ISO 45001:2018 GAP ANALYSIS TOOLS

The following check list can be used for both internal audit as well as  a Gap Analysis tools.
Gap analysis

1. In Site

Checklist  OBSERVATIONS
OHS Planning
Do you have a current Occupational Health and Safety plan?
Is a dedicated budget allocated for OHS programs?
Is OHS awareness promoted by ensuring local standards and practices comply with legislative requirements, University procedures and guidelines?
Roles and Responsibilities
Is there a Safety Officer appointed for the unit? Please name
Is there a Health and Safety Representative elected for the designated work group (DWG)? Please name:
Has a First Aid Coordinator been appointed to your unit?Please name:
Has the monitoring of Occupational Health and Safety responsibilities, accountabilities and obligations of managers and supervisors, academics and professional been documented?
Have annual work or development goals been entered into all staff “KPI’s?
Communication and Consultation
Is OHS a standing agenda item at all work area meetings?
Are staff in your area notified of local OHS committee meetings?
Do staff receive requests for agenda items for OHS committee meetings?
Are minutes of OHS meetings made accessible to all staff?
Does your work area follow the OHS procedures for consultation?
Training
Do you have a system to identify OHS training requirements for all staff?
Have all staff with safety roles (including managers and supervisors) undertaken all required OHS training?
Do all staff complete a  OHS induction that has been developed in accordance with the Local Induction procedure?
Do all Contractors and Visitors complete a local OHS induction that has been developed in accordance with the OHS Induction procedure?
Workplace inspections
Are workplace inspections carried out in all of the work areas each year?
Have workplace inspection findings been forwarded to the OH&S unit and added to your corrective actions register?
Wellbeing
Is there someone responsible for coordinating wellbeing programs in your unit?
Does your unit have a wellbeing program/ initiative in place? Please list
Electrical safety
Has electrical equipment been tested and tagged according to OHS requirements?
Machinery or Equipment
Does your unit use machinery/equipment (other than personal computers and office equipment)?
Does your unit have a plant register?
Are electrical high voltage equipment protected by RCD or lock out mechanisms?
Is all machinery adequately equipped with guarding and emergency stop capabilities?
Do certain types of machinery require clearance zones for safe operation?
If you supply machinery/ equipment to other areas  has this been risk managed?
Gas cylinders
Are all gas cylinders controlled by your unit ‘in use’?
Is there a procedure for the storage and handling of gas cylinders?
Are gas cylinders stored according to Muncipal  guidelines?
Chemicals
Does your unit use chemicals, e.g. for work procedures, cleaning, teaching, research, preparation of materials?
Are local procedures in place for unattended chemical reactions?
Does your unit use any scheduled carcinogens?
Is there a procedure for storage and handling of scheduled carcinogens?
Have the appropriate health surveillance measures been identified from a risk assessment?
Do you supply chemical substances to other areas?
Do you supply a Safety Data Sheet (SDS) for the chemical substances you supply?
Are chemicals stored according to Monash University storage limits for dangerous goods?
Do you have a process for labelling stored (including fridges and freezers) and decanted chemicals?
Are the dangerous goods storage cabinets functioning according to the manufacturing standards?
Is there a process for regular testing of safety showers?
Lasers
Has your unit appointed a laser safety officer?
Does your unit have an established system for local training on?
Does your unit have an established system for authorisation of users of lasers?
Does your unit have a system to control access to lasers? (door interlocks, emission indicators)
Does your unit require laser eye exams for students and staff that work with  lasers?
Radiation
Have you notified Occupational Health and Safety of all radioactive sources in use?
Has your unit appointed a radiation safety officer (RSO)? Please name
Are radioactive sources and apparatus registered as required under the Radiation Act?
Does your unit have a purchasing procedure for radioactive substances, sources and apparatus to ensure the appropriate licenses are in place before purchasing?
Does your unit have a system to monitor staff and student exposure to ionising radiation (e.g. personal radiation monitoring badges)?
Does your unit have a system to control access to radioactive sources and X-ray units, e.g. locked cupboards or laboratory, log books, etc.?
Does your unit have established procedures for the disposal of radioactive waste that it generates?
Biologicals and Animals
Have immunisation requirements been identified?

2. Legal & Regulatory Requirements

Checklist for Legal & Regulatory Requirements  OBSERVATIONS
Are they aware of the regulatory requirements the company is subject to?
Have any conditions been set for these regulatory requirements?
What consents are applied to the site? Who keeps these?
Have there been any instances of non-compliance and if so what was the outcome?
Are there any Industry Sector Codes which you should comply with?

3. Noise

Checklist for Noise  OBSERVATIONS
Do you regularly measure the level of noise throughout your organisation?
Is it within acceptable limits?
Do you have a regular monitoring programme?
Are records maintained?

4. Odour

Checklist for Odour  OBSERVATIONS
Do your processes permit the release of odour?
Do you have criteria for acceptability?
What steps are taken if this criterion is exceeded?
Are records maintained?

5. Dust

Checklist for Dust  OBSERVATIONS
Is there a likelihood of dust emissions?
If so how is this contained?

