Section 7 of ISO 45001 discusses the resources and support needed to be successful with the OH&S management system. “Support” means that the organization has achieved a level of competence among its workers and systems to successfully drive the outcomes of the OH&S plan. It also discusses the need to establish awareness of the OH&S policy, communicate information about the OH&S management system, outline with whom the information should be shared, manage documentation including tracking of updates, and control information and ensure its accessibility and accuracy. Essentially, the support system provides an overview of how the organization must support the OH&S management system. Successfully managing an Occupational Health and Safety Management System relies heavily on having the necessary resources for each task. This includes having competent staff with the appropriate training, support services, and effective information and communication means. The organization will determine what documented information is necessary for the success of the system. Documented information is a new term in the standard, which means the information can be in any format, media, or from any source. Moreover, internal and external information must be communicated throughout the organization and must be gathered, disseminated, and understood by those receiving it. The decisions that need to be made are:
- On/about what to inform?
- When to inform?
- Who to inform?
- How to inform?
- How to receive and maintain documented information and how to respond to relevant incoming communications?
Respectively, the terms ‘document and record’ became obsolete in the new standard, which uses the term ‘documented information’ instead, for the purpose of maximizing the confidence to share information through any media.
7.1 Resources
The organization must determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of the OH&S management system.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
Examples of resources include human, natural, infrastructure, technology, and financial. Examples of infrastructure include the organization’s buildings, plant, equipment, utilities, information technology, and communications systems, and emergency containment systems.
The organization must initially determine and provide the resources necessary to establish, implement, maintain and continually improve its OH&S management system. The identification, procurement, and provision of resources are the prerogative of senior management, and their absence or diminution can be a limitation on the effectiveness of the OH&SMS. Examples of resources include:
- Human;
- Natural;
- Infrastructure;
- Technology
Examples of infrastructure include:
- Buildings;
- Plant;
- Equipment;
- Utilities;
- Information technology;
- Communications systems;
- Emergency containment systems.
Resources should be provided in a timely and efficient manner. Resource allocations should consider the organization’s current and future needs. Resources will be required to fulfill the requirements identified during the planning stages of the system to maintain continuous improvement. These include human, natural, infrastructure (buildings, plant, equipment, utilities, emergency containment systems) technological, and financial resources. It is essential that the allocation of resources has full support from Top Management, under the requirements of Clause 5, to drive the maintenance of a safe and healthy work environment. As part of identifying resources, the organization needs to look at the information produced in Section 6 to acknowledge the risk, opportunities, and resulting objectives. They then need to allocate sufficient resources to mitigate or manage them. Simply put, the standard advises the organization that the resources required to achieve the stated objectives and show continual improvement must be made available.
7.2 Competence
The organization must determine the necessary competence of workers that affects or can affect its OH&S performance. It must ensure that workers are competent including the ability to identify hazards on the basis of appropriate education, training, or experience and where applicable, take actions to acquire and maintain the necessary competence, and evaluate the effectiveness of the actions taken. It must take retain appropriate documented information as evidence of competence. Applicable actions can include, for example, the provision of training to, the mentoring of, or the reassignment of currently employed persons, or the hiring or contracting of competent persons.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
The competence of workers should include the knowledge and skills needed to appropriately identify the hazards and deal with the OH&S risks associated with their work and workplace. In determining the competence for each role, the organization should take into account things such as:
a) the education, training, qualification, and experience necessary to undertake the role and the re-training necessary to maintain competence;
b) the work environment;
c) the preventive and control measures resulting from the risk assessment process(es);
d) the requirements applicable to the OH&S management system;
e) legal requirements and other requirements;
f) the OH&S policy;
g) the potential consequences of compliance and noncompliance, including the impact on the worker’s health and safety;
h) the value of the participation of workers in the OH&S management system based on their knowledge and skill;
i) the duties and responsibilities associated with the roles;
j) individual capabilities, including experience, language skills, literacy, and diversity;
k) the relevant updating of the competence made necessary by context or work changes.
Workers can assist the organization in determining the competence needed for roles.
Workers should have the necessary competence to remove themselves from situations of imminent and serious danger. For this purpose, it is important that workers are provided with sufficient training on hazards and risks associated with their work. As appropriate, workers should receive the training required to enable them to carry out their representative functions for occupational health and safety effectively. In many countries, it is a legal requirement to provide training at no cost to workers.
