Today’s guest is Alex Street, from EMCOR UK a world leading Facilities Management Company. EMCOR are the epitome of high standards, in fact EMCOR are certified to 8, yes 8 ISO Standards, which is pretty impressive. Though we are just going to focus on one in particular that is extremely topical at the moment – Business Continuity. Mel first met Alex when EMCOR engaged in our services to implement the Information Security standard and also ISO 22301 the business continuity standard 4 years ago. The company has gone from strength to strength over the years, so Alex is joining us today to discuss ISO 22301 and how the system is helping them to not just survive, but thrive during these difficult times.
- EMCOR adopted the early BS 25999 and later migrated to ISO 22301 after drive from customers as well as natural progression to the updated version
- Recognized the benefits of having a robust Business Continuity Management system in place
- Went through the process of a Gap Analysis and Business Impact Analysis to identify where the system needed to be addressed and built on. This led to the review of objectives and business continuity plans in accordance with 22301’s more detailed requirements.
- A key focus should be training and awareness for all staff once plans have been agreed – so that everyone knows what their role is in any given situation.
- Keep up with testing and auditing of the Business Continuity plans to ensure they run smoothly and are still applicable in execution
- EMCOR had been monitoring the COVID-19 situation as early as December and since February 2020 – had been having meetings with Executive teams (Gold and Silver) to discuss next steps. Thanks to ISO 22301, they’d already had tested processes in place for moving towards remote working.
- A consistent approach to all areas of Operation is key – from ground level to executive
- Communication and collaboration with supply chain and customers – ask them if you could be doing anything more to help
- Support your own supply chain – Taking the current situation into account, everyone is in the same boat so help where you can
- It can take a live incident to fully test a Business Continuity plan – take lessons learned from live events forward. Actively work to continually improve your system.
- Alex’s helpful tip: ‘Don’t get caught out’ – The standard is there to help but you need to put the work and effort in to make it work for you. ‘The benefits far outweigh the risks of not having an effective Business continuity management system in place’
To Learn more about EMCOR, visit their website HERE
Free standards available from BSI HERE
Need assistance with ISO 22301? We’d be happy to help
We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
What is a Risk Assessment?
A Risk Assessment is simply a careful examination of what, in your line of work, could cause harm to people so that you may weigh up whether you have taken enough precautions or need to do more to prevent harm.
The aim is to ensure that no one gets hurt or becomes ill, as accidents and sickness can ruin lives and affects your business if output is lost, machinery is damaged, insurance costs increase or result in going to court.
You are legally required to assess the risks present in your workplace.
Some assessments of the relationship between hazard and risk are very precise, based on numerical assignments of values which are calculated from detailed considerations of engineering and other disciplines, other risk assessments may be more task orientated such as Display Screen Equipment (DSE) risk assessments.
The important things you need to decide are whether a hazard is significant and whether you have it covered by satisfactory precautions to ensure the risk is minimised. This needs to be checked when you assess the risks. For example, electricity can kill but the risk of it doing so in an office setting is unlikely, provided that ‘live’ components are insulated and metal casings properly earthed.
So how should you assess the risks in your workplace? HSE guidance promoted the following:
5 step approach to hazard identification and risk assessment:
Step 1: Look for Hazards
Walk around your workplace and look for what could reasonably be expected to cause harm, not the trivial things but rather concentrate on significant hazards. Also ask your employees what they think and if they’ve noticed anything that you may not find immediately obvious.
Step 2: Decide who might be harmed, and how
This can include young workers, trainees, non-English speakers, cleaners, visitors, contractors, maintenance workers, members of the public or people you share your workplace with.
Step 3: Evaluate the risks and decide if current precautions are adequate or need improvement
When considering whether current precautions are adequate also consider if the remaining risk is tolerable or intolerable. If it’s intolerable than you need to re-evaluate the precautions and improve until the remaining risk is minimised.
Ask yourself, have you done everything required by law? But don’t stop there – your real aim is to minimise risk and to do so you may need to add further precautions.
Step 4: Record your findings
If you have more than five employees you must record the ‘Significant findings’ of your assessment, this means writing down the significant hazards and conclusions.
An example of this may be: ‘Electrical installations: insulation and earthing regularly checked and working as intended.
