The webinar covers:
• Main changes OHSAS 18001 versus ISO45001
• Correlation matrix OHSAS 18001:2007 against ISO45001
• Best guess interpretation using ISO14001:2015 as the guideline for possible content of ISO45001
Presenter:
This webinar was hosted by Mr. David Smart, Managing Director of Smart ISO Systems & Smart Mentoring, and who is also PECB Certified Trainer.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=69clAG1HYHI
2. David S Smart
Management Consultant, Business Coach & Mentor
My ISO experience spans more than 40 years as a Manager, Auditor and Consultant, specializing in information
Security, Quality, Health & Safety, Environmental, Medical device, Laboratory, Outsourcing and Asset management
systems; senior management consulting and optimization of Client resources.
My coaching and mentoring experience covers over 8 years assisting managers and directors to achieve their business
goals and also develop the associated skillsets to achieve them
++44 (0)1592 890270
david.smart@homecall.co.uk
www.smartmentoring.co
linkedin.com/david.smart
twitter.com/david.somerville.smart
fb.com/david.smart503092
3. What is ISO45001?
The new Standard for Health and Safety
which is going to replace OSHAS18001
4. What are the projected timeframes for
issuing it?
5. Content & Structure
Working draft
Annex SL – High Level Structure (HLS)
Governance and compatibility
7. New clause – 4.1
4.1 Context of an organisation
External issues
Internal characteristics or conditions
8. New Clause - 4.2 Interested
parties
Needs and expectations now obligatory
9. New clause – 5. leadership
5.1 - Leadership and commitment
5.2 – Policy
Organisational roles, responsibilities,
accountabilities and authorities
10. Revised clause - 7.5
Documented information
7.5.1 – General
7.5.2 – Creating and updating
7.5.3 – Control of documented information
11. Structure & Terminology
The clause structure and some of the terminology of this
international Standard in comparison with OSHAS18001, have
been changed to improve alignment with other management
system standards
The consequent changes in the structure and terminology do
not need to be reflected in the documentation of an
organisation’s health and safety management system
The structure of the clauses is intended to provide a coherent
presentation of requirements, rather than a model for
documenting an organisation’s policies, objectives and
processes. There is no requirement for the structure of an
organisation’s health and safety system’s documentation to
mirror that of this international Standard
14. No OSHAS18001 ISO45001
1. 4.1 general requirements 4. Context of the organisation
4.1 Understanding the organisation and its context.
4. Context of the organisation
4.3 Determining the scope of the H&S management system
4. Context of the organisation
4.4 OH&S management system
10. Improvement
10.2 Continual improvement
4. Context of the organization &
10. Improvement -1
15. No OSHAS18001 ISO45001
1. 4.1 general requirements 4. Context of the organisation
4.1 Understanding the organisation and its context.
4. Context of the organisation
4.3 Determining the scope of the H&S management system
4. Context of the organisation
4.4 OH&S management system
10. Improvement
10.2 Continual improvement
4. Context of the organization &
10. Improvement -2
17. No OSHAS18001 ISO45001
3.1 4.3.1 Hazard identification, risk
assessment and determining controls
6. Planning
6 actions to address risks and opportunities.
6.1.1 Overview
6. Planning
6.1 Actions to address risks & opportunities
6.1.2 Hazard identification
6. Planning
6.1 Actions to address risks and opportunities
6.1.4 OH&S risk assessment
6. Planning
6.1 Actions to address risks & opportunities
6.1.5 Planning changes
6. Planning
6.1 Actions to address risks & opportunities
6.1.6 Planning measures
6.Planning -1
18. No OSHAS18001 ISO45001
3.1 4.3.1 Hazard identification, risk
assessment and determining controls
6. Planning
6 actions to address risks and opportunities.
