The organization shall establish, implement, maintain and continually improve an OH&S management system, including the processes needed and their interactions, in accordance with the requirements of ISO 45001:2018.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
The organization retains the authority, accountability and autonomy to decide how it will fulfil the requirements of this document, including the level of detail and extent to which it: a) establishes one or more processes to have confidence that they are controlled, carried out as planned and achieve the intended outcomes of the OH&S management system; b) integrates requirements of the OH&S management system into its various business processes (e.g. design and development, procurement, human resources, sales and marketing). If this document is implemented for a specific part(s) of an organization, the policies and processes developed by other parts of the organization can be used to meet the requirements of this document, provided that they are applicable to the specific part(s) that will be subject to them and that they conform to the requirements of this document. Examples include corporate OH&S policies, education, training and competency programmes, and procurement controls.
1) The organization shall establish, implement, maintain and continually improve an OH&S management system
The establishment, implementation, maintenance, and continual improvement of an Occupational Health and Safety (OH&S) management system is a fundamental requirement of ISO 45001:2018, the international standard for OH&S management systems. Here’s a breakdown of what these components involve:
1. Establishment of the OH&S Management System:
Commitment: Top management must demonstrate its commitment to establishing and maintaining the OH&S management system. This often involves issuing a formal OH&S policy statement that outlines the organization’s commitment to worker safety and health.
Scope: The organization determines the scope of its OH&S management system, defining what it encompasses and what it excludes. This scope takes into account the organization’s activities, products, services, and locations relevant to OH&S.
Objectives and Targets: The organization establishes measurable OH&S objectives and targets aligned with its OH&S policy and scope. These objectives are intended to drive continual improvement in OH&S performance.
Risk Assessment: A comprehensive risk assessment is conducted to identify hazards, assess risks, and determine necessary controls. The findings of this assessment inform the development of policies, procedures, and controls.
2. Implementation of the OH&S Management System:
Leadership and Responsibility: Leadership roles and responsibilities for OH&S are defined and communicated throughout the organization. Top management takes the lead in ensuring the OH&S management system’s implementation and effectiveness.
Resource Allocation: Adequate resources, including personnel, training, technology, and budget, are allocated to implement and maintain the OH&S management system.
Operational Planning and Control: Procedures and controls are established to ensure that work-related activities are conducted in a manner that prevents accidents and injuries. This includes the implementation of safe work practices and the provision of necessary protective equipment.
Emergency Preparedness: The organization develops and implements emergency response plans and procedures to address potential OH&S emergencies.
Documentation: Necessary documents and records are created and maintained, including policies, procedures, risk assessments, training records, and records of OH&S incidents.
3. Maintenance of the OH&S Management System:
Monitoring and Measurement: Regular monitoring and measurement of OH&S performance, including the achievement of objectives and targets, are conducted to ensure that the system is functioning effectively.
Incident Reporting and Investigation: Procedures are in place for reporting, recording, investigating, and taking corrective actions for OH&S incidents, including near misses and accidents.
Legal and Regulatory Compliance: The organization ensures that it remains compliant with all applicable OH&S laws, regulations, and other requirements within its scope.
Management Review: Top management conducts periodic reviews of the OH&S management system to assess its continuing suitability, adequacy, and effectiveness.
4. Continual Improvement of the OH&S Management System:
Performance Evaluation: The organization uses the results of monitoring, measurement, and evaluation to assess the performance of the OH&S management system and make data-driven decisions.
Corrective and Preventive Actions: When nonconformities or opportunities for improvement are identified, corrective and preventive actions are taken to address root causes and prevent recurrence.
Management of Change: The organization manages changes in its operations, processes, and activities that could affect OH&S performance, ensuring that any changes are integrated into the OH&S management system effectively.
Worker Participation: The organization actively involves workers and their representatives in OH&S matters, seeking their input and feedback to improve the management system.
The continual improvement aspect of ISO 45001 underscores the importance of ongoing refinement and enhancement of the OH&S management system to adapt to changing circumstances, emerging risks, and evolving best practices. This helps organizations create safer workplaces and better protect the health and well-being of their workers.
2) The processes needed and their interactions, in accordance with the requirements of ISO 45001:2018.
ISO 45001:2018, the international standard for Occupational Health and Safety (OH&S) management systems, requires organizations to establish, implement, maintain, and continually improve processes to meet its requirements. These processes and their interactions form the core of the OH&S management system. Here are the key processes needed and their interactions in accordance with the requirements of ISO 45001:2018:
Leadership and Commitment:
Process: This process involves top management demonstrating leadership by defining OH&S policy, establishing the scope, and setting objectives. It includes assigning roles and responsibilities, providing resources, and fostering a culture of safety.
Interactions: Leadership sets the direction for the entire OH&S management system and ensures alignment with the organization’s strategic goals.
Planning:
Process: Planning encompasses hazard identification, risk assessment, and determining controls to mitigate risks. It also involves setting OH&S objectives and creating plans to achieve them.
Interactions: The results of hazard identification and risk assessment feed into the planning process. Objectives and plans must align with identified risks and opportunities.
Support:
Process: This process covers resource allocation, competency development, awareness training, communication, and documentation to support the OH&S management system.
Interactions: Resources are allocated based on identified needs in the planning process. Competency development ensures that employees have the necessary skills to carry out safety procedures.
Operation:
Process: The operation process includes implementing and controlling operational controls, emergency preparedness and response, and monitoring the working environment for hazards.
Interactions: Operational controls are based on identified risks and are influenced by the planning process. Emergency preparedness and response procedures are activated in case of identified risks.
Performance Evaluation:
Process: This process involves monitoring and measuring OH&S performance, incident investigation, and conducting internal audits.
Interactions: The results of monitoring and measuring are used to assess performance against objectives and drive improvements in planning and operation.
Improvement:
Process: Improvement encompasses taking corrective actions to address nonconformities and continually improving OH&S performance.
Interactions: Corrective actions are based on the results of performance evaluation, helping to close the loop and prevent future incidents.
Worker Participation:
Process: Worker participation involves involving workers and their representatives in OH&S matters, including hazard reporting, risk assessment, and consultation on safety issues.
Interactions: Worker input from this process informs hazard identification, risk assessment, and other processes to enhance safety measures.
Management Review:
Process: This process entails periodic reviews by top management to assess the OH&S management system’s suitability, adequacy, and effectiveness.
Interactions: The outcomes of management reviews drive improvements and influence the planning and support processes.
Legal and Regulatory Compliance:
Process: Ensuring compliance with OH&S laws, regulations, and other requirements relevant to the organization’s scope.
Interactions: Compliance requirements are considered in the planning, operation, and performance evaluation processes.
Communication:
Process: Establishing effective internal and external communication channels regarding OH&S matters.
Interactions: Communication is essential to worker participation, support, and performance evaluation processes.
These processes are interrelated and interact to ensure the effective functioning of the OH&S management system. They should be designed and implemented in a way that promotes continual improvement, the prevention of accidents and injuries, and the protection of worker health and safety. Organizations can establish clear procedures and workflows to ensure these processes are carried out systematically and in alignment with ISO 45001:2018 requirements.
Documented Information required:
ISO 45001:2018 specifies various documents and records that organizations are required to establish, maintain, and retain to meet the requirements of Clause 4.4, which addresses the establishment, implementation, maintenance, and continual improvement of the Occupational Health and Safety (OH&S) management system. Here are the key documents and records needed for ISO 45001:2018 Clause 4.4:
Documents:
OH&S Policy (Documented Information): A documented OH&S policy that outlines the organization’s commitment to OH&S and provides a framework for setting OH&S objectives and targets.
Scope of the OH&S Management System (Documented Information): A document that defines the scope of the OH&S management system, specifying what is included and excluded from the system’s boundaries.
Risk Assessment and Hazard Identification (Documented Information): Documentation of the results of risk assessments and hazard identification processes conducted within the scope of the OH&S management system.
OH&S Objectives and Targets (Documented Information): Documentation of measurable OH&S objectives and targets that are consistent with the OH&S policy and are used to drive improvement.
Legal and Other Requirements Register (Documented Information): A documented register that identifies and records all relevant legal and regulatory requirements related to occupational health and safety that apply within the scope of the OH&S management system.
Operational Controls (Documented Information): Procedures and documented information related to operational controls, including safe work practices, procedures for managing change, and emergency preparedness and response.
Incident Reporting and Investigation Procedures (Documented Information): Procedures for reporting, recording, investigating, and taking corrective actions for OH&S incidents, including near misses and accidents.
Emergency Response Plans (Documented Information): Documentation of emergency response plans and procedures to address potential OH&S emergencies within the organization’s scope.
Records:
Monitoring and Measurement Records: Records of monitoring and measurement activities related to OH&S performance, including incident data, inspection records, and records of workplace monitoring.
Internal Audit Records: Records of internal OH&S audits, including audit plans, findings, corrective actions, and follow-up actions.
Management Review Records: Documentation of management review meetings, including agendas, minutes, and records of actions taken to improve the OH&S management system.
Worker Participation Records: Records related to worker participation in OH&S matters, including meeting minutes, consultation records, and records of worker feedback.
Competence, Training, and Awareness Records: Records of employee competency assessments, training records, and records of OH&S awareness programs.
Documented Information Control Records: Records of the control of documented information, including version control, distribution lists, and records of document revisions.
Corrective and Preventive Action Records: Records of corrective actions and preventive actions taken to address nonconformities and improve the OH&S management system.
Records of Changes: Records of changes to the OH&S management system, including records of scope changes and changes to documented information.
Records of Worker Health Surveillance: Records related to worker health surveillance programs, including medical examination records.
Records of Communication: Records of communication with internal and external parties related to OH&S matters.
These documents and records are essential for establishing, implementing, maintaining, and continually improving the OH&S management system in compliance with ISO 45001:2018 requirements. They support effective communication, decision-making, and performance evaluation within the organization and provide evidence of conformity with OH&S standards and legal requirements.
The organization shall determine the boundaries and applicability of the OH&S management system to establish its scope. When determining this scope, the organization shall: a) consider the external and internal issues referred to in 4.1; b) take into account the requirements referred to in 4.2; c) take into account the planned or performed work-related activities. The OH&S management system shall include the activities, products and services within the organization’s control or influence that can impact the organization’s OH&S performance. The scope shall be available as documented information.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
An organization has the freedom and flexibility to define the boundaries and applicability of the OH&S management system. The boundaries and applicability may include the whole organization, or a specific part(s) of the organization, provided that the top management of that part of the organization has its own functions, responsibilities and authorities for establishing an OH&S management system. The credibility of the organization’s OH&S management system will depend upon the choice of the boundaries. The scope should not be used to exclude activities, products and services that have or can impact the organization’s OH&S performance, or to evade its legal requirements and other requirements. The scope is a factual and representative statement of the organization’s operations included within its OH&S management system boundaries that should not mislead interested parties.
1) The organization shall determine the boundaries and applicability of the OH&S management system to establish its scope.
Determining the boundaries and applicability of an Occupational Health and Safety (OH&S) management system is a critical step in establishing its scope within an organization. This process involves defining what the system will cover and what it will not. Research and understand the local, national, and international laws and regulations that apply to your organization in terms of occupational health and safety. Identify specific OH&S requirements that are mandatory for your industry and location. These will form the foundation of your system’s scope.Clearly outline the organizational boundaries that your OH&S management system will cover. This includes specifying which locations, departments, facilities, and processes are within the system’s scope. Determine if the scope will cover the entire organization or if it will be limited to certain divisions, branches, or specific projects.Identify all relevant stakeholders, including employees, contractors, suppliers, customers, regulatory authorities, and community members. Consider their expectations and concerns regarding occupational health and safety, as these can influence the scope of your system. Perform a comprehensive risk assessment to identify hazards and evaluate risks associated with your organization’s activities, products, services, and processes. Prioritize and focus on areas with the highest levels of risk when defining the scope. Establish specific OH&S objectives and goals for your organization. These objectives should align with the results of your risk assessment and focus on reducing or eliminating significant hazards and risks. Ensure that the scope of your OH&S system supports the achievement of these objectives. Engage in consultation and communication with relevant stakeholders, especially employees and their representatives. Seek input from employees who have direct experience with OH&S issues to ensure that their concerns are considered when defining the scope.Create a formal document that clearly outlines the scope of your OH&S management system. Include information such as:
Organizational boundaries covered by the system.
Applicable legal and regulatory requirements.
Identified hazards and risks.
OH&S objectives and goals.
Any exclusions or limitations within the scope.
Periodically review the scope of your OH&S management system to ensure that it remains relevant and effective. Update the scope as needed to account for changes in your organization, its activities, emerging risks, or revised legal requirements. Communicate the established scope to all relevant personnel, ensuring that they understand their responsibilities within that scope. Provide training and awareness programs to educate employees and stakeholders about the scope and objectives of the OH&S management system.Implement a monitoring and measurement system to assess the performance and effectiveness of your OH&S management system within its defined scope. Use key performance indicators (KPIs) to track progress toward achieving your objectives and goals.The boundaries and applicability of an Occupational Health and Safety (OH&S) management system depend on the organization’s unique context, operations, and objectives. However, there are some common elements to consider when defining the boundaries and applicability of your OH&S management system:
Organizational Boundaries: Clearly define the organizational boundaries that your OH&S management system will cover. This includes specifying which parts of your organization are included and which are excluded. Consider the following:
Locations: Determine whether the system will cover all company locations or specific sites.
Departments: Identify the departments, units, or divisions that fall within the system’s scope.
Facilities: Specify which facilities or buildings are included.
Activities, Processes, and Operations: Detail the activities, processes, and operations that will be within the scope of your OH&S management system. This should encompass:
Production processes
Service delivery processes
Maintenance activities
Support functions
Employees and Workers: Specify which categories of employees and workers are covered by the system. This may include full-time employees, part-time employees, contractors, temporary workers, and other personnel.
Legal and Regulatory Requirements: Define the legal and regulatory requirements that apply to your organization’s operations and are relevant to occupational health and safety. Ensure that your OH&S management system covers compliance with these requirements.
Hazards and Risks: Identify the types of hazards and risks that are relevant to your organization’s operations. This could include physical hazards, chemical hazards, biological hazards, ergonomic risks, psychosocial risks, and more. Focus on those that are significant and have the potential to cause harm.
Stakeholder Expectations: Take into account the expectations of stakeholders, including employees, customers, suppliers, regulatory authorities, and the local community. Address their concerns and needs within the scope of your system.
