Contractors and Outsourcing
There is tighter control and requirements for an organisation to ensure that its outsourced processes are defined and controlled. When outsourced products and/or services supplied are under the control of the organization, supplier and contractor risk must be managed effectively. Organisations cannot contract out the risk.
Outsourcing (supply chains) are becoming increasingly complex, without the right balance and awareness, management potentially have substantial risks to the business consisting of legal, financial and reputational risk. Businesses must now look beyond their own immediate health and safety issues and take into account the wider society. By thinking about its contractors and suppliers, the organisation will be able to consider the effect on their neighbours (or other interested parties).
Contractors also fall within the scope of ‘workers’; contractors should be fully engaged by organisations to enable development, planning, implementation, performance evaluation and actions for improvement of the OH&S system.
Contractor / Outsourced activities can include a multitude of services provided / undertaken on behalf of organisations, such as:
- Maintenance
- Construction
- Facilities
- Security
- Cleaning
- Waste management, etc.
As noted, organisations cannot contract out risk, when contracting with external organisations they need to ensure that hazards and associated risks are identified and controlled by both parties. Organisations must define OH&S criteria for the selection of contractors. Some factors to consider include:
- The ability of the contractor (external organisation) to meet requirements
- Competency to determine hazards, assess risks and determine controls
- Effect the outsourced process on the organisation
Once engaged with outsourced providers, the organisation should also consider and specify how the provider will co-ordinate with the organisation, including relevant controls already determined, incident / near miss reporting and interaction with other workers.
Controls are an important part of the outsourced process. Controls should be defined within the organisations systems and communicated with providers. Controls can include, contractual agreements, training, inspections and risk assessments.
What is your worst case scenario? Is your business prepared?
‘Worst case scenario’ is one of my favourite games to hypothetically play with clients. Ask yourself this; ‘How would you manage in a worst-case scenario situation?’ Maybe a client or customer complains publicly about your service, or a negative article is written in the press about your business. Do you have the right processes and procedures in place to manage the situation, especially if it went public on social media? This is where having a social media crisis plan in place will help you sleep easier at night, especially when it is joined up to overall business crisis and continuity plans.
Depending on the business you operate the worst-case scenarios could be vastly different, a restaurant might have a one-off issue with food poisoning, a manufacturing business a problem with faulty goods. Regardless of the actual event there are ways to mange the situation to prevent a small negative piece of feedback exploding into a full-blown public relations or social medial crisis. Every business should have a plan to guide them in the event of a worst-case scenario moment. Below are some tips about how to help avoid a crisis in the first place and what to do in the event of something escalating.
10 tips for crisis management
- How will you know when there is an issue? Make sure someone in the business is regularly checking for negative feedback.
- Have a clear process in place – when an issue emerges who deals with it? If you have a crisis process in place now does it cover social media?
- Know who needs to be involved and who makes key decisions – when you are in the midst of a crisis this is not the time to be working out who should be doing what.
- Anyone involved in crisis management should be aware of that fact and understand their role.
- Who can be called out of hours – have a rota in place for key stakeholders which includes phone numbers and make sure those on it are aware of the fact.
- Plan for the worst – brainstorm all the events that you can think of that might cause negative news about your business.
- Involve any customer service teams as they are the ones that deal with customer feedback and know what the common issues are likely to be.
- Have FAQ’s ready – once you have identified your common questions prep answers to manage them.
- Training everyone who needs to be involved – a dry run in a safe environment is a great way to test processes.
- Don’t just hope for the best – having a plan might feel like an extravagance but in the heat of the moment you will be grateful of the time spent prepping!
We can help you plan for your crisis moments, to discuss options please contact us either by email (enquiries@blackmoresuk.com) or by phone: 01462 476145.
Article written by Rachel Kerr (RK Social Communications) on behalf of Blackmores.
ISO 45001, like all management system standards, now advocates the risk-based approach.
This can be seen as more proactive, however, in ‘old’ terms this was seen and managed within the ‘preventive’ process. The new requirements and structure of ISO 45001 requires risks to be evaluated and remedied, rather than being hazard control.
With the inclusion of identifying OH&S (and other) opportunities, addressing the need to act to enhance or improve the management system comes out of the risk identification, hazard identification and other activities within the organisation.
Risk is ‘the effect of uncertainty’, by reducing the effect of uncertainty we will reduce our organisation’s risk exposure. ISO 45001 sets out to do this by requiring organisations to be clear on and understand:
- What they have to do (legal requirements).
- What they chose to do (other requirements).
- How they will do it (planning, support, and operations).
- It is being done (performance evaluation).
- How to do it better (Improvement).
Risk based thinking starts are the very beginning, when organisations are considering their context, the relevant requirements of their interested parties and the scope that the OH&S management system is to cover. Considerations should be made to both internal and external issues and the potential impact they can have on the systems and processes.
When identifying external and internal issues, and needs and expectations of interested parties, there may be a risk source that will require assessment and action as required.
As with all risk related areas, planning to address should be proportionate to the perceived level of risk identified and the objectives of the organisation.
Whilst considering all potential risks (to OH&S performance), focus should be on those hazards that are most likely to occur or have the most impact.
Reduction and / or prevention of undesired effects will help the organisation achieve its goals and objectives and continual improvement.
Awareness of these sources of risk, that have a potential to occur or a known actual event and consequence, can lead to both risk and opportunity. Identifying and determining the risks and opportunities can support the organisation in both its strategic and operational level.
Top Management and Leadership within ISO 45001, what does this mean / require?
ISO 45001 places greater emphasis on management’s ownership and commitment to the organisation’s OH&S, it is central to the standard’s effectiveness and integration.
Unlike OHSAS 18001, that delegated responsibility to safety personnel, ISO 45001 requires the incorporation of health and safety in the overall management system of an organisation, driving top management to have a stronger leadership role in the safety and health program.
Under ISO 45001 top management are required to demonstrate that they engage in key OH&S management system activities within the organisation.
This requirement includes the active development, leading and promoting a culture of safety at work, and protecting workers from reprisals when reporting incidents. Top management will have to demonstrate involvement rather than delegation, and top management should be seen by all workers as being actively involved and demonstrating their commitment.
There is a greater focus on top management to ensure that there is consultation and participation of workers (formal and informal) in the development, planning, implementation and continual improvement of the OH&S management system.
With ISO 45001, the safety culture of the organisation must be supported through the engagement of management with workers and demonstrated through a top-down emphasis. Instead of providing oversight of the program, management a required to be true safety leaders. Protection of workers, as well as performance improvements, are roles of leadership under the new ISO 45001.
Top management have the responsibility to ensure that the importance of effective OH&S management is communicated and understood by all parties and ensuring that the OH&S management system can achieve intended outcomes. This can include:
- Ensuring alignment of the OH&S management system with the organization’s business objectives
- Ensuring necessary resources are available
- Encouraging workers (other interested parties) to get actively involved in improving OH&S performance
- Involving everyone in OH&S decision making, promoting open discussions
- Clearly communicating that improvement and not blame is the objective
Clear and consistent Leadership is required. OH&S management is everyone’s business; it involves everyone, from the highest level down throughout the organization, including temporary as well as permanent workers, visitors and neighbours. It also has to be across all areas of the organization, departments and divisions, to ensure the development of collaborative and engaging relationships.
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
What our clients have to say
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.