6.1.1 Overview
6. Planning
6.1 Actions to address risks & opportunities
6.1.2 Hazard identification
6. Planning
6.1 Actions to address risks and opportunities
6.1.4 OH&S risk assessment
6. Planning
6.1 Actions to address risks & opportunities
6.1.5 Planning changes
6. Planning
6.1 Actions to address risks & opportunities
6.1.6 Planning measures
6.Planning -2
19. No OSHAS18001 ISO45001
3.1 4.3.1 Hazard identification, risk
assessment and determining controls
6. Planning
6 actions to address risks and opportunities.
6.1.1 Overview
6. Planning
6.1 Actions to address risks & opportunities
6.1.2 Hazard identification
6. Planning
6.1 Actions to address risks and opportunities
6.1.4 OH&S risk assessment
6. Planning
6.1 Actions to address risks & opportunities
6.1.5 Planning changes
6. Planning
6.1 Actions to address risks & opportunities
6.1.6 Planning measures
6.Planning -3
20. No OSHAS18001 ISO45001
3.1 4.3.1 Hazard identification, risk
assessment and determining controls
6. Planning
6 actions to address risks and opportunities.
6.1.1 Overview
6. Planning
6.1 Actions to address risks & opportunities
6.1.2 Hazard identification
6. Planning
6.1 Actions to address risks and opportunities
6.1.4 OH&S risk assessment
6. Planning
6.1 Actions to address risks & opportunities
6.1.5 Planning changes
6. Planning
6.1 Actions to address risks & opportunities
6.1.6 Planning measures
6.Planning -4
21. No OSHAS18001 ISO45001
3.1 4.3.1 Hazard identification, risk
assessment and determining controls
6. Planning
6 actions to address risks and opportunities.
6.1.1 Overview
6. Planning
6.1 Actions to address risks & opportunities
6.1.2 Hazard identification
6. Planning
6.1 Actions to address risks and opportunities
6.1.4 OH&S risk assessment
6. Planning
6.1 Actions to address risks & opportunities
6.1.5 Planning changes
6. Planning
6.1 Actions to address risks & opportunities
6.1.6 Planning measures
6.Planning -5
22. No OSHAS18001 ISO45001
3.2. 4.3.2 Legal and other
requirements
4. Context of the organisation
4.2 Understanding the needs and
expectations of interested parties
6. Planning
6.1 Actions to address risks and
opportunities
6.1.3 Determination of the legal and other
requirements
4. Context of the organization &
6.Planning
23. No OSHAS18001 ISO45001
3.3. 4.3.3 Objectives and
programmes
6. Planning
6.2 OH&S objectives and planning to achieve
them
6.2.2 Planning to achieve health and safety
objectives
6. Planning
6.1 Actions to address risks and
opportunities
6.1.3 Determination of the legal and other
requirements
6. Planning
24. No OSHAS18001 ISO45001
4. 4.4 Implementation and
operation
4.1 4.4.1 resources, roles,
responsibility and authority
5. Leadership
5.1 leadership and commitment
5. leadership
5.3 Organisational roles, responsibilities
and authorities
7. Support
7.1 resources
5. Leadership & 7. Support -1
25. No OSHAS18001 ISO45001
4. 4.4 Implementation and
operation
4.1 4.4.1 resources, roles,
responsibility and authority
5. Leadership
5.1 leadership and commitment
5. leadership
5.3 Organisational roles, responsibilities
and authorities
7. Support
7.1 resources
5. Leadership & 7. Support -2
26. No OSHAS18001 ISO45001
4. 4.4 Implementation and
operation
4.2 4.4.2 competence,
training and awareness
7. Support
7.2 Competence
7. Support
7.3 Awareness
7. Support -1
27. No OSHAS18001 ISO45001
4. 4.4 Implementation and
operation
4.2 4.4.2 competence,
training and awareness
7. Support
7.2 Competence
7. Support
7.3 Awareness
7. Support -2
28. No OSHAS18001 ISO45001
4.3 4.4.3 communication,
participation and consultation
4.3.1 4.4.3.1 Communication 7. Support
7.4 Information, communication
participation and consultation
7.4.1 Information and communication
7. Support -1
29. No OSHAS18001 ISO45001
4.3 4.4.3 communication,
participation and consultation
4.3.2 4.4.3.2 Participation and
consultation
7. Support
7.4 Information, communication
participation and consultation