Clause 4: Context of the organization

Clause 4.1 Understanding the organization and its context

Requirements  Objective evidence / Remarks
1) Have you determined external and internal issues that are relevant to your purpose and your strategic direction and that affect your ability to achieve the intended outcomes of your Occupational Health and Safety Management System?
2) How do you monitor and review information about these external and internal issues?
Evidence/Action Required
There are many internal and external issues that affect, or have the potential to affect, the OH&S management system. It is imperative these are identified so that there is clear understanding and appreciation of the operating environment.
Ensure that OH&S-related internal and external factors and conditions have been identified that could affect, or be affected by, your organisation’s activities. Ensure that any significant risks and opportunities been identified. What drives the OH&S culture of your organization?
Using the SWOT and PESTLE analysis templates, undertake an analysis of internal and external issues. This provides clear evidence that a comprehensive process has been carried out to understand the context within which your organization operates. This activity will also help to determine the scope of OH&S management system as required under Clause 4.3 and 9.3b.
Examples of external issues suitable for PESTLE analysis include:
1. Pressure groups and worker unions;
2. Insurers and stakeholder views;
3. Economic conditions;
4. Social expectations and political priorities;
5. Legislation and enforcement;
6. National/international agencies.
Examples of internal issues suitable for SWOT analysis include:
1. Structure, accountabilities, competence, commitment and control;
2. New products, contractual issues, cooperation and communication.

Clause 4.2 Understanding the needs and expectations of interested parties

Requirements  Objective evidence / Remarks
1) Have you determined the following:
a) the interested parties in addition to workers that arerelevant to the Occupational Health and Safety Management System?
b) the needs and expectations of these interested parties that are relevant to the Occupational Health and Safety Management System?
c) which of these needs and expectations are, or could become legal requirements and other requirements?
2) How do you monitor and review information about these interested parties and their relevant needs and expectations?
Evidence/Action Required
Interested parties are stakeholders – any individual or organization that can affect the OH&S management system, or any individual or organization that the management system can affect. In both cases, the effect can be negative as well as positive.
Who might affect or be affected by your activities and what their relevant and significant interests might be? Have you taken their needs into account within the OH&S management system?
1. Needs and expectations of both managerial, and non-managerial workers, and workers representatives (where they exist);
2. Affect OH&S management system or which perceive themselves to be affected by OH&S system (A.4.2);
3. Worker and appropriate workers’ representatives;
4. Legal and regulatory authorities;
5. Parent organizations;
6. Suppliers, co-contractors and subcontractors;
7. Workers’ organizations (trade unions) and employers’ organizations
8. Owners, shareholders, clients, visitors, local community, neighbours, general public;
9. Occupational health and safety organizations; occupational safety and health-care professionals (e.g., doctors, nurses).
The first task in meeting the requirements of this clause is to identify all the stakeholders and interested parties and undertake a comprehensive stakeholder analysis. The Stakeholder Analysis template will also provide useful information that will further underpin the requirements of Clause 4.3, 6.1 and 9.1.2.

Clause 4.3 Determining the scope of the OH & S management system

Requirements  Objective evidence / Remarks
1) Have you determined the boundaries and applicability of the OH&S management system to establish your scope?
2) When determining the scope of the OH&S management system how did you consider:
a) the external and internal issues referred to in 4.1?
b) the requirements of relevant interested parties referred to in 4.2?
c) take into account the planned or performed work related activities?
3) Is the scope available as documented information?
Comments 
The scope and boundaries of the OH&SManagement Systemmust now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the OH&SManagement Systemfunctions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the OH&SManagement Systemand kept critically as “documented information.”

Clause 4.4 OH & S Management System

Requirements  Objective evidence / Remarks
1) Have you implemented and have the system in place to maintain and continually improve your OH&S management system, including the processes needed and their interactions, in accordance with the requirements of ISO 45001?
Comments 
There is now a greater focus on the OH&S processes and the associated documentation. The Process Matrix template provides a useful tool for identifying and addressing the requirements of this clause. It provides useful evidence for demonstrating the processes that underpin OH&S activities.
It is also a useful planning tool in terms of providing input into the requirements of other clauses including those associated with risk, planning, resources, and the monitoring and measuring of outputs of the management system. The process matrix can be a useful artefact to present at audit.

Clause 5: Leadership

Clause 5.1 Leadership and commitment

How is it evident that Top Management is committed to OH & S and shows leadership?

Requirements  Objective evidence / Remarks
1) How does Top Management demonstrate leadership and commitment with respect to the OH&S management system:
a) taking overall responsibility and accountability for the prevention of work related injury and ill health, as well as the provision of safe and healthy workplaces and activities?
b) ensuring that the OH&S policy and related OH&S objectives are established for the OH&S management system and are compatible with the strategic direction of the organization?
c) ensuring the integration of the OH&S management system requirements into the organization’s business processes?
d) ensuring that the resources needed for the OH&S management system are available?
e) communicating the importance of effective OH&S management and of conforming to the OH&S management system requirements?
f) ensuring that the OH&S management system achieves its intended outcomes?
g) directing and supporting workers to contribute to the effectiveness of the OH&S management system?
h) ensuring and promoting continual improvement?
i) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?
j) developing, leading and promoting a culture in the organisation that supports the intended outcomes ofthe OH&S management system?
k) protecting workers from reprisals when reporting incidents, hazards, risks and opportunities?
l) ensuring the organisation establishes and implements a process(es) for consultation and participation of workers?
m) supporting the establishment and functioning of health and safety committee?
Evidence/Action Required
Minor change. Is top management engaged and leading OH&S, rather than delegating to someone further down your organisation. Are workers being involved directly to protect, improve performance, and support the OH&S system.
1. Ensuring that the OHS policy and OHS objectives are established and are compatible with the strategic direction of the organisation;
2. Integrating the OHS management system requirements into the organisation’s business processes;
3. Providing the necessary resources for the OHS management system;
4. Communicating the importance of effective OHS management;
5. Directing and supporting persons to contribute to the effectiveness of the OHS management system;
Assisting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

Clause 5.2 OH & S Policy

Seek objective evidence for top management’s involvement in establishing, implementing and maintaining an environmental policy.

