ISO 45001:2018 Clause 6: Planning

Clause 6 describes the actions necessary to address risk and opportunity. Activity planning must take place within the context of the organization. The planning process must ensure that the OH&S management system is designed to achieve its intended outcomes and continually improve. Worker participation is cited as being a critical component in the planning phase. Additional considerations include operational risk, legal requirements, and other opportunities to improve the OH&S management system. This section outlines the need for hazard identification by the organization for both routine and non-routine activities, emergency situations, people and behavior, work area design, work environment under the control of the organization, and situations not under organizational control. Additional points of assessment include changes to process and operations, past incidents and their causes, and social/economic factors. The major sub-sections in Clause 6 include:

  1. Hazard Identification
  2. Assessment of OH&S Risks
  3. Identification of OH&S Opportunities
  4. Determination of Legal Requirements
  5. Planning to Take Action
  6. The setting of OH&S Objectives
  7. Planning to Achieve Objectives

The planning phase is a comprehensive part of the ISO 45001 standard, requiring a detailed understanding of operations. By following this section, the organization can create a very deliberate and effective set-up to sustain the OH&S management system and ensure it continually improves. This is one of the most critical clauses since it is related to the establishment of strategic objectives and guiding principles for the Occupational Health and Safety Management System as a whole. The OH&S objectives, which can be integrated with other business functions, are the expression of the intent of the organization to treat the risks identified. When determining the risks and opportunities that need to be addressed, the organization shall take into account:

  • OH&S hazards and their associated risks, and opportunities for improvement;
  • Applicable legal requirements and other requirements;
  • Risks and opportunities related to the operation of the OH&S Management System that can affect the achievement of the intended outcomes.

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 General

When planning for the OH&S management system, the organization must consider the relevant internal and external issues(4.1),  the needs and expectations of workers and other interested parties (4.2) and the scope of its OH&S management system(4.3) and determine the risks and opportunities. The organization must give assurance that the OH&S management system can achieve its intended outcomes, prevent, or reduce, undesired effects and achieve continual improvement. When determining the risks and opportunities to the OH&S management system and its intended outcomes that need to be addressed, the organization shall take into account its hazards; OH&S risks, and other risks; OH&S opportunities and other opportunities; legal requirements and other requirements. The organization, in its planning process, must determine and assess the risks and opportunities that are relevant to the intended outcomes of the OH&S management system associated with changes in the organization, its processes or the OH&S management system. In the case of planned changes, permanent or temporary, this assessment must be undertaken before the change is implemented. The organization must record its risks and opportunities; the processes and actions needed to determine and address its risks and opportunities to the extent necessary to have confidence that they are carried out as planned.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

Planning is not a single event but an ongoing process, anticipating changing circumstances and continually determining risks and opportunities, both for the workers and for the OH&S management system.
Undesired effects can include work-related injury and ill health, noncompliance with legal requirements and other requirements, or damage to reputation.
Planning considers the relationships and interactions between the activities and requirements for the management system as a whole.
OH&S opportunities address the identification of hazards, how they are communicated, and the analysis and mitigation of known hazards. Other opportunities address system improvement strategies.

Examples of other opportunities to improve OH&S performance:

a) inspection and auditing functions;
b) job hazard analysis (job safety analysis) and task-related assessments;
c) improving OH&S performance by alleviating monotonous work or work at a potentially hazardous pre-determined work rate;
d) permit to work and other recognition and control methods;
e) incident or nonconformity investigations and corrective actions;
f) ergonomic and other injury prevention-related assessments.

Examples of other opportunities to improve OH&S performance:

  • integrating occupational health and safety requirements at the earliest stage in the life cycle of facilities, equipment or process planning for facilities relocation, process re-design or replacement of machinery and plant.
  • integrating occupational health and safety requirements at the earliest stage of planning for facilities relocation, process re-design or replacement of machinery and plant.
  • using new technologies to improve OH&S performance.
  • improving the occupational health and safety culture, such as by extending competence related to occupational health and safety beyond requirements or encouraging workers to report incidents in a timely manner.
  • improving the visibility of top management’s support for the OH&S management system.
  • enhancing the incident investigation process(es).
  • improving the process(es) for worker consultation and participation.
  • benchmarking, including consideration of both the organization’s own past performance and that of other organizations.
  • collaborating in forums that focus on topics dealing with occupational health and safety.

This clause replaced “preventive action” in the previous OHSAS18001standard. The current standard states that the organization should establish, implement, and maintain the processes needed to address the requirements of the whole of the planning section itself. When planning the OH&SManagement System, considerations need to be made regarding the context of the organization (section 4.1) and the needs and expectations of interested parties (section 4.2), as well as the scope of the OH&SManagement System.
Risk and opportunity must be considered with respect to these elements, as well as legal and regulatory issues, and the organization’s Occupational Health & Safetyhazardsthemselves. This outcome needs to ensure that the OH&SManagement System can meet its intended outcomes and objectives, that any external factors that may affect performance are avoided, and that continual improvement can be achieved.
In terms of emergency situations, the organization is required to determine any situations that may occur and have resulted in occupational health & safety risks. Again, it is vital that documented information is retained concerning the risks and opportunities considered and addressed in the planning phase in order to satisfy the terms of the clause. Planning is an integral part of all elements of an OH&S management system. Effective planning is concerned with prevention by identifying, eliminating and controlling hazards and risks. This is particularly important when dealing with health risks, which might only become apparent after a long gestation period. Planning should be a collaborative effort involving personnel throughout the organization. This co-operation is eminently suitable for demonstrating and gaining commitment to continual improvement and promoting a positive health and safety culture throughout the organization. Planning for the OH&S management system is an ongoing process and is undertaken in order:

  • To determine the risks that can affect the OH&S performance of the organization;
  • To manage these risks;
  • To identify opportunities to improve OH&S performance and the OH&S management system.

When planning for the OH&S management system, the organization should take into account the following:

  • The organization and its context;
  • The needs and expectations of workers and other interested parties;
  • The scope of the OH&S management system.

Planning should be proportionate to the level of risk identified. While the organization should consider all potential risks to its OH&S performance it should focus on those hazards which are most likely to occur and/or have the greatest impact. The company should concentrate on those opportunities that can realistically be acted upon, with priority given to those that are most likely to improve performance. Examples of opportunities to improve OH&S performance include the following:

  • Identification of hazards, how they are communicated, analyzed and controlled;
  • Enhancing the inspection and auditing functions;
  • Introduction of job safety analysis and task-related assessments;
  • Modification of working processes including the alleviation of monotonous and repetitive work;
  • Implementation of permit-to-work processes;
  • Incident or nonconformity investigations and corrective actions;
  • Implementation of ergonomic and other injury prevention-related assessments;
  • Integration of occupational health and safety considerations at the earliest stage in the design life cycle of plant and equipment;
  • Integration of occupational health and safety considerations at the earliest stage in planning for facilities relocation, and/or process redesign;
  • Introduction of new technology;
  • Improvement of the occupational health and safety culture of the organization;
  • Enhancing the visibility of top management’s support for the OH&S management system;
  • Enhancing the incident investigation process;
  • Improving worker consultation and participation;
  • Benchmarking of the organization’s OH&S performance against that of other organizations;
  • Collaborating in forums that review issues relating to occupational health and safety.

The organization must maintain documented information on:

  • Risks and opportunities;
  • The process and actions needed to determine and address its risks and opportunities to the extent necessary to have confidence that they are carried out as planned.

6.1.2 Hazard identification and assessment of risks and opportunities

6.1.2.1 Hazard identification

The organization should establish, implement and maintain processes for hazard identification that is ongoing and proactive. The organization must take into account how work is organized, social factors including workload, work hours, victimization, harassment, and bullying, leadership and the culture in the organization. The routine and non-routine activities and situations, including hazards arising from infrastructure, equipment, materials, substances and the physical conditions of the workplace; product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance, and disposal; human factors; how the work is performed. The organization must consider past relevant incidents, internal or external to the organization, including emergencies, and their causes. They must also consider potential emergency situations. It must also include those people :

  1. with access to the workplace and their activities, including workers, contractors, visitors, and other persons;
  2. in the vicinity of the workplace who can be affected by the activities of the organization;
  3. workers at a location not under the direct control of the organization;

Other issues including the design of work areas, processes, installations, machinery/equipment, operating procedures and work organization, including their adaptation to the needs and capabilities of the workers involved. The situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organization. The situations not controlled by the organization and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace. It must include actual or proposed changes in organization, operations, processes, activities, and OH&S management system; It must also include changes in knowledge of, and information about, hazards.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The ongoing proactive identification of hazard begins at the conceptual design stage of any new workplace, facility, product or organization. It should continue as the design is detailed and then comes into operation, as well as being ongoing during its full life cycle to reflect current, changing and future activities.
While this document does not address product safety (i.e. safety to end-users of products), hazards to workers occurring during manufacture, construction, assembly or testing of products should be considered.
Hazard identification helps the organization recognize and understand the hazards in the workplace and to workers, in order to assess, prioritize and eliminate hazards or reduce OH&S risks.
Hazards can be physical, chemical, biological, psychosocial, mechanical, electrical or based on movement and energy.
The list of hazards given in 6.1.2.1 is not exhaustive.
NOTE The numbering of the following list items a) to f) does not correspond exactly to the numbering of the list items given in 6.1.2.1.
The organization’s hazard identification process(es) should consider:
a) routine and non-routine activities and situations:

  1. routine activities and situations create hazards through day-to-day operations and normal work activities;
  2. non-routine activities and situations are occasional or unplanned;
  3. short-term or long-term activities can create different hazards;

b) human factors:

  1. relate to human capabilities, limitations and other characteristics;
  2. information should be applied to tools, machines, systems, activities, and environment for safe, comfortable human use;
  3. should address three aspects: the activity, the worker and the organization, and how these interact with an impact on occupational health and safety;

c) new or changed hazards:

  1. can arise when work processes are deteriorated, modified, adapted or evolved as a result of familiarity or changing circumstances;
  2. understanding how work is actually performed (e.g. observing and discussing hazards with workers) can identify if OH&S risks are increased or reduced;

d) potential emergency situations:

  1. unplanned or unscheduled situations that require an immediate response (e.g. a machine catching fire in the workplace, or a natural disaster in the vicinity of the workplace or at another location where workers are performing work-related activities);
  2. include situations such as civil unrest at a location at which workers are performing work-related activities which requires their urgent evacuation;

e) people:

  1. those in the vicinity of the workplace who could be affected by the activities of the organization (e.g. passers-by, contractors or immediate neighbors);
  2. workers at a location not under the direct control of the organization, such as mobile workers or workers who travel to perform work-related activities at another location (e.g. postal workers, bus drivers, service personnel traveling to and working at a customer’s site);
  3. home-based workers, or those who work alone;

f) changes in knowledge of, and information about, hazards:

  1. sources of knowledge, information and new understanding about hazards can include published literature, research and development, feedback from workers, and review of the organization’s own operational experience;
  2. these sources can provide new information about the hazards and OH&S risks.

ISO 45001:2018 asks organizations to consider, in a proactive manner, all occupational health & safety hazards within the organization’s control. Changes or planned future changes to services also have to be taken into account, as do any abnormal situations that may arise that are reasonable for the organization to predict–for example, if you are about to launch a new product that needs radically new production processes or materials. Again, the organization needs to maintain documented information on this clause and its elements, and communication to the appropriate levels with effective frequency needs to be planned and undertaken. In terms of documented information, if you ensure that all actual and associated risks, the criteria you use to define them, and your significant occupational health & safety risks are documented, then you will satisfy the terms of this clause. The overall purpose of the risk assessment process is to evaluate the hazards that arise or might arise in the course of the organization’s activities, and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled to eliminate hazards or reduce risks to acceptable levels.

Hazards have the potential to cause injury or ill health. They need to be identified before the risks associated with these hazards can be assessed and, if no controls exist or existing controls are inadequate, effective controls should be implemented according to the hierarchy of controls. Hazard identification should aim to determine proactively all sources, situations or acts (or a combination of these), arising from an organization’s activities, with a potential for harm in terms of injury or ill health. Examples include:

  • Sources (e.g. moving machinery, radiation or energy sources);
  • Situations (e.g. working in confined spaces, working at height);
  • Acts (e.g. manual handling, wearing PPE).

Hazard identification should consider the different types of hazards in the workplace, including:

  • Physical (e.g. slips, trips, and falls, entanglement, noise, vibration, harmful energy sources);
  • Chemical (e.g. inhalation, contact with or ingestion of chemicals);
  • Biological (e.g. contact with allergens or pathogens such as bacteria or viruses);
  • Psychosocial (e.g. threat of physical violence, bullying or intimidation);

The organization’s hazard identification process should take account of the following:

  • Routine and non-routine activities such as plant cleaning and maintenance, extreme weather conditions, refurbishment, and plant start-ups/shut-downs;
  • Activities of all persons having access to the workplace including contractors, visitors, and home-based workers;
  • Human behavior, capabilities and other human factors;
  • Identified hazards originating outside the workplace capable of adversely affecting the health and safety of a person under the control of the organization within the workplace;
  • Hazards created in the vicinity of the workplace by work-related activities under the control of the organization;
  • Infrastructure, equipment, and materials at the workplace, whether provided by the organization or others;
  • Changes or proposed changes in the organization or its activities;
  • Modifications to the OH&S management system, including temporary changes, and their impact on operations, processes, and activities;
  • Any applicable legal obligations relating to risk assessment and the implementation of necessary controls;
  • The design of work areas, processes, installations, machinery/equipment, operating procedures and work organization, including their adaptation to human capabilities;
  • Potential emergency situations;
  • Changes in knowledge of, and information about, hazards;
  • New or changed hazards.

Examples of items for inclusion in a hazard identification checklist:

1 Physical hazards

  • Slippery or uneven ground
  • Working at height
  • Objects falling from the height
  • Inadequate space to work
  • Poor ergonomics (e.g. workplace design that does not take account of human factors)
  • Manual handling
  • Repetitive work
  • Trappings, entanglement, burns and other hazards arising from the equipment
  • Transport hazards, either on the road or on-premises/sites, while traveling or as a pedestrian (linked to the speed and external features of vehicles and the road environment)
  • Fire and explosion (linked to the amount and nature of flammable material)
  • Harmful energy sources such as electricity, radiation, noise or vibration (linked to the amount of energy involved)
  • Stored energy, which can be released quickly and cause physical harm to the body (linked to the amount of energy)
  • Frequently repeated tasks, which can lead to upper limb disorders (linked to the duration of the tasks)
  • Unsuitable thermal environment, which can lead to hypothermia or heat stress
  • Violence to staff, leading to physical harm (linked to the nature of the perpetrators)
  • Ionizing radiation (from x- or gamma-ray machines or radioactive substances)
  • Non-ionizing radiation (e.g. light, magnetic, radio-waves)

2 Chemical hazards
Substances hazardous to health or safety due to:

  • Inhalation of vapors, gases, or particles
  • Contact with or being absorbed through, the body
  • Ingestion
  • The storage, incompatibility, or degradation of materials

3 Biological hazards

Biological agents, allergens, or pathogens (such as bacteria or viruses), that might be:

  • Inhaled
  • Transmitted via contact, including by bodily fluids (e.g. needle stick injuries), insect bites, etc.
  • Ingested (e.g. via contaminated food products)

4 Psychosocial hazards

Situations that can lead to negative psychosocial (including psychological) conditions, such as stress (including post-traumatic stress, anxiety, fatigue, depression, e.g.:

  • Excessive workload
  • Lack of communication or management control
  • Workplace physical environment
  • Physical violence
  • Bullying or intimidation

Psychosocial hazard can arise from issues external to the workplace and can impact the OH&S of  Individuals or their colleagues.

Typical operation controls could include:

  • Clarifying health and safety responsibilities and ensuring that the activities of everyone are well coordinated
  • Ensuring everyone with responsibilities understands clearly what they have to do to discharge their responsibilities and ensure they have the time and resources to discharge them effectively
  • Setting standards to judge the performance of those with responsibilities and ensure they meet them. It is important to reward good performance as well as to take action to improve poor performance
  • Ensuring adequate and appropriate supervision, particularly for those who are learning and who are new to a job
    •  Elimination (modify a design, etc.)
    • Substitution (use a less hazardous material or reduce system energy, etc.)
    • Engineering controls (ventilation systems, interlocks, etc.)
    • Administrative controls, signage, warnings (safety signs, alarms, inspections, work permits, etc.)
    • Personal Protective Equipment (PPE) (safety glasses, harnesses, respirators, gloves, etc.
  • Take account:
    • use of a hierarchy:
    • Combination of controls
    • Adapt work to an individual
    • Using measures that protect everyone, in preference to PPE
    • Typical basic types of human behavior (lapses etc.)
    • Planned maintenance
    • Lack of familiarity
  • Examples of areas in which OH&S risks typically arise, and examples of their associated control measures, include (general control measures):
    • Regular maintenance and repair of facilities, machinery.
    • Equipment to prevent unsafe conditions from developing
    • Housekeeping and maintenance of clear walkways
    • Traffic management (e.g. the management of the separation of vehicle and pedestrian movements)
    • Provision and maintenance of workstations
    • Maintenance of the thermal environment (temperature, air quality)
    • Maintenance of the ventilation systems and electrical safety systems
    • maintenance of emergency plans
    • Policy related to travel, bullying, sexual harassment, drug, and alcohol abuse, etc.
    • Training and awareness programmes relating to the use of particular controls (e.g. permit-to-work systems)
    • Access controls
  • Occupational health:
    • Health surveillance
    • Pre-employment medical screening
    • Post-employment medicals
    • Worker support
    • Absence monitoring
    • Health promotion

EXAMPLE OF HAZARDS/RISKS ANALYSIS REGISTER

Process / Activity Hazard Likely Hazardous Incidence/ Situation Risk Involved Current Risk Control System Risk  Level High, Medium, Lower Is Risk Tolerable If No, Proposed Risk Control System
Lifting by overhead crane manually Electricity Expose to fire Fire Hazards Fire extinguishers, Electricity tripping systems, High No Fire Alarm system
Electricity Expose to live current Electric shock Coated electric cables provided, Covering for connections High No First Aid training, Electric tripping system
Break failure of the crane Falling of materials on the body Injury to body No Control High No Effective Preventive Maintenance, Helmel, Training to the operator on capacity and maintenance, Crane  Alarm System
Breaking of hook Falling of materials on the body Injury to body No Control High No Effective Preventive Maintenance, Helmel, Training to the operator on capacity and maintenance, Crane  Alarm System
Falling of jobs due to overfilling of the tote box Falling of materials on the body Injury to body No Control High No Effective Preventive Maintenance, Helmel, Training to the operator on capacity and maintenance, Crane  Alarm System
Failure of the structure of the beam Falling of structure on the body Injury to body/Death Testing of cranes by a third-party inspector High No Effective Preventive Maintenance, Helmet, Crane  Alarm System
Breaking of  lifting chain/Slipping of the chain due to improper clamping Falling of materials on the body Injury to body No Control High No Replacement of chain by Continuous chain, Effective Preventive Maintenance, training to Operator, Crane Alarm System

6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system

The organization shall establish, implement and maintain a process to assess OH&S risks from the identified hazards while taking into account the effectiveness of existing controls. The organization must determine and assess the other risks related to the establishment, implementation, operation, and maintenance of the OH&S management system. The organization’s methodologies and criteria for the assessment of OH&S risks shall be defined with respect to their scope, nature, and timing to ensure they are proactive rather than reactive and are used in a systematic way. Documented information shall be maintained and retained on the methodologies and criteria.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

An organization can use different methods to assess OH&S risks as part of its overall strategy for addressing different hazards or activities. The method and complexity of assessment do not depend on the size of the organization but on the hazards associated with the activities of the organization.
Other risks to the OH&S management system should also be assessed using appropriate methods.
Processes for the assessment of risk to the OH&S management system should consider day-to-day operations and decisions (e.g. peaks in workflow, restructuring) as well as external issues (e.g. economic change). Methodologies can include ongoing consultation of workers affected by day-to-day activities (e.g. changes in workload), monitoring and communication of new legal requirements and other requirements (e.g. regulatory reform, revisions to collective agreements regarding occupational health and safety), and ensuring resources meet existing and changing needs (e.g. training on, or procurement of, new improved equipment or supplies).

The organization must establish, implement and maintain a process to:

  • Assess OH&S risks from the identified hazards, whilst taking into account the effectiveness of existing controls;
  • Determine and assess the other risks related to the establishment, implementation, and maintenance of the OH&S management system.

An organization needs to apply the process of hazard identification and risk assessment to determine the controls that are necessary to reduce the risks of injury and/or ill health. The purpose of risk assessment is to address the hazards that might arise in the course of the organization’s activities and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled.

This is achieved by:

  • Developing a methodology for hazard identification and risk assessment;
  • Identifying hazards;
  • Estimating the associated risk levels, taking into account the adequacy of existing controls, based on an assessment of the likelihood of the occurrence of a hazardous event or exposure and the severity of the injury or ill health that can be caused by the event or exposure;
  • Determining whether these risks are acceptable vis the organization’s legal obligations and its OH&S objectives;
  • Determining the appropriate risk controls, where these are found to be necessary;
  • Documenting the results of the risk assessment;
  • Reviewing the hazard identification and risk assessment process on an ongoing basis.

The outputs from the risk assessment process should be used in the implementation and development of other parts of the OH&S management system such as competence, operational planning and control, and monitoring, measurement, analysis, and performance evaluation.

There is no single methodology for hazard identification and risk assessment that is suitable for all organizations. Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessments to complex numerical methods with extensive documentation.  Individual hazards might require that different methods be used, e.g. an assessment of long term exposure to hazardous substances might need a different method from that taken for equipment safety or for assessing an office workstation. Each organization should choose the method that is appropriate to its scope, nature, and size. The chosen approach should result in a comprehensive methodology for the ongoing evaluation of the organization’s risks. Where the organization’s risk assessment uses descriptive categories for assessing severity or likelihood of harm, these should be clearly defined, e.g. clear definitions of terms such as “likely” and “unlikely” are needed to ensure that different individuals interpret them consistently.

The organization should consider risks to sensitive populations (e.g. pregnant employees) and vulnerable groups (e.g. young workers) as well as any particular susceptibilities of the individuals involved in performing particular tasks (e.g. the ability of an individual to read instructions). The risk assessment should involve consultation with, and participation by, workers and take into account legal and other requirements. Risk assessment should be conducted by personnel with competence in risk assessment methodologies and techniques and appropriate knowledge of the organization’s work activities. The organization should also consider risks which are not directly related to the health and safety of people, but which affect the OH&S management system itself and can have an impact on its intended outcomes.

Risks to the OH&S management system includes:

  • Failure to understand the context of the organization;
  • Failure to address the needs and expectations of relevant interested parties;
  • Inadequate consultation and participation of workers;
  • Inadequate planning or allocation of resources;
  • An ineffectual audit programme;
  • An incomplete management review;
  • Poor succession planning for key roles;
  • Poor engagement by top management.

6.1.2.3 Assessment of OH&S opportunities and other opportunities to the OH&S management system

The organization shall establish, implement and maintain processes to assess OH&S opportunities to enhance OH&S performance while taking into account planned changes to the organization, its policies, processes or its activities and opportunities to adapt work, work for the organization and work environment to workers. The opportunities to eliminate hazards and reduce OH&S risks and other opportunities for improving the OH&S management system. OH&S risks and OH&S opportunities can result in other risks and other opportunities for the organization.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The process for assessment should consider the OH&S opportunities and other opportunities determined, their benefits and potential to improve OH&S performance.

The organization must establish, implement and maintain a process to assess:

  • OH&S opportunities to enhance OH&S performance, while considering planned changes to the organization, its policies, processes or activities;
  • Other opportunities for improving the OH&S management system.

Opportunities to improve OH&S performance can include:

  • Consideration of hazards and risks when planning and designing facilities, processes, plant and equipment, and materials;
  • Modification of working processes including the alleviation of monotonous and repetitive work;
  • Introduction of new technology to ameliorate high-risk activities;
  • Collaborating in forums that focus on issues relating to occupational health and safety.
  • Introduction of job safety analysis and task-related assessments;
  • Implementation of permit-to-work processes;
  • Implementation of ergonomic and other injury prevention-related assessments;
  • Improvement of the occupational health and safety culture of the organization;

Opportunities to improve the OH&S management system include:

  • Enhancing the visibility of top management’s support for the OH&S management system;
  • Improving worker consultation and participation in OH&S decision making;
  • Enhancing the incident investigation process;
  • Improving two-way communication on OH&S issues and promoting OH&S in the workplace;
  • Expediting corrective actions to address OH&S nonconformities;
  • Implementing OH&S objectives with the same passion as other business objectives;
  • Improving competency in identifying hazards, dealing with OH&S risks and implementing appropriate controls;
  • Adopting a risk assessment approach to conducting OH&S audits;
  • Viewing workers at all levels as a key resource of the organization;
  • Ensuring that the management review promotes a strategic and critical evaluation of the OH&S management system.