Products and Services: Determine whether the scope of your OH&S management system extends to the design, production, or delivery of specific products or services. Some organizations may choose to include these aspects if they have a direct impact on worker safety.
Exclusions and Limitations: Clearly state any exclusions or limitations within the scope. There may be certain activities, operations, or areas that are explicitly not covered by the OH&S management system. Be transparent about these exclusions.
Emergency Response and Preparedness: Consider whether emergency response and preparedness are within the scope of the system. This can include planning for potential disasters or incidents that could affect the safety of employees and the community.
Third Parties and Supply Chain: Determine whether your OH&S management system will also address the health and safety performance of third-party suppliers, contractors, or partners who work on behalf of your organization.
Scale and Complexity: Tailor the scope to the scale and complexity of your organization. Larger, more complex organizations may have broader scopes that cover a wider range of activities and operations.
Continuous Improvement: Ensure that your OH&S management system includes mechanisms for continuous improvement. This means regularly reviewing and expanding the scope as necessary to address changing risks, requirements, and stakeholder expectations.
The boundaries and applicability of your OH&S management system should be well-documented and communicated to all relevant stakeholders within your organization. Regular reviews and updates to the scope will help ensure that the system remains effective in managing occupational health and safety risks.
2) When determining this scope, the organization shall consider the external and internal issues referred to in 4.1.
When determining the scope of an Occupational Health and Safety (OH&S) management system, it’s essential for the organization to consider both external and internal issues. These considerations help ensure that the scope is comprehensive, aligned with the organization’s strategic goals, and responsive to the dynamic environment in which the organization operates. Here’s why considering external and internal issues is important:
External Issues: Understanding external issues involves recognizing the legal and regulatory requirements that apply to the organization. Compliance with these requirements is often a fundamental aspect of an OH&S management system’s scope. External stakeholders, such as customers, suppliers, local communities, and regulatory authorities, have expectations regarding the organization’s commitment to occupational health and safety. Meeting these expectations can enhance the organization’s reputation and relationships. External issues encompass factors like changes in industry standards, emerging risks, and evolving best practices in OH&S. By considering these issues, the organization can proactively address new and emerging threats to worker safety. Understanding external market conditions and competitors’ practices related to OH&S can provide insights into potential areas for improvement and opportunities to gain a competitive advantage. OH&S practices can have a direct impact on the local community, especially if the organization operates in a residential area. Addressing community concerns related to safety and health can be essential for maintaining a positive reputation and social license to operate.
Internal Issues:Thee organization’s strategic objectives and goals are internal issues that should guide the scope of the OH&S management system. The scope should align with the organization’s broader mission and strategies. Understanding internal processes and operations is crucial to identifying areas where occupational health and safety risks may arise. It allows for the inclusion of relevant processes and activities within the scope. Consideration of internal resources, including budget, personnel, and technology, is essential for determining the feasibility of implementing and maintaining an OH&S management system. This ensures that the scope is realistic and can be adequately resourced. The organization’s culture, values, and commitment to OH&S are internal factors that influence the scope. It’s important to reflect the organization’s commitment to safety in the scope and ensure that it is in harmony with the organizational culture. Identifying internal issues related to performance metrics and data collection allows for the establishment of meaningful Key Performance Indicators (KPIs) within the scope. These KPIs can be used to drive continuous improvement efforts.
By considering both external and internal issues, the organization can create an OH&S management system with a scope that is well-rounded, aligned with its strategic direction, and capable of effectively addressing both current and future health and safety challenges. This comprehensive approach helps promote a safer work environment, legal compliance, stakeholder satisfaction, and overall organizational success.
3) When determining this scope, the organization shall take into account the requirements referred to in 4.2
When determining the scope of an Occupational Health and Safety (OH&S) management system, it’s crucial for the organization to take into account the requirements referred to in 4.2 for several important reasons:
Worker Safety and Well-being: Workers are at the forefront of occupational health and safety concerns. Their needs and expectations directly impact their safety, health, and overall well-being while performing their job duties. By considering their requirements, organizations can better protect their employees from workplace hazards and risks.
Legal Compliance: Compliance with the needs and expectations of workers is often mandated by labor laws, regulations, and occupational health and safety standards. Ignoring or neglecting these requirements can lead to legal and regulatory non-compliance, resulting in fines, penalties, and potential legal liabilities.
Productivity and Morale: Addressing the needs and expectations of workers can have a positive impact on employee morale and productivity. When workers feel that their concerns are heard and addressed, they are more likely to be engaged, motivated, and committed to their work, which can lead to improved productivity and reduced absenteeism.
Reduced Turnover: A safe and healthy work environment that meets workers’ expectations can contribute to reduced employee turnover. High turnover can be costly for organizations in terms of recruitment, training, and lost productivity.
Worker Involvement: Involving workers in the process of defining the scope of the OH&S management system and addressing their needs and expectations promotes a culture of worker participation. Engaged workers are more likely to actively contribute to the success of the system by reporting hazards, suggesting improvements, and adhering to safety protocols.
Stakeholder Satisfaction: Besides workers, there are other interested parties, such as customers, suppliers, and the community, whose needs and expectations related to worker safety can affect the organization. Meeting these requirements can enhance stakeholder satisfaction and support the organization’s reputation.
Risk Mitigation: Workers are often best positioned to identify workplace hazards and risks. Their input is invaluable for identifying potential safety issues and implementing effective controls. By considering their requirements, organizations can proactively address and mitigate risks.
Continuous Improvement: The feedback and insights gained from workers and interested parties can inform continuous improvement efforts within the OH&S management system. This information can guide the development of relevant objectives and goals, performance metrics, and initiatives to enhance worker safety.
Ethical Responsibility: Organizations have an ethical responsibility to ensure the health and safety of their workers. Taking into account the needs and expectations of workers demonstrates a commitment to fulfilling this ethical obligation.
Regulatory Cooperation: In some jurisdictions, regulatory authorities may require organizations to engage with workers and other stakeholders when defining the scope of the OH&S management system. Compliance with such requirements is essential to maintain a cooperative and compliant relationship with regulators.
In conclusion, considering the relevant needs and expectations of workers and other interested parties when determining the scope of an OH&S management system is not only a legal requirement but also a strategic and ethical imperative. It contributes to the creation of a safer, healthier, and more productive work environment, ultimately benefiting both the organization and its workforce.
4) When determining this scope, the organization shalltake into account the planned or performed work-related activities.
When determining the scope of an Occupational Health and Safety (OH&S) management system, the organization should take into account all planned or performed work-related activities that have the potential to impact the health and safety of workers. The specific activities to consider will vary depending on the nature of the organization, its industry, and its operations. However, here are some common categories of planned or performed work-related activities that organizations should generally consider:
Core Business Operations:
Activities directly related to the organization’s core business, including production, manufacturing, construction, and service delivery.
These activities often have a direct impact on worker safety and health due to their central role in the organization’s operations.
Maintenance and Repair:
Maintenance and repair activities for equipment, machinery, infrastructure, and facilities.
These activities can introduce risks if not conducted safely, and they often involve working with machinery and potentially hazardous materials.
Construction and Installation:
Construction, installation, and commissioning activities for new facilities, structures, or equipment.
Construction sites can be particularly hazardous environments, and careful planning is essential to ensure worker safety.
Transportation and Logistics:
Activities related to the transportation of goods, materials, or personnel, including driving, loading, unloading, and warehousing.
Transportation-related activities are associated with various risks, including road safety and manual handling.
Warehousing and Material Handling:
Handling, storing, and moving of materials, products, and goods within warehouses and storage facilities.
These activities involve manual handling and may include exposure to ergonomic risks.
Administrative and Office Work:
Office-based work, administrative tasks, and support functions.
While office work is generally low-risk, ergonomic considerations and workplace safety measures are still important.
Training and Development:
Training programs, workshops, and educational activities for employees.
Ensuring the safety of training sessions and educational environments is essential to prevent accidents and injuries.
Emergency Response and Preparedness:
Activities related to emergency response planning, drills, and exercises.
Proper preparation and training for emergency situations are critical for worker safety.
Hazardous Materials Handling:
Handling, storage, and disposal of hazardous chemicals, substances, and materials.
Compliance with chemical safety regulations is essential in these activities.
Cleaning and Janitorial Services:
Cleaning and maintenance of facilities, including janitorial services.
These activities may involve exposure to cleaning agents and ergonomic risks.
Contractor and Vendor Management:
Oversight of contractors, subcontractors, and vendors who work on-site or provide services to the organization.
Ensuring that contractors adhere to safety standards is crucial.
Visitor Management:
Management of visitors to the organization’s premises, including contractors, clients, and other external parties.
Visitor safety and orientation are important to prevent accidents.
Research and Development (R&D):
R&D activities, especially in laboratories or specialized environments.
Safety in R&D settings is essential to protect researchers and technicians.
Environmental Compliance:
Activities related to environmental management and compliance, including waste disposal and emissions control.
Environmental safety measures often intersect with worker safety.
Security and Access Control:
Security-related activities, such as access control, surveillance, and security personnel management.
Ensuring the safety of security personnel and the security of workers is essential.
When determining the scope of an Occupational Health and Safety (OH&S) management system, it’s crucial for the organization to take into account the planned or performed work-related activities. This consideration is fundamental to ensuring that the OH&S management system effectively addresses and manages occupational health and safety risks associated with these activities. Here’s why this is important:
Work-related activities are often the primary source of occupational health and safety risks. By taking into account these activities, the organization can conduct a comprehensive risk assessment to identify potential hazards, assess risks, and determine appropriate control measures.
Work-related activities may introduce various hazards, such as physical, chemical, biological, ergonomic, and psychosocial hazards. Recognizing these hazards is a critical step in preventing accidents and injuries.
Defining the scope based on planned or performed work-related activities helps allocate resources effectively. Resources can include personnel, equipment, training, and budget, all of which should be aligned with the identified activities.
Work-related activities are subject to legal and regulatory requirements related to occupational health and safety. Ensuring that the scope includes these activities helps with compliance and reduces the risk of legal violations.
Focusing on work-related activities allows the organization to prioritize and direct its OH&S efforts where they are needed most. This targeted approach can lead to more efficient risk management.
Defining the scope based on work-related activities facilitates effective communication to workers about their roles, responsibilities, and safety procedures specific to their tasks. It also guides the development of relevant training programs.
A scope that encompasses work-related activities helps prevent incidents and accidents by identifying potential risks and implementing controls to mitigate them.
It allows the organization to establish key performance indicators (KPIs) that are directly related to work-related activities. Monitoring these KPIs provides insights into the effectiveness of the OH&S management system.
Work-related activities may evolve over time. By including them in the scope, the organization can adapt to changes, continuously improve safety measures, and address new risks that may arise with evolving work practices.
Different work-related activities may have unique safety requirements. Defining the scope based on these activities allows for a more customized and tailored approach to occupational health and safety management.
Workers are directly involved in performing work-related activities. Involving them in defining the scope ensures that their insights and experiences are considered in the OH&S management system.
Planning for emergencies and response procedures is essential for work-related activities, especially in high-risk industries. Including these activities in the scope helps ensure that emergency preparedness measures are in place.
In summary, taking into account the planned or performed work-related activities when determining the scope of an OH&S management system is essential for addressing specific occupational health and safety risks, complying with regulations, allocating resources effectively, and ultimately, creating a safer and healthier workplace. It enables a targeted and proactive approach to managing risks associated with work-related tasks, which is fundamental to the success of the OH&S management system.
5) The OH&S management system shall include the activities, products and services within the organization’s control or influence that can impact the organization’s OH&S performance.
Including activities, products, and services within an organization’s control or influence that can impact its Occupational Health and Safety (OH&S) performance is a fundamental aspect of an effective OH&S management system. This approach ensures that the organization considers all relevant factors that can affect worker safety and health. Here’s why this is important:
By including all activities, products, and services under the organization’s control or influence, the OH&S management system can comprehensively identify and manage risks related to worker safety. This includes both direct and indirect risks associated with various aspects of the organization’s operations.
Identifying all relevant activities, products, and services allows the organization to implement preventive measures, controls, and safety protocols to minimize or eliminate potential hazards. This proactive approach is essential for accident prevention.
Many laws and regulations require organizations to manage the safety of not only their core activities but also any activities, products, or services within their control or influence. Ensuring compliance with these requirements is crucial to avoid legal and regulatory penalties.
Workers, customers, suppliers, regulatory authorities, and the community may have expectations regarding the organization’s commitment to worker safety. Including all relevant factors within the OH&S management system helps meet these expectations and enhance stakeholder satisfaction.
Covering all activities, products, and services provides a holistic view of the organization’s OH&S performance. This allows for the establishment of meaningful performance indicators and metrics that can drive continuous improvement efforts.
Clearly defining the scope of the OH&S management system, including what is within the organization’s control or influence, promotes transparency and accountability for safety at all levels of the organization.
It ensures that the organization considers emergency response and preparedness for all activities, products, and services. Proper planning and response measures are critical to worker safety during emergencies.
When the organization has control or influence over its suppliers and contractors, it can establish safety expectations and requirements for these external parties, further enhancing worker safety.
If the organization produces or provides products or services that could impact worker safety (e.g., machinery, chemicals, equipment), including them in the OH&S management system helps ensure that safety measures are in place throughout the product or service life-cycle.
Considering all relevant activities, products, and services allows for the efficient allocation of resources (e.g., budget, personnel, training) to manage safety effectively across the organization.
Involving workers in identifying and addressing all relevant factors that can impact OH&S performance promotes a culture of safety and increases employee engagement and commitment to safety goals.
Clearly defining the scope helps in documenting OH&S policies, procedures, and practices for all relevant aspects of the organization. It also provides a basis for conducting internal audits and evaluations to ensure compliance with safety standards.
In summary, including all activities, products, and services within the organization’s control or influence that can impact OH&S performance is essential for creating a robust OH&S management system. This approach promotes a holistic view of safety, helps prevent accidents, ensures compliance with legal requirements, and supports continuous improvement efforts to protect worker health and safety effectively.
6) The scope shall be available as documented information.
