ISO 45001 OHS Standard: A Quick Intro
3 March 2020
The ISO 45001 OHS Standard specifies requirements for an OHSMS (Occupational Health & Safety Management System). It was released in 2018 and is gradually superseding many earlier national standards.
Many observers consider ISO 45001 to be the most significant OHS standard ever. Why? Well, a management system based on its requirements can help your organization to better manage its OHS risks and improve its OHS performance. However, that can be said about any previous OHS management system standards. What is different with ISO 45001 is that it is based on the common structure and terminology used by ISO 9001 (for Quality), ISO 14001 (for Environment) and many others. That means it is much easier to integrate OHS controls with those for other compliance topics.
Some controls are especially relevant for (or even exclusive to) OHS. For example, 'Consultation and Participation of Workers'. However, many parts of a management system can be the same or similar regardless of the subject matter.
ISO 45001 OHS standard and the PDCA cycle
The table below illustrates the clause structure of the ISO 45001 OHS standard in the context of the PDCA cycle. The requirements start from clause 4. Therefore, our analysis begins there too.
Context of the organization
4.1 Understanding the organization and its context.
4.2 Understanding the needs and expectations of workers and other interested parties.
4.3 Determining the scope of the OH&S management system.
4.4 OH&S management system.
For the purposes of an OHSMS, the context of the organization might be considered as the internal and external factors that can affect its ability to achieve its intended OHS outcomes. Some form of situational awareness or PEST / SWOT analysis can be used to build an understanding of the organization and its context.
You need to understand the relevant needs and expectations of your workers and other interested parties. At that point, you may determine the scope of your OHSMS, establish the necessary operational and support processes, and the interactions between them.
Although some elements of this clause were included in earlier OHS standards, the requirements are now more extensive, and ‘the context of the organization’ is a new concept.
The requirements are similar to those in other new-generation ISO standards and could be dealt with in an integrated manner where appropriate.
Leadership and worker participation
5.1 Leadership and commitment.
5.3 Organizational roles, responsibilities and authorities.
5.4 Consultation and participation of workers.
For an OHSMS to be successful, it needs to be inspired and led from the top. Top management must take accountability for it, express their commitment, and give direction. Everyone in the organization should be aware of what its policies and objectives are, and what is their role in maintaining and achieving them.
In larger organizations, top management will not be able to attend to the day-to-day administration of the system themselves. Other people may perform those roles, but they must be given leadership, support, and adequate resources.
The requirements for commitment in many earlier OHS standards are expanded to incorporate ‘Leadership’.
Although 5.1 – 5.3 are similar to those in other new-generation ISO standards, ISO 45001 has an additional requirement for worker participation and consultation. This requirement is a more stringent version of those stated in earlier OHS standards.
6.1 Actions to address risks and opportunities.
6.2 OH&S objectives and planning to achieve them.
This clause is closely linked to clause 4. Having identified factors that affect health & safety, the organization needs to develop strategies and actions to:
- Maintain and build on its Strengths
- Correct Weaknesses that might be barriers to meeting requirements and achieving objectives
- Grasp or maximise Opportunities
- Mitigate or manage Threats or Risks
Essentially, there should be some form of Action Plan to address the risks and opportunities that you have identified regarding your OHS management system.
Requirements for hazard identification are included in 6.1. These are more detailed than in earlier OHS standards.
7.5 Documented information.
Determine, plan, and provide the resources and support mechanisms to enable your organization to achieve its OHS objectives.
The term ‘Documented information’ is ISO’s catch-all phrase that replaces earlier references to Documents, Document control and Records.
The communications section is considerably strengthened from that in earlier OHS standards - with more detail specified. Whilst other requirements are broadly similar, support processes are now helpfully brought together in one clause.
8.1 Operational planning and control.
8.2 Emergency preparedness and response.
Plan, implement and control the processes needed to meet OHS requirements and implement the actions determined to address risk.
The standard specifies a hierarchy of controls in order of risk management preference. There are some subtle differences to hierarchies described in previous standards.
The management of both temporary and permanent changes that might affect health and safety are included here (in 8.1). Compared with earlier OHS standards, change management requirements are now much expanded. This area also differs a little from other new-generation standards - where the topic is generally considered in clause 6.
Controls over outsourcing, procurement and contractors are also considered here. Once again, those requirements are stronger than in earlier OHS standards (a recurring theme!).
9.1 Monitoring, measurement, analysis and performance evaluation.
9.2 Internal audit.
9.3 Management review.
These requirements may be summarised as:
- Check the performance of the OHSMS.
- Audit its effective implementation and conformance to requirements.
- Top management to periodically review the system.
The requirements for management review are expanded from those in earlier standards. Some of these changes are quite subtle e.g. where BS OHSAS 18001 required consideration ‘communications from interested parties’, the new standard talks of ‘communications with interested parties’. This suggests a two-way conversation - with outgoing communications also needing to be taken into account.
Other new requirements are more substantial. For example, there is much greater emphasis on consideration of resources, risks and opportunities.
Management review inputs (or ‘agenda’ for most people) is again expanded from earlier OHS standards. In integrated systems it would be quite practical to have a fully integrated management review.
10.2 Incident, nonconformity and corrective action.
10.3 Continual improvement.
Deal with incidents and nonconformities, determine the cause(s), act to eliminate them, and achieve improvement.
Incidents are now included in the same sub-clause as nonconformities and corrective actions. That seems logical as they can be dealt with in similar methods.
The equivalent requirements of other new-generation standards are compatible. Therefore, integrated systems may use the same basic process for handling incidents and nonconformities.
Transition to ISO 45001 OHS standard from earlier standards
ISO 45001 was released on 12 March 2018 and certification bodies globally commenced offering certification to it shortly afterwards. The British (and quasi-international) standard BS/OHSAS 18001 was almost immediately withdrawn with a 3-year period given for certified organizations to transition to the new standard.
In most cases, an organization developing an OHSMS for the first time would base it on the requirements of ISO 45001. However, some government bodies are still specifying requirements for certification to earlier, national standards (such as AS/NZS 4801) in tender documents. It is likely to take 2-3 years before they all refer to the ISO standard. So, if your organization is subject to such requirements, you may wish to retain certification to an earlier while perhaps still wishing to move forward to ISO 45001.
Your next step?
The first step in developing or updating a management system is to identify any gaps between the standard's requirements and what is currently in place. This process is known as a Gap Analysis. You can choose to perform the analysis yourselves or engage professional help. if the DIY approach is for you, there are Gap Analysis tools in Safety Toolkit - available now to Qudos Club susbcribers. Even more comprehensive solutions are included in Qudos 3 IMS software. There, template gap analysis checklists are fully integrated with Action plans, email reminders and dashboard reports.
Qudos and its partners can also perform a Gap Analysis service for you. An experienced lead auditor will review your current management system and interview key personnel involved in relevant areas of your organization. A report will be provided with a detailed a gap analysis against the standard. This may be used as a dynamic tool in the development of your system.
So, that’s our quick introduction to the new ISO 45001 standard. We trust that you found it useful.
Contact us now for further information or to discuss how we can help you.