Management system guidance

6.1 Address Risks and Opportunities

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

6.1.2 Environmental aspects and impacts

This is almost the same requirement as in the 2004 edition. Your organization must determine the environmental aspects, and their impacts, of its activities, products and services under its control and influence. Implement a methodology for identifying environmental aspects relating your operations and product life cycle, and for the subsequent determination of the significance of related impacts that may have actual or potential significant impacts on the environment. Organizations are responsible for:

  1. Identifying associated environmental impacts of products, activities and services;
  2. Considering the lifecycle perspective with respect to:
    • Environmental impacts within the supply chain;
    • Environmental impacts associated with product use;
    • Environmental impacts of end-of-life treatment and/or disposal;
    • Consideration of the lifecycle perspective of procured goods and services.
  3. Maintaining documented information regarding environmental aspects and significant impacts;
  4. Prioritizing issues that could affect intended outcomes:
    • Enhancement of environmental performance;
    • Fulfilment of compliance obligations;
    • Achievement of environmental objectives;
    • Plus any additional issues that your organization sets for itself.

The identification of environmental aspects will form the foundation of your management system. The aspects that have significant impacts on the environment will become the basis of your organization’s objectives and targets; therefore, you will want to be thorough in completing this step.

Develop a list of the organization’s activities, products, and services can be a difficult task. The activity, product, or service should be small enough to be understood, but large enough to be analyzed.

Identification of environmental aspects

Using the environmental aspect and impact register, identify all raw materials, chemicals and utilities that are used as process inputs and all outputs such as products, services and by-products. Outputs are considered as products, the waste produced, levels of recycled materials, quantities of water discharge and air emissions for each process or activity.

Following the identification of environmental aspects, their impacts on the environment are calculated and an impact rating should be assigned. All of the organization’s activities should be considered when identifying actual and potential environmental aspects and impacts whilst taking account of:

  1. Past environmental incidents;
  2. Air emissions to atmosphere;
  3. Water usage and discharges to surface water groundwater and sewers;
  4. Land contamination caused by spillages, etc.;
  5. The production, re-use, recycling and disposal of controlled and special wastes;
  6. The storage and management of materials;
  7. Activities upon local ecology of operations, sites and premises;
  8. Environmental noise;
  9. Energy use and management;
  10. Use of transport and vehicles;
  11. Legal issues and other requirements;
  12. Raw materials and packaging;
  13. Office activities;
  14. Landscaping and infrastructure;
  15. Other relevant issues such as odours, particulates, lighting and pests.

When identifying inputs and outputs, consider all modes of operation since start-up, shutdown, or emergency operations might introduce additional environmental aspects and impacts into your processes.

Assessment of environmental impacts

Once the impacts have been identified ensure they are prioritised in terms of their environmental impact to assist in using them for setting objectives and targets and for identifying operational control procedures. Ensure each aspect identified is assigned a significance rating to indicate the relative importance of its related environmental impact.

The significance rating is used to define those impacts which are to be controlled through environmental objectives and targets, or by the implementation of operational control procedures.

The assessment of the severity of an environmental impact drives management attention and supports planning for mitigation. A qualitative risk assessment scheme consisting of qualitative probability and impact scales should be undertaken to ensure detailed understanding of the effects of each impact. The Environment and Sustainability Manager should engage with Process Owners to:

  1. Identify the control measures already applied to each significant impact i.e. existing control measures. These may be pro-active (reducing the probability) or reactive (reducing the impact);
  2. Rank the probability of each impact occurring, after taking into account the actual effectiveness of the existing control measures;
  3. Enter the existing control measures and the associated current impact scores;
  4. Undertake a risk assessment to provide more detailed understanding of the impact’s consequences;
  5. Set objectives and targets for achieving impact mitigation.

Using the ‘significance determination’, evaluate each identified aspect to determine whether it is significant. The environmental aspects should be considered to be significant if the aspect has an impact on the environment and meets the impact scoring criteria for implementing mitigation.

Risk assessments should be undertaken to provide an improved understanding of the impact’s profile and to derive a more detailed understanding of certain cost and time risks. Forecast probability, cost and time data is assessed for each impact based on the causes and effects described, taking into account the existing controls and active responses.

  1. All aspects which elicit concerns of stakeholders, interested parties and our organization are regarded as significant, if the necessary control measures have not been implemented;
  2. All aspects which are subject to environmental legislation are regarded as significant, and therefore noted as having a high impact/risk, if there is a breach or potential breach of legislation;
  3. All aspects where insufficient information is available to make a reasoned judgement are regarded as significant until further information is available.

Probability or likelihood estimations should be established giving due consideration to the effectiveness of existing control measures. The consequence evaluation criteria define the consequence criteria, should be assessed against potential financial loss, reputation impact, health and safety, legal and regulatory compliance and management time and effort.

