Capability Assessment Tool- evidence example

[example illustrating types of evidence sought assessing e1, e2, and e3 for **domain 1 “context & scope management”** of environmental management systems (EMS)]

1.E1 “Is there documented analysis of internal and external issues, including environmental conditions (e.g. climate, biodiversity, pollution)?”
Evidence would focus on showing that you have systematically identified and analysed internal and external issues, and that environmental conditions (climate, biodiversity, pollution, etc.) are explicitly included in that analysis.
Types of suitable evidence
• A documented “Context of the Organisation” or “Environmental Context Analysis” that lists internal and external issues and includes a section or column for environmental conditions (e.g. climate change, local biodiversity, air/water quality, land contamination, resource availability).
• A completed PESTLE/SWOT or similar risk-context worksheet where external factors (political, economic, social, technological, legal, environmental) explicitly mention climate change, pollution, biodiversity, natural resource scarcity, extreme weather, etc.
• An environmental aspects/impacts register that links significant aspects to broader environmental conditions (e.g. emissions contributing to local air quality issues, discharges affecting sensitive ecosystems).
• Stakeholder and interested-party analysis that records external expectations related to climate, biodiversity protection, local pollution, and broader environmental performance.
• Risk and opportunity registers showing how identified internal/external issues and environmental conditions can affect the organisation’s ability to achieve its management system objectives.
• Management review minutes or strategy papers where internal/external issues and environmental conditions (e.g. climate change as an external issue) are reviewed, updated, and linked to objectives and plans.
• Legal and regulatory register or compliance obligations register that reflects environmental conditions (e.g. local air/water quality limits, protected species/habitats, contaminated land controls) relevant to your operations.
What an assessor would look for in the notes
• Clear differentiation of internal issues (e.g. culture, resources, existing pollution from past activities, internal emissions profile) and external issues (e.g. regional climate risks, community concern about pollution, local biodiversity sensitivity).
• Evidence that “environmental conditions being affected by or capable of affecting the organisation” have been considered – for example: climate change, extreme weather, air/water quality, biodiversity, natural resource availability, existing land contamination.
• A logical method used (PESTLE, SWOT, environmental context analysis, environmental audits) and records of when it was last reviewed and by whom.
• Traceability from the documented analysis to downstream elements: environmental/objective setting, risk treatment plans, operational controls or improvement projects.
• Periodic review notes showing that internal/external issues and environmental conditions are not “one‑off” but re‑evaluated as circumstances (e.g. new climate-related risks, changes in pollution regulation) change.
Examples of strong evidence items
• “Context and Issues Register” including columns: internal issue, external issue, related environmental condition (climate/biodiversity/pollution/resource), risk/opportunity, related objectives/controls, date of review.
• A documented procedure on “Understanding the Organisation and its Context” that requires identification and documentation of environmental conditions as part of determining issues.
• Environmental audit or assessment reports that discuss how local environmental conditions (e.g. air quality, nearby waterways or sensitive habitats) interact with your activities.

1.E2 “Have interested parties been identified with their needs translated into compliance obligations?”
Look for
• A defined list/register of interested parties relevant to the management system (e.g. regulators, customers, employees, shareholders, community, suppliers, NGOs).
• Criteria or rationale for why each party is “relevant” to the system’s purpose and outcomes (e.g. ability to affect compliance, risk if not met).
• Documented needs and expectations for each relevant interested party, including explicit (legal, contractual) and implicit (ethical, safety, environmental, quality) requirements.
• Clear identification of which of those needs/expectations have been adopted as “compliance obligations” (e.g. in a compliance obligations register, legal register, or similar).
• Linkage from those compliance obligations into operational controls, policies, procedures, codes of conduct, contracts, permits, or standards.
• Evidence of processes to systematically identify new/changed obligations and update the registers (e.g. legal watch, horizon scanning, periodic reviews).
• Integration of interested-party requirements into the scope and risk assessments of the management system (e.g. EMS aspects, compliance risk assessment).
• Records of reviews of interested parties and their needs/expectations (e.g. annual context review, management review minutes).
Typical documents and records
• Stakeholder / interested party register including: who they are, their needs/expectations, whether each requirement is adopted as a compliance obligation.
• Compliance obligations / legal register mapped back to interested parties (laws, permits, contracts, codes, voluntary commitments, standards).
• Procedures or methodology describing how interested parties are identified, how their needs are determined, and how these become compliance obligations.
• Risk assessment records showing how non‑fulfilment of those obligations creates compliance, environmental, or quality risk.
• Policy statements or public commitments that create voluntary obligations (e.g. sustainability commitments, codes of ethics).
• Contracts, permits, licences, regulatory correspondence, and customer agreements referenced in the obligations register.
Assessment notes an auditor might write
• “Register of interested parties exists and covers regulators, customers, employees, suppliers, community, and investors; relevance to EMS is defined.”
• “Needs and expectations are documented and classified as legal, regulatory, contractual, or voluntary; items marked as ‘compliance obligation’ are transferred to the legal/compliance obligations register.”
• “Compliance obligations register includes applicable legislation, permits, customer requirements, and voluntary codes; each entry is linked to a corresponding interested party.”
• “Procedure XYZ describes the process for identifying interested parties and determining which requirements become compliance obligations; evidence of annual review and updates observed.”
• “Sample testing of obligations (e.g. environmental licence, key customer contract, regulator guidelines) showed requirements correctly reflected in procedures and controls.”