7.4.2 Participation and consultation
7. Support -2
30. No OSHAS18001 ISO45001
4.4 4.4.4 Documentation 7. Support
7.5 Documented information
7.5.1 General
7. Support
7.5 Documented information
7.5.2 Creating and updating
7. Support
31. No OSHAS18001 ISO45001
4.5 4.4.5 Control of documents 7. Support
7.5 Documented information
7.5.3 Control of documented information
7. Support
32. No OSHAS18001 ISO45001
4.6 4.4.6 Operational control 8. Operations
8.1 Operational planning and control
8.1.1 General
8. Operation
8.2 Management of change
8. Operation
8.3 Outsourcing
8. Operation
8.4 Procurement
8. Operation
8.5 Contactors
8. Operations - 1
33. No OSHAS18001 ISO45001
4.6 4.4.6 Operational control 8. Operations
8.1 Operational planning and control
8.1.1 General
8. Operation
8.2 Management of change
8. Operation
8.3 Outsourcing
8. Operation
8.4 Procurement
8. Operation
8.5 Contactors
8. Operations - 2
34. No OSHAS18001 ISO45001
4.7 4.4.7 Emergency preparedness and
response
8. Operations
8.6 Emergency preparedness and response
4.5 Checking
8. Operations - 3
35. No OSHAS18001 ISO45001
4.5. 4.5.1 performance measurement
and monitoring
9. Performance evaluation
9.1 Monitoring measurement analysis and
evaluation
9.1.1 General
9. Performance evaluation -1
36. No OSHAS18001 ISO45001
4.5 4.5.2 Evaluation of compliance 9. Performance evaluation
9.1 Monitoring measurement analysis and
evaluation
9.1.2 Evaluation of compliance5
9. Performance evaluation - 2
37. No OSHAS18001 ISO45001
5.1 4.5.3 Incident investigation,
nonconformity, corrective and
preventive action
No equivalent requirement
My ISO experience goes back to the days of BS5750 where I was lucky enough to be part of a large project team putting in BS5750 into two large manufacturing plants back in 1979.
I registered as a consultant with PERA after being made redundant twice in 3 years when I set up my consultancy practice as Smart Quality Systems.
Credibility was a problem I had, so I joined a large American consultancy firm working on Corporate projects throughout Europe for 3 years which gave me exposure in Europe and also broader consultancy experience apart from quality.
I worked in North America for around 9 years on projects with mostly SME’s broadening my experience even further by working on other ISO Standards.
In 2008 I came home and set up Smart Mentoring to complement my ISO skills. I feel often companies do not fully understand the benefits that ISO systems can bring to a Business. They focus too much on the marketing side (Badge up on the wall mentality) using them as a bolt-on systems without looking at the bottom line savings that can be made by improvements in their internal processes by better resource utilisation
OSHAS18001 has been in existence in its current version since 2007. It is now going to be adopted as an international ISO Standard
Notes:
It is expected to be published as a Standard in quarter 4 of 2016.
2. As you can see from the drawing the Final draft information standard (FDIS) is due to be published for commenting on in March 2016. Once these comments have been voted on with a majority, then it will be available as the final Standard for using
Working Draft: The first working draft (WD1) of the future ISO 45001 Occupational Health and Safety Standard was produced in an effort to find consensus among the members of the United States Technical Advisory Group in respect of US position on important technical issues. What requirements should the Standard include and what information should be presented in Annex A as guidance was discussed.
New Standard’s High-Level Structure (HLS): according to ISO Annex SL (previously ISO Guide 83). This standard will have the same common format for all new and revised ISO management standards e.g ISO 9001, ISO14001, ISO27001 etc. It will be supplemented by other sub-clauses or sub-subclauses from the Occupational health and safety area.
