Iso cd2 45001 occupational health and safety management systems requirements for with guidance for use

© ISO 2014 – All rights reserved

Secretariat of ISO/PC 283 Date: 25 March 2015

To the Members of

ISO/PC 283

Occupational health and safety management systems

ISO/CD 45001.2 Occupational health and safety management systems – Requirements with guidance for use (Systèmes de management de la santé et de la sécurité au travail — Exigences et lignes directrices

pour son utilisation)

Please find the second Committee Draft of ISO 45001 attached.

This is being circulated to ISO/PC 283's members for commenting and ballot (a ballot has been established on the ISO Balloting Portal for this). Only P-members may vote; other members may submit comments. P-members have an obligation to vote.

The closing date for the submission of comments and votes is:

5 June 2015

Please use the ISO commenting template for the submission of comments, which may be downloaded from: http://isotc.iso.org/livelink/livelink?func=ll&objId=5156909&objAction=browse&sort=name

Please include the relevant CD line number against each comment, in the 2nd column. We know from past experience with the development of ISO management system standards that we can expect a large number of comments at the CD stage. We may therefore have to return any comments that are submitted without reference to line numbers, or if other parts of the template have not been completed correctly, as we might not be able to process them adequately.

We look forward to receiving your votes and comments on the CD.

Yours sincerely Charles Corrie For the BSI Secretariat of ISO/PC 283 [email protected]

Document: ISO/PC 283/N 166

ISO/PC 283/N 166 Date: 2015-03-25

ISO/CD 45001.2

ISO/PC 283/WG 1

Secretariat: SIS

Occupational health and safety management systems — Requirements with guidance for use

Systèmes de management de la santé et de la sécurité au travail — Exigences et lignes directrices pour son utilisation

Warning

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.

ISO/CD 45001.2

© ISO 2014 – All rights reserved iii

Copyright notice 1

This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the 2 reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards 3 development process is permitted without prior permission from ISO, neither this document nor any extract 4 from it may be reproduced, stored or transmitted in any form for any other purpose without prior written 5 permission from ISO. 6

Requests for permission to reproduce this document for the purpose of selling it should be addressed as 7 shown below or to ISO's member body in the country of the requester: 8

ISO copyright office 9 Case postale 56 • CH-1211 Geneva 20 10 Tel. + 41 22 749 01 11 11 Fax + 41 22 749 09 47 12 E-mail [email protected] 13 Web www.iso.org 14

Reproduction for sales purposes may be subject to royalty payments or a licensing agreement. 15

Violators may be prosecuted. 16

ISO/CD 45001.2

© ISO 2014 – All rights reserved iv

Contents Page 17

Foreword ............................................................................................................................................................ vi 18

Introduction ....................................................................................................................................................... vii 19

1 Scope ...................................................................................................................................................... 1 20

2 Normative references ............................................................................................................................ 1 21

3 Terms and definitions ........................................................................................................................... 1 22

4 Context of the organization .................................................................................................................. 7 23 4.1 Understanding the organization and its context ................................................................................ 7 24 4.2 Understanding the needs and expectations of workers and other interested parties ................... 7 25 4.3 Determining the scope of the OH&S management system............................................................... 7 26 4.4 OH&S management system ................................................................................................................. 7 27

5 Leadership, worker participation and consultation ........................................................................... 7 28 5.1 Leadership and commitment ............................................................................................................... 7 29 5.2 Policy ...................................................................................................................................................... 8 30 5.3 Organizational roles, responsibilities, accountabilities and authorities ......................................... 9 31 5.4 Participation, consultation and representation .................................................................................. 9 32

6 Planning ............................................................................................................................................... 10 33 6.1 Actions to address risks and opportunities ..................................................................................... 10 34 6.2 OH&S objectives and planning to achieve them .............................................................................. 13 35

7 Support ................................................................................................................................................. 14 36 7.1 Resources ............................................................................................................................................ 14 37 7.2 Competence ......................................................................................................................................... 14 38 7.3 Awareness ............................................................................................................................................ 15 39 7.4 Information and communication ........................................................................................................ 15 40 7.5 Documented information .................................................................................................................... 15 41

8 Operation .............................................................................................................................................. 16 42 8.1 Operational planning and control ...................................................................................................... 16 43 8.2 Management of change....................................................................................................................... 17 44 8.3 Outsourcing ......................................................................................................................................... 17 45 8.4 Procurement ........................................................................................................................................ 18 46 8.5 Contractors .......................................................................................................................................... 18 47 8.6 Emergency preparedness and response .......................................................................................... 18 48

9 Performance evaluation ...................................................................................................................... 18 49 9.1 Monitoring, measurement, analysis and evaluation ........................................................................ 18 50 9.2 Internal audit ........................................................................................................................................ 19 51 9.3 Management review ............................................................................................................................ 20 52

10 Improvement ........................................................................................................................................ 21 53 10.1 Incident, nonconformity and corrective action ................................................................................ 21 54 10.2 Continual improvement ...................................................................................................................... 22 55 10.2.1 Continual improvement objectives .................................................................................................... 22 56 10.2.2 Continual Improvement Process ....................................................................................................... 22 57

