ISO 45001:2018 Requirement
The organization shall establish, implement, maintain and continually improve an OH&S management system, including the processes needed and their interactions, in accordance with the requirements of ISO 45001:2018.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
The organization retains the authority, accountability and autonomy to decide how it will fulfil the requirements of this document, including the level of detail and extent to which it:
a) establishes one or more processes to have confidence that they are controlled, carried out as planned and achieve the intended outcomes of the OH&S management system;
b) integrates requirements of the OH&S management system into its various business processes (e.g. design and development, procurement, human resources, sales and marketing).
If this document is implemented for a specific part(s) of an organization, the policies and processes developed by other parts of the organization can be used to meet the requirements of this document, provided that they are applicable to the specific part(s) that will be subject to them and that they conform to the requirements of this document. Examples include corporate OH&S policies, education, training and competency programmes, and procurement controls.
1) The organization shall establish, implement, maintain and continually improve an OH&S management system
The establishment, implementation, maintenance, and continual improvement of an Occupational Health and Safety (OH&S) management system is a fundamental requirement of ISO 45001:2018, the international standard for OH&S management systems. Here’s a breakdown of what these components involve:
1. Establishment of the OH&S Management System:
- Commitment: Top management must demonstrate its commitment to establishing and maintaining the OH&S management system. This often involves issuing a formal OH&S policy statement that outlines the organization’s commitment to worker safety and health.
- Scope: The organization determines the scope of its OH&S management system, defining what it encompasses and what it excludes. This scope takes into account the organization’s activities, products, services, and locations relevant to OH&S.
- Objectives and Targets: The organization establishes measurable OH&S objectives and targets aligned with its OH&S policy and scope. These objectives are intended to drive continual improvement in OH&S performance.
- Risk Assessment: A comprehensive risk assessment is conducted to identify hazards, assess risks, and determine necessary controls. The findings of this assessment inform the development of policies, procedures, and controls.
2. Implementation of the OH&S Management System:
- Leadership and Responsibility: Leadership roles and responsibilities for OH&S are defined and communicated throughout the organization. Top management takes the lead in ensuring the OH&S management system’s implementation and effectiveness.
- Resource Allocation: Adequate resources, including personnel, training, technology, and budget, are allocated to implement and maintain the OH&S management system.
- Operational Planning and Control: Procedures and controls are established to ensure that work-related activities are conducted in a manner that prevents accidents and injuries. This includes the implementation of safe work practices and the provision of necessary protective equipment.
- Emergency Preparedness: The organization develops and implements emergency response plans and procedures to address potential OH&S emergencies.
- Documentation: Necessary documents and records are created and maintained, including policies, procedures, risk assessments, training records, and records of OH&S incidents.
3. Maintenance of the OH&S Management System:
- Monitoring and Measurement: Regular monitoring and measurement of OH&S performance, including the achievement of objectives and targets, are conducted to ensure that the system is functioning effectively.
- Incident Reporting and Investigation: Procedures are in place for reporting, recording, investigating, and taking corrective actions for OH&S incidents, including near misses and accidents.
- Legal and Regulatory Compliance: The organization ensures that it remains compliant with all applicable OH&S laws, regulations, and other requirements within its scope.
- Management Review: Top management conducts periodic reviews of the OH&S management system to assess its continuing suitability, adequacy, and effectiveness.
4. Continual Improvement of the OH&S Management System:
- Performance Evaluation: The organization uses the results of monitoring, measurement, and evaluation to assess the performance of the OH&S management system and make data-driven decisions.
- Corrective and Preventive Actions: When nonconformities or opportunities for improvement are identified, corrective and preventive actions are taken to address root causes and prevent recurrence.
- Management of Change: The organization manages changes in its operations, processes, and activities that could affect OH&S performance, ensuring that any changes are integrated into the OH&S management system effectively.
- Worker Participation: The organization actively involves workers and their representatives in OH&S matters, seeking their input and feedback to improve the management system.
The continual improvement aspect of ISO 45001 underscores the importance of ongoing refinement and enhancement of the OH&S management system to adapt to changing circumstances, emerging risks, and evolving best practices. This helps organizations create safer workplaces and better protect the health and well-being of their workers.
2) The processes needed and their interactions, in accordance with the requirements of ISO 45001:2018.
ISO 45001:2018, the international standard for Occupational Health and Safety (OH&S) management systems, requires organizations to establish, implement, maintain, and continually improve processes to meet its requirements. These processes and their interactions form the core of the OH&S management system. Here are the key processes needed and their interactions in accordance with the requirements of ISO 45001:2018:
- Leadership and Commitment:
- Process: This process involves top management demonstrating leadership by defining OH&S policy, establishing the scope, and setting objectives. It includes assigning roles and responsibilities, providing resources, and fostering a culture of safety.
- Interactions: Leadership sets the direction for the entire OH&S management system and ensures alignment with the organization’s strategic goals.
- Process: Planning encompasses hazard identification, risk assessment, and determining controls to mitigate risks. It also involves setting OH&S objectives and creating plans to achieve them.
