Академический Документы
Профессиональный Документы
Культура Документы
REVEALED
The intended outcomes of the OH&S management system are to prevent work-related injury and ill
health to workers and to provide safe and healthy workplaces; consequently, it is critically important
for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and
protective measures.
When these measures are applied by the organization through its OH&S management system, they
improve its OH&S performance. An OH&S management system can be more effective and efficient
when taking early action to address opportunities for improvement of OH&S performance.
The implementation and maintenance of an OH&S management system, its effectiveness and its
ability to achieve its intended outcomes are dependent on a number of key factors which can include:
c) Communication.
d) Consultation and participation of workers, and, where they exist, workers’ representa
tives.
f) OH&S policies, which are compatible with the overall strategic objectives and direction
of the Organization.
g) Effective process for identifying hazards, controlling OH&S risks and taking advantage
of OH&S opportunities.
i) Integration of the OH&S management system into the organization’s business process
es.
j) OH&S objectives that align with the OH&S policies and take into account the organiza
tion’s hazards, OH&S risks and OH&S opportunities.
The level of detail, the complexity, the extent of documented information and the resources needed
to ensure the success of an organization’s OH&S management system will depend on a number of
factors, such as:
The nature of the organization’s activities and the related OH&S risks.
PLAN-DO-CHECK-ACT CYCLE
The OH&S management system approach applied in this document is founded on the concept of
Plan-Do-Check-Act (PDCA).
The PDCA concept is an iterative process used by organizations to achieve continual improvement. It
can be applied to a management system and to each of its individual elements, as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other
opportunities, establish OH&S objectives and processes necessary to deliver results in
accordance with the organization’s OH&S policy;
c) Check: monitor and measure activities and processes with regard to the OH&S policy and
objectives, and report the results;
d) Act: take actions to continually improve the OH&S performance to achieve the intended
outcomes.
Objectives
The ‘one-way streets’The mandatory ‘points of call’
Detail where you need to be, and by when, to arrive at your ultimate destination. Consideration will
have to be taken as to the least hazardous routes (risk assessment results), the one-way streets that
you need to negotiate (legal compliance) and your overall journey map (policy statement) when iden-
tifying your mandatory points of call.
Once you have identified your mandatory points of call (objectives), you can begin to map out the
quickest and safest journey route (management programme). With start and completion dates being
assigned between each point of call, the time taken to reach the ultimate destination can be calculated,
the appropriate number of ‘driver’s assigned and consideration given to the amounts of fuel required
($).
www.ehsemiratesfoundation.com ISO 45001 Revealed
Structure & responsibility
‘Drivers’ of the health and safety vehicle
As the road to continuous health and safety improvement is never ending, responsibility for driving
the vehicle (ISO 45001) will, without doubt, have to be shared. To leave all of the driving to one
individual, can ultimately lead to ‘tiredness’ and a ‘system crash’. It is often best to appoint a ‘co-driv-
er’ (Management Representative) who will ‘direct’ a number of select drivers through the one-way
streets (legislative obligations) and look out for any unpredicted hazards that may become apparent.
Once a number of suitable drivers have been nominated, a decision can then be made as to which
particular parts of the journey that they themselves will drive.
Documentation
Vehicle Operating Manual
The Vehicle-Operating Manual (OH&S policy manual) details how the vehicle (ISO 45001) is built and
structured. Usually issued to all the ‘drivers’ at the onset of the journey, it provides a complete over-
view of how to use the vehicle correctly to minimize vehicle (system) breakdown.
Management review
‘‘Motorway service stops’
Whereby all the drivers can get together to review the journey to date and discuss the effectiveness
of, and changes to, the road map (policy), key points of call (objectives), travel timetable (manage-
ment programme), one-way streets (legislation) and the highway code (operational procedures).
Such a get together is used to assess the adequacy of fuel levels (£) to complete the journey, and to
discuss the results of police spot checks (Audits) and MOT’s (Certification).
This should include documented information regarding planning to address legal requirements and
other requirements and on evaluations of the effectiveness of these actions.
“Documented information” is used to include both documents and records. This document uses the
phrase “retain documented information as evidence of…” to mean records, and “shall be maintained
as documented information” to mean documents, including procedures. The phrase “to retain docu-
mented information as evidence of…” is not intended to require that the information retained will
meet legal evidentiary requirements. Instead, it is intended to define the type of records that need to
be retained.
