ISO 45001:2018 Clause Assessment of OH&S risks and other risks to the OH&S management system

ISO 45001:2018 Requirement

The organization shall establish, implement and maintain a process(es) to:
a) assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls;
b) determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system.
The organization’s methodology(ies) and criteria for the assessment of OH&S risks shall be defined with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way. Documented information shall be maintained and retained on the methodology(ies) and criteria.

As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains

An organization can use different methods to assess OH&S risks as part of its overall strategy for addressing different hazards or activities. The method and complexity of assessment does not depend on the size of the organization, but on the hazards associated with the activities of the organization. Other risks to the OH&S management system should also be assessed using appropriate methods. Processes for the assessment of risk to the OH&S management system should consider day-to- day operations and decisions (e.g. peaks in work flow, restructuring) as well as external issues (e.g. economic change). Methodologies can include ongoing consultation of workers affected by day-to-day activities (e.g. changes in work load), monitoring and communication of new legal requirements and other requirements (e.g. regulatory reform, revisions to collective agreements regarding occupational health and safety), and ensuring resources meet existing and changing needs (e.g. training on, or procurement of, new improved equipment or supplies).

1) The organization shall establish, implement and maintain a process(es) to assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls

The establishment of a process to assess Occupational Health and Safety (OH&S) risks from identified hazards is a fundamental step in managing workplace safety effectively. Assessing OH&S risks from identified hazards involves a systematic process to evaluate the likelihood and severity of potential incidents or accidents associated with those hazards. Here’s a step-by-step guide on how to assess OH&S risks:

  • Begin by compiling a comprehensive list of all the hazards identified in your workplace. This list should include physical, chemical, biological, ergonomic, psychosocial, and other types of hazards.
  • Collect all relevant information about each identified hazard. This includes data on the hazard’s characteristics, potential exposure levels, and any historical incident reports related to the hazard.
  • Assess the likelihood or probability of an incident or accident occurring due to each hazard. Consider factors such as the frequency of exposure, the number of employees exposed, and the effectiveness of existing controls. You can use a qualitative scale (e.g., high, medium, low) or a numerical scale to represent likelihood.
  • Assess the severity of the potential consequences if an incident were to occur due to each hazard. Consider factors such as the degree of injury or harm that could result, including both immediate and long-term effects. Again, you can use a qualitative scale (e.g., high, medium, low) or a numerical scale to represent severity.
  • Utilize a risk assessment tool, such as a risk matrix, to combine the likelihood and severity assessments and determine the overall risk level for each hazard. This will help you classify hazards into categories like high risk, medium risk, and low risk.
  • Prioritize hazards based on their risk levels. High-risk hazards should be addressed with the highest priority, followed by medium-risk hazards, and so on.
  • Document the results of your risk assessments for each hazard. Include details about the hazard, its likelihood, severity, and the rationale behind the assessments. Use a standardized format for consistency.
  • Determine appropriate control measures for each high and medium-risk hazard. These measures may include engineering controls, administrative controls, and personal protective equipment (PPE). Ensure that control measures are specific to each hazard.
  • Put the identified control measures into action. Ensure that employees are trained in the proper use of controls and that the measures are regularly inspected and maintained.
  • Continuously monitor the effectiveness of control measures and regularly review risk assessments. Risks can change over time due to various factors, so it’s important to keep assessments up to date.
  • Communicate the results of risk assessments, control measures, and any changes to all relevant stakeholders, including employees. Ensure that employees are trained in the hazards and safe work practices.
  • Maintain detailed records of risk assessments, control measures, monitoring activities, and incident reports. These records are essential for compliance and auditing purposes.
  • Periodically review and improve the risk assessment process based on lessons learned, feedback from employees, and changes in workplace conditions or regulations.

By following this systematic process, organizations can effectively assess OH&S risks from identified hazards and take appropriate measures to reduce or eliminate those risks, creating a safer and healthier work environment. Here are some specific examples to illustrate how this assessment can be applied to various workplace hazards:

  1. Example: Chemical Exposure Hazard
    • Identified Hazard: Exposure to a toxic chemical substance in a manufacturing facility.
    • Assessment:
      • Likelihood: High, as employees frequently handle the chemical.
      • Severity: High, as exposure can result in severe health effects, including respiratory issues and chemical burns.
    • Risk Assessment: High risk due to the combination of high likelihood and severity.
    • Control Measures: Implement strict chemical handling procedures, provide appropriate personal protective equipment (PPE), conduct regular employee training, and establish emergency response protocols.
  2. Example: Slip and Fall Hazard
    • Identified Hazard: Slippery floors in a restaurant kitchen.
    • Assessment:
      • Likelihood: Medium, as spills occur occasionally.
      • Severity: Medium, as slips and falls can lead to minor injuries like sprains or bruises.
    • Risk Assessment: Medium risk due to a moderate combination of likelihood and severity.
    • Control Measures: Implement non-slip floor surfaces, establish cleaning protocols, provide slip-resistant footwear to employees, and conduct regular inspections.
  3. Example: Machinery Operation Hazard
    • Identified Hazard: Operating heavy machinery in a construction site.
    • Assessment:
      • Likelihood: Medium, as machinery is used regularly but with proper training.
      • Severity: High, as accidents can result in serious injuries or fatalities.
    • Risk Assessment: Medium to high risk, balancing the likelihood and high severity.
    • Control Measures: Provide extensive training to machine operators, implement safety barriers, conduct regular equipment maintenance, and establish strict operating procedures.
  4. Example: Ergonomic Hazard
    • Identified Hazard: Employees working at computer workstations for extended periods.
    • Assessment:
      • Likelihood: High, as most employees spend a significant part of their day at workstations.
      • Severity: Medium, as prolonged poor ergonomics can lead to musculoskeletal disorders.
    • Risk Assessment: High risk due to the combination of high likelihood and medium severity.
    • Control Measures: Provide ergonomic furniture and accessories, conduct ergonomic assessments for employees, encourage regular breaks and exercises, and educate employees on proper workstation setup.
  5. Example: Psychosocial Hazard
    • Identified Hazard: High-stress levels in a customer service call center.
    • Assessment:
      • Likelihood: High, as employees deal with stressful customer interactions daily.
      • Severity: Medium, as high stress can lead to mental health issues.
    • Risk Assessment: High risk due to the combination of high likelihood and medium severity.
    • Control Measures: Implement stress management programs, offer employee counseling services, ensure manageable workloads, and promote a supportive work environment.

2)The organization shall establish, implement and maintain a process(es) to determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system.

In an Occupational Health and Safety Management System (OH&S MS), the primary focus is on identifying, assessing, and managing occupational health and safety risks. However, organizations may also need to consider and address risks beyond OH&S risks to ensure the overall well-being of the business and its employees. Here are steps on how an organization can determine and assess non-OH&S risks within the context of its OH&S MS:

  • Clearly define what non-OH&S risks are within the context of your organization. These risks can vary widely depending on your industry and the specific activities your organization is involved in. Non-OH&S risks may include financial, operational, legal, environmental, reputational, and strategic risks, among others.
  • Identify and document the non-OH&S risks that are relevant to your organization. This can be done through various methods, including brainstorming sessions, historical data analysis, and expert opinions.
  • Assess each identified non-OH&S risk using a systematic approach. The assessment process should consider factors such as the likelihood of the risk occurring and the potential impact or consequences if it does. This assessment can be qualitative or quantitative, depending on the nature of the risk.
  • Prioritize non-OH&S risks based on the assessment results. This prioritization should take into account the potential severity of the risks and their significance to the organization’s overall objectives and operations.
  • Develop and implement control measures or risk mitigation strategies for the identified non-OH&S risks. These measures should be designed to reduce the likelihood of occurrence and minimize the impact if the risk does materialize.
  • Establish a monitoring and review process to track the effectiveness of the control measures and to ensure that non-OH&S risks are managed effectively over time. Regularly revisit the risk assessment to account for changes in the business environment.
  • Document all aspects of the non-OH&S risk assessment and management process, including risk assessments, control measures, monitoring activities, and any incidents or events related to non-OH&S risks. Ensure that relevant stakeholders are informed and that reports are generated for management and regulatory purposes, as needed.
  • Integrate the management of non-OH&S risks into your overall OH&S Management System. Consider how non-OH&S risks can impact your organization’s ability to meet its health and safety objectives.
  • Ensure that employees and relevant stakeholders are aware of the non-OH&S risks that have been identified and the control measures in place. Training programs may be necessary to raise awareness and build the necessary skills to manage these risks.
  • Periodically review and improve the process for identifying, assessing, and managing non-OH&S risks. As with OH&S risks, non-OH&S risk management should be an ongoing and iterative process.