Governance & compatibility: The proposed new ISO 45001 Standard will support new areas of management systems to ensure better compatibility and systems governance, making the implementation within the organization much smoother.
The final published standard will apply to any organization wishing to establish and implement the international health and safety management system to reduce or minimalize risks to personnel and other relevant parties, maintain and constantly improve their health and safety performance, and keep their operations in line with their stated health and safety policies against the requirements of the Standard.
ISO/CD 45001 includes some enhanced requirements:
ISO/CD 45001 places more emphasis on risk management and ongoing assessment of risks and opportunities to prevent, or reduce, undesired effects.
There is a strengthening of the requirement to demonstrate and understand compliance status at all times (i.e. with legal and other requirements).
There are specific sub-sections and requirements for contractors and procurement, clarifying and expanding requirements of OHSAS 18001. Also a specific requirement on outsourcing of operations – “The organization shall ensure that outsourced processes affecting its OH&S management system are controlled”.
There are enhanced requirements for the use of performance indicators to monitor performance (9.1 Monitoring, measurement, analysis and evaluation) and track OH&S performance including status and trends in monitoring and measurement results (9.3 Management review – c).
New clause: Context of the organisation (4.1)
The intent of 4.1 is to provide a high-level, conceptual understanding of the important issues that can affect, either positively or negatively, the way the organisation manages its responsibilities in relation to the OH&S management system for persons working under its control. The issues of interest are those that affect the organisation’s ability to achieve the intended outcome, including the objectives it sets for its OH&S management system, which include meeting its OH&S policy commitments.
Examples of the issues are:
External issues: such as the cultural, social, political, legal, financial, technological, economic and natural surroundings and market competition, whether international, national, regional or local.
Internal characteristics or conditions of the organisation: such as governance, structure, roles and accountabilities and the organisation’s culture.
The guidance given in ISO/CD 45001 adds the comment that:
“The results of the context review should be used to assist the organization in understanding and determining the scope of its OH&S management system, determining its risks and opportunities, developing or enhancing its OH&S policy, setting its OH&S objectives and determining the effectiveness of its approach to maintaining compliance with applicable legal requirements and other requirements to which the organization subscribes”.
New clause: Interested parties (4.2): The organisation has to determine the interested parties that are relevant to the OH&S management system, and then the relevant requirements of those interested parties. However, there is no expectation that the organisation shall comply with all those relevant requirements. ISO/CD 45001 adds the statement:
“and which of these become applicable legal and other requirements to which the organisation subscribes”.
Referring to the guidance given in Annex A, we have the explanation:
“That Interested party needs and expectations are not necessarily compliant requirements of the organization. It is important to distinguish between what these needs and expectations will lead to:
mandatory requirements, laws, regulations
voluntary commitments to interested parties to which the organization voluntarily subscribes
Needs and expectations from interested parties only become obligatory requirements for an organization if that organization chooses to adopt them”.
New clause: Leadership (5)
Section 5 dedicates itself to “Leadership” This section is divided into three sub-clauses:
5.1 Leadership and commitment.
5.2 Policy.
5.3 Organizational roles, responsibilities, accountabilities and authorities.
Although some of section 5 will seem familiar to users of OHSAS 18001 there are significant new and enhanced requirements.
This clause calls for the organisation’s top management to demonstrate their involvement and engagement with the OH&S management system through direct participation in, for example:
Taking OH&S performance into account in strategic planning
Communicating the importance of effective OH&S management and of conforming to the OH&S management system requirements
Directing and supporting persons to contribute to the effectiveness of the OH&S management system for all functions
Promoting and leading organisational culture with regard to the OH&S management system
Top management shall identify one or more of its members to be accountable for the OH&S policy and OH&S management system.
Note that these are activities top management are required to carry out, they cannot delegate them to others. Thus, the top management assume an active role in the OH&S management system. The leaders must also ensure the integration of the OH&S management system requirements into the organisation’s business processes.
