In the past several years, companies and top executives have been held legally responsible for their workers health and safety. Chief executives of companies have been convicted, fined and even given prison sentences due to preventable accidents or exposing their workers to hazardous conditions through negligence. Most companies realize their responsibility to ensure the safety of their workers and anyone affected by what they produce, or how they produce it. In a perfect world, every worker would return home from work healthy and safe every day. Unfortunately, we do not live in a perfect world. Accidents happen, people are injured, become ill, or even sometimes die due to inadequate health and safety systems. According to U.S. Department of Labor statistics, there were roughly 2.9 million nonfatal workplace injuries and illnesses reported in the United States in 2016, which is 2.9 percent, or equivalent to approximately 3 out of every 100, full time workers. Statistics also indicate that worldwide there were approximately 313 million accidents and 2.3 million work related deaths during this same period. As a responsible society, we must seek out ways to reduce these numbers. In the United States, we have OSHA regulations regarding occupational health and safety. In addition, there is the British OHSAS 18001 standard adopted by multiple organizations. However, neither is a truly international standard. In March of 2018, ISO (the International Organization for Standardization) released the ISO 45001 standard for occupational health and safety management systems. The International Organization for Standardization has speculated that their new ISO 45001 will replace OHSAS 18001 as the definitive occupational health and safety standard within the next few years.
ISO 45001 is an International Standard establishing requirements for occupational health and safety management systems, including guidance for application of the standard. The standard defines methods for organizations to improve their Occupational Health and Safety (OH&S) performance by taking proactive steps to prevent worker injuries and poor health and provide a safe and healthy workplace. The standard includes sections addressing the context of an organization, and for planning, supporting, operating and evaluating a robust OH&S management system. ISO 45001 methodology utilizes the PDCA (Plan, Do, Check, Act) process that has been used for decades to improve product and process quality. The standard explains how to use the same proactive approach towards managing and improving worker health and safety. Currently in many organizations the OH&S duties are the responsibility of a mere few or in some cases one individual. ISO 45001 sets itself apart from other health and safety standards in multiple ways:
- Company leaders are required to consult with non-managerial workers or their representatives. Leaders need to demonstrate that they are actively involved in the integration of the OH&S system.
- The ISO 45001 standard is more process-based rather than procedure-based. It incorporates the identification of risk and opportunities for improvement and includes participation and feedback from all interested parties.
- ISO 45001 allows for occupational health and safety to be easily integrated with other management systems throughout the organization, eventually becoming part of the company’s identity.
- Prevention is emphasized rather than reaction. Prevention must become a fundamental requirement of the OH&S management system.
- When incidents do occur, compliant organizations should determine why the incident occurred and act to assure it does not re-occur. The management system should drive and encourage a continual improvement cycle and culture within the organization.
The new ISO 45001 Occupational Health and Safety standard provides organizations with a single, clear, focused approach to improving their OH&S performance. The standard enables organizations to provide a safer and healthier workplace for employees and visitors. Organizations must strive to identify and mitigate risk factors that could negatively affect not only safety, but includes all aspects of a person’s physical and mental health and well-being. ISO 45001 is a comprehensive standard that appears to cover all the bases for development of an effective Occupational Health and Safety Management System.
ISO 45001 is a new and distinct standard, not a revision or update. The ISO 45001 Occupational Health and Safety standard is the first genuinely international OH&S standard. It is one of the most highly anticipated standards in the world, and is poised to significantly improve levels of workplace safety. Implementation of the standard will require dedication and support from organizational leadership. Whether you are a business owner, manager, or worker you likely share a common goal: you want everyone to return home safe and healthy at the end of the day.
Beyond the moral and legal responsibilities involved, in order to remain competitive in a world marketplace, companies are looking for ways to reduce cost. One cost being scrutinized is the cost of workplace injuries and illnesses. Implementation of an ISO 45001 compliant OH&S management system can enable an organization to systematically improve their occupational health and safety performance. ISO 45001 methodologies promote:
- Increased awareness of health and safety risk associated with their business
- Development of OH&S policies and processes including setting OH&S objectives
- Workers playing an active role in identifying OH&S risk and driving improvement
- Instituting controls to manage OH&S risk including any regulatory or legal requirements
- Evaluation of OH&S performance and taking a proactive approach towards improvement
The successful implementation of an effective OH&S management system using ISO 45001 methods can gain an organization the recognition and reputation of being a safe place to work. In addition, the implementation of a robust OH&S management system should result in a reduced number of incidents, employee absenteeism, employee turnover, reduced downtime and reductions in insurance premiums.
