be read together with local, state, and federal laws that establish actual compliance obligations. It will, however, provide a comprehensive management platform on which compliance, pollution prevention, and environmental performance activities can take place.

ISO 14001 is the product of over three years of intensive debate by experts from around the world. Consistent with respect for different national approaches to environmental protection, one of the key findings of these international experts was that there was no "one way" to design and implement an environmental management system. Each expert brought his or her own technical and regional experience to the table and, over time, the experts learned from each other that there was usually more than one legitimate way of approaching an environmental issue or designing a particular component of an environmental management system. For example, a decentralized company with many lines of business might approach the design and implementation of an environmental management system in a radically different manner than a highly centralized firm with only a single product line. A number of other factors, such as corporate culture, location, and the industrial sectors in which a company competes, also play an important role in shaping environmental management systems.

Because of the consensus that "one size does not fit all," the ISO 14001 standard identifies the core elements of an environmental management system without providing prescriptive details that may be appropriate in only limited circumstances. The experts agreed that if the standard was too detailed or assumed only a single "best" approach, it would be less likely to be accepted and implemented and therefore would not achievethe intended improvements in environmental protection.

Description of the Standard

ISO 14001 is a comprehensive systems standard that calls for organizations to conduct their environmental affairs within a structured management system that is integrated with overall management activity. This is different from an auditing program, which may provide a useful after-the-fact verification function, but cannot by itself provide an organization with assurance that environmental obligations will be met on an ongoing basis. To conform to ISO 14001, organizations will have to implement an environmental management system that includes the following core elements:

A Senior Management Level Environmental Policy. Organizations must establish a policy that includes commitments [25 ELR 10681] to compliance, pollution prevention, and continual improvement. This policy must be the framework for setting and reviewing objectives and targets. It must be documented, implemented, and communicated to all employees, and it must be made available to the public.

Significant Environmental Aspects. The standard requires organizations to have a procedure in place to identify the key "environmental aspects" associated with their operations, products, and services.⁷ Environmental aspects are those aspects of a company's operations that touch upon the environment. Air emissions, water discharges, and energy or water use, for example, would qualify as environmental aspects. The standard recognizes that although most facilities can measure their outputs to the environment, they typically cannot determine the precise environmental impacts associated with those outputs. Therefore, the standard does not require impact or risk analyses.

For facilities operating in the United States, much of the information needed to identify environmental aspects might be drawn from existing data. Indeed, U.S. facilities must already collect and manage large quantities of environmental information—more than is required by virtually any other country. ISO 14001 does not require facilities to "reinvent the wheel" and recreate all of this information. It is important to note, however, that the scope of ISO 14001 includes products and services; it is not limited to facility operations.

Legal and Other Requirements. The standard requires that organizations have a procedure to identify their legal obligations and any other obligations to which they voluntarily subscribe. Note that this means that companies that voluntarily subscribe to various initiatives, such as the International Chamber of Commerce Business Charter for Sustainable Development,⁸ will—if they seek ISO 14001 registration—need to demonstrate that they are taking those commitments seriously. Relevant employees must have access to this information, and it must be kept up-to-date.

Objectives and Targets. Organizations must set and document quantifiable environmental targets and objectives that take into account legal obligations, significant environmental impacts, the commitment to pollution prevention, and the views of interested parties.

Environmental Management Program. Organizations must establish a program for achieving objectives and targets, including designation of responsibility for achieving them and the time frame within which they will be met. Programs must be revised when necessary to incorporate new activities or products.

Structure and Responsibility. Management must provide adequate resources to implement and control the environmental management system. Further, roles and responsibilities within the environmental management system must be defined and documented, including the role of reporting on the performance of the environmental management system to top management.

Operational Control. Organizations must establish documented procedures to control operations and activities associated with identified significant environmental aspects. These procedures, which include maintenance, must stipulate operating criteria and must cover situations where the lack of procedures could lead to deviations from the organizations' policy or objectives and targets. General aspirational statements encouraging employees to comply with the law are unlikely to be sufficient to satisfy this requirement.

