Organisations seeking ISO 9001 certification must comply with a number of requirements, including the legal and regulatory requirements applicable to their business. But what exactly do these requirements entail and why are they fundamental to a quality management system?
What are the legal requirements in ISO 9001?
These refer to all the rules and regulations applicable to a company’s activity within its operational context. These regulations can be local, national or international, and range from sector-specific legislation to environmental, occupational safety, data protection or corporate social responsibility regulations.
Why does ISO 9001 require compliance with legal requirements?
The standard states that an organisation shall identify and comply with the legal requirements applicable to its activity to ensure that its processes comply with regulatory obligations. In particular, section 4.2 Understanding the needs and expectations of interested parties and 7.5 Documented information insist that organisations shall:
- Identify applicable legal requirements.
- Maintain an up-to-date record of these requirements.
- Ensure compliance in internal processes
- Demonstrate compliance during audits or inspections.
The aim is to ensure that the quality management system not only optimises internal processes, but also guarantees regulatory compliance, reducing risks and avoiding sanctions.
What do the legal requirements in ISO 9001 refer to?
These legal requirements may cover different areas depending on the sector in which the organisation operates. Examples include:
| Compliance area | Example of regulations in | Scope |
|---|---|---|
| Data protection | Reglamento (UE) 2016/679, Reglamento General de Protección de Datos (RGPD) y Ley Orgánica 3/2018 de Protección de Datos Personales y Garantía de los Derechos Digitales. | Processing and security of personal data in companies. |
| Industrial and intellectual property | Ley 24/2015 de Patentes y Ley de Marcas 17/2001. | Registration and protection of trademarks, patents and copyrights. |
| E-commerce | Ley 34/2002 de Servicios de la Sociedad de la Información y del Comercio Electrónico (LSSI-CE). | Regulation of online sales, consumer protection and cookies. |
| Consumer legislation | Real Decreto Legislativo 1/2007 que aprueba la Ley General para la Defensa de los Consumidores y Usuarios. | Consumer rights, guarantees and returns on purchases. |
| Quality control of products | Reglamento (UE) 2019/1020 sobre vigilancia del mercado y Ley 21/1992 de Industria. | Safety and quality of industrial and consumer products. |
| Food safety | Reglamento (CE) 178/2002 sobre seguridad alimentaria y Ley 17/2011 de Seguridad Alimentaria y Nutrición. | Quality and hygiene standards in the food industry. |
| Environmental protection | Ley 7/2021 de Cambio Climático y Transición Energética y Ley 7/2022 de Residuos y Suelos Contaminados para una Economía Circular y Real Decreto 1055/2022, de 27 de diciembre, de envases y residuos de envases | Environmental compliance and sustainable waste management. |
EcoGestor Legislation: Full control of legal requirements
Monitoring is key to ISO 9001 compliance, but managing the regulations applicable in different countries can be a challenge. EcoGestor Legislación is a digital solution that allows organisations to keep an exhaustive control of their legal requirements in Spain, Portugal, Italy, France and Chile, facilitating:
- ✔ Automatic updating of applicable regulations.
- ✔ Personalised alerts on regulatory changes.
- ✔ Documentary record of legal compliance.
- ✔ Ease of audits with evidence always available.
With EcoGestor Legislation, companies guarantee rigorous compliance with the legal requirements demanded by ISO 9001, avoiding penalties and making it easier to obtain and maintain certification.
