Actions to Address Risk Associated with Threats and Opportunities
6.1 Actions to Address Risk Associated with Threats and Opportunities
6.1 Is split into 4 subclauses:
6.1.1 General
The organization must plan, establish, implement and maintain a process to meet the requirements in clause 6.1. The documented information is to be maintained to the extent necessary to have confidence that the process has been carried out as planned.
6.1.2 Significant Environmental Aspects
The requirements state that the organization must identify the environmental aspects and impacts of the activities, products, and services that it controls or influences, considering a life-cycle perspective. Changes in plans or developments, new or modified activities and products are to be taken into account. The organization must also take into account abnormal conditions and reasonably foreseeable emergency situations. These environmental aspects must be communicated throughout the organization. Documented information must be kept on environmental aspects and associated environmental impacts, significant environmental aspects and lastly the criteria used to establish the significant environmental aspects.
6.1.3 Compliance Obligations
The organization must identify and have access to the compliance obligations related to all environmental aspects and define how these compliance obligations attribute to the organization.
6.1.4 Planning to Take Action
The organization must plan for actions to address the risks associated with threats and opportunities, including significant environmental aspects and compliance obligations.
The interpretive guidance in Annex A states that it is up to the organization to decide if it wishes to implement different risk evaluation processes at different organizational levels or to incorporate all the risk evaluation requirements into a single process.