ISO 14001- The Salient Points
ISO 45001:2018 Occupational health and safety standard
Every year, millions of workers are killed or injured globally from work-related accidents and many more die from work related ill health or suffer from the effects of ill health conditions. Organizations worldwide recognized the need to provide a safe and healthy working environment to reduce the likelihood of incidents and to actively managing risks. Many countries, including the Nigeria, and the International Labour Office had previously established systems approaches to the managing of occupational health and safety. However, there was a growing worldwide need to harmonize health and safety management systems using a clear and agreed international standard, which shared best practices. This would assist both developed and developing countries alike. It would also enable international organizations to work to a minimum harmonized standard globally and demonstrate international conformity.
Although in many cases conformity with ISO 45001 will remain a voluntary matter, the availability of this well- conceived structure for an effective occupational health and safety management system will assist in setting a benchmark for success and to drive down risks in the workplace and harm that they cause.
POTENTIAL BENEFITS OF ISO 45001
It will help organisations provide a safe and healthy workplace for workers and other people, as well as continually improve their OH&S performance. Organisations who conform to ISO 45001 will also improve their resilience by ensuring they can anticipate, assess and prepare responses to risks, allowing them to adapt to changes so they continue to survive and prosper.
ISO 45001 brings occupational health and safety management and continual improvement into the heart of an organisation. This new standard is an opportunity for organisations to align their OH&S management system with their strategic direction. In line with good practice expectations, top management leadership of health and safety is a significant aspect of ISO 45001. Reflecting the goals of many organisations, there is an increased focus on continually improving occupational health and safety performance in the standard.
By implementing the standard you could:
• Demonstrate corporate responsibility and meet supply chain requirements.
• Ensure your OH&S management is aligned with the strategic direction of the organisation.
• Improve integration with other management systems.
• Improve occupational health and safety performance.
• Eliminate hazards or minimise OH&S risks.
• Reduce work related injuries, ill health and death.
• Increase involvement of the leadership team.
• Motivate and engage workers through consultation and participation.
• Establish (or improve) a positive the health and safety culture.
Organisations, and the top management running them, can get the benefit of knowing that they have deployed the well-conceived international standard for OH&S to date and that it provides an opportunity for third party recognition and certification.
This will go a long way to provide clients/customers of the organisation, insurance companies, employees and legal regulators that the organisation takes health and safety seriously and wants to manage it in a structured and systematic way. It will also demonstrate a commitment to continual improvement encouraging those that work with and for the organisation that they will strengthen what they are doing and manage risks in a positive way over time. Organisations who have a strong commitment to corporate social responsibility will be attracted to this globally recognised OH&S standard.
Conformity with this new international standard is easier than many previous local health & safety standards as it is much less prescriptive. In addition, ISO 45001 is based on the new ISO High Level Structure (HLS) for management system standards (Annex SL) which uses criteria which is the same as other standards, for
example ISO 9001:2015 and ISO 14001:2015.
This means that the process of establishing an OH&S
ISO 45001 brings occupational health
and safety management and continual improvement into the heart of an organization.
management system for those organisations that have other similar management systems in place should be easier as many of the processes in place can be realigned to include OH&S. For those that have not adopted quality or environmental standards implementing ISO 45001 to manage the critical risks of OH&S will make it easier to incorporate ISO
9001:2015 and ISO 14001:2015 into their core
For those organisations who have OH&S management systems conforming to OHSAS 18001:2007 they will notice some significant differences with ISO 45001. There is far greater emphasis on leadership and worker engagement (consultation and participation) in critical aspects related to the OH&S management system and its processes.
Additionally, determining and understanding the context of the organisation and the related risks that need to be managed as part of the business risks are new concepts not covered in OHSAS 18001.
There is an increasing awareness of mental health and wellbeing, which has been reflected in the standard. This could be a challenge to tackle for some organisations that have a narrow view of health and safety matters. Work-related health has become the top current issue in the UK, in part due to the success in managing safety issues, which has resulted in a reduction in deaths from safety related causes. Despite this success many more people die in the UK, and globally, due to work-related health conditions. Many deaths are from long-term exposure and appear in later years. There is therefore currently a refreshed focus on health harm prevention, including in the ISO 45001 standard. The standard includes an interest in a range of health hazards, including the identification of social factors related to the organization’s activities that could lead to ill health conditions, such as stress.
