During an ISO 14001 certification audit, do you have to provide the auditor with the actual Environmental Compliance which may or may not be attorney client privileged. Or is there another way to demonstrate that compliance audits are being conducted?
First, a clarification: ISO 14001:2015 does not ask for an internal compliance audit. ISO 14001:2015 asks for a complete verification and several actions if needed (clause 9.1.2).
In my country auditors want to check the actual Environmental Compliance Register. Certification auditors are bounded by confidentiality. Some organizations prepare a kind of legal document for the auditor(s) to reinforce that confidentiality. If an organization has any non-compliance that will appear, for example, in the management review record, a basic document for any certification audit.