Risk / Opportunity of Internal Issues (Examples)

Sr.No Issues (Internal) Expected Result Uncertainty Risks (-ve)
Effect
Opportunity (+ve)
Effect
1 Social customs around PPE
Responsibility of OH&S
The willingness to be involved in consultation and participation
 Use of PPE
Top management shall take overall responsibility and accountability for the protection of workers, processes for consultation/ participation, establish 0H&S committees
Social custom is for workers to provide their own PPE. and be solely responsible for their OH&S. Also, the willingness to be involved in consultation and participation in a work setting is traditionally very poor Workers ignore the organizations OH&S processes, and OH&S performance does not improve Opportunity to be known in the sector as a caring and forward thinking the employer, attracting good quality human resources and inward investment from client’s (including overseas client’s) concerned with reputational impacts and good social responsibility/ governance
2 Is the organizational structure capable of ensuring adequate control for OH&S, especially when outsourcing and with the use of contractors Outsourced processes are controlled Contactor controls for communicating hazards, evaluation, and OH&S risks. The structure is very flat, with most of the workers being of low education, or the work is outsourced. Uncertainty around adequate supervision and OH&S control Poor OH&S performance affecting workers and others OH&S, reputational damage, fines, loss of customers (Not every issue will have an opportunity associated with it.
Please do not mix up risk treatment with an opportunity)

Risk / Opportunity of External Issues (Examples)

Sr Issues (External) Expected Result Uncertainty Risks (-ve)
Effect
Opportunity (+ve)
Effect
1 Cultural – risk-taking (contractors/outsourcing) Top Management promoting a culture that supports the OH&S MS
Promoting a culture supporting an OH&S Awareness of benefits of improved OH&S performance and their contribution Aware of the implications of not conforming Implementing control of the processes in accordance with the criteria Commitments in the policy to provide a safe and healthy workplace
Might be considered as part of the culture, and seen as normal practice in.
Expansion into other regions will require research into the culture affecting OH&S
OH&S MS is not effective and does not achieve it’s intended outcomes
Workers continue to adopt peer pressure norms to get the work done
Workers are injured, suffer ill health, or fatal consequences investment cost of the OH&S MS is lost
Contracts helped by having an OH&S MS may be lost due to non-adherence Other MS’s could be affected e.g. quality
(Not every issue will have an opportunity associated with it. Please do not mix up risk treatment with an opportunity)

Risk / Opportunity of Requirement for Workers Requirements (Examples)

Sr (Relevant) Requirements
 workers
Expected Result Uncertainty Risks (-ve)
Effect
Opportunity (+ve)
Effect
1 Opportunities for dialogue, improvement, and when changes occur Processes for consultation/ participation, establish OH&S committees
The policy commitment to consultation/ participation processes for consultation and participation. Ensure the participation of workers
Manager & workers traditionally do not consult or participate in OH&S matters. Time to consult/ participate and logistical arrangementsCulture with respect to OH&S importance OH&S culture does not improve OH&S performance is affected Hazards/risks are not the identified OH&S loss to workers (Not every issue will have an opportunity associated with it.
Please do not mix up risk treatment with an opportunity)

Risk / Opportunity of Requirement for Other interested Parties Requirements (Examples)

Sr (Relevant)
Requirements
(Other interested Parties)
Expected Result Uncertainty Risks (-ve)
Effect
Opportunity (+ve)
Effect
1 Contractors/suppliers/outsourcing-Clear statement of OHS requirements in tenders/ contracts Controls for procuring goods/ services conform to OH&S MS requirements OH&S requirements are not clearly defined in our contracts and demoted to a contract Annex Poor OH&S performance, and OH&S loss to workers Improving the OH&S culture by extending competence related to OH&S beyond requirements (OH&S Opportunity to improve OH&S)

6.1.3 Determination of legal requirements and other requirements

The organization shall establish, implement and maintain processes to determine and have access to up-to-date legal requirements and other requirements that are applicable to its hazards, OH&S risks and OH&S management system. The organization must determine how these legal requirements and other requirements applicable to the organization and what needs to be communicated. It must take these legal requirements and other requirements into account when establishing, implementing, maintaining and continually improving its OH&S management system. The organization shall maintain and retain documented information on its legal requirements and other requirements and shall ensure that it is updated to reflect any changes. Legal requirements and other requirements can result in risks and opportunities for the organization.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

a) Legal requirements can include:

  1. legislation (national, regional or international), including statutes and regulations;
  2. decrees and directives;
  3.  orders issued by regulators;
  4. permits, licenses or other forms of authorization;
  5. judgments of courts or administrative tribunals;
  6. treaties, conventions, protocols;
  7. collective bargaining agreements.

b) Other requirements can include:

  1. the organization’s requirements;
  2. contractual conditions;
  3. employment agreements;
  4. agreements with interested parties;
  5. agreements with health authorities;
  6. non-regulatory standards, consensus standards, and guidelines;
  7. voluntary principles, codes of practice, technical specifications, charters;
  8. public commitments of the organization or its parent organization.

The organization should have a process to determine and have access to health and safety legal requirements and other requirements applicable to its OHSMS and to determine how these requirements apply to the OHSMS. The organization needs to be confident that during the risk assessment process it is adhering to the latest applicable legal and other requirements. The legal and other requirements process of assessment will vary depending on the complexity of the business. Sources of information may be gathered in many ways including:

  • Subscription to publisher legal update newsletters.
  • Membership of trade associations
  • Research via reputable government websites
  • Use of competent consultants
  • Competent employee membership of occupational health and safety institutes.
  • Employee attendance of occupational health and safety training courses

Following the initial assessment of compliance obligations, the organization may consider placing the relevant information in a document. A spreadsheet may be useful for this purpose. A live document may include the following information and be referenced within individual risk assessments:

  • Name and reference number of regulation/requirement.
  • Revision status
  • Date the regulation was last reviewed
  • The competent person responsible for reviewing the requirement
  • Area of the organization the requirement impacts including a short description of the activity and associated documented information
  • A hyperlink or description of the source of information
  • Name and customer / external provider contact details if relevant to ‘other requirement’
  • Next review date

The process should cover:

  • What are the organization’s legal and other requirements and how are they determined, accessed and kept up-to-date;
  • How do these legal and other requirements applicable to the organization’s activities, processes, plant & equipment, workforce, hazard profile & associated OH&S risks, the overall OH&SMS, and its OH&S performance;
  • How these legal and other requirements are taken into account when establishing, implementing, maintaining and continually improving the organization’s OH&S management system.

Legal requirements could include:

  • Acts and statutory instruments such as the Safety, Health, and Welfare at Work Act 2005 and the Safety, Health and Welfare at Work (Chemical Agents) Regulations 2001;
  • Licenses, permits and other forms of authorization such as the EPA Office of Radiological Protection license or Seveso establishment notification;
  • Improvement or prohibition notices issued by HSA/HSE;
  • EU Directives or Regulations.

Other requirements could include:

  • Parent company protocols or policies;
  • Collective bargaining agreements;
  • Voluntary adherence to sector or trade body guidance documents;
  • Contractual conditions;
  • Employment agreements;
  • Voluntary principles, codes of practice, technical specifications, charters;
  • Public commitments of the organization or its parent company.

The organization must ensure that relevant workers know how to access information on legal and other requirements that are applicable to them. The organization is required to maintain and retain documented information on this process. This will ensure that the information is updated to reflect any changes to the organization’s health and safety profile. The organization must decide what legal and other requirements are related to its occupational health & safety hazards and how to best access them, decide how they apply to the organization, and take them. into consideration when establishing, operating, and delivering continual improvement through the OH&S Management System. Documented evidence needs to be recorded for these obligations, also.

6.1.4 Planning action

The organization shall plan actions to address these risks and opportunities; legal requirements and other requirements. It must prepare for and respond to emergency situations. It must also plan actions to integrate and implement the actions into its OH&S management system processes or other business processes. The organization must evaluate the effectiveness of these actions. The organization shall take into account the hierarchy of controls and outputs from the OH&S management system when planning to take action. When planning its actions, the organization shall consider best practices, technological options, and financial, operational and business requirements.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The actions planned should primarily be managed through the OH&S management system and should involve integration with other business processes, such as those established for the management of the environment, quality, business continuity, risk, financial or human resources. The implementation of the actions taken is expected to achieve the intended outcomes of the OH&S management system.
When the assessment of OH&S risks and other risks has identified the need for controls, the planning activity determines how these are implemented in operation (see Clause 8); for example, determining whether to incorporate these controls into work instructions or into actions to improve competence. Other controls can take the form of measuring or monitoring (see Clause 9).
Actions to address risks and opportunities should also be considered under the management of change (see 8.1.3) to ensure there are no resulting unintended consequences.

The organization should ensure that specific plans are in place to:

  • Address risks and opportunities that have been assessed as requiring further action;
  • Address legal and other requirements;
  • Prepare for and respond to emergency situations.

In this clause, the standard states that the organization shall plan to take actions to address its occupational health & safety hazards, risks, and opportunities, and compliance obligations, all of which we have discussed above. These also need to be implemented into the organization’s OH&SManagement System and associated business processes. The task of evaluating the effectiveness of these actions also must be considered, with technological, financial, and operational considerations all taken into account. The actions planned should primarily be managed through the OH&S management system and where appropriate should involve integration with other business processes and/or management systems such as quality, environment, business continuity, risk management and financial or human resource management. When planning to take action the organization should take into account the hierarchy of controls common to risk management, which is detailed in section 8.1.2 of the standard and outputs from the OH&S management system. The actions planned can include establishing objectives (reference section 6.2 of the standard) or incorporating the action into other OHSMS processes such as documented procedures or improved competence. Actions to address risks and opportunities should also be considered under clause 8.1.3: management of change to ensure that there are no unintended consequences arising from the actions taken. Finally, the organization needs to evaluate the effectiveness of these actions.

Category Identified need: Actions required: How to:
Address risks and opportunities OH&S MS – The willingness to be involved in consultation and participation in a work setting is traditionally very poor. Workers might ignore the organizations OH&S processes, and OH&S performance does not improve. Top management is to demonstrate their commitment to the OH&S MS and those involved with it. Monthly OH&S committees are to be set up with top management involvement. All workers will be invited to select their representatives at the committees. Meeting minutes will be published with actions to improve OH&S performance. All suggested improvements will be considered before a decision is made. All OH&S MS decisions that need to be made will involve consultation with the workers before the decision is made. All decisions in the OH&S MS will be transparent. Time, training, the resource will be made available for consultation and participation. Integrate- Business processes will be updated to include the actions stated.
Implement into OH&S MS or other
processes-Production Director is tasked to implement these actions within 3 months (from last management review).
Evaluate effectiveness – This will be through the first OH&S Committee scheduled in two months’ time.
Other Consideration – Operational and
business requirements and constraints.

6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives

The organization shall establish OH&S objectives at relevant functions and levels in order to maintain and continually improve the OH&S management system and OH&S performance. The OH&S objectives must be consistent with the OH&S policy. The objectives must be measurable (if practicable) or capable of performance evaluation. It must take into account

  1. applicable requirements;
  2. the results of the assessment of risks and opportunities;
  3. the results of consultation with workers, and, where they exist, workers’ representatives;

The objectives must be monitored, communicated and be updated as appropriate.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

Objectives are established to maintain and improve OH&S performance. The objectives should be linked to risks and opportunities and performance criteria which the organization has identified as being necessary for the achievement of the intended outcomes of the OH&S management system.
OH&S objectives can be integrated with other business objectives and should be set at relevant functions and levels. Objectives can be strategic, tactical or operational:
a) strategic objectives can be set to improve the overall performance of the OH&S management system (e.g. to eliminate noise exposure);
b) tactical objectives can be set at facility, project or process level (e.g. to reduce noise at source);
c) operational objectives can be set at the activity level (e.g. the enclosure of individual machines to reduce noise).

The measurement of OH&S objectives can be qualitative or quantitative. Qualitative measures can be approximations, such as those obtained from surveys, interviews, and observations. The organization is not required to establish OH&S objectives for every risk and opportunity it determines.

The organization should establish objectives in order to maintain and improve the OH&S management system and to achieve continual improvement in its OH&S performance.

When determining its OH&S objectives the organization must take into account:

  • The results of the assessments of risk and opportunities;
  • Applicable legal and other requirements;
  • The results of consultation with workers and where applicable, their representatives.

OH&S objectives can be integrated with other business objectives such as quality or environment and should be set at relevant functions and levels as defined and decided upon by the organization.

The OH&S objectives should address both broad corporate OH&S issues and OH&S issues that are specific to individual functions and levels within the organization. It is a requirement of the standard to set achievable OH&S objectives with the means to periodically measure progress, demonstrating continuous improvement. Often objectives are set and reviewed at management review or locally at departmental or committee meetings. Once set, there must be a means to communicate objectives throughout the organization to support and generate a positive OH&S culture. If many requirements have been identified the organization may consider developing a documented Occupational Health and Safety Strategic Plan. The plan should be agreed on by senior leadership and include risk rating tasks, in order of priority, and the alignment with senior leadership responsible for overseeing the task.

The standard advises that occupational health & safety objectives should be established at appropriate levels and intervals, having considered the identified occupational health & safety hazards, risks and opportunities, and compliance obligations. The characteristics of the set objectives are important, they need to be consistent with the organization’s Occupational Health & safety policy, measurable where possible, able to be monitored, communicated effectively, and be such that they can be updated when circumstances require. Once more, it is mandatory that documented information is kept outlining this process and its outputs. Because the term “maintain and improve its OH&S management system” is used in this clause, the organization can set some objectives in order to maintain a certain level of performance and can set other objectives for the purpose of achieving an improvement in its OH&S performance. This means that in the case of the former, once a level of performance has been achieved and no further opportunity for improvement can be identified, the organization can set an objective that maintains that set level of performance until such time as new opportunities are identified. The OH&S objectives should be consistent with the OH&S policy and if practicable, be measurable or capable of performance evaluation. Ideally, the objectives should be specific, measurable, achievable, realistic and time-oriented (SMART).

Typical examples of OH&S objectives include the following:

  • Objectives to increase or reduce a numerical value such as reducing manual handling incidents by 10% or increasing VDU risk assessments by 20%.
  • Objectives to introduce controls or eliminate hazards such as the introduction of LEV in a particular process or elimination of a particular hazardous substance from a process;
  • Objectives to introduce less hazardous materials in specific products;
  • Objectives to increase levels of worker satisfaction in relation to OH&S such as a reduction of workplace stress or an increase in worker participation in and consultation on OH&S issues;
  • Objectives to increase awareness or competence in performing work tasks safety;
  • Objectives to meet legal requirements prior to their enactment.

The objectives should be monitored, communicated and be updated as appropriate. The organization is not required to establish OH&S objectives for every risk and opportunity it determines.

6.2.2 Planning to achieve OH&S objectives

When planning how to achieve its OH&S objectives, the organization must determine:

  1. what will be done?
  2. what resources will be required?
  3. who will be responsible?
  4. when it will be completed?
  5. how the results will be evaluated, including indicators for monitoring?
  6. how the actions to achieve OH&S objectives will be integrated into the organization’s business processes?

The organization must maintain and retain documented information on the OH&S objectives and plans to achieve them.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The organization can plan to achieve objectives individually or collectively. Plans can be developed for multiple objectives where necessary. The organization should examine the resources required (e.g. financial, human, equipment, infrastructure) to achieve its objectives. When practicable, each objective should be associated with an indicator which can be strategic, tactical or operational.

6.2.2 Planning to Achieve OH&S Objectives

The standard advises on the elements that need to be determined to ensure that objectives can be achieved. This can be thought of in terms of what needs to be done, when it needs to be done by, what resources are required to achieve it, who is responsible for the objectives being achieved, how results are to be measured and progress ensured, and consideration on how these objectives can be implemented within existing business systems. In order to achieve the objectives, a programme or programmes should be established. A programme is an action plan for achieving one or all of the OH&S objectives. The programme, at a minimum, should address the following:

  • What is to be done;
  • What resources (e.g. financial, human, equipment & infrastructure) will be required;
  • Who will be responsible;
  • When it will be completed;
  • How the results will be evaluated, including indicators for monitoring.

The programme should be reviewed at planned intervals, and adjusted as necessary, to ensure that the objectives are achieved. This review can be part of the management review process. The organization must maintain and retain documented information on the OH&S objectives and plans to achieve them.

A strategic OH&S plan is a live document and periodically should be reviewed to monitor progress to achieving objectives and continuous improvement. The document may include:

  • Strategic prioritized topic
  • Action, this could be conducting assessments according to compliance obligations such as a noise assessment
  • The method in which the action can be achieved
  • Resources required to achieve the action. For example human, equipment, financial and external provider expertise
  • The key performance indicator to demonstrate achievement of the action
  • General responsibility
  • Top Management responsibility
  • Timescale
  • Risk rating (order of priority)

Examples for Objectives

OH&S Policy/Risk Area  OH&S objectives Target Times-Frames Legal and other requirements Programs and other responsibilities
Prevention of Injury and ill health Number of non-reportable
Accidents per yearNumber of Reportable
Accidents per yearIncident Frequency Rate
≤10

≤2

≤20

I Year

I Year

1 Year

Health and Safety at Work Act

Management of Health and Safety
at Work Regulations

Reporting of Injuries, Diseases
and Dangerous Occurrences
Regulations

Control of Substances Hazardous
to Health (Amendment)
Regulations

Electricity at Work Regulations
Health and Safety (Safety Signs
and Signals) Regulations

Manual Handling Operations
Regulations

Incidents to be monitored quarterly. Action: Production Supervisor (PS) 

 

Any increases in incident rates to be investigated and action taken. Action: ALL Managers

 

Reduction in incident levels to be targeted through training &
monitoring programmes. Action: ALL  Managers

Example of Derivation of Objectives from Risk and Opportunity

Sr (Relevant)
Requirements
(Other interested Parties)
Expected Result Uncertainty Risks (-ve)
Effect
Opportunity (+ve)
Effect
1 Contractors/suppliers/outsourcing-Clear statement of OHS requirements in tenders/ contracts Controls for procuring goods/ services conform to OH&S MS requirements OH&S requirements are not clearly defined in our contracts and demoted to a contract Annex Poor OH&S performance, and OH&S loss to workers Improving the OH&S culture by extending competence related to OH&S _beyond requirements (OH&S Opportunity to improve OH&S)

OH&S objectiveOHS/Contractor (Sept 15th 20xx): To include a clear statement of OHS requirements in tenders/contracts. To be included by the end of Dec XX.

(What will be done)

  • Workers’ Representative, Purchasing Supervisor, H&S Manager: To drafl a statement of OH&S requirements to be included in tenders/contracts. (Before the end of September 20xx)
  • Production Manager: To review/revise in consultation with the above. (Before Oct 15th 20xx)
  • Company Secretary: To forward agreed requirements to company legal advisor for inclusion into the contract, or amendment as legally required/advised. (Before Oct end 20xx)
  • Purchasing Managers: To include new tenders/contracts. (Before Nov end 20xx)
  • Purchasing Manager: To start negotiating changes to existing contracts to include the above OH&S requirements. (On-going, but expected completion of all existing contracts by April 20xx)
  • Production Manager: To communicate new requirements for all company workers who may be involved with contractors. (Before Nov)
  • Purchasing Manager: To monitor the response from the contractor’s top management on the new requirements in tenders/contracts. (From Nov 20xx onwards)

(What resources will be required)

  • Workers Representative
  • Purchasing Manager
  • Purchasing Supervisor
  • H&S Manager
  • Company Secretary
  • Company legal Advisor
  • Time and cost for legal advice (KWD 500)

(Who will be responsible) Purchasing Manager and Production Manager.

(When it will be completed) Over the next four months (April 20xx+l).

(How it will be measured through indicators (if practicable) and monitored, including frequency). Through the dates and responsibilities identified above, and reported through the monthly OH&S committee meetings.

(How the results will be evaluated) Through the Purchasing Manager requesting if OH&S requirements are now clear in contracts (sample contractors’ management), and thereafter the Purchasing Supervisor monitoring of conformance against contract OH&S requirements (number of contract OH&S breaches/month).

(How the actions to achieve OH&S objectives will be integrated into the organization’s business processes) Actions will be integrated into each responsible person’s personal appraisal for the year and reviewed as part of their personal development and achievement.

…………………………………End of Examples …………………………………………

 

ISO 45001:2018 Clause 5: Leadership and worker participation

CLAUSE 5 – Leadership and worker participation

Top management and their workers are required to have involvement in the input and operation of the OHSMS management system and must ensure that the requirements are integrated into the organization’s OHSMS processes and that the policy and objectives are compatible with the strategic direction of the organization. The top management must take overall responsibility and accountability for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces and activities. This clause places requirements on top management to assign relevant responsibilities and support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. Critical to the success of the OH&S management system is leadership and commitment from ‘Top Management’. The expectation of leaders within an organization is to become champions of the system and provide the necessary resources to protect workers from harm. This clause is the cornerstone for the success of the OH&S MS. In OHSAS 18001, top management was responsible for OH&S and was required to ‘appoint’ a member of top management with specific responsibility for OH&S. Top management in ISO 45001 is responsible and accountable for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces (not simply providing support for a management system). This requires top management to be personally involved in order to develop, lead and promote a culture that supports OH&S. It should also be noted that leadership and culture are identified as a potential hazard later in the standard. It is also top management that has to ensure that a process for consultation and participation with workers is established. This may include establishing a health and safety committee. It is also top management’s responsibility to establish, implement and maintain the health and safety policy.
The required contents for the policy include elements such as a commitment to consultation and participation of workers. Importantly consultation with workers on the health and safety policy is included later in this clause. Consultation and participation of workers are significantly enhanced from OSHAS 18001 which was limited to participation in hazard identification and consultation on changes. In ISO 45001 consultations involve seeking views before making a decision with clear two-way communication, whilst participation is involved in decision-making. This must include non-managerial workers. The organization is now required to provide the mechanisms, time, training and resources for consultation and participation of workers. This includes removing any obstacles or barriers such as language, literacy or fear of reprisals.

Context 5.1: Leadership and commitment

Top management should demonstrate leadership and commitment with respect to the OH&S management system. Top management must be taking overall responsibility and accountability for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces and activities. Top management must be ensuring that the OH&S policy and related OH&S objectives are established and are compatible with the strategic direction of the organization. The top management must be ensuring the integration of the OH&S management system requirements into the organization’s business processes. The top management must be ensuring that the resources needed to establish, implement, maintain and improve the OH&S management system are available. The top management must be communicating the importance of effective OH&S management and of conforming to the OH&S management system requirements. The top management must be ensuring that the OH&S management system achieves its intended outcome. The top management must be directing and supporting persons to contribute to the effectiveness of the OH&S management system. The top management should be ensuring and promoting continual improvement. The top management should be supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. The top management should be developing, leading and promoting a culture in the organization that supports the intended outcomes of the OH&S management system. The top management should be protecting workers from reprisals when reporting incidents, hazards, risks, and opportunities. The top management should be ensuring the organization establishes and implements processes for consultation and participation of workers. The top management supporting the establishment and functioning of health and safety committees.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

Leadership and commitment, including awareness, responsiveness, active support, and feedback, from the organization’s top management, are critical for the success of the OH&S management system and achievement of its intended outcomes; therefore, top management has specific responsibilities for which they need to be personally involved or which they need to direct. A culture that supports an organization’s OH&S management system is largely determined by top management and is the product of individual and group values, attitudes, managerial practices, perceptions, competencies, and patterns of activities that determine the commitment to, and the style and proficiency of, its OH&S management system. It is characterized by, but not limited to, active participation of workers, cooperation and communications founded on mutual trust, shared perceptions of the importance of the OH&S management system by active involvement in the detection of OH&S opportunities and confidence in the effectiveness of preventive and protective measures. An important way top management demonstrates leadership is by encouraging workers to report incidents, hazards, risks, and opportunities and by protecting workers against reprisals, such as the threat of dismissal or disciplinary action, when they do so.

The requirements within this clause are generally self-explanatory. You will need to provide information on how top management ensure the OHSMS is compatible with the strategic direction as well as taking responsibility for promoting a safety culture to ensure that the management system achieves its intended outcome. In clause 5.1, 45001 uses the term ‘top management’ to refer a group or an individual at the highest level, controlling and directing the organization.  This sets out a list of things that top management must do, to demonstrate the commitment and leadership with respect to their health and safety management system. Three of these directly refer to the rights of workers:

  • To support establishing and the ongoing operation of health and safety committees, this clause specifically refers to the need to put emphasis on the participation of non-management workers in setting up these committees.
  • Ensuring that clause 5.4 is implemented.
  • Ensuring the protection of workers from any reprisals when they report hazards and risks.

The following are examples of how leadership can be demonstrated within the OH&S management system:

  • Take overall responsibility and accountability for the prevention of work-related injury / ill health, as well as the provision of a safe and healthy work environment
  • Facilitating positive culture and continual improvement
  • Ensure the OH&S system is integrated within the business processes
  • Promote communication internally and externally and at all levels (cascading from the top)
  • Protect workers from reprisal when reporting incidents,
    hazards, risk, and opportunities
  •  Provision and support for safety committees

For an external audit, the expectation is for senior leadership to be at the heart of the OH&S management system with a clear demonstration of understanding the system.

Clause 5.2: OH&S policy

Top management must establish, implement and maintain an OH&S policy. The policy must include a commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health and is appropriate to the purpose, size, and context of the organization and to the specific nature of its OH&S risks and OH&S opportunities. The policy should provide a framework for setting the OH&S objectives. The policy should include a commitment to fulfill legal requirements and other requirements. It should include a commitment to eliminate hazards and reduce OH&S risks. The policy should include a commitment to continual improvement of the OH&S management system. It should include a commitment to consultation and participation of workers, and, where they exist, workers’ representatives. The OH&S policy should be available as documented information. It should be communicated within the organization. It must be available to interested parties, as appropriate. It must be relevant and appropriate.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The OH&S policy is a set of principles stated as commitments in which top management outlines the long-term direction of the organization to support and continually improve its OH&S performance. The OH&S policy provides an overall sense of direction, as well as a framework for the organization to set its objectives and take actions to achieve the intended outcomes of the OH&S management system. These commitments are then reflected in the processes an organization establishes to ensure a robust, credible and reliable OH&S management system (including addressing the specific requirements in this document). The term “minimize” is used in relation to OH&S risks to set out the organization’s aspirations for its OH&S management system. The term “reduce” is used to describe the process to achieve this. In developing its OH&S policy, an organization should consider its consistency and coordination with other policies.

Top management needs to establish, implement and maintain an OHSMS policy that includes a commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health and is appropriate to the purpose, size, and context of the organization and to the specific nature of its OHSMS risks and opportunities. The policy must be communicated, set out the framework for establishing measurable occupational health and safety objectives and targets, including a commitment to consultation and participation of workers or representatives and a commitment to eliminate hazards and fulfill legal requirements.

