Back to Learning Resources

Managing Legal and Regulatory Requirements

You must ensure that your product or service meets both customer and regulatory requirements. To manage them properly you should have some systematic process in place. Here's what you need to do.


The ISO 9001 quality management standard requires that you comply with your legal and regulatory obligations as well as ensure that your product or service meets customer requirements. Even if it is not stated, your customers will expect that your product meets applicable standards - e.g. cots, life jackets, lifting equipment, etc.

To properly manage all the relevant Acts/Regulations/Codes of Practice/Standards and respond to any changes you should have a systematic process in place. Here's what you need to do.

Identify your requirements

As a first step, find out what your business must comply with.

Customer Requirements

Determining customer requirements should be straightforward enough and businesses often have documents to support the process - e.g. order forms, quote process, etc.

Having a structured way to collect customer requirements helps sales staff remember to ask for all the information needed to process the order - avoiding extra phone calls.

Also think about what unstated requirements or expectations your customers may have, e.g., shipping will occur within a certain timeframe, and how you can manage these.

Government Requirements

Working out what regulatory requirements apply to your business can be more difficult as there are several sources - federal, state and local regulations, as well as any relevant product standards.

At the federal level, businesses must be registered and satisfy financial reporting and employment related requirements. Vehicle registrations, operating licences, and insurance requirements are typically defined at state level. Health and safety requirements can be at either federal or state level - e.g. there is a national standard for manual tasks, but a state based Fire and Rescue Act. Local councils will have their own rules regarding waste management.

Product / Industry Standards

Depending on what you do, there may also be mandatory product safety standards and/or mandatory industry codes of practice.

For example, manufacturers must ensure their products satisfy relevant standards e.g. a cot maker must satisfy requirements as detailed in the mandatory Australian standard, 'AS/NZS 2172:2003 Cots for household use—safety and performance requirements'.

Under Australian product safety laws, importers are treated as manufacturers and are responsible for ensuring that the goods they import satisfy relevant product standards.

Construction companies must comply with the Building Code of Australia and the Plumbing Code of Australia.

Food based business must comply with the Australia New Zealand Food Standards Code.

Service business may also need to look at what legal requirements they must take into account when delivering their service - particularly if design work is involved.

Manage your compliance requirements

Since legal and regulatory requirements will be contained in external documents, you'll want to bring these under document control - add them to your document register and identify the version.

It is not enough to just 'add them to the list'!

Simply having a copy of the document doesn't get you very far. You have to read and understand how the requirements relate to your business activities.

Acts/Regulations/Codes of Practice/Standards do change, so someone in your organisation will have to monitor their revision status in case this landscape changes. If it does, you will need to look at what activities are affected and what internal documentation may need to be amended to reflect the updated requirements.

Create a legal and regulatory matrix / obligations register

If you want to "go pro" and make the road ahead easier for yourself, draw up a legal and regulatory matrix that matches up all of the relevant compliance requirements with the business activities affected. This may also be called an obligations register.

For businesses with integrated safety & environmental management systems and those with multiple locations, the list of relevant legislation can be quite extensive.

Here's a brief example for a plumbing business (not complete):


Finding Assistance

The Australian government provides various resources to assist:

Also, some trade associations will provide guidance for their members.

In the UK, look at the business section of the UK government website where you'll find loads of information on licensing, waste management, registration, health and safety requirements for different kinds of businesses.

Get started today

Book a guided tour of Toolbox, one-on-one via Zoom