By addressing non-OH&S risks within the framework of the OH&S Management System, organizations can take a holistic approach to risk management, ensuring the overall sustainability and resilience of the business while prioritizing the health and safety of employees.Here are some examples of non-OH&S risks that can be assessed within the context of an OH&S MS:

  1. Financial Risks:
    • Risk: Economic downturn or market volatility affecting the organization’s financial stability.
    • Assessment: Evaluate the organization’s financial health, cash flow, and financial reserves. Consider the potential impact of economic factors on revenue and expenses.
  2. Operational Risks:
    • Risk: Disruption in supply chains or logistics that can impact production and delivery of goods or services.
    • Assessment: Identify critical suppliers and assess their reliability. Develop contingency plans for alternative suppliers and logistics.
  3. Legal and Regulatory Risks:
    • Risk: Non-compliance with industry regulations or changes in laws that affect the organization’s operations.
    • Assessment: Regularly review and update compliance with relevant regulations. Monitor changes in legislation and ensure necessary adjustments are made.
  4. Environmental Risks:
    • Risk: Environmental incidents or pollution that can lead to legal liabilities and reputational damage.
    • Assessment: Identify potential environmental hazards associated with operations. Implement measures to prevent incidents and ensure compliance with environmental regulations.
  5. Reputational Risks:
    • Risk: Negative public perception or damage to the organization’s reputation due to scandals, unethical behavior, or poor customer service.
    • Assessment: Monitor public sentiment, engage in crisis management planning, and establish codes of conduct and ethical guidelines for employees.
  6. Cybersecurity Risks:
    • Risk: Data breaches or cyberattacks that can compromise sensitive information and disrupt operations.
    • Assessment: Conduct regular cybersecurity assessments, penetration testing, and employee training on cybersecurity best practices.
  7. Strategic Risks:
    • Risk: Poor strategic decisions or market shifts that affect the organization’s long-term viability.
    • Assessment: Regularly review and update the organization’s strategic plans. Analyze market trends and competitive forces.
  8. Supply Chain Risks:
    • Risk: Dependence on a single source for critical materials or components.
    • Assessment: Diversify suppliers, evaluate supplier risk profiles, and establish contingency plans for supply chain disruptions.
  9. Health and Pandemic Risks:
    • Risk: Health epidemics or pandemics that can impact workforce availability and business operations.
    • Assessment: Develop and implement pandemic preparedness plans, including remote work policies and employee health monitoring.
  10. Quality and Product Safety Risks:
    • Risk: Product defects or quality issues that can lead to recalls, liability claims, or customer dissatisfaction.
    • Assessment: Implement quality control processes, product testing, and customer feedback mechanisms to ensure product safety and quality.
  11. Ethical Risks:
    • Risk: Unethical behavior or misconduct within the organization.
    • Assessment: Establish an ethical code of conduct, provide ethics training, and implement mechanisms for reporting and addressing ethical violations.
  12. Natural Disaster Risks:
    • Risk: Exposure to natural disasters like earthquakes, hurricanes, or wildfires that can disrupt operations.
    • Assessment: Develop disaster recovery and business continuity plans, conduct risk assessments for geographical locations, and ensure employee safety during emergencies.

3)The organization’s methodologies and criteria for the assessment of OH&S risks

The methodologies and criteria for the assessment of Occupational Health and Safety (OH&S) risks in an organization are essential components of an effective OH&S Management System. These methodologies and criteria provide a structured approach for identifying, evaluating, and managing risks to prevent workplace accidents, injuries, and illnesses. Here are key elements of methodologies and criteria for OH&S risk assessment:

  1. Hazard Identification: The first step is to identify all potential hazards in the workplace. This includes physical, chemical, biological, ergonomic, and psychosocial hazards.
    • Criteria: Develop a systematic process for hazard identification that involves input from employees, workplace inspections, incident reports, and review of relevant regulations and industry standards.
  2. Risk Assessment Methodology: Determine the method or approach you will use to assess risks. Common methodologies include qualitative, semi-quantitative, and quantitative methods.
    • Criteria: Select the methodology that best suits your organization’s needs, considering factors such as the complexity of hazards, available data, and available resources.
  3. Likelihood Assessment: Evaluate the likelihood or probability of a hazardous event occurring. This involves considering factors like frequency, duration of exposure, and the effectiveness of existing controls.
    • Criteria: Develop a rating system or scale (e.g., high, medium, low) to assess the likelihood based on these factors.
  4. Severity Assessment: Assess the severity of the potential consequences if the hazardous event were to occur. Consider both acute and chronic effects on health and safety.
    • Criteria: Establish criteria for categorizing severity, which may include factors such as the extent of injuries, potential fatalities, and long-term health effects.
  5. Risk Matrix or Assessment Tool: Use a risk matrix or assessment tool to combine the likelihood and severity assessments and determine the overall risk level for each hazard.
    • Criteria: Define risk categories (e.g., high, medium, low) within the risk matrix, indicating the level of risk corresponding to different combinations of likelihood and severity.
  6. Risk Ranking and Prioritization: Prioritize risks based on their overall risk level. High-risk hazards should receive immediate attention and resources.
    • Criteria: Establish clear criteria for risk ranking, taking into account the risk matrix results, the organization’s objectives, and regulatory requirements.
  7. Documentation and Records: Document the results of the risk assessments for each hazard. Records should include details about the hazard, its likelihood, severity, risk level, and the rationale behind the assessment.
    • Criteria: Define the format and structure of risk assessment records to ensure consistency and traceability.
  8. Risk Tolerance and Acceptance:Define the organization’s risk tolerance levels, specifying what level of risk is acceptable and what requires immediate mitigation or control.
    • Criteria: Consider factors such as legal requirements, industry standards, and organizational objectives when setting risk tolerance thresholds.
  9. Control Measures: Identify and implement control measures or risk mitigation strategies for high and medium-risk hazards. These measures should be specific to each hazard.
    • Criteria: Determine the types of controls to be used (e.g., engineering controls, administrative controls, PPE), and establish criteria for their effectiveness.
  10. Monitoring and Review: Establish a process for continuous monitoring and review of the effectiveness of control measures and risk assessments.
    • Criteria: Define the frequency of monitoring, who is responsible, and how data will be collected and analyzed.
  11. Communication and Reporting: Develop procedures for communicating risk assessment results to relevant stakeholders, including employees, management, and regulatory authorities, as necessary.
    • Criteria: Define reporting formats, channels, and timelines to ensure timely communication.
  12. Training and Competence: – Ensure that employees and those involved in risk assessment and management are trained and competent in the methodology and criteria.
    • Criteria: Develop training programs and criteria for assessing the competence of individuals involved in the process.
  13. Continuous Improvement: Encourage a culture of continuous improvement by regularly reviewing and refining the risk assessment methodologies and criteria based on lessons learned and changing workplace conditions.