An OH&S Policy is a ‘Statement of Intent’ or ‘Mission Statement’ which sets out the framework to manage the Occupational Health and Safety Management System. The OH&S policy is approved by senior leadership and will drive the controls that are in place and the actions that are carried out to improve it. The standard specifically requires that the OH&S policy should include commitments to:

  • Provide a framework for setting objectives
  • Provide safe and healthy working conditions for the prevention of work-related injury and/or ill health
  • Eliminate hazards and reduce OH&S risks
  • Continual improvement of the OH&S system
  • Consultation and participation of workers and where they exist worker representatives
  • Fulfillment of legal and other requirements

Once the OH&S policy has been approved it must be communicated to stakeholders including workers. The policy must be available to interested parties, which will include customers and external providers on request. In addition, periodically the OH&S policy must be reviewed by senior leadership to ensure it remains applicable to the context of your organization.

Sample Occupational Health and Safety Policy

This policy will apply to __(Name of Business)_____ at all locations.

__(Name of Business)______________ is committed to providing a healthy and safe work environment for its workers and preventing occupational illness and injury. To express that commitment, we issue the following policy on occupational health and safety.
As the employer, (Name of Business) is responsible for the health and safety of its workers. __(Name of Business)______________ will make every effort to provide a healthy and safe work environment. We are dedicated to the objective of eliminating the possibility of injury and illness.
As _(CEO/Owner/etc.)______________ I give you my personal promise to take all reasonable precautions to prevent harm to workers.
Supervisors will be trained and held responsible for ensuring that the workers, under their supervision, follow this policy. They are accountable for ensuring that workers use safe work practices and receive training to protect their health and safety.
Supervisors also have general responsibility for ensuring the safety of equipment and facility.
__(Name of Business)__________________ through all levels of management, will cooperate with the Joint Occupational Safety and Health (JOSH) Committee or the Health & Safety Representative and workers to create a healthy and safe work environment. Cooperation should also be extended to others such as contractors, owners, officers, and so on.
The workers of (Name of Business) will be required to support this organization’s health and safety initiative and to cooperate with the JOSH Committee or Health & Safety Representative and with others exercising authority under the applicable laws. It is the duty of each worker to report to the supervisor or manager, as soon as possible, any hazardous conditions, injury, accident, or illness related to the workplace. Also, workers must protect their health and safety by complying with applicable Acts and Regulations and following policies, procedures, rules and, instructions as prescribed by
__(Name of Business)______________.
_(Name of Business)______________ will, where possible, eliminate hazards and, thus, the need for personal protective equipment. If that is not possible, and where there is a requirement, workers will be required to use safety equipment, clothing, devices, and materials for personal protection.
__(Name of Business)________ recognizes the worker’s duty to identify hazards, and supports and encourages workers to play an active role in identifying hazards and to offer suggestions or ideas to improve the health and safety program.
Signed:
Title:
This policy has been developed in cooperation with the  Committee, Health & Safety Representative, or workers.

—————————End of example—————————————

Clause 5.3: Organizational roles, responsibilities, and authorities

Top management must ensure that the responsibilities and authorities for relevant roles within the OH&S management system are assigned and communicated at all levels within the organization and maintained as documented information. Workers at each level of the organization must assume responsibility for those aspects of OH&S management system over which they have control. While responsibility and authority can be assigned, ultimately top management is still accountable for the functioning of the OH&S management system. Top management must assign the responsibility and authority for ensuring that the OH&S management system conforms to the requirements of this document. There must be reporting on the performance of the OH&S management system to top management.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

Those involved in the organization’s OH&S management system should have a clear understanding of their role, responsibilities, and authorities for achieving the intended outcomes of the OH&S management system. While top management has overall responsibility and authority for the OH&S management system, every person in the workplace needs to take account not only of their own health and safety but also the health and safety of others. Top management being accountable means being answerable for decisions and activities to the organization’s governing bodies, legal authorities and, more broadly, its interested parties. It means having ultimate responsibility and relates to the person who is held to account if something is not done, is not done properly, does not work or fails to achieve its objective. Workers should be enabled to report about hazardous situations so that action can be taken. They should be able to report concerns to responsible authorities as required without the threat of dismissal, disciplinary action or other such reprisals. The specific roles and responsibilities identified in 5.3 may be assigned to an individual, shared by several individuals, or assigned to a member of top management.

Top management needs to ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood throughout the organization. The scope and boundaries of the OH&S Management System must now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the OH&S Management System functions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the OH&S Management System and kept critically as “documented information.”It requires the organization to define clear roles, responsibilities, and authorities throughout the organization.
It is recognized that overall responsibility for the OH&S management system falls to ‘Top Management’ however individuals must take account of their own health and safety and that of others. Consider documenting roles, responsibilities, and authorities within high-level and localized organizational charts. Individual policies and work instructions may also include responsibility and authority however competence must be considered. Top management is ultimately responsible for the OH&S management system, even if the day-to-day decisions related to occupational health and safety are delegated to others. What is delegated and to whom should be clearly and unambiguously communicated so that everybody understands who is responsible for what. Top management should assign responsibility and authority for:

  • Ensuring that the OH&S management system conforms to the requirements of ISO 45001;
  • Reporting on the performance of the OH&S management system to top management.

Since resources can be limited, opportunities should be sought out to integrate OH&S responsibilities within existing functions of the organization, such as manufacturing, facilities management, purchasing, and human resources. If other management systems are already in places, such as quality, environment, energy or food safety, synergies may exist where there are similar roles and responsibilities. This will enhance ownership of OH&S management across the organization and potentially create efficiencies. ISO 45001 requires that the responsibilities and authority of all persons who perform duties that are part of the OH&S management system be documented. These can be described and included in:

  • OH&S management system procedures;
  • Operational procedures and process maps;
  • Project and/or task descriptions;
  • Job descriptions;
  • Induction training packages.

Such documentation can, among others, be required for the following personnel:

  • Management at all levels in the organization, including top management;
  • Safety committees/safety teams;
  • Process operators and the general workforce;
  • Those managing contractors;
  • Those responsible for OH&S training;
  • Those responsible for equipment operation and maintenance;
  • Those responsible for facilities management;
  • Employees with OH&S qualifications, or other OH&S specialists, within the organization;

Care should be taken with the clarification of responsibilities at the interfaces between different functions (e.g. between departments, between different levels of management, between workers, between the organization and contractors and between the organization and its neighbors).

Some examples of Roles, responsibility, authority, and accountability 

1.) Managing Director:

  • Overall responsibility for the performance of the Organization
  • Overall responsibility & accountability for the OHS System, directly or through a nominated executive
  • Chair and Management Review Meeting
  • Define the OHS Policy
  • Review and approve the OHS System manual and its amendments
  • Ensures adequate resources are available for effective implementation
  • Appoint Management Representative
  • Approval of Purchase Orders for capital items
  • Overall accountable for continual improvement of the OHS Management system

2.) Cross-Functional Team:

  • Preparation of objectives and targets in consultation with Top Management
  • Conducting departmental reviews
  • Coordinate in providing resources for departmental elements of OHS.
  • Providing direction to the department on the design, implementation, and maintenance of OHS
  • Resolving corrective action issues
  • The MR is accountable for the effective implementation of OHS MS
  • Identify training needs for personnel directly reporting.

3) Legal Team:

  • Identify applicable legislation and other requirements.
  • Evaluate Legal compliance
  • Communicate the legal non-compliances
  • Hold review meetings on legal requirement.
  • Update with latest legislations / amendments.
  • DGM-HR is accountable for compliance with OHS legal & other requirements.

4) Audit Team:

  • Conduct Internal audits as per the audit schedule
  • Generate audit reports
  • Verify the audit closure
  • MR is accountable for conducting audit & NC closure

5) Emergency Response Team:

  • Review emergency response & preparedness manual
  • Train the people for emergency response
  • Conduct the role during the mock drill
  • To see the entry of unauthorized persons is restricted to areas.
  • To check whether Fire Extinguishers are provided at appropriate places and are tested periodically.
  • To check persons working are using proper PPE’s
  • To train the personnel over the safety & to identify key areas where safety is necessary
  • To identify safe assembly area
  • Impart safety awareness to all employees through in-house training as per the needs identified.
  • To check whether safety instructions have been prepared and displayed at relevant places through Operation control Instruction for use of Safety Personal Protective Equipment.
  • To see all the effectiveness of the emergency preparedness
  • An emergency response team has been constituted with Personnel from all departments to review / initiate actions for identified potential Emergency situations identify through the significant Study.
  • To co-ordinate with respective Functions head for identifying different types of emergency situations and prepares an “onsite emergency plan” which briefly describes the action to be taken by the employees during identified emergency situation internally.
  • To prepare an evacuation plan & to describe the plan for evacuation from the emergency area and to identify the gathering point.
  • To prepare mitigation actions after the emergency.
  • To organize Mock drills or Mock exercise, to test the Onsite emergency plan for the different identified emergency situations.
  • To make sure the Mock Drill records are maintained by the Safety Officer. To decide the possible changes needed in the emergency plans.
  • The safety officer is accountable for compliance with Emergency preparedness and response

6) First Aid Team

  • The team should regularly monitor medicine availability in the box.
  • The First Aid personnel shall take care of the injured persons and in case of an emergency condition.
  • The First Aid persons should take care that the injured persons are shifted to the hospital in time.
  • Admin Officer is accountable for maintaining adequate first aid medicines, providing first aid to injured personnel.

7) Safety Committee:

  • Safety Committee shall meet as often as necessary but at least once in three months. The minutes of the meeting shall be recorded
  • Safety Committee shall have the right to be adequately and suitably informed
  • Functions and duties of the safety committee shall include-
  • Dealing with all matters concerning health, safety, and environment, and to arrive at practical solutions to problems encountered.
  • Creating safety awareness among all the workers.
  • Undertaking educational, training and promotional activities.
  • Discussing reports on safety, environmental and occupational health surveys, safety audits, risk assessments, emergency and disaster management plans and implementation of the recommendations made in the reports.
  • Carrying out health and safety surveys and identifying the cause of accidents.
  • Looking into any complaint made on the likelihood of imminent danger to the safety and health of the workers and suggesting corrective measures and
  • Reviewing the implementation of the recommendations made by it.
  • Incident investigation results & review of the effectiveness of the action taken.
  • Safety Officer is accountable for conducting safety committee meeting.

The activity wise responsibilities are as shown below

S. No Activity

Responsibility

1 Appointing a Management Representative Managing Director
2 Selection of CFT Members MR
3 Review and approval of Policy Prepared by MR, Reviewed &  approved MD
4 Conducting Initial Review & Significant Impact / Risk Assessment CFT
5 Setting up objectives and targets  MR & CFT
6 Establishing Management Program MR & CFT
7 Approval of Management Program Managing Director
8 Identification of Legal and Other Requirements Legal Team
9 Providing resources for Implementation Managing Director
10 Identifying training needs CFT
11 Organising Training  HR Department
12 Internal Communication As per defined Procedure
13 External Communication
14 Document Control  MR
15 Operational Control Measurement & Monitoring CFT
16 Emergency preparedness and response Safety Officer & ERT Members
17 Review of Procedures after emergency ERT
18 Calibration of Instruments QA Deputy Manager
19 Handling and Investigating NC’s  MR & CFT
20 Initiating Corrective and Preventive action MR & Resp Dept HOD’s
21 Maintaining Records CFT
22 Conducting Audit Trained Internal Auditors
23 Conducting Management Review Managing Director

—————————End of example—————————————

 

Clause 5.4: Consultation and participation of workers

The organization must establish, implement and maintain processes for consultation and participation of workers at all applicable levels and functions, and, where they exist, workers’ representatives, in the development, planning, implementation, performance evaluation and actions for improvement of the OH&S management system. The organization must provide mechanisms, time, training and resources necessary for consultation and participation. Worker representation can be a mechanism for consultation and participation. The organization must provide timely access to clear, understandable and relevant information about the OH&S management system. It must determine and remove obstacles or barriers to participation and minimize those that cannot be removed. Obstacles and barriers can include failure to respond to worker inputs or suggestions, language or literacy barriers, reprisals or threats of reprisals and policies or practices that discourage or penalize worker participation. The organization must emphasize the consultation of non-managerial workers while determining the needs and expectations of interested parties and establishing the OH&S policy. The organization must emphasize the consultation of non-managerial workers while assigning organizational roles, responsibilities, and authorities as applicable. The organization must emphasize the consultation of non-managerial workers while determining how to fulfill legal requirements and other requirements. The organization must emphasize the consultation of non-managerial workers while establishing OH&S objectives and planning to achieve them. The organization must emphasize the consultation of non-managerial workers while determining applicable controls for outsourcing, procurement, and contractors. The organization must emphasize the consultation of non-managerial workers while determining what needs to be monitored, measured and evaluated. The organization must emphasize the consultation of non-managerial workers while planning, establishing, implementing and maintaining an audit program. The organization must emphasize the consultation of non-managerial workers while ensuring continual improvement. The organization must emphasize the participation of non-managerial workers while determining the mechanisms for their consultation and participation. The organization must emphasize the participation of non-managerial workers while identifying hazards and assessing risks and opportunities. The organization must emphasize the participation of non-managerial workers while determining actions to eliminate hazards and reduce OH&S risks. The organization must emphasize the participation of non-managerial workers while determining competence requirements, training needs, training and evaluating training. The organization must emphasize the participation of non-managerial workers while determining what needs to be communicated and how this will be done. The organization must emphasize the participation of non-managerial workers while determining control measures and their effective implementation and use. The organization must emphasize the participation of non-managerial workers while investigating incidents and nonconformities and determining corrective actions. Emphasizing the consultation and participation of non-managerial workers is intended to apply to persons carrying out the work activities but is not intended to exclude, for example, managers who are impacted by work activities or other factors in the organization. It is recognized that the provision of training at no cost to workers and the provision of training during working hours, where possible, can remove significant barriers to worker participation.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The consultation and participation of workers, and, where they exist, workers’ representatives, can be key factors of success for an OH&S management system and should be encouraged through the processes established by the organization. Consultation implies a two-way communication involving dialogue and exchanges. Consultation involves the timely provision of the information necessary for workers, and, where they exist, workers’ representatives, to give informed feedback to be considered by the organization before making a decision. Participation enables workers to contribute to decision-making processes on OH&S performance measures and proposed changes. Feedback on the OH&S management system is dependent upon worker participation. The organization should ensure workers at all levels are encouraged to report hazardous situations so that preventive measures can be put in place and corrective action is taken. The receipt of suggestions will be more effective if workers do not fear the threat of dismissal, disciplinary action or other such reprisals when making them.

The organization must establish, implement and maintain processes for consultation and participation of workers at all applicable levels and functions, and, where they exist, workers representatives, to continually improve the OHSMS. These clauses require engagement with work health and safety committees and existing workers representatives. The essence of any health and safety management system is for an organization to proactively and systematically engage with its workers, at all levels, to collaboratively prevent: incidents, injury, and disease. There is considerable evidence that the effective participation of workers and the representation of their interests in OHS are crucial elements in improving health and safety performance at the workplace. This representation occurs through the use of health and safety representatives (HSRs). Clause 5.4 requires an organization to set up a health and safety management system process or processes to ensure the consultation and participation of all workers, including the representatives of workers. 45001 also states that organizations are to support the establishment of health and safety committees. So that workers have an ongoing role in improving the organization’s health and safety management system and its outcomes, by:
• Developing
• Planning
• Implementing and
• Evaluating the organization’s health and safety management system and its outcomes.
So as then to proactively and systematically improve the organization’s health and safety management system and its outcomes in reducing injury, illnesses, disease, and fatalities. 45001 also requires that the organization provides the necessary resources, training and time through its mechanisms for consultation and participation. When an organization decides to develop, plan, implement, performance evaluate, or improve their health and safety management system. Clause 5.4 also calls for the organization to give emphasis to the participation of workers who are not managers in the following:

  • Setting up processes for their consultation and participation
  • Hazard identification, risk assessment and opportunities for improving health and safety outcomes
  • Working on how to eliminate hazards and if not possible, then reducing remaining health and safety risks
  • Deciding health and safety risk controls and how to implement these effectively
  • Establishing: training needs, competence levels and the evaluation of training
  • Deciding the health and safety communication measures and the manner in which they are done
  • The investigation of health and safety incidents, including near misses and other types of exposures to hazards and their risks, including nonconformities with the health and safety management system, and decisions over actions to correct these.

Clause 5.4 specifically refers to giving emphasis to consulting workers who are not managers in the following;

  • Drawing up the work health and safety policy.
  • Working out who has what health and safety roles,
  • The determination of the organization’s fulfillment of their legal and other requirements.
  • Designing the health and safety objectives for the organization including plans for their achievement.
  • Working out risk management processes in the use of outsourcing, contractors, and procurement.
  • Decisions over implementing, monitoring, measuring and evaluating elements of the organization’s health and safety management system.
  • Decisions over applying the audit process, including the audit plan and its establishment, implementation and maintenance.

workers

ISO 45001:2018 Clause 4: Context of the Organization

CLAUSE 4 – CONTEXT OF THE ORGANISATION

This clause underpins the 2018 Standards and establishes the context of the Occupational Health and Safety Management System (OHSMS). This clause is found in all ISO management system standards, and it requires the organization to determine all internal and external issues that may be relevant to the achievement of the objectives of the OH&SManagement System itself. This includes all elements which are, and may be capable of, affecting these objectives and outcomes in the future. It gives you the opportunity to identify all internal and external issues that are relevant and may affect, the strategic direction of the organization and the OHSMS. You will also need to identify the needs and expectations of workers and other interested parties that are relevant to your management system. These groups can include workers, shareholders, subcontractors, regulatory groups, etc. Finally, you’ll need to establish, implement, maintain and continually improve the management system.

This clause ‘sets the scene’ for the organization and the scope and boundaries for the occupational health and safety management system. Importantly ISO 45001 should be aligned to the strategic direction of the organization, embedding OH&S management into the core business functions, rather than as a stand-alone discipline. Within this clause the organization has to determine the internal and external factors that may affect its ability to achieve the intended outcomes of its OH&S MS. Externally this may be issues such as socio-economic and political instability; internally, it may be issues such as restructuring, acquisitions or new products. The organization is also required to determine the needs and expectations of ‘interested parties’ with regard to the OH&S MS. This means that the system cannot operate in isolation – those who have an interest in the outcomes of the OH&S MS – workers, shareholders, legal authorities, contractors, etc have to be considered.
Most organizations will have worked through these two aspects as part as their overall risk and opportunity management (and/or if they have other ISO standards) but it is important for ISO 45001 that these issues are expressly considered against the intended outcomes of the OH&S MS. How could political insecurity or an organizational restructure put workers health and safety at risk? Or provide an opportunity to improve the workplace? The final scope for the OH&S MS must be documented. this helps to evidence the integrity of the MS. It would be unacceptable to exclude a particular part of the business or site due to poor health and safety performance. Remember the aim for the OH&S MS – to prevent injury and ill-health and provide a safe and healthy workplace. Excluding a particular part of the business would undermine the overall credibility of the organization.

Context 4.1: Understanding the Organization and Its Context

The organization should determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its OH&S management system.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

An understanding of the context of an organization is used to establish, implement, maintain and continually improve its OH&S management system. Internal and external issues can be positive or negative and include conditions, characteristics or changing circumstances that can affect the OH&S management system, for example:
a) external issues, such as:
1) the cultural, social, political, legal, financial, technological, economic and natural surroundings and market competition, whether international, national, regional or local;
2) introduction of new competitors, contractors, subcontractors, suppliers, partners and providers, new technologies, new laws and the emergence of new occupations;
3) new knowledge on products and their effect on health and safety;
4) key drivers and trends relevant to the industry or sector having an impact on the organization;
5) relationships with, as well as perceptions and values of, its external interested parties;
6) changes in relation to any of the above;
b) internal issues, such as:
1) governance, organizational structure, roles, and accountabilities;
2) policies, objectives and the strategies that are in place to achieve them;
3) the capabilities, understood in terms of resources, knowledge, and competence (e.g. capital, time, human resources, processes, systems, and technologies);
4) information systems, information flows and decision-making processes (both formal and informal);
5) introduction of new products, materials, services, tools, software, premises, and equipment;
6) relationships with, as well as perceptions and values of, workers;
7) the culture in the organization;
8) standards, guidelines, and models adopted by the organization;
9) the form and extent of contractual relationships, including, for example, outsourced activities;
10) working time arrangements;
11) working conditions;
12) changes in relation to any of the above.

It requires an organization to assess both internal and external influences in formulating and implementing a health and safety management system. In addition to the traditional customer, economic and competitive factors, it notes that these influences can include how laws, technical developments and even political/ cultural/social changes might impact the mission of the organization, whether their origin is local, regional, national or international. It specifically wants the ISO 45001 directed health and safety effort to address the requirements of Clause 4.2. 4.3, and 4.4.

The organization must understand the internal and external issues that can impact in a positive or negative manner on its health and safety performance including, inter alia, organizational culture and structure, and the external environment including cultural, social, political, legal, financial, technological, economic, market competition and natural factors of significance to its performance. The company will be required to identify all relevant internal and external issues including conditions, characteristics or changing circumstances that can affect its occupational health and safety management system and then address those that require further attention. External issues include the following:

  1. The cultural, social, political, legal, financial, technological and economic conditions in which the company operates, whether at the international, national, regional or local level.
  2. The legislative framework in which the organization operates including statutory, regulatory and other forms of legal requirements, Competition and market conditions.
  3. Relationship with contractors, suppliers, partners and other external interested parties.
  4. Key drivers and trends of relevance to the industry or sector in which the organization operates.

Internal issues include:

  1. The size and complexity of the organization and the nature of the activities carried out therein;
  2. The strategic direction of the organization, its policies, and objectives.
  3. Organizational governance and structure, roles and accountabilities.
  4. The capability and capacity of the organization in terms of resources, knowledge, and competence (e.g. capital, employee competencies, processes, systems, and technologies).
  5. Information systems: information flows and decision-making processes (both formal and informal) and the time frame within which they are accomplished.
  6. The process for introducing new products, materials, services, tools, software, premises, and equipment.
  7. Organizational style and the health and safety culture of the organization.
  8. The form and extent of contractual relationships, including, for example, outsourced activities.
  9. Working time arrangements.
  10. Working conditions;

An understanding of the organization and its context can be achieved at a strategic level by using techniques such as Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis, and Political, Economic, Social, Technological, Legal, and Environmental (PESTLE) analysis. Alternatively, depending on the size and complexity of its operations, the organization can use a simpler approach, such as brainstorming and asking, “what if” questions. A formal process or documented information is not required in order to satisfy the requirements of this sub-clause – the onus is on each organization to adopt the approach best suited to its circumstances. However, the process adopted by the organization to develop an understanding of its context should guide its efforts to plan, implement, maintain and continually improve its occupational health and safety management system. It is recommended that the organization documents and periodically updates the process and its results as needed. The results can be used to assist the organization in:

  1. Setting the scope of its OH&S management system.
  2. Determining the risks and opportunities that need to be addressed. /li>
  3. Developing or enhancing its OH&S policy.
  4. Establishing its OH&S objectives.
  5. Fulfilling its compliance obligations.

Clause 4.2: Understanding the Needs and Expectations of Workers and other Interested Parties

The organization must determine the other interested parties, in addition to workers, that are relevant to the OH&S management system. The organization must also determine the relevant needs and expectations (i.e. requirements) of workers and other interested parties. The organization must also identify the needs and expectations which could become legal requirements and other requirements.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

Interested parties in addition to workers can include:
a) legal and regulatory authorities (local, regional, state/provincial, national or international);
b) parent organizations;
c) suppliers, contractors, and subcontractors;
d) workers’ representatives;
e) workers’ organizations (trade unions) and employers’ organizations;
f) owners, shareholders, clients, visitors, local community and neighbors of the organization and the general public;
g) customers, medical and other community services, media, academia, business associations and non-governmental organizations (NGOs);
h) occupational health and safety organizations, occupational safety and health-care professionals.
Some needs and expectations are mandatory; for example because they have been incorporated into laws and regulations. The organization may also decide to voluntarily agree to, or adopt, other needs and expectations (e.g. subscribing to a voluntary initiative). Once the organization adopts them they are addressed when planning and establishing the OH&S management system.

This requirement addresses the desires and demands of all those who may have interest in the organization and could impact its mission and who, in turn, should then influence its OHSMS It asks those seeking ISO 45001 certification to have an ongoing system for determining these influences.

Clause 4.1 requires the organization to understand the internal and external issues that can impact in a positive or negative manner on its health and safety performance including, inter alia, organizational culture and structure, and the external environment including cultural, social, political, legal, financial, technological, economic, market competition and natural factors of significance to its performance. Consideration of the above will aid the identification of interested parties and their needs and expectations. ISO 45001 defines an interested party or stakeholder as “a person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity”. ISO 45001 requires the organization to determine:

  • The other interested parties, in addition to workers, that are relevant to the OH&S management system.
  • The relevant needs and expectations or requirements of workers and other interested parties.
  • Which or these needs and expectations are or could become legal and/or other requirements

Interested parties in addition to workers can include:

  • Legal and regulatory authorities such as the Health and Safety Authority HSA/Health and Safety Executive HSE;
  • Kuwait Agency for Safety and Health at Work.
  • Owners, shareholders, the parent company.
  • Suppliers, contractors and subcontractors.
  • Workers’ representatives such as safety representatives/safety councils/health and safety committee.
  • Trade unions and employers’ organizations.
  • Clients.
  • Visitors.
  • Local community and neighbors of the organization.
  • The general public.
  • Medical and emergency services.
  • The media.
  • Non-governmental organizations (NGOs)

Occupational health and safety organizations such as IOSH Occupational safety and health-care professionals. Some needs and expectations are mandatory because they have been incorporated into laws and regulations. For example, the Safety, Health, and Welfare at Work (Chemical Agents) Regulations 2001 and the Control of Substances Hazardous to Health Regulations 2002 (COSHH) require the organization, if applicable, to ensure that the exposure of employees and other persons to hazardous substances is either prevented or adequately controlled. The organization must assess the risks posed by hazardous substances to decide what precautions are needed to prevent or adequately control exposure. It must also ensure that the control measures are used and maintained. If necessary, exposure of employees to hazardous substances should be monitored and appropriate medical surveillance should be carried out. Plans and procedures should be prepared to deal with accidents and incidents that involve hazardous substances. Employees should be properly informed, trained and supervised.