Emergency Preparedness and Response. Organizations must have procedures for identifying and responding to accidents and emergencies. These procedures must periodically be reviewed, particularly after incidents occur, to determine whether revisions are needed. As with certain other elements of ISO 14001, in the United States this requirement might be satisfied by complying with existing state and federal emergency preparedness laws.⁹

Training. Organizations must establish procedures to train their employees about the importance of conforming with the environmental management system; the significant environmental impacts, whether actual or potential, associated with their work; their roles and responsibilities within the environmental management system; and the potential consequences of failure to follow operating procedures. For most U.S. companies, this standard will require going beyond simple compliance with legal mandates for training.

Communication. Procedures for internal communication must be established and must include procedures for receiving, responding to, and documenting relevant communications from interested parties. Relevant environmental procedures and requirements should also be communicated to suppliers and contractors. This standard does not require organizations to publish their environmental management systems, nor does it require the publication of environmental statements or audit reports.

Monitoring, Measurement, Auditing, and Corrective Action. Organizations must have procedures for regularly monitoring and measuring the key characteristics of operations that can have a significant impact on the environment. This must include tracking performance against objectives and targets, as well as evaluating compliance with the law. Regular, comprehensive audits of the environmental management system must also be conducted. Moreover, corrective action procedures must be established and must include delineations of responsibility and authority for handling and investigating nonconformance and for initiating corrective and preventive action. Any changes to procedures resulting from corrective action must be documented.

Management Review. Top management must periodically review the environmental management system to ensure its continuing adequacy and effectiveness. This review, based on all of the information collected by the environmental management [25 ELR 10682] system, must consider changes to the system's policy, objectives, and elements. This is one of the "continual improvement" elements of ISO 14001.

Documentation and Recordkeeping. The core elements of the environmental management system must be documented. A document control system must be maintained to ensure that documents are accessible, current, and periodically reviewed. These procedures must cover environmental records, such as training records and audit results. ISO 14001 is, in part, an information management system, encouraging the vertical and horizontal flow of environmentally relevant information throughout the organization. The standard, however, does not require that every single item and procedure in the environmental management system be documented. Documentation requirements are geared toward enabling the organization to achieve good environmental performance, rather than creating elegant documentation that makes life easier for auditors.

Thus, ISO 14001 provides a framework within which companies can establish and identify their obligations, set their objectives and targets, and create a comprehensive system to achieve those objectives and targets. It encourages companies to raise environmental considerations throughout the organization, integrating environmental issues with normal business operations. This approach enhances a company's ability to operate in an environmentally protective manner and to comply with applicable laws.

ISO 14001 does not focus only on compliance. Organizations must also commit to continually improving their environmental management systems and to pollution prevention. The measurable objectives and targets established by organizations must reflect these commitments. Therefore, while ISO 14001 does not require performance in areas not subject to regulation, it provides a framework within which organizations can set, measure, and achieve performance goals that are not established by law.

Conforming to ISO 14001

A vital element of all ISO standards is that they are voluntary. Therefore, ISO 14001 was drafted in the spirit of creating a document that would help organizations meet their environmental obligations, not to impose prescriptive "command and control" requirements that could be deviated from only at the risk of financial or personal liability. A very different, and much less useful, document would have been produced had the participants believed that regulatory bodies would demand, as a matter of law, conformance to every detail in the standard, or that deviation from the standard would create new liabilities. Since ISO 14001 is a voluntary standard, companies may also draw on their own experiences or other models in designing their environmental management systems.

ISO 14001 does not demand any specific approach to determining conformance with the standard. Organizations may evaluate their own environmental management systems and determine if they conform. Alternatively, organizations may seek third-party registration to ISO 14001. Whether and how an organization chooses to conform to ISO 14001 will be determined by pressures external to ISO itself. The primary pressure will probably be commercial: If the worldwide experience with ISO 9000 is any indication, there will be considerable pressure in certain industrial sectors and regions to obtain third-party registration to ISO 14001. Each organization, however, should evaluate its own commercial and regulatory situation in determining its ISO 14001 strategy. Third-party registration will often not be the best course. A company might fairly decide to use ISO 14001 as a guide, use only relevant parts of the standard, or use an entirely different standard.