By establishing clear methodologies and criteria for OH&S risk assessment, organizations can systematically identify, evaluate, and manage risks to create a safer and healthier work environment. These methodologies should align with the organization’s goals and legal obligations while promoting proactive risk mitigation and employee involvement.

Methodologies for the assessment of OH&S risks

Below are some commonly used methodologies for OH&S risk assessment:

  1. Qualitative Risk Assessment:
    • Description: This method involves subjective judgments to assess risk based on qualitative criteria. It’s often used when quantitative data is limited or when a quick assessment is needed.
    • Process: Risks are assessed based on factors such as likelihood, severity, and potential harm. It typically uses scales like high, medium, and low to classify risks.
  2. Semi-Quantitative Risk Assessment:
    • Description: Semi-quantitative methods combine qualitative and limited quantitative data to assess risks. This approach provides a more refined risk evaluation than purely qualitative methods.
    • Process: Likelihood and severity are assessed using numerical scales, and the combination of these scores determines the overall risk level.
  3. Quantitative Risk Assessment:
    • Description: Quantitative methods use numerical data to precisely assess risks, making them suitable for complex or high-consequence hazards.
    • Process: Probabilistic models and data analysis are used to calculate the probability and consequences of potential incidents. Techniques like Fault Tree Analysis (FTA) and Event Tree Analysis (ETA) may be employed.
  4. Hazard and Operability Study (HAZOP):
    • Description: HAZOP is a systematic technique used mainly in process industries to identify potential hazards and operability issues in a structured manner.
    • Process: A multidisciplinary team examines each element of a process or system to identify deviations from the intended design and their potential consequences.
  5. Job Safety Analysis (JSA) or Job Hazard Analysis (JHA):
    • Description: JSA/JHA is a method for assessing risks associated with specific job tasks or activities.
    • Process: Workers and supervisors collaboratively identify hazards, potential risks, and controls for each step of a job or task, and develop safe work procedures.
  6. Failure Modes and Effects Analysis (FMEA):
    • Description: FMEA is a structured approach often used in manufacturing and engineering to evaluate failure modes and their consequences.
    • Process: Teams assess the likelihood, severity, and detectability of potential failures to prioritize them and implement preventive measures.
  7. Bowtie Risk Assessment:
    • Description: Bowtie analysis is a visual method that combines elements of qualitative and quantitative assessment to represent the relationship between hazards, preventive measures, and consequences.
    • Process: It uses a diagram with a central hazard, preventive barriers on one side, and potential consequences on the other. It helps visualize risk pathways and control measures.
  8. Fault Tree Analysis (FTA):
    • Description: FTA is a quantitative method that analyzes the various events that can lead to a specific undesirable outcome or hazard.
    • Process: It begins with the top-level undesired event and breaks it down into contributing factors, connecting them with logic gates to assess the probability of the top-level event occurring.
  9. Event Tree Analysis (ETA):
    • Description: ETA is a quantitative method used to analyze various potential consequences or outcomes that can result from a specific initiating event.
    • Process: It starts with an initiating event and branches out to show different possible sequences of events, each with associated probabilities.
  10. Safety Culture Assessments:
    • Description: This qualitative assessment focuses on evaluating the organization’s safety culture, including factors such as leadership commitment, communication, employee engagement, and overall safety attitudes.
    • Process: Surveys, interviews, and observations are commonly used to assess safety culture and identify areas for improvement.

