ECOSAFE BofR: The Smart Framework for Your Effective Environmental Compliance.
Discover a Body of Requirements designed with common sense, focused on strengthening your legal compliance controls without unnecessary bureaucracy.
What is the ECOSAFE Body of Requirements (BofR)?
The ECOSAFE Body of Requirements (ECOSAFE BofR) is a set of requirements distributed in 8 sections. This document is maintained and controlled by the ECOSAFE Council. It provides the framework of controls an organization needs to demonstrate to be granted an ECOSAFE Compliance Label.
Core Principles in the BofR's Creation.
-
Focus on Legal Compliance Controls:
The BofR is designed to help companies implement effective controls to maintain compliance with legal obligations related to the environment. ECOSAFE does not add anything more than what is needed to comply with these obligations.
-
Business Sense & Practicality:
The body of requirements must be straightforward, not bureaucratic, and agile, with the ability to guide a minimum number of procedures and a non-complex and clear structure of evidence of compliance.
-
Value-Added:
Requirements are straightforward and with enough value added for even a small company to formally implement necessary controls that help them reduce the risk of noncompliance.
-
Recognizing Controls, Not Certifying Compliance:
The ECOSAFE Label Program grants a license to use an ECOSAFE Compliance Label indicating that controls for compliance procurement shown in ECOSAFE Compliance BofR are in place. It is not certifying [overall legal] compliance itself; it means that the company has controls in place set forth by the ECOSAFE Label Program. Those controls deal with noncompliances when they are identified.
Structure of the BofR: The 8 Key Sections.
The BofR is organized into 8 distinct sections, each addressing critical components of a robust environmental compliance control system.
-
1. Identification of Compliance Obligations.
The first pillar of our framework requires that your organization systematically identify its compliance obligations. This involves a comprehensive analysis of how laws, regulations, codes, and voluntary commitments impact your activities, products, and services. The system must include processes to detect and assess changes in these obligations, ensuring proactive and continuous adaptation.
Based on ISO 37301, clause 4.5.
-
2. Compliance Risk Assessment.
Our model requires the establishment of a formal procedure for your organization to identify and assess its compliance risks. This analysis must link each obligation to operational activities, including both internal processes and those managed by third parties. This requirement ensures that the risk assessment is a dynamic process, conducted periodically and whenever there are material changes in the business context.
Based on ISO 37301, clause 4.6.
-
3.1. Role of Top Management and Governance.
In any effective compliance system, leadership is crucial. Our framework establishes that your company's Top Management and its governing body must be the primary drivers of the CMS. Their role is to establish policies, ensure the assignment of responsibilities, and guarantee that the Compliance Function operates with independence, authority, and direct access to the highest levels of decision-making.
Based on ISO 37301, clauses 5.1.1, 5.1.2 & 5.1.3.
-
3.2. Compliance Function (CF).
The framework provides for the designation of an independent and competent Compliance Function (CF), which will operate as the central hub of the system within your organization. This requirement details its key responsibilities: from facilitating the identification of obligations and risks, to monitoring performance, managing the reporting channel, and advising the entire organization, ensuring the proper integration of compliance into all processes.
Based on ISO 37301, clause 5.3.2.
-
4. Human Resources and Compliance.
For compliance to be a shared responsibility, our body of requirements stipulates that your organization must integrate compliance policies directly into the conditions of employment for all personnel. This formalizes the expectation that every employee is responsible for acting with integrity.
Based on ISO 37301, clause 7.2.2.
-
5. Procedures and Controls.
The system we propose is based on the implementation of specific controls, custom-designed to manage the compliance obligations and risks previously identified. It is a requirement that these controls be maintained, reviewed, and tested periodically by your organization to ensure their ongoing effectiveness.
Based on ISO 37301, clause 8.2.
-
6.1. Channel for Raising Concerns.
A pillar of our framework is the creation of a culture of trust. Therefore, a key requirement is that your organization establish a secure, accessible, and confidential channel for reporting concerns. It must protect those who report in good faith and allow for anonymous communication, fostering an environment where concerns can be raised and resolved without fear of retaliation.
Based on ISO 37301, clause 8.3 & 9.1.2.
-
6.2. Feedback on Compliance Performance.
Continuous improvement is essential. Our framework requires that your organization implement a procedure to actively seek and analyze feedback on its compliance performance from multiple sources. This information is vital for identifying areas of opportunity and strengthening the management system.
Based on ISO 37301, clause 6.2.
-
7.1. Investigation of Non-Compliance.
The body of requirements defines the need for a formal, impartial, and competent investigation process for your organization to manage any report of non-compliance. This process must guarantee fair decision-making, and its outcomes should be used to improve the CMS and be reported to Top Management.
Based on ISO 37301, clause 8.4.
-
7.2. Non-Compliance Reporting.
Our model establishes the need for robust reporting processes within your organization. This ensures that critical information about compliance performance flows accurately, completely, and in a timely manner to the correct functions, enabling informed decision-making and the execution of effective corrective actions.
Based on ISO 37301, clause 9.1.4.
-
8. Corrective Action.
Finally, our framework details a corrective action procedure that your organization must follow in the event of any non-compliance. This focuses not only on controlling and correcting the immediate problem but also on evaluating and eliminating its root cause to prevent recurrence, ensuring that the system learns and strengthens from every event.
Based on ISO 37301, clause 10.2.
Key Advantages of Implementing Controls Based on the BofR.
-
Provides a clear framework for self-management and control of environmental compliance.
-
Systematically helps reduce the risk of non-compliances and associated penalties.
-
Optimizes resources already allocated to legal compliance.
-
Facilitates the demonstration of due diligence to authorities and stakeholders.
-
Focuses on: Controls to ensure environmental compliance obligations, Documentation (Procedures and records), and Compliance Performance (Management of Evidence of compliance).
A Precise and Efficient Focus.
The ECOSAFE BofR concentrates on the necessary controls to ensure compliance with legal environmental obligations. It does not aim to replicate a comprehensive Environmental Management System (EMS) like ISO 14001, but rather to offer an agile and focused solution for compliance assurance, a cornerstone of any responsible environmental management.
Maintenance and Evolution of the BofR.
The ECOSAFE BofR is a living document, maintained and controlled by the ECOSAFE Council to ensure it remains relevant and reflects best practices in environmental compliance control.
Implement Robust Controls with the ECOSAFE BofR.
Our Body of Requirements is designed to be your ally, not an obstacle. Understand how it can simplify and strengthen your environmental compliance management.