Occupational Health and Safety Management System
Organizations worldwide recognize the need to provide a safe and healthy working environment, reduce the likelihood of accidents and demonstrate they are actively managing risks. ISO 45001 is the international standard for occupational health and safety will provide an internationally accepted framework that will help protect employees as well as protecting the longevity and health of an organization. The standard is flexible and can be adapted to manage occupational health and safety in a wide range of organizations including; large organizations and enterprises, small and medium-sized enterprises, public and not-for-profit organizations. Although organizations tend to use generic health and safety guidelines or national and consortia standards, none of these demonstrate global conformity. There was a worldwide need to harmonize health and safety management systems using an international standard and sharing best practices. This can be seen at local, national, regional and global levels – applying to both developing and developed countries. With an international standard to refer to, together with the right infrastructure and training, organizations will be able to address these risks better in future.
Goals of ISO 45001 Standard
As with the other safety management consensus standards, the goals of ISO 45001 are to provide guidance for the development of a framework where injuries, property damage, and other loss causing incidents can be mitigated. The stated goals of ISO 45001 are:
- Develop an OH&S policy
- Have leadership demonstrate their commitment to safety
- Establish systematic processes for safety management
- Conduct hazard identification efforts
- Create operational safety controls
- Increase awareness and knowledge for employees about safety.
- Evaluate OH&S performance and develop plans to improve continuously
- Establish the necessary competencies
- Create and foster an OH&S culture within the organization
- Ensure employees participate fully and meaningful in the safety process
- Meet all legal and regulatory requirements
At the outset, ISO 45001 explains the founding principle of PLAN, DO, CHECK, ACT (PDCA). This principle is the methodology which guides the various performance aspects of the standard. PDCA is the idea of continual improvement that was made popular by Edward Deming, often considered the father of modern quality control theory, and fosters the standard of detailed actions that provide a platform for continual improvement across the organization. This is a critical concept as it establishes the model for continual, as opposed to continuous, improvement.
This concept of continual improvement is repeated throughout the standard. “Continual improvement” is an umbrella concept that incorporates elements of continuous improvement. The distinction between continual and continuous improvement is a fine, but important one.
Continual Improvement is defined as “recurring activity to enhance performance”. Continual does not mean continuous, so the activity does not need to take place in all areas simultaneously. Continuous Improvement is defined as “on-going and endless without interruption.” By its very nature, business activities often have numerous starts and stops. Business activities are best managed by regular and routine evaluations. Thus the concept of continual improvement is better suited to an organizational environment than the concept of continuous improvement.
Clause 1: Scope
ISO 45001 provides a set of requirements for an OH&S system that will assist an organization to foster an environment that is safe and healthy. The standard is applicable to any organization regardless of size, operations, objectives, and outcomes. It includes the development of an OH&S policy that meets best practices and legal requirements. The scope of ISO 45001 includes:
- Creation of a OH&S policy that reinforces the objectives of the organization while taking into account its internal and external contexts.
- Establishment, implementation, and maintenance of an OH&S management system.
- Continual improvement of OH&S performance.
- Assured conformity to the OH&S policy.
- Demonstration of compliance with this ISO Standard
ISO 45001 does not provide specific criteria for OH&S performance. It does allow for the integration of other similar aspects of health and safety such as wellness, non-occupational health, and wellbeing. The scope does not include ideas of product safety, public safety, environmental protections, and quality. ISO 45001 can be used in part or in total to improve OH&S management systems; however, claims of conformity with ISO 45001 are only acceptable if the standard has been completely adopted without any exclusions.
Clause 3: Terms and Definitions
ISO 45001 contains a large “Terms and Definitions” glossary spanning seven pages which offers key descriptions and terminologies that organizations should consider adopting into their safety lexicon, especially those that are considering or are in ISO 45001 compliance process. Standardization of this language will allow for common understanding of actions, concepts, and outcomes throughout all business units, locations, facilities, and departments of the organization.
Clause 4: Context of the Organization
Clause 4 of ISO 45001 provides a definition of the context of the organization and explains how this context must be used to understand organizational objectives. The context of the organization is the key consideration to be taken when developing and implementing OH&S mission statement, OH&S policy statement, and objectives. Context is defined as the purpose that the organization is attempting to achieve and the external and internal issues that will impact the ability to achieve the intended outcome. The key elements to the context of the organization include:
- Interested parties, in addition to workers (ISO 45001 defines managers, supervisors, and senior leaders as “workers”)
- Needs and expectations of workers and other interested parties
- Legal requirements
- Differences in needs between managerial and non-managerial workers
When developing the OH&S management system, the organization will take into account the internal and external issues, the requirements of workers, and the work that is being performed. The context of the organization must be documented and the documentation must be available.
