Kevin Ian Schmidt

ISO 45001 Explained

Want to have a workplace that is viewed as a premiere workplace for safety? Want your employees not just to feel safe, but know they are safe? Then consider utilizing the ISO 45001 standards, so you can be at the leading edge of workplace safety.

First let’s take a look at what the ISO 45001 standards will be:

 The ISO 45001 standard utilizes the same common structure, definitions and core text being used for the present revisions of ISO 14001 and ISO 9001, the environmental and quality management system standards. Which is in line with what is called “Annex SL” the rules governing the development of all ISO management standards.

This means the structure of the 45001 standard includes:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

An organization is responsible for ensuring that it minimizes the risk of harm to the people that may be affected by its activities (e.g. its workers, its managers, contractors, or visitors), and particularly if they are engaged by the organization to perform those activities as part of their “occupation”.

 

 

So, let’s take a more in-depth look at each section of ISO 45001 standards, section by section:

 

Clause 1: Scope

Most of this section is focused on wording and aligning the introduction with other parts of the standard.

  • Sets out the intended results of the management program
  • Defines any industry-specific requirements
  • Addresses the processes and job functions that will be affected by the management standard

Clause 2: Normative References

Details any other ISO, Professional Organization, or Government Agency standards used as references.

These would include:

  • OSHA, Federal and State(if applicable), regulations
  • DOT regulations
  • EPA regulations
  • State Worker’s Compensation Rules and Regulations
  • The North American Electric Reliability Corporation (NERC) Standards
  • ANSI Standards for First Aid
  • And any other relevant standards, regulations, or policies that may form your company’s policies.

 

Clause 3: Terms and Definitions

This is the section where you set forth the standard terminology used within your ISO 45001 Standards:

  • Defines specific terms used within the standard
  • Many terms and definitions are part of the Annex SL template
  • Other industry-specific terms may be defined here

ISO 45001 shares a number of terms and definitions with OHSAS 18001. Some of the terms that transfer to the new standard include:

  • Interested party: Person who can affect, be affected by, or perceive itself to be affected by a decision or activity
  • Injury and ill health: Adverse effect on the physical, mental, or cognitive condition of a person

 

Clause 4: Context of the Organization

This is a new element in the Annex SL format. If your organization currently holds OHSAS 18001 certification, it’s likely you’ve already documented some of these procedures.

The goal of this section is to:

  • Determine why the organization exists
  • Identify any internal or external influences that will affect desired outcomes
  • Document the scope of the management system that’s implemented

This clause explicitly focuses on external and internal influences on an organization’s workplace and on its health and safety programs.

Instead of focusing on internal employees only, organizations should now consider the impact of:

  • Regulatory authorities
  • Contractors
  • External suppliers

This element consists of four different clauses. It contains two new requirements (4.1 and 4.2).

4.1: Understanding the Organization and its Context

  • New requirement
  • Requires the organization to consider outside influences that affect the organization, such as stakeholders, regulation or governance
  • Organizations should consider what factors influence the culture of the organization
  • Organizations seeking certification should be prepared to discuss influences on the organization’s culture with the assessor

4.2: Understanding the Needs and Expectations of Interested Parties

  • New requirement
  • Requires the organization to consider stakeholders and their interests
  • Organizations seeking certification should be prepared to discuss stakeholders with their assessor

4.3: Determining the Scope of the Management System

  • Previously found in scope and clause 4 of OHSAS 18001
    • Requires organization to identify the boundaries of the health and safety management program
    • Has the organization established and maintained safety objectives?
    • Have the documented objectives considered legal and other requirements?
    • Are objectives reasonable and measurable?
    • Is there a documented and maintained procedure for periodically reviewing objectives?
    • Are objectives communicated to the employees that are supposed to achieve them?
    • Are organizational objectives consistent with higher level objectives?
    • Audit checklist of Safety Management Program(s)

4.4: The Management System

  • Previously found in scope and clause 4 of OHSAS 18001
    • Are there programs to achieve all the identified objectives?
    • Do the programs include schedules for completion and resources necessary to achieve the objectives?
    • Do the programs assign responsibilities for completion of tasks in achieving objectives?
    • Are all procedures that supplement the health and safety management program available to the appropriate personnel and current?
    • Are the management programs reviewed at planned intervals and amended as required?