Revised requirements – Documented information (7.5)
OHSAS 18001 requirements for documentation and records are largely transferred to section 7.5, with revisions.
Sub clause7.5 is further divided into three parts:
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented Information
The significant change is use of the term “documented information” not “documents and records” as is the case in OHSAS 18001. Documented information includes processed information held for example on smartphones, tablets etc.
Alignment with other management system standards: There is a movement towards integrating the various Standards together to make a cohesive system and make them easier to manage.
Organisations H&S system: You do not slavishly need to follow the structure and terminology, but it is useful to have a matrix in your system cross-referencing the terminology in the standard i.e. glossary of terms and also showing where you have addressed each clause of the Standard in your system
Coherent presentation: The Standard is not intended as a model for documenting the policies objectives and processes. However it is good practice to make a matrix showing the cross-references from the appropriate clause in the Standard, apart from anything else it makes it easier for an auditor who is not familiar with the company’s system to quickly find the information
Common format : This is the high level structure that is going to be adopted by all future standards and has already been adopted in ISO27001 Information security, ISO9001 Quality management systems and ISO140001 Environmental management systems
We will now go on and look at where the old Standard’s clauses fit into the new standard and also where the requirements have changed.
5.2 Health and safety policy: Top management shall establish, implement and maintain a health and safety policy that is within the defined scope of its health and safety management system:
is appropriate to the purpose and context of the organization, including the nature, scale and impacts of its activities, products and services;
provides a framework for setting health and safety objectives;
includes a commitment to the protection of the environment, including prevention of pollution and other specific commitment(s) relevant to the context of the organization;
NOTE: Other specific commitment(s) to protect the workforce can include sustainable resource use.
includes a commitment to fulfil its compliance obligations;
includes a commitment to continual improvement of the health and safety management system to enhance its health and safety performance.
The health and safety policy shall:
be maintained as documented information;
be communicated within the organization; — be available to interested parties.
6.1.1 General The organization shall establish, implement and maintain the process(es) needed to meet the requirements in 6.1.1 to 6.1.4.
When planning for the health and safety management system, the organization shall consider:
a) the issues referred to in 4.1;
b)the requirements referred to in 4.2;
c) the scope of its health and safety management system; and determine the risks and opportunities, related to its health & safety hazards (see 6.1.2), compliance obligations (see 6.1.3) and other issues and requirements, identified in 4.1 and 4.2, that need to be addressed to:
give assurance that the health and safety management system can achieve its intended outcomes;
prevent or reduce undesired effects, including the potential for external environmental conditions that affect the organization;
achieve continual improvement.
Within the scope of the health & safety management system, the organization shall determine potential emergency situations, including those that can have an environmental impact.
The organization shall maintain documented information of its:
risks and opportunities that need to be addressed;
process(es) needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned.
6.1.2 Hazard identification: Within the defined scope of the health and safety management system, the organization shall determine the health and safety hazards of its activities, products and services that it can control and those that it can influence, and their associated health and safety impacts, considering a life cycle perspective.
When determining health and safety hazards, the organization shall take into account:
a) change, including planned or new developments, and new or modified activities, products and services;
b) abnormal conditions and reasonably foreseeable emergency situations.
The organization shall determine those hazards that have or can have a significant impact, i.e. significant hazards, by using established criteria.
The organization shall communicate its significant health and safety hazards among the various levels and functions of the organization, as appropriate.
The organization shall maintain documented information of its:
— health & safety hazards and associated impacts; — the criteria used to determine these significant health & safety hazards;
NOTE Significant health & safety hazards can result in risks and opportunities associated with either adverse health and safety impacts (threats) or beneficial health and safety impacts (opportunities).
6.1.4 Planning action
The organization shall plan & take actions to address its:
significant Health & safety hazards;
compliance obligations;
risks and opportunities identified in 6.1.1;
How to:
integrate and implement the actions into its OH&S management system processes
(see 6.2, Clause 7, Clause 8 and 9.1), or other business processes;
evaluate the effectiveness of these actions (see 9.1).
