Global Safety Standard ISO 45001: from 2013 and beyond
Projecting the launch date of ISO 45001 has been interesting.
Consider that the Technical Committee [PC 283] is made up of 90+ safety professionals from 65 countries so getting consensus would be a challenge.
Even an agreement on the title, being OH&S versus OS&H resulted in a committee ballot involving consultation with 90+ people going back to their respective countries. The consensus was ‘OH&S’.
The committee commenced the review in 2013 and late [November] 2018 is a likely release date for ISO 45001 OH&S – the first ISO global safety standard.
This gives organisations approx. 2 to 3 years from now [Feb 2018] to transition from AS 4801 to ISO 45001. Although not yet available it is close enough to get started.
ISO 45001 Facts
Replaces OHSAS 18001 which was never an ISO standard
The Standard mirrors the new ISO structures now in place with ISO 9001 quality and ISO 14001 environmental 2015 updates [Annex SL (PDCA) common framework]
There are 10 clauses and 42 sub-clauses to address and is supported by 39 Annexes
The Standard contains 83 ‘shall’ [mandatory] statements.
ISO 45001 words to be aware of
In the context of this standard, key words that require careful consideration and some evidence based include the following.
Advisory process: Consultation is seeking views before a decision is made. Consultation is about seeking opinion, advice and expertise of interested parties. In the case of OH&S this must include a cross section of workers [non-managerial roles].
Decision making stage: Participation refers to direct and transparent involvement in the decision making process. Having consulted, the opinion/advice of those consulted must be carried through to the participation stage of making decisions relating to OH&S.
Improvements: OH&S opportunities are various circumstances than can lead to improvement on OH&S performance. These sometimes come from risks converted to an opportunity [risk assessments], suggestions, outcomes of investigations and change management processes.
Top management refers to a person or group of persons [Board/ Executive group or committee] who direct and control an organisation at the top level.
What does it look like?
Its looks like a typical Plan/Do/check/Act PDCA Cycle.
The big ticket items to be addressed. Make a coffee and sit down before you turn the page...
CLAUSE 4 ORGANISATIONAL CONTEXT – Planning [PDCA]
Before establishing the scope of an OHSMS the organisational context needs to be considered. This must be documented.
First determine the internal and external interested parties relevant to the organisation’s purpose/business that have a potential to influence [+/-] the effectiveness of the OHSMS. This will lead to the identification of issues and subsequent needs and expectations.
The key issue with the organizational context is the need to consider all interested parties [stakeholders] and be very specific to your actual organisation. Therefore if you are reliant on major funding organisations, partnership arrangements etc or your industry is highly regulated [industry organisations and standards etc] these all need to be included and the particular needs/expectations explored.
Ensure you document how this process is undertaken, including parties to the decision making process and keep minutes.
Once this process has been achieved the scope of the organisations OHSMS can be developed taking into account the above.
CLAUSE 5. LEADERSHIP & WORKER PARTICIPATION – Planning [PDCA]
Leadership and commitment
Top management shall demonstrate leadership and commitment. As a minimum leadership and commitment is demonstrated through:
OHSMS integration: Developing an OHSMS integrated with all aspects of the organisation based on a risk thinking approach. This means effort and resources are assigned to the most significant OH&S risks [risk ratings].
OHSMS compliance: Measure, monitor and deliver the OHSMS against objectives and other intended results. Where certification to ISO 45001 is achieved this is considered and ‘intended result’.
OHSMS objectives: Setting, implementing, communicating, monitoring and reporting on a set of measurable strategic objectives representative of the business scope and associated risk priorities. [Note: Claiming compliance to ISO 45001 as an objective is not an accepted safety objective as it does not represent a specific risk or risk prioritisation. However, measurement of ISO 45001 audit outcomes for opportunities to improve could be a measurement of an objective such as continual improvement.]
Management engagement: Support all management tiers of the workforce to engage in OHSMS responsibly and proactively.