Information required to be controlled and maintained by an organization and the medium on which
it is contained. Documented information can be in any format and media, and from any source and
documented information can refer to:
Here are the documents you need to produce if you want to be compliant with ISO 45001:
Non-mandatory documents
No system exists using only the mandatory documents. There are numerous non-mandatory
documents that can be used for ISO 45001 implementation. However, I find these non-mandatory
documents to be most commonly used:
Procedure for determining context of the organization and interested parties (clauses 4.1
and 4.2)
Procedure for identification and evaluation of OH&S management system risks and oppor-
tunities (clauses 6.1.1 and 6.1.2)
Competence, training and awareness procedure (clauses 7.2 and 7.3)
Procedure for communication (clause 7.4)
Procedure for document and record control (clause 7.5)
Procedure for internal audit (clause 9.2)
Procedure for management review (clause 9.3)
Procedure for management of nonconformities and corrective actions (clause 10.2)
The good thing is that the standard went in the same direction as ISO 9001 and ISO 14001 regarding
the approach to documents and records, and the requirements are the same for common require-
ments of those standards. On the other hand, it dropped some theoretical requirements compared to
OHSAS 18001, such as documenting OH&SMS Elements & their interaction. In this way the standard
emphasizes demonstration of OH&S management system effectiveness rather than writing endless
theoretical procedures.
As with the other recently revised ISO management standards (ISO 9001:2015 / ISO 14001:2015)
the context is one of the corner stones of the revision and potentially generated the highest
number of questions from clients.
The context of the organization is a consideration of the internal and external influences the organiza-
tion is required/chooses to respond to in relation to the OHS management system. The influences can
be positive or negative and may come from a range of sources.
If we start with the organization as it stands now; consider the current situation of the organization
and ask:
Why do we do this?
What is the intended outcome / benefit?
Where and who is the requirement coming from?
How do we meet / deliver this requirement?
How do we know it has been successful in achieving the intended outcome?
What if hasn’t delivered what was required – what happens next?
The above should help you identify the internal and external issues faced by the organization. Exam-
ples may include:
EXTERNAL
Legal and statutory requirements
Cultural, regional and local issues
Key industry drivers
Competition and market conditions
These are just a few examples of what may apply, but all organizations are individual even if they
operate in similar circumstances or industries.
Consideration of the above will aid the identification of interested parties and if you then ask the ques-
tions identified in the earlier section, the process for the context has been established. Decisions must
be made as to which of the identified needs or expectations are or could become statutory or other
requirements.
This clause emphasizes greater involvement from top management and from employees. As a result,
top management is expected to be more involved in review procedures. Greater awareness and
participation from employees is also expected.
Comments on the draft of ISO 45001 asked for clarification on the intended outcomes of health and
safety programs. They also focused on clarifying the role of top leadership in the health and safety
management system. This clause is expected to undergo revisions before the publication of the final
standard.
This clause is the cornerstone for the success of the OH&S MS. Whilst in OHSAS 18001 top manage-
ment were responsible for OH&S and were required to ‘appoint’ a member of top management with
specific responsibility for OH&S. Top management in ISO 45001 are responsible and accountable for
the prevention of work-related injury and ill health as well as the provision of safe and healthy work-
places (not simply providing support for a management system). This requires top management to
be personally involved in order to develop, lead and promote a culture that supports OH&S. It should
also be noted that leadership and culture is identified as a potential hazard later in the standard
(6.1.2.1a).
It is also top management that has to ensure that a process for consultation and participation with
workers is established. This may include establishing a health and safety committee.
It is also top management’s responsibility to establish, implement and maintain the health and safety
policy. The required contents for the policy are enhanced from OSHAS 18001 and include elements
such as a commitment to consultation and participation of workers. Importantly consultation with
workers on the health and safety policy is included later in this clause.
Consultation and participation of workers is significantly enhanced from OSHAS 18001 which was
limited to participation in hazard identification and consultation on changes. In ISO 45001 consulta-
tions involve seeking views before making a decision with clear two-way communication, whilst
participation is involvement in decision-making. This must include non-managerial workers.
The organization is now required to provide the mechanisms, time, training and resources for consul-
tation and participation of workers. This includes removing any obstacles or barriers such as
language, literacy or fear of reprisals.
This risk-based approach will enable organisations to build pre-emptive OHS management systems.
Alignment to the HLS structure has seen planning split in a slightly unusual way. There are still the
elements that you would expect and know from OSHAS 18001 such as hazard identification, assess-
ment, control, legal requirements and objective setting but the HLS requirements of risk and opportu-
nities introduced a challenge for the expert committee that developed ISO 45001.
In order to incorporate the HLS and the aim of the OH&S management system, risk and opportunities
has been broken into two elements:
This includes adapting work to workers, eliminating hazards and other opportunities for improving
the OH&S management system such as implementing ISO 45001. Importantly risks and opportunities
shall be determined before planned change.
