Are You Ready for ISO 45001?

After five years of international debate about the meaning of “worker”, “participation”, “leadership” and “interested parties” ISO 45001, the international standard for occupational health and safety (OH&S) management, was finally published in March 2018. The uptake of the new standard has been slower than expected, with ISO 45001 auditing organisations admitting that requests for accreditation have been “below predictions.”

Organisations with existing OHSAS 18001 accreditation have until March 2021 (or until their current certification runs out) to certify to the new standard. Some, given the expense and effort involved, will wait until the last minute to do so. Others, having delayed certification to OHSAS 18001 in the expectation of the new standard, might wait and learn from the experience of others.

The only way to really understand what ISO 45001 requires is to buy and read the entire standard. Whether you have already decided to go for ISO 45001 and you’re thinking about how to make the process run smoothly or you are still undecided, here are three key areas to consider. For each area we suggest some self-audit questions to assess your readiness for certification. (references in brackets refer to the relevant clause in ISO 45001).

_________________________________________________________________________________________________________

1) Worker Participation

Some features of ISO 45001 were copied over from the other aligned standards such as ISO 9001 for quality. However, the concept of worker participation was new to ISO 45001 and therefore hotly debated. Who is a worker? How do you measure participation? Is it the same as engagement?

The 2016 draft of ISO 45001 stated that management should be “ensuring active participation of workers.” That was going to be difficult to achieve, and harder to measure. The published version includes the more realistic requirement that organisations “establish, implement and maintain processes for the participation of workers.”

A precursor of participation is that OH&S policy should be available to all interested parties and communicated within the organisation. An auditor will need to see evidence of this. A circular email with a link to a document on the Intranet will not provide any evidence that workers have looked at the policies relevant to them.

Remember too that “interested parties” includes contractors. What documents do they need to see? If the documents are on your Intranet, what are the security implications of giving them access? Is there a better way of controlling what they see – and checking they have taken it on board in their planning?

Participation is not a box ticking exercise. ISO 45001 is replete with terms like “actively involved” and “promoting open discussion”. If you want workers to participate in areas recommended by ISO 45001 they need training in risk assessment, safety management and incident response, as well as task-related training such as working at height, electrical safety or manual handling.

Work Participation Self-Audit Questions

1.1 Can you provide and track “timely access to clear, understandable and relevant information about the OH&S management system”? (5.4 b) Can you show you have planned who needs to read which policies?

1.2 Can you show that you have provided contractors with “the occupational health and safety criteria” relevant to their work (8.1.4.2) and other relevant OH&S information (7.4.1 c).

1.3 Can you show that workers have had training “necessary for consultation and participation” (5.4a) including “identifying hazards and assessing risks .. determining control measures and their effective use .. and investigating incidents”? (5.4 e).

_________________________________________________________________________________________________________

2) Leadership Commitment

Leadership commitment means more than telling everyone that “safety is your first priority.” Without visible management commitment to providing resources for OH&S, participation becomes ineffective.

However keen a senior manager might be, there can be layers of “filtering” between the ground floor and the management suite – intermediate managers who pick and choose which information management should see. Whilst some filtering is necessary to stop senior managers being overwhelmed by the minutia of every day, it is better if senior managers can choose their own filters.

Whilst audits to OHSAS 18001 focused on documentation and observation, audits to ISO 45001 include challenging interviews with senior managers. An auditor will soon spot a manager who is out-of-touch with the way things are really done. Leaders must have the information at their fingertips.

Leadership Commitment Self-Audit Questions

2.1 Top managers can be asked how they communicate “the importance of effective OH&S management and of conforming to the OH&S management system requirements.” (5.1e) Can managers access information to see which workers have been consulted over which policies and procedures? Do they know what feedback was received?

2.2 Top managers demonstrate leadership by “supporting persons to contribute to the effectiveness of the OH&S management system” (5.1 g). Can managers show they understand the organisation’s priorities for competence, and explain how training supports this process?

2.3 What tools are available to support management review in your organisation? “Top management shall review the organization’s OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.” (9.3).

_________________________________________________________________________________________________________

3) Flexibility of Documentation

ISO 45001 requires organisations to “create documented information to meet the requirements of this standard.” Thankfully, the standard confirms “Procedures may be documented or not” (3.26). For example, some ad hoc maintenance procedures are too variable to document precisely and rely on the competence of the people doing it to determine the steps needed to complete a task safely.

OHSAS 18001 didn’t say that documentation had to be on paper, but there was often an assumption that it did need to be printed, or if not, it had to be text-based documents all kept on a server or Intranet. ISO 45001 (and related guidance in ISO 45002) is explicit that documentation can be in any appropriate format, which could include drawings, photographs, audio or visual recordings or graphs.

If all your documentation is currently in Word and Excel documents, going for ISO 45001 could be the opportunity you need, not just to get a certificate, but to put more efficient work processes in place. Using the best available digital technology to manage and track your policies, procedures and training courses will not only make an ISO 45001 audit easier: it will free up admin time, giving you more time to identify opportunities. Instead of hours spent organising the information and data, instant reporting means you can concentrate on the thing that all health and safety standards, from the UK HSE’s version in 1991 (HSG65) through to ISO 45001 have all aimed for – continuous improvement, which means saving lives and protecting health.

Documentation Self-Audit Questions

3.1 Can you show that where step-by-step procedures are not in place, you have processes for training people to carry out the work, and for “ensuring the competence of workers” (A8.1.1 b)?

3.2 Can you show when and how information has been created, reviewed and updated and who received which version? (7.5.2 Creating and updating).

3.3 Can you access OH&S information from anywhere, while keeping the information secure from anyone who should not have access to it? (7.5.3 Control of documented information).

_________________________________________________________________________________________________________

For more information on what ISO 45001 is, who it’s for and how it can benefit your organisation, click here for the official PDF.

Looking to train your employees in health and safety? Visit our course library to see our extensive online training catalogue.

Disclaimer: This article is purely for informational purposes. For more information on workplace health and safety in the UK, visit the Health and Safety Executive.