You’ve just got your head around the principals and the requirements of the Health and Safety standard BS EN 18001, and your finally comfortable with this, however, there’s discussions of migration to ISO 45001. You’re assigned with the migration process, however as you’re smiling and nodding in agreeance, you’re actually trying to digest what ISO 45001 is, figuring out what to do, and where to begin!
Hopefully the following will support you in understanding what an Occupational Health and Safety Management System is, the benefits to implementing one within your business and the next steps to achieving certification.
What is an Occupational Health and Safety Management System?
- ISO45001 is an Internationally recognised Standard designed to provide a framework for establishing an Occupational Health and Safety Management System (OHSMS);
- An OHSMS will help your business (regardless of size and nature) to integrate all aspects of health and safety, including worker wellness/wellbeing;
- An OHSMS will impel your business to manage, monitor and control accident and incidents, to ensure accidents and incidents are prevented for all persons working under tour control;
- An effective OHSMS should ensure that your business will continually measure performance and strive for improvement.
The Benefits of an Occupational Health and Safety Management System;
There are various benefits that can be gained for a business when implementing an OHSMS, these can include the following;
- Holding certification to ISO 145001 can demonstrate competency to potential new clients when tendering for new works or Frameworks;
- A well-maintained OHSMS demonstrates compliance with current and future statutory and regulatory requirements and ability to respond to regulatory compliance issues;
- Incorporating an OHSMS within your business can reduce the overall costs of incidents, downtime, disruption to operations, insurance premiums and non-attendance;
- Possessing an OHSMS within your business can demonstrate your business recognises Occupational Health and Safety as a significant priority and therefore can lead to possessing a respectable reputation within your industry.
The Next Steps…
Undoubtedly the next step is to implement an OHSMS or implement changes that have been presented from the new standard, but the key is to remember that you do not have to undertake this task unaided, and that there are consultants who are experts on implementing Management System.
Our free ISO 45001 health check will help you to evaluate how good your health and safety is, simply contact us and quote: ‘ISO 45001 Health check’
What business benefits are there in implementing ISO45001
Over 6000* people die each day from work-related accidents or diseases – that’s over 2.3 million* every year.
Additionally, there are some 340 million* occupational accidents, many of these resulting in extended absences from work.
- Diseases related to work cause the most deaths among workers. Hazardous substances alone are estimated to cause 651,279 deaths a year.
- The construction industry has a disproportionately high rate of recorded accidents.
- Younger and older workers are particularly vulnerable. The ageing population in developed countries means that an increasing number of older persons are working and need special consideration.
* source: International Labour Organisation
With effective and robust processes in place, many organisations can mitigate and / or prevent such incidents.
ISO 45001:2018 sets the framework for establishing, implementing, and maintaining an occupational health and safety (OH&S) management system, managing OH&S risks and opportunities. With ISO45001 being based on the high-level structure for all management systems, an organisation can combine systems with other standards e.g. ISO9001 and ISO14001.
ISO45001 is designed to prevent work-related injury and ill-health and to provide safe and healthy workplaces. Ultimately, its aim is to promote and protect the physical and mental health of workers, a responsibility held by any organisation.
Being an international standard, ISO45001 crosses all boundaries; geographic, political, economic, commercial and social. So, whether large or small, trading locally, nationally or internationally, ISO45001 sets the benchmark.
Good safety and health management systems and cultures help organisation to:
- Prevent injury, illness and death
- Improve reputation, resilience and results
Benefits can include:
- Improve ability to respond to regulatory compliance issues
- Improve identification of hazards and risks
- Reduce the overall costs of incidents
- Reduce downtime and the costs of disruption to operations
- Reducing the cost of insurance premiums
- Reducing absenteeism and employee turnover rates
Unfortunately, you can’t acquire a health and safety culture at the flick of a switch. A positive safety culture is about having positive values, attitudes, competencies and behaviour from employees and leaders from all levels. It takes commitment and dedication across the entire workforce.
What is a health and safety culture? And how do you ‘get’ one?
The new ISO 45001:2018 now includes the requirement ‘Leadership and Commitment’ (5.1), which describes the aims to develop, lead and promote a Health and Safety culture that involves all employees on the following:
- Regular communications concerning health and safety matters – Toolbox talks, intranet and meetings
- Protecting your workers – do you provide PPE (Personal Protective Equipment) i.e. high visibility jacket
- Provide a health and safety induction – make employees aware of your company health and safety controls i.e. first aider and fire drills
- Consider support for mental health issues with healthcare specialists
- Ensure relevant controls are in place i.e. lone worker and DSE Procedures
- Establish a health and safety steering group / committee to take the lead and demonstrate commitment.
