ISO 45001, like all management system standards, now advocates the risk-based approach.
This can be seen as more proactive, however, in ‘old’ terms this was seen and managed within the ‘preventive’ process. The new requirements and structure of ISO 45001 requires risks to be evaluated and remedied, rather than being hazard control.
With the inclusion of identifying OH&S (and other) opportunities, addressing the need to act to enhance or improve the management system comes out of the risk identification, hazard identification and other activities within the organisation.
Risk is ‘the effect of uncertainty’, by reducing the effect of uncertainty we will reduce our organisation’s risk exposure. ISO 45001 sets out to do this by requiring organisations to be clear on and understand:
Risk based thinking starts are the very beginning, when organisations are considering their context, the relevant requirements of their interested parties and the scope that the OH&S management system is to cover. Considerations should be made to both internal and external issues and the potential impact they can have on the systems and processes.
When identifying external and internal issues, and needs and expectations of interested parties, there may be a risk source that will require assessment and action as required.
As with all risk related areas, planning to address should be proportionate to the perceived level of risk identified and the objectives of the organisation.
Whilst considering all potential risks (to OH&S performance), focus should be on those hazards that are most likely to occur or have the most impact.
Reduction and / or prevention of undesired effects will help the organisation achieve its goals and objectives and continual improvement.
Awareness of these sources of risk, that have a potential to occur or a known actual event and consequence, can lead to both risk and opportunity. Identifying and determining the risks and opportunities can support the organisation in both its strategic and operational level.