Third-party registration to ISO 14001 will require an international conformity assessment infrastructure similar to that already in place for ISO 9000. This infrastructure is relatively simple.

Each country establishes a competent national accreditation body that will administer the conformity assessment process. This entity is typically established by the national standards body. For ISO 9000, the U.S. national accreditation body is the Registrar Accreditation Board, a joint effort of ANSI and the American Society for Quality Control.

The national accreditation body establishes the criteria that will be used to accredit the registration entities, typically consulting firms.

Accredited registration entities then audit organizations against the ISO standard and determine whether the organization conforms to the standard. Under ISO 9000, after an organization has been registered, it undergoes a spot-check every six months, and a full registration audit every three years.

The structure of the ISO 14001 conformity assessment process in the United States has not been settled. ANSI has had discussions with a variety of stakeholders on the issue, however, and the form of the U.S. conformity assessment infrastructure should be apparent by the end of 1995. But even after this infrastructure has been established, third-party registration will not be the only option for companies seeking to conform to ISO 14001.¹⁰

Potential Domestic Regulatory Applications of ISO 14001

Many companies will turn to ISO 14001 as a guide to implementing an environmental management system for the purpose of improving their environmental performance. Others will seek third-party registration either because of customer demand or because of perceived competitive advantages. While these are important applications, this section will focus on the potential relationship between ISO 14001 and regulatory and compliance matters in the United States.

Environmental Management Systems and Regulatory Compliance

There are two major areas of potential application of ISO 14001 in the compliance context in the United States. One is the opportunity to use the ISO 14001 standard as a framework or platform for identifying opportunities for [25 ELR 10683] alternatives to the "command and control" approach to regulation. The other is in the area of enforcement discretion and penalty mitigation. Both are the subject of recent governmental activity.

Relief From "Command and Control Regulation." EPA is now exploring options for using the ISO 14001 standard in conjunction with alternatives to "command and control" in a number of programs. ISO 14001 projects have been included in EPA's "environmental leadership program," which is an initiative EPA launched in 1994 to encourage companies to adopt innovative approaches to improving environmental performance.¹¹ ISO 14001 projects have also been suggested in the context of the "common sense initiative," which is an ambitious effort EPA announced in 1993 to determine how it might streamline and consolidate the regulatory requirements applicable to whole industrial sectors.¹² EPA also is seeking proposals to implement regulatory reform together with ISO 14001 as part of its recently announced "project XL."¹³ Specific program offices at EPA are also considering possible uses of ISO 14001. For example, the Office of Water is considering reductions in permit monitoring and reporting requirements for facilities that demonstrate superior performance and have a third-party registered environmental management system.

The common thread in all of these initiatives is the hope that redundant or unnecessarily burdensome regulatory requirements might be eased for companies that have implemented comprehensive environmental management systems. U.S. environmental regulatory programs typically impose onerous data-collection and recordkeeping requirements, including permit application and modification requirements that can add years to the decisionmaking process. The architects of this "command and control," media-specific approach rarely have been satisfied to set performance-based criteria—which would leave companies flexibility in deciding how to achieve regulatory requirements. Instead, regulations tend to prescribe precisely how performance is to be accomplished. The result is a "one size fits all" set of regulatory requirements that often are not suited to practical, cost-effective application. Even worse, this approach has distracted regulators and the regulated community from bottom-line environmental performance. For these and other reasons, there is a growing perception that "command and control" has begun to reach its limits as an environmental protection strategy.¹⁴

ISO 14001 may serve as a useful foundation for identifying opportunities to provide industry with more flexibility to achieve enhanced environmental performance, while at the same time providing regulators and the public with the confidence that companies are doing the right thing. The comprehensive and systematic approach of ISO 14001 may, for conforming companies, allow regulators to place their emphasis on ultimate performance and be much more flexible about methods for achieving environmental excellence. However, EPA, the states, nongovernmental organizations, and industry are only beginning to explore the potential linkages between ISO 14001 and regulatory flexibility. It remains to be seen whether the standard will spark real progress in this area.