The organization may also decide to voluntarily agree to, or adopt, other needs and expectations such as subscribing to a voluntary initiative. Once the organization adopts these needs and expectations they are addressed when planning and establishing the OH&S management system. Employees indubitably constitute the organization’s most significant interested party, whose needs and expectations must be identified and addressed. The organization should seek out their views on health and safety concerns regarding work activities, products or services. It should follow up on inquiries, requests, complaints or suggestions made by employees to learn more about their expectations. The health and safety committee is an excellent forum for the gathering and evaluation of workers’ concerns. The organizations should take the time to understand the relevant interested parties’ needs and expectations and determine the ones that are relevant to the OH&S management system and should be addressed.

Clause 4.3: Determining the Scope of the OH&S Management System

The organization must determine the boundaries and applicability of the OH&S management system to establish its scope. When determining this scope the organization must consider the external and internal issues and take into account the legal and other requirements identified from needs and expectations of workers and other interested parties. The organization must take into account the planned or performed work-related activities. The OH&S management system must also include the activities, products, and services within the organization’s control or influence that can impact the organization’s OH&S performance. The scope must be documented.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

An organization has the freedom and flexibility to define the boundaries and applicability of the OH&S management system. The boundaries and applicability may include the whole organization, or (a) specific part(s) of the organization, as long as the top management of that part of the organization has its own functions, responsibilities, and authorities for establishing an OH&S management system.
The credibility of the organization’s OH&S management system will depend upon the choice of the boundaries. The scope should not be used to exclude activities, products, and services that have or can impact the organization’s OH&S performance, or to evade its legal requirements and other requirements. The scope is a factual and representative statement of the organization’s operations included within its OH&S management system boundaries that should not mislead interested parties.

Because of the above more wide-ranging franchise, the standard requires the scope of the OH&S to potentially be widened to include how the needs of those relevant groups noted above can be addressed within the OH&S as it delivers its products and services.
Define the Scope of your OH&S. The scope of the OH&S Management System must be defined; what parts of the workplaces associated with the plant/factory and the office/administration are included in the system.
Once the scope is defined, an organization must include in the OH&S management system the activities, products, and services that it controls or influences and that can impact its OH&S performance. Clause 4.1 requires the organization to understand the internal and external issues that can impact in a positive or negative manner on its health and safety performance including, inter alia, organizational culture and structure, and the external environment including cultural, social, political, legal, financial, technological, economic, market competition and natural factors of significance to its performance. Clause 4.2 requires the organization to identify relevant interested parties and their needs and expectations.

Once the organization has determined and assessed its internal and external issues and identified the needs and expectations of relevant interested parties, including its workforce, it should then define the boundaries and applicability of the OH&S management system. The scope of the OH&SMS can include the whole organization, or specific and identified functions or sections of the organization. Therefore, if the organization makes a statement that it conforms to ISO 45001, then it must make the scope of the management system available so that interested parties clearly understand what parts of the organization are covered. The scope of the management system should include everything under the organization’s control or influence that could impact its OH&S performance. The credibility of the organization’s OH&S management system will largely depend on the extent of the defined boundaries. Under no circumstances should the scope be used to exclude activities, products or services that have or could have the potential to impact the organization’s OH&S performance, or to evade its legal and other requirements. An inappropriately narrow or exclusive scope could undermine the credibility of the organization’s OH&S management system with its interested parties and reduce its ability to achieve the intended outcomes of the occupational health and safety management system. The scope is a factual statement of the organization’s operations or business processes to be included within its OH&S management system boundaries. Once the scope is defined, the concept of ‘organization’ is limited to what the scope covers, e.g. if the scope of the OH&S management system is limited to a particular function or section of the organization, the remainder of the organization is then considered to be an external provider or other interested parties. The organization should maintain the scope of the OH&S management system as documented information and make it available to interested parties. There are several methods for so doing, e.g. using a written description, inclusion on a site map, an organizational diagram, a webpage, or posting a public statement of its conformity. When documenting its scope, the organization should consider using an approach that identifies the activities or processes involved, the products or services that ensue, and the location(s), where they occur.

An example of how a scope could be derived

Company Overview

LLL is an electronic controller, power supply manufacturer, and installer within passenger and goods lifts within buildings. This extends to industrial settings, including petrochemical and mines. The business is based in  Kuwait. Kuwait is well placed geographically to act as the gateway to the Persian Gulf, the European continents and Africa. Situated in the northern edge of Eastern Arabia at the tip of the Persian Gulf, it shares borders with Iraq and Saudi Arabia. There are good aviation links to America and Europe.

Our company growth strategy is linked heavily with the construction, petrochemicals and mining markets within differing jurisdictions. Our fiscal growth play requires the business to grow with a projected Turnover from 7m KWD to 7.5 KWD within two years and an increase in profit from 8% to 11%. Other strategies may result in a move to base the organization within more preferential tax regimes to assist in the growth and profit objectives. The growth plan will require engagement as tier one suppliers, into established and specialist lift manufacturers, in addition to developing a reputation as installers of lift power supplies and controllers into hazardous environments. It is therefore crucial that not only must our products be suitable for those environments, but also our installation teams must perform well within high safety performance cultures and be capable of immediate compliance with the safety requirements of our customers. Offices for installation and commissioning teams will be established in the main conurbations. Technical sales support for specifiers and lift manufacturers will be country based.

The company enables its customers to meet their compliance requirements of  ISO 45001, local and government legislation and regulations. The OH & S  Management System (OH & S MS) serves to formalize the policies, processes and operating standards that will apply to the company’s employees, partners, and contractors. Successful growth would permit the penetration into wide markets with an objective to standardize controllers. Afiersales service is therefore critical to our reputation and growth. Combining this with our expertise in the local, regional and national markets gives us increasing leverage in sales through our undoubted ability to produce bespoke solutions at short notice and compliant with hazardous environments.

The global perspective of the business demands that we not only comply but exceed the requirements of national laws. LLL is to earn a reputation as an ethical employer. Whilst an excellent work ethic is to be expected from our employees, overwork will not be tolerated. The management of work-related upper disorders (WRULD) and matters such as absenteeism, through stress management, are vital to our success. Our Human Resources Department with be active and instrumental in achieving this goal. Our reputation for safety leadership is such that we must be seen to occupy center stage amidst our competitors and be perceived as such by our valued customers.

External and Internal Issues

The company determines the external and internal issues that are relevant to its purpose and strategic direction and that affect its ability to achieve the intended results of the OH&S MS. Consideration is given to the:

  • Positive and negative factors or conditions.
  • External context and issues, such as legal, regulatory, technological, competitive, cultural, social, political and economic environments.
  • Internal context and issues, such as values, culture, organization structure, knowledge and performance of the business.
  • Determination and requirements of the needs and expectations of interested parties relevant to the OH&S MS.
  • Authority and the ability to exercise control and influence.
  • Activities, products, and services are relevant to the business.
  • Documented information is retained as evidence to support that the context of the organization has been taken into account in the OH&S MS.

External issues

1.Purpose of the Company

The vision of the company is to become the predominant partner for lifi controllers and power supplies in high hazard industries and to develop equipment and techniques that are considered the safest in the world. This is to be enhanced with reliable staff to install and where necessary maintain their installations. External issues relevant to health and safety are identified below. Risks and opportunities associated with these are contained in the organization’s risk assessments.

2. Site Context

The company operates manufacturing, research center, and an installation team. (Issue: Legal Compliance)
The legal environment in Kuwait contains, amongst other things, statutory requirements contained in the Occupational Health and Safety Act. Health and safety statutory regulations are enforced within Kuwait and civil liability may attach to incidents within the workplace. The structure of safety is not dissimilar to that within the UK and therefore given the very extensive provisions for health and safety within the UK, it is considered that UK legislation and practice will be adopted unless this fails to satisfy Kuwait requirements, in which case the more demanding requirements will be met. The Department of Occupational Safety and Health regularly inspects operators, responds to complaints. (Fines and legal costs)

3. Market Pressures

In recent years, the company has had an increase in requests from customers for its safety record and control methodology. This has especially been the case where there has been a need to install on site and to supply to the petrochemical and raw material processing industries. Also of note, are high profile architectural skyscrapers with attendant security controls.

Reliability of components is regarded as being equally important to customers as health and safety, during construction and maintenance. LLL has not been able to respond adequately to requests for information and has failed prequalification on a number of instances. (Stakeholder complaints, evaluation of compliance with customer requirements).

Guidance documents on health and safety responsibilities have been published by relevant local industry trade associations and the Department of Occupation Safety and Health (DOSH) and the company is beginning to make use of those. (Concern: Stakeholder complaints legal compliance)

In response to international market pressures and to ensure that the company’s stakeholder needs were being met, the management of the company authorized the implementation of a health and safety management system that meets the requirements of ISO 45001:2018. The company decided not to acquire third-party certification of the system. (Loss of stakeholder confidence)

4. History

The company was formed 40 years ago and has always operated at the  Ahmedi. Early production focused on servicing local and regional customers. More latterly, with increasing demand for high-quality products and site-based installation and service, demand has grown into more complex installations. Company expansion followed and the company now holds a number of key accounts with property owners, construction companies and one petrochemical organization, though inquiries are increasing from the petrochemical and mining sectors. (Legal compliance, not meeting stakeholder interests)

Internal Issues

The company already had an integrated management system which incorporates quality and environmental management. The company started developing its formal health and safety management system last year. The Head of SHEQ was initially charged with the responsibility of implementing the system by the Board. Later, responsibility for the management system was given to a new post (Health and Safety Manager). The Head of SHEQ has overall responsibility for maintaining any documents as part of the integrated environment, health and safety and quality system. Consequently, the head of HSEQ wrote most of the health and safety documents including risk assessments, processes, and procedures. Time pressures effectively excluded any practical contribution from other managers. (Lack of consultation & participation, culture & loss of staff and associated competence)

LLL employ 255 personnel of which: 20 are in R&D and testing; 140 personnel work over three shifts within the manufacturing center; 50 Installation team; 20 Delivery and distribution and 25 Sales. Kuwait has a legal structure of Acts, Regulations, and Guidance for the management of health and safety. The requirements of LLL and their partners is to comply with local legalization and additional good practice. There is also a requirement to implement and monitor corporate objectives. These corporate objectives are provided on the 1 January each year to the Managing Director of its Holding company.

The manufacturing process

LLL designs, develops, assembles, transports, installs, commissions, and maintains lift controllers and associated items for passenger and goods lifis. It also arranges transportation of the finished product to the Asian market. Approximately 20% of the site is taken up by the Prospect Heights Factory, of which the ground floor is entirely occupied by the assembly and materials storage areas including finished product. There is very little space to spare, and stores on site are kept to a minimum, relying on ‘just in time (lean)’ delivery of materials. First floor offices contain production administration, Sales & Purchasing, Executive functions, and staff canteen facilities. A separate R&D testing laboratory for developing controllers and switchgear is also present.

Occasionally work is carried out over the weekends, mainly for maintenance or to accommodate extra work for urgent, complex or large orders. Key components are bought into the company; frames are cut to size, electronic printed circuit boards (PCB’s) are designed; PCB boards are made by an outsourced supplier, and then populated; inserted into cabinets; moved to the test areas; tested; packaged and sent to site for either installation by subcontractor or installation by LLL installation team. In addition, research and development of electronic controllers take place within established test areas; as does bespoke design and population of printed circuit boards. The organization hopes to corner the market with their unique design for controllers and therefore the R&D function is critical to their business success. The key steps in the manufacturing process are:

  1. Designers or technical sales gather key performance data for the desired product. This is passed to the production players who determine the through-put into the production department and associated delivery dates.
  2. The printed circuit boards are requested from specialist supplies; the boards are checked for defect and provided to production to populate with electronic components. This process can take some time to achieve.
  3. The populated boards are passed through the wave solder machine. There are a number of issues in connection with this machine. There is fume from the solder and on occasion, the machines have to be cleaned. There are fire risks and burn risks all of which is managed successfully through good practice and PPE.
  4. Completed circuit boards are sent to QA for checking and QC.
  5. The full-size plan for the design for the frame and panel is printed out with a plotter and used as a full-size template. The production team lay this out on benches and begin to cut components to size and construct the frame, We have many problems with backs and long period spend doing this seem to create H&S issues.
  6. Steel channel is cut to size with cutting wheels.
  7. A hole is drilled to receive the electrical components.
  8. The electrical components are secured onto the frame ready for wiring. The wiring process is very fiddly and some employees only wish to do this for short periods.
  9.  All electrical components are degreased before final location into the frame. This is often completed by hand using turpentine. Again some employees complain of dermatitis although we believe that the cause lies outside of the work environment.
  10. The assembled frame is mechanically or manually handled into the cabinet. This involves some manual handling.
  11. The cabinet is wheeled on a trolley into the test area where it is tested and electrically H&S checked.
  12. It then moves to the packaging and dispatch area for palletizing and loading onto lorries as required.
  13. All components are kept inside the manufacturing area as adverse atmospheric conditions may detrimentally affect individual components.

Cassettes for populating the printed circuit boards with the smaller components. The larger components are inserted manually.

Wave solder machine for lead-free soldering. The apron is worn when cleaning the machine. There have been problems with the ventilation but this has not affected production.

Assembly area for producing controller boxes. This requires the use of abrasive wheels. There can be sparks that occur from the cutting and noise is only a problem in short bursts.

Tool bench and jig table for assembly of panels.

 Assembly of the electronic relays and switches. Stooping over the benches for hours is required.

Cables reels on a freestanding jig with other tools and equipment to construct electronic panels.

Open panel ready to receive the electrical components

Assembled frame put into the cabinet. View of the internal electronic controls (relays and switches).
Transporting panels within the factory on trolleys.
Panels for testing within the test center located with R&D
Forklift trucks located at goods in for loading and unloading components and panels .
Interested Party Needs, Expectations, and Issues
Owners/Shareholders
  • Have a growing business that provides the profit.
  • Be well governed and well managed.
  • Want staff to enjoy their work, be challenged, perform their job competently and meet the company and customer requirements.
Customers
  • Value for money.
  • A simple solution that manages compliance easier.
  • Implementation of the product in-line with customer expectations.
  • Receive responsive support.
  • Delivery of free content to educate around compliance.
Suppliers/Contractors
  • Ongoing and secure work.
  • To be paid on time.
  • The clear understanding of requirements.
  • Constructive feedback.
  • Want to provide services/products to a reliable, reputable and financially viable business
Partners
  • Make them more financially secure through additional revenue from Mango sales.
  • Enable them to change their business model from hour-based to value-based income.
  • Want a solution that they can sell, promote and support that will assist their client’s to manage compliance.
  • Provide great support and knowledge to help them support their customers.
Employees within business
  • Job security.
  • The salary for work performed.
  • Flexible work hours.
  • A clear understanding of their role and responsibilities.
  • Able to raise issues of concern and provide constructive feedback.
  • Good, friendly work environment.
  • To feel valued and appreciated.
  • Opportunities for personal development.
Regulators
  • To meet the required laws and regulations.
  • To submit all tax obligations accurately and on time.
  • To maintain high standards of corporate governance.
Community
  •  Good corporate citizen.
  • Diversity of employees

Vision, Mission, and Values

Vision: “Gets everyone involved and participating in QHSE”
Mission: Makes compliance enjoyable.
Values: Our customers’ are successful in compliance

Strengths Weaknesses
  • Provider of a great quality product.
  • Provider of great support for the product.
  • Responsive development to market requirements.
  • Responsive to identified software issues.
  • The depth of knowledge of the buyer’s persona.
  • Regular delivery of free content.
  • Low client turnover relative to the industry.
  • Quick deployment of product post sales.
  • Deep knowledge of customer’s pain
  • Adaptable, responsive and able to make decisions.
  • Flexible to meet a wide range of customer service issues.
  • Open to suggestions for improving the product
  • Owners have recognized the need to have external expertise to grow the business.
  • Looking at ways of improving the business.
  • Identification of good partners to meet our standards/ requirements.
  • Managing and review partner performance
  • Too operational and not strategic enough for partners
  • Reliance on key employees within the business.
  • Time poor in a few key areas.
  • Don’t have strong relationships with industry players.
  • Measurable marketing outcomes based on known starting points
Opportunities Threats
  • Changes to standards in our core markets:  ISO 45001, H&S Act, Food Safety.
  • New technologies
  • Partnering with other solutions: Software and Hardware
  • New focussed markets.
  • Certification to ISO 45001 will open up other market opportunities through the marketing of the process.
  • More marketing via additional platforms
  • To educate the industry in compliance.
  • Competition
  • Technology

Key Business Strategies

Strategies Description
Develop business processes to accommodate the expected growth.
  • Develop and implement business processes that are suitable for business.
  • Achieve certification to ISO 45001.
  • Transfer of knowledge to partners and employees for all key processes.
  • Use technology to manage as many processes as appropriate
Improve the efficiency and effectiveness of the core processes
  • Identify the core processes (i.e. development and release, sales, marketing, implementation, support)
  • Identify new ways (e.g. lean techniques) of doing the core processes.
  • Update and embed the core processes to ensure knowledge is retained
Personnel to be capable of delivering the growth for the business
  • Key leadership personnel to be capable of leading and managing their staff.
  • Competency gaps to be identified by leadership personnel
  • Personnel to be assessed as competent for their role
  • Personnel to receive training for the role
  • Personnel to receive appropriate experience to do the role
Grow market share in all markets
  • Identify and train new partners
  • Continuously review partner performance
  • Identify changes to legislation, standards, and regulation
  • Identify key market verticals in each jurisdiction
  • Increase the number of qualified lead by creating more content and delivery across multiple channels
  • Improve the sales conversion rate from qualified leads to sale

Scope

Our health and safety management system address all employees and customers affected by the manufacture and installation of our lift controllers and power supplies to our customers. The OH & S MS describes how the company requirements are to be addressed throughout its operations and addresses the requirements of ISO  45001:2018.

—————————End of example—————————————

Clause 4.4: OH&S Management System

The organization must establish, implement, maintain and continually improve an OH&S management system, including the processes needed and their interactions, in accordance with the requirements of this document.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:

The organization retains the authority, accountability, and autonomy to decide how it will fulfill the requirements of this document, including the level of detail and extent to which it:
a) establishes one or more processes to have confidence that it (they) is (are) controlled, carried out as planned and achieve the intended outcomes of the OH&S management system;
b) integrates requirements of the OH&S management system into its various business processes (e.g. design and development, procurement, human resources, and sales and marketing).
If this document is implemented for a specific part(s) of an organization, the policies and processes developed by other parts of the organization can be used to meet the requirements of this document, provided that they are applicable to the specific part(s) that will be subject to them and that they conform to the requirements of this document. Examples include corporate OH&S policies, education, training and competency programmes, and procurement controls.

An organization must establish, implement, maintain and continually improve an OH&S management system, including the processes needed and their interactions, in accordance with the requirements of ISO 45001. Learn more about what a process approach is.
For the OH&S Management System, the organization can decide how it will fulfill the requirements of ISO 45001, including the level of detail and extent to which it will:
Integrate requirements of the OH&S management system into its various business operations, such as design & development, procurement, human resources, sales, and marketing, etc.
Incorporate the issues associated with its context (4.1), its interested party requirements (4.2) and the scope (4.3) of its OH&S management system. Make use of policies and processes developed by other parts of the organization such as corporate OH&S policies, document management system, competency programs, procurement controls, etc. Document the process properly, including updates, and making it available to all involved. Clause 4.4 requires the organization to establish, implement, maintain and continually improve its OH&S management system, including the processes needed and their interactions. The OH&S management system should reflect the context of the organization, be proportionate to its size and complexity and be properly resourced. An OH&S management system should be viewed as an organizing framework that should be continually monitored and periodically reviewed to provide effective direction for an organization’s responses to changing internal and external issues. The OH&S management system should be aligned and integrated with other business processes to ensure that OH&S performance is not compromised in order that other business objectives can be achieved, e.g. sacrificing health and safety at the expense of achieving productivity objectives. It is imperative that OH&S requirements are aligned and integrated with the organization’s management practices and business processes.  For example, if an organization conducts an annual strategic review of its market position, customer needs and expectations, and business performance, then it is more effective to incorporate an understanding of the internal and external issues that can impact on its health and safety performance, interested party needs and expectations, and OH&S performance into that process.  By doing so, occupational health and safety issues can be evaluated in light of the organization’s strategy, and OH&S initiatives can be aligned with other business imperatives. The organization should consider the application of a PDCA approach towards its OH&S management system as follows:

  • Plan – decide what the organization wants to achieve (considering internal and external issues, the needs of interested parties, and risks and opportunities), and put in place the necessary processes and resources.
  • Do – put the plans into action.
  • Check – monitor and measure processes and performance against requirements and what you want to achieve.
  • Act – take actions to deal with nonconformities and to improve OH&S performance.


OH & S-Process
process map

ISO 45001:2018 GAP ANALYSIS TOOLS

The following check list can be used for both internal audit as well as  a Gap Analysis tools.
Gap analysis

1. In Site

Checklist  OBSERVATIONS
OHS Planning
Do you have a current Occupational Health and Safety plan?
Is a dedicated budget allocated for OHS programs?
Is OHS awareness promoted by ensuring local standards and practices comply with legislative requirements, University procedures and guidelines?
Roles and Responsibilities
Is there a Safety Officer appointed for the unit? Please name
Is there a Health and Safety Representative elected for the designated work group (DWG)? Please name:
Has a First Aid Coordinator been appointed to your unit?Please name:
Has the monitoring of Occupational Health and Safety responsibilities, accountabilities and obligations of managers and supervisors, academics and professional been documented?
Have annual work or development goals been entered into all staff “KPI’s?
Communication and Consultation
Is OHS a standing agenda item at all work area meetings?
Are staff in your area notified of local OHS committee meetings?
Do staff receive requests for agenda items for OHS committee meetings?
Are minutes of OHS meetings made accessible to all staff?
Does your work area follow the OHS procedures for consultation?
Training
Do you have a system to identify OHS training requirements for all staff?
Have all staff with safety roles (including managers and supervisors) undertaken all required OHS training?
Do all staff complete a  OHS induction that has been developed in accordance with the Local Induction procedure?
Do all Contractors and Visitors complete a local OHS induction that has been developed in accordance with the OHS Induction procedure?
Workplace inspections
Are workplace inspections carried out in all of the work areas each year?
Have workplace inspection findings been forwarded to the OH&S unit and added to your corrective actions register?
Wellbeing
Is there someone responsible for coordinating wellbeing programs in your unit?
Does your unit have a wellbeing program/ initiative in place? Please list
Electrical safety
Has electrical equipment been tested and tagged according to OHS requirements?
Machinery or Equipment
Does your unit use machinery/equipment (other than personal computers and office equipment)?
Does your unit have a plant register?
Are electrical high voltage equipment protected by RCD or lock out mechanisms?
Is all machinery adequately equipped with guarding and emergency stop capabilities?
Do certain types of machinery require clearance zones for safe operation?
If you supply machinery/ equipment to other areas  has this been risk managed?
Gas cylinders
Are all gas cylinders controlled by your unit ‘in use’?
Is there a procedure for the storage and handling of gas cylinders?
Are gas cylinders stored according to Muncipal  guidelines?
Chemicals
Does your unit use chemicals, e.g. for work procedures, cleaning, teaching, research, preparation of materials?
Are local procedures in place for unattended chemical reactions?
Does your unit use any scheduled carcinogens?
Is there a procedure for storage and handling of scheduled carcinogens?
Have the appropriate health surveillance measures been identified from a risk assessment?
Do you supply chemical substances to other areas?
Do you supply a Safety Data Sheet (SDS) for the chemical substances you supply?
Are chemicals stored according to Monash University storage limits for dangerous goods?
Do you have a process for labelling stored (including fridges and freezers) and decanted chemicals?
Are the dangerous goods storage cabinets functioning according to the manufacturing standards?
Is there a process for regular testing of safety showers?
Lasers
Has your unit appointed a laser safety officer?
Does your unit have an established system for local training on?
Does your unit have an established system for authorisation of users of lasers?
Does your unit have a system to control access to lasers? (door interlocks, emission indicators)
Does your unit require laser eye exams for students and staff that work with  lasers?
Radiation
Have you notified Occupational Health and Safety of all radioactive sources in use?
Has your unit appointed a radiation safety officer (RSO)? Please name
Are radioactive sources and apparatus registered as required under the Radiation Act?
Does your unit have a purchasing procedure for radioactive substances, sources and apparatus to ensure the appropriate licenses are in place before purchasing?
Does your unit have a system to monitor staff and student exposure to ionising radiation (e.g. personal radiation monitoring badges)?
Does your unit have a system to control access to radioactive sources and X-ray units, e.g. locked cupboards or laboratory, log books, etc.?
Does your unit have established procedures for the disposal of radioactive waste that it generates?
Biologicals and Animals
Have immunisation requirements been identified?

2. Legal & Regulatory Requirements

Checklist for Legal & Regulatory Requirements  OBSERVATIONS
Are they aware of the regulatory requirements the company is subject to?
Have any conditions been set for these regulatory requirements?
What consents are applied to the site? Who keeps these?
Have there been any instances of non-compliance and if so what was the outcome?
Are there any Industry Sector Codes which you should comply with?

3. Noise

Checklist for Noise  OBSERVATIONS
Do you regularly measure the level of noise throughout your organisation?
Is it within acceptable limits?
Do you have a regular monitoring programme?
Are records maintained?

4. Odour

Checklist for Odour  OBSERVATIONS
Do your processes permit the release of odour?
Do you have criteria for acceptability?
What steps are taken if this criterion is exceeded?
Are records maintained?

5. Dust

Checklist for Dust  OBSERVATIONS
Is there a likelihood of dust emissions?
If so how is this contained?