Interested in how ISO 45001 can help you further with your workplace health and safety? We have a free webinar available to watch: An Introduction to ISO 45001.
What is a Risk Assessment?
A Risk Assessment is simply a careful examination of what, in your line of work, could cause harm to people so that you may weigh up whether you have taken enough precautions or need to do more to prevent harm.
The aim is to ensure that no one gets hurt or becomes ill, as accidents and sickness can ruin lives and affects your business if output is lost, machinery is damaged, insurance costs increase or result in going to court.
You are legally required to assess the risks present in your workplace.
Some assessments of the relationship between hazard and risk are very precise, based on numerical assignments of values which are calculated from detailed considerations of engineering and other disciplines, other risk assessments may be more task orientated such as Display Screen Equipment (DSE) risk assessments.
The important things you need to decide are whether a hazard is significant and whether you have it covered by satisfactory precautions to ensure the risk is minimised. This needs to be checked when you assess the risks. For example, electricity can kill but the risk of it doing so in an office setting is unlikely, provided that ‘live’ components are insulated and metal casings properly earthed.
So how should you assess the risks in your workplace? HSE guidance promoted the following:
5 step approach to hazard identification and risk assessment:
Step 1: Look for Hazards
Walk around your workplace and look for what could reasonably be expected to cause harm, not the trivial things but rather concentrate on significant hazards. Also ask your employees what they think and if they’ve noticed anything that you may not find immediately obvious.
Step 2: Decide who might be harmed, and how
This can include young workers, trainees, non-English speakers, cleaners, visitors, contractors, maintenance workers, members of the public or people you share your workplace with.
Step 3: Evaluate the risks and decide if current precautions are adequate or need improvement
When considering whether current precautions are adequate also consider if the remaining risk is tolerable or intolerable. If it’s intolerable than you need to re-evaluate the precautions and improve until the remaining risk is minimised.
Ask yourself, have you done everything required by law? But don’t stop there – your real aim is to minimise risk and to do so you may need to add further precautions.
Step 4: Record your findings
If you have more than five employees you must record the ‘Significant findings’ of your assessment, this means writing down the significant hazards and conclusions.
An example of this may be: ‘Electrical installations: insulation and earthing regularly checked and working as intended.
Your employees must also be informed of these findings.
Step 5: Review your assessment and revise it if necessary
Your business will inevitably evolve and as new equipment and procedures are introduced so too will new risks. When a significant change has been made, update the Risk Assessment as necessary. Do not do this for every trivial change.
It’s recommended that an annual Risk Assessment is conducted as a minimum to ensure that your business is as up-to-date as possible.
If you are looking for any assistance with Risk Assessments within your organisation, we may be able to help. Contact us on: firstname.lastname@example.org
Contractors and Outsourcing
There is tighter control and requirements for an organisation to ensure that its outsourced processes are defined and controlled. When outsourced products and/or services supplied are under the control of the organization, supplier and contractor risk must be managed effectively. Organisations cannot contract out the risk.
Outsourcing (supply chains) are becoming increasingly complex, without the right balance and awareness, management potentially have substantial risks to the business consisting of legal, financial and reputational risk. Businesses must now look beyond their own immediate health and safety issues and take into account the wider society. By thinking about its contractors and suppliers, the organisation will be able to consider the effect on their neighbours (or other interested parties).
Contractors also fall within the scope of ‘workers’; contractors should be fully engaged by organisations to enable development, planning, implementation, performance evaluation and actions for improvement of the OH&S system.
Contractor / Outsourced activities can include a multitude of services provided / undertaken on behalf of organisations, such as:
- Waste management, etc.
As noted, organisations cannot contract out risk, when contracting with external organisations they need to ensure that hazards and associated risks are identified and controlled by both parties. Organisations must define OH&S criteria for the selection of contractors. Some factors to consider include:
- The ability of the contractor (external organisation) to meet requirements
- Competency to determine hazards, assess risks and determine controls
- Effect the outsourced process on the organisation
Once engaged with outsourced providers, the organisation should also consider and specify how the provider will co-ordinate with the organisation, including relevant controls already determined, incident / near miss reporting and interaction with other workers.
Controls are an important part of the outsourced process. Controls should be defined within the organisations systems and communicated with providers. Controls can include, contractual agreements, training, inspections and risk assessments.
ISO 45001, like all management system standards, now advocates the risk-based approach.
This can be seen as more proactive, however, in ‘old’ terms this was seen and managed within the ‘preventive’ process. The new requirements and structure of ISO 45001 requires risks to be evaluated and remedied, rather than being hazard control.