 

Clause 5: Leadership

Prior to the adoption of the Annex SL format, this clause was usually referred to as “management.” The new wording was adopted to reflect the role that various types of leadership play in the adoption of a management system.

This clause emphasizes greater involvement from top management and from employees. As a result, top management is expected to be more involved in review procedures. Greater awareness and participation from employees is also expected.

Clause 5 has three sub clauses found in Annex SL, and an additional sub-clause specific to ISO 45001.

5.1: Leadership and Commitment

  • This clause is similar to clauses 4.4.1, 4.4.3 and 4.4.6 in OHSAS 18001
  • There is an added emphasis on engagement with workers while developing health and safety programs

5.2: Policy

  • Organizations are required to pay more attention to communication with and participation of workers
  • Organizations should apply the hierarchy of controls to health and safety risks
  • Organizations must commit to meeting legal requirements of health and safety programs

5.3: Organizational roles, responsibilities and authorities

  • This section is similar to clause 4.4.1 in OHSAS 18001.
    • Are roles and responsibility, and authorities defined, documented and communicated?
    • Has management provided the necessary resources (people, technology, money) to implement this health and safety program?
    • Has the organization appointed a safety management appointee from top management?
    • Does the safety management appointee document sufficient authority to accomplish points a & b above?
    • How does management demonstrate their commitment for continual improvement of Health and Safety performance?

5.4: Participation and Consultation

  • This clause is not found in the standard Annex SL format — it has been specifically added to ISO 45001
  • Emphasizes the need for engagement and participation with workers while developing health and safety programs
  • Encourages non-management roles to participate in health and safety requirements

 

Clause 6: Planning

The “planning” clause directly addresses the risks and opportunities that the organization outlined in clause 4. As in many of the new and revised management standards, this clause places an emphasis on risk-based analysis.

This is an area where organizations with OHSAS 18001 certification will see major differences. OHSAS 18001 emphasizes prevention, with corrective action taken as needed. ISO 45001 emphasizes a more proactive approach. Organizations should expect to identify major risks, when they might occur, and who will be taking preventative action.

Clause 6 has two sub clauses:

6.1: Actions to Address Risks and Opportunities

  • This section is similar to clauses 4.3.1, 4.3.2 and 4.3.3 in OHSAS 18001
    • Are there documented and maintained procedures to establish and update hazards, risks and implementation of controls?
    • Does the procedure cover routine and non routine activities?
    • Does the procedure cover all personnel and facilities?
    • What mechanism is used to initiate hazard review/revision when operations change?
    • Do the criteria for the assessment of risk address both likelihood and consequence?
    • Are there records to provide evidence of analysis of hazards, risks and controls?
    • Are there any obvious hazards that should have been considered and were not? If not, why not?
    • Are results of assessments and effects of controls considered when setting OSH objectives and are they documented and up to date?
    • Does the methodology:
      • define scope, nature and timing?
      • ensure proactive rather than reactive assessments?
      • provide for classification of risk tolerability?
      • identify those to be eliminated or controlled?
      • assure consistency with operating experience?
      • assure consistency with effectiveness of risk control measures?
    • Does the methodology provide input into determination of facility requirements, training needs and operational controls?
    • Does the methodology provide for monitoring of required actions to ensure timeliness and effectiveness of implementation?
  • Legal and regulatory requirements for health and safety programs should be identified in this section
  • The organization should consider the effectiveness of actions taken to address risks and opportunities

6.2: Management System Objectives and Planning to Achieve Them

  • Objectives and plans should be documented
  • The organization should develop a plan for achieving documented objectives, which includes responsible persons, a timeline for implementation and how progress and success are measured
  • The organization is responsible for reviewing health and safety objectives

 

Clause 7: Support

This section directly addresses the support or resources needed to implement the health and safety management program. In many cases, clause 7 will directly address the risks and opportunities (clause 4), requirements for commitment (clause 5), and health and safety plans (clause 6) that the organization has already outlined.

The majority of these requirements are similar to those found under OHSAS 18001. The requirements for Clause 7 are primarily found in Clause 4.4 and 4.5 in OHSAS 18001. Many of the requirements for documentation are found within this section.

This element has five sub-clauses.