1.E3 “Is the EMS scope defined, including lifecycle stages and areas of influence, and is it current, accessible, and used?”
Evidence would focus on three things: the written scope itself, how lifecycle and influence are reflected in the EMS, and how people can and do use it in practice.

Evidence that the EMS scope is defined – Look for documented statements that clearly set the EMS boundaries and applicability. Typical evidence and notes:

1. • EMS scope statement in the EMS manual, policy, or standalone “Scope” document (often referencing ISO 14001 cl. 4.3).
2. • Description of activities, products, services and locations covered, including any exclusions with justification.
3. • Description of organizational boundaries (e.g. controlled sites, subsidiaries, contractors on site).
4. • Links from the scope to key environmental aspects registers or risk registers for those activities.
5. • Notes: “Scope states manufacturing and warehousing at X and Y sites, excludes head office admin; exclusions justified as low environmental risk and no significant aspects identified.”

Evidence that lifecycle stages are covered – You want to see that a life cycle perspective has been considered for the defined scope.

1. • Environmental aspects/impacts register that explicitly references life‑cycle stages (e.g. raw materials, design, production, distribution, use, end‑of‑life).
2. • Procedures or criteria showing consideration of upstream and downstream impacts (e.g. supplier controls, product design requirements, customer information on disposal).
3. • Design and development procedures referencing environmental requirements over the product/service life cycle.
4. • Procurement and contractor control procedures specifying environmental requirements for key goods and services.
5. • Notes: “Aspects register includes upstream transport and downstream disposal; design checklist includes energy use in service life; supplier procedure includes env. criteria for key materials.”

Evidence that areas of influence are addressed – “Areas of influence” covers what the organisation can control and what it can influence.

1. • Aspect identification method that differentiates between “control” and “influence” (e.g. own operations vs supplier operations, tenants, outsourced processes).
2. • Contracts, SLAs or specifications that include environmental clauses for contractors and suppliers.
3. • Stakeholder/“interested parties” analysis showing expectations where the organisation has influence (e.g. customers, landlords, local community).
4. • Communications to external providers (instructions, handbooks, induction material) with environmental requirements.
5. • Notes: “Matrix shows control vs influence for logistics provider and waste contractor; contract templates include env. performance clauses.”

Evidence that scope is current – You need evidence of periodic review and updates when things change.

1. • Document control record showing the scope document is on the current register, with recent review/approval dates by top management.
2. • Management review minutes recording review of the EMS scope, changes in activities, sites, products, or legal context.
3. • Change management records (e.g. new site, new process, closure) that trigger updates to scope and related aspect registers.
4. • Internal audit reports that have checked scope adequacy and identified any misalignment.
5. • Notes: “Scope last revised June 2025 after acquisition of new warehouse; reflected in aspects register and legal register; confirmed in 2025 management review.”

Evidence that scope is accessible and used – You are looking for practical use, not just a statement on a shelf.

1. • EMS scope published in the EMS manual, intranet, or quality/environment portal accessible to staff.
2. • Where relevant, scope (or a concise version) available externally: website, corporate sustainability report, customer information.
3. • Staff interviews showing awareness of what parts of the organisation/activities are covered, and understanding of “in scope vs out of scope”.
4. • Training material that includes scope and examples of applications and exclusions.
5. • Internal audit plans that use the scope as the basis for which sites, processes and lifecycle stages are audited.
6. • Notes: “Operators can describe that EMS covers production and maintenance but not independent distributors; internal audit programme mapped to process/scope matrix on intranet.”