Clause 4: Context of the organization

Clause 4.1 Understanding the organization and its context

Requirements  Objective evidence / Remarks
1) Have you determined external and internal issues that are relevant to your purpose and your strategic direction and that affect your ability to achieve the intended outcomes of your Occupational Health and Safety Management System?
2) How do you monitor and review information about these external and internal issues?
Evidence/Action Required
There are many internal and external issues that affect, or have the potential to affect, the OH&S management system. It is imperative these are identified so that there is clear understanding and appreciation of the operating environment.
Ensure that OH&S-related internal and external factors and conditions have been identified that could affect, or be affected by, your organisation’s activities. Ensure that any significant risks and opportunities been identified. What drives the OH&S culture of your organization?
Using the SWOT and PESTLE analysis templates, undertake an analysis of internal and external issues. This provides clear evidence that a comprehensive process has been carried out to understand the context within which your organization operates. This activity will also help to determine the scope of OH&S management system as required under Clause 4.3 and 9.3b.
Examples of external issues suitable for PESTLE analysis include:
1. Pressure groups and worker unions;
2. Insurers and stakeholder views;
3. Economic conditions;
4. Social expectations and political priorities;
5. Legislation and enforcement;
6. National/international agencies.
Examples of internal issues suitable for SWOT analysis include:
1. Structure, accountabilities, competence, commitment and control;
2. New products, contractual issues, cooperation and communication.

Clause 4.2 Understanding the needs and expectations of interested parties

Requirements  Objective evidence / Remarks
1) Have you determined the following:
a) the interested parties in addition to workers that arerelevant to the Occupational Health and Safety Management System?
b) the needs and expectations of these interested parties that are relevant to the Occupational Health and Safety Management System?
c) which of these needs and expectations are, or could become legal requirements and other requirements?
2) How do you monitor and review information about these interested parties and their relevant needs and expectations?
Evidence/Action Required
Interested parties are stakeholders – any individual or organization that can affect the OH&S management system, or any individual or organization that the management system can affect. In both cases, the effect can be negative as well as positive.
Who might affect or be affected by your activities and what their relevant and significant interests might be? Have you taken their needs into account within the OH&S management system?
1. Needs and expectations of both managerial, and non-managerial workers, and workers representatives (where they exist);
2. Affect OH&S management system or which perceive themselves to be affected by OH&S system (A.4.2);
3. Worker and appropriate workers’ representatives;
4. Legal and regulatory authorities;
5. Parent organizations;
6. Suppliers, co-contractors and subcontractors;
7. Workers’ organizations (trade unions) and employers’ organizations
8. Owners, shareholders, clients, visitors, local community, neighbours, general public;
9. Occupational health and safety organizations; occupational safety and health-care professionals (e.g., doctors, nurses).
The first task in meeting the requirements of this clause is to identify all the stakeholders and interested parties and undertake a comprehensive stakeholder analysis. The Stakeholder Analysis template will also provide useful information that will further underpin the requirements of Clause 4.3, 6.1 and 9.1.2.

Clause 4.3 Determining the scope of the OH & S management system

Requirements  Objective evidence / Remarks
1) Have you determined the boundaries and applicability of the OH&S management system to establish your scope?
2) When determining the scope of the OH&S management system how did you consider:
a) the external and internal issues referred to in 4.1?
b) the requirements of relevant interested parties referred to in 4.2?
c) take into account the planned or performed work related activities?
3) Is the scope available as documented information?
Comments 
The scope and boundaries of the OH&SManagement Systemmust now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the OH&SManagement Systemfunctions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the OH&SManagement Systemand kept critically as “documented information.”

Clause 4.4 OH & S Management System

Requirements  Objective evidence / Remarks
1) Have you implemented and have the system in place to maintain and continually improve your OH&S management system, including the processes needed and their interactions, in accordance with the requirements of ISO 45001?
Comments 
There is now a greater focus on the OH&S processes and the associated documentation. The Process Matrix template provides a useful tool for identifying and addressing the requirements of this clause. It provides useful evidence for demonstrating the processes that underpin OH&S activities.
It is also a useful planning tool in terms of providing input into the requirements of other clauses including those associated with risk, planning, resources, and the monitoring and measuring of outputs of the management system. The process matrix can be a useful artefact to present at audit.

Clause 5: Leadership

Clause 5.1 Leadership and commitment

How is it evident that Top Management is committed to OH & S and shows leadership?

Requirements  Objective evidence / Remarks
1) How does Top Management demonstrate leadership and commitment with respect to the OH&S management system:
a) taking overall responsibility and accountability for the prevention of work related injury and ill health, as well as the provision of safe and healthy workplaces and activities?
b) ensuring that the OH&S policy and related OH&S objectives are established for the OH&S management system and are compatible with the strategic direction of the organization?
c) ensuring the integration of the OH&S management system requirements into the organization’s business processes?
d) ensuring that the resources needed for the OH&S management system are available?
e) communicating the importance of effective OH&S management and of conforming to the OH&S management system requirements?
f) ensuring that the OH&S management system achieves its intended outcomes?
g) directing and supporting workers to contribute to the effectiveness of the OH&S management system?
h) ensuring and promoting continual improvement?
i) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?
j) developing, leading and promoting a culture in the organisation that supports the intended outcomes ofthe OH&S management system?
k) protecting workers from reprisals when reporting incidents, hazards, risks and opportunities?
l) ensuring the organisation establishes and implements a process(es) for consultation and participation of workers?
m) supporting the establishment and functioning of health and safety committee?
Evidence/Action Required
Minor change. Is top management engaged and leading OH&S, rather than delegating to someone further down your organisation. Are workers being involved directly to protect, improve performance, and support the OH&S system.
1. Ensuring that the OHS policy and OHS objectives are established and are compatible with the strategic direction of the organisation;
2. Integrating the OHS management system requirements into the organisation’s business processes;
3. Providing the necessary resources for the OHS management system;
4. Communicating the importance of effective OHS management;
5. Directing and supporting persons to contribute to the effectiveness of the OHS management system;
Assisting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

Clause 5.2 OH & S Policy

Seek objective evidence for top management’s involvement in establishing, implementing and maintaining an environmental policy.

Requirements  Objective evidence / Remarks
1) Have top management established, implemented and maintained a OH&S policy that:
a) includes a commitment to provide safe and healthy working conditions for the prevention of work related injury and ill health and is appropriate to the purpose, size and context of the organisation and to the specific nature of its OH&S risks and opportunities?
b) provides a framework for setting OH&S objectives?
c) includes a commitment to fulfil legal requirements and other requirements?
d) Includes a commitment to eliminate hazards and reduce OH&S risks?
e) includes commitment to continual improvement of the OH&S management system?
f) includes a commitment to consultation and participation of workers, and , where they exist workers representative?
2) Is the OH&S policy
•available as documented information
• communicated within the organisation
• available to interested parties
• relevant and appropriate?
Evidence/Action Required
Enhanced requirements from the 2007 version: more attention to be paid to the communication and participation of workers, across the organization.
Organizations must commit to “satisfy” legal and other requirements and must apply the hierarchy of controls to OH&S risks. The policy must be available as documented information.
Update your safety policy statement to emphasise communication and the participation of workers, across the organization; commit to satisfy legal and other requirements; commit to the hierarchy of controls to OH&S risks.

Clause 5.3 Organizational roles, responsibilities and authorities

Requirements  Objective evidence / Remarks
1) Does top management ensure that the responsibilities and authorities for relevant roles within the OH&S management system are assigned, available as documented information, communicated and understood at all levels within the organization?
Do workers assume responsibility for those aspects of the OH&S management system for which they have control?
Has top management assigned the responsibility and authority for:
a) ensuring that the OH&S management system conforms to the requirements of ISO 45001?
b) reporting on the performance of the OH&S management system to top management?
Evidence/Action Required
Top management can delegate tasks but not responsibility. ISO 45001 requires personal involvement from top management in the OH&S management system. A traditional organization chart is still an excellent tool for illustrating reporting lines, but it is imperative that it is kept up to date, available as documented information, as both hard and soft copies. Auditors frequently use the organization chart as a starting point for an audit because it should clearly illustrate the scope of the OH&S management system.

Clause 5.4 Consultation and participation of workers

Requirements  Objective evidence / Remarks
Has your organisation established, implemented and maintained a processes for consultation and participation of workers at all applicable levels and functions, and where they exist, workers representatives, in the development, performance evaluation and actions for improvement of the OH&S system?
Does the organisation:
a. provide mechanisms, time, training and resources necessary for consultation and participation?
b. provide timely access to clear, understandable and relevant information about the OS&H management system?
c. determine and remove obstacles or barriers to participation and minimise those that cannot be removed?
d. emphasize the consultation of non-managerial workers on the following:
1. determining the needs and expectations of interested parties?
2. establishing the OH&S policy?
3. assigning organisational roles, responsibilities and authorities, as applicable?
4. determining how to fulfil legal and other requirements?
5. establish and plan to achieve OH&S objectives?
6. determining applicable controls for outsourcing, procurement and contractors?
7. determining what needs to be monitored, measured and evaluated?
8. planning, establishing, implementing and maintaining an audit programme?
9. ensuring continual improvement?
e. emphasize participation of non-managerial workers in the following:
1. determining the mechanisms for their consultation and participation?
2. identifying hazards and assessing risks and opportunities?
3. determining actions to eliminate hazards and reduce OH&S risks?
4. determining competence requirements, training needs, training and evaluating training?
5. determining what needs to be communicated and how it is to be done?
6. determining control measures and their effective implementation and use?
Evidence/Action Required
 This clause has been substantially strengthened to capture and promote worker participation, engagement and communications.
Promote the participation of non-managerial roles within the OH&S system requirements, including incident investigations, risk assessments, plus control and monitoring activities including internal auditing.
Demonstrate the participation of non-managerial employees in OH&S management, including incident investigations, risk assessments, control and monitoring activities and internal auditing.

Clause 6: PLANNING

Clause 6.1 Actions to address risks and opportunities

Clause 6.1.1 General

Requirements  Objective evidence / Remarks
When planning for the OH&S management system, have you considered the issues referred to in 4.1 and the requirements referred to in 4.2 and 4.3 and determined the risks and opportunities that need to be addressed to:
a) give assurance that the OH&S management system can achieve its intended outcomes?
b) prevent, or reduce, undesired effects?
c) achieve continual improvement?
When determining the risks and opportunities for the OH&S management system and its intended outcome has the organisation taken into account:
• hazards
• OH&S risks and other risks
• OH&S opportunities and other opportunities
• Legal and other requirements?
Has your organization in its planning process determined and assessed the risks and opportunities relevant to the intended outcomes of the OH&S system associated with planned changes permanent or temporary before the change is implemented?
Does your organization maintain documented information on:
• risks and opportunities?
• the process and actions needed to determine and address its risks and opportunities to the extent necessary to have confidence that they are carried out as planned?
Evidence/Action Required
Ensure that the risks and opportunities from 4.1 are documented and that actions have been defined to take advantage of opportunities and mitigate the risks associated with the OH&S management system? Demonstrate that these actions have been effective. This information must be available as documented information.

Clause 6.1.2 Hazard identification and assessment of risks and opportunities.

6.1.2.1 Hazard identification

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained a process(s) for hazard identification that is ongoing and proactive? Do the processes take into account, but not be limited to:
a) how work is organised, social factors(including workload, work hours, victimization, harassment and bullying) leadership and the culture of the organisation?
b) routine and non-routine activities and situations, including hazards arising from:
1. infrastructure, equipment, materials, substances and the physical conditions of the workplace?
2. product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance and disposal?
3. human factors?
4. how work is performed?
c) past relevant incidents, internal or external to the organisation, including emergencies, and there causes?
d) potential emergency situations?
e) people, including consideration off:
1. those with access to the workplace and their activities, including workers, contractors, visitors and other persons?
2. those in the vicinity of the workplace who can be affected by the activities of the organisation?
3. workers at a location not under the direct control of the organisation?
f) other issues, including consideration of:
1. the design of work areas, processes, installations, machinery/equipment, operating procedures and work organisation, including their adaptation to
the needs and capabilities of the workers involved?
2. situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organisation?
3. Situations not controlled by the organisation and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace?
g) actual or proposed changes in organisation, operations, processes, activities and the OH&S management system?
Evidence/Action Required
 Ensure your organization’s hazard identification process considers:
1. Routine and non-routine activities and situations;
2. Human factors;
3. New or changed hazards;
4. Potential emergency situations;
5. People;
6. Changes in knowledge of, and information about, hazards.
In 6.1.1, there is a new requirement to identify opportunities, as well as:
1. Consideration of workers at a location not under the direct control of the organization;
2. Consideration of those in the vicinity of the workplace who can be affected by the activities of the organization;
Other issues including situations not controlled by the organization and occurring in the vicinity of the workplace that can cause ‘work-related’ injury or ill health.

Clause 6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system

Requirements  Objective evidence / Remarks
Has the organisation established implemented and maintained a process to:
a) assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls?
b) determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system?
Has the organisation’s methodologies and criteria for the assessment of OH&S risks been defined with respect to the scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way?
Does the organisation maintain and retain documented information on the methodologies and criteria?
Evidence/Action Required
Processes for the assessment of risk to the OH&S management system must be available as documented information and must consider day-to-day operations and decisions (e.g. peaks in work flow, restructuring) as well as external issues (e.g. economic change).
Methodologies can include ongoing consultation of workers affected by day-to-day activities (e.g. changes in work load), monitoring and communication of new legal requirements and other requirements (e.g. regulatory reform, revisions to collective agreements regarding occupational health and safety), and ensuring resources meet existing and changing needs (e.g. training on, or procurement of, new improved equipment or supplies).

Clause 6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system

Requirements  Objective evidence / Remarks
Have the organisation established, implemented and maintained processes to assess:
a) OH&S opportunities to enhance OH&S performance, while taking into account planned changes to the organisation, its policies, its processes and its activities and:
1. opportunities to adapt work, work organisation and work environment to workers?
2. Opportunities to eliminate hazards and reduce OH&S risks?
b) Other opportunities for improving the OH&S system?
Evidence/Action Required
 Legal requirements can result in risks and opportunities to the organization and may arise from mandatory requirements, applicable laws and regulations, voluntary commitments such as organizational and industry standards, contractual relationships, principles of good governance and community and ethical standards. Maintain documented information on legal, and other requirements.The needs and expectations from interested parties only become obligatory requirements for an organization if it chooses to adopt them.

Clause 6.1.3 Compliance obligations

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained processes to:
a) determine and have access to up to date legal requirements and other requirements that are applicable to the hazards, OH&S risks and OH&S management system?
b) determine how these legal requirements and other requirements apply to the organization and what needs to be communicated?
c) take legal and other requirements into account when establishing implementing, maintaining and continually improving its OH&S management system?
Does the organisation maintain and retain information on its legal and other requirements?
How does the organisation ensure its legal requirements are up to date and reflect any changes?
Evidence/Action Required
Legal requirements can result in risks and opportunities to the organization and may arise from mandatory requirements, applicable laws and regulations, voluntary commitments such as organizational and industry standards, contractual relationships, principles of good governance and community and ethical standards. Maintain documented information on legal, and other requirements.
The needs and expectations from interested parties only become obligatory requirements for an organization if it chooses to adopt them.

Clause 6.1.4 Planning action

Requirements  Objective evidence / Remarks
Does the organizations plan include:
a) Actions to address these risks and opportunities, address legal and other requirements and prepare for and respond to emergency situations?
b) How to integrate and implement the actions into its OH&S management system processes or other business processes?
Has the organization taken into account the hierarchy of controls and outputs and outputs from OH&S management system when planning to take action?
Does the organization take into account best practice, technological options and financial, operational and business requirements when planning its actions?
Evidence/Action Required
This is a new element of the standard. The essence is that it be clear how the management system addresses the risks, opportunities, compliance obligations and emergency preparedness and response measures arising from 6.1.2, 6.1.3 and 8.2.
This can take the form of control measures in the implementation section (8), or formulating objectives (including for improvement), as seen in 6.2.

Clause 6.2 Environmental objectives and planning to achieve them

Clause 6.2.1 Environmental objectives

Requirements  Objective evidence / Remarks
Your organization established OH&S objectives at relevant functions, levels that are needed to maintain and continually improve the OH&S management system?
Are the OH&S objectives:
a) consistent with the OH&S policy?
b) measurable or capable of performance evaluation?
c) take into account applicable requirements, the results of the assessment of risks and opportunities and the results of consultation with worker and workers representatives?
d) monitored?
e) communicated?
f) updated as appropriate?
Do you maintain and retain documented information on the OH&S objectives?
Evidence/Action Required
Are objectives compatible with the policy statement, OH&S risks and opportunities, business context and adequately resourced? Objectives and plans to achieve them must be documented.
There should be a record of who is responsible, agreed timings, measures in place to establish progress and whether they have been achieved.

Clause 6.2.2 Planning actions to achieve environmental objectives

Requirements  Objective evidence / Remarks
When planning how to achieve your OH&S objectives, has your organization determined:
a) What will be done?
b) What resources will be required?
c) Who will be responsible?
d) When it will be completed?
e) How the results will be evaluated including indicators for monitoring?
f) How the actions to achieve OH&S objectives will be integrated into the organisations business processes?
Do you maintain and retain documented information on the OH&S plans?
Evidence/Action Required
Objectives must support the policy requirements and have been considered in line with available resources. There should be detail of who is responsible, agreed timings and measures in place to establish progress and whether proposed achievements have been met.
Objectives and plans to achieve them should be maintained and retained as documented information.

Clause 7 Support

Clause 7.1 Resources

Requirements  Objective evidence / Remarks
Has your organization determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the OH&S management system?
Evidence/Action Required
Simply put, the standard advises the organization that the resources required to achieve the stated objectives and show continual improvement must be made available.

Clause 7.2 Competence

Requirements Objective evidence / Remarks
Has your organization:
a) determined the necessary competence of workers that affects the performance and effectiveness of the OH&S management system?
b) ensured that these workers are competent (including the ability to identify hazards)on the basis of appropriate education, training, or experience?
c) where applicable, taken actions to acquire and maintain the necessary competence, and evaluated the effectiveness of the actions taken?
d) retained appropriate documented information as evidence of competence?
Evidence/Action Required
Documented evidence of competence. Documented evidence that the effectiveness of training has been checked.

Clause 7.3 Awareness

Requirements  Objective evidence / Remarks
How does the organization ensure that workers are aware of:
a) the OH&S and objectives policy?
b) their contribution to the effectiveness of the OH&S system including the benefits of improved OH&S performance?
c) the implications of not conforming to the OH&S management system requirements?
d) Incidents and the outcomes of investigations that are relevant to them?
e) Hazards, OH&S risks and actions determined that are relevant to them?
f) the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so?
Evidence/Action Required
Are workers aware of policy requirements, hazards & risks relevant to them and their part in the OH&S performance, including results of relevant incident investigations?

Clause 7.4  COMMUNICATION

Clause 7.4.1 General

Requirements  Objective evidence / Remarks
How have you determined the internal and external communications relevant to the OH&S management system, including:
a) On what it will communicate?
b) when to communicate?
c) with whom to communicate:
1. Internally among the various levels and functions of the organisation?
2. Among contractors and visitors to the workplace?
3. Among other interested parties?
d) how to communicate?
How does the organisation take into account diversity (Gender, language, culture, literacy, disability) aspects when considering communication needs?
How are the views of interested parties considered in establishing communication processes?
In establishing communication processes has legal and other requirements been taken into account and that the information is consistent with other information generated from the system and reliable?
Who responds to relevant communications on its OH&S management system?
In what form is documented information retained as evidence of communications?
Evidence/Action Required
Participation and consultation are diffused through 45001, but this clause adds a requirement to consider what and why needs to be communicated and whether the communication was successful.
In ISO 45001 there must be a process to document what, when, with whom and how communication took place. Communication with contractors is also required based on 8.1.6.
Another new element is that the organization must ensure that the communicated information is reliable and is consistent with the information arising from the OH&S management system and is retained as documented information.

Clause 7.4.2 INTERNAL COMMUNICATION

Requirements  Objective evidence / Remarks
Has the organization ensured that:
a) Internally communicated information is relevant to the OH&S management system among various levels and functions of the organisation. Does it include changes
to the OH&S management system?
b) Workers are able to contribute to continual improvement?
Evidence/Action Required
Internally, organizations have to communicate information relevant to the OH&S management system amongst all levels and functions, including information on any change, as appropriate, and have to establish a mechanism to enable all persons performing work under the organization’s control to contribute to continual improvement.

Clause 7.4.3 EXTERNAL COMMUNICATION

Requirements  Objective evidence / Remarks
Has the company got an external communication process?
How does external communication of OH&S information take into account legal and other requirements?
Evidence/Action Required
Externally, organizations have to communicate as required by their compliance obligations. Additionally, organizations may choose to communicate on other issues, as appropriate.

Clause 7.5 DOCUMENTED INFORMATION

Requirements  Objective evidence / Remarks

7.5.1 GENERAL

Does your organization’s OH&S management system include:
a) documented information required by ISO45001?
b) documented information determined by the organization as being necessary for the effectiveness of the OH&S management system?

 7.5.2 CREATING AND UPDATING

When creating and updating documented information, how does your organization ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number)?
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic)?
c) review and approval for suitability and adequacy?

7.5.3 Control of documented information

1) How do you ensure documented information required by your OH&S management system and by ISO45001 is controlled to ensure:a) it is available and suitable for use, where and when it is needed?b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity)?2) For the control of documented information, how does your organization address the following activities, as applicable:a) distribution, access, retrieval and use? b) storage and preservation, including preservation of legibility?c) control of changes (e.g. version control)?d) retention and disposition? How do you ensure documented information of external origin is identified and controlled?
Evidence/Action Required
Documented information replaces the idea of documents and records, but no significant change is needed. The new standard refers to documented information being held in different file formats and can be whatever suits the organisation and the task at hand, e.g. electronic spreadsheets, notes on smart phones, photographs, traditional log books or work instructions, online instruction videos. For many organisations, a mix of different types of documented information work well.

Clause 8. Operation

Clause 8.1 Operational planning and control.

Clause 8.1.1 General

Requirements  Objective evidence / Remarks
Your organization plan, implement and control the processes (see 4.4) needed to meet the requirements of the OH&S management system and to implement the actions determined in Clause 6 by:
a) establishing criteria for the processes?
b) implementing control of the processes in accordance with the criteria?
c) maintaining and keeping documented information to the extent necessary to have confidence that processes are being carried out as planned?
d) adapting to workers?
How does your organization coordinate the relevant parts of OH&S management system with other organisations in multi-employer situations?
How does your organization ensure that outsourced processes are controlled (see 8.4)?
Evidence/Action Required
Have controls for hazards and risk controls been planned and included in operational controls and do these allow for capabilities of the workforce? Are these documented where necessary?Processes needed to meet requirements of the organisation need to be planned, implemented and controlled, as do the actions identified in Clause 6. Requirements relate to the management of change, elimination of hazards and reduction of occupational health and safety risks (hierarchy of control) and the control of procurement.

Clause 8.1.2 Eliminating hazards and reducing OH&S risks

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained processes for the elimination of hazards and reduction of OH&S risks using the following hierarchy of controls:
a) eliminate the hazard?
b) substitute with less hazardous process, operations,
materials or equipment?
c) use engineering controls and reorganisation of work?
d) use administration controls, including training?
e) use adequate personal protective equipment?
Evidence/Action Required
Is the hierarchy of OH&S controls correctly applied? Organization shall establish a process & determine controls for achieving reduction in OH&S risks using following hierarchy:
1. Hazard Elimination: avoiding risks, adapting work to workers, (integrate health safety and ergonomics when planning new work places; create physical separation of traffic between pedestrians and vehicles
2. Substitution: replacing the dangerous by non-dangerous or less dangerous (replacing solvent-based paint with water-based paint)
3. Engineering Controls: Implement collective protective measures (isolation; machine guarding; ventilation; noise reduction etc.)
4. Administrative Controls: Giving appropriate instructions to workers (lock out processes; induction; forklift driving licenses, etc.)
Personal Protective Equipment (PPE): Provide PPE and instructions for PPE utilization/maintenance, i.e. safety shoes, safety glasses, hearing protection, chemical & liquid resistant gloves; electrical protection gloves, etc.)

Clause 8.1.3 Management of change

Requirements  Objective evidence / Remarks
Has the organisation established processes for the implementation and control of planned temporary and
permanent changes that impact performance including:
a) new products, services and processes, or changes to existing products, services and processes, including:
• workplace locations and surroundings?
• working organisation?
• working conditions?
• Equipment?
• work force?
b) changes to legal requirements and other requirements?
c) changes to knowledge or information about hazards and OH&S risks?
d) developments in Knowledge and technology?
Does the organisation review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary?
Evidence/Action Required
When changes to the operation are planned, is the effect on the OH&S management system considered? Documented information needs to be retained relating to planned changes and their potential impact on the OH&S management system.

Clause 8.1.4 Procurement

Clause 8.1.4.1 General

Requirements  Objective evidence / Remarks
Has the organisation established, implemented and maintained processes to control the procurement of products and services in order to ensure their conformity to its OH&S management system?
Evidence/Action Required
OH&S controls are now relevant to the purchase of goods and materials. Establish controls, within your existing procurement process, to ensure that the procurement of goods (for example products, hazardous materials or substances, raw materials, equipment) and services conform to your OH&S management system requirements.
Prior to procuring goods & services, the organization should identify procurement controls that:
1. Identify and evaluate potential OH&S risks associated with products, materials, equipment, service;
2. Requirements for products, materials, equipment, services to conform to OH&S objectives;
3. Need for information, participation and communications
4. Before using verify equipment, installations and materials are adequate before being released for use by workers;
5. Items are delivered to specification and tested to ensure they function as intended;
Usage requirements, precautions or other protective measures are communicated and made available.

Clause 8.1.4.2 Contractors

Requirements  Objective evidence / Remarks
Does the organisation coordinate its procurement processes with its contractors, in order to identify hazards and assess and control the OH&S risks arising from:
a) the contractors’ activities and operations that impact the organisation?
b) the organisation’s activities and operations that impact the contractors workers?
c) the contractors’ activities and operations that impact other interested parties in the workplace?
How does the organisation ensure that the requirements of its OH&S management system are met by contractors and their workers?
Do the organisations procurement processes define and apply occupational health and safety criteria for the selection of contractors?
Evidence/Action Required
Controls and communication requirements with regard to contractor’s worker activities, the host company’s worker activities, and anyone who may be affected by the activity in the workplace.
The establishment of controls and communication requirements with regard to contractor’s worker activities, the host company’s worker activities, and anyone who may be affected by the activity in the workplace.