A principle requirement of ISO 45001 is for managers to take a more active and personal involvement in the management of OH&S in their organisation. Depending on the present level of management engagement and the prevailing culture of the organisation, occupational health and safety managers may need to get more ‘buy- in’ from managers, including top management if implementation of ISO 45001 is to be successful. Without such ownership and commitment from top management the necessary culture for ongoing improvement is unlikely to be achieved.
When conforming to ISO 45001 requirements management needs to take a bigger role in managing occupational health and safety issues. The focus of ISO 45001, is all about prevention, not cure – taking a proactive approach. Managers need to recognise the potential occupational health and safety issues in the work that they manage, long before they cause significant harm and the organisation is forced to deal with them retrospectively.
ISO 45001 utilises the Plan-Do-Check-Act (PDCA) cycle (see Figure 1), which shapes the OH&S management system and can be applied to all processes within the system to achieve continual improvement. The PDCA cycle can be applied to the OH&S management system and to each of its individual elements, as follows:
• Plan - determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities taking into account issues identified in clause 4, establish OH&S objectives and processes necessary to deliver results in accordance with the organisation’s OH&S policy;
• Do - implement the processes as planned;
• Check - monitor and measure activities and processes with regard to the OH&S policy and objectives, and report the results;
• Act - take actions to continually improve OH&S performance to achieve the intended outcomes of the OH&S management system.
CLAUSE 4: CONTEXT OF THE ORGANISATION.
Clause 4 establishes the context of the organisation in relation to the OH&S management system. This is a very important aspect and sets the basis for the management system. It requires the organisation to identify and understand the external and internal issues relevant to its purpose and that affect the intended outcome(s) of the OH&S management system. The supporting annex to the standard provides guidance on some of the issues that might need to be considered when determining the context of the organisation.
It should be noted that the term ‘issue’ covers not only problems or potential problems, but also important matters for the system to address, such as changing technology, specific legal requirements, employment/contracting relationships, governance requirements and industry good practice.
Organisations need to identify and take into account the needs and expectations of interested parties relevant to their OH&S management system. Interested parties are more specifically explained in the annex to ISO
45001, referring to workers (which is potentially much wider than employees) and other interested parties
(including worker representatives, regulatory authorities, customers, owners, financial stakeholders, clients, local community and visitors). This is a comprehensive aspect of establishing the OH&S management system and should not be considered lightly.
The scope of the OH&S management system has to be determined, taking into account the context. The scope is intended to clarify the boundaries to which the system will apply, especially if the organisation is part of a larger organisation. For those organisations that have more complex contracting or other working arrangements, establishing the context is an important aspect as it sets out the organisations perspective of the extent of its activities that the management system is designed to affect. The remaining requirement of Clause
4 is to establish, implement, maintain and continually improve the OH&S management system in accordance with the requirements of the standard. This is where the real work starts. It is important to remember that it is not a requirement that the OH&S management system be structured in the same order as the standard, organisations are free to create a management system architecture that best suits the simplicity or complexity of the organisation. The organisation would need to be in a position to demonstrate how their system meets the requirements of the standard.
CLAUSE 5: LEADERSHIP AND WORKER PARTICIPATION
It is worth noting that leadership and worker participation have been placed together in the same clause, reflecting the fact that creating an effective OH&S management system requires the combined efforts of a range of people in the organisation, not just a health and safety specialist. This represents a significant movement forward from OHSAS 18001, in which more reliance was placed on the efforts of middle management and the OH&S specialist.
This clause places specific and comprehensive requirements on ‘top management’, those who direct and control the organisation at the highest level. That is to say, at the highest level within the defined scope of the OH&S management system. If the organisation is part of a larger organisation, but the management system scope is limited to a subsidiary organisation, ‘top management’ refers to the subsidiary organisation. Top management must take ownership of and overall responsibility/accountability for the protection of their workers’ health and safety and additionally, develop, lead and promote a culture that supports the OH&S management system.