Requirements  Objective evidence / Remarks
1) Have top management established, implemented and maintained a OH&S policy that:
a) includes a commitment to provide safe and healthy working conditions for the prevention of work related injury and ill health and is appropriate to the purpose, size and context of the organisation and to the specific nature of its OH&S risks and opportunities?
b) provides a framework for setting OH&S objectives?
c) includes a commitment to fulfil legal requirements and other requirements?
d) Includes a commitment to eliminate hazards and reduce OH&S risks?
e) includes commitment to continual improvement of the OH&S management system?
f) includes a commitment to consultation and participation of workers, and , where they exist workers representative?
2) Is the OH&S policy
•available as documented information
• communicated within the organisation
• available to interested parties
• relevant and appropriate?
Evidence/Action Required
Enhanced requirements from the 2007 version: more attention to be paid to the communication and participation of workers, across the organization.
Organizations must commit to “satisfy” legal and other requirements and must apply the hierarchy of controls to OH&S risks. The policy must be available as documented information.
Update your safety policy statement to emphasise communication and the participation of workers, across the organization; commit to satisfy legal and other requirements; commit to the hierarchy of controls to OH&S risks.

Clause 5.3 Organizational roles, responsibilities and authorities

Requirements  Objective evidence / Remarks
1) Does top management ensure that the responsibilities and authorities for relevant roles within the OH&S management system are assigned, available as documented information, communicated and understood at all levels within the organization?
Do workers assume responsibility for those aspects of the OH&S management system for which they have control?
Has top management assigned the responsibility and authority for:
a) ensuring that the OH&S management system conforms to the requirements of ISO 45001?
b) reporting on the performance of the OH&S management system to top management?
Evidence/Action Required
Top management can delegate tasks but not responsibility. ISO 45001 requires personal involvement from top management in the OH&S management system. A traditional organization chart is still an excellent tool for illustrating reporting lines, but it is imperative that it is kept up to date, available as documented information, as both hard and soft copies. Auditors frequently use the organization chart as a starting point for an audit because it should clearly illustrate the scope of the OH&S management system.

Clause 5.4 Consultation and participation of workers

Requirements  Objective evidence / Remarks
Has your organisation established, implemented and maintained a processes for consultation and participation of workers at all applicable levels and functions, and where they exist, workers representatives, in the development, performance evaluation and actions for improvement of the OH&S system?
Does the organisation:
a. provide mechanisms, time, training and resources necessary for consultation and participation?
b. provide timely access to clear, understandable and relevant information about the OS&H management system?
c. determine and remove obstacles or barriers to participation and minimise those that cannot be removed?
d. emphasize the consultation of non-managerial workers on the following:
1. determining the needs and expectations of interested parties?
2. establishing the OH&S policy?
3. assigning organisational roles, responsibilities and authorities, as applicable?
4. determining how to fulfil legal and other requirements?
5. establish and plan to achieve OH&S objectives?
6. determining applicable controls for outsourcing, procurement and contractors?
7. determining what needs to be monitored, measured and evaluated?
8. planning, establishing, implementing and maintaining an audit programme?
9. ensuring continual improvement?
e. emphasize participation of non-managerial workers in the following:
1. determining the mechanisms for their consultation and participation?
2. identifying hazards and assessing risks and opportunities?
3. determining actions to eliminate hazards and reduce OH&S risks?
4. determining competence requirements, training needs, training and evaluating training?
5. determining what needs to be communicated and how it is to be done?
6. determining control measures and their effective implementation and use?
Evidence/Action Required
 This clause has been substantially strengthened to capture and promote worker participation, engagement and communications.
Promote the participation of non-managerial roles within the OH&S system requirements, including incident investigations, risk assessments, plus control and monitoring activities including internal auditing.
Demonstrate the participation of non-managerial employees in OH&S management, including incident investigations, risk assessments, control and monitoring activities and internal auditing.

Clause 6: PLANNING

Clause 6.1 Actions to address risks and opportunities

Clause 6.1.1 General

Requirements  Objective evidence / Remarks
When planning for the OH&S management system, have you considered the issues referred to in 4.1 and the requirements referred to in 4.2 and 4.3 and determined the risks and opportunities that need to be addressed to:
a) give assurance that the OH&S management system can achieve its intended outcomes?
b) prevent, or reduce, undesired effects?
c) achieve continual improvement?
When determining the risks and opportunities for the OH&S management system and its intended outcome has the organisation taken into account:
• hazards
• OH&S risks and other risks
• OH&S opportunities and other opportunities
• Legal and other requirements?
Has your organization in its planning process determined and assessed the risks and opportunities relevant to the intended outcomes of the OH&S system associated with planned changes permanent or temporary before the change is implemented?
Does your organization maintain documented information on:
• risks and opportunities?
• the process and actions needed to determine and address its risks and opportunities to the extent necessary to have confidence that they are carried out as planned?
Evidence/Action Required
Ensure that the risks and opportunities from 4.1 are documented and that actions have been defined to take advantage of opportunities and mitigate the risks associated with the OH&S management system? Demonstrate that these actions have been effective. This information must be available as documented information.

Clause 6.1.2 Hazard identification and assessment of risks and opportunities.

