ISO 45001 update

David SmithDirector, iMS Risk Solutions

Chair, BSI Management Systems Expert Group

What you need to know

about ISO 45001IOSH IOM

7th February 2018

David A Smith

www.imsrisksolutions.co.uk

Update on the standard

• ISO 45001 is the first ISO standard on occupational

health and safety requirements

• It is expected to be published on 15th February 2018

• OHSAS 18001:2007 will be withdrawn upon

publication of ISO 45001

• Those organizations with accredited OHSAS systems

will be allowed three years to migrate to the new

standard

• It has a similar structure to the quality standard ISO

9001:2015 and ISO 14001:2015

History

• Expectations on working conditions are for ever changing

around the world. In 1800 AD (in the UK) the starting

working age was 7 and they worked a 12 hour day!

• What was acceptable to our grandfathers is no longer

acceptable to many of today’s young people.

• People are generally living longer but many are suffering

from ill-health/diseases arising from the workplace in their

retirement.

So, we need to think very widely of all issues that could impact on

an organization – politically, social responsibility, regulatory etc.

and this is a key component of clause 4.1 of ISO 45001 on context

Importance of this new standard

• It recognises that OHS is a key business risk that needs

to be managed like other business risks

• If implemented properly, it should give confidence to

workers that they are working in an organization that

wants them to go home in the same state as they arrived

• Gives assurance to customers, labour organizations,

investors and regulators as well as workers

• Provides a framework that can easily be

integrated/aligned with ISO 9001 (quality), ISO 14001

(environmental) an other management system

requirement standards

ISO 45001

• This new standard will replace OHSAS 18001 and no

OHSAS certification will be valid after Feb 2021

• It is compatible with HSE guidance found in HSG 65

• The new standard has many high level requirements

that are not included in OHSAS 18001 and will

require more input and demonstrable commitment to

assure assessors that they meet ISO 45001

requirements

• All managers are expected to provide leadership and

direction even in support functions such as

finance/sales/marketing

Benefits of ISO 45001

• It provides a framework that any organization can use

for managing occupational health and safety (OHS)

risks

• The aim is to prevent work-related injury and ill

health to workers and provide a safe and healthy

workplace

• Enables an organisation to improve OHS performance

and achieve its OHS objectives

• Can assist an organization to fulfil its legal and other

requirements

What this means in practice

• If you look after those working for you they are more

likely to look after the organization and be loyal employees

• Hence there should benefits such as:

– Less work interruptions

– Less absenteeism

– Less training of new entrants because of high

turnover

– Reduction in insurance costs

• No-one wants to face an employee’s partner/relative and

tell them their beloved is not coming home tonight!

The approach

• Plan Do Check Act (PDCA) approach

• Risk

• Process approach (as per ISO 9001)

Clause 4.4 requires The organization shall establish,

implement, maintain and continually improve an OH&S

management system, including the processes needed and their

interactions, in accordance with the requirements of this

document.

This means that identification of processes as required in ISO

9001 can be useful for those implementing ISO 45001

Definition of worker

• The standard aims to ensure that all those who are

working under the control of the organization are

considered – therefore organizations cannot

subcontract those operations that are highly hazardous

and/or pose a significant risk to parties who are not

directly on the payroll and ignore their duty of care to

such workers.

• Top management is recognised as being equally at

risk from workplace activities – remember stress for

instance applies to all those at work.

Implications of worker definition

• The standard aims to ensure that all those who are

working under the control of the organization are

considered – therefore organizations cannot

subcontract or outsource those operations that are

highly hazardous and/or pose a significant risk to

parties who are not directly on the payroll and ignore

their duty of care to such workers.

• Top management is recognised as being equally at

risk from workplace activities – remember stress for

instance applies to all those at work.

workplace• “place under the control of the organization

where a person needs to be or to go for work

purposes”

• Note 1 to entry: The organization’s

responsibilities under the OH&S management

system for the workplace depend on the

degree of control over the workplace.

Definitions from the standard

Injury and ill health

“adverse effect on the physical, mental or cognitive*

condition of a person”

*Cognition - mental act or process by which

knowledge is acquired

hazard

“source with a potential to cause injury and ill

health”

occupational health and safety risk

(OH&S risk)“combination of the likelihood of occurrence of a

work-related hazardous event or exposure(s) and the

severity of injury and ill health that can be caused by

the event or exposure(s)”

Occupational health and safety

opportunity

“circumstance or set of circumstances that can lead

to improvement of OH&S performance”

Structure of ISO45001

Structure – follows ISO Annex SL

Directives – as per ISO 9001 and ISO 14001

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organization

5. Leadership and worker participation

6. Planning

7. Support

8. Operation

9. Performance evaluation

10.Improvement

Top management requirements

Deliverables include (Clause 5.1):

• ensuring policies and objectives are compatible with the strategic direction of the organization;

• ensuring that the management system (MS) achieves its intended outcome(s);

• directing and supporting persons to contribute to the effectiveness of the MS;

• promoting continual improvement;

• supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

The differences and similarities ISO

45001- BS OHSAS 18001• Similarities:

– PDCA/Risk based

– Identification of hazards, risk assessment and selection of

controls using the hierarchy of control

– Involvement of workers – though considerably strengthened in

45001

– Similar performance evaluation, internal audit and

management review approaches

• Differences:

– Requirement to determine context of an organization

– Increased leadership and commitment requirements from top

management and managers and involvement of workers

– Procurement/outsourcing/contractors

Context

Context of the organization

(Clause 4)

• Understanding the organization and its context

• Understanding the needs and expectations of

workers and other interested parties

• Determining the scope of the OHS system

• OHS Management system

Understanding the needs and

expectations of workers and other

interested parties (Clause 4.2)

• When considering the needs and expectations

of interested parties there are investors,

regulators, insurers, neighbours etc to consider

• The major party to consider are the workers!

Leadership and worker

participation (clause 5)

• Leadership and commitment

• OHS Policy

• Organizational roles, responsibilities and

authorities

• Consultation and participation of workers

Leadership

requirements

Top management requirements

Deliverables include ( from Clause 5.1):

• ensuring policies and objectives are compatible with the strategic direction of the organization;

• ensuring that the management system (MS) achieves its intended outcome(s);

• ensuring the integration of the OH&S management system requirements into the organization’s business processes;

• directing and supporting persons to contribute to the effectiveness of the MS;

• promoting continual improvement;

• supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

Policy requirements (clause 5.2)

Top management shall establish an MS policy that:

• a) is appropriate to the purpose of the organization;

• b) provides a framework for setting objectives;

• c) includes a commitment to satisfy applicable requirements;

• d) includes a commitment to continual improvement of the MS.

In order to meet requirements

• Top management need to establish:

• Clear objectives that are consistent with

strategic direction of organization ( which

relates back to the purpose of the organization

– bullet 5.2 a);

• Set Key Performance Indicators (KPI’s) that

are relevant and are consistent with the above

Route map

• Top management down need to be involved in

all the steps.

• Determining the Context

• Aligning policy and objectives with the

strategic direction

• Setting SMART objectives and KPI’s

• Ensure worker consultation and participation

Consultation and participation of

workers

• The organization has to provide processes for

consultation and participation at all levels and

provide mechanisms, time and training and

resources necessary

• Determine and remove obstacles or barriers to

participants

In conclusion

• The standard will have a significant impact

• It relates to business risk thinking and

integration into business processes

• It will be challenging for top management

• It requires active engagement of workers

Thank you

Any Questions?