Organisations seeking ISO 9001 certification must comply with a number of requirements, including the legal and regulatory requirements applicable to their business. But what exactly do these requirements entail and why are they fundamental to a quality management system?
What are the legal requirements in ISO 9001?
These refer to all the rules and regulations applicable to a company’s activity within its operational context. These regulations can be local, national or international, and range from sector-specific legislation to environmental, occupational safety, data protection or corporate social responsibility regulations.
Why does ISO 9001 require compliance with legal requirements?
The standard states that an organisation shall identify and comply with the legal requirements applicable to its activity to ensure that its processes comply with regulatory obligations. In particular, section 4.2 Understanding the needs and expectations of interested parties and 7.5 Documented information insist that organisations shall:
- Identify applicable legal requirements.
- Maintain an up-to-date record of these requirements.
- Ensure compliance in internal processes
- Demonstrate compliance during audits or inspections.
The aim is to ensure that the quality management system not only optimises internal processes, but also guarantees regulatory compliance, reducing risks and avoiding sanctions.
What do the legal requirements in ISO 9001 refer to?
These legal requirements may cover different areas depending on the sector in which the organisation operates. Examples include:
| Compliance area | Example of regulations in | Scope |
|---|---|---|
| Data protection | California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) | Protection of personal data and consumer privacy rights, primarily for California residents. |
| Intellectual Property | U.S. Copyright Act, Lanham Act (Trademark Law), Patent Act | Protection of copyrights, trademarks, and patents for creators and businesses. |
| E-commerce Regulation | Federal Trade Commission Act; Electronic Signatures in Global and National Commerce Act (E-SIGN Act) | Regulation of online commerce, electronic contracts, and digital marketing practices. |
| Consumer Protection | Federal Trade Commission Act; Fair Packaging and Labeling Act | Prevention of deceptive business practices and ensuring truthful product labeling. |
| Product Quality Control | Consumer Product Safety Act; Title 21 CFR Part 820 (Quality System Regulation for medical devices) | Ensuring product safety and quality standards, especially for consumer and medical products. |
| Food safety | Food Safety Modernization Act (FSMA); Federal Food, Drug, and Cosmetic Act | Regulation of food production, processing, and distribution to prevent foodborne illnesses. |
| Environmental protection | Clean Air Act; Clean Water Act; National Environmental Policy Act (NEPA) | Protection of air and water quality, and assessment of environmental impacts of projects. |
EcoGestor Legislation: Full control of legal requirements
Monitoring is key to ISO 9001 compliance, but managing the regulations applicable in different countries can be a challenge. EcoGestor Legislación is a digital solution that allows organisations to keep an exhaustive control of their legal requirements in Spain, Portugal, Italy, France and Chile, facilitating:
- ✔ Automatic updating of applicable regulations.
- ✔ Personalised alerts on regulatory changes.
- ✔ Documentary record of legal compliance.
- ✔ Ease of audits with evidence always available.
With EcoGestor Legislation, companies guarantee rigorous compliance with the legal requirements demanded by ISO 9001, avoiding penalties and making it easier to obtain and maintain certification.