6.1.2.1 Hazard identification

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained a process(s) for hazard identification that is ongoing and proactive? Do the processes take into account, but not be limited to:
a) how work is organised, social factors(including workload, work hours, victimization, harassment and bullying) leadership and the culture of the organisation?
b) routine and non-routine activities and situations, including hazards arising from:
1. infrastructure, equipment, materials, substances and the physical conditions of the workplace?
2. product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance and disposal?
3. human factors?
4. how work is performed?
c) past relevant incidents, internal or external to the organisation, including emergencies, and there causes?
d) potential emergency situations?
e) people, including consideration off:
1. those with access to the workplace and their activities, including workers, contractors, visitors and other persons?
2. those in the vicinity of the workplace who can be affected by the activities of the organisation?
3. workers at a location not under the direct control of the organisation?
f) other issues, including consideration of:
1. the design of work areas, processes, installations, machinery/equipment, operating procedures and work organisation, including their adaptation to
the needs and capabilities of the workers involved?
2. situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organisation?
3. Situations not controlled by the organisation and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace?
g) actual or proposed changes in organisation, operations, processes, activities and the OH&S management system?
Evidence/Action Required
 Ensure your organization’s hazard identification process considers:
1. Routine and non-routine activities and situations;
2. Human factors;
3. New or changed hazards;
4. Potential emergency situations;
5. People;
6. Changes in knowledge of, and information about, hazards.
In 6.1.1, there is a new requirement to identify opportunities, as well as:
1. Consideration of workers at a location not under the direct control of the organization;
2. Consideration of those in the vicinity of the workplace who can be affected by the activities of the organization;
Other issues including situations not controlled by the organization and occurring in the vicinity of the workplace that can cause ‘work-related’ injury or ill health.

Clause 6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system

Requirements  Objective evidence / Remarks
Has the organisation established implemented and maintained a process to:
a) assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls?
b) determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system?
Has the organisation’s methodologies and criteria for the assessment of OH&S risks been defined with respect to the scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way?
Does the organisation maintain and retain documented information on the methodologies and criteria?
Evidence/Action Required
Processes for the assessment of risk to the OH&S management system must be available as documented information and must consider day-to-day operations and decisions (e.g. peaks in work flow, restructuring) as well as external issues (e.g. economic change).
Methodologies can include ongoing consultation of workers affected by day-to-day activities (e.g. changes in work load), monitoring and communication of new legal requirements and other requirements (e.g. regulatory reform, revisions to collective agreements regarding occupational health and safety), and ensuring resources meet existing and changing needs (e.g. training on, or procurement of, new improved equipment or supplies).

Clause 6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system

Requirements  Objective evidence / Remarks
Have the organisation established, implemented and maintained processes to assess:
a) OH&S opportunities to enhance OH&S performance, while taking into account planned changes to the organisation, its policies, its processes and its activities and:
1. opportunities to adapt work, work organisation and work environment to workers?
2. Opportunities to eliminate hazards and reduce OH&S risks?
b) Other opportunities for improving the OH&S system?
Evidence/Action Required
 Legal requirements can result in risks and opportunities to the organization and may arise from mandatory requirements, applicable laws and regulations, voluntary commitments such as organizational and industry standards, contractual relationships, principles of good governance and community and ethical standards. Maintain documented information on legal, and other requirements.The needs and expectations from interested parties only become obligatory requirements for an organization if it chooses to adopt them.

Clause 6.1.3 Compliance obligations

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained processes to:
a) determine and have access to up to date legal requirements and other requirements that are applicable to the hazards, OH&S risks and OH&S management system?
b) determine how these legal requirements and other requirements apply to the organization and what needs to be communicated?
c) take legal and other requirements into account when establishing implementing, maintaining and continually improving its OH&S management system?
Does the organisation maintain and retain information on its legal and other requirements?
How does the organisation ensure its legal requirements are up to date and reflect any changes?
Evidence/Action Required
Legal requirements can result in risks and opportunities to the organization and may arise from mandatory requirements, applicable laws and regulations, voluntary commitments such as organizational and industry standards, contractual relationships, principles of good governance and community and ethical standards. Maintain documented information on legal, and other requirements.
The needs and expectations from interested parties only become obligatory requirements for an organization if it chooses to adopt them.

Clause 6.1.4 Planning action

Requirements  Objective evidence / Remarks
Does the organizations plan include:
a) Actions to address these risks and opportunities, address legal and other requirements and prepare for and respond to emergency situations?
b) How to integrate and implement the actions into its OH&S management system processes or other business processes?
Has the organization taken into account the hierarchy of controls and outputs and outputs from OH&S management system when planning to take action?
Does the organization take into account best practice, technological options and financial, operational and business requirements when planning its actions?
Evidence/Action Required
This is a new element of the standard. The essence is that it be clear how the management system addresses the risks, opportunities, compliance obligations and emergency preparedness and response measures arising from 6.1.2, 6.1.3 and 8.2.
This can take the form of control measures in the implementation section (8), or formulating objectives (including for improvement), as seen in 6.2.

Clause 6.2 Environmental objectives and planning to achieve them

Clause 6.2.1 Environmental objectives

Requirements  Objective evidence / Remarks
Your organization established OH&S objectives at relevant functions, levels that are needed to maintain and continually improve the OH&S management system?
Are the OH&S objectives:
a) consistent with the OH&S policy?
b) measurable or capable of performance evaluation?
c) take into account applicable requirements, the results of the assessment of risks and opportunities and the results of consultation with worker and workers representatives?
d) monitored?
e) communicated?
f) updated as appropriate?
Do you maintain and retain documented information on the OH&S objectives?
Evidence/Action Required
Are objectives compatible with the policy statement, OH&S risks and opportunities, business context and adequately resourced? Objectives and plans to achieve them must be documented.
There should be a record of who is responsible, agreed timings, measures in place to establish progress and whether they have been achieved.