Clause 8.1.4.3 Outsourcing

Requirements  Objective evidence / Remarks
How does the organisation ensure outsourced functions and processes are controlled?
Does the organisation ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended
outcomes of the OH&S management system?
Has the type and degree of control to be applied to these functions and processes been defined within the OH&S management system?
Evidence/Action Required
The OH&S implications must be controlled as part of the purchasing process. Your organization must ensure that outsourced processes affecting OH&S management system are controlled.
An outsourced process is one that:
1. Is within scope of your OH&S management system;
2. Is integral to your organization’s functioning;
3. Is needed for your OH&S management system to achieve its intended outcome;
4. Liability for conforming to requirements is retained by the organization;
Organization and external provider have a relationship where the process is perceived by interested parties as being carried out by your organization.

Clause 8.2 Emergency preparedness and response.

Requirements  Objective evidence / Remarks
Has the organisation established , implemented and maintained the processes needed to prepare for and respond to potential emergency situations identified in 6.1.2.1 and do they include:
a) establishing a planned response to emergency situations including provision of first aid?
b) providing training for the planned response?
c) periodically testing and exercising the planned response capability?
d) evaluating performance and as necessary, revising the planned response, including after testing and in particular after the occurrence of an emergency situation?
e) communicating and providing relevant information to all workers on their duties and responsibilities?
f) communicating relevant information to contractors, visitors, emergency response services, government authorities, and as appropriate local community?
g) taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response?
Has the organization maintained documented information on the process and on the plans for responding to potential emergency situations?
Evidence/Action Required
The revised standard strengthens and expands on the previous requirements and also includes communications. Ensure that emergency plans take the needs of relevant third parties into account and are tested periodically and are maintained and retained as documented information. Emergency drills should be evaluated, learned from and improved.

Clause 9 Performance evaluation.

Clause 9.1 Monitoring, measurement, analysis and evaluation

Clause 9.1.1 General Clause

Requirements  Objective evidence / Remarks
The organization shall establish, implement and maintain processes for monitoring, measurement analysis and performance evaluation. How does your organization determine:
a) What needs to be monitored and measured:
1. the extent to which legal requirements and other requirements are met?
2. its activities and operations related to identified hazards, risks, and opportunities?
3. progress towards achieving OH&S objective?
4. effectiveness of operational and other controls?
b) the methods for monitoring, measurement, analysis and performance evaluation needed to ensure valid results?
c) the criteria against which the organization will evaluate its OH&S performance?
d) when the monitoring and measuring shall be performed?
e) when the results from monitoring and measurement shall be analyzed and evaluated and communicated?
How does your organization evaluate the performance and the effectiveness of the OH&S management system?
How does the organization ensure that monitoring and measuring equipment is calibrated or verified as applicable, and used and maintained as appropriate?
In what form does your organization retain appropriate documented information as evidence of the monitoring, measurement, analysis and performance evaluation and maintenance, calibration or verification of measuring equipment?
Evidence/Action Required
Demonstrate that there is a process in place. Monitoring, measurement, analysis and evaluation of OH&S metrics must take into account business context, relevant third parties, policy risks, opportunities and objectives. Ensure that performance monitoring and measurement results are retained as documented information.

9.1.2 Evaluation of compliance

Requirements  Objective evidence / Remarks
How does your organization establish implement and maintain processes for evaluating compliance with legal and other requirements?
Does the evaluation include:
a) determining the frequency and method(s) for the evaluation of compliance?
b) evaluate compliance and take action if needed?
c) maintaining knowledge and understanding of its compliance status with legal requirements and other requirements?
d) retaining documented information of the compliance evaluation results?
Evidence/Action Required
he standard recognizes that evaluation requirements will vary from organization to organization based on factors such as size, compliance obligations, sector worked in, past history and performance, and so on, but suggests that regular evaluation is always required. If the result of a compliance evaluation reveals that a legal requirement is unfulfilled, the organization needs to assess what action is appropriate, possibly up to contacting a regulatory body and agreeing on a course of action for repair.This agreement will now see this obligation become a legal requirement. Where a non-compliance is identified by the OH&SManagement Systemand corrected, it does not automatically become a non-conformity.

Clause 9.2 Internal Audit

Requirements  Objective evidence / Remarks

9.2.1 GENERAL

Does your organization conduct internal audits at planned intervals to provide information on whether the OH&S management system:
a) Conforms to:
1. the organization’s own requirements for its OH&S management system, including policy and objectives?
2. the requirements of this International Standard?
b) Is effectively implemented and maintained?

 9.2.2 Internal audit program

Does your organization:
a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting,
which shall take into consideration the importance of the processes concerned, and the results of previous audits?
b) define the audit criteria and scope for each audit?
c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process?
d) ensure that the results of the audits are reported to relevant management; ensure results of internal audits are reported to workers and where they exist, workers representatives, and other relevant interested parties?
e) take action to address nonconformity and continually improve its OH&S audit programme and the audit results?
f) retain documented information as evidence of the implementation of the audit programme and the audit results?
Evidence/Action Required
An internal audit is a systematic method to check organizational processes and requirements, as well as those detailed in the ISO 45001 standard. This will ensure the processes in place are
effective and the procedures are being adhered to. The internal audit programme will aid the organization to achieve the OH&S objectives and targets. It helps:
• Monitor compliance to policy and objectives
• Provide evidence that all necessary checks are carried out
• Ensure all current legislative and other requirements are met
• Assess the effectiveness of risk management
• Worker engagement leading to a positive safety culture
• Identify improvement using ‘fresh eyes’ to review a process
• Aid continual improvement
Internal audits must be conducted by competent staff with a degree of impartiality to the area being audited. A risk-based approach can be applied to areas being audited with an increased focus on higher risk activities. Internal audits must be planned with an expectation of each process being audited in regular intervals. In addition to planned audits, unplanned audits may be conducted in reaction to problematic areas, near miss reports or incident data with focus on accident prevention. It is beneficial to communicate audit results to applicable interested parties including workers and set realistic completion timescales for identified ‘opportunities for improvement’ or ‘nonconformities’. Top Management must be aware of deficiencies within the system to ensure necessary resources can be allocated to mitigate the findings. Audit results will be reviewed as part of the management review process.

Clause 9.3 Management Review

Requirements  Objective evidence / Remarks
ISO 45001 requires “Top management shall review the organization’s OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness”. What format does this review(s) take?
Is your organizations management review planned and carried out taking into consideration:
a) The status of actions from previous management reviews?
b) Changes in external and internal issues that are relevant to the OH&S management system including:
1. Needs and expectations of interested parties?
2. Legal requirements and other requirements?
3. Risks and opportunities?
c) The extent to which OH&S policy and objectives have been met?
d) Information on the OH&S performance, including
1. Incidents nonconformities and corrective actions and continual improvement?
2. Monitoring and measurement results?
3. Results of evaluation of compliance with legal requirements other requirements?
4. Audit results?
5. Consultation and participation of workers?
6. Risks and opportunities?
e) Adequacy of resources for maintaining an effective OH&S system?
f) Relevant communication with interested parties?
g) Opportunities for continual improvement?
Do the outputs of the management review include decisions and actions related to:
•The continuing suitability, adequacy, and effectiveness in achieving the intended outcomes?
•Continual improvement opportunities?
•Any need for changes to the OH&S management system?
•Resource needs?
•Actions needed?
•Opportunities to improve integration of the OH&S system with other business processes?
•Any implications for the strategic direction of the organisation?
How are the relevant outputs from management review communicated to workers and where they exist workers representatives?
In what form does your organization retain documented information as evidence of the results of management reviews?
Evidence/Action Required
It should be noted that, contrary to popular belief, the management review does not have tobe done all at once; it can be a series of high-level or board meetings with topics tackled individually, although it should be ona strategic and top management level. Complaints from interested parties should be reviewed by top management,with resultant improvement opportunities identified. It should be remembered that the management review generally is the one function that must be carried out accurately and diligently to ensure that the function of the OH&SManagement Systemand all resulting elementscan follow suit. It goes without saying that all details and data from the management review must be documented and recorded to ensure that the OH&SManagement Systemcan follow the specific requirements and general strategic direction for the organization detailed there.

Clause 10 Improvement

Clause 10.1 General

Requirements  Objective evidence / Remarks
How do you determine and select opportunities for improvement and implement any necessary actions to achieve intended outcomes of your OH&S management system?
Evidence/Action Required
Outputs from management reviews, internal audits, and compliance and performance evaluationsshould all be used to form the basis for improvement actions. Improvementexamples could include corrective action, reorganization, innovation, and continual improvement programs.

Clause 10.2 Nonconformity and corrective Action

Requirements  Objective evidence / Remarks
When an incident or nonconformity occurs, how does your organization:
a) React in a timely manner to the incident or nonconformity and, as applicable:
1) Take action to control and correct it?
2) Deal with the consequences?
b) Evaluate, with the participation of workers and the involvement of other relevant interested parties, the need for corrective action to eliminate the root cause(s)
of the incident or nonconformity, in order that it does not recur or occur elsewhere, by:
1) investigating the incident or reviewing the nonconformity?
2) determining the causes of the incident or nonconformity?
3) determining if similar incidents have occurred, if nonconformities exist, or if could potentially occur?
c) review existing assessments of OH&S risks and other risks, as appropriate?
d) determine and implement any action needed, including corrective action, in accordance with the hierarchy of controls and the management of change?
e) assess OH&S risks and that relate to new or changed hazards, prior to taking action?
f) review the effectiveness of any action taken, including corrective action?
g) make changes to the OH&S management system, if necessary?
Does your organization take corrective actions appropriate to the effects or potential effects of the incidents or nonconformities encountered?
In what form does your organization retain documented information evidence of:
a) the nature of the incidents or nonconformities and any subsequent actions taken?
b) the results of any action and corrective action including their effectiveness?
How is this information communicated to relevant workers and, where applicable, workers representatives, and other interested parties?
Evidence/Action Required
This clause states the requirements for the occurrence of an incident or non-conformity. The requirements also include action to prevent a similar incidents or non-conformities occurring. This must be achieved via review and analysis to determine what caused it, and any actions to prevent it re-occurring in the future.
This clause requires that appropriate action be taken to address the effects of the problem. This may require a simple correction by an Operative or, in a major event, significant levels of resources.
A risk analysis can help to determine the appropriate actions that need to be taken. Any ongoing risks should be recorded in your risk register and taken into account during future planning activities.
Any non-conformities and subsequent actions to prevent the reoccurrence and the effectiveness of the corrective action(s), should be duly documented and retained.

Clause 10.3 Continual improvement

Requirements  Objective evidence / Remarks
How does your organization continually improve the suitability, adequacy and effectiveness of the OH&S management system?
How does your organization:
a) enhance OH&S performance?
b) promote a culture that supports the OH&S management system?
c) promote the participation of workers in implementing actions for continual improvement of the OH&S management system?
d) communicating the results of continual improvement workers and if appropriate workers representatives?
e) maintain and retain documented information as evidence of continual improvement?
Evidence/Action Required
 Demonstrate that continual improvement is planned, implemented and maintained. The required and actual outcomes of continual improvement should be communicated to employees. This clause aims to ensure progress is being made to improve the effectiveness of the OH&S management system. Overall, it is important that the processes have identified any issues and that they have been documented and are in the process of being rectified.

ISO 45001:2018 OH& S management system

Occupational Health and Safety Management System

The ISO 45001 standard provides a framework for managing the prevention of work-related injuries, ill health, and death. The intention of this international standard is to improve and provide a safe and healthy workplace for workers and other persons who may be interacting with the organization. This includes the development and implementation of an OH&S policy and objectives which take into account applicable legal requirements and other requirements to which the organization subscribes. Organizations worldwide recognize the need to provide a safe and healthy working environment, reduce the likelihood of accidents and demonstrate they are actively managing risks. ISO 45001 is the international standard for occupational health and safety will provide an internationally accepted framework that will help protect employees as well as protecting the longevity and health of an organization. The standard is flexible and can be adapted to manage occupational health and safety in a wide range of organizations including; large organizations and enterprises, small and medium-sized enterprises, public and not-for-profit organizations. Although organizations tend to use generic health and safety guidelines or national and consortia standards, none of these demonstrate global conformity. There was a worldwide need to harmonize health and safety management systems using an international standard and sharing best practices. This can be seen at local, national, regional and global levels – applying to both developing and developed countries. With an international standard to refer to, together with the right infrastructure and training, organizations will be able to address these risks better in future.

This standard does not state specific criteria for OH&S performance, nor does it provide a specific method for the design of the OH&S Management System. This International Standard is applicable to any organization that wishes to:

  • establish, implement and maintain an OH&S Management System to improve occupational health and safety, eliminate or minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S Management System nonconformities associated with its activities;
  • continually improve its OH&S performance and achieve its OH&S objectives;
  • assure itself of the conformity to the OH&S policy;
  • demonstrate conformity with the requirements of this International Standard.

According to ISO 45001, the Occupational Health and Safety Management System is part of the organization’s overall management system used to achieve the OH&S policy. The intended outcomes of the OH&S Management System are to provide a safe and healthy workplace for all employees/workers. Consequently, effective OH&S management promotes business efficiency, reduces costs and makes good business sense.
According to ISO 45001, a worker is defined as a person performing work or work-related activities under the control of the organization, for instance, individuals perform work or work-related activities under various arrangements; paid or unpaid at a regular or temporary, intermittent or seasonal, casual or on a part-time basis. ISO 45001 is the first Occupational Health and Safety Management System standard to be fully compliant with the new guidelines of the Annex SL and to have a common content structure and terms and definitions to other management system standards. This means that ISO 45001 is fully aligned with all other management systems (related) standards that have also adopted the Annex SL framework.
This international standard does not address issues such as product safety, property damage or occupational health and safety impacts; it addresses the risk that the working environment and/ or conditions pose to workers, visitors, vendors, and other relevant interested parties. ISO 45001 can be used entirely or partially to systematically improve the OH&S management system. However, claims of conformity to this standard are not acceptable unless all of the standard’s requirements, without exclusion, are incorporated into an organization’s OH&S Management System.

Introductions

The world that we live in has experienced rapid changes in technology, competition, economy, education and so on. It is constantly evolving and advancing, and so are human expectations and demands. In order to compete in a continuously changing world, organizations need to establish a variety of approaches to keep up with industry trends. Consequently, organizations have to adapt in order to succeed in these fast-paced and complex environments. These changes often involve multinational supply chains and those operations that organizations’ have outsourced. The differences between nations, organizations, and societies also form part of these complexities. Therefore, effective management is crucial and of a high priority at the board-level.
For an organization, it is not sufficient to only be profitable, it is also important for them to have reliable systems of internal controls covering those risks related to occupational health and safety, the environment and the reputation of the business. Each organization is responsible for the health and safety of its employees and others who may be affected by its activities. Organizations need to operate ethically, as well as, comply with the respective laws in these matters.

Statistics published by the ILO (International Labour Organization) indicate that: “more than 2.78 million deaths occur annually due to occupational accidents or work-related diseases, in addition to 374 million non-fatal injuries and illnesses, many of which result in extended absences from work.” Seemingly, this enormous number of affected workers is of very high concern to organizations and society as a whole. These statistics are clear evidence that organizations around the world need to implement health and safety management systems. Likewise, the health and safety of workers are increasingly becoming a priority for most nations and societies.
Furthermore, according to certain estimations – over 40 million new jobs will be created annually by 2030, following the world’s population growth. Therefore, reducing the number of incidents that may result in high numbers of deaths (even by a small percentage) would be considered a great achievement. However, as a consequence, there will be a high demand for “best practice” standards to assist organizations with improvements in health and safety. These trends led to the need for the development of a recognized standard in all geographical areas, states, cultures, and jurisdictions, as a reference point for health and safety management; promoting better communication on common issues.
The ISO’s aspiration is that “the ISO name and the recognition will give further credibility to the new Standard and lead to even wider adoption of health and safety management systems in the workplace.” Correspondingly, following a standard for occupational health and safety will help organizations reduce accidents and occupational diseases, avoid costly prosecutions, reduce insurance costs, enhance the public image & business reputation, and establish a positive culture for the organization where all stakeholders see that their needs are taken into account. ISO 45001 is the new international standard for Occupational Health and Safety Management Systems published by the International Organization for Standardization (ISO). It is a voluntary standard that organizations can adopt to establish, implement, maintain and improve their Occupational Health and Safety Management Systems (OH&S MS).
ISO 45001 is an international standard for occupational health and safety (OH&S) that derives from OHSAS 18001. It provides a framework for managing the prevention of work-related injuries, ill health, and/or death; thereby providing a safe and healthy workplace. OHSAS 18001 required from organizations, regardless of their size, type and/or activities, to prevent injuries and deaths. ISO 45001 sets the background for continual improvement in health and safety management based on the following principles:

  • Provide safe and healthy working conditions to prevent work-related injury and ill health;
  • Satisfy applicable legal requirements and other requirements;
  • Control OH&S risks by using a hierarchy of controls;
  • Continually improve the OH&S management system to enhance the organization’s performance;
  • Ensure the participation of workers and other interested parties in the OH&S MS.

The new ISO 45001 standard brings real benefits to those who will use it. The standard is designed to be applicable to any organization, and its requirements are intended to be incorporated in any management system, regardless of the organization’s size or sector; whether it is a small business, large organization or even a non-profit organization, a charity, an academic institution or a governmental department. Having in place a systematic approach to manage health and safety will bring benefits to both the people and the organization. Ultimately, good health and safety is good business. The standard is also intended for organizations with small or low-risk operations, as well as, for organizations with high-risk operations. This standard states that successful health and safety management depends on the following:

  • Leadership and commitment of top or senior management;
  • Promotion of a healthy and safety culture within the organization;
  • Participation of workers and/or other representatives in the OH&S Management System;
  • Identification of hazards and control of risks;
  • Allocation of the necessary resources;
  • Integration of the health and safety management system into appropriate processes;
  • Alignment of the health and safety policies with the strategic objectives of the organization;
  • Continuous evaluation and monitoring of the health and safety management system in regards to performance improvement.

Goals of  ISO 45001 Standard

As with the other safety management consensus standards, the goals of ISO 45001 are to provide guidance for the development of a framework where injuries, property damage, and other loss causing incidents can be mitigated. The stated goals of ISO 45001 are:

  • Develop an OH&S policy
  • Have leadership demonstrate their commitment to safety
  • Establish systematic processes for safety management
  • Conduct hazard identification efforts
  •  Create operational safety controls
  • Increase awareness and knowledge for employees about safety.
  •  Evaluate OH&S performance and develop plans to improve continuously
  •  Establish the necessary competencies
  • Create and foster an OH&S culture within the organization
  • Ensure employees participate fully and meaningful in the safety process
  • Meet all legal and regulatory requirements

ISO 45001 – The benefits

Similarly to other management system standards, ISO 45001 emphasizes effectiveness, efficiency and continual improvement. Organizations will have a wide range of benefits from using this standard, including:

  • Globalization: ISO 45001 puts your organization in an elite category of businesses, as it is an internationally recognized standard.
  • Improvement in business performance: The implementation of an Occupational Health and Safety Management System based on ISO 45001 reduces workplace illnesses and injuries, and, in turn, increases productivity.
  • Best practice creation: It provides consistency and establishes “best practices” for occupational health and safety throughout the organization.
  • Hazard & risk identification: Conducting risk assessments in a systematic manner, improve the quality of the assessment.
  • Lower insurance premiums: Having a recognized system in place provides an apron for attracting lower insurance premiums.
  • Improvements in efficiency: The implementation of an OH&S Management System contributes to the reduction of accident rates, absenteeism levels, and downtime, all of which improve the efficiency levels of internal operations.
  • Establishment of a safe working environment: Promotes the safety of all persons being affected by the organization’s activities.
  • Monitoring & measurement: Promotes management oversight through the provision of key performance indicators (KPI’s) in the measurement of the Occupational Health and Safety Management System performance levels.
  • Focus: A culture that focuses on the “prevention of problems” rather than on the “detection of problems” is much more effective and rewarding to employees.
  • Continual improvement: Encourages continual improvement, e.g. the adoption of the “zero accident” concept.

Methodology

At the outset, ISO 45001 explains the founding principle of PLAN, DO, CHECK, ACT (PDCA). This principle is the methodology which guides the various performance aspects of the standard. PDCA is the idea of continual improvement that was made popular by Edward Deming, often considered the father of modern quality control theory, and fosters the standard of detailed actions that provide a platform for continual improvement across the organization. This is a critical concept as it establishes the model for continual, as opposed to continuous, improvement. This concept of continual improvement is repeated throughout the standard. “Continual improvement” is an umbrella concept that incorporates elements of continuous improvement. The distinction between continual and continuous improvement is fine, but an important one. Continual Improvement is defined as “recurring activity to enhance performance”. Continual does not mean continuous, so the activity does not need to take place in all areas simultaneously. Continuous Improvement is defined as “on-going and endless without interruption.” By its very nature, business activities often have numerous starts and stops. Business activities are best managed by regular and routine evaluations. Thus the concept of continual improvement is better suited to an organizational environment than the concept of continuous improvement.

Clause 1: Scope

ISO 45001 provides a set of requirements for an OH&S system that will assist an organization to foster an environment that is safe and healthy. The standard is applicable to any organization regardless of size, operations, objectives, and outcomes. It includes the development of an OH&S policy that meets best practices and legal requirements. The scope of ISO 45001 includes:

  1. Creation of an OH&S policy that reinforces the objectives of the organization while taking into account its internal and external contexts.
  2. Establishment, implementation, and maintenance of an OH&S management system.
  3. Continual improvement of OH&S performance.
  4. Assured conformity to the OH&S policy.
  5. Demonstration of compliance with this ISO Standard

ISO 45001 does not provide specific criteria for OH&S performance. It does allow for the integration of other similar aspects of health and safety such as wellness, non-occupational health, and wellbeing. The scope does not include ideas of product safety, public safety, environmental protection, and quality. ISO 45001 can be used in part or in total to improve OH&S management systems; however, claims of conformity with ISO 45001 are only acceptable if the standard has been completely adopted without any exclusions.

Clause 3: Terms and Definitions

ISO 45001 contains a large “Terms and Definitions” glossary spanning seven pages which offer key descriptions and terminologies that organizations should consider adopting into their safety lexicon, especially those that are considering or are in ISO 45001 compliance process. Standardization of this language will allow for a common understanding of actions, concepts, and outcomes throughout all business units, locations, facilities, and departments of the organization.

Clause 4: Context of the Organization

Clause 4 of ISO 45001 provides a definition of the context of the organization and explains how this context must be used to understand organizational objectives. The context of the organization is the key consideration to be taken when developing and implementing OH&S mission statement, OH&S policy statement, and objectives. Context is defined as the purpose that the organization is attempting to achieve and the external and internal issues that will impact the ability to achieve the intended outcome. The key elements to the context of the organization include:

  • Interested parties, in addition to workers (ISO 45001 defines managers, supervisors, and senior leaders as “workers”)
  • Needs and expectations of workers and other interested parties
  • Legal requirements
  • Differences in needs between managerial and non-managerial workers

When developing the OH&S management system, the organization will take into account the internal and external issues, the requirements of workers, and the work that is being performed. The context of the organization must be documented and the documentation must be available.

The organization is free to define the scope of the OH&S Management System but must determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its OH&S Management System, such as:

  • The needs and expectations of workers and other interested parties;
  • Determining its scope in terms of organizational units, functions, and physical boundaries;
  • The effect of its activities, products, and services;
  • Applicable legal, regulatory and other requirements to which the organization will comply.

clause 4

The standard defines “interested parties” as a “person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity.”

4.1 Understanding the organization and its context

This clause is found in all ISO management system standards, and it requires the organization to determine all internal and external issues that may be relevant to the achievement of the objectives of the OH&S Management System itself. This includes all elements which are, and may be capable of, affecting these objectives and outcomes in the future. The organization must understand:

  • the issues both positive and negative that needs consideration in establishing OH&S
  • the opportunity to identify external and internal factors and interested parties that effect intended outcomes of OH&S
  • the external context – cultural, social, political, key trends in the industry
  • the internal context- governance, policies, objectives, culture, trends

4.2 Understanding the needs and expectations of interested parties

The standard now requires the organization to assess who the interested parties are in terms of its OH&S Management System, what their needs and expectations may be, and consequently, if any of these should become compliance obligations. The organization must understand the needs and expectations of

  • external interested parties determined by the organization relevant to OH&S.
  • managerial and non-managerial workers.
  • other interested parties – legal and regulatory authorities, includes workers, customers, and clients.
  • Applicable legal requirements.

4.3 Determining the scope of the OH&S Management System

The scope and boundaries of the OH&S Management System must now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the OH&S Management System functions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the OH&S Management System and kept critically as “documented information.” While determining the scope the organization must

  • Clarify the boundaries of OH&S
  • Consider external and internal factors
  • Consider the requirements of interested parties
  • Consider the work-related activities performed
  • Ensure the scope should address hazards and potential risk

4.4 OH&S Management System

The standard indicates that an OH&S Management System should be established to achieve the desired outcomes by using interacting processes to deliver continual improvement. The ultimate objective is to improve the organization’s occupational health & safety performance. The Organization must:

  • Establish, implement, maintain and continually improve OH&S
  • The process needed and interactions – integrate requirements into various business operations e.g. design & development and procurement

Clause 5: Leadership and Worker Participation

The terms “leadership” and “top management” are used interchangeably throughout ISO 45001. The responsibilities of leadership and top management include:

  • Take overall responsibility and accountability for worker protection.
  • Ensure the OH&S policy relates to the context and is compatible with the strategic direction of the organization.
  • Integrate the OH&S management system into larger business processes.
  • Provide resources for the OH&S management system.
  • Ensure participation by workers in the OH&S system.
  • Communicate the OH&S system and ensure the organization conforms to it.
  • Promote the OH&S system to address nonconformities and ensure continual improvement.
  • Create a culture that drives the organizational support for the OH&S System

Since top management is responsible for the OH&S system, the elements required to be included in the OH&S management system are detailed within the leadership and worker participation section. The elements include the written commitments for safety; the framework for the OH&S system; obligations to meet legal requirements; continual improvement for OH&S performance; establishment of a risk control strategy; and most importantly; worker involvement. The policy must be documented, communicated with workers, reviewed periodically, and available to other parties. Other key considerations for leadership and worker participation include training, communication, worker participation support, employee engagement, and the establishment of audit programs.

