All Norwegian businesses have a number of laws, requirements and regulations that they must comply with. Far from everyone knows what these are – they may have an idea, but can rarely explain how they live up to the requirements.

So where do the requirements come from? First and foremost from the Norwegian legislation with associated regulations, rules and guidelines. But if you want ISO 9001 (quality) or ISO 14001 (environment) certification, you must also apply for and meet the requirements of your stakeholders - the customer and the environment, respectively. Certain industries also have a number of requirements for work performed or products laid down in standards and product descriptions that must be complied with.

It is fundamentally important to have an overview of the requirements a company must comply with, but not only that - you must also ensure that you actually comply with them. If you are to hold a certification, you must also document how you comply with your requirements. This can seem like a formidable task if you don't have a smart methodology. So where do you start?

First and foremost, all Norwegian businesses must comply with Norwegian law.

A key Norwegian requirement is Section 5.1 of the Internal Control Regulations, which states that companies must "ensure that the laws and regulations in health, safety and environmental legislation that apply to the business are available, and have an overview of the requirements that are of particular importance to the business". This requires that you have good knowledge of the laws that affect your operations.

1. ISO 9001 - quality:
   Document what requirements your customers have for your company's products/services. Also consider what unspoken requirements / expectations they have. Self-imposed quality requirements are also included here.

2. ISO 14001 – external environment:
Document that you comply with any relevant environmental requirements from legislation. In addition, an analysis must be carried out to look at the biggest environmental challenges you face and what requirements you should impose on yourself as a result of these.

3. OHSAS 18001 / ISO 45001 – working environment:
The stakeholder here is the individual employee. If your business complies with Norwegian HSE, the requirements of this standard are largely met. The requirements you must document are requirements for the working environment and safety for the employees in the business - both requirements from public authorities, but also others that are self-imposed and that stem from agreements with employees / unions, etc.

4human QM365 Through many years of assisting our customers, we have developed an effective methodology for mapping, recording and documenting compliance with all relevant laws and requirements for a business. Here is a brief explanation of how we recommend this be done.

1. Find all laws and requirements related to your business.

2. Copy all these requirements onto an Excel sheet.

7. This list of requirements can then be very easily imported into the Manage management system, which has good functions for getting an overview of requirements, displaying relevant requirements, and of course registering that you are in compliance.

9. Ensuring that the requirements list is up to date is done as follows

1. 1. For requirements from ISO and other standards: monitor changes in product requirements, customer requirements, changes in own risk assessments affecting relevant stakeholders, results from various audits and management reviews, external and internal feedback, etc.
   2. For legal requirements within HSE and the environment, we hope to see a new alternative to the Regulatory Assistance service soon.