4.1 Understanding the organization and its context
This clause is found in all ISO management system standards, and it requires the organization to determine all internal and external issues that may be relevant to the achievement of the objectives of the OH&S Management System itself. This includes all elements which are, and may be capable of, affecting these objectives and outcomes in the future. The organization must understand:
- the issues both positive and negative that needs consideration in establishing OH&S
- the opportunity to identify external and internal factors and interested parties that effect intended outcomes of OH&S
- the external context – cultural, social, political, key trends in industry
- the internal context- governance, policies, objectives, culture, trends
4.2 Understanding the needs and expectations of interested parties
The standard now requires the organization to assess who the interested parties are in terms of its OH&S Management System, what their needs and expectations may be, and consequently, if any of these should become compliance obligations. The organization must understand the needs and expectations of
- external interested parties determined by organisation relevant to OH&S.
- managerial and non-managerial workers.
- other interested parties – legal and regulatory authorities, includes workers, customers and clients.
- Applicable legal requirements.
4.3 Determining the scope of the OH&S Management System
The scope and boundaries of the OH&S Management System must now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the OH&S Management System functions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the OH&S Management System and kept critically as “documented information.” While determined the scope the organization must
- Clarify the boundaries of OH&S
- Consider external and internal factors
- Consider the requirements of interested parties
- Consider the work related activities performed
- Ensure the scope should address hazards and potential risk
4.4 OH&S Management System
The standard indicates that an OH&S Management System should be established to achieve the desired outcomes by using interacting processes to deliver continual improvement. The ultimate objective is to improve the organization’s occupational health & safety performance. The Organization must:
- Establish, implement, maintain and continually improve OH&S
- Process needed and interactions – integrate requirements into various business operations e.g. design & development and procurement
Clause 5: Leadership and Worker Participation
The terms “leadership” and “top management” are used interchangeably throughout ISO 45001. The responsibilities of leadership and top management include:
- Take overall responsibility and accountability for worker protection.
- Ensure the OH&S policy relates to the context and is compatible with the strategic direction of the organization.
- Integrate the OH&S management system into the larger business processes.
- Provide resources for the OH&S management system.
- Ensure participation by workers in the OH&S system.
- Communicate the OH&S system and ensure the organization conforms to it.
- Promote the OH&S system to address nonconformities and ensure continual improvement.
- Create a culture that drives the organizational support for the OH&S System
Since top management is responsible for the OH&S system, the elements required to be included in the OH&S management system are detailed within the leadership and worker participation section. The elements include the written commitments for safety; framework for the OH&S system; obligations to meet legal requirements; continual improvement for OH&S performance; establishment of a risk control strategy; and most importantly; worker involvement. The policy must be documented, communicated with workers, reviewed periodically, and available to other parties. Other key considerations for leadership and worker participation include training, communication, worker participation support, employee engagement, and establishment of audit programs.
5.1 Leadership and commitment
This clause reminds the user that the organization and top management retain responsibility for the performance of all internal and external performance factors at all times. It therefore makes perfect sense that the Occupational Health & Safety Policy and objectives are aligned with each other, and with the strategic policies and overall direction of the business, including integration with other business systems,where applicable. Provision must be made for resources to ensure that the OH&S Management System can be operated efficiently, and top management must ensure that the people with responsibility within the OH &S Management System have the correct support, training, and guidance to complete their tasks effectively. Communication is also critical from a leadership perspective, and communication methods and frequencies must be defined and established for both internal and external interested parties. In summary, it is the responsibility of the leadership of the organization to show an enhanced level of leadership, involvement, and co-operation in the operation of the OH&S Management System. The organization must
- Have more focus to demonstrate leadership and commitment
- Take overall responsibility and accountability for protection of workers
- Ensure active participation of workers, worker representation using consultation
- Consider need to establish H&S committees
- Identify and removal of barriers to participation
- Have continual improvement of OH&S
- Be developing, leading and promoting a culture supporting OH&S
5.2 Occupational Health & Safety Policy
Top management has the responsibility to establish the previously mentioned Occupational Health & Safety Policy, which is appropriate for the organization in terms of the size, scope, activities, and ambitions of the organization, and provides a formal framework for setting objectives. Obviously, the policy should include a commitment to eliminate hazards and reduce risks, to prevent workplace injury, and to consult with workers. Meeting compliance and regulatory factors is clearly another key element, and a method of capturing and recording this must be established. Finally, and vitally, the Occupational Health & Safety Policy must provide a commitment to the continual improvement of the OH&S Management System and its results. Critically, the Occupational Health & Safety Policy must be maintained as documented information, be communicated within the organization, and be available to all interested parties, as appropriate. The Organization must have a
- OH&S policy set of principles and overall sense of direction.