The annex to the standard further elaborates - “a culture that supports an organisation’s OH&S management system is largely determined by
There is an increased focus on improving
occupational health and safety performance and culture.
David Smith, Chair of ISO 45001 Development Committee
top management and is the product of individual and group values, attitudes, managerial practices, perceptions, competencies and patterns of activities that determine the commitment to, and the style and proficiency of, its OH&S management system”. Top management need to be personally involved and demonstrate leadership and commitment with respect to the system.
This aspect may prove challenging to some organisations, including those that hold OHSAS 18001 certification as top management leadership and commitment in ISO 45001 must meet thirteen specific requirements. As the management system’s effectiveness and certification of conformity is dependent on meeting these requirements top management ‘buy in’ is essential and their commitment to these requirements is important before the organisation progresses too far with implementation.
Further areas where the specific input of top management is detailed include:
• Ensuring that the requirements of the standard are integrated into the organisation’s processes.
• Ensuring that the policy and objectives are compatible with the strategic direction of the organisation.
• Establishing the OH&S policy. (Although the standard defines the requirements that it must fulfil the OH&S policy can be constructed and written in the way that suits the organisation and the top management who are committing to it).
• Ensuring that the importance of effective OH&S management is communicated and understood by all parties.
• Ensuring the OH&S management system achieves its intended outcomes.
This clause requires top management to providing resources, supporting people in making the system effective and to promoting continual improvement.
“The way the standard is written – following Annex SL, which is the framework of quality and environmental standards – makes a big point about leadership and commitment. Health and safety require a lot of leadership and commitment.”
David Smith, Chair of ISO 45001 Development Committee
Top management need to commit to protecting workers from reprisals when reporting incidents, hazards and risks, as well as establishing processes for consultation and participation of workers.
This clause requires that health and safety responsibilities and accountabilities for relevant roles within the system are assign at all levels and communicated. The standard sets out detailed requirements for consultation and participation of workers, these are more comprehensive than those contained in OHSAS 18001 and may lead to an overhaul of an organisation’s approach to the engagement of workers. It should be remembered that workers means more than just employees.
CLAUSE 6: PLANNING
Planning was a specific requirement within OHSAS 18001 and is similar to the new ‘Planning’ clause in ISO
45001. However, ISO 45001 extends this with a requirement that the planning part of the OH&S management system established to conform with ISO 45001 takes full account of the issues determined when meeting Clause
4 ‘context of the organisation’ and includes consideration of opportunities as well as risks.
It is also important that planning is seen as an on-going, proactive process that anticipates changing circumstances, continually determining risks and opportunities for improvement. The initial part of this process will be familiar as it involves the identification of hazards, including at the conceptual design stage of workplaces, facilities, products or the way activities are organised. This will include consideration of routine and non-routine activities as well as the range of people that may be affected, for example, workers, contractors, visitors and others not under the direct control of the organisation. A particularly discernible difference is that the ISO 45001 standard sets out comprehensive aspects that the process must fulfil, including consideration of human factors and social factors like workload, work hours, victimisation and bullying. This marks a specified shift from consideration of traditional safety hazards and will lead organisations to consider the causes of wider harm, such as stress.
This clause recognises the importance of legal requirements that might affect obligations to assess and control risk or to manage health and safety in a particular way, also an aspect of OHSAS 18001. Organisations are required to establish a process to determine and update legal and other requirements (e.g. customer, client or contracted requirements) which are applicable to its hazards, OH&S risks and OH&S management system.
A separate and specific requirement is to plan actions to address risks/opportunities and legal/other requirements as well as plans to prepare for and respond to emergency situations. There is also an expectation to plan how to integrate these actions into OH&S processes and, importantly, evaluate their effectiveness. Another important requirement of this clause is the need to establish and plan to achieve OH&S objectives which are measurable or capable of evaluation. The purpose of effective OH&S objectives is to demonstrate maintenance and continual improvement to the OH&S management system. The objectives will need to be set at relevant levels of the organisation and can be strategic, tactical or operational in nature.