Top management shall demonstrate leadership and commitment with respect to their overall responsibility and accountability for the protection of workers and with respect to the integration of the OH&S Management System processes and requirements into the organization’s business processes. The engagement of top management is essential in order to support the organization through the provision of resources and to promote continual improvement. Furthermore, top management must demonstrate leadership through supporting other management roles in enhancing the OH&S management system, and to ensure continual improvement is achieved by dealing with nonconformities, risks and hazards, and the identification of opportunities for improvement. An important responsibility of the top management is to establish, implement and maintain the OH&S policy, and to ensure that it is communicated within the organization and shared with relevant interested parties.
Consultation and participation of workers
Appropriate involvement of staff in:

  • Hazard identification;
  • Risk assessment and determination of controls;
  • Incident investigation;
  • Development and review of the OH&S policies and objectives;
  • Consultation and representation on OH&S matters;
  • Consultation with contractors, when there are changes that affect their OH&S.

5.1 Leadership and commitment

This clause reminds the user that the organization and top management retain responsibility for the performance of all internal and external performance factors at all times. It, therefore, makes perfect sense that the Occupational Health & Safety Policy and objectives are aligned with each other and with the strategic policies and overall direction of the business, including integration with other business systems, where applicable. Provision must be made for resources to ensure that the OH&S Management System can be operated efficiently, and top management must ensure that the people with responsibility within the OH &S Management System have the correct support, training, and guidance to complete their tasks effectively. Communication is also critical from a leadership perspective, and communication methods and frequencies must be defined and established for both internal and external interested parties. In summary, it is the responsibility of the leadership of the organization to show an enhanced level of leadership, involvement, and co-operation in the operation of the OH&S Management System. The organization must

  • Have more focus to demonstrate leadership and commitment
  • Take overall responsibility and accountability for the protection of workers
  • Ensure the active participation of workers, worker representation using consultation
  • Consider the need to establish H&S committees
  • Identify and removal of barriers to participation
  • Have continual improvement of OH&S
  • Be developing, leading and promoting a culture supporting OH&S

5.2 Occupational Health & Safety Policy

Top management has the responsibility to establish the previously mentioned Occupational Health & Safety Policy, which is appropriate for the organization in terms of the size, scope, activities, and ambitions of the organization, and provides a formal framework for setting objectives. Obviously, the policy should include a commitment to eliminate hazards and reduce risks, to prevent workplace injury, and to consult with workers. Meeting compliance and regulatory factors is clearly another key element, and a method of capturing and recording this must be established. Finally, and vitally, the Occupational Health & Safety Policy must provide a commitment to the continual improvement of the OH&S Management System and its results. Critically, the Occupational Health & Safety Policy must be maintained as documented information, be communicated within the organization, and be available to all interested parties, as appropriate. The Organization must have a

  • OH&S policy set of principles and an overall sense of direction.
  • OH&S policy on consultation with workers at all levels and communicated.
  • Commitment to providing safe and healthy working conditions.
  • Prevention of injury and ill-health.
  • Policy appropriate to the size and context of the organization.
  • Specific nature of it OH&S risk and OH & S opportunities.
  • The mechanism for communication of policy

5.3 Organizational Roles, responsibilities and authorities

The standard states that it is the responsibility of top management to ensure that roles, responsibilities, and authorities are delegated and communicated effectively. The responsibility shall also be assigned to ensure that the OH&S Management System meets the terms of the 45001:2018 standard itself, and that the performance of the OH&S Management System can be reported accurately to top management. The Organization must ensure that

  • Workers at each level assume the responsibility which they have control.
  • The relevant roles have been assigned within OH&S.
  • Organizational roles, responsibilities, and authorities are communicated at all levels within the organization.
  • Organizational roles, responsibilities, and authorities are maintained as documented information

5.4 Consultation and participation of workers

When it comes to the health & safety of workers, it is vital that these same workers are consulted about the OH&S Management System and participate in implementing the processes necessary to secure a safe workplace. To this end, the organization needs to determine the processes necessary to consult with workers at all levels of the organization in all aspects of development, planning, implementation, performance evaluation, and improvement actions of the OH&S Management System. The Organization must:

  • Establish, implement, maintain processes for consultation and participation in developing, planning, evaluation and actions for improvement in OH&S.
  • Provide mechanisms, time, training and resources necessary for participation.
  • Provide timely access to clear, understandable and relevant information on OH&S.
  • Identify and remove obstacles or barriers to participation and minimize those that cannot be removed.
  • Have an additional emphasis on the participation of non-managerial workers in OH&S.
  • Have an additional emphasis on the inclusion of non-managerial workers in consultation.
  • Provide training at no extra cost to workers and provision of training during working hours.

Clause 6: Planning

Clause 6 describes the actions necessary to address risk and opportunity. Activity planning must take place within the context of the organization. The planning process must ensure that the OH&S management system is designed to achieve its intended outcomes and continually improve. Worker participation is cited as being a critical component in the planning phase. Additional considerations include operational risk, legal requirements, and other opportunities to improve the OH&S management system. This section outlines the need for hazard identification by the organization for both routine and non-routine activities, emergency situations, people and behavior, work area design, work environment under the control of the organization, and situations not under organizational control. Additional points of assessment include changes to process and operations, past incidents and their causes, and social/economic factors. The major sub-sections in Clause 6 include:

  1. Hazard Identification
  2. Assessment of OH&S Risks
  3. Identification of OH&S Opportunities
  4. Determination of Legal Requirements
  5. Planning to Take Action
  6. The setting of OH&S Objectives
  7. Planning to Achieve Objectives

The planning phase is a comprehensive part of the ISO 45001 standard, requiring a detailed understanding of operations. By following this section, the organization can create a very deliberate and effective set-up to sustain the OH&S management system and ensure it continually improves. This is one of the most critical clauses since it is related to the establishment of strategic objectives and guiding principles for the Occupational Health and Safety Management System as a whole. The OH&S objectives, which can be integrated with other business functions, are the expression of the intent of the organization to treat the risks identified. When determining the risks and opportunities that need to be addressed, the organization shall take into account:

  • OH&S hazards and their associated risks, and opportunities for improvement;
  • Applicable legal requirements and other requirements;
  • Risks and opportunities related to the operation of the OH&S Management System that can affect the achievement of the intended outcomes.

6.1 Actions to address risks and opportunities

6.1.1 General

This clause replaced “preventive action” in the previous OHSAS 18001 standard. The current standard states that the organization should establish, implement, and maintain the processes needed to address the requirements of the whole of the planning section itself. When planning the OH&S Management System, considerations need to be made regarding the context of the organization (section 4.1) and the needs and expectations of interested parties (section 4.2), as well as the scope of the OH&S Management System. Risk and opportunity must be considered with respect to these elements, as well as legal and regulatory issues, and the organization’s Occupational Health & Safety hazards themselves. This outcome needs to ensure that the OH&S Management System can meet its intended outcomes and objectives, that any external factors that may affect performance are avoided, and that continual improvement can be achieved.

In terms of emergency situations, the organization is required to determine any situations that may occur and have a resulting occupational health & safety risk. Again, it is vital that documented information is retained concerning the risks and opportunities considered and addressed in the planning phase in order to satisfy the terms of the clause. While planning for actions to address risks and opportunities, the organization must

  • take into consideration the Organizational Context (4.1), needs and expectations of Interested parties (4.2) and Organizational Scope (4.3)
  • Prevent or reduce undesired effects.
  • Achieve its intended outcome.
  • make the assessment of risk and opportunities arising out of changes in Organization. (whether planned or unplanned).
  • Maintain documented information – risks, opportunities, and processes needed to have confidence in risk management.

6.1.2 Hazard identification and assessment of risks and opportunities

ISO 45001:2018 asks organizations to consider, in a proactive manner, all occupational health & safety hazards within the organization’s control. Changes or planned future changes to services also have to be taken into account, as do any abnormal situations that may arise that are reasonable for the organization to predict–for example, if you are about to launch a new product that needs radically new production processes or materials. Again, the organization needs to maintain documented information on this clause and its elements, and communication to the appropriate levels with effective frequency needs to be planned and undertaken. In terms of documented information, if you ensure that all actual and associated risks, the criteria you use to define them, and your significant occupational health & safety risks are documented, then you will satisfy the terms of this clause. It has following Sub-clauses

6.1.2.1 hazard identification

6.1.2.2 assessment of OH&S risk and other risks to the OH&S management system

6.1.2.3 assessment of OH&S opportunities and other opportunities

6.1.2.1 Hazard identification: 

While identifying the hazards in a proactive manner the organization must consider:

  • Past incidents, emerging trends
  • Routine & non-routine activities and situations
  • Emergency Situations
  • Human factors
  • Other issues – design, situations in the vicinity of the workplace, situations not controlled by organizations
  • Changes or proposed changes
  • Change in knowledge
  • How work is organized, social factors, workload, work hours, leadership and culture

6.1.2.2 Assessment of OH&S risk and other risks to the OH&S management system

The organization must assess OH&S risks from hazards identified. While Assessing the OH&S risks the Organization must take into account the issues from context 4.1 & needs and expectations of interested parties 4.2. It must define the methodology and criteria for Assessing OH&S risks. The Methodologies and criteria must be maintained and retained as documented information

6.1.2.3 assessment of OH&S opportunities and other opportunities

The Organization must identify OH&S Opportunities to enhance OH&S performance. While identifying OH&S opportunities the Organization must take into account:

  • Planned changes
  • Opportunities to eliminate or reduce risk
  • Opportunities to adapt work, work organization and work environment to workers
  • Opportunities for improving the OH&S management system

6.1.3 Determination of legal and other requirements

This is a relatively straightforward, but obviously vital part of the ISO 45001:2018 standard. The organization must decide what legal and other requirements are related to its occupational health & safety hazards and how to best access them, decide how they apply to the organization, and take them into consideration when establishing, operating, and delivering continual improvement through the OH&S Management System. Documented evidence needs to be recorded for these obligations, also. The Organization must

  • Determine and have access to up to date legal requirements
  • Determine how these applications and will be communicated
  • Take into account when establishing, implementing
  • Maintain and retain documented information

6.1.4 Planning Actions

In this clause, the standard states that the organization shall plan to take actions to address its occupational health & safety hazards, risks, and opportunities, and compliance obligations, all of which we have discussed above. These also need to be implemented into the organization’s OH&S Management System and associated business processes. The task of evaluating the effectiveness of these actions also must be considered, with technological, financial, and operational considerations all taken into account.  In this clause the organization is expected to:

  • Address risk and opportunities (6.1.2.2 & 6.1.2.3)
  • Address applicable legal requirements (6.1.3)
  • Emergency preparedness emergency situation (8.2)
  • Integrate actions to other business processes  – Business Continuity,
  • Financial or HR
  • Eliminating hazards and reducing OH&S risk (8.1.2)
  • Consider the Best practice into the action

6.2 Occupational health & safety objectives and planning to achieve them

6.2.1 Occupational health & safety objectives

The standard advises that occupational health & safety objectives should be established at appropriate levels and intervals, having considered the identified occupational health & safety hazards, risks and opportunities, and compliance obligations. The characteristics of the set objectives are important, too: they need to be consistent with the organization’s Occupational Health & Safety Policy, measurable where possible, able to be monitored, communicated effectively, and be such that they can be updated when circumstances require. Once more, it is mandatory that documented information is kept outlining this process and its outputs.To maintain and improve OH&S management system and OH&S performance, while establishing OH&S objective the Organization must

  • Take into account the results of the assessment of OH&S risk and opportunities and other risks and opportunities.
  • Take into account outputs of consultation with workers and workers representative.
  • Objectives are measurable or capable of evaluation.
  • Objectives are clearly communicated

6.2.2 Planning to achieve occupational health & safety objectives

The standard advises on the elements that need to be determined to ensure that objectives can be achieved. This can be thought of in terms of what needs to be done, when it needs to be done by, what resources are required to achieve it, who is responsible for the objectives being achieved, how results are to be measured and progress ensured, and consideration on how these objectives can be implemented within existing business systems. While Planning to achieve OH&S objectives the organization must consider the following:

  • What will be done?
  • What resources will be required?
  • Who will be responsible?
  • When completed?
  • How measured through indicators if practicable, monitored and frequency?
  • How actions will be integrated into overall business processes?
  • Maintain and retain documented information?

Clause 7: Support

Clause 7 of ISO 45001 discusses the resources and support needed to be successful with the OH&S management system. “Support” means that the organization has achieved a level of competence among its workers and systems to successfully drive the outcomes of the OH&S plan. It also discusses the need to establish awareness of the OH&S policy, communicate information about the OH&S management system, outline with whom the information should be shared, manage documentation including tracking of updates, and control information and ensure its accessibility and accuracy. Essentially, the support system provides an overview of how the organization must support the OH&S management system. Successfully managing an Occupational Health and Safety Management System relies heavily on having the necessary resources for each task. This includes having competent staff with the appropriate training, support services, and effective information and communication means. The organization will determine what documented information is necessary for the success of the system. Documented information is a new term in the standard, which means the information can be in any format, media or from any source. Moreover, internal and external information must be communicated throughout the organization and must be gathered, disseminated and understood by those receiving it. The decisions that need to be made are:

  • On/about what to inform?
  • When to inform?
  • Who to inform?
  • How to inform?
  • How to receive and maintain documented information and how to respond to relevant incoming communications?

Respectively, the terms ‘document and record’ became obsolete in the new standard, which uses the term ‘documented information’ instead, for the purpose of maximizing the confidence to share information through any media.

7.1 Resources

Simply put, the standard advises the organization that the resources required to achieve the stated objectives and show continual improvement must be made available. The Organization must determine resources and provide resources needed for OH&S. Resources can include HR, natural resources, infrastructure, and technology. Human resources include – diversity, skills, and knowledge.

7.2 Competence

Employee competence must meet the terms of the ISO 45001:2018 standard by ensuring that the people given responsibility for OH&S Management System tasks are capable and confident. Related to this, it stands to reason that the experience, training, and/or education of the individual must be of the required standard, and that any necessary training is identified and delivered –with measurable actions taken externally or internally to ensure that this level of competence exists. Predictably, this process and its outputs need to be recorded as documented information for the OH&S Management System. The organization must ensure:

  • Workers are competent that impact on OH&S performance.
  • Competence is appropriate for education, training, and experience.
  • Criteria for each role are established.
  • Workers are evaluated periodically to ensure continued competence for their roles.
  • Appropriate documented information as evidence of competence is retained.

7.3 Awareness

Awareness is closely related to competence in the standard. Employees must be made aware of the Occupational Health & Safety Policy and its contents, any current and future impacts that may affect their tasks, what their personal performance means to the OH&S Management System and its objectives, including the positives or improved performance, and what the implications of poor performance may be to the OH&S Management System. Additionally, the standard demands that workers be aware that they can remove themselves from work situations that they consider to be a danger to their life or health. Workers must be:

  • Made aware of OH&S policy
  • The implication of not conforming with OH&S requirements
  • Information and outcomes of investigations of relevant incidents
  • OH&S hazards and risk relevant for them

7.4 Communication

7.4.1 General

Processes for internal and external communication need to be established and recorded as documented information within the OH&S Management System. The key elements that need to be decided, actioned, and recorded are what needs to be communicated, how it should be done, who needs to receive the communication and at what intervals it should be done. It should be noted here that any communication outputs should be consistent with related information and content generated by the OH&S Management System for the sake of consistency.

7.4.2 Internal communication

The standard advises the organization that information should be communicated at various levels and with various frequencies as deemed suitable and that the organization must ensure that the nature and frequency of communication allow continual improvement to result from the communication process itself.

 7.4.3 External communication

Once again, the organization is advised by the standard to ensure that communication relevant to the OH&S Management System takes place as per the established process, with the goal of ensuring that compliance obligations and objectives are met.

7.5 Documented information

7.5.1 General

“Documented information,” which you will have seen mentioned several times during this guide, refers to the documents and records that are necessary for the OH&S Management System. The requirements are designed to allow each organization to have the ability to shape documented information to their own requirements in general, with the exception of the mandatory components mentioned specifically in the standard and, therefore, this guide. The ISO 45001:2018 standard advises us that the OH&S Management System should include all documented information that it declares mandatory, and anything viewed as critical to the OH&S Management System and its operation. It should also be noted that the amount of documented information that an organization requires would differ according to the size, operating sector, and complexity of compliance obligations faced by the business.

7.5.2 Creating and updating

The standard advises that documentation created by the OH&S Management System needs to include appropriate identification, description, and format so that it is can be easily understood what the documented information is for. There is also a need to review and approve the documented information for suitability and accuracy before release.

7.5.3 Control of documented information

The standard advises that documentation created by the OH&S Management System should be available and fit for purpose where and when needed, reasonably protected against damage or loss of integrity and identity and that the processes of distribution, retention, access, retrieval, preservation and storage, control and disposition are adequately provided for. It should be noted that documented information from external sources should be similarly controlled and handled, and that viewing and editing access levels should be carefully considered and controlled.

The clause, where there is a reference to documented information, are

4.3, 5.2, 5.3, 6.1.1, 6.1.2.2,6.1.3, 6.2.2, 7.2, 7.4, 7.5.1. 7.5.3, 8.1.1., 8.2, 9.1.1, 9.1.2, 9.2.2, 9.3, 10.1 & 10.2
List of documents required by ISO 45001:2018

The ISO 45001 standard provides us with some insight about what documents are required. Compared to OHSAS 18001, there are not too many changes, but the documentation requirements are easier to manage, following the logic of the new versions of other ISO standards. Of course, the standard does not explicitly mention documents and records, but uses the term “documented information.” The following represents a list of documents that you need to maintain in order to comply with ISO 45001:

  • The scope of the OH&S MS (clause 4.3)
  • OH&S management system (clause 4.4)
  • Leadership and commitment (clause 5.1)
  • OH&S policy (clause 5.2)
  • Organizational roles, responsibilities, and authorities (clause 5.3)
  • Actions to address risks and opportunities (clause 6.1)
  • Assessment of OH&S risks and other risks to the OH&S management system (clause 6.1.2.2)
  • Determination of legal requirements and other requirements (clause 6.1.3)
  • Planning to achieve OH&S objectives (clause 6.2.2)
  • Competence (clause 7.2)
  • Communication (clause 7.4)
  • Operational planning and control (clause 8.1)
  • Contractors (clause 8.1.4.2)
  • Emergency preparedness and response (clause 8.2)
  • Monitoring, measurement, analysis and performance evaluation (clause 9.1)
  • Evaluation of compliance (clause 9.1.2)
  • Internal audit (clause 9.2)
  • Management review (clause 9.3)
  • Incident, nonconformity and corrective action (clause 10.2)
  • Continual improvement (clause 10.2)

Other supporting documents
Apart from the abovementioned list of documents, there are additional supporting documents that can be used to facilitate the operation of a management system. Thus, the following documents are commonly used:

  • Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
  • Procedure for identification and evaluation of OH&S management system risks and opportunities (clauses 6.1.1 and 6.1.2)
  • Procedure for competence, training, and awareness (clauses 7.2 and 7.3)
  • Procedure for communication (clause 7.4)
  • Procedure for document and record control (clause 7.5)
  • Procedure for internal audit (clause 9.2)
  • Procedure for management review (clause 9.3)

The standard also emphasizes that it is important to demonstrate the effectiveness of the OH&S Management System, rather than to simply draft endless theoretical procedures.

Clause 8: Operation

Clause 8 forms the heart of the ISO 45001 standard and addresses the program content necessary to have a successful OH&S management system that meets the intent of the standard. The specific topics discussed in this section include:

  1. General provisions: such as the means for creating and managing documentation.
  2. Hierarchy of controls: to utilize the most effective means of risk reduction within the organization.
  3. Management of change: to ensure that when planned changes occur they are managed to control risk.
  4. Outsourcing: to make certain risk controls are adequate for all outsourced processes.
  5. Procurement: to validate all incoming materials and services conform to the system requirements.
  6. Contractors: to communicate and control internal risks to third parties and evaluate risks they may introduce into the workplace.
  7. Emergency preparedness and response: to identify potential emerging risks and develop specific and customized plans with key stakeholders to minimize these risks

This clause requires:

  • Operational planning and control on multi-employer workplaces; whereby the organization shall implement a process for coordinating the relevant parts of the OH&S management system with other organizations. This clause includes the requirement to reduce risks by implementing a “Hierarchy of Control” approach as used by the European Union Legislation. In that regard, this is a system of prioritization which ranks hazard elimination as the preferred control down through a series of controls which are less effective.
  • Eliminating hazards and reducing OH&S risks requires the organization to establish, implement and maintain a process(es) for the elimination of hazards and reduction of OH&S risks. In order to ensure that this is done properly, the organization shall use appropriate controls.
  • Management of Change requires the organization to establish a process for the implementation and control of planned changes so that the introduction of new products, processes, services or work practices do not bring with them any new hazards.
  • Procurement requires the organization to establish, implement and maintain a process for the control of procurement services so as to ensure that they conform to the requirements of the standard. In addition, the standard requires the organization to coordinate the procurement processes with its contractors and to identify the risks that arise from the contractors’ activities. Furthermore, the organization should ensure that outsourced processes which have an impact on its health and safety management system are appropriately controlled.
  • Emergency preparedness and response requires the organization to identify emergency situations and maintain a process to prevent or minimize OH&S risks from potential emergencies.

8.1 Operational control and planning

While the standard acknowledges that operational control will greatly depend on the size, nature, compliance obligations, and occupational health & safety hazards of an organization, the scope are given to the individual organization to plan and ensure the desired results are achieved. The methods suggested by the standard are that processes should be designed in such a way that consistency is guaranteed and error eliminated, technology is used to improve control, and it is ensured that personnel is trained and competent. Processes should be performed in an agreed and prescribed manner; those processes should be measurable, and the documented information should match the requirements to ensure operational control. An essential part of operational control lies in eliminating hazards and reducing OH&S risks. This can be carried out through a hierarchy of controls, from the elimination of the hazard to the use of personal protective equipment. Change in the OH&S Management System also needs to be managed in order to maintain the integrity of the OH&S performance. Procurement, including contractors and outsourcing of functions and processes, must also be considered and controlled. Appropriate measures must be taken to define and control the competency of outsourced service suppliers, including their effect on the OH&S Management System processes. As ever, opportunities for improvement must always be considered and identified. The standard also recognizes that the degree of control the organization has over an outsourced product or service can vary from absolute, if taking place onsite, to very little, if the activity takes place remotely. However, it is suggested that there are factors that, nonetheless, should be considered. As expected, compliance obligations should be considered and controlled, all direct and associated occupational health & safety risks should be evaluated and controlled, as should risks and opportunities associated with the provision of the service itself.

8.1.1. General

During Operation Planning and Control, the organization must

  • Establishing criteria for processes
  • Implementing control defined in criteria
  • Keeping documented information as the absence of documented information could lead to deviations
  • Adapting work to workers including induction of new workers

8.1.2 Eliminating hazards and reducing OH&S risks

The Organization must establish a process and determine controls for achieving the reduction in OH&S risks using the following hierarchy of Controls;

  • Eliminate
  • Substitute
  • Engineering controls
  • Administrative controls
  • Provide and ensure the safe use of PPE

Provision of PPE  should be at no extra cost to workers

8.1.3 Management of Change

The Organization must establish a process for the implementation and control of planned changes. Changes may include:

  • Work processes
  • Legalization
  • Knowledge and information about hazards and related OH&S risk
  • Developments in knowledge and technology

Changes must be controlled to mitigate against adverse impact on OH&S

8.1.4 Procurement

8.1.4.1 Procurement

The organization must establish a process to control the procurement of products and services to ensure conformity with its OH&S Management System

8.1.4.2 Contractors

  • The organization must establish a process to coordinate with contractors for hazard identification and access controls to OH&S risks from contractor activities
  • The requirements of the OH&S management system must be met by contractors and their workers
  • The organization must establish the OH&S criteria for selection of contractors

8.1.4.3 Outsourcing

The organization must ensure outsourced functions and process are controlled. The Outsourced arrangements must be consistent with legal requirements. It should be integral to the organization’s ability to operate. There must be controls to achieve the intended outcome of the OH&S management system

8.2 Emergency preparedness and response

Emergency preparedness and response is a key element in the mitigation of occupational health & safety risk. The standard informs us that it is the responsibility of the organization to be prepared, and a number of elements should be considered and planned for. Actions to mitigate incidents must be developed, as well as internal and external communication methods and appropriate methods for emergency response. Consideration of varying types of occupational health & safety incidents needs to be made, as do root cause analysis and corrective action procedures to respond to incidents after they occur. Regular emergency response testing and relevant training need to be considered and undertaken, and assembly routes and evacuation procedures defined and communicated. Lists of key personnel and emergency agencies (think clean-up agencies, local emergency services, and local occupational health & safety offices or agencies) should be established and made available, and it is often good practice to form partnerships with similar neighboring organizations with whom you can share mutual services and provide help in the event of an occupational health & safety incident. To establish an Emergency  preparedness and response process the organization must

  • Identify potential emergency situations
  • Assess OH&S risks associated with these
  • Establish Preventative controls
  • Plan response to emergency situations including the provision of first aid
  • Conduct periodic testing and exercise of emergency response capabilities
  • Evaluate and revise plans
  • Communicate information relevant to their duties
  • Conduct Training
  • Identity Needs and capabilities of interested parties
  • Maintain and retain documented information

Clause  9: Performance Evaluation

Performance Evaluation provides an in-depth discussion regarding the criteria for evaluating the overall performance of the OH&S management system. The primary themes of this section focus on the means of process evaluation and documentation of evaluations. The importance of documentation (and how records and data are retained), as well as document dissemination, are performance themes both in ISO 45001 in general and in this section in particular.The organization must establish a system that involves the monitoring, measurement, analysis, and evaluation of its OH&S performance. It should decide what to measure and how, for instance, accidents or worker competence. Moreover, internal audits must be established along with regular management reviews, in order to see the progress made towards the achievement of OH&S objectives and the fulfillment of ISO 45001 requirements.