Your employees must also be informed of these findings.
Step 5: Review your assessment and revise it if necessary
Your business will inevitably evolve and as new equipment and procedures are introduced so too will new risks. When a significant change has been made, update the Risk Assessment as necessary. Do not do this for every trivial change.
It’s recommended that an annual Risk Assessment is conducted as a minimum to ensure that your business is as up-to-date as possible.
If you are looking for any assistance with Risk Assessments within your organisation, we may be able to help. Contact us on: email@example.com
ISO 45001, like all management system standards, now advocates the risk-based approach.
This can be seen as more proactive, however, in ‘old’ terms this was seen and managed within the ‘preventive’ process. The new requirements and structure of ISO 45001 requires risks to be evaluated and remedied, rather than being hazard control.
With the inclusion of identifying OH&S (and other) opportunities, addressing the need to act to enhance or improve the management system comes out of the risk identification, hazard identification and other activities within the organisation.
Risk is ‘the effect of uncertainty’, by reducing the effect of uncertainty we will reduce our organisation’s risk exposure. ISO 45001 sets out to do this by requiring organisations to be clear on and understand:
- What they have to do (legal requirements).
- What they chose to do (other requirements).
- How they will do it (planning, support, and operations).
- It is being done (performance evaluation).
- How to do it better (Improvement).
Risk based thinking starts are the very beginning, when organisations are considering their context, the relevant requirements of their interested parties and the scope that the OH&S management system is to cover. Considerations should be made to both internal and external issues and the potential impact they can have on the systems and processes.
When identifying external and internal issues, and needs and expectations of interested parties, there may be a risk source that will require assessment and action as required.
As with all risk related areas, planning to address should be proportionate to the perceived level of risk identified and the objectives of the organisation.
Whilst considering all potential risks (to OH&S performance), focus should be on those hazards that are most likely to occur or have the most impact.
Reduction and / or prevention of undesired effects will help the organisation achieve its goals and objectives and continual improvement.
Awareness of these sources of risk, that have a potential to occur or a known actual event and consequence, can lead to both risk and opportunity. Identifying and determining the risks and opportunities can support the organisation in both its strategic and operational level.
How is ISO 45001 aligned with other ISO standards e.g. ISO 9001, ISO 14001, and minor differences?
ISO 45001:2018 is based on Annex SL – the high-level structure that implements a common framework to all management systems, i.e. it applies a common language across all standards.
This helps to keep consistency, supports alignment of different management system standards, e.g. ISO9001, ISO14001, etc.
Organisations can find it easier to incorporate their OH&S management system into core business processes and get more involvement from senior management.
The standard(s) are written in such a way that by following clause by clause, a methodical approach is achieved.
Structure of BS ISO45001, highlighting minor difference / requirements:
- Context of the organization
- You must look beyond your own health and safety issues and consider what society expects from you, regarding health and safety issues.
- Here we come across the term ‘workers’ identified within interested parties
- Consider use of Contractors and Suppliers, how work can affect others in surrounding areas e.g. neighbours, public, visitors, etc.
- Leadership and worker participation
- Management / Senior Leaders endorsement of the OH&S Policy is no longer enough; they must now lead by example and demonstrate their commitment and engagement in key OH&S management activities.
- OH&S Policy now requires five specific commitments, including commitment to consultation and participation of workers
- New / enhanced requirement for Consultation and participation of workers, workers (non-managerial) – must be involved (consultation and participation), supporting improvements in processes, identification of hazards and risks.
- Risk-based thinking – you must demonstrate you have determined, considered, and take action to address any risks and opportunities.