Clause 6.2.2 Planning actions to achieve environmental objectives

Requirements  Objective evidence / Remarks
When planning how to achieve your OH&S objectives, has your organization determined:
a) What will be done?
b) What resources will be required?
c) Who will be responsible?
d) When it will be completed?
e) How the results will be evaluated including indicators for monitoring?
f) How the actions to achieve OH&S objectives will be integrated into the organisations business processes?
Do you maintain and retain documented information on the OH&S plans?
Evidence/Action Required
Objectives must support the policy requirements and have been considered in line with available resources. There should be detail of who is responsible, agreed timings and measures in place to establish progress and whether proposed achievements have been met.
Objectives and plans to achieve them should be maintained and retained as documented information.

Clause 7 Support

Clause 7.1 Resources

Requirements  Objective evidence / Remarks
Has your organization determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the OH&S management system?
Evidence/Action Required
Simply put, the standard advises the organization that the resources required to achieve the stated objectives and show continual improvement must be made available.

Clause 7.2 Competence

Requirements Objective evidence / Remarks
Has your organization:
a) determined the necessary competence of workers that affects the performance and effectiveness of the OH&S management system?
b) ensured that these workers are competent (including the ability to identify hazards)on the basis of appropriate education, training, or experience?
c) where applicable, taken actions to acquire and maintain the necessary competence, and evaluated the effectiveness of the actions taken?
d) retained appropriate documented information as evidence of competence?
Evidence/Action Required
Documented evidence of competence. Documented evidence that the effectiveness of training has been checked.

Clause 7.3 Awareness

Requirements  Objective evidence / Remarks
How does the organization ensure that workers are aware of:
a) the OH&S and objectives policy?
b) their contribution to the effectiveness of the OH&S system including the benefits of improved OH&S performance?
c) the implications of not conforming to the OH&S management system requirements?
d) Incidents and the outcomes of investigations that are relevant to them?
e) Hazards, OH&S risks and actions determined that are relevant to them?
f) the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so?
Evidence/Action Required
Are workers aware of policy requirements, hazards & risks relevant to them and their part in the OH&S performance, including results of relevant incident investigations?

Clause 7.4  COMMUNICATION

Clause 7.4.1 General

Requirements  Objective evidence / Remarks
How have you determined the internal and external communications relevant to the OH&S management system, including:
a) On what it will communicate?
b) when to communicate?
c) with whom to communicate:
1. Internally among the various levels and functions of the organisation?
2. Among contractors and visitors to the workplace?
3. Among other interested parties?
d) how to communicate?
How does the organisation take into account diversity (Gender, language, culture, literacy, disability) aspects when considering communication needs?
How are the views of interested parties considered in establishing communication processes?
In establishing communication processes has legal and other requirements been taken into account and that the information is consistent with other information generated from the system and reliable?
Who responds to relevant communications on its OH&S management system?
In what form is documented information retained as evidence of communications?
Evidence/Action Required
Participation and consultation are diffused through 45001, but this clause adds a requirement to consider what and why needs to be communicated and whether the communication was successful.
In ISO 45001 there must be a process to document what, when, with whom and how communication took place. Communication with contractors is also required based on 8.1.6.
Another new element is that the organization must ensure that the communicated information is reliable and is consistent with the information arising from the OH&S management system and is retained as documented information.

Clause 7.4.2 INTERNAL COMMUNICATION

Requirements  Objective evidence / Remarks
Has the organization ensured that:
a) Internally communicated information is relevant to the OH&S management system among various levels and functions of the organisation. Does it include changes
to the OH&S management system?
b) Workers are able to contribute to continual improvement?
Evidence/Action Required
Internally, organizations have to communicate information relevant to the OH&S management system amongst all levels and functions, including information on any change, as appropriate, and have to establish a mechanism to enable all persons performing work under the organization’s control to contribute to continual improvement.

Clause 7.4.3 EXTERNAL COMMUNICATION

Requirements  Objective evidence / Remarks
Has the company got an external communication process?
How does external communication of OH&S information take into account legal and other requirements?
Evidence/Action Required
Externally, organizations have to communicate as required by their compliance obligations. Additionally, organizations may choose to communicate on other issues, as appropriate.

Clause 7.5 DOCUMENTED INFORMATION

Requirements  Objective evidence / Remarks

7.5.1 GENERAL

Does your organization’s OH&S management system include:
a) documented information required by ISO45001?
b) documented information determined by the organization as being necessary for the effectiveness of the OH&S management system?

 7.5.2 CREATING AND UPDATING

When creating and updating documented information, how does your organization ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number)?
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic)?
c) review and approval for suitability and adequacy?

7.5.3 Control of documented information

1) How do you ensure documented information required by your OH&S management system and by ISO45001 is controlled to ensure:a) it is available and suitable for use, where and when it is needed?b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity)?2) For the control of documented information, how does your organization address the following activities, as applicable:a) distribution, access, retrieval and use? b) storage and preservation, including preservation of legibility?c) control of changes (e.g. version control)?d) retention and disposition? How do you ensure documented information of external origin is identified and controlled?
Evidence/Action Required
Documented information replaces the idea of documents and records, but no significant change is needed. The new standard refers to documented information being held in different file formats and can be whatever suits the organisation and the task at hand, e.g. electronic spreadsheets, notes on smart phones, photographs, traditional log books or work instructions, online instruction videos. For many organisations, a mix of different types of documented information work well.