The scope of an Occupational Health and Safety (OH&S) management system should be available as documented information for several important reasons. Documenting the scope in a clear and concise manner provides transparency within the organization. It ensures that all relevant parties, including employees, management, auditors, and external stakeholders, have access to a consistent and well-defined description of what the OH&S management system encompasses. A documented scope serves as a communication tool. It effectively communicates the boundaries and coverage of the OH&S management system to all interested parties. This is essential to avoid confusion and misunderstandings regarding the system’s objectives and limitations. Many OH&S standards and regulations, including ISO 45001:2018, require organizations to document their scope as part of the OH&S management system documentation. Complying with this requirement demonstrates the organization’s commitment to meeting regulatory obligations. The documented scope can be used to ensure alignment with the organization’s OH&S objectives and goals. By having a clear record of what the system covers, it becomes easier to track progress, measure performance, and ensure that objectives are consistent with the defined scope. A documented scope provides a reference point for the implementation of the OH&S management system. It helps employees and stakeholders understand their roles and responsibilities within the scope, facilitating effective system implementation and operation. The scope often reflects the organization’s assessment of hazards, risks, and compliance requirements. Documenting this information ensures that the organization has a clear record of the risks it has identified and the controls put in place to manage them. When changes occur within the organization, such as new processes, products, or services, having a documented scope allows for a systematic review and update of the scope to ensure that it remains relevant and effective. Auditors and assessors, whether internal or external, use the documented scope as a reference when evaluating the organization’s OH&S management system. It enables them to assess the system’s compliance with standards and the effectiveness of its implementation. Documenting the scope supports training and awareness efforts. It ensures that employees and stakeholders are aware of the system’s boundaries and understand what is covered by the OH&S management system. As part of a continual improvement process, organizations can review the documented scope to identify opportunities for expanding or refining the scope to enhance OH&S performance and address emerging risks. The documented scope provides a historical record of the organization’s OH&S management system, helping track changes and improvements over time. It can be valuable for reference during retrospectives and evaluations.Having the scope available as documented information is essential for clarity, compliance, effective implementation, communication, and continuous improvement of the OH&S management system. It serves as a foundational element of the system’s documentation and contributes to its overall effectiveness in protecting worker health and safety.
Documented Information required
Documents:
OH&S Policy: The organization’s documented OH&S policy, which should include a commitment to establishing and maintaining the OH&S management system and defining the scope.
Scope Statement: A documented statement that defines the scope of the OH&S management system, specifying what is included and what is excluded from the system’s boundaries.
Legal and Other Requirements Register: A document that identifies and records all relevant legal and regulatory requirements related to occupational health and safety within the organization’s scope.
Risk Assessment and Hazard Identification Records: Documentation of the results of risk assessments and hazard identification processes conducted within the scope of the OH&S management system.
Stakeholder Requirements: Documentation of the relevant needs and expectations (requirements) of workers and other interested parties that have an impact on the OH&S management system scope.
Organizational Context: Records that reflect the organization’s understanding of its external and internal issues, including the factors that affect the scope of the OH&S management system.
Records:
Scope Review Records: Records of periodic reviews of the OH&S management system’s scope to ensure its ongoing relevance and effectiveness.
Communication Records: Documentation of communication with internal and external stakeholders regarding the scope of the OH&S management system.
Scope Change Records: If the scope changes due to internal or external factors, records should document the decision-making process, rationale for the change, and its implementation.
Records of Worker Involvement: Documentation of the involvement of workers and their representatives in the determination of the OH&S management system’s scope.
Records of Consultation: Documentation of consultations with external parties, such as regulatory authorities, regarding the scope of the OH&S management system.
Records of Exclusions: If any aspects are excluded from the scope of the OH&S management system, there should be documented records explaining the reasons for the exclusion.
Records of Stakeholder Input: Documentation of input received from stakeholders regarding their expectations and requirements related to OH&S within the system’s scope.
Documentation of Legal Compliance: Records demonstrating compliance with legal and regulatory requirements within the scope of the OH&S management system.
Documentation of Objectives and Targets: Records that specify OH&S objectives and targets relevant to the defined scope, which are aligned with the organization’s OH&S policy.
Training and Awareness Records: Records of training and awareness programs provided to employees and stakeholders regarding the scope and objectives of the OH&S management system.
Example of establishing scope of OH&S management system
1. Scope Statement: “The scope of SafetyTech Manufacturing’s Occupational Health and Safety (OH&S) management system encompasses all aspects of our manufacturing operations located at our main facility in Cityville, USA. This includes the design, production, assembly, testing, and shipping of electrical components. The scope also covers all activities related to maintaining and improving our OH&S performance, including risk assessment, hazard identification, emergency preparedness, and compliance with relevant legal and regulatory requirements.”
2. Identification of Boundaries: SafetyTech Manufacturing will identify the specific boundaries of the OH&S management system, which may include:
All departments and units within the main manufacturing facility.
All employees, including full-time, part-time, and temporary workers.
All processes related to the production of electrical components, including materials handling, machine operation, and quality control.
Emergency response and preparedness procedures within the facility.
Compliance with occupational health and safety laws and regulations applicable to the industry and location.
3. Legal and Regulatory Requirements: SafetyTech Manufacturing will create a register of legal and regulatory requirements related to occupational health and safety that apply to their operations. This register will ensure that they are aware of and compliant with all relevant laws and regulations within their scope.
4. Hazard Identification and Risk Assessment: The organization will conduct a thorough hazard identification and risk assessment process for all relevant work-related activities. This will involve input from employees, safety experts, and the review of historical safety data to identify potential hazards and assess their risks.
5. Worker and Stakeholder Input: SafetyTech Manufacturing will seek input from its workers and other stakeholders, such as safety committees and employee representatives, to understand their needs and expectations regarding occupational health and safety. This input will help shape the scope and objectives of the OH&S management system.
6. Continuous Improvement: The organization will include provisions for regular reviews and updates to the scope to account for changes in operations, technology, regulations, or stakeholder expectations. These reviews will be documented and used to adjust the scope as needed.
7. Documented Information: All of the above steps, including the scope statement, legal and regulatory requirements register, hazard assessments, and stakeholder input, will be documented and maintained as part of the OH&S management system’s documented information.
The organization shall determine: a) the other interested parties, in addition to workers, that are relevant to the OH&S management system; b) the relevant needs and expectations (i.e. requirements) of workers and other interested parties; c) which of these needs and expectations are, or could become, legal requirements and other requirements.
As per Annex A ( Guidance on use of ISO 45001:2018 standards) of ISO 45001:2018 standard it further explains
Interested parties, in addition to workers, can include:
legal and regulatory authorities (local, regional, state/provincial, national or international);
parent organizations;
suppliers, contractors and subcontractors;
workers’ representatives;
workers’ organizations (trade unions) and employers’ organizations;
owners, shareholders, clients, visitors, local community and neighbours of the organization and the general public;
customers, medical and other community services, media, academia, business associations and non-governmental organizations (NGOs);
occupational health and safety organizations, occupational safety and health-care professionals.
Some needs and expectations are mandatory; for example, because they have been incorporated into laws and regulations. The organization may also decide to voluntarily agree to, or adopt, other needs and expectations (e.g. subscribing to a voluntary initiative). Once the organization adopts them, they are addressed when planning and establishing the OH&S management system.
1)The organization shall determine the other interested parties, in addition to workers, that are relevant to the OH&S management system;
Interested parties relevant to an organization’s Occupational Health and Safety (OH&S) management system can vary depending on the nature of the organization, its industry, and its specific operations. However, there are common interested parties that are typically relevant to most organizations when it comes to OH&S management. Here are some key interested parties:
Employees(Workers): Employees(Workers) are a primary interested party. Their safety and well-being are directly affected by the organization’s OH&S management system. Worker representatives or unions may also be considered interested parties.
Management: Top management within the organization is responsible for the overall effectiveness of the OH&S management system. They have a vested interest in ensuring compliance with regulations and protecting the organization’s reputation.
Regulatory Authorities: Government agencies and regulators at the local, regional, or national level have a significant interest in occupational health and safety. Compliance with their regulations is often mandatory and can involve inspections and enforcement actions.
Customers: Customers may have an interest in the OH&S practices of organizations, especially if the products or services they receive can impact their safety or health. Customers may also have specific OH&S requirements.
Suppliers and Contractors: Suppliers and contractors working with the organization can affect OH&S performance. Ensuring their compliance with safety standards and practices is crucial.
Shareholders/Investors: Shareholders and investors have an interest in the financial and operational performance of the organization, which includes OH&S. Poor OH&S performance can lead to financial losses and damage to the organization’s reputation.
Community and Neighbors: Local communities and neighboring residents may be concerned about the environmental and safety impacts of the organization’s operations. This can be especially relevant for industries with potential environmental hazards.
Non-Governmental Organizations (NGOs): NGOs focused on labor rights, workplace safety, and environmental issues may take an interest in an organization’s OH&S practices and advocate for improvements.
Trade Associations: Industry-specific trade associations often set standards and best practices related to OH&S. Organizations may need to align their practices with these industry standards.
Insurance Companies: Insurance providers may take an interest in an organization’s OH&S management since it can influence insurance premiums and claims.
Media and the Public: Negative OH&S incidents can attract media attention and public scrutiny, affecting an organization’s reputation and brand image.
Competitors: Competing organizations may monitor OH&S performance as part of competitive analysis, and incidents at a rival company can impact the industry as a whole.
It’s important for organizations to identify and engage with these interested parties, considering their specific concerns and expectations related to OH&S. Effective engagement can lead to better OH&S performance, compliance with regulations, and the protection of the organization’s reputation. Determining the interested parties that are relevant to the Occupational Health and Safety (OH&S) management system is a critical step in establishing an effective OH&S management system. This process is outlined in ISO 45001, the international standard for occupational health and safety management systems. Here’s how an organization can determine the interested parties that are relevant to their OH&S management system:
Identify Stakeholders: Begin by identifying all potential stakeholders or interested parties who may have an impact on, or be affected by, the organization’s OH&S activities. These can include internal and external parties.
Internal parties: These may include employees, managers, contractors, and worker representatives. Consider anyone within the organization who has a role in OH&S management.
External parties: These may include regulatory authorities, customers, suppliers, neighboring communities, non-governmental organizations (NGOs), and investors. Think about anyone outside the organization who may have an interest in or influence on OH&S performance.
Analyze Their Relevance: Once you’ve identified potential interested parties, assess their relevance to your OH&S management system. Not all stakeholders will have the same level of influence or impact. Consider the following factors:
Proximity: How closely connected is the stakeholder to your organization’s OH&S activities? Are they directly affected by your operations?
Influence: Do they have the power to influence your OH&S performance or decisions? This could be through regulations, contracts, or other means.
Interest: Are they genuinely concerned about your organization’s OH&S performance? Are they likely to take action or engage with your organization based on OH&S matters?
Prioritize Interested Parties: After analyzing the relevance of each interested party, prioritize them based on their level of influence and impact. Focus on those stakeholders with the highest relevance to your OH&S management system.
Engage with Interested Parties: Once you’ve identified and prioritized relevant interested parties, engage with them. This can involve communication, consultation, and collaboration to address their concerns and expectations related to OH&S performance.
Document the Process: It’s important to document the entire process of determining and engaging with interested parties. This documentation should be part of your OH&S management system and should be regularly reviewed and updated.
Continuous Monitoring: The identification of interested parties is not a one-time activity. Keep monitoring and assessing the relevance of stakeholders as circumstances change or new parties become relevant to your OH&S management system.
By following these steps, an organization can effectively determine the interested parties that are relevant to their OH&S management system and ensure that their OH&S policies and practices address the needs and expectations of these stakeholders, ultimately leading to improved safety and well-being for all involved parties.
2)The organization shall determinethe relevant needs and expectations (i.e. requirements) of workers and other interested parties;
Identifying the relevant needs and expectations (requirements) of workers and other interested parties for an Occupational Health and Safety (OH&S) management system involves a systematic and thorough process of engagement and analysis. Here are steps to help you identify and document these needs and expectations:
Stakeholder Identification: As mentioned earlier, start by identifying and listing all relevant stakeholders or interested parties. This includes workers, management, regulatory authorities, customers, suppliers, and any other groups or individuals with a vested interest in your organization’s OH&S performance.
Engagement and Communication: Engage with these stakeholders through various means, such as surveys, interviews, meetings, and feedback mechanisms. Open and transparent communication is key to understanding their needs and expectations.
Legal and Regulatory Requirements: Review all applicable laws, regulations, and standards related to occupational health and safety. These are often mandatory requirements that must be met.
Industry Standards and Best Practices: Research industry-specific standards, guidelines, and best practices related to OH&S. These can provide valuable insights into what is expected within your specific sector.
Internal Stakeholder Input: Seek input from internal stakeholders, including employees, worker representatives, and management. They can provide insights into day-to-day operations, potential hazards, and areas where improvement is needed.
External Stakeholder Input: Engage with external stakeholders such as customers, suppliers, and community members to gather their perspectives on OH&S. They may have unique expectations and concerns.
Historical Data: Analyze past incidents, accidents, near-misses, and safety performance data to identify recurring issues and areas requiring improvement. This data can provide valuable insights into specific needs and expectations.
Benchmarking: Compare your organization’s OH&S performance and practices with those of industry leaders or competitors. This can help identify gaps and areas where improvement is necessary to meet or exceed industry standards.
Risk Assessments: Conduct OH&S risk assessments to identify potential hazards and their associated risks. This can help in determining the requirements for hazard control and prevention.
Feedback Mechanisms: Establish mechanisms for ongoing feedback from workers and other stakeholders. This can include suggestion boxes, incident reporting systems, and regular safety meetings.
Surveys and Questionnaires: Develop surveys or questionnaires that are tailored to the needs of different stakeholder groups. These can help gather structured feedback on specific OH&S aspects.
Documenting Requirements: As you gather information, document the identified needs and expectations in a structured manner. Create a matrix or database that specifies each requirement, its source, and its priority or criticality.
Regular Review and Updating: The identification of needs and expectations is not a one-time activity. Regularly review and update this information to ensure it remains current and relevant.
Integration into the OH&S Management System: Ensure that the identified needs and expectations are integrated into your OH&S management system. This includes updating policies, procedures, and processes to address these requirements.
Training and Awareness: Ensure that all relevant employees and stakeholders are aware of the identified needs and expectations and understand their roles in meeting them.
By following these steps, organizations can systematically identify and document the relevant needs and expectations of workers and other interested parties related to their OH&S management system. This information forms the basis for developing and implementing effective OH&S policies and practices.
3) Some examples ofrelevant needs and expectations (i.e. requirements) of workers and other interested parties
The needs and expectations (requirements) of workers and other interested parties relevant to an Occupational Health and Safety (OH&S) management system can vary widely depending on the specific organization, industry, and context. Here are some examples of common needs and expectations for different groups:
Workers:
Safe Working Conditions: Workers expect a safe and healthy work environment free from hazards that could cause injury or illness.