- OH&S policy on consultation with workers at all levels and communicated.
- Commitment to provide safe and healthy working conditions.
- Prevention of injury and ill-health.
- Policy appropriate to size and context of organisation.
- Specific nature of it OH&S risk and OH & S opportunities.
- Mechanism for communication of policy
5.3 Organizational Roles, responsibilities and authorities
The standard states that it is the responsibility of top management to ensure that roles, responsibilities, and authorities are delegated and communicated effectively. The responsibility shall also be assigned to ensure that the OH&S Management System meets the terms of the 45001:2018 standard itself, and that the performance of the OH&S Management System can be reported accurately to top management. The Organization must ensure that
- Workers at each level assume responsibility which they have control.
- The relevant roles have been assigned within OH&S.
- Organizational roles, responsibilities and authorities are communicated at all levels within organisation.
- Organizational roles, responsibilities and authorities are maintained as documented information
5.4 Consultation and participation of workers
When it comes to the health & safety of workers,it is vital that these same workers are consulted about the OH&S Management System and participate in implementing the processes necessary to secure a safe workplace. To this end,the organization needs to determine the processes necessary to consult with workers at all levels of the organization in all aspects of development, planning, implementation, performance evaluation,and improvement actions of the OH&S Management System. The Organization must:
- Establish, implement, maintain processes for consultation and participation in developing, planning, evaluation and actions for improvement in OH&S.
- Provide mechanisms, time, training and resources necessary for participation.
- Provide timely access to clear, understandable and relevant information on OH&S.
- Identify and remove obstacles or barriers to participation and minimize those that cannot be removed.
- Have additional emphasis to the participation of non-managerial workers in OH&S.
- Have additional emphasis to the inclusion of non-managerial workers in consultation.
- Provide training at no extra cost to workers and provision of training during working hours.
Clause 6 : Planning
Clause 6 describes the actions necessary to address risk and opportunity. Activity planning must take place within the context of the organization. The planning process must ensure that the OH&S management system is designed to achieve its intended outcomes and continually improve. Worker participation is cited as being a critical component in the planning phase. Additional considerations include operational risk, legal requirements, and other opportunities to improve the OH&S management system. This section outlines the need for hazard identification by the organization for both routine and non-routine activities, emergency situations, people and behavior, work area design, work environment under the control of the organization, and situations not under organizational control. Additional points of assessment include changes to process and operations, past incidents and their causes, and social/economic factors. The major sub-sections in Clause 6 include:
- Hazard Identification
- Assessment of OH&S Risks
- Identification of OH&S Opportunities
- Determination of Legal Requirements
- Planning to Take Action
- Setting of OH&S Objectives
- Planning to Achieve Objectives
The planning phase is a comprehensive part of the ISO 45001 standard, requiring a detailed understanding of operations. By following this section, the organization can create a very deliberate and effective set-up to sustain the OH&S management system and ensure it continually improves.
6.1 Actions to address risks and opportunities
This clause replaced “preventive action” in the previous OHSAS 18001 standard. The current standard states that the organization should establish, implement, and maintain the processes needed to address the requirements of the whole of the planning section itself. When planning the OH&S Management System, considerations need to be made regarding the context of the organization (section 4.1) and the needs and expectations of interested parties (section 4.2), as well as the scope of the OH&S Management System. Risk and opportunity must be considered with respect to these elements, as well as legal and regulatory issues, and the organization’s Occupational Health & Safety hazards themselves. This outcome needs to ensure that the OH&S Management System can meet its intended outcomes and objectives, that any external factors that may affect performance are avoided, and that continual improvement can be achieved.
In terms of emergency situations, the organization is required to determine any situations that may occur and have a resulting occupational health & safety risk.Again, it is vital that documented information is retained concerning the risks and opportunities considered and addressed in the planning phase in order to satisfy the terms of the clause. While planning for actions to address risks and opportunities, the organization must
- take into consideration the Organizational Context (4.1), needs and expectations of Interested parties (4.2) and Organizational Scope (4.3)
- Prevent or reduce undesired effects.
- Achieve its intended outcome.
- make assessment of risk and opportunities arising out of changes in Organization.(whether planned or unplanned).
- Maintain documented information – risks, opportunities and processes needed to have confidence in risk management.
