ISO 14001 is the international standard for Environmental Management Systems (EMS). Beyond measuring emissions, it requires organizations to actively manage environmental risks, track nonconformities, define improvement objectives, and close corrective actions โ creating a continuous improvement loop.Dcycleโs Management Systems module maps directly to the ISO 14001 Plan-Do-Check-Act (PDCA) cycle:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ISO 14001 MANAGEMENT SYSTEMS IN DCYCLE โโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโคโ PDCA Phase โ Dcycle Resources โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโคโ PLAN โ Risks & Opportunities โ identify and assess โโ (Clause 6) โ Objectives โ set measurable targets โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโคโ DO โ Actions โ implement measures โโ (Clause 8) โ (corrective, preventive, improvement) โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโคโ CHECK โ Nonconformities โ detect deviations โโ (Clause 9) โ Dashboard โ monitor KPIs โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโคโ ACT โ Actions โ close and verify โโ (Clause 10) โ effectiveness of corrective actions โโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
All management system resources are scoped to a Project.Every endpoint uses /management-systems/projects/{project_id}/.... A project represents an ISO 14001 certification scope (e.g., a facility, a business unit, or the entire organization). Retrieve your project_id from the Projects API before proceeding.
A valid project_id for the ISO 14001 scope you are managing
Your organization_id (returned alongside the project)
Using the Dcycle App?You can manage risks, nonconformities, and objectives directly in the app at app.dcycle.io under Management Systems. The API is the integration layer โ use it to sync from your own systems or automate workflows.
Register environmental risks and opportunities for your project. Dcycle auto-assigns a sequential code (e.g., R-001, O-001) and computes a risk level from probability ร impact.
2
Log nonconformities and incidents
Record deviations, incidents, or observations detected during audits or operations. Attach evidence files as needed.
3
Define environmental objectives
Set measurable targets linked to the project scope (e.g., โReduce water consumption by 15%โ). Track progress with current_value vs. target_value.
4
Create and assign actions
Link corrective, preventive, or improvement actions to a risk, opportunity, or nonconformity. Assign responsible users and deadlines.
5
Monitor via dashboard
Pull aggregated KPIs โ open risks by level, nonconformity severity distribution, overdue actions โ for management review.
# Filter by type and risk levelresponse = requests.get( f"https://api.dcycle.io/api/v1/management-systems/projects/{project_id}/risks-opportunities", headers=headers, params={ "type": "risk", "risk_level": "high", "status": "open", "page": 1, "size": 50, },).json()print(f"๐ Open high-risks: {response['total']}")for item in response["items"]: print(f" {item['code']} - {item['title']} (score: {item['risk_score']})")
Transversal vs. facility-scoped risksUse is_transversal: true for organization-wide risks (e.g., a regulatory change affecting all sites). Use facility_id to scope a risk to a single facility. Both are mutually exclusive: if is_transversal is true, facility_id should be null.
Nonconformities support file attachments (audit reports, photos, etc.) via a two-step presigned URL flow:
# Step 1: Get a presigned S3 upload URLpresigned = requests.post( f"https://api.dcycle.io/api/v1/management-systems/projects/{project_id}/nonconformities/{nonconformity_id}/attachments/presigned-url", headers=headers, json={"file_name": "audit-report.pdf", "content_type": "application/pdf"},).json()# Step 2: Upload directly to S3 (no auth headers for the S3 PUT)with open("audit-report.pdf", "rb") as f: requests.put(presigned["upload_url"], data=f, headers={"Content-Type": "application/pdf"})# Step 3: Register the attachment in Dcyclerequests.post( f"https://api.dcycle.io/api/v1/management-systems/projects/{project_id}/nonconformities/{nonconformity_id}/attachments", headers=headers, json={"file_name": "audit-report.pdf", "file_id": presigned["file_id"]},)print("โ Attachment registered")
File names must not contain path separators.The API rejects file names with /, \, or .. to prevent path traversal. Use flat names like audit-report-2026.pdf.
Use PATCH to update current_value as measurements come in:
# Update current consumption reading at end of Q1requests.patch( f"https://api.dcycle.io/api/v1/management-systems/projects/{project_id}/objectives/{objective_id}", headers=headers, json={"current_value": "970"},)print("โ Objective progress updated")
Actions are linked to their source automatically.When you retrieve a nonconformity or risk via the GET /{id} endpoint, the response includes a nested actions array โ no separate join needed.
Every resource gets a sequential, human-readable code automatically:
Resource
Code format
Example
Risk
R-{sequence}
R-001, R-012
Opportunity
O-{sequence}
O-001
Nonconformity
NC-{sequence}
NC-001
Incident
INC-{sequence}
INC-003
Observation
OBS-{sequence}
OBS-007
Objective
OBJ-{sequence}
OBJ-001
Action
Derived from source
NC-001/AC-001
Sequences are per-organization for risks/opportunities/objectives, and per-project for nonconformities.
Use code in audit reports and external documents โ it stays stable even if the UUID is not convenient for human readers. Filter by code using the list endpointsโ search params.