Clause 8. Operation

Clause 8.1 Operational planning and control.

Clause 8.1.1 General

Requirements  Objective evidence / Remarks
Your organization plan, implement and control the processes (see 4.4) needed to meet the requirements of the OH&S management system and to implement the actions determined in Clause 6 by:
a) establishing criteria for the processes?
b) implementing control of the processes in accordance with the criteria?
c) maintaining and keeping documented information to the extent necessary to have confidence that processes are being carried out as planned?
d) adapting to workers?
How does your organization coordinate the relevant parts of OH&S management system with other organisations in multi-employer situations?
How does your organization ensure that outsourced processes are controlled (see 8.4)?
Evidence/Action Required
Have controls for hazards and risk controls been planned and included in operational controls and do these allow for capabilities of the workforce? Are these documented where necessary?Processes needed to meet requirements of the organisation need to be planned, implemented and controlled, as do the actions identified in Clause 6. Requirements relate to the management of change, elimination of hazards and reduction of occupational health and safety risks (hierarchy of control) and the control of procurement.

Clause 8.1.2 Eliminating hazards and reducing OH&S risks

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained processes for the elimination of hazards and reduction of OH&S risks using the following hierarchy of controls:
a) eliminate the hazard?
b) substitute with less hazardous process, operations,
materials or equipment?
c) use engineering controls and reorganisation of work?
d) use administration controls, including training?
e) use adequate personal protective equipment?
Evidence/Action Required
Is the hierarchy of OH&S controls correctly applied? Organization shall establish a process & determine controls for achieving reduction in OH&S risks using following hierarchy:
1. Hazard Elimination: avoiding risks, adapting work to workers, (integrate health safety and ergonomics when planning new work places; create physical separation of traffic between pedestrians and vehicles
2. Substitution: replacing the dangerous by non-dangerous or less dangerous (replacing solvent-based paint with water-based paint)
3. Engineering Controls: Implement collective protective measures (isolation; machine guarding; ventilation; noise reduction etc.)
4. Administrative Controls: Giving appropriate instructions to workers (lock out processes; induction; forklift driving licenses, etc.)
Personal Protective Equipment (PPE): Provide PPE and instructions for PPE utilization/maintenance, i.e. safety shoes, safety glasses, hearing protection, chemical & liquid resistant gloves; electrical protection gloves, etc.)

Clause 8.1.3 Management of change

Requirements  Objective evidence / Remarks
Has the organisation established processes for the implementation and control of planned temporary and
permanent changes that impact performance including:
a) new products, services and processes, or changes to existing products, services and processes, including:
• workplace locations and surroundings?
• working organisation?
• working conditions?
• Equipment?
• work force?
b) changes to legal requirements and other requirements?
c) changes to knowledge or information about hazards and OH&S risks?
d) developments in Knowledge and technology?
Does the organisation review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary?
Evidence/Action Required
When changes to the operation are planned, is the effect on the OH&S management system considered? Documented information needs to be retained relating to planned changes and their potential impact on the OH&S management system.

Clause 8.1.4 Procurement

Clause 8.1.4.1 General

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained processes to control the procurement of products and services in order to ensure their conformity to its OH&S management system?
Evidence/Action Required
OH&S controls are now relevant to the purchase of goods and materials. Establish controls, within your existing procurement process, to ensure that the procurement of goods (for example products, hazardous materials or substances, raw materials, equipment) and services conform to your OH&S management system requirements.
Prior to procuring goods & services, the organization should identify procurement controls that:
1. Identify and evaluate potential OH&S risks associated with products, materials, equipment, service;
2. Requirements for products, materials, equipment, services to conform to OH&S objectives;
3. Need for information, participation and communications
4. Before using verify equipment, installations and materials are adequate before being released for use by workers;
5. Items are delivered to specification and tested to ensure they function as intended;
Usage requirements, precautions or other protective measures are communicated and made available.

Clause 8.1.4.2 Contractors

Requirements  Objective evidence / Remarks
Does the organisation coordinate its procurement processes with its contractors, in order to identify hazards and assess and control the OH&S risks arising from:
a) the contractors’ activities and operations that impact the organisation?
b) the organisation’s activities and operations that impact the contractors workers?
c) the contractors’ activities and operations that impact other interested parties in the workplace?
How does the organisation ensure that the requirements of its OH&S management system are met by contractors and their workers?
Do the organisations procurement processes define and apply occupational health and safety criteria for the selection of contractors?
Evidence/Action Required
Controls and communication requirements with regard to contractor’s worker activities, the host company’s worker activities, and anyone who may be affected by the activity in the workplace.
The establishment of controls and communication requirements with regard to contractor’s worker activities, the host company’s worker activities, and anyone who may be affected by the activity in the workplace.

Clause 8.1.4.3 Outsourcing

Requirements  Objective evidence / Remarks
How does the organisation ensure outsourced functions and processes are controlled?
Does the organisation ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended
outcomes of the OH&S management system?
Has the type and degree of control to be applied to these functions and processes been defined within the OH&S management system?
Evidence/Action Required
The OH&S implications must be controlled as part of the purchasing process. Your organization must ensure that outsourced processes affecting OH&S management system are controlled.
An outsourced process is one that:
1. Is within scope of your OH&S management system;
2. Is integral to your organization’s functioning;
3. Is needed for your OH&S management system to achieve its intended outcome;
4. Liability for conforming to requirements is retained by the organization;
Organization and external provider have a relationship where the process is perceived by interested parties as being carried out by your organization.