6.1.2 Hazard identification and assessment of risks and opportunities
ISO 45001:2018 asks organizations to consider, in a proactive manner,all occupational health & safety hazards within the organization’s control. Changes or planned future changes to services also have to be taken into account, as do any abnormal situations that may arise that are reasonable for the organization to predict–for example, if you are about to launch a new product that needs radically new production processes or materials. Again, the organization needs to maintain documented information on this clause and its elements, and communication to the appropriate levels with effective frequency needs to be planned and undertaken. In terms of documented information, if you ensure that all actual and associated risks, the criteria you use to define them, and your significant occupational health & safety risks are documented,then you will satisfy the terms of this clause.
It has following Sub-clauses
184.108.40.206 hazard identification
220.127.116.11 assessment of OH&S risk and other risks to OH&S management system
18.104.22.168 assessment of OH&S opportunities and other opportunities
22.214.171.124 Hazard identification:
While identifying the hazards in proactive manner the organization must consider:
- Past incidents, emerging trends
- Routine & non-routine activities and situations
- Emergency situations
- Human factors
- Other issues – design, situations in the vicinity of workplace, situations not controlled by organisations
- Changes or proposed changes
- Change in knowledge
- How work is organised, social factors, workload, work hours, leadership and culture
126.96.36.199 Assessment of OH&S risk and other risks to OH&S management system
The organization must assess OH&S risks from hazards identified. While Assessing the OH&S risks the Organization must take into account the issues from context 4.1 & needs and expectations of interested parties 4.2. It must define methodology and criteria for Assessing OH&S risks. The Methodologies and criteria must be maintained and retained as documented information
188.8.131.52 assessment of OH&S opportunities and other opportunities
The Organization must identify OH&S Opportunities to enhance OH&S performance. While identifying OH&S opportunities the Organization must take into account:
- Planned changes
- Opportunities to eliminate or reduce risk
- Opportunities to adapt work, work organisation and work environment to workers
- Opportunities for improving OH&S management system
6.1.3 Determination of legal and other requirements
This is a relatively straightforward, but obviously vital part of the ISO 45001:2018 standard. The organization must decide what legal and other requirements are related to its occupational health & safety hazards and how to best access them, decide how they apply to the organization, and take them into consideration when establishing, operating, and delivering continual improvement through the OH&S Management System. Documented evidence needs to be recorded for these obligations, also. The Organization must
- Determine and have access to up to date legal requirements
- Determine how these apply and will be communicated
- Take into account when establishing, implementing
- Maintain and retain documented information
6.1.4 Planning actions
In this clause, the standard states that the organization shall plan to take actions to address its occupational health & safety hazards, risks and opportunities, and compliance obligations, all of which we have discussed above. These also need to be implemented into the organization’s OH&S Management System and associated business processes. The task of evaluating the effectiveness of these actions also must be considered, with technological, financial, and operational considerations all taken into account. In this clause the organization is expected to:
- Address risk and opportunities (184.108.40.206 & 220.127.116.11)
- Address applicable legal requirements (6.1.3)
- Emergency preparedness emergency situation (8.2)
- Integrate actions to other business process(s) – Business Continuity,
- Financial or HR
- Eliminating hazards and reducing OH&S risk (8.1.2)
- Consider the Best practice into the action
6.2 Occupational health & safety objectives and planning to achieve them
6.2.1 Occupational health & safety objectives
The standard advises that occupational health & safety objectives should be established at appropriate levels and intervals, having considered the identified occupational health & safety hazards, risks and opportunities, and compliance obligations. The characteristics of the set objectives are important, too:they need to be consistent with the organization’s Occupational Health & Safety Policy, measurable where possible, able to be monitored, communicated effectively, and be such that they can be updated when circumstances require. Once more, it is mandatory that documented information is kept outlining this process and its outputs.To maintain and improve OH&S management system and OH&S performance, while establishing OH&S objective the Organization must
- Take into account results of assessment of OH&S risk and opportunities and other risks and opportunities.
- Take into account outputs of consultation with workers and workers representative.
- Objectives are measurable or capable of evaluation.
- Objectives are clearly communicated
6.2.2 Planning to achieve occupational health & safety objectives
The standard advises on the elements that need to be determined to ensure that objectives can be achieved. This can be thought of in terms of what needs to be done, when it needs to be done by, what resources are required to achieve it, who is responsible for the objectives being achieved, how results are to be measured and progress ensured, and consideration on how these objectives can be implemented within existing business systems. While Planning to achieve OH&S objectives the organization must consider the following:
- What will be done?
- What resources will be required?
- Who will be responsible?
- When completed?
- How measured through indicators if practicable, monitored and frequency?
- How actions will be integrated into overall business processes?
- Maintain and retain documented information?