With the inclusion of identifying OH&S (and other) opportunities, addressing the need to act to enhance or improve the management system comes out of the risk identification, hazard identification and other activities within the organisation.
Risk is ‘the effect of uncertainty’, by reducing the effect of uncertainty we will reduce our organisation’s risk exposure. ISO 45001 sets out to do this by requiring organisations to be clear on and understand:
- What they have to do (legal requirements).
- What they chose to do (other requirements).
- How they will do it (planning, support, and operations).
- It is being done (performance evaluation).
- How to do it better (Improvement).
Risk based thinking starts are the very beginning, when organisations are considering their context, the relevant requirements of their interested parties and the scope that the OH&S management system is to cover. Considerations should be made to both internal and external issues and the potential impact they can have on the systems and processes.
When identifying external and internal issues, and needs and expectations of interested parties, there may be a risk source that will require assessment and action as required.
As with all risk related areas, planning to address should be proportionate to the perceived level of risk identified and the objectives of the organisation.
Whilst considering all potential risks (to OH&S performance), focus should be on those hazards that are most likely to occur or have the most impact.
Reduction and / or prevention of undesired effects will help the organisation achieve its goals and objectives and continual improvement.
Awareness of these sources of risk, that have a potential to occur or a known actual event and consequence, can lead to both risk and opportunity. Identifying and determining the risks and opportunities can support the organisation in both its strategic and operational level.
Top Management and Leadership within ISO 45001, what does this mean / require?
ISO 45001 places greater emphasis on management’s ownership and commitment to the organisation’s OH&S, it is central to the standard’s effectiveness and integration.
Unlike OHSAS 18001, that delegated responsibility to safety personnel, ISO 45001 requires the incorporation of health and safety in the overall management system of an organisation, driving top management to have a stronger leadership role in the safety and health program.
Under ISO 45001 top management are required to demonstrate that they engage in key OH&S management system activities within the organisation.
This requirement includes the active development, leading and promoting a culture of safety at work, and protecting workers from reprisals when reporting incidents. Top management will have to demonstrate involvement rather than delegation, and top management should be seen by all workers as being actively involved and demonstrating their commitment.
There is a greater focus on top management to ensure that there is consultation and participation of workers (formal and informal) in the development, planning, implementation and continual improvement of the OH&S management system.
With ISO 45001, the safety culture of the organisation must be supported through the engagement of management with workers and demonstrated through a top-down emphasis. Instead of providing oversight of the program, management a required to be true safety leaders. Protection of workers, as well as performance improvements, are roles of leadership under the new ISO 45001.
Top management have the responsibility to ensure that the importance of effective OH&S management is communicated and understood by all parties and ensuring that the OH&S management system can achieve intended outcomes. This can include:
- Ensuring alignment of the OH&S management system with the organization’s business objectives
- Ensuring necessary resources are available
- Encouraging workers (other interested parties) to get actively involved in improving OH&S performance
- Involving everyone in OH&S decision making, promoting open discussions
- Clearly communicating that improvement and not blame is the objective
Clear and consistent Leadership is required. OH&S management is everyone’s business; it involves everyone, from the highest level down throughout the organization, including temporary as well as permanent workers, visitors and neighbours. It also has to be across all areas of the organization, departments and divisions, to ensure the development of collaborative and engaging relationships.
Context of the organisation, what does this mean?
BS ISO 45001 Context of the organization (clause 4), covers the following:
- Understanding the organization and its context
- Understanding the needs and expectations of workers and other interested parties
- Determining the scope of the OH&S management system
- OH&S management system
It within this clause that companies will begin to look, review and assess what they do, where they are in the market place and, particularly in respect of Health and Safety who could be harmed or affected by their activities.
Understanding the organization and its context
As part of the new common structure, with ISO 45001, the organisation must look beyond their own health and safety issues and consider what the society expects from them, in regard with health and safety issues.
Determination of issues that could affect the business can be undertaken in a number of ways and will be different for each business, based on size, complexity, scope of operations, etc.
A structured approach can be through methods such as:
- SWOT (Strengths Weaknesses Opportunities Threats), can be used by organizations to look inward at themselves
- PESTLE (Political, Economic, Social, Technological, Legal, Environmental), can be used to identify external issues that could affect the organization
These methods can also support in the identification of business objectives and improvement areas.
Understanding the needs and expectations of workers and other interested parties
Here, organizations are to determine those (relevant) interested parties that could affect or be affected by the organization and its OH&S management system, along with their needs and expectations that could become compliance (legal) obligations.