Training and Education: Workers expect access to training and education programs that provide them with the knowledge and skills needed to work safely.
Effective Communication: Workers need clear and effective communication channels for reporting safety concerns, incidents, and receiving important safety information.
Involvement in Decision-Making: Workers may expect to be involved in decisions related to safety policies, procedures, and hazard control measures that affect them.
Protection from Retaliation: Workers expect protection from any form of retaliation or discrimination when they report safety concerns or incidents.
Personal Protective Equipment (PPE): Access to appropriate PPE and guidance on its proper use is an expectation to protect themselves from workplace hazards.
Work-Life Balance: Ensuring that work hours and conditions allow for adequate rest and recovery to prevent fatigue-related accidents.
Management:
Compliance with Regulations: Management expects that the organization complies with all relevant OH&S laws and regulations.
Risk Management: Effective risk management processes that identify, assess, and control workplace hazards are expected to prevent accidents and incidents.
Resource Allocation: Adequate resources, including budgets, personnel, and equipment, are expected to be allocated to support OH&S initiatives.
Continuous Improvement: A commitment to continuous improvement in OH&S performance, including setting measurable targets and objectives.
Emergency Response Preparedness: Expectation that emergency response plans and procedures are in place and regularly tested to mitigate the impact of accidents or emergencies.
Regulatory Authorities:
Compliance: Regulatory authorities expect organizations to comply with all relevant OH&S laws and regulations applicable to their industry and location.
Reporting: Timely reporting of incidents, accidents, and near-misses, as required by law, is an expectation.
Inspections and Audits: Regulatory bodies may conduct inspections and audits to ensure compliance and expect cooperation from organizations during these processes.
Customers:
Product/Service Safety: Customers may expect that the products or services they purchase are produced or delivered in a manner that ensures safety.
Transparency: Transparency in disclosing information related to product safety and any potential risks associated with its use.
Suppliers:
Safety Standards: Suppliers may need to meet certain safety standards when providing materials or services to the organization.
Communication: Effective communication of safety requirements and expectations to suppliers and contractors.
Community and Neighbors:
Environmental Impact: Concerns related to the environmental impact of the organization’s operations and any potential hazards affecting the local community.
Emergency Preparedness: Expectations that the organization has plans in place to respond to emergencies that could impact the surrounding community
4) The organization shall determinewhich of these needs and expectations are, or could become, legal requirements and other requirements
Determining which of the identified needs and expectations could become legal requirements or other types of requirements (such as industry standards or contractual obligations) involves a systematic process of analysis and research. Here’s how you can go about it:
Begin by conducting a comprehensive review of all relevant local, regional, national, and international laws and regulations pertaining to occupational health and safety (OH&S). These regulations can come from government agencies responsible for workplace safety, labor, and environmental protection.
Carefully analyze the regulatory framework to identify specific legal requirements that directly relate to the needs and expectations you’ve identified. These requirements may include safety standards, reporting obligations, training mandates, and more.
Stay updated with changes in OH&S laws and regulations. Regulations can change over time due to legislative updates, court decisions, or shifts in government policy. Continuously monitoring regulatory updates is essential to ensuring compliance.
If necessary, consult legal experts or attorneys with expertise in OH&S law. They can provide valuable insights into the legal obligations associated with specific needs and expectations.
Research and assess industry-specific standards, guidelines, and best practices. These may not be legal requirements, but they can often serve as de facto standards that organizations are expected to follow to maintain a competitive edge or meet customer expectations.
Examine contracts, agreements, and procurement documents with suppliers, customers, and other stakeholders. These contracts may impose specific OH&S requirements that your organization must adhere to as part of the business relationship.
In some cases, it may be beneficial to engage with regulatory authorities or government agencies directly to seek clarification on specific requirements or to discuss compliance strategies.
Create a structured document or database that tracks all identified legal and other requirements associated with each need and expectation. Include details such as the source of the requirement, its specific content, and any compliance deadlines.
Keep the document tracking legal and other requirements up-to-date as regulations change or new requirements emerge. This should be an ongoing process to ensure ongoing compliance.
Integrate the identified legal and other requirements into your organization’s OH&S management system. Ensure that your policies, procedures, and practices align with these requirements.
Educate relevant personnel within your organization, including employees, managers, and OH&S professionals, about the identified legal and other requirements. Make sure they understand their roles in compliance.
Conduct regular internal audits or assessments to verify compliance with legal and other requirements. Correct any non-compliance issues promptly.
By following these steps and maintaining a proactive approach to tracking and understanding regulatory and other requirements, your organization can ensure that it remains compliant with OH&S obligations and maintains a commitment to safety and health in the workplace. Few examples of how the needs and expectations of interested parties can evolve into legal requirements and other types of requirements:
Worker Safety Training:
Interest Party Need/Expectation: Workers expect comprehensive safety training to perform their jobs safely.
Legal Requirement: Based on this expectation, regulatory authorities may establish legal requirements that mandate specific training programs and certification for workers in certain industries, such as construction or healthcare.
Community Environmental Concerns:
Interest Party Need/Expectation: The local community is concerned about the environmental impact of a manufacturing plant.
Legal Requirement: In response to these concerns, government regulators may impose legal requirements on the plant, such as emissions limits, waste disposal regulations, and reporting obligations to address environmental concerns.
Supplier Safety Standards:
Interest Party Need/Expectation: Suppliers expect that organizations they work with maintain a safe working environment.
Other Requirement (Contractual Obligation): Organizations may include safety and health requirements in their supplier contracts, obligating suppliers to comply with specific safety standards and practices as a condition of doing business.
Customer Product Safety Expectations:
Interest Party Need/Expectation: Customers expect that products they purchase are safe to use.
Legal Requirement: Government agencies may establish legal requirements for product safety testing, labeling, and recall procedures to ensure that products meet safety expectations.
Worker Involvement in OH&S Decisions:
Interest Party Need/Expectation: Workers want to be involved in decisions related to safety policies and procedures.
Legal Requirement: Labor laws in some countries may require worker participation in OH&S committees or decision-making processes, aligning with this expectation.
Community Emergency Preparedness:
Interest Party Need/Expectation: The local community expects the organization to have effective emergency response plans.
Other Requirement (Community Agreement): The organization may enter into agreements with local authorities or community groups to develop and maintain emergency response plans that align with community expectations, even if not legally mandated.
Customer OH&S Audits:
Interest Party Need/Expectation: Customers expect suppliers to comply with OH&S standards.
Other Requirement (Market Demand): While not a legal requirement, suppliers may need to undergo OH&S audits by their customers to ensure compliance with specific OH&S requirements, as a condition of being a supplier.
Worker Reporting of Safety Incidents:
Interest Party Need/Expectation: Workers expect protection from retaliation when reporting safety incidents.
Legal Requirement: Whistleblower protection laws may be enacted to safeguard workers from retaliation for reporting safety concerns, in line with this expectation.
In each of these examples, the needs and expectations of interested parties, whether they are workers, customers, the community, or suppliers, have influenced the development of legal requirements or other types of requirements. These requirements serve to address and meet these expectations while ensuring safety and compliance within the organization’s operations and its relationships with stakeholders.
Documented Information required
Documents:
Stakeholder Identification and Analysis: Document the process used to identify and analyze the needs and expectations of workers and other interested parties. This can include procedures, reports, and meeting minutes.
Stakeholder Engagement Plan: Describe how the organization plans to engage with interested parties, including methods of communication, frequency, and responsible parties.
Legal and Regulatory Registers: Maintain a record of relevant OH&S laws, regulations, and standards applicable to the organization. This register should be regularly updated.
Industry Standards and Guidelines: Document industry-specific OH&S standards, guidelines, and best practices that are relevant to the organization.
Risk Assessment Documentation: Record the results of risk assessments related to OH&S, including identified hazards, risk levels, and control measures.
Reports on Stakeholder Feedback: Document feedback and input received from workers and other interested parties through surveys, interviews, or other feedback mechanisms.
Records:
Stakeholder Engagement Records: Maintain records of all interactions and communications with stakeholders, including meeting minutes, emails, and correspondence.
Compliance Records: Record evidence of compliance with applicable OH&S legal requirements and regulations, including audit reports and inspection records.
Training Records: Document records of OH&S training and education provided to workers and other relevant parties.
Incident Reports: Maintain records of OH&S incidents, accidents, near-misses, and their investigations.
Risk Assessment Records: Keep records of risk assessments, including the identification of hazards, assessment of risks, and the implementation of control measures.
Change Management Records: Document changes to OH&S processes or practices made in response to the needs and expectations of interested parties.
Performance Metrics: Maintain records of OH&S performance metrics, such as incident rates, near-miss reports, and key performance indicators (KPIs).
Communication Records: Record the distribution of OH&S-related information, including safety alerts, training materials, and safety bulletins.
Action Plans: Document action plans developed in response to identified needs and expectations, including timelines and responsible individuals.
ExampleProcedure: Understanding the Needs and Expectations of Workers and Interested Parties
Objective: The objective of this procedure is to systematically identify, analyze, and document the needs and expectations of workers and other interested parties related to the OH&S management system.
Scope: This procedure applies to all functions, processes, and activities within the organization that have an impact on OH&S performance.
Responsibilities:
Management: Responsible for overall oversight and approval of the procedure.
OH&S Team: Responsible for coordinating and conducting stakeholder engagement activities.
Department Heads/Managers: Responsible for providing input and feedback related to the needs and expectations of workers and interested parties within their respective departments.
Procedure Steps:
Determine Relevant Interested Parties: The OH&S team, in collaboration with relevant department heads, shall compile a list of potential interested parties. This may include employees, worker representatives, regulatory authorities, customers, suppliers, community members, and other stakeholders.
Identify Needs and Expectations:
For each identified interested party, the OH&S team shall determine their needs and expectations. This can be achieved through various methods, such as:
Reviewing applicable laws, regulations, and standards.
Conducting surveys and interviews with workers and stakeholders.Analyzing incident reports, near-misses, and complaints.
Reviewing customer feedback and contracts.
Engaging with worker representatives and unions.
Needs and expectations should be documented, specifying the source and context for each requirement. Consider the following factors:
Safety and health concerns.
Legal requirements and regulatory expectations.
Industry-specific standards and best practices.
Community and environmental concerns.
Assess and Prioritize Requirements: Assess the importance and relevance of each identified need and expectation in the context of OH&S management. Prioritize these requirements based on factors such as legal obligations, potential risk, stakeholder influence, and organizational priorities.
Communication and Engagement: Develop and implement a communication plan to engage with stakeholders and communicate how their needs and expectations are being addressed. Share relevant information with workers and interested parties, ensuring transparency in the process.
Integration into OH&S Management System: Incorporate the identified needs and expectations into the organization’s OH&S policies, objectives, procedures, and risk assessments. Ensure that relevant departments and functions are aware of and aligned with these requirements.
Monitoring and Review: Regularly review and update the list of interested parties, their needs, and expectations to ensure relevance and currency. Monitor OH&S performance against the identified requirements and take corrective actions as necessary.
Record Keeping: Maintain records of stakeholder engagement activities, including meeting minutes, survey results, and documented needs and expectations.
Training and Awareness: Ensure that employees and relevant stakeholders are trained and aware of their roles in addressing the needs and expectations identified in this procedure.
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its OH&S management system.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains:
An understanding of the context of an organization is used to establish, implement, maintain and continually improve its OH&S management system. Internal and external issues can be positive or negative and include conditions, characteristics or changing circumstances that can affect the OH&S management system, for example: a) external issues, such as: 1) the cultural, social, political, legal, financial, technological, economic and natural surroundings and market competition, whether international, national, regional or local; 2) introduction of new competitors, contractors, subcontractors, suppliers, partners and providers, new technologies, new laws and the emergence of new occupations; 3) new knowledge on products and their effect on health and safety; 4) key drivers and trends relevant to the industry or sector having impact on the organization; 5) relationships with, as well as perceptions and values of, its external interested parties; 6) changes in relation to any of the above; b) internal issues, such as: 1) governance, organizational structure, roles and accountabilities; 2) policies, objectives and the strategies that are in place to achieve them; 3) the capabilities, understood in terms of resources, knowledge and competence (e.g. capital, time, human resources, processes, systems and technologies); 4) information systems, information flows and decision-making processes (both formal and informal); 5) introduction of new products, materials, services, tools, software, premises and equipment; 6) relationships with, as well as perceptions and values of, workers; 7) the culture in the organization; 8) standards, guidelines and models adopted by the organization; 9) the form and extent of contractual relationships, including, for example, outsourced activities; 10) working time arrangements; 11) working conditions; 12) changes in relation to any of the above.
Determining external and internal issues relevant to an organization’s Occupational Health and Safety (OH&S) management system is a crucial step in complying with ISO 45001:2018. Here’s a step-by-step guide on how an organization can go about this process:
Establish a Cross-Functional Team: Create a team comprising individuals from various departments and levels of the organization to ensure a comprehensive understanding of both internal and external issues. This team should include OH&S professionals, management representatives, and relevant stakeholders.
Identify Internal Issues: Examine existing documentation, such as policies, procedures, and previous assessments, to identify internal issues that are relevant to OH&S management. This can include past incident reports, risk assessments, and performance data Perform internal audits or assessments to identify potential gaps or areas of improvement in your existing OH&S practices and procedures.Consult with employees and worker representatives to gather their insights and concerns regarding workplace safety and health. Employees often have valuable information about day-to-day safety issues.d. Evaluate the availability of resources, including personnel, equipment, and financial resources, that are allocated to OH&S activities.
Identify External Issues: Identify and engage with external stakeholders who may have an interest in or impact on your organization’s OH&S performance. This can include regulatory agencies, customers, suppliers, and local communities. Stay informed about relevant OH&S laws, regulations, and standards applicable to your industry and location. Identify any upcoming changes or developments in the regulatory landscape. Monitor industry trends and best practices in occupational health and safety. This includes staying updated on emerging technologies, methodologies, and benchmarks.Consider economic, social, and environmental factors that may impact your organization’s OH&S performance. These could include economic conditions, societal expectations, and environmental factors like climate change.
Analyze and Prioritize Issues: Once you’ve identified internal and external issues, analyze them to determine their significance and potential impact on your OH&S management system and performance. Prioritize these issues based on their importance and relevance to your organization’s goals and objectives.