CLAUSE 7: SUPPORT
It is important that objectives do not just remain good intentions. The requirements of clause 7 – Support, details what actions the organisation will need to take to support the delivery of the OHS system. As those who have experience of managing health and safety will know, objectives meet many barriers if they are not resourced.
Clause 7 requires the organisation to determine and provide resources to support the establishment, implementation, maintenance, and continual improvement of the OH&S management system. This critical requirement covers all OH&S resource need, including human resources, infrastructure and financial resources.
Other important support requirements relate to competence, awareness and communication. Organisations will need to formally determine the necessary competence of workers (at all levels) that affect or can affect OH&S performance and ensure they receive the appropriate education and training to meet these needs. Within this clause there is a requirement to retain documented information as evidence of competence.
Organisations also need to ensure that all workers (at all levels) are aware of the OH&S policy, OH&S objectives, the OH&S hazards and risks that are relevant to them and their contribution to the effectiveness of the system, as well as the implications of not conforming to system requirements. This is an important extension to those requirements for awareness set out in OHSAS 18001. As would be expected when establishing effective management of health and safety, organisations also need to have a communication process to determine internal and external communications relevant to the OH&S management system.
Finally, this clause refers to requirements for ‘documented information’, which is a new term that replaces the references in OHSAS 18001 to ‘documents’ and ‘records’. This includes the creation, updating and control of documented information. The requirements are similar to those in OHSAS 18001 for the control of documents and records.
CLAUSE 8: OPERATION
This clause focuses on the ‘do’ part of PDCA cycle, the implementation of the actions identified in previous clauses. Operational planning and control of processes need to be established as necessary to enhance health and safety, by the elimination of hazards and reduction of OH&S risks. Operational control of processes can include a variety of methods, for example, procedures, method statements, systems of work, preventative maintenance regimes, inspection programmes and engineering or administrative controls, such as a permit to work.
Clause 8 specifies a hierarchy of controls for a systematic approach to the elimination of hazards and reduction of risks. This will be familiar to those who have received basic health and safety education – eliminate, substitute, engineering controls, administrative controls and finally, personal protective equipment.
This clause also sets out a required approach to the management of change. Change needs to be planned for in a systematic manner, to prevent the introduction of new hazards or risks. Importantly, at times of proposed changes to processes organisations will need to identify opportunities to reduce OH&S risks or create improvements to the effectiveness of the OH&S management system.
Procurement and outsourcing feature as specific issues in ISO 45001, requiring the organisation to establish processes to ensure that procured goods/services and outsourced functions/processes are controlled and they conform to the requirements of the OH&S management system. As part of procurement controls, contractors will need to be specifically considered as their activities can involve different types of hazard and levels of OH&S risks. The organisation must ensure that the requirements of its OH&S management system are met by its contractors and their workers. Procurement and contractors are considered in more detail in ISO 45001 than in OHSAS 18001 and outsourcing has been brought within scope of the OH&S management system.
Processes relating to the control of emergency preparedness and response also feature in significant detail in this clause.
CLAUSE 9: PERFORMANCE EVALUATION
Performance evaluation covers many of the areas previously featured in Clauses 4.5 and 4.6 in OHSAS 18001, although requirements for incidents, nonconformity and corrective action have been moved to Clause 10 of ISO
With the new standard in place, organizations will find it easier to incorporate their OH&S management system into core business processes and get more involvement from senior
This clause requires the organisation to be active in various aspects of performance evaluation:
Monitoring, measurement, analysis
Evaluation of compliance
This establishes a comprehensive range of performance evaluation. Organisations will need to determine what information they need in order to evaluate OH&S performance and
effectiveness. This will help them to identify what specifically needs to be measured and monitored, who is going to do it, when and how it will be done.
As in OHSAS 18001 requirements for internal audit and management review are specified. One notable inclusion in the inputs for the management review is the adequacy of resources for maintaining the effectiveness of the OH&S management system. The frequency of monitoring and measuring will need to be appropriate to the risk and its performance, as well as the size and nature of the organisation. It is worth noting that documented information that provides evidence of this must be retained.