When to Implement ISO 45001
There are over 100,000 organizations certified under the current OHSAS 18001 British occupational health and safety management standard. When their certifications expire, they will be re-certifying under the new ISO 45001 standard. Organizations currently struggling with health and safety issues or ones desiring to reduce the expenses and possible litigation resulting from workplace injuries would benefit from implementing ISO 45001. Obviously, the simple act of implementing a standard will not improve workplace conditions. The dedication of leadership, worker involvement and the robustness of the OH&S management system play a much larger role in improving occupational health and safety. In today’s world marketplace, organizations are becoming more aware of and concerned with whom they conduct business. In many situations, the parent corporation must certify companies in order to become a supplier of materials, components or assemblies. Part of the certification often includes a review of the facility, product quality, process capability and working conditions. Now is the time to consider how ISO 45001 can benefit your organization.
Implementation of ISO 45001 and subsequent certification is going to require time, resources, commitment and full support of the management team. There are 10 main sections of the standard. The first 3 cover the scope of the document, normative references (of which there are none) and terms and definitions that are applicable to the standard. The remaining seven sections concentrate on the contents and requirements for an OH&S management system to comply with the new standard. As stated previously, the management system approach detailed within the standard is based upon PDCA (Plan Do, Check, Act) methodology that has been used to successfully improve manufacturing processes for decades.
At the core of the ISO 45001 OH&S standard is the requirement for top management to be accountable for worker health and safety and committed to the success of the OH&S system combined with worker participation at all levels of the organization. The plan must include not only the identification of risks and opportunities, but also a process to address them with clearly defined objectives. Top management must provide adequate resources for the development, implementation and support of the OH&S management system. Additionally, the system must include processes for monitoring and evaluating performance including internal auditing and management reviews. Furthermore, the organization must establish processes to report, investigate and act to address incidents, and prevent their recurrence and promote continual improvement of the OH&S management system. The following paragraphs will give a brief description of the seven sections that make up the body of the ISO 45001 standard.
Section 4 – Context of the Organization
In determining the structure of the OH&S management system, the organization must consider the internal and external influences to the organization and their possible impact on the success and effectiveness of the OH&S management system. These influences come in many forms, including but not limited to the following:
- Regulatory Agencies
- Community / Society
- Stockholders / investors
- Business Partners
The organization must also understand and consider the needs and expectations of the workers and others affected by their activities. Organization should also consider which of the worker’s needs or expectations may be or become regulatory requirements. In addition, the organization must determine the scope or boundaries of the management system while considering the context of the business, worker’s needs, and the products, services and other activities that could affect the effectiveness of the OH&S management system.
Section 5 – Leadership and Worker Participation
The ISO 45001 standard directs the leadership of an organization to take overall responsibility and accountability for worker’s health and safety. Roles and responsibilities are to be assigned, communicated and documented at all levels of the organization. In addition, the leadership of the organization is required to assign responsibility and authority for ensuring that the OH&S management system conforms to ISO 45001 requirements and reporting the performance of the OH&S system to management.
The standard requires that leadership establish an OH&S policy. Policies are principles or guidelines adopted by an organization in order to reach its goals. Therefore, this would suggest that organizations should provide and document the principles and guidelines for establishing their OH&S management system. According to the standard, the policy should also provide a framework for establishing the objectives of the management system. The standard requires that the policy be documented, communicated throughout the organization, be available for review by interested parties, and be relevant and appropriate to the function and objectives of the OH&S management system and the organization. In addition, ISO 45001 includes several requirements for the content and purpose of the OH&S policy. The required content includes a written commitment by leadership to:
- Fulfill all legal and other requirements
- Eliminate hazards and reduce risk
- Promote continual improvement of the OH&S management system
- Consult with workers and gain their active participation
Worker Consultation and Participation
Consultation and participation of workers at all applicable levels is also the responsibility of the organization’s leadership. The standard advocates that organization leaders, workers and workers representatives when applicable shall work together in the development and continuous improvement of the OH&S system. The cross-functional approach is encouraged, as the standard requires that the organization establish processes for consulting workers and getting them actively involved in the process. Through incorporation of cross-functional teams, multiple viewpoints and experiences are shared, allowing for increased identification of risks and opportunities.