7.1: Resources

  • The organization should determine the resources needed for the health and safety plan
  • The organization is responsible to determining how to supply these resources

7.2: Competence

  • The organization should evaluate competence and determine actions needed to develop it
  • The actions taken to evaluate and develop competence should be reviewed
  • The specific procedures and documentation required by OHSAS 18001 are no longer required. However, the organization should have a plan to document competence and evaluations

7.3: Awareness

  • The organization should develop a plan to inform workers about workplace safety, hazards, and risks
  • Workers should be informed of any elements in the health and safety plan that they are required to perform
  • The organization should develop a plan to inform workers of the results of relevant health and safety investigations

7.4: Communication

  • This clause is similar to clause 4.4.3 and 4.4.3.2 in OHSAS 18001
    • Are there procedures that are maintained for communications to and from interested parties regarding the organization’s pertinent Health and Safety information?
    • How are communications to and from interested parties documented?
    • How are internal communications between different levels and different functions documented? How do you have feedback to management?
    • How are employees involved in the development of policies and procedures to manage risks?
    • How are employees consulted for changes that affect workplace health and safety?
    • How are employees represented on Health and Safety matters?
    • Do people know who their employee Health and Safety representative and/or management appointees are?
    • How are Health and Safety representatives involved in communication mechanisms with management?
    • What initiatives do you have to encourage safety consultations and improvement activities?
    • What mechanisms are used to communicate health and safety concerns or information to all interested parties and employees; e.g., inspections, briefings, notice boards, safety newsletter, safety poster programs?
  • The organization has an additional requirement to ensure that communication was received, and to determine whether it was effective

7.5: Documented Information

  • Documented information requires appropriate controls, and they need to be spelled out in this clause.

 

Clause 8: Operations

Under the Annex SL format, Clause 8 includes only one required sub-clause. However, most of the requirements for the management system are found in this section. Organizations transitioning from OHSAS 18001 will find that this section contains most of the new requirements.

This section has seven clauses. Six of these clauses are unique to ISO 45001.

8.1.1: Operational Planning and Control

  • Aligns with section 4.4.6 in OHSAS 18001
    • Have the operations and activities, including maintenance, been identified that are associated with the identified safety risks where control measures need to be applied?
    • Have procedures been established and maintained for the above operations that, if they are not followed for these situations, could lead to deviations from the safety policy and the objectives?
    • Are operating criteria clearly established and document/data in the procedures for the operations and activities identified above?
    • Have the identified health and safety risks of goods, materials, equipment and services used in the above operations and activities been identified?
    • Are there procedures for handling goods, materials, equipment and services used in the activities associated with identified risks where controls need to be applied?
    • Are relevant procedures and requirements communicated to the appropriate suppliers and contractors (are operational controls in place and working as expected)?
    • Are records of operational controls and performance indicators managed and retained per plans?
    • Are there procedures to reduce health and safety risks in design and workplace processes (Ref. d above)?
  • Requires risk controls to be developed in conjunction with other operational controls

8.1.2: Hierarchy of Controls

  • New requirement
  • The organization is required to specify the hierarchy of controls within business operation
  • The hierarchy of controls adopted by the organization is required the take risk management into account

8.2: Management of Change

  • New requirement addressing changes made to operations
  • Specifies the requirements of any changes made, as well as, the sources of changes

8.3: Outsourcing

  • New requirement
  • Addresses operational planning, controls and changes in regard to outsourced work

8.4: Procurement

  • New requirement
  • Addresses health and safety program needs in relation to the procurement of materials

8.5: Contractors

  • New requirement
  • Establishes controls on contractors’ activities
  • Requirement also entails the organization to establish communication requirements for contractors and the host company’s workers

8.6: Emergency Preparedness and Response

  • Aligns with 4.4.7 in OHSAS 18001
    • Are there maintained procedures to identify potential for accidents and emergency situations?
    • Are there maintained procedures to respond to accidents and emergency situations?
    • Are there maintained procedures to prevent and minimize the health and safety risks that may be associated with the identified accidents and emergency situations?
    • Are there reviews and revisions of the emergency preparedness and response procedures, particularly after an incident?
    • Are there periodical tests of the above procedures?
  • Expands the emergency preparedness and response requirements to include a communication plan

 

Clause 9: Performance Evaluation

This clause addresses the need for monitoring and evaluation of the organization’s health and safety program. The organization should expect to identify which elements should be monitored, measured, analyzed, or evaluated. The process and requirements for monitoring, measuring, and evaluating should be developed with the organization’s needs in mind. An internal audit to ensure effectiveness, as well as, compliance to the standard is required.

