IMPORTANT: Impact of Covid-19 on your Management System

July 2, 2020



In the last months, we have witnessed an unprecedented situation, afflicting all the world.

Governments, companies and citizens were quick to adapt to save lives, the economy and our living standards.


Considering the rhythm of legislation being published, and the fact that these legal requirements are time-bound by the pandemic crisis, we decided not to include them in our quarterly Legal Newsletter and in the Legal Register database and prepare a dedicated Newsletter, instead.


We also want to draw your attention on the potential impacts the pandemic crisis might have on your management system, so that you use it fully in your benefit, and that you don’t have any surprises in the next audit.


This Newsletter does not replace each organisation’s duty to know the legal requirements applicable to their activity.


And most importantly… keep safe!



The legislation that has been published can be divided into 2 categories:


-         Primary legislation

o    Coronavirus Act 2020 (c. 7)

o    Public Health (Control of Disease) Act 1984 (c. 22)

-         Secondary legislation

o   The Health Protection (Coronavirus, Restrictions)(England) Regulations 2020 (S.I. 2020/350)



The Coronavirus Act 2020 grants the government emergency powers to handle the COVID-19 pandemic.

The Act allows the government the discretionary power to limit or suspend public gatherings, to detain individuals suspected to be infected by COVID-19, and to intervene or relax regulations in a range of sectors to limit transmission of the disease, ease the burden on public health services, and assist healthcare workers and the economically affected.

Areas covered by the Act include the National Health Service, social care, schools, police, Border Force, local councils, funerals and courts. The Act received royal assent on 25March 2020.


The Public Health (Control of Disease) Act 1984 gives health protection powers to local authorities, which can be used without approval from a court. It protects the health of the public through a system of surveillance and action. Surveillance allows for the identification, investigation and confirmation of an outbreak of a disease or a case of contamination. Appropriate and timely intervention to control the spread of the disease including isolation and quarantine can be initiated.


Three sets of regulations complement the Public Health (Control of Disease) Act 1984 (as amended):


  • Health Protection (Notification) Regulations 2010 updated the system of notification
  • Health Protection (Local Authority Powers) Regulations 2010 updated the powers and duties of local authorities in relation to protecting the public from infection or contamination
  • Health Protection (Part 2A Orders) Regulations 2010 allow local authorities to obtain an order (Part 2A Order) from a Justice of the Peace that impose restrictions or requirements to protect the health of the public.



The Health Protection (Coronavirus, Restrictions)(England) (Amendment) Regulations 2020 came into force on 22nd April 2020.

The Regulations provide powers to a relevant person to:

-      Require the closure of premises and businesses

-      Restrict certain business activities;

-      Restrict movement; and

-      Restrict gatherings.

A ‘relevant person’ is defined as a constable, a police community support officer (PCSO) or a person designated by the Secretary of state for the purposes of the regulation.

The Regulations apply during the ‘emergency period’ which commences upon the introduction of the Regulations until a date to be specified by the Secretary of State.

You can find details about which businesses can remain open in this website -

Management System


Your management system might be affected by the pandemic crisis in several ways.

In this chapter, we list some documents that might need review, to reflect the new circumstances. Each organisation needs to look at their management system and verify if any of these apply and act accordingly.


Context and planning


The context analysis and planning should be reviewed to address the current circumstances.


Examples of risks and opportunities that might apply to your organisation:

Standard                                            Risks                                                                                                                                                                              Opportunities

ISO 9001                 -         Economic recession                                                                                               -         Remote service provision / delivery of products to clients

                               -         Clients not being able to pay                                                                                 -         Financial stability, compared to competitors

                                -         Reduced demand for services / products                                                             -        Provision of services / products related to the prevention       

                                -         Increased costs related to Covid-19 prevention measures implementation                and fighting of the pandemic

                                -         Insufficient IT resources to work from home

                                -         Information security risks caused by remote working  

Standard                                            Risks                                                                                                                                                                              Opportunities

ISO 14001               -        Increased use of disinfectants and other chemical products                              -        Reduced environmental impacts due to commuting and  

                                -        Increased production of waste (PPE and chemical products’ packaging)                    business travel

                                -        Environmental investment suspended or delayed 

Standard                                            Risks                                                                                                                                                                              Opportunities

ISO 45001              -        Psychosocial risks related to work from home (insufficient communication       -      Reduced H&S risks due to commuting and travel

                                         with co-workers, isolation, difficulty managing work ad family activities)

                                -       Ergonomic risks due to unsuitable working conditions 

Policy and scope


If your organisation is providing new services, new products or removed some from your offer, it’s important to make sure that your policy and management system scope reflect this change.


The same applies to your organisation website, social media and other mediums where products and services are described.

Important changes in the management system scope,address, number of staff, etc must be communicated to your certification body.

Roles and responsibilities


If you changed your organisation functional structure, temporarily or permanently, it’s important to communicate these changes internally, so that everybody knows who does what.


It might be necessary to communicate some changes to clients too, if client-facing staff has left the company or if people moved to roles that clients contact directly.

Staff and subcontractors’ consultation (for ISO 45001)


The crisis has surely introduced changes in your work processes, equipment, PPE, among others.

The new / changed risks and their corresponding control measures should be subject to consultation to ensure staff and subcontractors feel comfortable with them and are confident that their health safety and wellbeing is ensured.

If your employees are working remotely, you can discuss these subjects through online meetings or send them a survey.

Environmental aspects and Health and Safety risks (ISO 14001 and ISO 45001)


These Registers should be reviewed to describe the new or changed aspects and risks, as well as the control measures put in place to address them.


These can include, for example, changes in preferred transport modes, use of chemical products, production of waste related to PPE, infection risk for the health of workers that cannot work remotely, psychosocial and ergonomic risks for workers that work from home, etc.

Even though this is a temporary situation, we don’t know at this stage if new contagion phases will occur in the future, and so these aspects and risks can apply in non-specified periods of time. We therefore commend that these aspects and risks are permanently integrated in the Registers until the risk decreases to pre-crisis levels.

Legal Register


The Legal Register can include the legislation related to the Covid-19 response, but it should be clear which requirements are permanent and which ones are temporary, so that the latter can be removed when they no longer apply.

Objectives and action plans


Consider the revised risks and opportunities and change your objectives and supporting action plans. This could mean:

-         Deleting or adding a new objective;

-         Changing the target of an existing objective;

-         Changing the timescales planned for the objective attainment;

-         Changing the actions defined and/or the responsibilities for their implementation.

Training, awareness and communication


This is a period where training, awareness and communication are key to the organisation’s performance.


Staff and subcontractors should receive training in any relevant changes to the management system, that were introduced.

This includes training related to environmental aspects and H&S risks, in particular those related to the covid-19 prevention measures.


Changes introduced to the policy and products and services’ offer need to be understood by staff whose activities relate to commercial and production activities.


Legal requirements updates are critical for functions such as HR and Finance.


Communication with the clients is essential so that they know how service is going to be delivered, products received, delivery deadlines, returns policy, etc.


Since most of the training, awareness and communication is now done remotely or with limited physical contact, it is important to keep records of what you’re doing so that you demonstrate these activities to your auditor.

Internal audit


Your internal audit programme might have to be revised, in order to:


-         Add additional audits to ensure conformity of new /changed processes;

-         Change the dates of programmed on-site audits.


Audits might have to be done remotely now, using online meetings tools, email, etc.

Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.