Section 6 – Planning
There are particular items that top management in the organization must consider when planning for the development and implementation of an OH&S management system in order to comply with ISO 45001. These include the previously mentioned context of the organization, the interested parties, and the scope of the management system. Planning must also include the development of processes to ensure the OH&S management system is capable of achieving its objectives. Furthermore, management must implement plans to prevent or reduce undesirable effects due to the implementation of the OH&S system, and bring about continual improvement of the health and safety of the workers at all levels of the organization.
Hazard Identification and Assessing Risks and Opportunities
To meet the ISO 45001 standard, an organization must establish and maintain a proactive process for identification of possible hazards to the workers and others that may have access to the workplace including contractors, suppliers and other visitors. Issues that the process must consider include but are not limited to:
- Work Area Design / Layout (5S)
- Routine Activities
- Product Design
- Process Design
- Machinery and Equipment
- Operating Procedures
- Personnel who may have access to the work area
- Possible Emergency Situations
Furthermore, the hazard identification process must include consideration of workers health and safety while at a location not directly controlled by the organization, such as a supplier or customer’s facility.
In addition to identifying hazards, the organization must implement and maintain processes for risk assessment and identification of opportunities for improvement. The organization must assess risks from any identified hazards and identify opportunities to eliminate or reduce risk. This includes risks and opportunities related to the workers’ health and safety and to the success of the OH&S management system. Risk = Severity (How Bad Is It) X Occurrence (How Often or How Likely the Hazard is to Occur).
In addition, the organization must assure that they have a thorough understanding of any legal or regulatory requirements that may apply to their organization or to the OH&S management system. Plans for addressing legal requirements and addressing risks and opportunities are to be implemented during the development of the OH&S management system.
Setting and Planning to Achieve OH&S Objectives
ISO 45001 requires the establishment of goals or objectives for the proper maintenance and continual improvement of the OH&S management system and the OH&S performance within the organization. The objectives must align with any OH&S policy, be measurable, monitored, communicated and updated on a regular basis. When developing plans for achieving objectives the organization must identify What, Who, When and How, which may include:
- What are the objectives
- What resources are required
- Who is responsible for carrying out the plan
- When will the objective be completed
- How the results will be measured and monitored
- How can the results be shared and integrated into the culture of the organization
All OH&S management system plans and objectives along with any measurable data or results shall be documented and retained by the organization.
Section 7 – Support
The success of any new initiative or management system is dependent upon the amount and quality of the support it receives within the organization. The new standard requires that the organization identify and provide adequate resources for establishing, implementing, maintaining and continually improving the OH&S management system. Resources could include adequate personnel, equipment and proper infrastructure to support the OH&S initiatives. The competence of the workers in the performance of their duties and their capability of identifying hazards should be reviewed and documented. The documentation may be in the form of appropriate education, experience or formal training.
The workers shall be made aware of all OH&S policies and objectives and understand their contribution to the success of the OH&S system. In addition, the workers shall be provided information regarding:
- Possible implications of not adhering to the OH&S policies
- Their expected contribution to the success of the OH&S system
- Incidents and the results of subsequent investigations applicable to their job or work area
- Identified hazards and subsequent actions applicable to their job or work area
In addition, the workers shall be made aware of their right to remove themselves from any work situation that may present imminent and serious danger to their health. They must also be provided information concerning any arrangements or policies established for protecting them from any retribution for reporting or removing themselves from a hazardous situation.
Proper communication is essential for assuring the effectiveness of an OH&S management system. The standard requires that processes be established for internal and external communication of information regarding or relevant to the OH&S management system. The organization should determine:
- What information will be communicated
- When shall it be communicated
- Who should be included in the communication
- How to, or the method of communication
The organization’s diversity should be considered when developing the communication plan. Including but not limited to language, culture, disability, etc. In addition, the organization should consider any relevant legal requirements and ensure that all information communicated is reliable and consistent with the OH&S management system policies and procedures.