There is also increased emphasis on identifying hazards associated with mental ill-health (adverse
mental or cognitive conditions) such as workload, bullying and the leadership and culture of the orga-
nization. Additionally the identification of hazards has to start at conceptual design stage as well as
the on-going lifecycle of workplace, facility, equipment, processes, activity etc. The principles of hori-
zon scanning are also introduced within this clause. New knowledge of, and information about,
hazards has to be taken into account
Simply expressed, this is a very powerful requirement covering all OH&S resource needs. This clause
covers resources, competence, awareness, communication and documented information. Resources
are defined in more detail and this demonstrates a move to an OHS management system which is
more integrated to the business as a whole.
While there's not that much change to this clause compared to BS OHSAS 18001, it is more detailed
and less ambiguous.
The competency element of this clause is very similar to OSHAS 18001 but communication is split out
in ISO 45001 into awareness, communication, internal and external communication. ISO 45001 uses
the term ‘documented information’, instead of ‘documents’ and ‘records’ as used in
OSHAS 18001.
This reflects modern types and use of information – cloud based, multi-media etc. However one of the
biggest drivers for this change was the recognition that the implementation of OH&S MS’s had led to
an over reliance on documented procedures, creating unnecessary and bureaucratic paper trails, that
did not actually improve OH&S performance.
This clause is more explicit about managing outsourcing, procurement and contractors than BS
OHSAS 18001 in a move to ensure organisations demonstrate a responsibility for supplier health and
safety management and do not contract out risk.
This clause is significantly enhanced from OSHAS 18001. Not only does it remove the ‘option’ of using
the hierarchy of controls, instead making its use a specific requirement, it introduces new sub-clauses
on procurement and change.
One of the real strengths of OSHAS 18001 was the explicit recognition that change needed to be taken
into account during hazard identification and risk assessment. However ‘taking into account’ and
proactively managing change are very different things. Change presents real risks and opportunities
to organizations. ISO 45001 acknowledges this and has a dedicated clause now on the management
of change.
Organization will need to plan how to implement change in a manner that does not introduce new
(unforeseen) hazards or increase the OH&S risks, whilst also identifying the opportunities for improv-
ing OH&S performance that the change may enable.
The new sub-clause on procurement provides recognition that the risks related to the supply chain
are most effectively managed when they are taken into account at the very first stages of procure-
ment – pre-tender and tender. Experience has shown that trying to manage the risks introduced by
the supply chain once its operational are extremely expensive and limited in effectiveness.
With ISO 45001, organizations have to establish procurement processes that conform to the OH&S
MS, including defining OH&S criteria for the selection of contractors. These procurement activities
have to be coordinated with those contractors.
New within this section is outsourcing. Relating back to the ‘context’ of an organization and its credi-
bility, there was concern by the expert panel that certain activities or processes with high OH&S risks
were being outsourced, without due consideration of the implications for OH&S this had. A responsi-
ble organization will establish control of those outsourced functions to achieve the intended
outcomes of the OH&S MS. Controls can include things such as procurement and contractual require-
ments, training and inspections.
Very similar to OSHAS 18001 in detail, the key change is where in OSHAS 18001 it was a ‘procedure’,
in ISO 45001 it now has to be a ‘process’. This is one of the fundamental changes between OSHAS
18001 and ISO 45001. Whilst the introduction of ‘processes’ is a reflection of the alignment to the
HLS, it also reflects that an effective OH&S MS is a continually improving one.
A process is a cycle, it should reflect a PDCA (plan, do, check, act) cycle and not be static. Therefore
ISO 45001 requires processes for consultation and participation, planning, hazard identification,
assessment of risk and operational control.
Management reviews have to consider risks and opportunities and trends in aspects such consulta-
tion and participation of workers to ensure it is happening effectively, which is part of their leader-
ship responsibility
Organisations must establish how their OHS management system fosters a culture of continuous
improvement. Improvement now groups incidents, non-conformances and corrective actions.
Also in this clause is the requirement to eliminate the root cause(s) of incidents and non-conformi-
ties reflecting the overall aim of the standard to prevent injury and ill-health and provide safe and
healthy workplaces?
The standard concludes by underlining the fact that effective OH&S management is not static and
should continually improve and be supported by a proactive culture.
4.3 Determining the scope of the Does the written statement of scope
OH&S management system allow for:
a) The external and internal issues
referred to in 4.1;
b) Requirements referred to in 4.2;
c) The work related activities
performed.
6.1 Actions to address risks and Have the risks and opportunities from 4.1
opportunities been documented and have actions been
defined to take advantage of the oppor-
tunities and mitigate the risks?
Self-Assessment Self-Assessment
questions questions
9.2.1 Internal audit objectives & Have you an audit procedure and
9.2.2 Internal audit process programme?
Do you undertake periodic OH&S
audits?
Does your audit programme determine
audit frequency?
Have you selected and trained an OH&S
audit team?
Have you established a process to keep
records of audit reports?