- Determination of applicable legal and other requirements; this can result in identification of risks and opportunities
- As part of planning, determination and assessment of risks and opportunities should be undertaken before change implemented
- More emphasis on competence, particularly with identification of hazards
- Communication with interested parties – internal and external; and taking into account diversity needs; ensure views of external interested parties are considered when establishing communication process
- Operational planning and control – eliminating hazards and reducing OH&S risks, managing change, management of procurement e.g. Contractors, outsourcing, to ensure conformity to OH&S management system
- Emergency preparedness and response to ensure you can respond to potential emergency situations; these will have been identified within Planning, or will feed back for assessment if not previously picked up
- Performance evaluation
- Monitoring and measurement equipment (e.g. calibration) is located in section 9.1.1
- Evaluation of compliance – similar to ISO14001
- Management review; information on performance and trends includes, Incidents, consultation and participation of workers,
- Management shall communicate relevant outputs of management reviews to workers (and/or representatives)
- Establishment, implementation and maintenance of process for reporting, investigating and taking action, to determine and manage incidents and nonconformities
- Involve workers, and other interested parties, in the evaluation and corrective action to eliminate root causes of incidents / nonconformities
Blackmores UK can support you in migration or implementation of ISO45001, please contact us for more information.
Already certified to OHSAS 18001, what are the next steps for migrating to ISO 45001:2018?
So the long-awaited ISO 45001:2018 standard is finally here. If your organisation is already certified to the Health and Safety Standard, OHSAS 18001, you may be considering what the next steps are. The good news is that if you’re already certified to ISO 9001:2015 or ISO 14001:2015 you are already half way there to migrating to ISO 45001:2018. Why? Because ISO 45001 is based on the new High Level Structure (Annex SL). These are the foundations which all new ISO standards in are generally based upon. This means that the new elements such as Context of the organisation (understanding your businesses internal and external issues), Leadership and Interested partied are also featured in ISO 45001:2018. Fundamentally, this approach lends itself well to a risk-based standard such as ISO 45001:2015.
In terms if next steps, I’d recommend…
- Developing a migration plan to coincide with a forthcoming OHSAS 18001 surveillance visit. This will mean you will not necessarily need to pay for an additional visit from your certification body. Ideally, you will need to allow a minimum of 6 months for the migration, although business with multiple sites or greater employee numbers (in excess of 100) should allow 12 months.
- Conduct a Gap Analysis to establish how you are currently complying with ISO 45001, and understand the gaps, so that an action plan can be produced. This can be done internally, or if outsourcing, Blackmores would allow one day for an on-site visit including report writing.
- Address the changes to the new standard – particularly in relation to Worker Participation (featured heavily in the new standard), Context of the organisation, interested partied and leadership.
- Update the Health and Safety Management System to reflect the new changes.
- Develop a Communication Plan to communicate the changes to employees and other ‘interested parties’ i.e. contractors, suppliers. This can include newsletters, posters, meeting agenda’s, H & S KPI’s, Screen savers, ‘ISO 45001 Awareness Week’.
- Conduct an Internal Audit to demonstrate how your business complies with the new standard.
- Confirm with your Certification body the date of the migration visit to ensure that the assessor is aware that they are assessing your business against the new requirements – not the old OHSAS 18001 standard. We wouldn’t want to let all that effort go to waste now, would we?
So is that it? Well yes, if you are happy doing the bare minimum. However, if your company would like to embrace a culture of Health and Safety Best Practice, it is worth focusing on firmly establishing metrics to manage continual awareness and Best Practice.
So why change from OHSAS 18001 to ISO 45001?
Inevitably, there is risk in the workplace, regardless of the industry, whether we like it or not. However how businesses mitigate risk, can make the all the difference when it comes to protecting the health, safety and well-being of employees. OHSAS 18001 has been around for 20 years, and it has taken almost that long for countries around the world to agree on what ‘Best Practice’ is when it comes to managing health and safety in the workplace.
The long-awaited standard, includes contribution from 70 participating national bodies, and covers all the requirements of a Health and Safety Management System. Why is this is this standard so important then?
Well you only need to look at national (UK) and international Health and Safety work related injury statistics to demonstrate that an international standard to support global improvement in health and safety preventing work-related injuries and deaths is long overdue. Here are some of the facts:-
- Every 15 seconds, 150 workers have an accident – that’s 317 million accidents a year.
- Over 6000* people die each day from work-related accidents or diseases – that’s over 2.3 million* every year.
- Additionally, there are some 340 million* occupational accidents, many of these resulting in extended absences from work.
(source*: International Labour Organisation)
Needless to say, business in the UK and overseas have still got a long way in terms of health and safety.
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
What our clients have to say
The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.
“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”
“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”
“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”
“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”
“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.