Environmental Management Systems and Civil and Criminal Enforcement. The U.S. government has produced a number of documents addressing compliance-assurance programs in one form or another. One of the first formal government statements regarding management systems came with the Occupational Safety and Health Administration's (OSHA's) "voluntary protection program" in 1982.¹⁵ Under this program, a company may implement an occupational safety and health management system and in exchange receive a reduced enforcement and inspection response from OSHA. OSHA has also promulgated regulations governing the process safety management of "highly hazardous chemicals," including requirements for process safety design, planning, and employee involvement.¹⁶ EPA's first formal foray into the environmental management system arena was its 1986 Audit Policy, setting forth general guidelines for auditing programs.¹⁷ EPA will give positive consideration to companies that implement such programs in its enforcement decisions. EPA recently revised its audit policy, suggesting that companies that promptly disclose and correct noncompliance discovered during the course of audits may, under certain circumstances, qualify for significant penalty mitigation.¹⁸

The U.S. Department of Justice (DOJ) has adopted a similar philosophy, announcing in 1991 that it views self-auditing, self-policing, and voluntary disclosure of environmental violations as "mitigating factors" when deciding between civil or criminal enforcement.¹⁹ EPA issued 1994 guidance on the exercise of investigative discretion that includes reference to the DOJ policy.²⁰ That same year, the U.S. Sentencing Commission issued the Organizational Sentencing Guidelines, which encourage companies [25 ELR 10684] to implement systematic compliance-assurance programs, to report detected violations, and to cooperate affirmatively with government investigators.²¹ Though the Organizational Sentencing Guidelines do not formally apply to companies convicted of environmental crimes, they are nonetheless commonly used by companies as a guide in the development of environmental compliance-assurance programs.

In 1993, the Advisory Working Group on Environmental Offenses transmitted to the Sentencing Commission a package of proposed sanctions for environmental crimes.²² This proposal included a series of factors that would be used to evaluate a company's "commitment to environmental compliance." These factors are much more detailed and prescriptive than the compliance-assurance principles set forth in the existing Organizational Sentencing Guidelines. Many of the details in the Advisory Group's proposal are either different from or inconsistent with the international consensus reflected in ISO 14001. The Advisory Group's proposal was controversial and heavily commented upon, and has not been accepted by the Commission.²³

The presence or absence of a compliance-assurance program is useful when assessing the extent of an organization's criminal culpability because of the unique status of organizations in the criminal context. One of the fundamental elements of proving crimes against individuals is that they acted with the requisite intent. Since organizations do not have a state of mind and can only act through individuals, the government and courts addressing potentially criminal conduct by organizations must determine when the state of mind of individuals should properly be attributed to organizations. Compliance-assurance programs play a role in this determination because such programs reflect the organization's effort to ensure that individual employees comply with the law and that criminal violations are detected and corrected. Should an individual nonetheless engage in criminal conduct, an organization that has implemented a compliance-assurance program has the opportunity to demonstrate that the individual's actions were in contravention of the program and that the criminal culpability of the individual should not be assigned to the organization.

ISO 14001 is consistent with the major elements of compliance-assurance programs set forth in the 1991 DOJ policy and the 1994 Sentencing Guidelines. Thus, when government enforcement-discretion and penalty-mitigation policies entail consideration of compliance-assurance systems, full credit should be given to companies that conform to ISO 14001. The ISO standard, however, has a different purpose than the federal policies. ISO 14001 is directed at providing guidance to companies on how to manage their environmental affairs. Compliance assurance is only one element of ISO 14001. Many elements of ISO 14001—such as the commitments to continual improvement and pollution prevention, setting measurable objectives and targets, establishing specific operational procedures, and communicating environmental requirements to suppliers—are not and should not be essential factors in determining the criminal or civil culpability of organizations.