When planning these actions, the organization shall consider its technological options and its financial, operational and business requirements.
6.1.5 Planning changes: Procedures do not remain static i.e. written once, then forgotten about. The procedures should be periodically reviewed and when improved methods of doing a job are found then the procedure should be amended to reflect this.
Often in organisation people change procedures unofficially e.g. by the supervisor issuing verbal instructions or the operator either sliding into bad habits or indeed finding a new way of doing the job.
Another way is through changes in technology where the technology changes the working practices for example from a manual to an automated method. Changes have to be done in a controlled manner not ad hoc without trials and agreement that indeed there is an improvement to the current method of doing things.
6.1.6 Planning measures: Planning is all too often not thought about deeply enough. People tend to rush into things and do them by trial and error. This is not a good way to go about things I always try to remember the saying “Proper planning prevents poor performance”
4.2 Understanding the needs and expectations of interested parties The organization shall determine:
the interested parties that are relevant to the health & safety management system;
the relevant needs and expectations (i.e. requirements) of these interested parties;
which of these needs and expectations become its compliance obligations.
6.1.3 Determination of the legal and other requirements
The organization shall:
determine and have access to the compliance obligations related to its Health and safety hazards
determine how these compliance obligations apply to the organization;
take these compliance obligations into account when establishing, implementing, maintaining and continually improving its OH&S management system.
The organization shall maintain documented information of its compliance obligations.
NOTE; Compliance obligations can result in risks and opportunities to the organization.
6.2.2 Planning to achieve health and safety objectives: When planning how to achieve its health and safety objectives, the organization shall determine: a) what will be done;
b) what resources will be required;
c)who will be responsible;
d) when it will be completed;
e) how the results will be evaluated, including indicators for monitoring progress toward achievement of its measurable environmental objectives (see 9.1.1).
The organization shall consider how actions to achieve its environmental objectives can be integrated into the organization’s business processes.
6.1. Determination of the legal and other requirements: The organization shall:
determine and have access to the compliance obligations related to its health and safety hazards; determine how these compliance obligations apply to the organization; take these compliance obligations into account when establishing, implementing, maintaining and continually improving its health and safety management system.
The organization shall maintain documented information of its compliance obligations.
NOTE Compliance obligations can result in risks and opportunities to the organization.
5.1 Leadership & comittment: Top management shall demonstrate leadership and commitment with respect to the health & safety management system by:
taking accountability for the effectiveness of the OH&S management system;
ensuring that the OH&S policy and health and safety objectives are established and are compatible with the strategic direction and the context of the organization;
ensuring the integration of the health and safety management system requirements into the organization’s business processes;
ensuring that the resources needed for the OH&S management system are available;
communicating the importance of effective health and safety management and of conforming to the OH&S management system requirements;
ensuring that the H&S management system achieves its intended outcomes;
directing and supporting persons to contribute to the effectiveness of the health and safety management system;
promoting continual improvement;
supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.
5.3 Organisational roles, responsibilities and authorities: Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.
Top management shall assign the responsibility and authority for:
ensuring that the health and safety management system conforms to the requirements of this International Standard;
reporting on the performance of the health and safety management system, including health and safety performance, to top management.
7.1 Resources: The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the health and safety management system.
7.2 competence: The organization shall -
determine the necessary competence of person(s) doing work under its control that affects its health and safety performance and its ability to fulfil its compliance obligations;
ensure that these persons are competent on the basis of appropriate education, training or experience;
determine training needs associated with its health and safety hazards and its health and safety management system;
where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken.
NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the reassignment of currently employed persons; or the hiring or contracting of competent persons.
The organization shall retain appropriate documented information as evidence of competence.