Clause 8.2 Emergency preparedness and response.

Requirements  Objective evidence / Remarks
Has the organisation established , implemented and maintained the processes needed to prepare for and respond to potential emergency situations identified in 6.1.2.1 and do they include:
a) establishing a planned response to emergency situations including provision of first aid?
b) providing training for the planned response?
c) periodically testing and exercising the planned response capability?
d) evaluating performance and as necessary, revising the planned response, including after testing and in particular after the occurrence of an emergency situation?
e) communicating and providing relevant information to all workers on their duties and responsibilities?
f) communicating relevant information to contractors, visitors, emergency response services, government authorities, and as appropriate local community?
g) taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response?
Has the organization maintained documented information on the process and on the plans for responding to potential emergency situations?
Evidence/Action Required
The revised standard strengthens and expands on the previous requirements and also includes communications. Ensure that emergency plans take the needs of relevant third parties into account and are tested periodically and are maintained and retained as documented information. Emergency drills should be evaluated, learned from and improved.

Clause 9 Performance evaluation.

Clause 9.1 Monitoring, measurement, analysis and evaluation

Clause 9.1.1 General Clause

Requirements  Objective evidence / Remarks
The organization shall establish, implement and maintain processes for monitoring, measurement analysis and performance evaluation. How does your organization determine:
a) What needs to be monitored and measured:
1. the extent to which legal requirements and other requirements are met?
2. its activities and operations related to identified hazards, risks, and opportunities?
3. progress towards achieving OH&S objective?
4. effectiveness of operational and other controls?
b) the methods for monitoring, measurement, analysis and performance evaluation needed to ensure valid results?
c) the criteria against which the organization will evaluate its OH&S performance?
d) when the monitoring and measuring shall be performed?
e) when the results from monitoring and measurement shall be analyzed and evaluated and communicated?
How does your organization evaluate the performance and the effectiveness of the OH&S management system?
How does the organization ensure that monitoring and measuring equipment is calibrated or verified as applicable, and used and maintained as appropriate?
In what form does your organization retain appropriate documented information as evidence of the monitoring, measurement, analysis and performance evaluation and maintenance, calibration or verification of measuring equipment?
Evidence/Action Required
Demonstrate that there is a process in place. Monitoring, measurement, analysis and evaluation of OH&S metrics must take into account business context, relevant third parties, policy risks, opportunities and objectives. Ensure that performance monitoring and measurement results are retained as documented information.

9.1.2 Evaluation of compliance

Requirements  Objective evidence / Remarks
How does your organization establish implement and maintain processes for evaluating compliance with legal and other requirements?
Does the evaluation include:
a) determining the frequency and method(s) for the evaluation of compliance?
b) evaluate compliance and take action if needed?
c) maintaining knowledge and understanding of its compliance status with legal requirements and other requirements?
d) retaining documented information of the compliance evaluation results?
Evidence/Action Required
he standard recognizes that evaluation requirements will vary from organization to organization based on factors such as size, compliance obligations, sector worked in, past history and performance, and so on, but suggests that regular evaluation is always required. If the result of a compliance evaluation reveals that a legal requirement is unfulfilled, the organization needs to assess what action is appropriate, possibly up to contacting a regulatory body and agreeing on a course of action for repair.This agreement will now see this obligation become a legal requirement. Where a non-compliance is identified by the OH&SManagement Systemand corrected, it does not automatically become a non-conformity.

Clause 9.2 Internal Audit

Requirements  Objective evidence / Remarks

9.2.1 GENERAL

Does your organization conduct internal audits at planned intervals to provide information on whether the OH&S management system:
a) Conforms to:
1. the organization’s own requirements for its OH&S management system, including policy and objectives?
2. the requirements of this International Standard?
b) Is effectively implemented and maintained?

 9.2.2 Internal audit program

Does your organization:
a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting,
which shall take into consideration the importance of the processes concerned, and the results of previous audits?
b) define the audit criteria and scope for each audit?
c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process?
d) ensure that the results of the audits are reported to relevant management; ensure results of internal audits are reported to workers and where they exist, workers representatives, and other relevant interested parties?
e) take action to address nonconformity and continually improve its OH&S audit programme and the audit results?
f) retain documented information as evidence of the implementation of the audit programme and the audit results?
Evidence/Action Required
An internal audit is a systematic method to check organizational processes and requirements, as well as those detailed in the ISO 45001 standard. This will ensure the processes in place are
effective and the procedures are being adhered to. The internal audit programme will aid the organization to achieve the OH&S objectives and targets. It helps:
• Monitor compliance to policy and objectives
• Provide evidence that all necessary checks are carried out
• Ensure all current legislative and other requirements are met
• Assess the effectiveness of risk management
• Worker engagement leading to a positive safety culture
• Identify improvement using ‘fresh eyes’ to review a process
• Aid continual improvement
Internal audits must be conducted by competent staff with a degree of impartiality to the area being audited. A risk-based approach can be applied to areas being audited with an increased focus on higher risk activities. Internal audits must be planned with an expectation of each process being audited in regular intervals. In addition to planned audits, unplanned audits may be conducted in reaction to problematic areas, near miss reports or incident data with focus on accident prevention. It is beneficial to communicate audit results to applicable interested parties including workers and set realistic completion timescales for identified ‘opportunities for improvement’ or ‘nonconformities’. Top Management must be aware of deficiencies within the system to ensure necessary resources can be allocated to mitigate the findings. Audit results will be reviewed as part of the management review process.