- Interactions: The results of hazard identification and risk assessment feed into the planning process. Objectives and plans must align with identified risks and opportunities.
- Process: This process covers resource allocation, competency development, awareness training, communication, and documentation to support the OH&S management system.
- Interactions: Resources are allocated based on identified needs in the planning process. Competency development ensures that employees have the necessary skills to carry out safety procedures.
- Process: The operation process includes implementing and controlling operational controls, emergency preparedness and response, and monitoring the working environment for hazards.
- Interactions: Operational controls are based on identified risks and are influenced by the planning process. Emergency preparedness and response procedures are activated in case of identified risks.
- Performance Evaluation:
- Process: This process involves monitoring and measuring OH&S performance, incident investigation, and conducting internal audits.
- Interactions: The results of monitoring and measuring are used to assess performance against objectives and drive improvements in planning and operation.
- Process: Improvement encompasses taking corrective actions to address nonconformities and continually improving OH&S performance.
- Interactions: Corrective actions are based on the results of performance evaluation, helping to close the loop and prevent future incidents.
- Worker Participation:
- Process: Worker participation involves involving workers and their representatives in OH&S matters, including hazard reporting, risk assessment, and consultation on safety issues.
- Interactions: Worker input from this process informs hazard identification, risk assessment, and other processes to enhance safety measures.
- Management Review:
- Process: This process entails periodic reviews by top management to assess the OH&S management system’s suitability, adequacy, and effectiveness.
- Interactions: The outcomes of management reviews drive improvements and influence the planning and support processes.
- Legal and Regulatory Compliance:
- Process: Ensuring compliance with OH&S laws, regulations, and other requirements relevant to the organization’s scope.
- Interactions: Compliance requirements are considered in the planning, operation, and performance evaluation processes.
- Process: Establishing effective internal and external communication channels regarding OH&S matters.
- Interactions: Communication is essential to worker participation, support, and performance evaluation processes.
These processes are interrelated and interact to ensure the effective functioning of the OH&S management system. They should be designed and implemented in a way that promotes continual improvement, the prevention of accidents and injuries, and the protection of worker health and safety. Organizations can establish clear procedures and workflows to ensure these processes are carried out systematically and in alignment with ISO 45001:2018 requirements.
Documented Information required:
ISO 45001:2018 specifies various documents and records that organizations are required to establish, maintain, and retain to meet the requirements of Clause 4.4, which addresses the establishment, implementation, maintenance, and continual improvement of the Occupational Health and Safety (OH&S) management system. Here are the key documents and records needed for ISO 45001:2018 Clause 4.4:
- OH&S Policy (Documented Information): A documented OH&S policy that outlines the organization’s commitment to OH&S and provides a framework for setting OH&S objectives and targets.
- Scope of the OH&S Management System (Documented Information): A document that defines the scope of the OH&S management system, specifying what is included and excluded from the system’s boundaries.
- Risk Assessment and Hazard Identification (Documented Information): Documentation of the results of risk assessments and hazard identification processes conducted within the scope of the OH&S management system.
- OH&S Objectives and Targets (Documented Information): Documentation of measurable OH&S objectives and targets that are consistent with the OH&S policy and are used to drive improvement.
- Legal and Other Requirements Register (Documented Information): A documented register that identifies and records all relevant legal and regulatory requirements related to occupational health and safety that apply within the scope of the OH&S management system.
- Operational Controls (Documented Information): Procedures and documented information related to operational controls, including safe work practices, procedures for managing change, and emergency preparedness and response.
- Incident Reporting and Investigation Procedures (Documented Information): Procedures for reporting, recording, investigating, and taking corrective actions for OH&S incidents, including near misses and accidents.
- Emergency Response Plans (Documented Information): Documentation of emergency response plans and procedures to address potential OH&S emergencies within the organization’s scope.
- Monitoring and Measurement Records: Records of monitoring and measurement activities related to OH&S performance, including incident data, inspection records, and records of workplace monitoring.
- Internal Audit Records: Records of internal OH&S audits, including audit plans, findings, corrective actions, and follow-up actions.
- Management Review Records: Documentation of management review meetings, including agendas, minutes, and records of actions taken to improve the OH&S management system.
- Worker Participation Records: Records related to worker participation in OH&S matters, including meeting minutes, consultation records, and records of worker feedback.
- Competence, Training, and Awareness Records: Records of employee competency assessments, training records, and records of OH&S awareness programs.
- Documented Information Control Records: Records of the control of documented information, including version control, distribution lists, and records of document revisions.
- Corrective and Preventive Action Records: Records of corrective actions and preventive actions taken to address nonconformities and improve the OH&S management system.
- Records of Changes: Records of changes to the OH&S management system, including records of scope changes and changes to documented information.
- Records of Worker Health Surveillance: Records related to worker health surveillance programs, including medical examination records.
- Records of Communication: Records of communication with internal and external parties related to OH&S matters.
These documents and records are essential for establishing, implementing, maintaining, and continually improving the OH&S management system in compliance with ISO 45001:2018 requirements. They support effective communication, decision-making, and performance evaluation within the organization and provide evidence of conformity with OH&S standards and legal requirements.