Document Findings: Document the results of your analysis in a systematic manner. Create a record of the identified issues, their potential impact, and how they relate to the purpose and intended outcomes of your OH&S management system.
Integrate into OH&S Management System: Integrate the identified issues into your OH&S management system. This may involve updating your OH&S policy, objectives, and action plans to address the prioritized issues.
Regular Review and Updates: Continually monitor and review these issues to ensure that your OH&S management system remains responsive to changes in the internal and external environment. Update your system as needed to address new challenges or opportunities.
Remember that this process should be iterative and ongoing. By regularly reviewing and addressing internal and external issues, organizations can adapt to changing circumstances and maintain a proactive approach to occupational health and safety management. Some examples of External and Internal issues are
External Issues:
Regulatory Changes: New occupational health and safety laws or regulations introduced by government authorities that affect the organization’s compliance requirements.
Market Trends: Shifting industry standards or trends in safety practices and technologies that impact how the organization manages safety.
Competitive Landscape: Actions and safety initiatives taken by competitors that may require the organization to adapt its own OH&S strategies.
Customer Requirements: Changes in customer expectations or contract requirements related to safety and health performance.
Supply Chain Issues: Safety risks or vulnerabilities within the organization’s supply chain, such as suppliers not meeting safety standards or disruptions in the supply of safety-critical materials.
Environmental Factors: Environmental changes, like extreme weather events, that could increase safety risks for employees or affect the organization’s ability to operate safely.
Community Concerns: Concerns or expectations of the local community regarding the organization’s impact on their safety and well-being.
Economic Conditions: Economic downturns that might affect the organization’s financial resources available for safety programs and initiatives.
Technological Advancements: New technologies or processes that could enhance or change how safety is managed within the organization.
Internal Issues:
Safety Culture: The organization’s internal safety culture, including the commitment of leadership and the behavior of employees regarding safety.
Resource Allocation: The availability and allocation of resources, such as budget, personnel, and equipment, for managing safety effectively.
Incident History: Past safety incidents, near misses, or accident trends within the organization that indicate areas needing improvement.
Training and Competence: The level of training and competence of employees and management in terms of safety practices and procedures.
Workflow and Processes: The efficiency and effectiveness of safety-related processes and workflows within the organization.
Equipment Maintenance: The condition and reliability of safety-critical equipment and machinery.
Communication: The effectiveness of internal communication regarding safety issues, including reporting mechanisms and feedback loops.
Employee Engagement: The level of employee engagement and participation in safety programs and initiatives.
OH&S Policy: The organization’s OH&S policy and objectives and how well they align with actual practices.
Workplace Design: The layout and design of the workplace, including ergonomic considerations and safety features.
Supply Chain Control: The organization’s control over its supply chain in terms of safety standards and practices.
Emergency Response Preparedness: The organization’s readiness to respond to emergencies or crises, such as fire drills and evacuation plans.
H&S Conditions Affecting External Issues:
Regulatory Compliance: The organization’s compliance with OH&S regulations and standards can be an external issue. Non-compliance can lead to legal penalties, damage to reputation, and loss of business opportunities.
Incident Reporting and Transparency: How the organization handles and reports workplace incidents can affect its external image. Poor incident management can lead to negative publicity and damage to the organization’s reputation.
Safety Performance: The organization’s safety performance, including accident rates and injury statistics, can impact its relationships with customers, suppliers, and stakeholders. A history of frequent accidents may deter business partners.
Community Relations: The organization’s relationship with the local community can be affected by its OH&S practices. Incidents or perceived risks to the community can lead to public concern and pressure on the organization to improve safety.
Supplier and Contractor Relations: If the organization relies on suppliers or contractors, their safety practices can become an external issue. Poor safety records among suppliers or contractors may lead to concerns from customers or regulatory authorities.
Legal and Regulatory Environment: Changes in OH&S regulations and government policies can significantly impact the external issues facing an organization. Compliance with new requirements may require significant resources and changes to operations.
OH&S Conditions Affecting Internal Issues:
Safety Culture: The internal safety culture within the organization, including attitudes, beliefs, and behaviors related to safety, can directly impact internal issues. A strong safety culture promotes proactive safety measures.
Incident Management: How the organization responds to and manages workplace incidents internally can affect its internal issues, including the morale and confidence of employees.
Employee Health and Well-being: The health and well-being of employees, including physical and mental health, can be internal issues. These conditions can impact productivity, absenteeism, and overall workplace morale.
Training and Competence: The organization’s commitment to providing adequate training and ensuring employee competence in safety procedures can influence internal issues. Well-trained employees are more likely to follow safety protocols.
Resource Allocation: The allocation of resources within the organization for OH&S initiatives is an internal issue. Sufficient budget, personnel, and equipment dedicated to safety can improve internal safety conditions.
Safety Policies and Procedures: The effectiveness and enforcement of internal safety policies and procedures directly impact internal OH&S issues. Clear and well-communicated policies promote safer work environments.
Continuous Improvement: The organization’s commitment to continuous improvement in OH&S practices can influence internal issues. A culture of continuous improvement encourages the identification and mitigation of safety risks.
Emergency Preparedness: How well the organization is prepared to respond to emergencies internally, such as fires or chemical spills, is an internal issue. Proper planning and training are crucial.
Risk Assessment: The organization’s ability to identify, assess, and control occupational health and safety risks is an internal issue. A proactive approach to risk management can prevent incidents.
Methodologies to determine external and internal issues
Strengths: Identify internal factors that contribute positively to OH&S, such as a strong safety culture, well-trained staff, or effective safety procedures.
Weaknesses: Identify internal factors that hinder OH&S, like inadequate resources, insufficient training, or outdated procedures.
Opportunities: Identify external factors that could positively impact OH&S, such as new safety technologies, regulatory changes that favor safety, or emerging best practices.
Threats: Identify external factors that could negatively impact OH&S, such as changing regulations, natural disasters, supply chain disruptions, or increased competition.
Political: Consider political factors, such as government regulations and policies related to OH&S, which can have a significant impact on the organization.
Economic: Analyze economic conditions, like economic downturns, budget constraints, or financial stability, which may affect resource allocation for safety.
Social: Examine societal factors, including employee attitudes toward safety, public perception, and community expectations regarding safety.
Technological: Assess technological factors that influence OH&S, like advancements in safety equipment or digital tools for safety management.
Legal: Review legal factors, including changes in OH&S regulations, compliance requirements, and potential legal risks.
Environmental: Consider environmental factors, such as climate-related risks or environmental hazards, which may affect safety conditions.
Stakeholder Engagement: Engage with internal and external stakeholders, including employees, customers, suppliers, regulatory agencies, and local communities. Collect their input and feedback on OH&S issues that matter to them and affect the organization.
Data Analysis:Analyze historical data related to OH&S incidents, near misses, safety audits, and compliance records to identify trends and patterns that may reveal internal issues.
Benchmarking: Compare the organization’s OH&S performance against industry benchmarks and best practices to identify gaps and areas for improvement.
Internal Audits and Assessments: Conduct internal audits and assessments specifically focused on OH&S management. These audits can uncover weaknesses and areas for improvement within the organization.
Brainstorming and Workshops:Facilitate brainstorming sessions and workshops involving cross-functional teams to discuss and identify both internal and external issues that impact OH&S.
Risk Assessment:Perform OH&S risk assessments to identify and evaluate potential hazards and risks within the organization. This can help pinpoint internal issues related to safety.
Scenario Planning: Develop scenarios based on potential future changes in the internal and external environment. This can help identify how the organization would respond to various OH&S-related challenges or opportunities.
Regular Review and Updates: Ensure that the process of identifying internal and external issues is ongoing and integrated into the organization’s OH&S management system. Regularly review and update the analysis to adapt to changing conditions.
Documented Information required:
Legal and Regulatory Requirements: Document a list of applicable OH&S legal and regulatory requirements. This should include relevant laws, regulations, and standards that the organization must comply with.
Identification of Internal Issues: Document the internal issues that are relevant to the organization’s OH&S management system. This may include factors such as organizational culture, resources, structure, and internal safety performance data.
Identification of External Issues: Document the external issues that are relevant to the organization’s OH&S management system. This may include factors such as changes in OH&S regulations, market conditions, customer requirements, and emerging safety trends.
Methods Used for Identification: Document the methods and processes used to identify and assess internal and external issues. This could include the results of SWOT analyses, PESTLE analyses, stakeholder consultations, and risk assessments.
Periodic Review: Document the organization’s process for periodically reviewing and updating its understanding of internal and external issues to ensure its OH&S management system remains relevant and effective.
Communication and Documentation of Information: Document how the organization communicates this understanding of its context to relevant parties, including employees, and how it ensures that this information is maintained and made available as necessary.
Integration with Other Management Systems: If the organization has other management systems (e.g., quality or environmental management systems), document how the understanding of its context is integrated with those systems to ensure alignment and consistency.
Example of procedure of identifying internal and external issues in OH&S MS.
Objective: To establish a systematic process for identifying and assessing internal and external issues that are relevant to the organization’s OH&S management system.
Scope: This procedure applies to all personnel responsible for managing and maintaining the OH&S management system.
Responsibilities:
Top Management: Responsible for overseeing the identification and assessment of internal and external issues and ensuring that the OH&S management system is aligned with these issues.
OH&S Team: Responsible for conducting assessments and providing recommendations based on the identified issues.
Relevant Personnel: Responsible for providing input and feedback as needed during the identification process.
Procedure Steps:
Context Establishment: Top management shall establish the context of the organization, including its internal and external environment. Define the scope of the OH&S management system, including boundaries, activities, and locations covered.
Identification of Interested Parties: Compile a list of interested parties relevant to the OH&S management system. This may include employees, contractors, regulatory authorities, customers, and other stakeholders. Document the methods used to identify these interested parties, which may involve stakeholder analysis and consultations.
Needs and Expectations Assessment: For each identified interested party, assess their needs and expectations related to OH&S. Document the results of this assessment, including the specific OH&S-related needs and expectations of each party.
Legal and Regulatory Requirements: Maintain an up-to-date list of all applicable OH&S legal and regulatory requirements. Ensure that these requirements are regularly reviewed for changes and updates. Document the sources and references for these requirements.
Identification of Internal Issues:
Conduct a review of internal factors that could affect the OH&S management system. This may include:
Organizational culture and values
Resources dedicated to OH&S
Previous safety incidents and trends
OH&S performance data .
Document the results of this review.
Identification of External Issues:
Conduct a review of external factors that could affect the OH&S management system. This may include:
Changes in OH&S regulations
Market conditions
Customer expectations
Emerging safety technologies or trends
Document the results of this review.
Assessment Methods: Document the methods and tools used to assess and prioritize the identified issues. This may include SWOT analysis, PESTLE analysis, and risk assessments.
Periodic Review: Establish a schedule for periodic review and updating of the identification process to ensure ongoing relevance. Document the process for reviewing and updating the identification of issues.
Communication and Integration: Ensure that the documented information regarding identified issues is communicated to relevant parties within the organization. Document how this understanding of context is integrated into the OH&S management system to inform objectives, policies, and procedures.
Record Keeping: Maintain records of the identified issues, assessments, and any actions taken to address them.
Continuous Improvement: Use the information about internal and external issues to drive continuous improvement in the OH&S management system.
Training and Awareness: Ensure that personnel involved in the identification process are trained and aware of their roles and responsibilities.
Documentation Control: Maintain and control the documentation related to this procedure in accordance with the organization’s document control procedures.
Review and Approval: Periodically review and update this procedure to ensure its effectiveness. Obtain approval from top management or relevant authorities for any changes to this procedure.
The ISO 45001 standard provides a framework for managing the prevention of work-related injuries, ill health, and death. The intention of this international standard is to improve and provide a safe and healthy workplace for workers and other persons who may be interacting with the organization. This includes the development and implementation of an OH&S policy and objectives which take into account applicable legal requirements and other requirements to which the organization subscribes. Organizations worldwide recognize the need to provide a safe and healthy working environment, reduce the likelihood of accidents and demonstrate they are actively managing risks. ISO 45001 is the international standard for occupational health and safety will provide an internationally accepted framework that will help protect employees as well as protecting the longevity and health of an organization. The standard is flexible and can be adapted to manage occupational health and safety in a wide range of organizations including; large organizations and enterprises, small and medium-sized enterprises, public and not-for-profit organizations. Although organizations tend to use generic health and safety guidelines or national and consortia standards, none of these demonstrate global conformity. There was a worldwide need to harmonize health and safety management systems using an international standard and sharing best practices. This can be seen at local, national, regional, and global levels – applying to both developing and developed countries. With an international standard to refer to, together with the right infrastructure and training, organizations will be able to address these risks better in the future.
This standard does not state specific criteria for OH&S performance, nor does it provide a specific method for the design of the OH&S Management System. This International Standard is applicable to any organization that wishes to:
establish, implement and maintain an OH&S Management System to improve occupational health and safety, eliminate or minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S Management System nonconformities associated with its activities;
continually improve its OH&S performance and achieve its OH&S objectives;
assure itself of the conformity to the OH&S policy;
demonstrate conformity with the requirements of this International Standard.
According to ISO 45001, the Occupational Health and Safety Management System is part of the organization’s overall management system used to achieve the OH&S policy. The intended outcomes of the OH&S Management System are to provide a safe and healthy workplace for all employees/workers. Consequently, effective OH&S management promotes business efficiency, reduces costs, and makes good business sense. According to ISO 45001, a worker is defined as a person performing work or work-related activities under the control of the organization, for instance, individuals perform work or work-related activities under various arrangements; paid or unpaid at a regular or temporary, intermittent or seasonal, casual or on a part-time basis. ISO 45001 is the first Occupational Health and Safety Management System standard to be fully compliant with the new guidelines of the Annex SL and to have a common content structure and terms and definitions to other management system standards. This means that ISO 45001 is fully aligned with all other management systems (related) standards that have also adopted the Annex SL framework. This international standard does not address issues such as product safety, property damage, or occupational health and safety impacts; it addresses the risk that the working environment and/ or conditions pose to workers, visitors, vendors, and other relevant interested parties. ISO 45001 can be used entirely or partially to systematically improve the OH&S management system. However, claims of conformity to this standard are not acceptable unless all of the standard’s requirements, without exclusion, are incorporated into an organization’s OH&S Management System.