Criteria for the assessment of OH&S risks

Here are some common criteria for assessing OH&S risks:

  1. Likelihood Criteria:
    • Frequency: How often could the hazardous event occur? (e.g., rare, occasional, frequent)
    • Exposure: How many employees are exposed to the hazard? (e.g., few, many, all)
    • Duration: How long does the exposure to the hazard typically last? (e.g., short-term, long-term)
    • Previous Incidents: Has the hazard caused incidents in the past? (e.g., yes, no)
  2. Severity Criteria:
    • Consequences: What are the potential consequences of the hazardous event? (e.g., minor injuries, serious injuries, fatalities)
    • Health Effects: What are the potential health effects on employees? (e.g., temporary discomfort, chronic illness, permanent disability)
    • Environmental Impact: Does the hazard pose a risk to the environment? (e.g., pollution, habitat destruction)
    • Property Damage: Is there a potential for damage to equipment or property? (e.g., minor, major)
  3. Risk Matrix Criteria:
    • High Risk: Typically, risks that have a high likelihood and high severity are categorized as high risk.
    • Medium Risk: Risks with a moderate combination of likelihood and severity fall into this category.
    • Low Risk: Risks with low likelihood and severity are considered low risk.
  4. Legal and Regulatory Criteria:
    • Compliance: Does the risk comply with relevant OH&S regulations and standards? (e.g., fully compliant, partially compliant, non-compliant)
    • Legal Obligations: Is the organization legally obligated to address the risk? (e.g., yes, no)
    • Fines and Penalties: What are the potential legal consequences if the risk is not addressed? (e.g., fines, sanctions)
  5. Organizational Impact Criteria:
    • Business Continuity: How would the risk impact the organization’s ability to continue its operations? (e.g., minimal impact, partial disruption, complete shutdown)
    • Reputation: How might the risk affect the organization’s reputation with customers, employees, and stakeholders? (e.g., minimal impact, significant damage)
    • Financial Impact: What are the potential financial costs associated with the risk, including medical expenses, insurance claims, and productivity losses? (e.g., low, moderate, high)
  6. Risk Tolerance and Acceptance Criteria:
    • Risk Tolerance: Define the organization’s predetermined level of acceptable risk for different types of hazards and activities.
    • Risk Acceptance: Determine the criteria for when risks are deemed acceptable without further action and when they require mitigation.
  7. Control Effectiveness Criteria:
    • Control Measures: Evaluate the effectiveness of existing control measures in place to mitigate the risk.
    • Residual Risk: Assess the remaining level of risk after control measures are implemented.
  8. Stakeholder Impact Criteria:
    • Employee Impact: Consider the potential impact of the risk on employee health, safety, and morale.
    • Community Impact: Assess how the risk might affect the local community, neighbors, or other stakeholders.
  9. Environmental Impact Criteria:
    • Environmental Consequences: Evaluate the potential environmental impacts of the hazard and the effectiveness of control measures to prevent or mitigate them.
  10. Communication and Reporting Criteria:
    • Reporting Thresholds: Define when risk assessments need to be reported to management, regulatory authorities, or other stakeholders.
    • Communication Channels: Specify how risk assessment results will be communicated internally and externally.

4) The assessment of OH&S risks shall be defined with respect to their scope, nature and timing

Defining the assessment of Occupational Health and Safety (OH&S) risks with respect to their scope, nature, and timing is a critical step in ensuring that the assessment process is effective, comprehensive, and aligned with the organization’s needs and objectives. Here’s how to define these aspects:

  1. Scope:
    • Define the Boundaries: Clearly outline the boundaries of the assessment. Specify which areas, departments, processes, or activities within the organization will be included in the assessment.
    • Consider Stakeholders: Determine whether the assessment will cover all employees, contractors, visitors, or other stakeholders who may be exposed to workplace hazards.
    • Identify Exclusions: Clearly state if there are any specific areas, processes, or activities that are intentionally excluded from the assessment, along with a rationale for these exclusions.
    • Changes in Scope: Define criteria and procedures for modifying the scope in response to changes in the organization, such as new projects, processes, or facilities.
  2. Nature:
    • Methodology: Specify the methodology that will be used for the risk assessment. Indicate whether the assessment will be qualitative, semi-quantitative, or quantitative.
    • Tools and Techniques: Describe the tools, techniques, and data sources that will be employed during the assessment process. This may include checklists, interviews, data analysis, or specialized software.
    • Involvement: Identify the individuals or teams responsible for conducting the assessment and any external experts or consultants who will be engaged.
    • Data Collection: Outline how data related to hazards, incidents, exposure, and controls will be collected, verified, and analyzed.
  3. Timing:
    • Frequency: Determine how often the assessment will be conducted. This may be an annual, quarterly, or ad-hoc basis. Consider the complexity of your organization’s operations and the potential for changes in risks over time.
    • Triggers for Assessment: Define the triggers that would necessitate an additional assessment outside of the regular schedule. Triggers might include significant changes in processes, introduction of new hazards, or after incidents.
    • Continuous Monitoring: Consider whether the assessment will be a one-time baseline assessment or an ongoing, continuous process integrated into your OH&S Management System.
    • Reporting and Review: Establish reporting and review mechanisms to ensure that assessment results are analyzed, acted upon, and communicated to relevant stakeholders in a timely manner.
  4. Documentation:
    • Document all aspects of the defined scope, nature, and timing in a formal OH&S risk assessment plan or procedure. Ensure that this document is accessible to all relevant personnel.
  5. Communication:
    • Communicate the scope, nature, and timing of the risk assessment to all relevant stakeholders, including employees, management, and any external parties involved.
  6. Review and Adaptation:
    • Periodically review and adapt the defined scope, nature, and timing as needed. Changes may be necessary due to shifts in organizational priorities, regulatory changes, or emerging risks.

