ISO 14001 Shall Statements Checklist: Every Requirement in Plain English

What Are Shall Statements in ISO 14001?

When you read through ISO 14001, you will notice the word shall appears repeatedly. Every time it does, the standard is imposing a mandatory requirement. These are not suggestions, guidelines, or best practice recommendations. They are obligations. If your environmental management system does not meet a shall statement, you have a nonconformity.

Understanding which requirements are mandatory and which are simply guidance is one of the most practical skills an internal auditor or environmental manager can develop. This checklist breaks down the shall statements in ISO 14001:2015 clause by clause, explains what each one actually requires in plain language, and flags the areas where organisations most commonly fall short.

Note that ISO 14001:2026 has been published and introduces some structural changes. If your organisation is still certified to the 2015 edition, this checklist remains directly applicable. For those already transitioning, the core shall statements are largely preserved, with some additions and restructuring. You can read about those changes in our article on the ISO 14001:2026 transition guide.

How to Use This Checklist

This checklist is structured to follow the clause sequence of ISO 14001:2015. For each clause, the key shall statements are listed with a brief explanation of what evidence you would expect to see during an audit. Use it as a starting point for your internal audit preparation, gap analysis, or audit planning. It is not a substitute for reading the standard itself, but it gives you a working reference you can take into the field.

Each item is framed as a question an auditor would ask. If the answer is no, or if you cannot produce evidence, that is where your attention needs to go.

Clause 4: Context of the Organisation

Clause 4.1: Understanding the Organisation and Its Context

The organisation shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its environmental management system.

• Has the organisation identified internal issues such as operational activities, products and services, and organisational culture?
• Has it identified external issues such as climate conditions, regulatory environment, and community expectations?
• Is this analysis documented and kept current?

Auditors often find that organisations complete this exercise once during implementation and then never revisit it. The standard requires it to be maintained, which means it needs to be reviewed periodically and updated when things change.

Clause 4.2: Understanding the Needs and Expectations of Interested Parties

The organisation shall determine the interested parties relevant to its EMS and their relevant needs and expectations. It shall determine which of those needs and expectations have become, or could become, compliance obligations.

• Is there a documented list of interested parties?
• Have their environmental expectations been recorded?
• Has the organisation identified which expectations are legally binding or otherwise binding?

Clause 4.3: Determining the Scope of the EMS

The organisation shall determine the boundaries and applicability of the EMS to establish its scope. When determining scope, it shall consider the external and internal issues from 4.1, the compliance obligations from 4.2, and its organisational units, functions, and physical boundaries.

• Is the scope documented?
• Does the scope accurately reflect what the organisation actually does and where?
• Are any exclusions from the scope justified and not used to avoid difficult requirements?

Clause 4.4: Environmental Management System

The organisation shall establish, implement, maintain, and continually improve an EMS, including the processes needed and their interactions, in accordance with the requirements of the standard.

• Is there a functioning EMS with documented processes?
• Are those processes actually being followed, not just written down?

Clause 5: Leadership

Clause 5.1: Leadership and Commitment

Top management shall demonstrate leadership and commitment with respect to the EMS. This includes taking accountability for the effectiveness of the EMS, ensuring the environmental policy and objectives are established and compatible with the strategic direction, ensuring integration of EMS requirements into business processes, and providing necessary resources.

• Can top management articulate the environmental policy?
• Is there evidence of management involvement beyond signing off on documents?
• Are EMS requirements embedded in operational decisions, not treated as a separate compliance exercise?

Clause 5.2: Environmental Policy

Top management shall establish, implement, and maintain an environmental policy that is appropriate to the context and nature of the organisation, includes a commitment to protection of the environment, includes a commitment to fulfil compliance obligations, and includes a commitment to continual improvement.

• Is the policy documented and current?
• Does it include all three mandatory commitments?
• Is it communicated to persons working under the organisation's control?
• Is it available to interested parties?