Introductions
The world that we live in has experienced rapid changes in technology, competition, economy, education, and so on. It is constantly evolving and advancing, and so are human expectations and demands. In order to compete in a continuously changing world, organizations need to establish a variety of approaches to keep up with industry trends. Consequently, organizations have to adapt in order to succeed in these fast-paced and complex environments. These changes often involve multinational supply chains and those operations that organizations have outsourced. The differences between nations, organizations, and societies also form part of these complexities. Therefore, effective management is crucial and of a high priority at the board level. For an organization, it is not sufficient to only be profitable, it is also important for them to have reliable systems of internal controls covering those risks related to occupational health and safety, the environment, and the reputation of the business. Each organization is responsible for the health and safety of its employees and others who may be affected by its activities. Organizations need to operate ethically, as well as, comply with the respective laws in these matters.
Statistics published by the ILO (International Labour Organization) indicate that: “more than 2.78 million deaths occur annually due to occupational accidents or work-related diseases, in addition to 374 million non-fatal injuries and illnesses, many of which result in extended absences from work.” Seemingly, this enormous number of affected workers is of very high concern to organizations and society as a whole. These statistics are clear evidence that organizations around the world need to implement health and safety management systems. Likewise, the health and safety of workers are increasingly becoming a priority for most nations and societies. Furthermore, according to certain estimations – over 40 million new jobs will be created annually by 2030, following the world’s population growth. Therefore, reducing the number of incidents that may result in high numbers of deaths (even by a small percentage) would be considered a great achievement. However, as a consequence, there will be a high demand for “best practice” standards to assist organizations with improvements in health and safety. These trends led to the need for the development of a recognized standard in all geographical areas, states, cultures, and jurisdictions, as a reference point for health and safety management; promoting better communication on common issues. The ISO’s aspiration is that “the ISO name and the recognition will give further credibility to the new Standard and lead to even wider adoption of health and safety management systems in the workplace.” Correspondingly, following a standard for occupational health and safety will help organizations reduce accidents and occupational diseases, avoid costly prosecutions, reduce insurance costs, enhance the public image & business reputation, and establish a positive culture for the organization where all stakeholders see that their needs are taken into account. ISO 45001 is the new international standard for Occupational Health and Safety Management Systems published by the International Organization for Standardization (ISO). It is a voluntary standard that organizations can adopt to establish, implement, maintain and improve their Occupational Health and Safety Management Systems (OH&S MS).
ISO 45001 is an international standard for occupational health and safety (OH&S) that derives from OHSAS 18001. It provides a framework for managing the prevention of work-related injuries, ill health, and/or death; thereby providing a safe and healthy workplace. OHSAS 18001 required from organizations, regardless of their size, type, and/or activities, to prevent injuries and deaths. ISO 45001 sets the background for continual improvement in health and safety management based on the following principles:
Provide safe and healthy working conditions to prevent work-related injury and ill health;
Satisfy applicable legal requirements and other requirements;
Control OH&S risks by using a hierarchy of controls;
Continually improve the OH&S management system to enhance the organization’s performance;
Ensure the participation of workers and other interested parties in the OH&S MS.
The new ISO 45001 standard brings real benefits to those who will use it. The standard is designed to be applicable to any organization, and its requirements are intended to be incorporated in any management system, regardless of the organization’s size or sector; whether it is a small business, large organization or even a non-profit organization, a charity, an academic institution or a governmental department. Having in place a systematic approach to manage health and safety will bring benefits to both the people and the organization. Ultimately, good health and safety is good business. The standard is also intended for organizations with small or low-risk operations, as well as, for organizations with high-risk operations. This standard states that successful health and safety management depends on the following:
Leadership and commitment of top or senior management;
Promotion of a healthy and safety culture within the organization;
Participation of workers and/or other representatives in the OH&S Management System;
Identification of hazards and control of risks;
Allocation of the necessary resources;
Integration of the health and safety management system into appropriate processes;
Alignment of the health and safety policies with the strategic objectives of the organization;
Continuous evaluation and monitoring of the health and safety management system in regards to performance improvement.
Goals of ISO 45001 Standard
As with the other safety management consensus standards, the goals of ISO 45001 are to provide guidance for the development of a framework where injuries, property damage, and other loss causing incidents can be mitigated. The stated goals of ISO 45001 are:
Develop an OH&S policy
Have leadership demonstrate their commitment to safety
Establish systematic processes for safety management
Conduct hazard identification efforts
Create operational safety controls
Increase awareness and knowledge for employees about safety.
Evaluate OH&S performance and develop plans to improve continuously
Establish the necessary competencies
Create and foster an OH&S culture within the organization
Ensure employees participate fully and meaningful in the safety process
Meet all legal and regulatory requirements
ISO 45001 – The benefits
Similar to other management system standards, ISO 45001 emphasizes effectiveness, efficiency, and continual improvement. Organizations will have a wide range of benefits from using this standard, including:
Globalization: ISO 45001 puts your organization in an elite category of businesses, as it is an internationally recognized standard.
Improvement in business performance: The implementation of an Occupational Health and Safety Management System based on ISO 45001 reduces workplace illnesses and injuries, and, in turn, increases productivity.
Best practice creation: It provides consistency and establishes “best practices” for occupational health and safety throughout the organization.
Hazard & risk identification: Conducting risk assessments in a systematic manner, improve the quality of the assessment.
Lower insurance premiums: Having a recognized system in place provides an apron for attracting lower insurance premiums.
Improvements in efficiency: The implementation of an OH&S Management System contributes to the reduction of accident rates, absenteeism levels, and downtime, all of which improve the efficiency levels of internal operations.
Establishment of a safe working environment: Promotes the safety of all persons being affected by the organization’s activities.
Monitoring & measurement: Promotes management oversight through the provision of key performance indicators (KPI’s) in the measurement of the Occupational Health and Safety Management System performance levels.
Focus: A culture that focuses on the “prevention of problems” rather than on the “detection of problems” is much more effective and rewarding to employees.
Continual improvement: Encourages continual improvement, e.g. the adoption of the “zero accident” concept.
Methodology
At the outset, ISO 45001 explains the founding principle of PLAN, DO, CHECK, ACT (PDCA). This principle is the methodology that guides the various performance aspects of the standard. PDCA is the idea of continual improvement that was made popular by Edward Deming, often considered the father of modern quality control theory, and fosters the standard of detailed actions that provide a platform for continual improvement across the organization. This is a critical concept as it establishes the model for continual, as opposed to continuous, improvement. This concept of continual improvement is repeated throughout the standard. “Continual improvement” is an umbrella concept that incorporates elements of continuous improvement. The distinction between continual and continuous improvement is fine, but an important one. Continual Improvement is defined as “recurring activity to enhance performance”. Continual does not mean continuous, so the activity does not need to take place in all areas simultaneously. Continuous Improvement is defined as “on-going and endless without interruption.” By its very nature, business activities often have numerous starts and stops. Business activities are best managed by regular and routine evaluations. Thus the concept of continual improvement is better suited to an organizational environment than the concept of continuous improvement.
Clause 1: Scope
ISO 45001 provides a set of requirements for an OH&S system that will assist an organization to foster an environment that is safe and healthy. The standard is applicable to any organization regardless of size, operations, objectives, and outcomes. It includes the development of an OH&S policy that meets best practices and legal requirements. The scope of ISO 45001 includes:
Creation of an OH&S policy that reinforces the objectives of the organization while taking into account its internal and external contexts.
Establishment, implementation, and maintenance of an OH&S management system.
Continual improvement of OH&S performance.
Assured conformity to the OH&S policy.
Demonstration of compliance with this ISO Standard
ISO 45001 does not provide specific criteria for OH&S performance. It does allow for the integration of other similar aspects of health and safety such as wellness, non-occupational health, and wellbeing. The scope does not include ideas of product safety, public safety, environmental protection, and quality. ISO 45001 can be used in part or in total to improve OH&S management systems; however, claims of conformity with ISO 45001 are only acceptable if the standard has been completely adopted without any exclusions.
Clause 3: Terms and Definitions
ISO 45001 contains a large “Terms and Definitions” glossary spanning seven pages which offer key descriptions and terminologies that organizations should consider adopting into their safety lexicon, especially those that are considering or are in ISO 45001 compliance process. Standardization of this language will allow for a common understanding of actions, concepts, and outcomes throughout all business units, locations, facilities, and departments of the organization.
Clause 4 of ISO 45001 provides a definition of the context of the organization and explains how this context must be used to understand organizational objectives. The context of the organization is the key consideration to be taken when developing and implementing the OH&S mission statement, OH&S policy statement, and objectives. Context is defined as the purpose that the organization is attempting to achieve and the external and internal issues that will impact the ability to achieve the intended outcome. The key elements to the context of the organization include:
Interested parties, in addition to workers (ISO 45001 defines managers, supervisors, and senior leaders as “workers”)
Needs and expectations of workers and other interested parties
Legal requirements
Differences in needs between managerial and non-managerial workers
When developing the OH&S management system, the organization will take into account the internal and external issues, the requirements of workers, and the work that is being performed. The context of the organization must be documented and the documentation must be available.
The organization is free to define the scope of the OH&S Management System but must determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its OH&S Management System, such as:
The needs and expectations of workers and other interested parties;
Determining its scope in terms of organizational units, functions, and physical boundaries;
The effect of its activities, products, and services;
Applicable legal, regulatory and other requirements to which the organization will comply.
The standard defines “interested parties” as a “person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity.”
This clause is found in all ISO management system standards, and it requires the organization to determine all internal and external issues that may be relevant to the achievement of the objectives of the OH&S Management System itself. This includes all elements which are, and may be capable of, affecting these objectives and outcomes in the future. The organization must understand:
the issues both positive and negative that need consideration in establishing OH&S
the opportunity to identify external and internal factors and interested parties that affect intended outcomes of OH&S
the external context – cultural, social, political, key trends in the industry
the internal context- governance, policies, objectives, culture, trends
The standard now requires the organization to assess who the interested parties are in terms of its OH&S Management System, what their needs and expectations may be, and consequently, if any of these should become compliance obligations. The organization must understand the needs and expectations of
external interested parties determined by the organization relevant to OH&S.
managerial and non-managerial workers.
other interested parties – legal and regulatory authorities, includes workers, customers, and clients.
The scope and boundaries of the OH&S Management System must now be thoroughly examined and defined considering the aforementioned interested parties and their needs, plus resulting compliance obligations. Also requiring consideration are the OH&S Management System functions and physical boundaries, and all products, services, and activities, including the organization’s ability to exert control on external factors, with the results of the whole definition included in the OH&S Management System and kept critically as “documented information.” While determining the scope the organization must
Clarify the boundaries of OH&S
Consider external and internal factors
Consider the requirements of interested parties
Consider the work-related activities performed
Ensure the scope addresses hazards and potential risk
The standard indicates that an OH&S Management System should be established to achieve the desired outcomes by using interacting processes to deliver continual improvement. The ultimate objective is to improve the organization’s occupational health & safety performance. The Organization must:
Establish, implement, maintain and continually improve OH&S
The process needed and interactions – integrate requirements into various business operations e.g. design & development and procurement
“leadership” and “top management” are used interchangeably throughout ISO 45001. The responsibilities of leadership and top management include:
Take overall responsibility and accountability for worker protection.
Ensure the OH&S policy relates to the context and is compatible with the strategic direction of the organization.
Integrate the OH&S management system into larger business processes.
Provide resources for the OH&S management system.
Ensure workers’ participation in the OH&S system.
Communicate the OH&S system and ensure the organization conforms to it.
Promote the OH&S system to address nonconformities and ensure continual improvement.
Create a culture that drives organizational support for the OH&S System
Since top management is responsible for the OH&S system, the elements required to be included in the OH&S management system are detailed within the leadership and worker participation section. The elements include the written commitments for safety; the framework for the OH&S system; obligations to meet legal requirements; continual improvement for OH&S performance; establishment of a risk control strategy; and most importantly; worker involvement. The policy must be documented, communicated with workers, reviewed periodically, and available to other parties. Other key considerations for leadership and worker participation include training, communication, worker participation support, employee engagement, and the establishment of audit programs.
Top management shall demonstrate leadership and commitment with respect to their overall responsibility and accountability for the protection of workers and with respect to the integration of the OH&S Management System processes and requirements into the organization’s business processes. The engagement of top management is essential in order to support the organization through the provision of resources and to promote continual improvement. Furthermore, top management must demonstrate leadership through supporting other management roles in enhancing the OH&S management system, and to ensure continual improvement is achieved by dealing with nonconformities, risks and hazards, and the identification of opportunities for improvement. An important responsibility of the top management is to establish, implement and maintain the OH&S policy, and to ensure that it is communicated within the organization and shared with relevant interested parties. Consultation and participation of workers Appropriate involvement of staff in:
Hazard identification;
Risk assessment and determination of controls;
Incident investigation;
Development and review of the OH&S policies and objectives;
Consultation and representation on OH&S matters;
Consultation with contractors, when there are changes that affect their OH&S.
This clause reminds the user that the organization and top management retain responsibility for the performance of all internal and external performance factors at all times. It, therefore, makes perfect sense that the Occupational Health & Safety Policy and objectives are aligned with each other and with the strategic policies and overall direction of the business, including integration with other business systems, where applicable. Provision must be made for resources to ensure that the OH&S Management System can be operated efficiently, and top management must ensure that the people with responsibility within the OH &S Management System have the correct support, training, and guidance to complete their tasks effectively. Communication is also critical from a leadership perspective, and communication methods and frequencies must be defined and established for both internal and external interested parties. In summary, it is the responsibility of the leadership of the organization to show an enhanced level of leadership, involvement, and co-operation in the operation of the OH&S Management System. The organization must
Have more focus to demonstrate leadership and commitment
Take overall responsibility and accountability for the protection of workers
Ensure the active participation of workers, worker representation using consultation
Consider the need to establish H&S committees
Identify and removal of barriers to participation
Have continual improvement of OH&S
Be developing, leading and promoting a culture supporting OH&S
The top management has the responsibility to establish the previously mentioned Occupational Health & Safety Policy, which is appropriate for the organization in terms of the size, scope, activities, and ambitions of the organization, and provides a formal framework for setting objectives. Obviously, the policy should include a commitment to eliminate hazards and reduce risks, to prevent workplace injury, and to consult with workers. Meeting compliance and regulatory factors is clearly another key element, and a method of capturing and recording this must be established. Finally, and vitally, the Occupational Health & Safety Policy must provide a commitment to the continual improvement of the OH&S Management System and its results. Critically, the Occupational Health & Safety Policy must be maintained as documented information, be communicated within the organization, and be available to all interested parties, as appropriate. The Organization must have a
OH&S policy set of principles and an overall sense of direction.