By carefully defining the scope, nature, and timing of your OH&S risk assessment, you create a structured framework that guides the assessment process, ensures consistency, and facilitates effective risk management. It also helps in setting expectations, resource allocation, and the integration of risk assessment into your overall OH&S management system.

5) Assessment of OH&S risks should ensure they are proactive rather than reactive and are used in a systematic way.

Assessing Occupational Health and Safety (OH&S) risks in a proactive, systematic manner is essential for preventing workplace accidents, injuries, and illnesses. Here’s how organizations can ensure their OH&S risk assessments are proactive rather than reactive and are used systematically:

  1. Hazard Identification:
    • Proactive Approach:
      • Encourage employees to actively identify and report hazards in their work areas.
      • Conduct regular workplace inspections to identify potential hazards before they lead to incidents.
  2. Data Collection and Analysis:
    • Proactive Approach:
      • Collect data on near misses, incidents, and “near-hit” situations to identify trends and potential risks.
      • Analyze historical incident data to detect patterns and areas with a higher risk of accidents.
  3. Employee Involvement:
    • Proactive Approach:
      • Involve employees in risk assessments, as they have valuable insights into the hazards they encounter daily.
      • Encourage employees to provide input on control measures and improvements.
  4. Preventive Measures:
    • Proactive Approach:
      • Prioritize preventive measures that eliminate or reduce hazards at the source, such as engineering controls and process changes.
      • Emphasize the hierarchy of controls, with a focus on engineering controls over administrative controls and personal protective equipment (PPE).
  5. Continuous Monitoring:
    • Proactive Approach:
      • Implement regular monitoring and inspections to ensure that control measures remain effective over time.
      • Use leading indicators (e.g., safety audits, training completion rates) to monitor the effectiveness of safety programs.
  6. Risk Mitigation Plans:
    • Proactive Approach:
      • Develop comprehensive risk mitigation plans for high-risk hazards, including clear responsibilities, timelines, and follow-up actions.
      • Implement a preventive maintenance program to keep equipment and machinery in safe working condition.
  7. Training and Awareness:
    • Proactive Approach:
      • Provide ongoing training to employees on hazard recognition, safe work practices, and emergency response.
      • Promote a culture of safety by fostering awareness and encouraging proactive reporting of unsafe conditions.
  8. Emergency Preparedness:
    • Proactive Approach:
      • Develop and regularly test emergency response plans to ensure that employees are prepared to respond effectively in case of an incident.
      • Conduct drills and simulations to practice emergency procedures.
  9. Documentation and Reporting:
    • Proactive Approach:
      • Document all risk assessments, control measures, and incident reports systematically.
      • Create a reporting system that encourages employees to report hazards and incidents promptly.
  10. Continuous Improvement:
    • Proactive Approach:
      • Establish a process for reviewing risk assessments and safety performance regularly.
      • Use lessons learned from incidents and near misses to update risk assessments and improve safety measures.
  11. Management Leadership and Commitment:
    • Proactive Approach:
      • Ensure that senior management actively supports and promotes a culture of safety within the organization.
      • Allocate resources and budgets for proactive safety initiatives and risk reduction efforts.
  12. Integration into the OH&S Management System:
    • Proactive Approach:
      • Integrate risk assessments into the overall OH&S Management System, ensuring that they are a fundamental part of decision-making processes and planning.

By adopting a proactive and systematic approach to OH&S risk assessment, organizations can identify and address potential hazards before they lead to incidents, thereby creating a safer and healthier work environment for employees. This approach not only reduces the human and financial costs associated with workplace accidents but also enhances overall organizational efficiency and reputation.