Clause 5.3: Organisational Roles, Responsibilities and Authorities

Top management shall ensure that responsibilities and authorities for relevant roles are assigned and communicated within the organisation. Specifically, someone must be assigned responsibility for ensuring the EMS conforms to the standard's requirements and for reporting EMS performance to top management.

• Are EMS responsibilities clearly assigned to specific roles?
• Do those people know what is expected of them?
• Is there a defined person responsible for reporting EMS performance upward?

Clause 6: Planning

Clause 6.1.1: General Planning Requirements

The organisation shall establish, implement, and maintain processes needed to meet the requirements of clause 6.1. It shall determine risks and opportunities related to its environmental aspects, compliance obligations, and other issues, and plan actions to address them.

Clause 6.1.2: Environmental Aspects

The organisation shall determine the environmental aspects of its activities, products, and services that it can control or influence, and their associated environmental impacts, considering a lifecycle perspective. It shall determine which aspects are significant. It shall communicate significant aspects across the organisation and maintain documented information.

• Is there an aspects and impacts register?
• Does it cover all relevant activities, including those the organisation influences but does not directly control?
• Has the lifecycle perspective been applied, not just direct operational activities?
• Are significant aspects communicated to relevant staff?
• Is the register kept up to date when activities change?

This clause generates more nonconformities than almost any other in ISO 14001. The lifecycle perspective requirement catches many organisations out. It means you need to consider upstream and downstream impacts, not just what happens on your site. Our article on what auditors check in aspects and impacts goes deeper on this.

Clause 6.1.3: Compliance Obligations

The organisation shall determine and have access to the compliance obligations related to its environmental aspects. It shall determine how these obligations apply to the organisation and shall take them into account when establishing, implementing, maintaining, and continually improving its EMS.

• Is there a legal register or compliance obligations register?
• Is it current and does it reflect actual applicable legislation?
• Is it reviewed when laws change?
• Are obligations linked back to the aspects and impacts register?

Clause 6.1.4: Planning Action

The organisation shall plan to take action to address its significant environmental aspects, compliance obligations, and the risks and opportunities identified. It shall consider how these actions can be integrated into its EMS processes and how the effectiveness of those actions will be evaluated.

Clause 6.2: Environmental Objectives and Planning to Achieve Them

The organisation shall establish environmental objectives at relevant functions and levels. Objectives shall be consistent with the environmental policy, measurable if practicable, monitored, communicated, and updated as appropriate. When planning how to achieve objectives, the organisation shall determine what will be done, what resources are required, who is responsible, when it will be completed, and how results will be evaluated.

• Are environmental objectives documented?
• Are they measurable or, where not measurable, is there a reason recorded?
• Is there an action plan for each objective with assigned ownership and timeframes?
• Are objectives reviewed and updated regularly?

Clause 7: Support

Clause 7.1: Resources

The organisation shall determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of the EMS.

Clause 7.2: Competence

The organisation shall determine the necessary competence of persons doing work under its control that affects environmental performance and its ability to fulfil compliance obligations. It shall ensure those persons are competent based on appropriate education, training, or experience, and shall retain documented information as evidence of competence.

• Is there a training matrix or competence register?
• Are environmental competence requirements defined for relevant roles?
• Are training records maintained and current?

Clause 7.3: Awareness

Persons doing work under the organisation's control shall be aware of the environmental policy, significant environmental aspects and related impacts, their contribution to the effectiveness of the EMS, and the implications of not conforming to EMS requirements.

• Do workers know what the significant aspects are for their area?
• Can they explain what happens if they do not follow environmental procedures?
• Is awareness training documented?

Clause 7.4: Communication

The organisation shall establish, implement, and maintain processes for internal and external communication relevant to the EMS. For internal communication, it shall communicate information relevant to the EMS among the various levels and functions. For external communication, it shall communicate as required by its compliance obligations and shall decide whether to communicate externally on significant environmental aspects.