7.3 Awareness: The organization shall ensure that persons doing work under the organization’s control are aware of:
a) the health and safety policy;
b) the significant health and safety hazards and related actual or potential health and safety hazards associated with their work;
c) their contribution to the effectiveness of the health and safety management system, including the benefits of enhanced health and safety performance;
the implications of not conforming with the health and safety management system requirements, including not fulfilling the organization’s compliance obligations.
7.4.1 Information and communication: The organization shall establish, implement and maintain the process(es) needed for internal and external communications relevant to the health and safety management system, including:
a) on what it will communicate;
b) when to communicate;
c) with whom to communicate;
d) how to communicate.
When establishing its communication process(es), the organization shall:
— take into account its compliance obligations;
— ensure that health and safety information communicated is consistent with information generated within the health and safety management system, and is reliable.
The organization shall respond to relevant communications on its health and safety management system.
The organization shall retain documented information as evidence of its communications, as appropriate.
7.4.2 Participation and communication:
Internal communication
The organization shall:
internally communicate information relevant to the health and safety management system among the various levels and functions of the organization, including changes to the health and safety management system, as appropriate; ensure its communication process(es) enable(s) persons doing work under the organization’s control to contribute to continual improvement.
External communication
The organization shall externally communicate information relevant to the health and safety management system, as established by the organization’s communication process(es) and as required by its compliance obligations.
7.5 Documented information
7.5.1 General:
The organization’s health and safety management system shall include:
documented information required by this International Standard;
documented information determined by the organization as being necessary for the effectiveness of the health and safety management system.
NOTE The extent of documented information for a Health & safety management system can differ from one organization to another due to:
the size of organization and its type of activities, processes, products and services;
the need to demonstrate fulfilment of its compliance obligations;
the complexity of processes and their interactions;
the competence of persons doing work under the organization’s control.
7.5.2 Creating and updating
When creating and updating documented information, the organization shall ensure appropriate:
identification and description (e.g. a title, date, author, or reference number);
format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
review and approval for suitability and adequacy.
7.5.3 Control of documented information: Documented information required by the health and safety management system and by this International Standard shall be controlled to ensure:
it is available and suitable for use, where and when it is needed;
it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
For the control of documented information, the organization shall address the following activities as applicable:
distribution, access, retrieval and use;
storage and preservation, including preservation of legibility;
control of changes (e.g. version control);
retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the health and safety management system shall be identified, as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
8.1 Operational planning and control
The organization shall establish, implement, control and maintain the processes needed to meet health and safety management system requirements, and to implement the actions identified in 6.1 and 6.2, by:
— establishing operating criteria for the process(es);
— implementing control of the process(es), in accordance with the operating criteria.
NOTE Controls can include engineering controls and procedures. Controls can be implemented following a hierarchy (e.g. elimination, substitution, administrative) and can be used individually or in combination.
8.2 management of change The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
8.3 Outsourcing The organization shall ensure that outsourced processes are controlled or influenced. The type and extent of control or influence to be applied to the process(es) shall be defined within the health and safety management system.
Consistent with a life cycle perspective, the organization shall:
establish controls, as appropriate, to ensure that its health and safety requirement(s) is (are) addressed in the design and development process for the product or service, considering each life cycle stage;
8.4 Procurement/8.5 contractors: determine its health and safety requirement(s) for the procurement of products and services, as appropriate;
communicate its relevant health and safety requirement(s) to external providers, including contractors;
consider the need to provide information about potential significant health and safety hazards associated with the transportation or delivery, use, end-of-life treatment and final disposal of its products and services.
The organization shall maintain documented information to the extent necessary to have confidence that the processes have been carried out as planned.
8.6 Emergency preparedness and response:
The organization shall establish, implement and maintain the process(es) needed to prepare for and respond to potential emergency situations identified in 6.1.1.
The organization shall:
prepare to respond by planning actions to prevent or mitigate adverse health and safety hazards from emergency situations;
respond to actual emergency situations;
take action to prevent or mitigate the consequences of emergency situations, appropriate to the magnitude of the emergency and the potential health and safety consequences
periodically test the planned response actions, where practicable;
periodically review and revise the process(es) and planned response actions, in particular after the occurrence of emergency situations or tests;
provide relevant information and training related to emergency preparedness and response, as appropriate, to relevant interested parties, including persons working under its control.
