BS ISO 45001:2018 - IOSH


BS ISO 45001:2018Implementation

BS ISO45001:2018What its not – Certification of ExcellenceNo Grading SystemWhat it is – Process approach to compliance and continual improvement.

Occupational Health & Safety ManagementSystems

Guidance Documents

UpdatesBS OHSAS18001:2007vsBS ISO45001:2018

Annex SLISO 45001:2018, like most other ISO standards, has adopted the Annex SLHigh Level Structure (HLS).Annex SL is designed to simplify integration with other managementsystems like ISO 9001 and 14001 with consistent language and matchingsub-clauses, making it easier for you to build and manage an integratedbusiness management system.

Annex SLcontinuedUnderstanding Annex SL isn't just crucial for ISO 45001 - it's the core of anymodern ISO standard you can expect to accredit to in the future, so youshould start your reading as soon as possible.

The role of the management representativeUnder OHSAS 18001, the operation of the occupational health and safetymanagement system could be delegated by senior management to arepresentative.Under ISO 45001, the role of the management representative is permittedbut strongly discouraged, for 3 main reasons:

The role of the management representativecontinued1. On the other hand, divesting responsibility and buy-in to multipleemployees should be recognised as an opportunity for continuousimprovement2. Most importantly, top management can no longer distance themselvesfrom the operation of the health and safety management system by simplydelegating a representative3. Like all modern ISO standards, 45001 places a strong emphasis onrisk. Investing control of the H&S system in a single employee should berecognised as a risky set-up, particularly for larger businesses

Health and safety cultureClause 5 of ISO 45001 pushes and encourages the incorporation of healthand safety into the broader management system of your organisation.That means senior management are now expected to take a stronger topdown leadership role, driving performance improvements into action andtaking responsibility for the protection of their employees.But what does this mean in practice - EngagementThis can be demonstrated in several ways, including:

Health and safety cultureFrequent management reviews of the health and safety systemperformanceManagement initiating and participating in safety audits, activelycollecting feedback from employees for improvement andcorrective/preventive actionAdequate resources, such as the latest PPE or quality managementtools, being actively invested inIssue-raising, hazard-spotting and constructive suggestions beingencouraged, praised and rewarded

Health and safety culturecontinuedYour transition from OHSAS 18001 to ISO 45001 should be designed toembed health and safety responsibility and engagement as widely aspossible.A natural by-product of the removal of the management representativeposition and greater top-down focus should be a greater proportion of yourstaff understanding how they can support and contribute to a culture ofhealth and safety.

Health and safety culturecontinuedThis goes beyond just training your staff on health and safety proceduresand expecting them to stick to them.Instead, health and safety should be seamlessly part of 'business as usual',with all workers aware of the objectives and advantages of a safe andefficient workplace, and empowered to contribute to it.

Health and safety culturecontinuedA robust health and safety culture should comprise:Integrating your H&S vision into recruitmentGiving staff increased participation and consultation, testing newinitiatives before implementation and building policies around stafffeedback

Health and safety culturecontinuedUtilising your workforce as 'moles', in the habit of flagging risks andopportunities alongside their day-to-day workOpenly sharing accident investigation and enquiry results, as well asplanned changes and developments

Risks, hazards and opportunitiesOHSAS 18001 focused on controlling hazards.ISO 45001 follows the general direction of recent ISO standards byencouraging 'risk-based thinking': a more proactive, flexible and preventativeapproach based on remedying a broader range of risks before theymaterialise.Chapter 6.1 of the standard discusses risks in the same breath asopportunities, encouraging businesses to scope, evaluate and addressopportunities for continuous improvement just as they'd identify and treatrisks. Rather than simply reacting to non-conformances, your HSMS shoulduse them positively to drive your continual improvement cycle.

Risks, hazards and opportunitiescontinuedAnd the influence of Annex SL permeates into the risk focus of ISO 45001 so the context and external influences on your organisation should be asmuch a part of your H&S risk register as a piece of machinery.

Risks, hazards and opportunitiescontinuedFor instance, a regulatory or legal development that prompts you to changean ingredient or step in your manufacturing process might introduce a freshrisk to the workers following that process.ISO 45001 also includes an expanded section on preparing for andresponding to emergency situations.In short, you should go beyond simple pinch points and slip hazards andadopt a more holistic understanding of health and safety risk.

PlanningClosely connected to risk-based thinking is a stronger emphasis on planningand setting objectives.Your H&S objectives should take resource availability, responsible staff,relevant KPIs and timelines into account.And ISO 45001 is more explicit than OHSAS 18001 about formalisingorganisational goals, linking them to health and safety objectives, settingpriorities and establishing documentation.

A new definition of 'health'Health and safety tends to make people think in purely physical terms.And while mental health isn't explicitly mentioned in ISO 45001, thestandard is designed to be flexible enough to map onto your specificcompany needs.So if mental wellbeing is a concern for your business, there are severalareas of ISO 45001 you can leverage for a more integrated HSMSprotecting body and mind.

A new definition of 'health’continuedClause 4.2: the needs of workers and interested parties can include mentalwellbeing, and can be included in your health and safety policyClause as part of your hazard/risk identification, you can nowconsider factors such as employee stress and fatigue and how these mightimpact your business processes and functions

A new definition of 'health’continuedClause 6.2: mental health can be integrated into your H&S improvementobjectives and plans, and tracked as a KPI through mechanisms like annualreviews and satisfaction surveys.Clause 8.1.2: mental health risks can be treated and their residual riskscores lowered like any other risk. For instance, mentally taxing processescan be rotated and divided among employees to prevent excessive stress.