• Is there a defined process for internal EMS communication?
• Are external communication obligations met, for example regulatory reporting?
• Has the organisation documented its decision about whether to communicate externally on significant aspects?

Clause 7.5: Documented Information

The organisation shall include in its EMS the documented information required by the standard and that determined by the organisation as necessary for the effectiveness of the EMS. When creating and updating documented information, the organisation shall ensure appropriate identification, format, and review and approval. Documented information shall be controlled to ensure it is available, suitable for use, and adequately protected.

• Are all mandatory documented information items present?
• Are documents version controlled and approved?
• Are obsolete documents removed from use?
• Are records retained for appropriate periods?

Clause 8: Operation

Clause 8.1: Operational Planning and Control

The organisation shall establish, implement, control, and maintain the processes needed to meet EMS requirements and to implement the actions identified in clause 6, by establishing operating criteria for the processes and implementing control of the processes in accordance with the operating criteria. The organisation shall control planned changes and review the consequences of unintended changes, taking action to mitigate adverse effects. It shall ensure that outsourced processes are controlled or influenced.

• Are there documented procedures or work instructions for activities with significant environmental aspects?
• Is there a process for managing change that considers environmental impact?
• Are contractor and supplier environmental requirements defined and communicated?

Clause 8.2: Emergency Preparedness and Response

The organisation shall establish, implement, and maintain processes needed to prepare for and respond to potential emergency situations identified in clause 6.1. It shall be prepared to respond by planning actions to prevent or mitigate adverse environmental impacts. It shall periodically test its planned response actions where practicable, review and revise the processes and planned response actions, and provide relevant information and training. It shall maintain documented information on the processes and plans.

• Are potential emergency situations identified?
• Are emergency response plans documented?
• Are drills or tests conducted and recorded?
• Are plans reviewed after incidents or tests?

Clause 9: Performance Evaluation

Clause 9.1.1: Monitoring, Measurement, Analysis and Evaluation

The organisation shall monitor, measure, analyse, and evaluate its environmental performance. It shall determine what needs to be monitored and measured, the methods used, the criteria against which performance will be evaluated, when monitoring and measurement shall be performed, and when the results shall be analysed and evaluated. It shall ensure that calibrated or verified monitoring and measurement equipment is used and shall retain appropriate documented information.

• Are environmental performance indicators defined and being measured?
• Is monitoring equipment calibrated where required?
• Are results being analysed and used to drive improvement?

Clause 9.1.2: Evaluation of Compliance

The organisation shall establish, implement, and maintain a process to evaluate fulfilment of its compliance obligations. It shall determine the frequency of compliance evaluations, evaluate compliance and take action if needed, maintain knowledge and understanding of its compliance status, and retain documented information as evidence of the compliance evaluation results.

• Is there a structured compliance evaluation process, not just a legal register?
• Is compliance actually being assessed at defined intervals?
• Are results recorded and nonconformances with legal requirements addressed?

Clause 9.2: Internal Audit

The organisation shall conduct internal audits at planned intervals to provide information on whether the EMS conforms to the organisation's own requirements and the standard's requirements, and is effectively implemented and maintained. It shall establish, implement, and maintain an audit programme, define the audit criteria and scope, select auditors to ensure objectivity and impartiality, report results to relevant management, and retain documented information as evidence of the audit programme and results.

• Is there a documented audit programme?
• Are audits being conducted at the planned frequency?
• Are auditors independent of the area being audited?
• Are results reported to management and acted upon?

For a deeper look at what internal audit requirements actually mean in practice, see our article on ISO 14001 internal audit requirements and checklist.

Clause 9.3: Management Review

Top management shall review the organisation's EMS at planned intervals to ensure its continuing suitability, adequacy, and effectiveness. The review shall include consideration of the status of actions from previous reviews, changes in external and internal issues, EMS performance and trends including significant aspects and compliance obligations, adequacy of resources, and opportunities for continual improvement. Outputs shall include conclusions on suitability, adequacy, and effectiveness, decisions related to continual improvement opportunities, and any need for changes to the EMS. Documented information shall be retained as evidence.