OH&S policy on consultation with workers at all levels and communicated.
Commitment to providing safe and healthy working conditions.
Prevention of injury and ill-health.
Policy appropriate to the size and context of the organization.
Specific nature of it OH&S risk and OH & S opportunities.
The standard states that it is the responsibility of top management to ensure that roles, responsibilities, and authorities are delegated and communicated effectively. The responsibility shall also be assigned to ensure that the OH&S Management System meets the terms of the 45001:2018 standard itself and that the performance of the OH&S Management System can be reported accurately to top management. The Organization must ensure that
Workers at each level assume the responsibility which they have control.
The relevant roles have been assigned within OH&S.
Organizational roles, responsibilities, and authorities are communicated at all levels within the organization.
Organizational roles, responsibilities, and authorities are maintained as documented information
When it comes to the health & safety of workers, these same workers must be consulted about the OH&S Management System and participate in implementing the processes necessary to secure a safe workplace. To this end, the organization needs to determine the processes necessary to consult with workers at all levels of the organization in all aspects of development, planning, implementation, performance evaluation, and improvement actions of the OH&S Management System. The Organization must:
Establish, implement, maintain processes for consultation and participation in developing, planning, evaluation and actions for improvement in OH&S.
Provide mechanisms, time, training and resources necessary for participation.
Provide timely access to clear, understandable and relevant information on OH&S.
Identify and remove obstacles or barriers to participation and minimize those that cannot be removed.
Have an additional emphasis on the participation of non-managerial workers in OH&S.
Have an additional emphasis on the inclusion of non-managerial workers in consultation.
Provide training at no extra cost to workers and provision of training during working hours.
Clause 6 describes the actions necessary to address risk and opportunity. Activity planning must take place within the context of the organization. The planning process must ensure that the OH&S management system is designed to achieve its intended outcomes and continually improve. Worker participation is cited as being a critical component in the planning phase. Additional considerations include operational risk, legal requirements, and other opportunities to improve the OH&S management system. This section outlines the need for hazard identification by the organization for both routine and non-routine activities, emergency situations, people and behavior, work area design, work environment under the control of the organization, and situations not under organizational control. Additional points of assessment include changes to process and operations, past incidents and their causes, and social/economic factors. The major sub-sections in Clause 6 include:
Hazard Identification
Assessment of OH&S Risks
Identification of OH&S Opportunities
Determination of Legal Requirements
Planning to Take Action
The setting of OH&S Objectives
Planning to Achieve Objectives
The planning phase is a comprehensive part of the ISO 45001 standard, requiring a detailed understanding of operations. By following this section, the organization can create a very deliberate and effective set-up to sustain the OH&S management system and ensure it continually improves. This is one of the most critical clauses since it is related to the establishment of strategic objectives and guiding principles for the Occupational Health and Safety Management System as a whole. The OH&S objectives, which can be integrated with other business functions, are the expression of the intent of the organization to treat the risks identified. When determining the risks and opportunities that need to be addressed, the organization shall take into account:
OH&S hazards and their associated risks, and opportunities for improvement;
Applicable legal requirements and other requirements;
Risks and opportunities related to the operation of the OH&S Management System that can affect the achievement of the intended outcomes.
This standard states that the organization should establish, implement, and maintain the processes needed to address the requirements of the whole of the planning section itself. When planning the OH&S Management System, considerations need to be made regarding the context of the organization (section 4.1) and the needs and expectations of interested parties (section 4.2), as well as the scope of the OH&S Management System. Risk and opportunity must be considered with respect to these elements, as well as legal and regulatory issues, and the organization’s Occupational Health & Safety hazards themselves. This outcome needs to ensure that the OH&S Management System can meet its intended outcomes and objectives, that any external factors that may affect performance are avoided, and that continual improvement can be achieved.
In terms of emergency situations, the organization is required to determine any situations that may occur and have a resulting occupational health & safety risk. Again, it is vital that documented information is retained concerning the risks and opportunities considered and addressed in the planning phase in order to satisfy the terms of the clause. While planning for actions to address risks and opportunities, the organization must
take into consideration the Organizational Context (4.1), needs and expectations of Interested parties (4.2) and Organizational Scope (4.3)
Prevent or reduce undesired effects.
Achieve its intended outcome.
make the assessment of risk and opportunities arising out of changes in Organization. (whether planned or unplanned).
Maintain documented information – risks, opportunities, and processes needed to have confidence in risk management.
ISO 45001:2018 asks organizations to consider, in a proactive manner, all occupational health & safety hazards within the organization’s control. Changes or planned future changes to services also have to be taken into account, as do any abnormal situations that may arise that are reasonable for the organization to predict–for example, if you are about to launch a new product that needs radically new production processes or materials. Again, the organization needs to maintain documented information on this clause and its elements, and communication to the appropriate levels with effective frequency needs to be planned and undertaken. In terms of documented information, if you ensure that all actual and associated risks, the criteria you use to define them, and your significant occupational health & safety risks are documented, then you will satisfy the terms of this clause. It has the following Sub-clauses
The organization must assess OH&S risks based on the hazards identified. While Assessing the OH&S risks the Organization must take into account the issues from context 4.1 & the needs and expectations of interested parties 4.2. It must define the methodology and criteria for Assessing OH&S risks. The Methodologies and criteria must be maintained and retained as documented information
The Organization must identify OH&S Opportunities to enhance OH&S performance. While identifying OH&S opportunities the Organization must take into account:
Planned changes
Opportunities to eliminate or reduce risk
Opportunities to adapt work, work organization and work environment to workers
Opportunities for improving the OH&S management system
This is a relatively straightforward, but vital part of the ISO 45001:2018 standard. The organization must decide what legal and other requirements are related to its occupational health & safety hazards and how to best access them, decide how they apply to the organization, and consider them when establishing, operating, and delivering continual improvement through the OH&S Management System. Documented evidence needs to be recorded for these obligations, also. The Organization must
Determine and have access to up-to-date legal requirements
Determine how these applications will be communicated
In this clause, the standard states that the organization shall plan to take actions to address its occupational health & safety hazards, risks, and opportunities, and compliance obligations, all of which we have discussed above. These also need to be implemented into the organization’s OH&S Management System and associated business processes. The task of evaluating the effectiveness of these actions also must be considered, with technological, financial, and operational considerations all taken into account. In this clause, the organization is expected to:
Address risk and opportunities (6.1.2.2 & 6.1.2.3)
Address applicable legal requirements (6.1.3)
Emergency preparedness emergency situation (8.2)
Integrate actions to other business processes – Business Continuity,
Financial or HR
Eliminating hazards and reducing OH&S risk (8.1.2)
The standard advises that occupational health & safety objectives should be established at appropriate levels and intervals, having considered the identified occupational health & safety hazards, risks and opportunities, and compliance obligations. The characteristics of the set objectives are important, too: they need to be consistent with the organization’s Occupational Health & Safety Policy, measurable where possible, able to be monitored, communicated effectively, and be such that they can be updated when circumstances require. Once more, it is mandatory that documented information is kept outlining this process and its outputs. To maintain and improve the OH&S management system and OH&S performance, while establishing OH&S objectives the Organization must
Take into account the results of the assessment of OH&S risk and opportunities and other risks and opportunities.
Take into account the outputs of consultation with workers and worker’s representatives.
Objectives are measurable or capable of evaluation.
The standard advises on the elements that need to be determined to ensure that objectives can be achieved. This can be thought of in terms of what needs to be done when it needs to be done, what resources are required to achieve it, who is responsible for the objectives being achieved, how results are to be measured and progress ensured, and consideration on how these objectives can be implemented within existing business systems. While Planning to achieve OH&S objectives the organization must consider the following:
What will be done?
What resources will be required?
Who will be responsible?
When completed?
How measured through indicators if practicable, monitored and frequency?
How actions will be integrated into overall business processes?
Clause 7 of ISO 45001 discusses the resources and support needed to be successful with the OH&S management system. “Support” means that the organization has achieved a level of competence among its workers and systems to successfully drive the outcomes of the OH&S plan. It also discusses the need to establish awareness of the OH&S policy, communicate information about the OH&S management system, outline with whom the information should be shared, manage documentation including tracking of updates, and control information and ensure its accessibility and accuracy. Essentially, the support system provides an overview of how the organization must support the OH&S management system. Successfully managing an Occupational Health and Safety Management System relies heavily on having the necessary resources for each task. This includes having competent staff with the appropriate training, support services, and effective information and communication means. The organization will determine what documented information is necessary for the success of the system. Documented information is a new term in the standard, which means the information can be in any format, media, or from any source. Moreover, internal and external information must be communicated throughout the organization and must be gathered, disseminated, and understood by those receiving it. The decisions that need to be made are:
On/about what to inform?
When to inform?
Who to inform?
How to inform?
How to receive and maintain documented information and how to respond to relevant incoming communications?
Respectively, the terms ‘document and record’ became obsolete in the new standard, which uses the term ‘documented information’ instead, for the purpose of maximizing the confidence to share information through any media.
Simply put, the standard advises the organization that the resources required to achieve the stated objectives and show continual improvement must be made available. The Organization must determine resources and provide resources needed for OH&S. Resources can include HR, natural resources, infrastructure, and technology. Human resources include – diversity, skills, and knowledge.
Employee competence must meet the terms of the ISO 45001:2018 standard by ensuring that the people given responsibility for OH&S Management System tasks are capable and confident. Related to this, it stands to reason that the experience, training, and/or education of the individual must be of the required standard and that any necessary training is identified and delivered –with measurable actions taken externally or internally to ensure that this level of competence exists. Predictably, this process and its outputs need to be recorded as documented information for the OH&S Management System. The organization must ensure:
Workers are competent which impacts on OH&S’s performance.
Competence is appropriate for education, training, and experience.
Criteria for each role are established.
Workers are evaluated periodically to ensure continued competence for their roles.
Appropriate documented information as evidence of competence is retained.
Awareness is closely related to competence in the standard. Employees must be made aware of the Occupational Health & Safety Policy and its contents, any current and future impacts that may affect their tasks, what their personal performance means to the OH&S Management System and its objectives, including the positives or improved performance, and what the implications of poor performance may be to the OH&S Management System. Additionally, the standard demands that workers be aware that they can remove themselves from work situations that they consider to be a danger to their life or health. Workers must be:
Made aware of OH&S policy
The implication of not conforming with OH&S requirements
Information and outcomes of investigations of relevant incidents
Processes for internal and external communication need to be established and recorded as documented information within the OH&S Management System. The key elements that need to be decided, actioned, and recorded are what needs to be communicated, how it should be done, who needs to receive the communication, and at what intervals it should be done. It should be noted here that any communication outputs should be consistent with related information and content generated by the OH&S Management System for the sake of consistency.
The standard advises the organization that information should be communicated at various levels and with various frequencies as deemed suitable and that the organization must ensure that the nature and frequency of communication allow continual improvement to result from the communication process itself.
Once again, the organization is advised by the standard to ensure that communication relevant to the OH&S Management System takes place as per the established process, with the goal of ensuring that compliance obligations and objectives are met.
“Documented information,” which you will have seen mentioned several times during this guide, refers to the documents and records that are necessary for the OH&S Management System. The requirements are designed to allow each organization to have the ability to shape documented information to their own requirements in general, with the exception of the mandatory components mentioned specifically in the standard and, therefore, this guide. The ISO 45001:2018 standard advises us that the OH&S Management System should include all documented information that it declares mandatory, and anything viewed as critical to the OH&S Management System and its operation. It should also be noted that the amount of documented information that an organization requires would differ according to the size, operating sector, and complexity of compliance obligations faced by the business.
The standard advises that documentation created by the OH&S Management System needs to include appropriate identification, description, and format so that it is can be easily understood what the documented information is for. There is also a need to review and approve the documented information for suitability and accuracy before release.
The standard advises that documentation created by the OH&S Management System should be available and fit for purpose where and when needed, reasonably protected against damage or loss of integrity and identity and that the processes of distribution, retention, access, retrieval, preservation and storage, control and disposition are adequately provided for. It should be noted that documented information from external sources should be similarly controlled and handled and that viewing and editing access levels should be carefully considered and controlled.
The clause, where there is a reference to documented information, are
The ISO 45001 standard provides us with some insight into what documents are required. Compared to OHSAS 18001, there are not too many changes, but the documentation requirements are easier to manage, following the logic of the new versions of other ISO standards. Of course, the standard does not explicitly mention documents and records, but uses the term “documented information.” The following represents a list of documents that you need to maintain in order to comply with ISO 45001:
The scope of the OH&S MS (clause 4.3)
OH&S management system (clause 4.4)
Leadership and commitment (clause 5.1)
OH&S policy (clause 5.2)
Organizational roles, responsibilities, and authorities (clause 5.3)
Actions to address risks and opportunities (clause 6.1)
Assessment of OH&S risks and other risks to the OH&S management system (clause 6.1.2.2)
Determination of legal requirements and other requirements (clause 6.1.3)
Planning to achieve OH&S objectives (clause 6.2.2)
Competence (clause 7.2)
Communication (clause 7.4)
Operational planning and control (clause 8.1)
Contractors (clause 8.1.4.2)
Emergency preparedness and response (clause 8.2)
Monitoring, measurement, analysis and performance evaluation (clause 9.1)
Evaluation of compliance (clause 9.1.2)
Internal audit (clause 9.2)
Management review (clause 9.3)
Incident, nonconformity and corrective action (clause 10.2)
Continual improvement (clause 10.2)
Other supporting documents Apart from the abovementioned list of documents, there are additional supporting documents that can be used to facilitate the operation of a management system. Thus, the following documents are commonly used:
Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
Procedure for identification and evaluation of OH&S management system risks and opportunities (clauses 6.1.1 and 6.1.2)
Procedure for competence, training, and awareness (clauses 7.2 and 7.3)
Procedure for communication (clause 7.4)
Procedure for document and record control (clause 7.5)
Procedure for internal audit (clause 9.2)
Procedure for management review (clause 9.3)
The standard also emphasizes that it is important to demonstrate the effectiveness of the OH&S Management System, rather than to simply draft endless theoretical procedures.
Clause 8 forms the heart of the ISO 45001 standard and addresses the program content necessary to have a successful OH&S management system that meets the intent of the standard. The specific topics discussed in this section include:
General provisions: such as the means for creating and managing documentation.