Resources: Resources strategy including procurement, fitness for purpose, operator competencies and resources lifecycle management.
Continual improvement: Promoting, management and measurement of continual improvement including converting risks to opportunities.
Safety Culture: Proactively initiate and lead a safety culture - ‘safety in every aspect of what we do is the way we work at xxx’
Worker consultation and participation: Consultation and participation in the workforce – refer ‘worker consultation and participation is mandatory’
Worker consultation and participation is mandatory
Participation and consultation are NOT the same thing
Participation is worker [non managerial] INVOLVEMENT IN DECISION MAKING. Determine and mitigate barriers to participation.
Consultation is SEEKING VIEWS / OPINIONS / ADVICE.
CLAUSE 6. PLANNING FOR THE MANAGEMENT SYSTEM – Planning [PDCA]
Risk Management Planning
Management of risk through an all of business risk assessment process to determine risks and opportunities – Risk Register to capture corporate and operational risks. Subject to leadership review and consultation and participation within the workforce / other stakeholders.
Hazard and Risk Management - HIRAC
Risk assessment procedure in place to identify hazards, assess and control risks and seek opportunities for improvement.
Risk management to take into account:
Work organisation and workflow arrangements
Standard and non-standard work practices
Emergency situations including unplanned events
Workplace design and workplace changes
Legal, Regulatory and Compliance Standards
Identification and integration of regulatory and compliance requirements into the management of risk. Included in the Risk Register, risk assessments and work methods. This shall form an integral part of the workplace consultative and participation processes.
Taking into consideration the risk management process [risks and opportunities], objectives are determined and set by leadership in consultation and participation with the workforce and other related stakeholders.
Objectives should be clear, concise and measureable.
Delivering the objectives
Resources shall be assigned to the delivery of objectives.
A plan with assigned responsibilities, timelines, tools and processes for communicating, monitoring, measuring, updating and continually improving outcomes and objectives shall be established.
Integration of the objectives shall be reflected throughout all of business operations. Each objective should be measured and reported across operational levels within the organisation.
CLAUSE 7. SUPPORT – Planning and Delivery [PDCA]
Support is required to meet the objectives of the SMS and to ensure the SMS is fully integrated with other business systems and operations.
Support includes competent knowledge people whether internal or outsourced [contractors].
Awareness, competence, retaining competencies, licencing and knowledge about safety in relation to an individuals role within the organisation are critical factors. A training needs analysis will support these needs.
Communications within and external to the organisation in relation to supporting the SMS objectives and day-to-day operational needs of interested parties to ensure clarity and transparency of operational activities and resources needs.
As with all systems documentation must be in place:
current to legislation and internal practices,
understood [plain language],
able to be sourced at point of need ,and
under a document control regime.
This includes both internal and external documentation.
Change management of processes and documentation must be in sync.
CLAUSE 8. OPERATION – Plan and Deliver [PDCA]
Clause 8 is a new section and addresses hazard and risk planning and delivering against the agreed planned approach.
Operational planning and delivery [act on the plans]
Operational planning must identify hazards and consider the hierarchy of controls when assessing the risk and determining overall actions and controls. The process plans must deliver against the SMS objectives and take into account risk management principles.
Planning must also take into account worker health and welfare including health monitoring and injury management.
Eliminating hazards and reducing risks
A hazard identification, risk assessment and control HIRAC process is required. This must also consider the need for and type of monitoring and measuring/testing to be used for determining effectiveness and future improvement opportunities.
A clear focus of hazard management in the mitigation of risk and as such preventive measures put in place that ensure risk control is effective.
Change management is a planned, organised, consultative process based on PDCA principles. Each stage of the planned change must be validated before proceeding to avoid ‘unknowns’ which could be a safety and productivity risk.
Outsourcing is a new clause that relates to outsourced provisions of services and systems integral to the organisations ability to deliver the SMS and objectives.