Relevant interested parties can include; staff (workers at any level), customers, legal and regulatory authorities, owners, shareholders, etc.
Also consider Contractors and Suppliers used, how work can affect others in surrounding areas e.g. neighbours, public, visitors, etc.
Some requirements / obligations will be mandatory e.g. Laws, Regulations, others agreed e.g. Contracts.
Determining the scope of the OH&S management system
Following determination of the external and internal issues and interested parties (above), the organization can then determine the scope of the OH&S management system.
There is an element of freedom and flexibility in defining the boundaries, however, it should be noted, organizations cannot:
- exclude activities, products and services that have / can impact its OH&S performance
- evade legal and other requirements
OH&S management system
The organization will determine, implement and maintain the processes required to fulfil the requirements of BS ISO 45001. These processes should be aligned and integrated throughout the organization e.g. Procurement, Operations, HR, etc. to ensure that everyone is aware and working towards the OH&S performance.
Where organizations have additional management system standard certification it may have covered some of these areas, however, a review will identify whether OH&S specific details have been determined.
How is ISO 45001 aligned with other ISO standards e.g. ISO 9001, ISO 14001, and minor differences?
ISO 45001:2018 is based on Annex SL – the high-level structure that implements a common framework to all management systems, i.e. it applies a common language across all standards.
This helps to keep consistency, supports alignment of different management system standards, e.g. ISO9001, ISO14001, etc.
Organisations can find it easier to incorporate their OH&S management system into core business processes and get more involvement from senior management.
The standard(s) are written in such a way that by following clause by clause, a methodical approach is achieved.
Structure of BS ISO45001, highlighting minor difference / requirements:
- Context of the organization
- You must look beyond your own health and safety issues and consider what society expects from you, regarding health and safety issues.
- Here we come across the term ‘workers’ identified within interested parties
- Consider use of Contractors and Suppliers, how work can affect others in surrounding areas e.g. neighbours, public, visitors, etc.
- Leadership and worker participation
- Management / Senior Leaders endorsement of the OH&S Policy is no longer enough; they must now lead by example and demonstrate their commitment and engagement in key OH&S management activities.
- OH&S Policy now requires five specific commitments, including commitment to consultation and participation of workers
- New / enhanced requirement for Consultation and participation of workers, workers (non-managerial) – must be involved (consultation and participation), supporting improvements in processes, identification of hazards and risks.
- Risk-based thinking – you must demonstrate you have determined, considered, and take action to address any risks and opportunities.
- Determination of applicable legal and other requirements; this can result in identification of risks and opportunities
- As part of planning, determination and assessment of risks and opportunities should be undertaken before change implemented
- More emphasis on competence, particularly with identification of hazards
- Communication with interested parties – internal and external; and taking into account diversity needs; ensure views of external interested parties are considered when establishing communication process
- Operational planning and control – eliminating hazards and reducing OH&S risks, managing change, management of procurement e.g. Contractors, outsourcing, to ensure conformity to OH&S management system
- Emergency preparedness and response to ensure you can respond to potential emergency situations; these will have been identified within Planning, or will feed back for assessment if not previously picked up
- Performance evaluation
- Monitoring and measurement equipment (e.g. calibration) is located in section 9.1.1
- Evaluation of compliance – similar to ISO14001
- Management review; information on performance and trends includes, Incidents, consultation and participation of workers,
- Management shall communicate relevant outputs of management reviews to workers (and/or representatives)
- Establishment, implementation and maintenance of process for reporting, investigating and taking action, to determine and manage incidents and nonconformities
- Involve workers, and other interested parties, in the evaluation and corrective action to eliminate root causes of incidents / nonconformities
Blackmores UK can support you in migration or implementation of ISO45001, please contact us for more information.
Consultation and Participation was imbedded within OHSAS18001, what’s the difference with ISO45001?
Consultation and Participation of workers (ISO45001, Clause 5.4), is significantly enhanced from the requirement within OHSAS18001, where this was limited to hazard identification and consultation on changes.
ISO 45001 expects occupational health and safety aspects to be fully embodied within the organisation structure, including a greater degree of employee participation in the risk identification, hazard control and development of systems. All workers should be aware of their responsibilities, and work together to meet the organisation’s health and safety goals. Everyone, including leadership, is responsible for safety.
What does Consultation and Participation imply?
- Consultation implies two-way communication, so workers (or their representatives when appropriate) can provide feedback to be considered by the organisation before taking a decision.
- Participation implies the contribution of workers (or their representatives), including non-managerial workers, to decision-making related to OH&S performance and to proposed changes.