6) Documented information shall be maintained and retained on the methodology(ies) and criteria.

Documented Information:

  1. OH&S Risk Assessment Methodology: Document the methodology or methodologies used for assessing OH&S risks. This should include details on how hazards are identified, likelihood and severity assessments, risk criteria, and risk ranking methods.
  2. Criteria for OH&S Risk Assessment: Document the specific criteria used to assess OH&S risks, including both likelihood and severity criteria. This should include any scales, rating systems, or numerical values used.
  3. OH&S Risk Assessment Procedures: Document the procedures that outline how OH&S risk assessments are conducted within the organization. This should include step-by-step instructions for identifying hazards, assessing risks, and implementing control measures.
  4. Documentation of Control Measures: Maintain records of the control measures implemented to mitigate or manage identified OH&S risks. This includes information on the types of controls used, their effectiveness, and any updates or changes made.
  5. Documentation of Risk Mitigation Plans: If high-risk hazards are identified, document the risk mitigation plans, including responsibilities, timelines, and follow-up actions to reduce or eliminate these risks.
  6. Documentation of Risk Communication: Record how risk assessment results are communicated within the organization, including who receives the information and how it is shared.


  1. OH&S Risk Assessment Records: Maintain records of the actual OH&S risk assessments conducted, including the results of hazard identification, likelihood and severity assessments, and overall risk levels.
  2. Records of Risk Mitigation Actions: Keep records of actions taken to mitigate or control identified OH&S risks. This includes records of control measures implemented and their effectiveness.
  3. Records of Changes and Updates: Maintain records of any changes or updates made to the risk assessment methodology, criteria, or procedures. Include documentation of the reasons for these changes and who authorized them.
  4. Records of Risk Reviews: Keep records of regular reviews of OH&S risk assessments to ensure they remain relevant and effective. Include any decisions or actions resulting from these reviews.
  5. Management Review Records: Document the outcomes of management reviews related to OH&S risks and the OH&S management system. This may include decisions on resource allocation, changes to policies or objectives, and updates to risk mitigation plans.
  6. Training and Competence Records: Maintain records of training provided to employees involved in risk assessments and risk management. This should include evidence of competence in conducting risk assessments.
  7. Communication Records: Retain records of communications related to OH&S risks, including reports, emails, meeting minutes, and other forms of documentation.
  8. Internal and External Audit Records: Keep records of internal and external audits related to OH&S risk assessments and the OH&S management system. Include audit reports, findings, corrective actions, and follow-up actions.
  9. Documented Information on Non-Conformities and Corrective Actions: Document instances of non-conformities related to OH&S risk assessments and the actions taken to correct these non-conformities.
  10. Records of Lessons Learned: Maintain records of lessons learned from incidents, near misses, and the outcomes of risk assessments. These records can inform future risk assessment activities and improvements.

Examples of procedure of Assessment of OH&S risks and other risks to the OH&S management system

Objective: To systematically identify, assess, and manage OH&S risks and other risks to the OH&S management system in compliance with ISO 45001:2018.

Responsibilities: Define the roles and responsibilities of individuals involved in the risk assessment process, including the OH&S manager, risk assessment team members, and relevant employees.

Procedure Steps:

  1. Scope Definition:
    • Define the scope of the risk assessment, including the organizational units, processes, and activities to be assessed.
    • Identify any exclusions from the scope and provide a rationale.
  2. Methodology Selection:
    • Specify the methodology or methodologies to be used for risk assessment (e.g., qualitative, semi-quantitative, quantitative).
    • Explain why the chosen methodology is suitable for the identified risks.
  3. Criteria Establishment:
    • Document the criteria for assessing OH&S risks and other risks. This includes both likelihood and severity criteria.
    • Specify the scales, rating systems, or numerical values to be used.
  4. Hazard Identification:
    • Describe the process for identifying hazards, which may include employee input, workplace inspections, incident reports, and compliance with regulatory requirements.
    • Explain how emerging risks will be identified and considered.
  5. Risk Assessment Process:
    • Provide step-by-step instructions for conducting risk assessments, including:
      • Likelihood and severity assessments for each identified hazard.
      • Calculation of overall risk levels.
      • Risk ranking or categorization based on the risk matrix or assessment tool.
  6. Control Measures and Mitigation:
    • Describe how control measures will be identified and evaluated for their effectiveness.
    • Explain the process for developing and implementing risk mitigation plans, especially for high-risk hazards.
  7. Documentation and Record-Keeping:
    • Outline the documentation requirements for recording risk assessment results, control measures, and mitigation plans.
    • Specify where records should be stored and for how long they should be retained.
  8. Review and Update:
    • Define the frequency of risk assessments and how often they should be reviewed for relevance and effectiveness.
    • Explain how changes to the risk assessment methodology, criteria, or procedures will be managed and documented.
  9. Communication and Reporting:
    • Describe how risk assessment results will be communicated to relevant stakeholders, including employees, management, and regulatory authorities, as necessary.
    • Specify reporting formats, channels, and timelines.
  10. Training and Competence:
    • Explain how employees and those involved in risk assessment and management will be trained and assessed for competence.
    • Document the training program and criteria for competence assessment.
  11. Continuous Improvement:
    • Highlight the organization’s commitment to using the outcomes of risk assessments for continuous improvement of the OH&S management system.
  12. Document Control:
    • Establish procedures for the version control and distribution of this risk assessment procedure.
    • Specify who is responsible for maintaining and updating the procedure.
  13. Monitoring and Compliance:
    • Describe the process for monitoring and auditing compliance with this procedure.
    • Outline corrective actions to be taken in case of non-compliance.
  14. References: List relevant standards, regulations, and internal documents that support the risk assessment procedure.
  15. Appendices: Include any templates, forms, or checklists that are part of the risk assessment process.
  16. Approval and Review: Specify the procedure’s approval authority and the frequency of reviews to ensure its ongoing effectiveness and compliance with ISO 45001:2018.

