Statutory and Regulatory Requirements in Quality Management Systems
(January 5, 2019)
Not less than thirteen times the term "statutory and regulatory requirements" has been stated in the ISO 9001:2015 QMS Standard including the Introduction and Annex A. This article is an attempt to understand the meaning of the term, and how the organization needs to comply with it.
The term ‘statutory and regulatory requirements’ can be expressed as legal requirements. This term expresses two types of requirements:
(i) Statutory requirements
(ii) Regulatory requirements
Both statutory requirements and regulatory requirements are those requirements that are required by law. These requirements are non-negotiable and must be complied with. Failure to comply with a legal requirement may result in a fine or penalty and possibly a custodial sentence for the person(s) or organization responsible.
“Statutory refers to laws passed by a state and/or Central government, while regulatory refers to a rule issued by a regulatory body appointed by a state and/or Central government.”
Statutory requirements are those requirements which are applicable by virtue of the law enacted by the government. These are enacted by passing the law in the legislative assembly or Parliament. A regulatory requirement can be termed as administrative legislation that constitutes or constraints rights and allocates responsibilities.
It is somewhat different from the statutory legislation and there can be following types of regulations applicable to an organization:
- Legal restrictions or responsibilities declared by a government authority
- Self-regulation by industry through the trade association
A simple example for Educational Institutions:
a. Educational System developed and passed in the Parliament of India is a statutory requirement.
b. Controls applied by Directorate of Controller of Examinations to institutions are a regulatory requirement.
Another example for automotive industries:
a. Companies Act 2013 (amendment bill 2014) and Motor Vehicles Act 1988 (amendment bill 2015) are a statutory requirement.
b. ARAI (Automotive Research Association of India) is a regulatory body responsible for the car mileage figure in India.
ISO 9001:2015 QMS Standard requires an organization to determine and control the statutory and regulatory requirements applicable to the organization’s products and services. It is the responsibility of the organization to demonstrate compliance with its quality management system. On perusal of this ISO 9001: 2015 QMS Standard, in the introduction part we find that this standard can be used by internal and external parties. So, it is imperative for the organization to be aware of the general and specific statutory and regulatory requirements applicable to the product and services within the scope of the quality management system.
The term ‘statutory and regulatory requirements’ has been used in 0.1 General of this standard, which states that ‘The potential benefits to an organization of implementing the quality management system based on this international standard are i) the ability to consistently provide products and services that meet the customer and applicable statutory and regulatory requirements.
In Clause 1 - Scope of the standard, it has been used three times to emphasize the importance of meeting and conforming to apply to statutory and regulatory requirements.
Clause 4.2 uses the statutory and regulatory requirements while understanding the needs and expectations of the interested parties.
As a demonstration method for Leadership and Commitment by Top Management, statutory and regulatory requirements are to be determined, understood and met as stated in Clause 5.1.2. In Clause 8.2.2 and 188.8.131.52, while determining and review of the requirements related to products and services is mentioned.
During the determination of design and development inputs in Clause 8.3.3, statutory and regulatory requirements have been mentioned and addressed.
In Clause 8.4.2, statutory and regulatory requirements need to be considered while applying type and extent of control on externally provided processes, products, and services.
Clause 8.5.5 requires statutory and regulatory requirements to be considered in determining the extent of post-delivery activities required.
Annex A provides the clarification on statutory and regulatory requirements for understanding the needs and expectations of interested parties.
Accordingly, the organization should have a methodology in place:
i. For determining, maintaining and updating all applicable statutory and regulatory requirements.
ii. For communicating all applicable statutory and regulatory requirements within the organization.
iii. The organization should ensure that determined statutory and regulatory requirements are utilized as ‘process inputs’.
iv. The organization should monitor ‘process outputs’ for compliance with statutory and regulatory requirements.
In this regard, it is suggested to have a team in place, having legal knowledge. The team should determine the applicable statutory and regulatory requirements related to the product and services of the organization. The responsibility of personnel in meeting these requirements should be determined and implemented.
Team members may also study the best practices prevailing in industries to gain ideas about the smooth implementation of such requirements. The team should ensure communication of determined statutory and regulatory requirements to the personnel/functions concerned with a copy to the top management. Top Management should demonstrate leadership & commitment by ensuring compliance with the requirements.
It should be the responsibility of the personnel/functions concerned to meet these determined requirements. The top management should also review at defined intervals meeting applicable statutory and regulatory requirements.
The internal audit process can support the compliance and demonstration through assessment of the ‘statutory and regulatory requirements. It will be a good idea that the auditor during the audit preparation phase obtains relevant information from internal as well as external sources with respect to the applicable statutory and regulatory requirements of products and services. Through these methods, the quality management system can demonstrate the compliance to statutory and regulatory requirements of products and services.
About the Author
Praburam Seshadri is a Principal Consultant & Technical Head at Omnex India Pvt. Ltd.