For this reason, ISO 14001 should remain outside the federal policies themselves, to serve as one option companies can use to demonstrate conformance with those policies. Companies should remain free to design their own compliance-assurance programs and demonstrate that those programs are consistent with the desires of regulators. Even though ISO 14001 will be internationally recognized as a leading environmental management systems standard, it is still not the only way to design and implement a compliance-assurance program or an environmental management system. Therefore, while conformance with ISO 14001 should be considered conformance with the various federal policies on compliance-assurance programs, conformance with ISO 14001 should not be necessary for that task.

For purposes of federal enforcement policies, companies should be able to demonstrate conformance with ISO 14001 in a variety of ways. For example, EPA, DOJ and the U.S. Sentencing Commission do not require third-party registration of compliance programs when evaluating companies in the contexts of exercising enforcement discretion or determining penalties. Instead, companies may demonstrate the adequacy of their programs. This flexibility should be retained should ISO 14001 be deemed a route to satisfying the basic compliance-assurance program provisions of federal policies. Third-party registration, which can be quite expensive, should not be required.

Conclusion

As the internationally and domestically accepted voluntary environmental management systems standard, ISO 14001 is likely to become a leading benchmark against which organizations will evaluate their environmental management systems. Although regulators should not adopt ISO 14001 as law or guidance on compliance-assurance programs, such policies should remain consistent with the ISO 14001 standard, since establishing different compliance-assurance program requirements for governmental purposes would force companies into the complexity and inefficiency of addressing multiple standards. It would also complicate companies efforts to compete internationally, since to the extent that conformance with ISO 14001 becomes a condition of doing business abroad, companies would conform to ISO 14001; at the same time, however, prudence would dictate conformance to the policies of the U.S. government.

The details of any particular approach to compliance-assurance programs or environmental management systems should not adopted as a matter of federal policy. Rather, government policy, as reflected in the existing federal guidance documents, should establish the general compliance [25 ELR 10685] framework within which the specific details of any particular program can be flexibly and creatively designed and implemented. These details will vary from industry-to-industry and company-to-company. It would be a serious mistake to express governmental preference for any particular approach to environmental management systems or to imply that it is the only way to design and implement a compliance-assurance program.

It would also be a mistake to limit regulatory applications of ISO 14001 to enforcement-discretion and penalty-mitigation decisions. Such a limitation would effectively devalue ISO 14001 by failing to recognize its potential as a foundation for substantial regulatory reform—a shifting away from "command and control" and micro-management toward creative and flexible strategies focused on performance.

Mr. Bell is a partner in the Washington, D.C., office of the law firm of Sidley & Austin, where he practices environmental law. He is one of the international negotiators for the U.S. delegation on the ISO 14001 environmental management systems standard, and has been heavily involved in other activities of the U.S. delegation. The views expressed are his own and do not necessarily reflect the views of that delegation.

1. ISO/TC207/DIS 14001 (Aug. 10, 1995).

2. Technical Committee 207 also has established a working group to produce guidance for the environmental aspects of product standards.

3. The labeling and life cycle assessment standards address core business issues such as how industry should take into account the environmental attributes of its products from "cradle to grave," including: (1) raw materials acquisition; (2) process and product design; (3) energy efficiency; (4) packaging; (5) marketing and labeling; and (6) product use and disposal.

4. See, e.g., Specification for Environmental Management Systems, British Standards Institute, BS 7750:1992, ISBN 0 58020 20644 0.

5. Government representatives have played a major role in many ISO delegations.

6. Indeed, the Austrian National Standards Institute has already adopted the draft ISO 14001 standard as the Austrian national standard. Over a dozen Austrian companies have already been certified to this standard, including a Philips Electronics facility. Turkey, Switzerland, Australia, and New Zealand are also in the process of adopting the ISO 14001 standard as their national standards.

7. Note that here, and in many other places, the standard requires that a procedure be established. Merely identifying environmental aspects is not enough—one must have a procedure in place.