Examples of Assessment of OH&S risks and other risks to the OH&S management system

Here are some examples of how risk assessments can be conducted for various types of hazards:

  1. Physical Hazards Assessment:
    • Hazard: Machinery in a manufacturing plant.
    • Assessment: Identify potential points of contact, pinch points, and moving parts. Assess the likelihood of contact and the severity of injuries if contact occurs.
    • Control Measures: Install machine guards, provide training on safe operation, and establish lockout/tagout procedures.
  2. Chemical Hazards Assessment:
    • Hazard: Use of hazardous chemicals in a laboratory.
    • Assessment: Review Safety Data Sheets (SDS) for chemicals. Assess the potential for exposure through inhalation, skin contact, or ingestion, as well as the severity of health effects.
    • Control Measures: Implement proper labeling, provide personal protective equipment (PPE), and establish chemical handling protocols.
  3. Biological Hazards Assessment:
    • Hazard: Exposure to infectious agents in a healthcare setting.
    • Assessment: Identify sources of exposure, assess the likelihood of transmission, and evaluate the severity of infections.
    • Control Measures: Implement infection control practices, provide immunizations, and ensure proper disposal of contaminated materials.
  4. Ergonomic Hazards Assessment:
    • Hazard: Repetitive tasks in a manufacturing facility.
    • Assessment: Identify tasks that involve repetitive motions, assess the likelihood of musculoskeletal disorders, and evaluate the severity of potential injuries.
    • Control Measures: Implement ergonomic workstations, provide training on safe lifting techniques, and encourage regular breaks.
  5. Psychosocial Hazards Assessment:
    • Hazard: Workplace stress in an office environment.
    • Assessment: Conduct surveys and interviews to identify stressors, assess the likelihood of stress-related issues, and evaluate the severity of their impact on mental health.
    • Control Measures: Implement stress reduction programs, promote work-life balance, and provide counseling services.
  6. Fire Hazards Assessment:
    • Hazard: Fire risks in a chemical storage area.
    • Assessment: Identify potential ignition sources, assess the likelihood of fires, and evaluate the severity of fire-related consequences.
    • Control Measures: Install fire suppression systems, store chemicals according to regulations, and conduct fire drills.
  7. Electrical Hazards Assessment:
    • Hazard: Electrical equipment in a construction site.
    • Assessment: Identify exposed wires, assess the likelihood of electrical shocks, and evaluate the severity of injuries.
    • Control Measures: Ensure proper grounding of equipment, provide electrical safety training, and conduct regular inspections.
  8. Environmental Hazards Assessment:
    • Hazard: Potential environmental impact of construction activities.
    • Assessment: Identify potential pollutants and assess their release into the environment, assess the likelihood of environmental harm, and evaluate the severity of consequences.
    • Control Measures: Implement pollution prevention measures, obtain necessary permits, and monitor environmental compliance.
  9. Supply Chain Risks Assessment:
    • Hazard: Disruption in the supply chain due to external factors.
    • Assessment: Identify potential disruptions (e.g., natural disasters, supplier issues), assess the likelihood of their occurrence, and evaluate the severity of supply chain disruptions.
    • Control Measures: Develop a supply chain resilience plan, diversify suppliers, and establish contingency plans.
  10. Compliance Risks Assessment:
    • Hazard: Non-compliance with OH&S regulations.
    • Assessment: Review regulatory requirements, assess the likelihood of non-compliance, and evaluate the severity of potential legal and financial consequences.
    • Control Measures: Develop and implement compliance programs, conduct regular audits, and provide training on regulatory requirements.

Leave a Reply