TerminologyOf the 37 terms and definitions included in ISO 45001, only 3 are identical tothose in OHSAS 18001.New definitions include ‘worker’ and ‘workplace’, while 'documents andrecords' are now 'documented information' to reflect the wider focus of a45001 health and safety system

TerminologycontinuedThe following verbal forms are used:a) “shall” indicates a requirement;b) “should” indicates a recommendation;c) “may” indicates a permission;d) “can” indicates a possibility or a capability.Information marked as “NOTE” is for guidance in understanding or clarifyingthe associated requirement.“Notes to entry” used in Clause 3 provide additional information thatsupplements the terminological data and can contain provisions relating tothe use of a term.

Terminologycontinued3.1organisationperson or group of people that has its own functions with responsibilities,authorities and relationships to achieve its objectives (3.16)3.2interested party (preferred term)stakeholder (admitted term)person or organisation (3.1) that can affect, be affected by, or perceive itselfto be affected by a decision or activity

Terminologycontinued3.3workerperson performing work or work-related activities that are under thecontrol of the organisation (3.1)Note 1 to entry: Persons perform work or work-related activities undervarious arrangements, paid or unpaid, such as regularly or temporarily,intermittently or seasonally, casually or on a part-time basis.

TerminologycontinuedNote 2 to entry: Workers include top management (3.12), managerial andnon-managerial persons.Note 3 to entry: The work or work-related activities performed under thecontrol of the organisation may be performed by workers employed by theorganisation, workers of external providers, contractors, individuals, agencyworkers, and by other persons to the extent the organisation shares controlover their work or work related activities, according to the context of theorganisation.

Terminologycontinued3.4participationinvolvement in decision-makingNote 1 to entry: Participation includes engaging health and safetycommittees and workers’ representatives, where they exist.3.5consultationseeking views before making a decisionNote 1 to entry: Consultation includes engaging health and safetycommittees and workers’ representatives, where they exist.

Terminologycontinued3.6workplaceplace under the control of the organisation (3.1) where a person needs to beor to go for work purposesNote 1 to entry: The organisation’s responsibilities under the OH&Smanagement system (3.11) for the workplace depend on the degree ofcontrol over the workplace.

Gap AnalysisIt is important that personnel within each organisation, particularly internalauditors understand the new standard requirements.

Gap Analysis

Context of the organisationContext of the organisation - The context of an organisation refers to the combination of internal and external factors and conditions that can have an effect on anorganisation’s approach to its products and or services. As a result, the design and implementation of your organisation’s occupational health and safetymanagement system will be influenced by its context.ISO 45001Guidance4.1 Understanding the organisationHave the OH&S related internal and external factors been identified that could affect, or be affected by your organisation?and its contextNew RequirementIs this a recurring and repeatable process?Is documented information available (see guidance below)?4.2 Understanding the needs andexpectations of workers and otherinterested partiesNew RequirementGuidance: The standard does not require documented information. However, evidence will need to be provided to yourauditor to provide assurance your organisation is reviewing and regularly updating the external and internal issues that havebeen identified. If documented information is not available, then a number of in-depth face-to-face interviews will be required.Has your organisation determined:1.2.3.The relevant interested parties who can affect or be affected by the OH&S management system?The relevant needs and expectations of workers and other interested partiesWhich of the above needs and expectations are or could become legal and other requirements?Guidance 1: Relevant interested parties must include workersGuidance 2: The comments on documented information in clause 4.1 above are applicable to clause 4.2 also.

Audit evidence – 4.1 Business plan Review of strategy plans Competitor analysis Economic reports from business sectors SWOT analysis Minutes of Meetings Action lists Diagrams, Spreadsheets, Mind mapping diagrams External consultant’s reports

Audit evidence – 4.2i) legal and regulatory authorities (local, regional, national or international)ii) parent organizationsiii) suppliers, contractors and subcontractorsiv) workers’ organizations (trade unions) and employers’ organizationsv) owners, shareholders, clients, visitors, relatives of workers, localcommunity and neighbours of the organization and the general publicvi) customers, medical and other community services, media, academiabusiness associations and non-governmental organizations (NGOs)vii) occupational health and safety organizations and occupational safetyand health-care professionals (for example doctors and nurses).

Context of the organisationContext of the organisation - The context of an organisation refers to the combination of internal and external factors and conditions that can have an effect on anorganisation’s approach to its products and or services. As a result, the design and implementation of your organisation’s occupational health and safetymanagement system will be influenced by its context.ISO 45001Guidance4.3 Determining the scope of theIs the scope of the OH&S management system defined and documented?OH&S management systemWhen defining the scope have you:A.B.C.Considered the internal and external issues?Taken into consideration legal and other requirements?Taken into account planned or performed work related activitiesBoth standards require definition of OH&S management system scope; only ISO45001 elaborates requirements for thescope in more detail. Documenting the scope of the OH&S management system is required by both standards.Guidance 1: The scope should not be used to exclude activities, products or services that have or can impact yourorganisations OH&S performance or to evade legal and other requirements. The scope is a factual and representativestatement of your organisation’s operations included within the OHSMS boundaries that should not mislead interestedparties.Guidance 2: Your auditor will gather evidence that the scope has been correctly defined and considers context andapplicable legal and other requirements and your organisations activities, products and services. Auditors will also evaluatethe accuracy of the scope to ensure that it does not mislead interested parties.

Audit evidence – 4.3 Outsourcing Logistics Multiple sites Service centres

And ISO 45001 is more explicit than OHSAS 18001 about formalising organisational goals, linking them to health and safety objectives, setting priorities and establishing documentation. A new definition of 'health' Health and safety tends to make people think in purely physical terms. And while mental health isn't explicitly mentioned in ISO 45001, the standard is designed to be flexible enough .