8. International Chamber of Commerce, Publication No. 210/356 C (1991).

9. See, e.g., Emergency Planning and Community Right-To-Know Act, 42 U.S.C. §§ 11001-11050, ELR STAT. EPCRA §§ 301-330.

10. There has been some concern in the ISO 9000 quality systems area that the current approach to third-party registration is cumbersome, overly intrusive, and too expensive. Efforts are underway to devise a more streamlined registration process.

11. See U.S. EPA, Environmental Leadership Program: Request for Pilot Project Proposals, 59 Fed. Reg. 32062 (June 21, 1994).

12. See U.S. EPA, Common Sense Initiative, 59 Fed. Reg. 55117 (Nov. 3, 1994).

13. U.S. EPA, Regulatory Reinvention (XL) Pilot Projects, 60 Fed. Reg. 27282 (May 23, 1995).

14. See, e.g., William F. Pedersen Jr., Can Site-Specific Pollution Control Plans Furnish an Alternative to the Current Regulatory System and a Bridge to a New One? 25 ELR 10486 (Sept. 1995).

15. OSHA, Voluntary Protection Programs to Supplement Enforcement and to Provide Safe and Healthful Working Conditions, 47 Fed. Reg. 29025 (July 2, 1982); see also 51 Fed. Reg. 33669 (Sept. 22, 1986); 50 Fed. Reg. 43804 (Oct. 29, 1985); 52 Fed. Reg. 7337 (Mar. 10, 1987).

16. OSHA, Process Safety Management of Highly Hazardous Chemicals; Explosives and Blasting Agents, 57 Fed. Reg. 6356 (Feb. 24, 1992).

17. U.S. EPA, Environmental Auditing Policy Statement, 51 Fed. Reg. 25004 (July 9, 1986).

18. U.S. EPA, Voluntary Environmental Self-Policing and Self-Disclosure Interim Policy Statement, 60 Fed. Reg. 16875 (Apr. 3, 1995). EPA is considering expanding the scope of this policy to encompass violations discovered through the operation of compliance-assurance systems.

19. U.S. DOJ, FACTORS IN DECISIONS ON CRIMINAL POLICY PROSECUTIONS FOR ENVIRONMENTAL VIOLATIONS IN THE CONTEXT OF SIGNIFICANT VOLUNTARY COMPLIANCE OR DISCLOSURE EFFORTS BY THE VIOLATOR (July 1, 1991). The New Jersey Prosecutor's Office has issued guidelines that resemble the DOJ policy. The New Jersey Guidelines provide great detail about what a compliance program must look like. Such programs will be viewed as "mitigating factors" in the exercise of the prosecutor's criminal environmental enforcement discretion. NEW JERSEY PROSECUTOR'S OFFICE, VOLUNTARY ENVIRONMENTAL AUDIT/COMPLIANCE GUIDELINES (May 15, 1992).

20. Memorandum from Earl E. Devaney, Director, Office of Criminal Enforcement, to All EPA Employees Working in or in Support of the Criminal Enforcement Program, The Exercise of Enforcement Discretion (Jan. 12, 1994).

21. U.S. Sentencing Commission, Amendments to the Sentencing Guidelines for United States Courts, 56 Fed. Reg. 22762, 22788 (May 16, 1991) (§ 8A1.2, Application Notes 3(k)).

22. ADVISORY WORKING GROUP ON ENVIRONMENTAL SANCTIONS, PROPOSED FEDERAL SENTENCING GUIDELINES FOR ORGANIZATIONS CONVICTED OF ENVIRONMENTAL OFFENSES (Nov. 19, 1993); see 58 Fed. Reg. 65764 (Dec. 16, 1993) (notice of public availability).

23. While many of the compliance assurance program details proposed by the Advisory Group in its November 1993 submission to the Sentencing Commission may be appropriate for some companies, they are not applicable or necessary to all companies in all situations. The conclusion that they should not be adopted as a matter of national policy is not so much an absolute rejection of their content as it is a recognition that there are other, equally or perhaps more valid, approaches to compliance assurance and environmental management systems.