CLAUSE 10: IMPROVEMENT
The first requirement in this clause is a general one to determine opportunities for improvement and implement actions. This is a proactive requirement to make improvements. Notwithstanding this, if incidents or nonconformities occur there is a requirement in Clause 10 to react to them and take action in a timely manner.
Health and safety professionals will be pleased to note that consideration of corrective action to eliminate root causes is referred to specifically. This will need to be done with the participation of workers and involvement of other relevant parties, which might challenge the approach taken by some organisations where investigations have been led by health and safety professionals to the exclusion of workers and managers. An additional requirement is to determine whether similar incidents or nonconformities exist, or could potentially occur, and the implications to existing risk assessments, potentially leading to appropriate corrective actions across the whole organisation if necessary.
Due to the revised approach of the standard, there are no preventive action requirements in this clause, unlike in OHSAS 18001. However, the current perspective is that corrective actions to the management system will be preventive in nature, as would the current requirement to determine similar incidents or nonconformities could potentially occur.
The requirement for continual improvement has been extended to continually improve the suitability, adequacy and effectiveness the OH&S management system through:
Promoting a culture that is supportive of the OH&S management system.
Promoting worker participation.
Communicating the results of continual improvement.
MAIN THEMES OF ISO 45001
Context of the
organisation Provides a greater understanding of the important issues that can affect, positively or negatively, the
way the organisation manages its OH&S responsibilities. The needs and expectations of “interested parties” (or stakeholders) – those individuals and organisations that can affect, be affected by, or perceive themselves to be affected by the organisation’s decisions or activities – have to be considered.
Scope The boundaries for the system’s scope are determined by the organisation’s context – recognising that it is not acceptable to subcontract your risk without exercising a duty of care.
representative Compared with previous standards, the role of ‘management representative’ has been removed, in
order to develop wider ownership of health and safety. All managers need to be able to demonstrate
their own commitment to occupational health and safety. ISO 45001 is not just about accidents at work but includes focus on ill health; issues such as stress can affect all parts of an organisation.
Leadership Managers are required to demonstrate leadership and commitment to the occupational health and safety management system. This includes developing and promoting a culture to protect workers.
This requires specific top management engagement to demonstrating leadership, commitment and promoting a positive culture that supports the intended outcomes of the OH&S management system.
Worker engagement Organisations are required to establish consultation and participation processes with workers, to identify and remove hazards and risks. Compared with OHSAS 18001 much more detail is required about considering their needs and expectations, then deciding whether these need to be addressed within the system. There is also a significantly increased focus on the involvement of workers.
ISO 45001 has enhanced requirements regarding worker involvement, including consultation and participation in relation to the establishment and implementation of the OH&S management system.
Definition of worker The worker includes top management and contractors. All are subject to risk when undertaking their day-today activities, and it is not acceptable to use external resources without ensuring that the requirements of its occupational health and safety management system are met by contractors and their workers.
Risk-based thinking and process approach There is no reference to preventive action. The organisation must show that it has determined, considered and, where necessary, taken action to address any risks and opportunities that may impact the occupational health and safety management system’s ability to deliver its intended outcomes. ISO
45001 includes risks and opportunities relating to the management system as well as
OH&S risks & OH&S opportunities.
Preventing ill health and injury An organisation must take into account factors that could cause injury and ill health (including occupational disease). This includes the mental and cognitive condition, as well as the physical condition of workers. Causes of ill health and injury can be immediate (e.g. accidents) or long-term (e.g. stress or repeated exposure to harmful substances).
Operational planning and control Compared with OHSAS 18001, there are more detailed requirements in relation to hierarchy of controls, management of change, outsourcing, procurement and contractors.
Performance evaluation Measurement of OH&S operations that can have an impact on legal requirements, operational controls, risks, opportunities & performance and progress towards objectives.
Evaluation of compliance Compared with OHSAS 18001, there are more detailed process requirements including maintaining knowledge and understanding of its status of compliance.
Review Compared with OHSAS 18001, there are more detailed requirements relating to inputs and outputs of the review.
Incident, non- conformity and corrective action Compared with OHSAS 18001, there are more detailed process requirements and preventive action now replaced by risk approach.