What does the term worker mean?
- In the context of ISO 45001, ‘The Worker’ is defined as the person working under the control of the organization, this is at all levels and includes contractors.
To facilitate the process of consultation and participation, the organisation must provide the required mechanisms, simply identified as:
- Time, training and resources
- Removal of obstacles or barriers, e.g. language, literacy or fear of reprisals
The provision of training to workers at no cost and during normal working hours could remove barriers to their participation.
The involvement of workers in the OH&S management system, along with the processes to support, is a key requirement for an effective management system. This involvement enables the organisation to make informed decisions and increase worker engagement.
Mechanisms can vary based on organisations, this can include,
- The inclusion all workers, in smaller organisations
- Workers’ representatives within larger organisations
- Being involved with the policy, setting objectives
- Suggestion schemes – formal and informal, along with communication on whether action is to be taken
- Focused team meetings and / or workshops
- Briefings and discussion forums, worker surveys, cross functional groups
- Review of existing arrangements and continual improvement projects
- Hazard identification and risk assessment participation to ensure appropriate working
Considerations should also take into account the methods, language and location for consultation and participation.
Worker involvement on day-to-day activities, along with those closest to the risk, provides an insight into actual issues. However, Consultation and Participation should be effective and proportionate to the organisation, not everyone is required to be involved, not every suggestion acted upon.
The organisation should determine the best and appropriate ways to implement effective consultation and participation and whether more formal mechanisms e.g. H&S committees, are required. It is important that once the mechanisms have been set up that they are supported by Management.
Making joint decisions with workers is more likely to be effective for the development, planning, implementation, performance evaluation and actions for improvement of the OH&S management system, as workers are the key interested party.
So why change from OHSAS 18001 to ISO 45001?
Inevitably, there is risk in the workplace, regardless of the industry, whether we like it or not. However how businesses mitigate risk, can make the all the difference when it comes to protecting the health, safety and well-being of employees. OHSAS 18001 has been around for 20 years, and it has taken almost that long for countries around the world to agree on what ‘Best Practice’ is when it comes to managing health and safety in the workplace.
The long-awaited standard, includes contribution from 70 participating national bodies, and covers all the requirements of a Health and Safety Management System. Why is this is this standard so important then?
Well you only need to look at national (UK) and international Health and Safety work related injury statistics to demonstrate that an international standard to support global improvement in health and safety preventing work-related injuries and deaths is long overdue. Here are some of the facts:-
- Every 15 seconds, 150 workers have an accident – that’s 317 million accidents a year.
- Over 6000* people die each day from work-related accidents or diseases – that’s over 2.3 million* every year.
- Additionally, there are some 340 million* occupational accidents, many of these resulting in extended absences from work.
(source*: International Labour Organisation)
Needless to say, business in the UK and overseas have still got a long way in terms of health and safety.
What is ISO 45001?
ISO 45001 is an International Standard that specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organisation to proactively improve its OH&S performance in preventing injury and ill-health.
Who can implement/use ISO 45001?
ISO 45001 is intended to be applicable to any organisation regardless of its size, type and nature. All of its requirements are intended to be integrated into an organization’s own management processes.
We have certification to OHSAS18001, what will happen to this?
OHSAS 18001 will be withdrawn on publication of ISO 45001 and organisations currently certified to OHSAS 18001 will have a three-year period to migrate to ISO 45001.
How soon or how long do I have to migrate to ISO 45001?
Following publication of ISO 45001, certification will be available to the new standard. All organisations certified to OHSAS 18001 will be able to migrate to ISO 45001, and migration from the old to the new will be available until 3 years from the day of publication of ISO 45001.
What is ISO 45001:2018?
Occupational health and safety in the workplace is always a major concern for all organisations. Having an occupational health and safety management system will help you to protect your most important asset; your people.
ISO 45001 provides a robust set of requirements designed for improving workplace safety in organisations and supply chains, with the aim of reducing workplace injury and illness.
ISO 45001 replaces BS OHSAS 18001, the former British standard for workplace health and safety. If you are already certified to OHSAS 18001, you will have three years to migrate to the new standard.
This webinar was held on the 27th June and covers the following:-
- What is ISO 45001:2018?
- What’s the difference between ISO 45001 and OHSAS 18001?
- SWOT and PESTLE
- What are the success factors of ISO 45001?
- How Blackmores can help you to achieve ISO 45001 certification
For more information about how we can help you with ISO 45001, please contact us: email@example.com
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
What our clients have to say
The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.
“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”
“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”
“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”
“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”
“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.