The new standard requires that the OH&S system and all information required by the standard be documented and controlled. Documents should follow an internally agreed upon standard format. Changes or updates to documents should be identified, traceable and reviewed by the appropriate stakeholders for suitability and adequacy. Documentation relevant to the standard shall be controlled to ensure it is available for use where and when required, and the content protected to prevent loss of confidentiality or miss-use. The process for controlling the documents shall address the proper access, distribution, revision control, storage, retention and eventual disposition of the documents.
Section 8 – Operation
Operational Planning and Control
Within the operation section of the standard some of the information and requirements may seem repetitive by stating that the organization shall implement, maintain and control the processes required by the standard. This includes establishing criteria for the various processes, implementing controls of the processes, and maintaining and retaining documentation. The organization is not just responsible for establishing, implementing and maintaining a process for the elimination of hazards and reduction of risk as described in section 6 of the standard. The organization is required to proactively seek out possible hazards and develop corrective actions to address the hazard. The operation section of the standard includes a hierarchy of controls:
- Eliminate the hazard
- Replace with a less hazardous process, operation, material or equipment
- Utilize engineering controls or reorganization of work
- Utilize administrative controls such as special training
- Provide adequate PPE (Personal Protective Equipment)
The best course of action is always to eliminate the hazard if possible. Unfortunately, eliminating the hazard is not possible in all situations. Therefore, alternative measures must be taken to reduce the risk to the worker or others that may be affected.
Change management is also addressed. Changes could result from the implementation of permanent or temporary changes that may affect the performance of the OH&S management system or the health and welfare of the workers. Some of the examples mentioned are as follows:
- New Products, Services or Processes
- Changes to Products, Services or Processes
- Changes to legal or regulatory requirements
- Increased knowledge of hazards and OH&S risk
- New developments in technology
The organization is required to review any possible consequences of intentional or unintended changes and take appropriate action to address any possible hazards or risk. In addition, the requirements of the new standard extend to cover procurement activities including possible hazardous materials, outside contractors and outsourcing of processes and functions. The organization must consider any impact that the contractor’s activities may have on the workers, the workplace environment and others in the workplace. Another interesting item found in the standard pertains to procurement functions. According to the standard, organizations must ensure that outsourced functions and processes are controlled, consistent with legal requirements and align with the intended outcome of the OH&S management system.
Emergency Preparedness and Response
Emergencies in the workplace can come in many forms. Today organizations must be prepared for more than possible severe weather such as tornadoes and hurricanes or accidents and fires within their facility. Organizations must consider other types of emergencies. For example, many organizations are instituting active shooter response training. ISO 45001 OH&S requires organizations to establish and maintain emergency preparedness and response processes. The processes must include:
- Emergency response training
- Periodic testing and exercises to demonstrate response capability
- A method for evaluating performance of the processes
- Communication of relevant information to workers, visitors, emergency response services, etc.
Furthermore, the organization must maintain and retain documented information regarding the processes and emergency response plans.
Section 9 – Evaluating Performance
When implementing any new process or standard there must be a method to measure progress or effectiveness. There is an old adage that states, “If you can’t measure it, you can’t control it.” The same is true for the new ISO 45001 standard, as it requires organizations to establish methods to monitor, measure and analyze performance of the OH&S management system. Performance evaluation falls within the “Check” portion of the PDCA process. Organizations must determine what shall be monitored and measured. This could include the following items:
- Compliance to legal and regulatory requirements
- Activities to identify and address hazards
- Progress towards meeting the objectives of the OH&S management system
- Effectiveness of operational processes and controls relative to the OH&S system
The organization should determine the criteria by which the performance of the OH&S system shall be evaluated. The performance criteria should be expressed in measurable terms. An internal auditing process must also be developed and implemented. Audits should be scheduled at designated intervals to ensure the OH&S system is meeting internal, legal or regulatory requirements and the requirements of the ISO standard. In addition, the organization must retain documented evidence of the OH&S management systems evaluation results. Leadership of the organization must schedule regular meetings to review the performance of the OH&S system. Some topics to be reviewed include but are not limited to:
- Status of actions from previous reviews
- Number of incidents and any trends seen though the auditing process
- The adequacy of resources to ensure success
- Opportunities for continual improvement
- Any changes in legal or other requirements
- Any actions needed to support the growth and further development of the OH&S
Management should report any relevant information resulting from the reviews to workers and other interested parties. The organization shall also retain documented records of the results of the management reviews.