The organization shall maintain documented information to the extent necessary to have confidence that the process(es) is (are) carried out as planned.
9.1 Monitoring measurement analysis and evaluation
9.1.1 General
The organization shall monitor, measure, analyse and evaluate its health and safety performance.
The organization shall determine:
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;
c) the criteria against which the organization will evaluate its health and safety performance, and appropriate indicators;
d) when the monitoring and measuring shall be performed;
e) when the results from monitoring and measurement shall be analysed and evaluated.
The organization shall ensure that calibrated or verified monitoring and measurement equipment is used and maintained, as appropriate.
The organization shall evaluate its environmental performance and the effectiveness of the health and safety management system.
The organization shall communicate relevant environmental performance information both internally and externally, as identified in its communication process(es) and as required by its compliance obligations.
The organization shall retain appropriate documented information as evidence of the monitoring, measurement, analysis and evaluation results.
9.1.2 Evaluation of compliance: The organization shall establish, implement and maintain the process(es) needed to evaluate fulfilment of its compliance obligations.
The organization shall:
determine the frequency that compliance will be evaluated;
evaluate compliance and take action if needed;
maintain knowledge and understanding of its compliance status.
The organization shall retain documented information as evidence of the compliance evaluation result(s).
While there is no direct correlation here the requirements still exist but under a different clause which we will see in the following slides.
Preventive action has now been removed from Standards as it is intended that corrective action will prevent recurrence. Sometimes corrective actions are obvious and do not required a lot of investigation or effort to solve. This was the idea of corrective actions in the old standard. Preventive action was where time and resources were required to find the root cause, often just the symptoms were and the problem recurred again further down the line.
I found often when auditing that confusion existed between these two procedures as the users never really fully understood what the preventive action procedure was attempting to do
10.1 Nonconformity & corrective action: The organization shall determine opportunities for improvement (see 9.1, 9.2 and 9.3) and implement necessary actions to achieve the intended outcomes of its health and safety management system.
When a nonconformity occurs, the organization shall:
react to the nonconformity and, as applicable:
take action to control and correct it;
deal with the consequences, including mitigating adverse heaslth and safety hazards;
evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by:
reviewing the nonconformity;
determining the causes of the nonconformity;
determining if similar nonconformities exist, or could potentially occur;
implement any action needed;
10.1 Nonconformity & corrective action – continued…:
d) review the effectiveness of any corrective action taken;
e) make changes to the health and safety management system, if necessary.
Corrective actions shall be appropriate to the significance of the effects of the nonconformities encountered, including the health and safety hazard(s).
The organization shall retain documented information as evidence of: — the nature of the nonconformities and any subsequent actions taken; — the results of any corrective action.
7.5.3 Control of documented information: Documented information required by the health and safety management system and by this International Standard shall be controlled to ensure:
it is available and suitable for use, where and when it is needed;
it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
For the control of documented information, the organization shall address the following activities as applicable:
distribution, access, retrieval and use;
storage and preservation, including preservation of legibility;
control of changes (e.g. version control);
retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the health and safety management system shall be identified, as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
9.2.1 Internal audit objectives The organization shall conduct internal audits at planned intervals to provide information on whether the health and safety management system:
conforms to:
the organization’s own requirements for its health and safety management system;
the requirements of this International Standard;
b) is effectively implemented and maintained.
9.2.2 Internal audit implementation: The organization shall establish, implement and maintain an internal audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting of its internal audits.
When establishing the internal audit programme, the organization shall take into consideration the heath and safety importance of the processes concerned, changes affecting the organization and the results of previous audits.
The organization shall:
define the audit criteria and scope for each audit;
select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
ensure that the results of the audits are reported to relevant management.
The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.