Like subcontracting and procurement, consideration must be given to safety aspects of outsourcing, should be consultative and participatory in the decision making process and must have in place effective performance monitoring.
Procurement shall cover safety risk aspects of both provider/supplier and product selection.
Any procurement that includes use or operation of a product or device, or installation of a product or device, must take into account all aspects of hazard and risk management. Training and awareness of users must be considered and change management processes initiated.
Contractor management is generally a risk to an organisation and care undertaken to include as a minimum:
Communication and participation
Inductions including site hazards and emergency response
Internal audit of contractors against pre-qualification claims and onsite performance
Performance monitoring on a regular basis and post any project work to review general contractors safety performance
Responsibility for contractor activities and their performance on site always sits with the organisation contracting the work and therefore ongoing management and monitoring shall be built into the SMS and subsequent daily activities.
Emergency preparedness and response
Emergency preparedness and response must take into account both planning and immediate responses:
Identification of types of emergencies
All locations – specific needs planned and emergency response instructions on sites
Emergency equipment needs appropriate to emergency types and locations
Appointment and training of wardens and others
Testing the effectives of plans – drills and drill reviews
First aid needs and equipment must take into account local needs and a risk assessment against site and people requirements. Consultation and participation in the workplace is important.
Where the organisation is not the prime occupier or in control of the site/workplace, plans must be in place to coordinate, cooperate and participate in any planning, response training or other requirement.
CLAUSE 9. PERFORMANCE EVALUATION – Check [PDCA]
Clause 9 has three clear purposes:
Monitor, measure, analysis and evaluation of overall safety and people welfare performance
Internal audit as a measure of SMS performance
Management review to receive performance information and act on that information moving forward – resources, improvements and safety suitability
Monitor, measure, analysis and evaluation
Requirements for monitoring, measuring and analysis for the purposes of evaluation and reporting to management review shall include as a minimum:
SMS objectives and processes
Work methods/practices for effectiveness and opportunities for improvement
Hazards and risks including effectiveness of risk controls
Health and welfare of people for injury and illness prevention
Injury management and monitoring for return to full and useful capacity work
Devices and equipment used for safety purposes
Operational plant and equipment including fixed and mobile plant for effectiveness of training and competencies, safety protective measures/guards
Evaluation of compliance to legal and regulatory requirements, the SMS and industry standards and contractual agreements such as enterprise or other employment agreements re safety.
Internal audit program comprising compliance to:
ISO 45001 compliance
Projects or other specific business activities
Risk management compliance
Management review shall address the review of the SMS in compliance with its intended objectives, safety performance, resources and planning for future needs.
Executive management shall take ownership of management review and include communication of inputs and outputs across the organisation.
CLAUSE 10. IMPROVEMENT – Act [PDCA]
Clause 10 has two clear purposes:
Incident, investigation, nonconformity and corrective action
Improvements arising from all aspects of the business
Incidents and investigations
Formal processes for incident reporting and investigation leading to opportunities for improvement as part of the lessons learnt from each event.
Nonconformity and causal analysis
The nonconformity management process shall provide casual analysis leading to opportunities for improvement and mitigation of risk.
Causal analysis of nonconformities whether plant, property, activities, systems or event related shall be risk focused.
When changes occur through the nonconformity management process, change management protocols shall be followed.
Corrective actions to address hazards, issues and manage risk shall be dimpleleted in a timely manner.
The corrective action process shall be documented.
Improvements and opportunities – objectives and processes
Continual improvement plans arising from all forms of analysis and reporting, initiatives and ideas and technology solutions are investigation for opportunities to continually improve workplace health and safety performance. These in turn should incrementally improve safety targets established as part of the overall SMS objectives.
Improvement plans should follow a PDCA cycle and include consultation, participation and communication. Plans shall be measured and monitored for effectiveness.
Change management protocols apply to all improvement plans.
WHERE TO FROM HERE?
Get a plan, get started...