This section tends to be more specific than some of the others and includes a detailed discussion of documentation requirements, internal audit protocols, and relevancy and applicability of measurements within the organization. The key attributes of this section include:

  1. Following applicable legal requirements and documentation are followed.
  2. Measuring operational risks and hazards.
  3. Evaluating the effectiveness of operational controls.
  4. Establishing the timeline for conducting the measures.
  5. Planning for analysis, evaluation, and communication of the results.
  6. Calibrating and verifying the accuracy of all equipment.
  7. Retaining documentation of all measures.
  8. Auditing the OH&S Management System, the OH&S Policy, OH&S Objectives and the 45001 requirements.
  9. Establishing the frequency of audits and account for significant changes to the organization, performance improvements, risks, and opportunities.
  10. Ensuring the competence of auditors.
  11. Communicating findings to management, workers, and worker representatives.
  12. Taking action to address identified nonconformities.
  13. Retaining audit results as evidence of the completion of the audit.
  14. Reviewing audit findings and corrective actions by top management.
  15. Ascertaining that corrective actions, worker engagement, and opportunities for continual improvement are in place

The most important objectives of the Performance Evaluation section are ensuring the adequacy of the current OH&S management system and measuring that OH&S objectives are met. These are, essentially, the only measures of success.

9.1 Monitoring, measuring, analysis, and evaluation

9.1.1 General

The organization not only has to measure occupational health & safety progress, but it should also consider its significant hazards, compliance obligations, and operational controls when tackling this clause. The methods established should have considerations to ensure that the monitoring and measuring periods are aligned with the needs of the OH&S Management System for data and results; that the results are accurate, consistent, and can be reproduced; and that the results can be used to identify trends. It should also be noted that the results should be reported to the personnel with the authority and responsibility to initiate action on the basis of the outputs themselves.

9.1.2 Evaluation of compliance

The standard recognizes that evaluation requirements will vary from organization to organization based on factors such as size, compliance obligations, sector worked in, past history and performance, and so on, but suggests that regular evaluation is always required. If the result of a compliance evaluation reveals that a legal requirement is unfulfilled, the organization needs to assess what action is appropriate, possibly up to contacting a regulatory body and agreeing on a course of action for repair. This agreement will now see this obligation become a legal requirement. Where a non-compliance is identified by the OH&S Management System and corrected, it does not automatically become a non-conformity.

9.2 Internal Audit

9.2.1 General

Internal audits and auditors should be independent and have no conflict of interest over the audit subject, the standard reminds us, and it should be noted that non-conformities should be subject to corrective action. When considering the results of previous audits, the results of previous internal and external audits and any previous non-conformities and resulting actions to repair them should be taken into account.

9.2.2 Internal audit program

The 45001:2018 standard refers us to ISO 19011 for the internal audit program, but when you are establishing your program there are several rules you can subscribe to in order to ensure that your program is effective. Base your internal audit frequency on what is reasonable for your organization in terms of size, sector you operate in, compliance obligations, and risk to the health and safety of workers. Decide what is reasonable for you, whether that is bi-annually, quarterly, or whatever you deem suitable. Keep in mind that this schedule can be changed, preferably through management review and leadership guidance, in the event of changes that necessitate extra internal audit activity.

9.3 Management Review

It should be noted that, contrary to popular belief, the management review does not have to be done all at once; it can be a series of high-level or board meetings with topics tackled individually, although it should be on a strategic and top management level. Complaints from interested parties should be reviewed by top management, with resultant improvement opportunities identified. It should be remembered that the management review generally is the one function that must be carried out accurately and diligently to ensure that the function of the OH&S Management System and all resulting elements can follow suit. It goes without saying that all details and data from the management review must be documented and recorded to ensure that the OH&S Management System can follow the specific requirements and general strategic direction for the organization detailed there.

Clause 10: Improvement

Clause 10, the final major section, delineates the concept of continual improvement within the context of specific activities. Any organization wishing to adopt the principles of ISO 45001 must have a plan for addressing nonconformities in a timely manner. Organizations should take direct action to control conditions and deal with consequences. Nonconformities can be identified from investigations, audits, or other events. The corrective actions should be evaluated and the results should be documented. To achieve continual improvement, the organization shall have an OH&S management system that:

  1. Prevents the occurrence of incidents and nonconformities.
  2. Promotes a positive OH&S culture.
  3. Enhances OH&S performance

The organization should react accordingly to nonconformities and incidents, and take action to control, correct them, cope with their consequences, and eliminate their source so as to prevent recurrences.

clause10

10.1 General

Outputs from management reviews, internal audits, and compliance and performance evaluations should all be used to form the basis for improvement actions. Improvement examples could include corrective action, reorganization, innovation, and continuous improvement programs.

10.2 Nonconformity and corrective action

Prevention of incidents and elimination of hazards is a key facet of the OH&S Management System, and this is specifically addressed in the definition of organizational context (4.1) and assessing risks and opportunities (6.1). Taking action to correct and control problems when they occur, and then to investigate and take corrective action for the root causes of these problems when it is necessary, are critical to prevent recurrence of process nonconformity. The organization must

  • React to incidents in a timely manner.
  • Take direct action to control and correct.
  • Evaluate the root cause
  • Determine action
  • Review of assessment of OH&S risks prior to taking action
  • Communicate documented information to relevant workers

Reporting of incidents without delay can assist in the removal of hazard

10.3 Continual improvement

Through all of the actions to improve the overall OH&S Management System, the organization can achieve enhanced OH&S performance and promote a culture that supports worker participation in making the OH&S Management System better. The organization must:

  • Enhance OH&S performance
  • Promote a positive OH&S culture
  • Promoting the participation of workers in implementing actions
  • Communicate results
  • Retain documented information

Mapping ISO 45001 to OHSAS 18001

ISO 45001:2018 clause clause OHSAS 18001:2007
Context of the organization (title only) 4 New requirement (see also 4.6h in Management review)
Understanding the organization and its context 4.1 New requirement (see also 4.6h in Management review)
Understanding the needs and expectations  of workers  and other interested parties 4.2 4.4.3.2 Participation and consultation (in part)(see also 4.6b and c in Management review)
Determining the scope of the OH&S management system 4.3 4.1 General requirements (in part)
OH&S management system 4.4 4.4.1 Management system General requirements
Leadership and worker participation (title only) 5 4.4.3 Communication, participation and consultation (title only)
Leadership and commitment 5.1 4.4.1 Resources, roles, responsibility, accountability and authority
OH&S Policy 5.2 4.2 OH&S policy
Organizational roles, responsibilities, and authorities 5.3 4.4.1 Resources, roles, responsibility, accountability, and authority
Consultation and participation of workers 5.4 4.4.3.2 Participation and consultation
Planning (title only) 6 4.3 Planning (title only)
Actions to address risks and opportunities (title only) 6.1 4.1
4.3.1
General requirements
Hazard identification, risk assessment and determining controls
General 6.1.1 4.4.6 Operational Control
Hazard identification and assessment of risks and opportunities (title only) 6.1.2 4.3.1 Hazard identification, risk assessment and determining controls
Hazard identification 6.1.2.1 4.3.1 Hazard identification, risk assessment and determining controls
Assessment of OH&S risks and other risks to the OH&S management system 6.1.2.2 4.3.1 Hazard identification, risk assessment and determining controls
Identification of OH&S opportunities and other opportunities to the OH&S management system 6.1.2.3 New Requirement
Determination of legal requirements and other requirements 6.1.3 4.3.2 Legal and other requirements
Planning action 6.1.4 4.3.6 Operational Control
OH&S objectives and planning to achieve them 6.2 4.4.6 Objectives and programme(s)
OH&S objectives 6.2.1 4.4.6 Objectives and programme(s)
Planning to achieve OH&S objectives 6.2.2 4.4.6 Objectives and programme(s)
Support(title only) 7 4.4 Implementation and operation (title only)
Resources 7.1 4.4.1 Resources, roles, responsibility, accountability and authority
Competence 7.2 4.4.2 Competence, training and awareness
Awareness 7.3 4.4.2 Competence, training and awareness
Communication 7.4 4.4.3.1 Communication
General 7.4.1 4.4.3.1 Communication
Internal Communication 7.4.2 4.4.3.1 Communication
External Communication 7.4.3 4.4.3.1 Communication
Documented information (title only) 7.5 4.4.4
4.4.5
4.5.4
Documentation
Control of Documents
Control of records
General 7.5.1 4.4.4
4.4.5
4.5.4
Documentation
Control of Documents
Control of records
Creating and Updating 7.5.2 4.4.4
4.4.5
4.5.4
Documentation
Control of Documents
Control of records
Control of Documented Information 7.5.3 4.4.4
4.4.5
4.5.4
Documentation
Control of Documents
Control of records
Operation (title only) 8 4.4 Implementation and operation (title only)
Operational planning and control (title only) 8.1 4.4.6 Operational control
General 8.1.1 4.4.6 Operational control
Eliminating hazards and reducing OH&S risks 8.1.2 4.3.1
4.4.6
Hazard identification, risk assessment and determining controls
Operational control
Management of change 8.1.3 4.3.1
4.4.6
Hazard identification, risk assessment and determining controls
Operational control
Procurement(title only) 8.1.4 4.4.6 Operational control
General 8.1.4.1 4.4.6 Operational control
Contractors 8.1.4.2 4.3.1
4.4.3.1
4.4.3.2
4.4.6
Hazard identification, risk assessment and determining controls
Communication
Participation and consultation
Operational control
Outsourcing 8.1.4.3 4.3.2
4.4.3.1
4.4.6
Legal and other requirements
Communication
Operational control
Emergency preparedness and response 8.2 4.4.7 Emergency preparedness and response
Performance evaluation (title only) 9 4.5 Checking (title only)
Monitoring, measurement, analysis and performance evaluation (title only) 9.1 4.5.1 Performance measurement and monitoring
General 9.1.1 4.5.1 Performance measurement and monitoring
Evaluation of compliance 9.1.2 4.5.2 Evaluation of compliance
Internal audit (title only) 9.2 4.5.5 Internal audit
General 9.2.1 4.5.5 Internal audit
Internal audit programme 9.2.3 4.5.5 Internal audit
Management review 9.3 4.6 Management review
Improvement (title only) 10.0 4.6 Management review
General 10.1 4.6 Management review
Incident, nonconformity and corrective action 10.2 4.5.3
4.5.3.1
4.5.3.2
Incident investigation, nonconformity, corrective action and preventive action (title only)
Incident investigation
Nonconformity, corrective action and preventive action
Continual improvement 10.3 4.2
4.3.3
4.6
Legal and other requirements
Communication
Operational control

 

Procedure for Design and Development

1. SCOPE

This procedure covers all roles, responsibilities, and authorities related to the Design process at XXX

2. PURPOSE

The purpose of this procedure is to define the design control process used by XXX during the design and development of its products and services.

3. REFERENCE DOCUMENTS

3.1 XXX Quality Manual.
3.2 Procedure for Correction and Corrective Action.
3.3 Procedure for Production.
3.4 Procedure for Purchase.
3.5 Procedure for QA.
3.6 Business Development and Marketing Procedure
3.7 Procedure For Review of Customer Requirements

4.TERMS & DEFINITIONS

4.1 Design verification: Testing aimed at ensuring that all design outputs meet design conditions imposed at the beginning of the process.

4.2. Design validation: Testing aimed at ensuring that a product or system fulfills the defined user needs and specified requirements, under specified operating conditions. See also validation.

4.3 Design review: A design review is a milestone within a product development process whereby a design is evaluated against its requirements in order to verify the outcomes of previous activities and identify issues before committing to – and if need to be re-prioritise – further work. The ultimate design review, if successful, therefore triggers the product launch or product release.

5.0 RESPONSIBILITY AND AUTHORITY

The Design Manager is responsible for implementation and management of this procedure.

6.0 DETAILS OF PROCEDURE

6.1. Design Planning

6.1.1. The Design Manager plans the stages and controls for Design and development, by taking into account:

  • Nature, duration and complexity of design activities
  • Required process stages, including applicable design activities
  • Required verification and validation activities
  • Internal and external resources needed
  • Interfaces between persons involved in Design
  •  Design regulations, standards

6.1.2. The design planning documentation shall be recorded electronically and/ or in hard copy form, as appropriate. This will include the Design Team comprising of the assigned design engineers, support staff, subordinate third party providers, and the responsibilities and authorities for each. Where third parties are utilized, this shall define the approved points of contact.
6.1.3. The Design Manager must ensure that the Design Team:

  • Implements design control
  • Generates the design plan and schedule
  • Reviews changes to product or service design
  • Defines activities of verification and validation

3.1.4. At any stage, the Designers must maintain design control with history of changes as per Design Change Log.

6.2. Design inputs

6.2.1 Design “inputs” are the requirements for the final product or service.
6.2.2 According to the preliminary design, the Design Manager decides whether to involve customers with the Design team, and creates the Design Task, which contains the input data that defined the request for product or service.
6.2.3 The product or service specifications/ requirements are maintained in the Document Register by the Department Head.

6.3 Developing the Design Plan

6.3.1 According to the Design Task , the Design Team creates the Design Plan and defines:

  • • The design phases
    • All activities related to phase realization
    • Input elements of each phase
    • Responsibilities of team members for each phase
    • Phase realization deadlines
    • Phase deliverables
    • Resources needed
    • Changes in phases and approval of changes
    • Design phase status (reviewed, validated, verified and completed)

6.3.2 The Design Plan will be updated as the design work progresses.

6.4 Design Outputs

6.4.1 Once design inputs are captured, the production of design outputs may begin. Typically, these are:

  • Drawings
  • Specifications
  • Models
  • Standards and specifications, work instructions, method statements etc.

6.4.2 The Department Head oversees the development of the appropriate design outputs, including those produced by third party providers.
6.4.3 All design outputs must be developed so they properly address the applicable design input requirements.

6.5 Design Controls

6.5.1 Design Reviews and Verification

6.5.1.1 The Designer/ Drafter of the design output shall review the Design.
6.5.1.2 Additional verification shall be performed by peer, expert designers or by a third party.
6.5.1.3 The Design Manager shall then perform design verification, to check that the design inputs have been addressed satisfactorily in the design outputs. Records of design verification are maintained as formal approvals. The design process may not proceed until all design outputs are verified as having addressed the design inputs.
6.5.1.4 Should the design review/ verification phase identify any problems/changes, the Design Team shall suggest actions to resolve them. These actions shall be recorded in the Change Review Record.
6.5.1.5 After phase review, the Department Head approves the start of the new phase by signing the Design Plan.

6.5.2. Design Validation

6.2.1 Design validation is performed by Consultants/ Client Representatives by comparing the design documents with the project specifications and the design data.
6.2.2 The Design Team conducts validation before release of product or service.
6.2.3 The Design Manager will ensure necessary actions are taken on problems/changes identified during the review or verification and validation activities.

6.6. Design Changes

6.6.1 Where changes/ variations are required in the design, the customer shall request these formally, or the customer’s approval obtained prior to commencing any work.
6.6.2 The Design Manager shall review the change request and record his approval in the Change Review Record.
6.6.3 The status of all design changes shall be maintained in a Design Change Log.
6.6.4 Applicable design data or documents will be revised with their revision indicator incremented and updating of Document Register. Obsolete design documents shall be removed from circulation, or identified as such, to prevent their unintended use.
6.6.5 Changed designs must go through the same design review, verification and validation as the original design.

7.0 RETAINED DOCUMENTED INFORMATION

7.1 Change Review Record (D&D / QF/01)
7.2  Design Plan (D&D / QF/02)
7.3 Design Task (D&D / QF/03)
7,4 Design Change Log(D&D / QF/04)


Procedure for Logistics

1. SCOPE

This procedure covers all roles, responsibilities, and authorities related to the Logistics process at XXX

2. PURPOSE

The purpose of this procedure is to manage vehicles and other heavy equipment use in an efficient and effective manner, to encourage the safety of vehicles, drivers and passengers and to minimize damage to  XXX’s vehicles.

3. REFERENCE DOCUMENTS

3.1 XXX Quality Manual,
3.2 Procedure for Correction and Corrective Action.
3.3 Procedure for Production.
3.4 Procedure for Purchase.

4.TERMS & DEFINITIONS

4.1. Heavy equipment: Heavy equipment refers to heavy-duty vehicles, specially designed for executing construction tasks, most frequently ones involving earthwork operations. They are also known as heavy machines, heavy trucks, construction equipment, engineering equipment, heavy vehicles, or heavy hydraulics.
4.2. Logistics: Planning, execution, and control of the procurement, movement, and stationing of personnel, material, and other resources to achieve the objectives of a campaign, plan, project, or strategy. It may be defined as the ‘management of inventory in motion and at rest.’

5.0 RESPONSIBILITY AND AUTHORITY

5.1  Logistics officer
5.2. Supply Chain Manager
5.3. Store keeper
5.4. Drivers and Helpers

6.0 DETAILS OF PROCEDURE

6.1. Transportation Management

6.1.1. Wherever applicable, the term vehicle to be applied to heavy Equipment and driver or the operator of heavy Equipment.
6.1.2. Usage of vehicles and other Equipment for personal use are prohibited; responsible person besides paying for the loss will be subject to legal action.
6.1.3. Vehicles/Heavy Equipment should not be used after official working hours, unless there is a need for it based on the work plan.
6.1.4. Logistics Officer should prepare a Transportation and Routing work plan with approvals work plan by the Project Coordinator.
6.1.5. The Transferring Party must load products to vehicle according to Transportation and Routing work plan.
6.1.6. The Driver receives other related documents (Return Note/Rework Report/Scrap Report/Delivery Note) and signs indicating the materials are in his possession, are on the way and transports the materials.
6.1.7. When loading materials from site/production, Return Note and Rework/Scrap Report is prepared by Site Engineer/Supervisor and given to driver.
6.1.8. When loading is from Warehouse, Delivery Note is prepared by Storekeeper and given to driver.
6.1.9. The Driver delivers the Return Note and Delivery Note to transferring party.

6.2. Safe working guidelines

6.2.1. In case of accident drivers should immediately report the incident and type of damage or involving personal injuries to the local law enforcement agency and to his supervisor as soon as possible and the supervisor to visit the accident site to ensure and be able to decide what caused the accident and who the blame goes to.
6.2.2. Drivers who fail to adhere to vehicle usage policies and procedures are subject to disciplinary action according to the severity of the infraction. If a violation occurs while operating XXX’s vehicle, all fines are the responsibility of the driver.
6.2.3. Transportation is responsible to ensure all drivers are well aware of traffic regulations and abide by those rules.
6.2.4. The driver should take every precaution to ensure the safety of passengers. No person may ride in a vehicle unless properly restrained by a seat belt It shall be the driver’s responsibility to ensure that all passengers are properly restrained.
6.2.5. All traffic and parking laws are to be obeyed. Posted speed limits are not to be exceeded, nor is the vehicle to be operated above safe driving speeds for road conditions. All traffic and parking violations and fines, including any late fees or penalties, are the responsibility of the driver involved. Failure to promptly pay a violation or fine may result in disciplinary action.
6.2.6. The driver of vehicle shall take every precaution to ensure the safety of the vehicle and its contents. The driver shall lock the vehicle and take the keys.
6.2.7. The driver should ensure tires are in good condition and the air pressure is correct, lights and signals are clean and working.
6.2.8. The driver should ensure oil and antifreeze/coolant is at proper levels and shock absorbers do not show any signs of leaks meanwhile the braking system in top working order
6.2.9. The driver should try to consider the safety distance while driving behind the driver in front – more in bad weather or at night.
6.2.10. The driver should ensure to pass on the left, but only where it’s permitted and where you can see enough clear space to pass comfortably. Be especially alert in heavy traffic – for sudden stops, cars passing or moving in and out of lanes, debris, construction, or potholes.
6.2.11. The driver should constantly check rearview and side mirrors for approaching traffic.
6.2.12. The driver should obey the speed limit and other rules of the road use windshield wipers, lights, and defroster in rain and snow. Turn on headlights as soon as it starts to get dark.
6.2.13. Cell phones should not be used by drivers when operating and driving vehicles.
6.2.14. The Driver should have a valid licenses and permits and be well aware of all the traffic rules and regulations of the country.

6.3. Responsibilities of Fleet/Heavy Equipment Supervisor

6.3.1. To keep all the vehicles ready, functional and fully equipped with supplies and accessories based on the seasonal requirement and make sure efficient use of all transportation means.
6.3.2. Usual repair and technical maintenance of all vehicles and transportation facilities in accordance with the vehicle’s manufacturing company catalogue.
6.3.3. Monitoring all transportation facilities including vehicles power generation machines, workshop and other transport related machinery during official hours.
6.3.4. Ensure all vehicles have license plate, usage permit, log books, and legally have no barrier to be used by the driver.
6.3.5. Monitoring the cleanness, technical maintenance, for all vehicles are done properly and timely.

6.4. Vehicle Management guidelines for requesting fuel, lubricants and other spare parts

6.4.1. Driver to put a Requisition Form after the vehicle reached the given norm of (i.e. changing engine oil).
6.4.2. The requisition should be approved by the Fleet/Heavy Equipment Supervisor.
6.4.3. The Requisition form should be filled for requesting of needed material from the stock. If the spare parts were not available in the stock, storekeeper will recommend purchase from market in the same form.
6.4.4. Next step is to visit Store for receiving the required spare parts/supplies for the vehicle.
6.4.5. The driver will then have to go to the Maintenance for the physical maintenance (changing engine oil, filter, air filter, diesel filters and etc.).
6.4.6. For useless spare part the Spare Register that is used for the parts and supplies that are no more in use and has been depreciated should be filled and returned to stock along with those depreciated spare parts/ supplies.

6.5. Vehicle Maintenance guidelines

6.5.1. Fleet Supervisors must provide the driver with required amount of fuel and lubricants used during the travel and ensure the vehicle is fully functional and operational.
6.5.2. Log Sheets for all vehicles should be kept up to date and KM and dates of usage should be listed at the beginning and end points of all trips. Users of the vehicles must write the Starting KM, destination of the trip and the end of travel KM counter into the Vehicles log book.
6.5.3. Fuel consumptions differs by type of vehicle, engine, Cylinder and type of fuel (Petrol, Diesel) of vehicles and are calculated per KM. Drivers are responsible to check and ensure the KM counter at the vehicle is functional and should verify it with the Fleet Supervisor.
6.5.4. All vehicles and Heavy Equipment of XXX based on the technical specification of the manufacturing company should be kept functional and operational as well should be operated based on the manufacturing company’s catalogue for routine and seasonal maintenances. Fleet/Heavy Equipment Supervisor is responsible to ensure all the vehicles maintenances and cleanups are done in timely manner logged in Vehicle Maintenance Log and based on the schedules maintained in Vehicle Maintenance Schedule. Critical Spare parts must be maintained in Spare part Register.
6.5.5. Vehicles and Heavy Equipment should be kept in a safe and covered area during night times and official holidays. The Transportation department should ensure safety and security of the vehicle parking.
6.5.6. Drivers are responsible to coordinate with Fleet /Heavy Equipment Supervisors for technical maintenance, cleaning services and take good care of their assigned vehicles based on need and given schedules and to ensure their vehicles have enough fuel and other required lubricants to operate normally. Preventive and Breakdown Maintenance must be carried out at authorized agencies and must be managed by Fleet Supervisors.
6.5.7. Driver to put a Requisition form explaining the type of technical problem in the vehicle to Fleet/Heavy Equipment Supervisor.
6.5.8. The Supervisor will approve the request and refer it to the Maintenance Supervisor. The Maintenance supervisor will inspect and check the vehicle and will provide their findings and feedback.
6.5.9. Fleet/ Heavy Equipment Supervisor to put a Requisition form to the Procurement Department describing the technical issue of the vehicle and list down required spare parts for the vehicle to be replaced based on the recommendation and findings of the Maintenance Supervisor committees.
6.5.10. Once approved, the Procurement department to procure and coordinate the purchase of the approved spare parts with the contractor/Vendor.
6.5.11. Once the spare parts are provided it should be checked by the Fleet/Heavy Equipment Supervisor for their review and confirmation. Meanwhile, all paper works including the purchase bills and approved requests should be prepared and sent to Finance department for processing and payments.
6.5.12. Driver to take the vehicle to the workshop or authorized Agency for maintenance and replacing the spare parts, and to return the damaged spare parts to stock.

6.6. Quarterly Maintenance

6.6.1. Check #1 Include but is not limited to full check of the vehicle from front wheel and continued to the rear wheel of the vehicle, vehicle should be placed in workshop, for the technical inspection and test drives, if any faults identified then the vehicle should be parked for maintenance following the procedures explained in above for replacing any damaged spare parts, and should be recorded in the vehicle maintenance history log book.
6.6.2. Check #2 is more detailed in comparison to check #1 and includes, opening, cleaning and refreshing lubricants of front and rear wheels, checking brakes, brake pads, shock absorbers, metal compression coil springs, as well as same maintenance and checks are applicable on the rear wheels of the vehicle. Furthermore all lubricants for gearbox, steering wheel, brake and other necessary parts
6.6.3. Weekly, Monthly and Quarterly Checklist should be maintained as per the Checklist for each vehicle/equipment.

7.0 RETAINED DOCUMENTED INFORMATION

7.1 Vehicle Log (QMS F 103)
7.2 Automobile maintenance schedule (QMS F 104)
7.3 Vehicle Maintenance Log (QMS F 105)
7.4 Transportation & Routing Plan (QMS F 106)
7.5 Spare Part Register (QMS F 107)