Hierarchy of controls: to utilize the most effective means of risk reduction within the organization.
Management of change: to ensure that when planned changes occur they are managed to control risk.
Outsourcing: to make certain risk controls are adequate for all outsourced processes.
Procurement: to validate all incoming materials and services conform to the system requirements.
Contractors: to communicate and control internal risks to third parties and evaluate risks they may introduce into the workplace.
Emergency preparedness and response: to identify potential emerging risks and develop specific and customized plans with key stakeholders to minimize these risks
This clause requires:
Operational planning and control on multi-employer workplaces; whereby the organization shall implement a process for coordinating the relevant parts of the OH&S management system with other organizations. This clause includes the requirement to reduce risks by implementing a “Hierarchy of Control” approach as used by the European Union Legislation. In that regard, this is a system of prioritization which ranks hazard elimination as the preferred control down through a series of controls which are less effective.
Eliminating hazards and reducing OH&S risks requires the organization to establish, implement and maintain a process(es) for the elimination of hazards and reduction of OH&S risks. In order to ensure that this is done properly, the organization shall use appropriate controls.
Management of Change requires the organization to establish a process for the implementation and control of planned changes so that the introduction of new products, processes, services or work practices do not bring with them any new hazards.
Procurement requires the organization to establish, implement and maintain a process for the control of procurement services so as to ensure that they conform to the requirements of the standard. In addition, the standard requires the organization to coordinate the procurement processes with its contractors and to identify the risks that arise from the contractors’ activities. Furthermore, the organization should ensure that outsourced processes which have an impact on its health and safety management system are appropriately controlled.
Emergency preparedness and response requires the organization to identify emergency situations and maintain a process to prevent or minimize OH&S risks from potential emergencies.
While the standard acknowledges that operational control will greatly depend on the size, nature, compliance obligations, and occupational health & safety hazards of an organization, the scope are given to the individual organization to plan and ensure the desired results are achieved. The methods suggested by the standard are that processes should be designed in such a way that consistency is guaranteed and error eliminated, technology is used to improve control, and it is ensured that personnel is trained and competent. Processes should be performed in an agreed and prescribed manner; those processes should be measurable, and the documented information should match the requirements to ensure operational control. An essential part of operational control lies in eliminating hazards and reducing OH&S risks. This can be carried out through a hierarchy of controls, from the elimination of the hazard to the use of personal protective equipment. Change in the OH&S Management System also needs to be managed in order to maintain the integrity of the OH&S performance. Procurement, including contractors and outsourcing of functions and processes, must also be considered and controlled. Appropriate measures must be taken to define and control the competency of outsourced service suppliers, including their effect on the OH&S Management System processes. As ever, opportunities for improvement must always be considered and identified. The standard also recognizes that the degree of control the organization has over an outsourced product or service can vary from absolute, if taking place onsite, to very little, if the activity takes place remotely. However, it is suggested that there are factors that, nonetheless, should be considered. As expected, compliance obligations should be considered and controlled, all direct and associated occupational health & safety risks should be evaluated and controlled, as should risks and opportunities associated with the provision of the service itself.
The organization must establish a process to coordinate with contractors for hazard identification and access controls to OH&S risks from contractor activities
The requirements of the OH&S management system must be met by contractors and their workers
The organization must establish the OH&S criteria for selection of contractors
The organization must ensure outsourced functions and processes are controlled. The Outsourced arrangements must be consistent with legal requirements. It should be integral to the organization’s ability to operate. There must be controls to achieve the intended outcome of the OH&S management system
Emergency preparedness and response is a key element in the mitigation of occupational health & safety risk. The standard informs us that it is the responsibility of the organization to be prepared, and a number of elements should be considered and planned for. Actions to mitigate incidents must be developed, as well as internal and external communication methods and appropriate methods for emergency response. Consideration of varying types of occupational health & safety incidents needs to be made, as do root cause analysis and corrective action procedures to respond to incidents after they occur. Regular emergency response testing and relevant training need to be considered and undertaken, and assembly routes and evacuation procedures defined and communicated. Lists of key personnel and emergency agencies (think clean-up agencies, local emergency services, and local occupational health & safety offices or agencies) should be established and made available, and it is often good practice to form partnerships with similar neighboring organizations with whom you can share mutual services and provide help in the event of an occupational health & safety incident. To establish an Emergency preparedness and response process the organization must
Identify potential emergency situations
Assess OH&S risks associated with these
Establish Preventative controls
Plan response to emergency situations including the provision of first aid
Conduct periodic testing and exercise of emergency response capabilities
Evaluate and revise plans
Communicate information relevant to their duties
Conduct Training
Identity Needs and capabilities of interested parties
Performance Evaluation provides an in-depth discussion regarding the criteria for evaluating the overall performance of the OH&S management system. The primary themes of this section focus on the means of process evaluation and documentation of evaluations. The importance of documentation (and how records and data are retained), as well as document dissemination, are performance themes both in ISO 45001 in general and in this section in particular. The organization must establish a system that involves the monitoring, measurement, analysis, and evaluation of its OH&S performance. It should decide what to measure and how, for instance, accidents or worker competence. Moreover, internal audits must be established along with regular management reviews, in order to see the progress made towards the achievement of OH&S objectives and the fulfilment of ISO 45001 requirements.
This section tends to be more specific than some of the others and includes a detailed discussion of documentation requirements, internal audit protocols, and the relevancy and applicability of measurements within the organization. The key attributes of this section include:
Following applicable legal requirements and documentation are followed.
Measuring operational risks and hazards.
Evaluating the effectiveness of operational controls.
Establishing the timeline for conducting the measures.
Planning for analysis, evaluation, and communication of the results.
Calibrating and verifying the accuracy of all equipment.
Retaining documentation of all measures.
Auditing the OH&S Management System, the OH&S Policy, OH&S Objectives and the 45001 requirements.
Establishing the frequency of audits and account for significant changes to the organization, performance improvements, risks, and opportunities.
Ensuring the competence of auditors.
Communicating findings to management, workers, and worker representatives.
Taking action to address identified nonconformities.
Retaining audit results as evidence of the completion of the audit.
Reviewing audit findings and corrective actions by top management.
Ascertaining that corrective actions, worker engagement, and opportunities for continual improvement are in place
The most important objectives of the Performance Evaluation section are ensuring the adequacy of the current OH&S management system and measuring that OH&S objectives are met. These are, essentially, the only measures of success.
The organization not only has to measure occupational health & safety progress, but it should also consider its significant hazards, compliance obligations, and operational controls when tackling this clause. The methods established should have considerations to ensure that the monitoring and measuring periods are aligned with the needs of the OH&S Management System for data and results; that the results are accurate, consistent, and can be reproduced; and that the results can be used to identify trends. It should also be noted that the results should be reported to the personnel with the authority and responsibility to initiate action on the basis of the outputs themselves.
The standard recognizes that evaluation requirements will vary from organization to organization based on factors such as size, compliance obligations, sector worked in, past history and performance, and so on, but suggests that regular evaluation is always required. If the result of a compliance evaluation reveals that a legal requirement is unfulfilled, the organization needs to assess what action is appropriate, possibly up to contacting a regulatory body and agreeing on a course of action for repair. This agreement will now see this obligation become a legal requirement. Where non-compliance is identified by the OH&S Management System and corrected, it does not automatically become a non-conformity.
Internal audits and auditors should be independent and have no conflict of interest over the audit subject, the standard reminds us, and it should be noted that non-conformities should be subject to corrective action. When considering the results of previous audits, the results of previous internal and external audits and any previous non-conformities and resulting actions to repair them should be taken into account.
The 45001:2018 standard refers us to ISO 19011 for the internal audit program, but when you are establishing your program there are several rules you can subscribe to in order to ensure that your program is effective. Base your internal audit frequency on what is reasonable for your organization in terms of size, the sector you operate in, compliance obligations, and risk to the health and safety of workers. Decide what is reasonable for you, whether that is bi-annually, quarterly, or whatever you deem suitable. Keep in mind that this schedule can be changed, preferably through management review and leadership guidance, in the event of changes that necessitate extra internal audit activity.
It should be noted that, contrary to popular belief, the management review does not have to be done all at once; it can be a series of high-level or board meetings with topics tackled individually, although it should be on a strategic and top management level. Complaints from interested parties should be reviewed by top management, with resultant improvement opportunities identified. It should be remembered that the management review generally is the one function that must be carried out accurately and diligently to ensure that the function of the OH&S Management System and all resulting elements can follow suit. It goes without saying that all details and data from the management review must be documented and recorded to ensure that the OH&S Management System can follow the specific requirements and general strategic direction for the organization detailed there.
Clause 10, the final major section, delineates the concept of continual improvement within the context of specific activities. Any organization wishing to adopt the principles of ISO 45001 must have a plan for addressing nonconformities in a timely manner. Organizations should take direct action to control conditions and deal with consequences. Nonconformities can be identified from investigations, audits, or other events. The corrective actions should be evaluated and the results should be documented. To achieve continual improvement, the organization shall have an OH&S management system that:
Prevents the occurrence of incidents and nonconformities.
Promotes a positive OH&S culture.
Enhances OH&S performance
The organization should react accordingly to nonconformities and incidents, and take action to control, correct them, cope with their consequences, and eliminate their source so as to prevent recurrences.
Outputs from management reviews, internal audits, and compliance and performance evaluations should all be used to form the basis for improvement actions. Improvement examples could include corrective action, reorganization, innovation, and continuous improvement programs.
Prevention of incidents and elimination of hazards is a key facet of the OH&S Management System, and this is specifically addressed in the definition of organizational context (4.1) and assessing risks and opportunities (6.1). Taking action to correct and control problems when they occur, and then to investigate and take corrective action for the root causes of these problems when it is necessary, are critical to prevent recurrence of process nonconformity. The organization must
React to incidents in a timely manner.
Take direct action to control and correct.
Evaluate the root cause
Determine action
Review of assessment of OH&S risks prior to taking action
Communicate documented information to relevant workers
Reporting of incidents without delay can assist in the removal of hazard
Through all of the actions to improve the overall OH&S Management System, the organization can achieve enhanced OH&S performance and promote a culture that supports worker participation in making the OH&S Management System better. The organization must:
Enhance OH&S performance
Promote a positive OH&S culture
Promoting the participation of workers in implementing actions
ISO 45001 is an International Standard that specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organization to proactively improve its OH&S performance in preventing injury and ill-health. ISO 45001 is intended to apply to any organization regardless of its size, type, and nature. ISO 45001 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/well-being; however, it should be noted that an organization can be required by applicable legal requirements to also address such issues.
It provides a framework for organizations to instigate proper and effective management of health & safety in the workplace. By having a clearly defined management system in place to identify and control health and safety risks, organizations can minimize risks to their workforce and visitors or external contractors on their premises. The standard will enable organizations to put in place processes for continually reviewing and improving occupational health and safety.
Key areas that will be assessed by OH&S MS certification
Management systems in place
Planning and risk assessment
Staff training and awareness
Communication of safety management systems
Response to emergencies
Monitoring and continual improvement
It helps in achieving a structured health and safety management system throughout the organization and will demonstrate your commitment to the welfare of your staff and external parties. It will provide a framework to implement the ISO 45001 requirements and a process for continual improvement. ISO 45001 is suitable for all types of an organization wanting to become more efficient in managing and reducing accidents in the workplace.
By setting up systems that are assessed by a third-party certification body, organizations will prove to their staff, suppliers, and customers that they take health and safety seriously. ISO 45001 accreditation provides a framework to help organizations meet their legal obligations to Health and Safety in the workplace.
Benefits of ISO 45001:2018
In a competitive marketplace, your customers are looking for more than just keen pricing from their suppliers. Companies need to demonstrate that their businesses are managed efficiently and responsibly and that they can provide a reliable service without excessive downtime caused by work-related accidents and incidents. Certifying your ISO 45001:2018 occupational health and safety (OH&S) management system enables your organization to prove that it conforms to the specifications and provides the following benefits:
Customer satisfaction – through the delivery of products that consistently meet customer requirements whilst safeguarding their health and property
Reduced operating costs – by decreasing downtime through incidents and ill health and reducing costs associated with legal fees and compensation
Improved stakeholder relationships – by safeguarding the health and property of staff, customers and suppliers
Legal compliance – by understanding how statutory and regulatory requirements impact the organization and its customers
Improved risk management – through clear identification of potential incidents and implementation of controls and measures
Proven business credentials – through independent verification against recognized standards Ability to win more business – particularly where procurement specifications require certification as a condition to supply
How to achieve ISO 45001:2018 certification – implementation / Certification steps
I can offer a well-defined and proven implementation methodology for ISO 45001:2018 certification.
Gap Analysis
Awareness Training
Hazard analysis and risk analysis
Documentation Design and finalization
Implementation
Internal Auditor Training and conduct of the internal audit
Management Review Meeting
Review of Implementation
Pre-assessment audit
Stage 1 – certification audit
Stage 2 – certification audit
Award of OHSAS 9001 certification
Continual improvement of the system through value-added consulting and training services
Integrate ISO 45001 with other management system standards
ISO 45001 is designed to be compatible with other management systems standards and specifications, such as ISO 9001, ISO 22000, ISO 17025, ISO 27001, ISO 14001 and other ISO management standards. They can be integrated seamlessly through an Integrated Management system approach. They share many principles so choosing an integrated management system can offer excellent value for money and an easier approach to implement, manage and improve multiple standards simultaneously.
What can I offer in the field of ISO 45001 standards and certification?
I can provide unmatched expertise and technical competence to ensure that your ISO 45001:2018 occupational health and safety (OH&S) management system certification project adds value to your organization.
I provide consulting, training, internal audits, pre-assessment audits and facilitation during ISO 45001 certification audits.
I can offer the global knowledge moulded locally to bring in the best results for the clients and partner their journey of standardization, compliance, growth, success and continual improvements.
Contact now, to get your organization ISO 45001:2018 certified most effectively and efficiently while realizing the true benefits of the certification using our specialized OH&S MS implementation methodology that is less time-consuming, fast, easy to understand and implement, result-oriented, time-bound and cost-effective. Get ISO 45001 certified now …
I’m excited to share the book I have authored:
Standard for Integrated Management System for Quality, Environment & Health & Safety
ISBN: 978-8199763272 Published by Brown Books Publications
This book provides a practical, risk-based framework to integrate Quality, Environmental, and Occupational Health & Safety systems into one streamlined management system — helping organizations eliminate duplication, improve efficiency, and drive continual improvement.