The organization must determine the competency requirements for those workers that affect, or could affect its OH&S performance. This requirement also pertains to workers operating under the control of the organization such as contractors, agency workers, etc. Once these competency requirements have been determined the organization must then ensure that those workers possess the necessary competence, including the ability to identify hazards, on the basis of appropriate education, training, or experience. It is imperative that all workers have the knowledge and skills required to identify the hazards and manage the OH&S risks associated with their work and workplace. If workers are deemed not to be competent, the organization is required to take action (e.g. refresher/remedial training, recruitment of additional personnel, or hiring/contracting of external expertise) in order to acquire the necessary competence. The actions taken to raise competence to the required level need to be evaluated for effectiveness by means of the following mechanisms:
- Interlocution of the workers on their understanding of their competence to perform the relevant tasks following the prescribed training;
- Assessment of competence of the workers by observing them undertake the relevant tasks following the prescribed training;
- Peer review or supervision following the required training.
The organization must determine competence requirements for individual tasks and should consider the following factors in its deliberations:
- The education, training and experience required to undertake the role and the re-training necessary to maintain competence;
- The work environment;
- The preventive and control measures arising from the risk assessment process;
- The requirements applicable to the OH&S management system;
- The potential consequences of compliance and non-compliance, including the impact on the worker’s health and safety;
- The duties and responsibilities associated with the roles;
- The complexity and requirements of operating procedures and work instructions;
- The results from incident investigations;
- Legal and other requirements;
- The necessary updating of the competence made necessary by context or work changes;
- Individual capabilities, including experience, language skills, literacy, and diversity.
The organization should pay particular attention to the competency requirements attached to personnel performing the following tasks:
- Identifying hazards and conducting risk assessments;
- Conducting audits;
- Performing occupational exposure or noise assessments;
- Carrying out incident investigations;
- Performing tasks that have associated with the significant hazards and associated high risks.
When competence is acquired through training, the organization’s training process should include:
- Identification of training needs;
- Preparation of a training plan or programme to address identified training needs;
- Delivery of the training;
- Evaluation of the effectiveness of the training;
- Documentation, monitoring, and review of the training received.
Workers should be encouraged to assist the organization in ascertaining the competence needed for their respective roles. The organization is required to retain appropriate documented information as evidence of its employees’ competence such as training records.
Employee competence must meet the terms of the ISO 45001:2018 standard by ensuring that the people given responsibility for OH&SManagement System tasks are capable and confident. Related to this, it stands to reason that the experience, training, and/or education of the individual must be of the required standard, and that any necessary training is identified and delivered – with measurable actions taken externally or internally to ensure that this level of competence exists. Predictably, this process and its outputs need to be recorded as documented information for the OH&SManagement System. An organization working effectively and efficiently must have competent workers. In terms of OH&S, it is essential that workers have access to information and have been suitably trained to prevent accidents or ill health to themselves and others. Competence can include consideration for:
- Capability to fulfil the task based on defined job roles and a clear understanding of the required OH&S aspects
- Defined methods of recruitment with consideration for temporary or agency workers
- Awareness of hazards associated with the environment and processes
- Legal requirements
- Individual capabilities including experience, language skills, literacy and diversity
The diversity of activities within the organization will determine the level of training required to fulfill competence. Training Gaps are usually identified with the development of new processes, for example, the introduction of new machinery or in achieving compliance with regulatory requirements. No matter how big or small the organization is, training records are essential as reference and evidence of the fulfillment of competence. Consider an overview training matrix identifying fulfilled training gaps including refresher training dates. In addition, consider individual training records with signatory evidence from the worker to acknowledge completion and understanding of training including hazard awareness. The organization must also consider the competence of external providers including the procurement of contractors conducting tasks on site. The organization’s procurement process may provide the structure for management of external providers; including evidence of capability, competence, and on-site, this may be supported with site induction training. Either internally or externally, the organization’s Top Management must be confident that mechanisms are in place to provide workers with suitable and sufficient competency-based OH&S training. The organization must train all workers to be competent in the ability of hazard identification. It is core to being able to participate in applying the hierarchy of control and to understand when to exercise their right to cease unsafe work.
7.3 Awareness
Workers should be aware of the OH&S policy and OH&S objectives. Workers should be aware of how they can contribute to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance. The worker must be aware of the implications and potential consequences of not conforming to the OH&S management system requirements. They must be aware of the incidents and the outcomes of investigations that are relevant to them. They must be aware of the hazards, OH&S risks, and actions determined that are relevant to them. They must be aware of their ability to remove themselves from work situations that they consider presenting an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
In addition to workers (especially temporary workers), contractors, visitors and any other parties should be aware of the OH&S risks to which they are exposed.
