ISO 45001 is an international standard specifying requirements for an OHSMS (Occupational Health & Safety Management System). A management system based on its requirements can help organizations to better manage their OHS risks and improve their OHS performance – ensuring that workers are healthier and safer, while sustaining financial viability / profitability at the same time. ISO 45001 is intended to be applicable to any organization – regardless of its size, type or nature.
Its release in March 2018 has been eagerly anticipated and many consider this to be the most important health and safety standard ever – as it is the first, certifiable ISO (International Standards Organisation) standard for an OHS management system. Previously, organizations have based their systems on national standards such as AS/NZS 4801 or the widely adopted BS/OHSAS 18001.
ISO 45001 is one of the last of ISO’s management system standards to be based on their common high-level clause structure and terminology. The same risk-based approach and structure has previously been applied to various other ‘new generation’ standards such as ISO 9001 (Quality), ISO 14001 (Environment), and ISO 27001 (Information Security). Whilst individual standards may add “discipline-specific” requirements as required, ISO believes that this common approach will increase the value of such standards to users. It is particularly beneficial for organisations with an IMS (integrated management system) to address the requirements of two or more standards.
The table below illustrates the clause structure of ISO 45001 in the context of the PDCA cycle – starting at clause 4 (the first clause specifying a requirement).
Context of the organization
4.1 Understanding the organization and its context.
4.2 Understanding the needs and expectations of workers and other interested parties.
4.3 Determining the scope of the OH&S management system.
4.4 OH&S management system.
For the purposes of an OHSMS, the context of the organization might be considered as the internal and external factors that can affect its ability to achieve its intended OHS outcomes. Understanding the organization might involve some form of situational awareness or PEST / SWOT analysis.
The relevant needs and expectations of your workers and other interested parties need to be understood. At that point, the scope of your OHSMS may be determined, and you can establish the necessary operational and support processes, and the interactions between them.
Although some elements of this clause were included in earlier OHS standards, the requirements are now more extensive, and ‘the context of the organization’ is a new concept.
The requirements are similar to those in other new-generation ISO standards and could be dealt with in an integrated manner where appropriate.
Leadership and worker participation
5.1 Leadership and commitment.
5.3 Organizational roles, responsibilities and authorities.
5.4 Consultation and participation of workers.
For an OHSMS to be successful, it needs to be inspired and led from the top. Top management must take accountability for it, express their commitment, and give direction. Everyone in the organization should be aware of what its policies and objectives are, and what is their role in maintaining and achieving them.
In larger organizations, top management will not be able to attend to the day-to-day administration of the system themselves. Other people may perform those roles, but they must be given leadership, support, and adequate resources.
The requirements for commitment in many earlier OHS standards are expanded to incorporate ‘Leadership’.
Although 5.1 – 5.3 are similar to those in other new-generation ISO standards, ISO 45001 has an additional requirement for worker participation and consultation. This requirement is a more stringent version of those stated in earlier OHS standards.
6.1 Actions to address risks and opportunities.
6.2 OH&S objectives and planning to achieve them.
This clause is closely linked to clause 4. Having identified factors that affect health & safety, the organization needs to develop strategies and actions to:
- Maintain and build on its Strengths
- Correct Weaknesses that might be barriers to meeting requirements and achieving objectives
- Grasp or maximise Opportunities
- Mitigate or manage Threats or Risks
Essentially, there should be some form of Action Plan to address the risks and opportunities that you have identified regarding your OHS management system.
Requirements for hazard identification are included in 6.1. These are more detailed than in earlier OHS standards.
7.5 Documented information.
Determine, plan, and provide the resources and support mechanisms to enable your organization to achieve its OHS objectives.
The term ‘Documented information’ is ISO’s catch-all phrase that replaces earlier references to Documents, Document control and Records.
The communications section is considerably strengthened from that in earlier OHS standards – with more detail specified. Whilst other requirements are broadly similar, support processes are now helpfully brought together in one clause.
8.1 Operational planning and control.
8.2 Emergency preparedness and response.
Plan, implement and control the processes needed to meet OHS requirements and implement the actions determined to address risk.
The standard specifies a hierarchy of controls in order of risk management preference. There are some subtle differences to hierarchies described in previous standards.
The management of both temporary and permanent changes that might affect health and safety are included here (in 8.1). It is an expanded requirement compared to earlier OHS standards. It also differs a little from other new-generation standards – where the topic is generally considered in clause 6.
Controls over outsourcing, procurement and contractors are also considered here. Those requirements are stronger than in earlier OHS standards.
9.1 Monitoring, measurement, analysis and performance evaluation.
9.2 Internal audit.
9.3 Management review.
Evaluate the performance of the OHSMS. Audit its effective implementation and conformance to requirements. Top management to periodically review the system.
The requirements for management review are expanded from those in earlier standards. Some of these changes are quite subtle e.g. where BS OHSAS 18001 required consideration ‘communications from interested parties’, the new standard talks of ‘communications with interested parties’. This suggests a two-way conversation with outgoing communications also needing to be taken into account.
Other new requirements are more substantial. For example, there is much greater emphasis on consideration of resources, risks and opportunities.
Management review inputs (or ‘agenda’ for most people) is again expanded from earlier OHS standards. In integrated systems it would be quite practical to have a fully integrated management review.
10.2 Incident, nonconformity and corrective action.
10.3 Continual improvement.
Deal with incidents and nonconformities, determine the cause(s), act to eliminate them, and achieve improvement.
Incidents are now included in the same sub-clause as nonconformities and corrective actions. That seems logical as they can be dealt with in similar methods.
The equivalent requirements of other new-generation standards are compatible. Therefore, integrated systems may use the same basic process for handling incidents and nonconformities.
ISO 45001 was released on 12 March 2018. OHSAS 18001 has already been withdrawn and other earlier standards are likely to follow suit. Certification bodies globally will shortly commence offering certification to ISO 45001. For those wishing to transition their certification from an existing standard to ISO 45001, there will generally be a 3-year transition period. In most cases, an organization developing an OHSMS for the first time, would base it on the requirements of ISO 45001.
So, that’s our quick introduction to the new ISO 45001 standard. We trust that you found it useful.
Your next step?
The first step in developing or updating a management system is to identify any gaps between what is currently in place, and the new requirements. This is known as a Gap Analysis. Qudos Certification Limited and its partners can provide a Gap Analysis service to help your organization identify gaps between its current arrangements and the new ISO 45001 standard. An experienced lead auditor will review your current management system and interview key personnel involved in relevant areas of your organization. A report will be provided with a detailed a gap analysis against the standard. This may be used as a dynamic tool in the development of your system.
Contact us now to discuss your needs.