Mitigating environmental impacts

Impact treatment involves identifying the options for treating each impact, evaluating those options, assigning accountability (for Very High, High and Moderate impacts) and taking relevant action. The following options are available for treating impacts and may be applied individually or in combination.

For each impact, the process owner should establish an appropriate level of treatment. Control measures in addition to those already existing may be needed to achieve this level of mitigation in order to develop a satisfactory response to each impact in order to:

  1. Identify a response strategy to treat, terminate, tolerate or transfer the impact;
  2. Identify response actions to improve control measures as required. These will be SMART;
  3. Identify a response action owner for each action and confirm with them that they accept accountability for implementing the action within the time allowed.

The process owner should be responsible for the development of the response. When a response action is completed, the impact should be reassessed to reflect any newly introduced control measures.

Monitoring and review

Continuous systematic and formal monitoring of implementation of the environmental aspect and impact process and outputs will take place against appropriate performance indicators to ensure process compliance and effectiveness. Monitoring may take a variety of forms and range from self-assessment and internal audits to detailed reviews by independent external experts.

Regular reviews are essential to ensure that aspects and impacts are being appropriately managed, and that the relevant data about those aspects and impacts remains accurate and reliable. The Environment and Sustainability Manager should on a regular basis:

  1. Engage with Process Owners to ensure that the current and forecast impacts severities reflect the actual effectiveness of the existing controls and the anticipated effectiveness of the response plans, and that response plans and existing controls are up-to-date);
  2. Challenge the continued relevance of aspects and impacts and the adequacy of the control measures and response actions;
  3. Review and formally issue approval of the current Environmental Aspect & Impact Register enabling it to be used for reporting;
  4. In the event that they will not approve (part of) the completed Environmental Aspect and Impact Register, e.g. due to the inadequacy of control measures and response actions, they will agree with the relevant risk owner those additional response actions necessary, prior to approval.


Regular reports are necessary to inform and provide assurance to Top management and other key stakeholders, that impacts are being appropriately managed. Reporting must be based on current data captured in the Environmental Aspect and Impact Register, which must be updated and reviewed in good time for the next reporting cycle.

On occasion, it may be appropriate to escalate an aspect or impact to ensure it is assessed and/or managed by the person or party best placed to do so (able and with appropriate authority). For example, where a more substantial or coordinated response is required than the current process owner can authorise or implement will justify higher level assessment and/or management. The Environment and Sustainability Manager should:

  1. Escalate through established lines of management accountability all aspects and impacts that may require mitigation. This may take place during formal reviews, or through other simple mechanisms at management meetings;
  2. Issue reports in accordance with requirements;
  3. Provides key information such as statistical data on numbers of active impacts, unassessed aspects, overdue actions, and others as appropriate.

Environmental impact training

To ensure that adequate impact management competency levels are achieved and maintained, your organization’s provides regular training courses in the impact management process and its application in our organization.

  1. Specific impact management training sessions will be held on an annual basis, aimed at providing an overview of the management framework;
  2. The training will be facilitated by the Environment & Sustainability Manager. Additional ad-hoc training will be provided as required;
  3. Instruments providing training on appropriate controls include job descriptions, inductions, policies, procedures, terms of reference, charters, performance planning and review programs, contracts and delegations.


Communication and consultation are important elements in each step of your organization’s environmental aspect and impact management process. Effective communication is essential to ensure that those responsible for implementing control, and those with a vested interest, understand the basis on which decisions are made and why particular actions are required. Your communication approach should recognises the need to promote environmental aspect and impact management concepts across all management teams and staff.

More information on PDCA



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities
    5.4 Consultation & Participation


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
6.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
7.1 Resources 7.1 Resources 7.1 Resources
7.2 Competence 7.2 Competence 7.2 Competence
7.3 Awareness 7.3 Awareness 7.3 Awareness
7.4 Communcation 7.4.1 Communcation - General 7.4.1 Communcation - General
7.5 Documented Information 7.4.2 Internal Communcation 7.4.2 Internal Communcation
  7.4.3 External Communcation 7.4.3 External Communcation
  7.5 Documented Information 7.5 Documented Information


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
8.1 Operational Planning & Control 8.1 Operational Planning & Control 8.1.1 General
8.2 Customer Requirements 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.3 Design & Development   8.1.3 Management of Change
8.4 Purchasing   8.1.4 Outsourcing
8.5 Product & Service Provision   8.2 Emergency Preparedness
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    


Monitoring, measurement, analysis and evaluation

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
9.1 Monitoring & Measurement 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.2 Internal Audit 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.3 Management Review 9.2 Internal Audit 9.2 Internal Audit
  9.3 Management Review 9.3 Management Review



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.