Awareness is closely related to competence in the standard. Employees must be made aware of the Occupational Health & Safety policy and its contents, any current and future impacts that may affect their tasks, what their personal performance means to the OH&SManagement System and its objectives, including the positives or improved performance, and what the implications of poor performance may be to the OH&SManagement System. Additionally, the standard demands that workers be aware that they can remove themselves from work situations that they consider to be a danger to their life or health. Awareness of the requirements of the OH&S system is critical to both internal and external workers. There must be a clear understanding of the organization’s H&S Policy including the requirement for individuals to protect themselves and others from exposure to hazards. Awareness training starts before work commencement for both internal and external workers and may include:
- OH&S Policy and requirements
- Hazards associated with the environment and processes
- Means to report incidents and receive information following the investigation
- Means to report near misses or safety-critical defects
- Structure of supervision
- Provision of information including Safe Systems of Work or Work Instructions
- A clear understanding that there are no recriminations for reporting hazards or precautionary removal of individuals from exposure to harm which is life-threatening. This must be actively encouraged as part of a positive safety culture. It is recommended there is evidence of awareness training.
The right to cease unsafe work without reprisals or victimization etc. is set out in ISO 45001, requiring the organization to make their workers aware of their ability to cease work where they consider a serious and imminent hazard to their health or life exists. Clause 7.3 also requires the organization to make workers aware of the arrangements in the health and safety management system that protect workers from consequences that are undue in exercising this basic right at work. If the application of the hazard identification and elimination processes leaves workers still considering themselves in imminent and serious danger, then ceasing unsafe work is the only option. Likewise, if a new hazard suddenly arises, that presents an imminent and serious danger, then ceasing unsafe work is the only option. This does not mean walking off the job entirely, in fact, an essential part of ceasing unsafe work is reporting the hazard to management and quickly negotiating a resolution to the reasonable concern. This can include an interim measure, pending a permanent resolution. This clause also requires that workers are made aware of the organization’s:
- Outcomes of relevant incidents and their investigations,
- Outcomes of the application of the risk management processes in clause 6 & 8, for hazards, health and safety risks and determining control measures.
7.4 Communication
7.4.1 General
The organization must establish, implement and maintain the process(es) needed for the internal and external communications relevant to the OH&S management system. The organization needs to communicate internally among the various levels and functions of the organization, among contractors and visitors to the workplace, and among other interested parties. The organization must determine what it will communicate when to communicate, with whom to communicate, and among other interested parties. While communicating, the organization must take into account diversity aspects such as gender, language, culture, literacy, disability. The organization must ensure that the views of external interested parties are considered in establishing its communication processes. When establishing its communication processes, the organization must take into account its legal requirements and other requirements. The organization must ensure that OH&S information to be communicated is consistent with information generated within the OH&S management system, and is reliable. The organization should respond to relevant communications on its OH&S management system. The organization must retain documented information as evidence of its communications, as appropriate.
7.4.2 Internal communication
The organization must internally communicate as appropriate information relevant to the OH&S management system among the various levels and functions of the organization, including changes to the OH&S management system. It must ensure its communication process enables workers to contribute to continual improvement.
7.4.3 External communication
The organization must externally communicate information relevant to the OH&S management system, as established by the organization’s communication processes, and taking into account its legal requirements and other requirements.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
The communication process(es) established by the organization should provide for the gathering, updating, and dissemination of information. It should ensure that relevant information is provided, received, and is understandable to all relevant workers and interested parties.
The organization must establish, implement and maintain a process or processes for internal and external communications relevant to the OH&S management system, which provides for the gathering, updating, and dissemination of information and which encompasses the following:
- What topics to communicate on;
- When to communicate;
- With whom to communicate (e.g. internally within the organization and/or externally with contractors, visitors, and other interested parties);
- How to communicate.
Communications should be appropriate, comprehensible, and intelligible for the audience at which it is aimed and take into account diversity aspects such as gender, language, culture, literacy, and disability. The organization should also take into account legal and other requirements and ensure that the information to be communicated is consistent with information generated within the OH&S management system and is reliable. Information transmitted by internal or external communications, of interest to relevant interested parties, must be available when required.