• Are management reviews being conducted at defined intervals?
• Do the minutes or records cover all mandatory inputs?
• Are outputs documented with clear decisions and assigned actions?

Clause 10: Improvement

Clause 10.1: General

The organisation shall determine opportunities for improvement and implement necessary actions to achieve the intended outcomes of its EMS.

Clause 10.2: Nonconformity and Corrective Action

When a nonconformity occurs, the organisation shall react to it and, as applicable, take action to control and correct it and deal with the consequences. It shall evaluate the need for action to eliminate the causes of the nonconformity, implement any action needed, review the effectiveness of corrective action taken, and make changes to the EMS if necessary. Corrective actions shall be appropriate to the significance of the effects of the nonconformity, including the environmental impacts. Documented information shall be retained as evidence.

• Is there a corrective action process in place?
• Are root causes being identified, not just symptoms?
• Is effectiveness of corrective actions being verified?
• Are records maintained for all nonconformities and the actions taken?

Clause 10.3: Continual Improvement

The organisation shall continually improve the suitability, adequacy, and effectiveness of the EMS to enhance environmental performance.

• Is there evidence of improvement over time, not just maintenance of the status quo?
• Are trends in environmental performance being used to identify improvement opportunities?

Common Gaps Found in Practice

After conducting hundreds of environmental management system audits, a few patterns emerge consistently. Here are the areas where organisations most frequently fall short against the shall statements:

• Lifecycle perspective in aspects and impacts: Most organisations capture on site activities but miss upstream procurement impacts or downstream product use and disposal.
• Compliance evaluation as a process: Many organisations maintain a legal register but cannot demonstrate that they have systematically evaluated whether they actually comply with each requirement.
• Awareness at the worker level: Management knows the significant aspects. Workers on the floor often do not. The shall statement requires awareness throughout the organisation, not just at the top.
• Emergency preparedness testing: Plans exist but drills are not conducted, or drills are conducted but not reviewed and improved afterward.
• Continual improvement evidence: Organisations maintain the system but cannot demonstrate that environmental performance has actually improved over time.

Preparing for an Internal Audit Using This Checklist

The most effective way to use this checklist is not to work through it mechanically from top to bottom. Instead, use it to identify the clauses where your organisation is least confident, and focus your audit sampling there. Risk based audit planning means spending more time where the exposure is greatest.

Before your audit, pull together the documented information that corresponds to each clause. If you cannot find it, that is already a signal. During the audit, interview people at different levels to test awareness and understanding. Documents can be perfect on paper while the actual practice is entirely different.

If you are building your competence as an ISO 14001 internal auditor, understanding the shall statements is the foundation. Everything else, including audit questioning, evidence gathering, and nonconformity writing, builds on knowing what the standard actually requires. Our ISO 14001 internal auditor guide covers the practical skills you need before you start auditing.

A Note on ISO 14001:2026

The 2026 revision of ISO 14001 has been published and organisations have until April 2029 to transition. The shall statements in the 2015 edition remain largely intact, but there are additions around climate change considerations, lifecycle thinking, and some structural changes to clauses. If you are auditing against the 2026 edition, you will need an updated checklist that captures the new requirements. The core audit skills and approach remain the same. What changes is the specific content of the shall statements in the revised clauses.

Taking Your ISO 14001 Auditing Skills Further

A checklist is a useful tool, but it is not a substitute for auditor training. Understanding the shall statements is the starting point. Knowing how to gather evidence, interview auditees, and write findings that drive real improvement is what separates an effective auditor from someone who just ticks boxes.

Audit Workshop offers ISO 14001 internal auditor and lead auditor training for practitioners who want to build genuine auditing capability. Courses are delivered live and online, designed by an auditor with over 500 external certification audits across Australia and internationally. If you are preparing for an internal audit or looking to formalise your credentials, the training is built around real audit practice, not theory.