The majority of the general requirements for performance evaluation found in clause 9 are present in Clauses 4.5 and 4.6 of OHSAS 18001. However, the emphasis and specific requirements have both been revised.

There are five sub-clauses in this element. Three of them are present in all Annex SL standards. Clauses 9.1.2 and 9.2.2 have been added specifically for ISO 45001.

9.1: Monitoring, measurement, analysis and evaluation

  • The requirements for determining what should be monitored, measured, analyzed, or evaluated now include the need to document criteria
  • The organization is required to document information — a requirement that replaces the OHSAS 18001 procedural requirements

9.1.2: Evaluation of compliance with legal requirements and other requirements

  • Specific to ISO 45001
  • Procedural requirements have been replaced by the requirement to document information
  • Evaluation planning should include the frequency of evaluations

9.2: Internal audit objectives

  • This section aligns with clause 4.5.5 in OHSAS 18001
    • Has top management performed a review of the health and safety management system on a periodic basis? Is it documented?
    • Does the review address the systems?
      • Continued suitability
      • adequacy
      • effectiveness
    • Does the review address possible need to change its policy, objectives and other elements of the health and safety management system? Has this been conducted in light of health and safety management system audit results, continual improvement and changing circumstances? Does the record of the review include a list of information used for the management evaluation?
  • Procedural requirements in OHSAS 18001 have been replaced with the requirement to document information

9.2.2: Internal audit process

  • This section aligns with clause 4.5.5 in OHSAS 18001
  • Requirements for the internal audit process include communicating with workers
  • The organization is required to retain documented information
  • A new requirement to address non-conformities found during the audit process has been added

9.3: Management review

  • Aligns with clause 4.6 in OHSAS 18001
    • Review your Health and safety Management system by examining inputs
    • Assess the results of your management reviews
    • Generate Health and Safety Management System management review outputs
    • Communicate management review outputs
  • Management is required to review the occupational health and safety system for effectiveness
  • There is a greater emphasis on aligning communication and improvements with the risks and opportunities developed earlier

 

Clause 10: Improvement

This section addresses the organization’s plans for corrective actions.

There are four sub-clauses in this element. Clauses 10.1 and 10.2 are both part of the Annex SL format. Clauses 10.2.1 and 10.2.2 have been added specifically to address the health and safety management program needs.

10.1: Non-conformity and corrective action

  • This section aligns with OHSAS 18001 clauses 4.5.3, 4.5.3.1 and 4.5.3.2.
    • Are procedures documented and maintained for the identification, maintenance and disposition of safety records?
    • Are the records legible, identifiable and traceable to the activities involved?
    • Are the records stored and maintained such that they are readily retrievable and protected against damage, deterioration or loss?
    • Are there specified retention times for all of the records identified?
    • Are the records maintained in a manner to demonstrate conformance with the standard and appropriate to the system and the organization?
    • Is consideration given to confidentially?
  • The language of preventative action, which is found in most standards, has been reduced. This is because preventative action is considered intrinsic to the occupational health and safety management system.
  • The organization is required to take direct action to address non-conformities.
  • The organization should investigate the root cause of an incident, and address this cause in corrective actions.
  • Requires organizations to document and review the effectiveness of any corrective actions taken.

10.2: Continual improvement

  • Continually improve the suitability, adequacy and effectiveness of the OHS management system to prevent occurrences, incidents and nonconformities to enhance performance.

10.2.1: Continual improvement objectives

  • for positive culture change and improved performance.

10.2.2: Continual improvement process

  • Organizations should demonstrate that they are using the results of this process to identify opportunities for improvement.

 

 

The biggest challenge of ISO 45001 is ensuring that the procedures, policies and activities that are undertaken on the OH&S management system complement each other and that your system structure is correct, effective and able to be improved. This can be achieved by using the “plan, do, check, act” cycle that remains central to the standard. Concentrate on meeting the requirements set out in the individual clauses as outlined above, and the job of implementing ISO 45001 in your OH&S management system will become significantly easier. Implementing ISO 45001 will be no easy task, it will involve every aspect of your company buying into workplace safety.