Clause 9.3 Management Review

Requirements  Objective evidence / Remarks
ISO 45001 requires “Top management shall review the organization’s OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness”. What format does this review(s) take?
Is your organizations management review planned and carried out taking into consideration:
a) The status of actions from previous management reviews?
b) Changes in external and internal issues that are relevant to the OH&S management system including:
1. Needs and expectations of interested parties?
2. Legal requirements and other requirements?
3. Risks and opportunities?
c) The extent to which OH&S policy and objectives have been met?
d) Information on the OH&S performance, including
1. Incidents nonconformities and corrective actions and continual improvement?
2. Monitoring and measurement results?
3. Results of evaluation of compliance with legal requirements other requirements?
4. Audit results?
5. Consultation and participation of workers?
6. Risks and opportunities?
e) Adequacy of resources for maintaining an effective OH&S system?
f) Relevant communication with interested parties?
g) Opportunities for continual improvement?
Do the outputs of the management review include decisions and actions related to:
•The continuing suitability, adequacy, and effectiveness in achieving the intended outcomes?
•Continual improvement opportunities?
•Any need for changes to the OH&S management system?
•Resource needs?
•Actions needed?
•Opportunities to improve integration of the OH&S system with other business processes?
•Any implications for the strategic direction of the organisation?
How are the relevant outputs from management review communicated to workers and where they exist workers representatives?
In what form does your organization retain documented information as evidence of the results of management reviews?
Evidence/Action Required
It should be noted that, contrary to popular belief, the management review does not have tobe done all at once; it can be a series of high-level or board meetings with topics tackled individually, although it should be ona strategic and top management level. Complaints from interested parties should be reviewed by top management,with resultant improvement opportunities identified. It should be remembered that the management review generally is the one function that must be carried out accurately and diligently to ensure that the function of the OH&SManagement Systemand all resulting elementscan follow suit. It goes without saying that all details and data from the management review must be documented and recorded to ensure that the OH&SManagement Systemcan follow the specific requirements and general strategic direction for the organization detailed there.

Clause 10 Improvement

Clause 10.1 General

Requirements  Objective evidence / Remarks
How do you determine and select opportunities for improvement and implement any necessary actions to achieve intended outcomes of your OH&S management system?
Evidence/Action Required
Outputs from management reviews, internal audits, and compliance and performance evaluationsshould all be used to form the basis for improvement actions. Improvementexamples could include corrective action, reorganization, innovation, and continual improvement programs.

Clause 10.2 Nonconformity and corrective Action

Requirements  Objective evidence / Remarks
When an incident or nonconformity occurs, how does your organization:
a) React in a timely manner to the incident or nonconformity and, as applicable:
1) Take action to control and correct it?
2) Deal with the consequences?
b) Evaluate, with the participation of workers and the involvement of other relevant interested parties, the need for corrective action to eliminate the root cause(s)
of the incident or nonconformity, in order that it does not recur or occur elsewhere, by:
1) investigating the incident or reviewing the nonconformity?
2) determining the causes of the incident or nonconformity?
3) determining if similar incidents have occurred, if nonconformities exist, or if could potentially occur?
c) review existing assessments of OH&S risks and other risks, as appropriate?
d) determine and implement any action needed, including corrective action, in accordance with the hierarchy of controls and the management of change?
e) assess OH&S risks and that relate to new or changed hazards, prior to taking action?
f) review the effectiveness of any action taken, including corrective action?
g) make changes to the OH&S management system, if necessary?
Does your organization take corrective actions appropriate to the effects or potential effects of the incidents or nonconformities encountered?
In what form does your organization retain documented information evidence of:
a) the nature of the incidents or nonconformities and any subsequent actions taken?
b) the results of any action and corrective action including their effectiveness?
How is this information communicated to relevant workers and, where applicable, workers representatives, and other interested parties?
Evidence/Action Required
This clause states the requirements for the occurrence of an incident or non-conformity. The requirements also include action to prevent a similar incidents or non-conformities occurring. This must be achieved via review and analysis to determine what caused it, and any actions to prevent it re-occurring in the future.
This clause requires that appropriate action be taken to address the effects of the problem. This may require a simple correction by an Operative or, in a major event, significant levels of resources.
A risk analysis can help to determine the appropriate actions that need to be taken. Any ongoing risks should be recorded in your risk register and taken into account during future planning activities.
Any non-conformities and subsequent actions to prevent the reoccurrence and the effectiveness of the corrective action(s), should be duly documented and retained.

Clause 10.3 Continual improvement

Requirements  Objective evidence / Remarks
How does your organization continually improve the suitability, adequacy and effectiveness of the OH&S management system?
How does your organization:
a) enhance OH&S performance?
b) promote a culture that supports the OH&S management system?
c) promote the participation of workers in implementing actions for continual improvement of the OH&S management system?
d) communicating the results of continual improvement workers and if appropriate workers representatives?
e) maintain and retain documented information as evidence of continual improvement?
Evidence/Action Required
 Demonstrate that continual improvement is planned, implemented and maintained. The required and actual outcomes of continual improvement should be communicated to employees. This clause aims to ensure progress is being made to improve the effectiveness of the OH&S management system. Overall, it is important that the processes have identified any issues and that they have been documented and are in the process of being rectified.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s