Clause 7: Support
Clause 7 of ISO 45001 discusses the resources and support needed to be successful with the OH&S management system. “Support” means that the organization has achieved a level of competence among its workers and systems to successfully drive the outcomes of the OH&S plan. It also discusses the need to establish awareness of the OH&S policy, communicate information about the OH&S management system, outline with whom the information should be shared, manage documentation including tracking of updates, and control information and ensure its accessibility and accuracy. Essentially, the support system provides an overview of how the organization must support the OH&S management system.
Simply put, the standard advises the organization that the resources required to achieve the stated objectives and show continual improvement must be made available. The Organization must determine resources and provide resources needed for OH&S. Resources can include HR, natural resources, infrastructure and technology. Human resources includes – diversity, skills and knowledge.
Employee competence must meet the terms of the ISO 45001:2018 standard by ensuring that the people given responsibility for OH&S Management System tasks are capable and confident. Related to this, it stands to reason that the experience, training, and/or education of the individual must be of the required standard, and that any necessary training is identified and delivered –with measurable actions taken externally or internally to ensure that this level of competence exists. Predictably, this process and its outputs need to be recorded as documented information for the OH&S Management System.The organization must ensure:
- Workers are competent that impact on OH&S performance.
- Competence are appropriate to education, training and experience.
- Criteria for each role are established.
- Workers are evaluated periodically to ensure continued competence for their roles.
- Appropriate documented information as evidence of competence are retained.
Awareness is closely related to competence in the standard. Employees must be made aware of the Occupational Health & Safety Policy and its contents, any current and future impacts that may affect their tasks, what their personal performance means to the OH&S Management System and its objectives, including the positives or improved performance, and what the implications of poor performance may be to the OH&S Management System. Additionally, the standard demands that workers be aware that they can remove themselves from work situations that they consider to be a danger to their life or health. Workers must be:
- Made aware of OH&S policy
- Implication of not conforming with OH&S requirements
- Information and outcomes of investigations of relevant incidents
- OH&S hazards and risk relevant for them
Processes for internal and external communication need to be established and recorded as documented information within the OH&S Management System. The key elements that need to be decided, actioned, and recorded are what needs to be communicated, how it should be done, who needs to receive the communication, and at what intervals it should be done. It should be noted here that any communication outputs should be consistent with related information and content generated by the OH&S Management System for the sake of consistency.
7.4.2 Internal communication
The standard advises the organization that information should be communicated at various levels and with various frequencies as deemed suitable, and that the organization must ensure that the nature and frequency of communication allows continual improvement to result from the communication process itself.
7.4.3 External communication
Once again, the organization is advised by the standard to ensure that communication relevant to the OH&S Management System takes place as per the established process, with the goal of ensuring that compliance obligations and objectives are met.
7.5 Documented information
“Documented information,” which you will have seen mentioned several times during this guide, refers to the documents and records that are necessary for the OH&S Management System. The requirements are designed to allow each organization to have the ability to shape documented information to their own requirements in general, with the exception of the mandatory components mentioned specifically in the standard and, therefore, this guide. The ISO 45001:2018 standard advises us that the OH&S Management System should include all documented information that it declares mandatory, and anything viewed as critical to the OH&S Management System and its operation. It should also be noted that the amount of documented information that an organization requires would differ according to the size, operating sector, and complexity of compliance obligations faced by the business.
7.5.2 Creating and updating
The standard advises that documentation created by the OH&S Management System needs to include appropriate identification, description,and format so that it is can be easily understood what the documented information is for. There is also a need to review and approve the documented information for suitability and accuracy before release.
7.5.3 Control of documented information
The standard advises that documentation created by the OH&S Management System should be available and fit for purpose where and when needed, reasonably protected against damage or loss of integrity and identity, and that the processes of distribution, retention, access, retrieval, preservation and storage, control and disposition are adequately provided for. It should be noted that documented information from external sources should be similarly controlled and handled, and that viewing and editing access levels should be carefully considered and controlled.
Clause where there are reference to documented information are
4.3, 5.2, 5.3, 6.1.1, 18.104.22.168,6.1.3, 6.2.2, 7.2, 7.4, 7.5.1. 7.5.3, 8.1.1., 8.2, 9.1.1, 9.1.2, 9.2.2, 9.3, 10.1 & 10.2
Clause 8: Operation
Clause 8 forms the heart of the ISO 45001 standard and addresses the program content necessary to have a successful OH&S management system that meets the intent of the standard. The specific topics discussed in this section include:
- General provisions: such as the means for creating and managing documentation.
- Hierarchy of controls: to utilize the most effective means of risk reduction within the organization.
- Management of change: to ensure that when planned changes occur they are managed to control risk.
- Outsourcing: to make certain risk controls are adequate for all outsourced processes.
- Procurement: to validate all incoming materials and services conform to the system requirements.
- Contractors: to communicate and control internal risks to third parties and evaluate risks they may introduce into the workplace.
