[Note: “Text in italics and quotes” below are quoted directly from the R2v3 second draft standard.]
In Part 1 of this series we discussed the second draft of the R2v3 standard – specifically, the introduction. This covered applicability and scope as well as Sanctioned Interpretations, and highlighted some areas we want to pay attention to. Part 2 reviewed the Definitions section – some changes, additions, deletions, and the Focus Materials Table.
In Part 3, we started digging in to the standard’s Core Requirements – the auditable portion of the R2v3 standard. Specifically, the Scope and Hierarchy of Responsible Management Strategies.
Now in Part 4 of the series, we’re going to be covering two short, but very important, Core Requirements (CR) – CR 3, EH&S Management System (R2:2103 Provisions 1, 4, & 13), and CR 4, Legal and Other Requirements (R2:2013 Provision 3).
These are short in part due to Normative References. Normative References require that a document, if listed, be considered in its entirety as part of the standard calling it out. So, for R2, it lists Normative References to include:
- RIOS – Recycling Industry Operating Standard
- ISO 9001:2015 – Quality Management System
- ISO 14001:2015 – Environmental Management Systems
- ISO 45001:2018 – Occupational Health and Safety Management Systems
- OHSAS 18001:2007 – Occupational Health and Safety Management Systems (Until March 2021)
- AS/NZS 4801:2001 – Occupational Health and Safety Management Systems
- NIST Special Publication 800-88: Guidelines for Media Sanitization
- NSA/CSS Policy Manual 9-12 – NSA Storage Device Sanitization Manual
As you can see by the bolded standards, this includes an Environmental Management Systems Standard (ISO 14001) and an Occupational Health and Safety Management Systems Standard (ISO 45001).
Therefore, while the R2 standard CR 3 simply calls out the requirement to maintain a certified Environmental, Health, and Safety Management System (EHSMS), including all activities it takes to conform to these requirements, it is in reality requiring that you certify to 3 standards – the R2 Standard, an EMS Standard, and an OHS Standard (or RIOS). And these other standards have a BUNCH of requirements to conform to outside of R2.
When implementing R2 with our clients, we always start with this three-pronged approach – implementing all 3 standards simultaneously, in order to get the biggest bang for the buck and ensuring that are designing the system to address all the requirements of all 3 systems in unison. It also means that we can gain some efficiencies, by writing one procedure, having one audit, or holding one Management Review that addresses the requirements of all three standards simultaneously.
What this means, is that although the R2 standard is deceptively short (some would say), it is only because it only has 10 Core Requirements; however, one of those actually requires full implementation of two other standards in all their detail.
CR 3, EHSMS, has the statement “To use practices and controls designed to protect the health and safety of workers, the public, and the environment under both normal and (reasonably foreseeable) exceptional circumstances.” What this means is that the R2 standard is concerned not only about how electronics are being processed, but also how it is affecting workers, neighbors, and the environment. While it is extra work, I applaud SERI for taking this into account, which also allows organizations to focus on TBL (Triple Bottom Line) of people, planet, and profits.
While reviewing many of the changes requested for the First Draft, most of the language was clarifying only (defining “treating” workers – medical treatment, or how they are treated, for example); several statements were eliminated as duplications with EHSMS requirements, further streamlining and aligning the R2 standard with the requirement for a robust EHSMS.
Core Requirement 4, Legal and Other Requirements, requires us “To comply with all applicable environmental, health, safety, and data security legal requirements, and only import and export electronic equipment, components, and materials in full compliance with all applicable importing, transit, and exporting countries’ laws.”
It covers the requirement for a legal compliance plan, and the plan needs to cover both facility compliance and import/export compliance.
Monitoring compliance is called out, including ensuring that actions and controls are implemented, that the legal compliance is up to date and consistent with the Focus Materials Management Plan, and that it is regularly reviewed (audited) and actions taken as appropriate.
R2 has gotten specific in some of its Legal and Other Requirements, and now explicitly calls out
- Child and Forced Labor prohibition (as defined by the International Labor Organization – ILO);
- prison labor (acceptable only if voluntary, compensated beyond room and board, and skills are taught); and
- non-discrimination with respect to age, gender, race, religion, or sexual orientation.
One interesting clarification in the comments addressed the requirement for a competent auditor for legal and other requirements. The disposition and TAC (Technical Advisory Committee) response is as follows:
Core Requirement 4.(d)(3) does not indicate that the legal compliance audit needs to be an external audit, only that it is conducted by a competent auditor.
A ‘competent auditor’ is an individual with sound knowledge of the subject matter being audited, and the training, skills, and experience necessary to conduct an effective audit.
The individual may or may not be staff of the R2 Facility, but must be independent of the process and activities being audited.
This goes back to our earlier discussion on who this person needs to be. It does not need to be someone outside the area, but the burden of competence will have be proven.
Several other comments were submitted to get the 30 days rule – “Notify the Certification Body within 30 days of receiving any regulatory order or notice of violation that requires any action to address the violation and follow up with the issuing agency” modified. However, no change was made, and it is still a requirement for the organization to notify the CB within 30 days.
The non-discrimination policy was updated to include age discrimination (was not in the First Draft), and expanded to include “compensation in compliance with applicable wage laws…”
CR 4 was also strengthened to assure that legality of shipments applies to all downstream vendors who are not R2 certified, no matter how far down the supply chain they are.
While analyzing the rest of the document, you’ll notice that there are several callouts within the standard to ensure that legal and other requirements are being met, including:
- CR 3 as described above – conform with requirements for an EHSMS
- CR 5, Tracking Throughput – ensure inventory levels meet legal requirements
- CR 6, Sorting, Categorization, and Processing – import/export compliance
- CR 7, Data Security – Comply with Data Sanitation and internal data security regulations
- CR 8, Focus Materials – compliance with regulations
- CR 10, Transport – comply with transportation requirements
- Appendix A, Downstream Recycling Chain – refers back to CR 4
- Appendix E, Materials Recovery – mercury-containing items
- Appendix F, Brokering – refers back to CR 4
So, when implementing CR 4, keep this list handy and ensure that your Legal Register or listing covers these requirements as well as those called out in CR4.
While these are not released versions of the R2v3 standard (yet), it is important to note that requirements for CR 3 and CR 4 have been updated, and to start to implement these requirements in anticipation of the release of the Standard.
But wait – we’re not done yet!
Next up: Core Requirement 5 – Tracking Throughput
Can’t wait for the entire series and want to engage with us now? Contact us to start the process!
Would you like to talk through alternatives on implementation with us? Just contact us to set up a time to talk!