It is critically important to effectively communicate information about OH&S risks and the OH&S management system, including changes to the OH&SMS, at various levels and between various functions of the organization. This should include information relating to:
- Management’s commitment to the OH&S management system;
- The identification of hazards and risks;
- OH&S objectives and programmes to achieve them;
- Incident investigation;
- Progress in eliminating hazards and associated OH&S risks;
- Operational changes that might impact the OH&S management system;
- Progress with consultation and participation of workers;
The organization should have a process in place for receiving, documenting, and responding to relevant communications from external interested parties, where appropriate. Paramount to this is the development and maintenance of a process for communicating with contractors and other visitors to the workplace. The extent of this communication should be related to the OH&S risks faced by these parties and will be further considered in clause 8.1.4.2 of the standard. Service level agreements (SLAs), contracts, and pre-project OH&S planning meetings are often used to communicate OH&S issues to external providers such as contractors, but the organization should also use methods such as on-site induction to raise OH&S awareness amongst contractors’ workers. In addition to communicating about specific OH&S requirements relating to on-site and off-site activities, the following should also be taken into account when communicating with external providers, particularly contractors:
- Information about a contractor’s OH&S management system;
- Legal and other requirements that impact on the method or extent of communication;
- Previous OH&S performance and history of notifiable incidents;
- The use of multiple contractors at the workplace;
- Emergency response;
- The need for alignment of the contractor’s OH&S practices with those of the organization and other contractors at the workplace;
- The need for additional consultation and/or contractual provisions relating to high-risk tasks;
- Reporting of OH&S performance, incidents, nonconformities, and corrective actions; Arrangements for regular communications.
For visitors such as delivery companies, clients, members of the general public and service providers specific OH&S information needs to be communicated as follows:
- OH&S requirements relevant to their visit;
- Evacuation procedures and responses to alarms;
- Traffic controls;
- Access controls and escort function;
- Details relating to the wearing of personal protective equipment (PPE).
External communication processes often include the identification of a designated contact person from within the organization. This allows for appropriate information to be communicated in a timely and consistent manner. This can be especially important in emergency situations where regular updates are required to be delivered in a clear and unambiguous manner.
Processes for internal and external communication need to be established and recorded as documented information within the OH&S Management System. The key elements that need to be decided, actioned, and recorded are what needs to be communicated, how it should be done, who needs to receive the communication, and at what intervals it should be done. It should be noted here that any communication outputs should be consistent with related information and content generated by the OH&S Management System for the sake of consistency. The standard advises the organization that information should be communicated at various levels and with various frequencies as deemed suitable and that the organization must ensure that the nature and frequency of communication allow continual improvement to result from the communication process itself. Once again, the organization is advised by the standard to ensure that communication relevant to the OH&S Management System takes place as per the established process, with the goal of ensuring that compliance obligations and objectives are met.
Defined channels of communication are key to the success of the OH&S management system. It is recommended that there is a clear policy on communication endorsed by Top Management identifying the process of communication. The organization will need to determine:
Question | Answers |
What will be communicated? | OH&S Policy, site rules including personal responsibilities, hazards, risk assessments, Work Instructions, minutes from committee meetings, investigation results, organizational structure, performance |
When communication occurs? | Recruitment permanent or temporary, induction internally and externally, morning briefing, safety committee meetings, pending legal requirements |
Who will information be communicated to? | Workers including agency, contractors, external providers, product end-users, and other interested parties |
How will information be communicated? | Notice boards, toolbox talks, email, website, newsletters, supervision |
7.5 Documented information
7.5.1 General
The organization must have Document Information (documents and records) as required by ISO 45001:2018 and also those determined by the organization as being necessary for the effectiveness of the OH&S management system. The extent of documented information for an OH&S management system can differ from one organization to another due to the size of the organization and its type of activities, processes, products, and services. It can be due to the need to demonstrate fulfillment of legal requirements and other requirements; the complexity of processes and their interactions; the competence of workers.
7.5.2 Creating and updating
When creating and updating documented information, the organization must ensure appropriate identification and description (e.g. a title, date, author, or reference number) and format (e.g. language, software version, graphics) and media (e.g. paper, electronic); It must also ensure appropriate review and approval for suitability and adequacy.