- Emergency preparedness and response: to identify potential emergency risks and develop specific and customized plans with key stakeholders to minimize these risks
8.1 Operational control and planning
While the standard acknowledges that operational control will greatly depend on the size, nature, compliance obligations, and occupational health & safety hazards of an organization, the scope is given to the individual organization to plan and ensure the desired results are achieved. The methods suggested by the standard are that processes should be designed in such a way that consistency is guaranteed and error eliminated, technology is used to improve control, and it is ensured that personnel are trained and competent. Processes should be performed in an agreed and prescribed manner; those processes should be measurable, and the documented information should match the requirements to ensure operational control. An essential part of operational control lies in eliminating hazards and reducing OH&S risks. This can be carried out through a hierarchy of controls,from elimination of the hazard to the use of personal protective equipment. Change in the OH&S Management System also needs to be managed in order to maintain the integrity of the OH&S performance. Procurement, including contractors and outsourcing of functions and processes, must also be considered and controlled. Appropriate measures must be taken to define and control the competency of outsourced service suppliers, including their effect on the OH&S Management System processes.As ever, opportunities for improvement must always be considered and identified.
The standard also recognizes that the degree of control the organization has over an outsourced product or service can vary from absolute, if taking place onsite, to very little, if the activity takes place remotely. However, it is suggested that there are factors that,nonetheless,should be considered. As expected, compliance obligations should be considered and controlled, all direct and associated occupational health & safety risks should be evaluated and controlled, as should risks and opportunities associated with the provision of the service itself.
During Operation planning and Control the organization must
- Establishing criteria for processes
- Implementing control defined in criteria
- Keeping documented information as absence of documented information could lead to deviations
- Adapting work to workers including induction of new workers
8.1.2 Eliminating hazards and reducing OH&S risks
The Organization must establish a process and determine controls for achieving reduction in OH&S risks using the following hierarchy of Controls;
- Engineering controls
- Administrative controls
- Provide and ensure safe use of PPE
Provision of PPE should be at no extra cost to workers
8.1.3 Management of Change
The Organization must establish a process for the implementation and control of planned changes. Changes may include:
- Work processes
- Knowledge and information about hazards and related OH&S risk
- Developments in knowledge and technology
Changes must be control to mitigate against adverse impact on OH&S
The organization must establish process to control procurement of products and services to ensure conformity with its OH&S Management System
- The organization must establish a process to co-ordinate with contractors for hazard identification and access controls to OH&S risks from contractor activities
- The requirements of OH&S management system must be met by contractors and their workers
- The organization must establish the OH&S criteria for selection of contractors
The organization must ensure outsourced functions and process are controlled. The Outsourced arrangements must be consistent with legal requirements. It should be integral to the organisation’s ability to operate. There must be controls to achieve intended outcome of OH&S management system
8.2 Emergency preparedness and response
Emergency preparedness and response is a key element in the mitigation of occupational health & safety risk. The standard informs us that it is the responsibility of the organization to be prepared, and a number of elements should be considered and planned for. Actions to mitigate incidents must be developed, as well as internal and external communication methods and appropriate methods for emergency response. Consideration of varying types of occupational health & safety incidents needs to be made, as do root cause analysis and corrective action procedures to respond to incidents after they occur. Regular emergency response testing and relevant training need to be considered and undertaken, and assembly routes and evacuation procedures defined and communicated. Lists of key personnel and emergency agencies (think clean-up agencies, local emergency services, and local occupational health & safety offices or agencies) should be established and made available, and it is often good practice to form partnerships with similar neighboring organizations with whom you can share mutual services and provide help in the event of an occupational health & safety incident. To establish Emergency preparedness and response process the organization must
- Identify potential emergency situations
- Assess OH&S risks associated with these
- Establish Preventative controls
- Plan response to emergency situations including provision of first aid
- Conduct periodic testing and exercise of emergency response capabilities
- Evaluate and revise plans
- Communicate information relevant to their duties
- Conduct Training
- Identity Needs and capabilities of interested parties
- Maintain and retain documented information
Clause 9: Performance Evaluation
Performance Evaluation provides an in-depth discussion regarding the criteria for evaluating the overall performance of the OH&S management system. The primary themes of this section focus on the means of process evaluation and documentation of evaluations. The importance of documentation (and how records and data are retained), as well as document dissemination, are performance themes both in ISO 45001 in general and in this section in particular.
This section tends to be more specific than some of the others and includes a detailed discussion of documentation requirements, internal audit protocols, and relevancy and applicability of measurements within the organization. The key attributes of this section include:
- Following applicable legal requirements and documentation are followed.
- Measuring operational risks and hazards.
