Assign topic to the user
According to my experience, It's the compliance officer who is responsible for determining all the applicable laws.
In fact this is a complex question, basically a balance between the costs and effort related to perform such a task and the risk of not being in compliance with legal requirements (with impacts ranging from financial fines, disruption of business operations to prison).
And you are right in the thinking that hardly a single person will be capable to cover all these requirements and ensure compliance with them, specially if it is not a lawyer (even whole groups of experts may find this a difficult task).
Now, regarding ISO management systems, they do not define how you should perform this compliance assurance, only that you must assure compliance with what you identified as relevant, and together with the concept of managing risks and opportunities now incorporated to the new releases of ISO management standards, you have a way to handle this situation.
Considering the assessment of risks and opportunities, you can identify, let's say, the 20 legal requirements most relevant to your organization, and work on them, assuming the risk of not being compliant with all the re st until the next assessment cycle. For an ISO management system this is perfectly acceptable (you have identified the risk and consciously made a decision).
Particularly, what I have seen about legal requirements is that local requirements sometimes repeat the national requirements, or include a few additional points, so one approach is to identify the main national requirements and start from there to identify the local ones.
Comment as guest or Sign in
Aug 24, 2017