7.5.3 Control of documented information
Documented information required by the OH&S management system must be controlled to ensure that it is available and suitable for use, where and when it is needed. It must be adequately protected from loss of confidentiality, improper use, or loss of integrity. For the control of documented information, the organization shall address the following activities:
- distribution, access, retrieval, and use;
- storage and preservation, including preservation of legibility;
- control of changes (e.g. version control);
- retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the OH&S management system should be identified, as appropriate, and controlled. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information. Access to relevant documented information includes access by workers, and, where they exist, workers’ representatives.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
It is important to keep the complexity of the documented information at the minimum level possible to ensure effectiveness, efficiency, and simplicity at the same time. This should include documented information regarding planning to address legal requirements and other requirements and on evaluations of the effectiveness of these actions. The actions described in 7.5.3 are particularly aimed at preventing the unintended use of obsolete documented information. Examples of confidential information include personal and medical information.
“Documented information,” refers to the documents and records that are necessary for the OH&S Management System. The requirements are designed to allow each organization to have the ability to shape documented information to their own requirements in general, with the exception of the mandatory components mentioned specifically in the standard and, therefore, this guide. The ISO 45001:2018standard advises us that the OH&SManagement System should include all documented information that it declares mandatory, and anything viewed as critical to the OH&SManagement System and its operation. It should also be noted that the amount of documented information that an organization requires would differ according to the size, operating sector, and complexity of compliance obligations faced by the business. The standard advises that documentation created by the OH&SManagement System needs to include appropriate identification, description, and format so that it is can be easily understood what the documented information is for. There is also a need to review and approve the documented information for suitability and accuracy before release. The standard advises that documentation created by the OH&SManagement System should be available and fit for purpose where and when needed, reasonably protected against damage or loss of integrity and identity and that the processes of distribution, retention, access, retrieval, preservation and storage, control, and disposition are adequately provided for. It should be noted that documented information from external sources should be similarly controlled and handled, and that viewing and editing access levels should be carefully considered and controlled.
It is important for top management to ensure that the OHSMS processes are carried out as planned and the desired results are achieved. Capturing key pieces of information in documented form can assist in this effort. Documenting how the system works helps personnel responsible for its implementation understand what they need to do and how to do it. Where a number of people are performing a process, documenting the steps can ensure consistency in the results. Documenting decisions made, OHSMS activities performed and the resulting outcomes provides evidence to demonstrate conformity to requirements and the effective implementation of the OH&S management system. Mandatory documents include the documented information required by ISO 45001 and additional information identified by the organization as necessary for the effective operation of its OH&S management system. The extent of documented information for an OH&S management system can differ from one organization to another due to:
- The size of the organization and the type of activities, processes, products or services it is engaged in.
- The need to demonstrate fulfilment of legal and other requirements.
- The complexity of the organization’s processes and how they interact.
- The competence of workers.
ISO 45001 has moved from prescriptive requirements for specific ‘documents’ and ‘records’ towards the more inclusive term ‘documented information’. This allows the organization to customize its occupational health and safety documentation to better reflect its particular circumstances. There are now basically two types of documented information; “living” documents that describe how things are done within the OHSMS, and “static” records that reflect results of some activity at a particular point in time. Whether in electronic or paper format, the correct and current versions of living documents, be they procedures, work instructions, process maps, plans, or programs, need to be available to those who use them. This requires the organization to have a process to create these documents and control their revision. Records of results need to be created, reviewed, and retained for a period of time. The organization should attempt to keep the complexity of the documented information at the minimum level necessary to ensure contemporaneous effectiveness, efficiency, and simplicity. It should be noted that an Occupational Health and Safety Manual is no longer required by ISO 45001, but most organizations are likely to persevere with it as an integral part of their OH&S management system
When creating and updating documented information, the organization must ensure appropriate:
- Identification and description (e.g. a title, date, author or reference number);
- Format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
- Review and approval for suitability, adequacy, and effectiveness.
The organization is required to control documented information in order to ensure that it is available where needed and that it is suitable for use. It must also be adequately protected against improper use, loss of integrity, and loss of confidentiality. With reference to documented information, the organization must make decisions on its:
- Distribution, access, retrieval, and use;
- Storage and preservation;
- Control of any changes;
- Retention and disposal.