- Evaluating the effectiveness of operational controls.
- Establishing the timeline for conducting the measures.
- Planning for analysis, evaluation, and communication of the results.
- Calibrating and verifying the accuracy of all equipment.
- Retaining documentation of all measures.
- Auditing the OH&S Management System, the OH&S Policy, OH&S Objectives and the 45001 requirements.
- Establishing the frequency of audits and account for significant changes to the organization, performance improvements, risks, and opportunities.
- Ensuring the competency of auditors.
- Communicating findings to management, workers, and worker representatives.
- Taking action to address identified nonconformities.
- Retaining audit results as evidence of the completion of the audit.
- Reviewing audit findings and corrective actions by top management.
- Ascertaining that corrective actions, worker engagement, and opportunities for continual improvement are in place
The most important objectives of the Performance Evaluation section are ensuring the adequacy of the current OH&S management system and measuring that OH&S objectives are met. These are, essentially, the only measures of success.
9.1 Monitoring, measuring, analysis,and evaluation
The organization not only has to measure occupational health & safety progress, but it should also consider its significant hazards, compliance obligations, and operational controls when tackling this clause. The methods established should have considerations to ensure that the monitoring and measuring periods are aligned with the needs of the OH&S Management System for data and results;that the results are accurate, consistent, and can be reproduced;and that the results can be used to identify trends. It should also be noted that the results should be reported to the personnel with the authority and responsibility to initiate action on the basis of the outputs themselves.
9.1.2 Evaluation of compliance
The standard recognizes that evaluation requirements will vary from organization to organization based on factors such as size, compliance obligations, sector worked in, past history and performance, and so on, but suggests that regular evaluation is always required. If the result of a compliance evaluation reveals that a legal requirement is unfulfilled, the organization needs to assess what action is appropriate, possibly up to contacting a regulatory body and agreeing on a course of action for repair.This agreement will now see this obligation become a legal requirement. Where a non-compliance is identified by the OH&S Management System and corrected, it does not automatically become a non-conformity.
9.2 Internal Audit
Internal audits and auditors should be independent and have no conflict of interest over the audit subject, the standard reminds us, and it should be noted that non-conformities should be subject to corrective action. When considering the results of previous audits, the results of previous internal and external audits and any previous non-conformities and resulting actions to repair them should be taken into account.
9.2.2 Internal audit program
The 45001:2018 standard refers us to ISO 19011 for the internal audit program, but when you are establishing your program there are several rules you can subscribe to in order to ensure that your program is effective. Base your internal audit frequency on what is reasonable for your organization in terms of size, sector you operate in, compliance obligations, and risk to the health and safety of workers.Decide what is reasonable for you, whether that is bi-annually, quarterly, or whatever you deem suitable. Keep in mind that this schedule can be changed, preferably through management review and leadership guidance,in the event of changes that necessitate extra internal audit activity.
9.3 Management Review
It should be noted that, contrary to popular belief, the management review does not have to be done all at once; it can be a series of high-level or board meetings with topics tackled individually, although it should be ona strategic and top management level. Complaints from interested parties should be reviewed by top management,with resultant improvement opportunities identified. It should be remembered that the management review generally is the one function that must be carried out accurately and diligently to ensure that the function of the OH&S Management System and all resulting elements can follow suit. It goes without saying that all details and data from the management review must be documented and recorded to ensure that the OH&S Management System can follow the specific requirements and general strategic direction for the organization detailed there.
Clause 10: Improvement
Clause 10, the final major section, delineates the concept of continual improvement within the context of specific activities. Any organization wishing to adopt the principles of ISO 45001 must have a plan for addressing nonconformities in a timely manner. Organizations should take direct action to control conditions and deal with consequences. Nonconformities can be identified from investigations, audits, or other events. The corrective actions should be evaluated and the results should be documented. To achieve continual improvement, the organization shall have an OH&S management system that:
- Prevents the occurrence of incidents and nonconformities.
- Promotes a positive OH&S culture.
- Enhances OH&S performance
Outputs from management reviews, internal audits, and compliance and performance evaluations should all be used to form the basis for improvement actions. Improvement examples could include corrective action, reorganization, innovation, and continual improvement programs.
10.2 Nonconformity and corrective action
Prevention of incidents and elimination of hazards is a key facet of the OH&S Management System, and this is specifically addressed in the definition of organizational context (4.1) and assessing risks and opportunities (6.1).Taking action to correct and control problems when they occur, and then to investigate and take corrective action for the root causes of these problems when it is necessary, are critical to prevent recurrence of process nonconformity. The organization must
- React to incidents in timely manner .
- Take direct action to control and correct.