Section 10 – Continual Improvement
According to the ISO 45001 definition, continual improvement indicates a duration that occurs over a period with intervals of interruption. This differs from continuous improvement that occurs without periods of interruption. This definition is contained within Annex A of the standard. The continual definition better fits the activities of the OH&S system whose purpose is to keep workers safe from injury or illness. The processes addressed are most likely in place prior to adopting ISO 45001 and the inherent PDCA methodology. As previously stated, organizations must actively seek out hazards and realize opportunities for improvement that will make possible achievement of the intended goals and objectives of the OH&S management system. Occupational Health and Safety improvements are realized through proactive identification of hazards, implementing effective corrective action and working towards building a continual improvement culture throughout the organization.
Incidents, Nonconformity and Corrective Action
The standard requires organizations to establish processes for reporting and investigating incidents or OH&S nonconformities, and developing corrective actions to address each issue. It is also good methodology to document the activities using a continual improvement plan and review record. The purpose of this record is to document the results of continual improvement actions and their effectiveness. Examples of incidents and nonconformities include but are not limited to:
- Incidents: Near misses, injuries and ill-health, or damage to buildings or equipment, that could result in risk to the operator’s health and safety.
- Nonconformities: Workers not following specific processes or procedures, lack of or non-functioning PPE, violation of safety or regulatory requirements or outside contractors not working in a safe manner.
The organization must be diligent and prepared to react in a timely manner when an incident or nonconformity occurs. The investigation must be carried out and documented as soon as possible. The level of investigation should be proportionate to the potential health and safety consequences of the incident. The team should take great care in defining the hazard or non-conformity and determining the root cause. If you do not address the root cause, you are merely treating a symptom and not resolving the issue. It may very well re-occur at the same workstation or elsewhere in the organization. Root Cause Analysis (RCA) is the process of defining, understanding and solving a problem. A root cause is defined as the underlying or fundamental cause of an incident or non-conformity. Multiple tools are available for performing RCA. Some of the most commonly used tools include but are not limited to:
- Eight Disciplines of Problem Solving (8D)
- 5 Why
- Failure Mode and Effects Analysis (FMEA)
- Is / Is Not Analysis
- Ishikawa or Fishbone Diagram
Upon determining the root cause, the team must develop the appropriate corrective actions. In addition, the team should develop an action plan for implementation and tracking the progress and documenting the effectiveness of the corrective actions. The evaluation of the need for corrective action should be carried out with the active participation of workers and the involvement of other relevant interested parties. The team should re-assemble after a specified length of time, usually 30 or 60 days, to verify the effectiveness of the countermeasures. The team should find out if the initial problem reported has occurred since the countermeasures were put in place. In addition, they should ensure that any special process controls, tools or instructions are still being followed.
Documentation and Communication
Incidents must be recorded and reported internally and, where appropriate, reported externally to regulatory bodies. If possible, the investigation should be led by a person independent of the activities being assessed and should include a worker or workers’ representative. The company must retain documented evidence describing the type of incidents or nonconformities that occur along with information regarding the corrective actions taken, including results and their effectiveness. Appropriate content of the documented information should be communicated to relevant workers, or workers’ representatives. The organization shall establish a process for retention of all documentation related to incidents, non-conformances, identified hazards and corrective actions taken. In addition, records related to the identification and elimination of a hazard or other improvements should be retained as evidence of continual improvement. Continual improvement can be achieved through many activities and improvements including but not limited to:
- Introduction of new technology and methodologies
- Best practices being developed within the organization and externally to the organization
- Suggestions and recommendations from interested parties
- Gaining of new knowledge and understanding of OH&S related issues and opportunities
- Use of improved or safer materials
- Increasing worker capabilities or competence
Quality-One offers Occupational Health and Safety Management Systems Development through Consulting, Training and Project Support. Quality-One provides Knowledge, Guidance and Direction in OH&S Management Systems development activities, tailored to your unique wants, needs and desires. Let us help you Discover the Value of ISO 45001 Consulting, ISO 45001 Training or ISO 45001 Project Support.