The organization is also required to identify any documented information of external origin that is considered essential for the planning and operation of its OH&S management system and ensure that it is controlled. All of the controls described are primarily aimed at preventing unintended use of obsolete documented information. As with all management systems, the extent of documented information will vary depending on the size, scope, and complexity of processes within the organization. A practical approach to the development and control of documented information will assist in business protection as well as providing sources of information for workers relating to hazard identification. Consider a risk-based approach to the level of documented information required including consideration for literacy and language. Documented information is not restricted to hard copy and will appear in a variety of media including electronic format, emails, and web-based. Below is a selection of the variety of documented information:
Internal / External Sources | Type | Use |
External | Regulatory | Government website instructions and leaflets, codes of practice |
External | Information | External Provider material safety data sheets, certificates of conformity |
External | Information | External Provider machinery installation instructions and technical specifications |
External | Information | Risk assessments and method statements |
External | Certificate | Fire system, fixed wiring service records, liability insurance documents |
External | Training | Certificates of competence (Fork Lift Truck, OH&S awareness) |
Internal | Training | Induction presentations, toolbox talks |
Internal | Training | Individual training records |
Internal | Work | Safe Systems of Work Work Instructions |
Internal | Inspections | Evidence of maintenance and routine inspections |
It’s essential to have a robust but simple system of control for documented information. This will ensure workers are always aware of the latest requirements relating to OH&S. In support of the latest revision of documented information, there must be the means to communicate the latest policies, practices, and work instructions. As previously indicated documented information will come from internal and external sources.
Below are suggested means of controlling both internal and external documented information:
Internal
- Develop a document reference system within the header or footer e.g. Maintenance Procedure No. 1 – MP01, Maintenance Form 01 – MF01, etc
- Identify the revision status, revision date and author within the document footer
- Use the same document control methodology for electronic documents and data
- Develop a spreadsheet identifying the reasons why previous revisions have been updated
- Determine the method of the issue for documented information with consideration for recovery of pre-modified documented information and communication
- Archive in electronic format previous revisions of documents based on risk ensuring there is a means of backing up and recovering data
- Determine and identify in the spreadsheet the intended document retention timescale. This may be based on legal requirements such as insurance documentation
External
- Determine what should be communicated and retained based on risk.
- Consider scanning to reduce reliance on paper
- Maintain the integrity of archived documentation
Remember to create a simple system to use for all to understand and access accordingly. Consider supporting the chosen method with an instructional procedure with applicable training.
List of documents required by ISO 45001:2018
The ISO 45001 standard provides us with some insight into what documents are required. Compared to OHSAS 18001, there are not too many changes, but the documentation requirements are easier to manage, following the logic of the new versions of other ISO standards. Of course, the standard does not explicitly mention documents and records, but uses the term “documented information.” The following represents a list of documents that you need to maintain in order to comply with ISO 45001:
Clause | Required Documented Information |
4.3 | The scope of OH&S available as documented information |
5.2 | The OH&S policy available as documented information |
5.3 | The responsibilities, accountabilities, and authorities for relevant roles are maintained as documented information |
6.1.1 | Maintain documented information of the OH&S risks and OH&S opportunities and the processes needed to address risks and opportunities |
6.1.2.2 | The methodologies and criteria for assessing OH&S risks are defined, maintained and retained as documented information |
6.1.3 | Information on applicable legal and other requirements are maintained, retained, and updated as documented information |
6.2.2 | The OH&S objectives and plans to achieve them are maintained and retained as documented information |
7.2 | Documented information is retained as evidence of competence of workers |
7.4 | Relevant OH&S communications are received and maintained as documented information |
8.1.1 | Documented information to provide confidence that processes have been carried out as planned and determining where the absence of documented information could lead to deviations from the OH&S policy and the OH&S objectives is kept |
8.6 | Information on the process and on the plans for responding to potential emergency situations are maintained and retained as documented information |
9.1.1 | Evidence of the monitoring, measurement, analysis and evaluation results are retained as documented information |
9.1.2 | Results of the compliance evaluation are retained as documented information |
9.2.2 | Evidence of the implementation of the audit program and the audit results are retained as documented information |
9.3 | Evidence of the results of management reviews is retained as documented information |
10.1 | Evidence of the nature of incidents or nonconformities and actions taken with results and effectiveness of correction is retained as documented information and communicated to relevant workers other relevant interested parties |
10.2.2 | Evidence of the results of continual improvement efforts is retained as documented information |
Other supporting documents
Apart from the abovementioned list of documents, there are additional supporting documents that can be used to facilitate the operation of a management system. Thus, the following documents are commonly used:
- Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
- Procedure for identification and evaluation of OH&S management system risks and opportunities (clauses 6.1.1 and 6.1.2)
- Procedure for competence, training, and awareness (clauses 7.2 and 7.3)
- Procedure for communication (clause 7.4)
- Procedure for document and record control (clause 7.5)
- Procedure for internal audit (clause 9.2)
- Procedure for management review (clause 9.3)
The standard also emphasizes that it is important to demonstrate the effectiveness of the OH&S Management System, rather than to simply draft endless theoretical procedures.