- Evaluate the root cause
- Determine action
- Review of assessment of OH&S risks prior to taking action
- Communicate documented information to relevant workers
Reporting of incidents without delay can assist in removal of hazard
10.3 Continual improvement
Through all of the actions to improve the overall OH&S Management System,the organization can achieve enhanced OH&S performance and promote a culture that supports worker participation in making the OH&S Management System better. The organization must:
- Enhance OH&S performance
- Promote a positive OH&S culture
- Promoting the participation of workers in implementing actions
- Communicate results
- Retain documented information
Mapping ISO 45001 to OHSAS 18001
|ISO 45001:2018||clause||clause||OHSAS 18001:2007|
|Context of the organization (title only)||4||–||New requirement (see also 4.6h in Management review)|
|Understanding the organization and its context||4.1||–||New requirement (see also 4.6h in Management review)|
|Understanding the needs and expectations of workers and other interested parties||4.2||22.214.171.124||Participation and consultation (in part)(see also 4.6b and c in Management review)|
|Determining the scope of the OH&S management system||4.3||4.1||General requirements (in part)|
|OH&S management system||4.4||4.4.1||Management system General requirements|
|Leadership and worker participation (title only)||5||4.4.3||Communication, participation and consultation (title only)|
|Leadership and commitment||5.1||4.4.1||Resources, roles, responsibility, accountability and authority|
|OH&S Policy||5.2||4.2||OH&S policy|
|Organizational roles, responsibilities andauthorities||5.3||4.4.1||Resources, roles, responsibility, accountability and authority|
|Consultation and participation of workers||5.4||126.96.36.199||Participation and consultation|
|Planning (title only)||6||4.3||Planning (title only)|
|Actions to address risks and opportunities (title only)||6.1||4.1
Hazard identification, risk assessment and determining controls
|Hazard identification and assessment of risks and opportunities (title only)||6.1.2||4.3.1||Hazard identification, risk assessment and determining controls|
|Hazard identification||188.8.131.52||4.3.1||Hazard identification, risk assessment and determining controls|
|Assessment of OH&S risks and other risks to the OH&S management system||184.108.40.206||4.3.1||Hazard identification, risk assessment and determining controls|
|Identification of OH&S opportunities and other opportunities to the OH&S management system||220.127.116.11||–||New Requirement|
|Determination of legal requirements and other requirements||6.1.3||4.3.2||Legal and other requirements|
|Planning action||6.1.4||4.3.6||Operational Control|
|OH&S objectives and planning to achieve them||6.2||4.4.6||Objectives and programme(s)|
|OH&S objectives||6.2.1||4.4.6||Objectives and programme(s)|
|Planning to achieve OH&S objectives||6.2.2||4.4.6||Objectives and programme(s)|
|Support(title only)||7||4.4||Implementation and operation (title only)|
|Resources||7.1||4.4.1||Resources, roles, responsibility, accountability and authority|
|Competence||7.2||4.4.2||Competence, training and awareness|
|Awareness||7.3||4.4.2||Competence, training and awareness|
|Documented information (title only)||7.5||4.4.4
Control of Documents
Control of records
Control of Documents
Control of records
|Creating and Updating||7.5.2||4.4.4
Control of Documents
Control of records
|Control of Documented Information||7.5.3||4.4.4
Control of Documents
Control of records
|Operation (title only)||8||4.4||Implementation and operation (title only)|
|Operational planning and control (title only)||8.1||4.4.6||Operational control|
|Eliminating hazards and reducing OH&S risks||8.1.2||4.3.1
|Hazard identification, risk assessment and determining controls
|Management of change||8.1.3||4.3.1
|Hazard identification, risk assessment and determining controls
|Procurement(title only)||8.1.4||4.4.6||Operational control|
|Hazard identification, risk assessment and determining controls
Participation and consultation
|Legal and other requirements
|Emergency preparedness and response||8.2||4.4.7||Emergency preparedness and response|
|Performance evaluation (title only)||9||4.5||Checking (title only)|
|Monitoring, measurement, analysis and performance evaluation (title only)||9.1||4.5.1||Performance measurement and monitoring|
|General||9.1.1||4.5.1||Performance measurement and monitoring|
|Evaluation of compliance||9.1.2||4.5.2||Evaluation of compliance|
|Internal audit (title only)||9.2||4.5.5||Internal audit|
|Internal audit programme||9.2.3||4.5.5||Internal audit|
|Management review||9.3||4.6||Management review|
|Improvement (title only)||10.0||4.6||Management review|
|Incident, nonconformity and corrective action||10.2||4.5.3
|Incident investigation, nonconformity, corrective action and preventive action (title only)
Nonconformity, corrective action and preventive action
|Legal and other requirements