Annex A (informative) Guidance on the use of this International Standard ............................................. 23 58 A.1 Scope .................................................................................................................................................... 23 59 A.2 Normative reference ............................................................................................................................ 23 60 A.3 Terms and definitions ......................................................................................................................... 23 61 A.4 Context of the organization ................................................................................................................ 24 62 A.4.1 Understanding the context of the organization ............................................................................... 24 63

ISO/CD 45001.2

© ISO 2014 – All rights reserved v

A.4.2 Understanding the needs and expectations of workers and other interested parties ................. 25 64 A.4.3 Scope of the OH&S management system ......................................................................................... 25 65 A.4.4 OH&S management system ............................................................................................................... 26 66 A.5 Leadership, worker participation and consultation ......................................................................... 26 67 A.5.1 Leadership and commitment ............................................................................................................. 26 68 A.5.2 Policy .................................................................................................................................................... 26 69 A.5.3 Organizational roles, responsibilities, accountabilities and authorities ....................................... 27 70 A.5.4 Participation, consultation and representation ................................................................................ 27 71 A.6 Planning ............................................................................................................................................... 28 72 A.6.1 Actions to address risks and opportunities ..................................................................................... 28 73 A.6.2 OH&S objectives and planning to achieve them .............................................................................. 32 74 A.7 Support ................................................................................................................................................. 33 75 A.7.1 Resources ............................................................................................................................................ 33 76 A.7.2 Competence ......................................................................................................................................... 33 77 A.7.3 Awareness ............................................................................................................................................ 34 78 A.7.4 Information and communication ........................................................................................................ 34 79 A.7.5 Documented information .................................................................................................................... 34 80 A.8 Operation .............................................................................................................................................. 35 81 A.8.1 Operational planning and controls .................................................................................................... 35 82 A.8.2 Management of change....................................................................................................................... 35 83 A.8.3 Outsourcing ......................................................................................................................................... 36 84 A.8.4 Procurement ........................................................................................................................................ 36 85 A.8.5 Contractors .......................................................................................................................................... 36 86 A.8.6 Emergency preparedness and response .......................................................................................... 37 87 A.9 Performance evaluation ...................................................................................................................... 37 88 A.9.1 Monitoring, measurement, analysis and evaluation ........................................................................ 37 89 A.9.2 Internal audit ........................................................................................................................................ 39 90 A.9.3 Management review ............................................................................................................................ 39 91 A.10 Improvement ........................................................................................................................................ 40 92 A.10.1 Incident, nonconformity and corrective action ................................................................................ 40 93 A.10.2 Continual improvement ...................................................................................................................... 40 94

Bibliography ...................................................................................................................................................... 42 95

96 97

ISO/CD 45001.2

© ISO 2014 – All rights reserved vi

Foreword 98

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies 99

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO 100

technical committees. Each member body interested in a subject for which a technical committee has been 101

established has the right to be represented on that committee. International organizations, governmental and 102

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the 103

International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. 104

The procedures used to develop this document and those intended for its further maintenance are described 105

in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of 106

ISO documents should be noted. This document was drafted in accordance with the editorial rules of the 107

ISO/IEC Directives, Part 2 (see www.iso.org/directives). 108

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent 109

rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent 110

rights identified during the development of the document will be in the Introduction and/or on the ISO list of 111

patent declarations received (see www.iso.org/patents). 112

Any trade name used in this document is information given for the convenience of users and does not 113

constitute an endorsement. 114

For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, 115

as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT) 116

see the following URL: Foreword - Supplementary information 117

The committee responsible for this document is ISO/PC 283, Occupational health and safety management 118

systems. 119

120 NOTE TO THIS DRAFT (which will not be included in the published International Standard): 121 122 This text has been prepared using the “high-level structure” (i.e. clause sequence, common text and terminology) provided 123 in Annex SL, Appendix 2 of the ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014. This is intended to 124 enhance alignment among ISO’s management system standards, and to facilitate their implementation for organizations 125 that need to meet the requirements of two or more such standards simultaneously. 126 127 The text of Annex SL is highlighted in the main body of the text (clauses 1 to 10) by the use of blue font. This is only to 128 facilitate analysis and will not be incorporated in the final version of ISO 45001. 129 130 This new harmonized approach allows for the addition of discipline-specific (in this case OH&S specific) text which has 131 been applied by including the following: 132 133

a) specific OH&S management system requirements considered essential to meet the scope of the ISO 45001 134 standard; 135

b) requirements and notes to clarify and ensure consistent interpretation and implementation of the common text in 136 the context of an OH&S management system. 137

138 Where text from Annex SL has not been applied, this is indicated in blue font with strikeout. 139 140 141

142

ISO/CD 45001.2

© ISO 2014 – All rights reserved vii

Introduction 143

0.1 Background 144

It is estimated by the International Labour Organization (ILO) that there are over 2.3 million deaths every year 145 as a result of work activities, of which close to 2 million are due to ill-health, with the remainder being due to 146 fatal accidents. 147

An organization is responsible for the health and safety of its workers and that of other persons under its 148 control who are performing work on its behalf, including promoting and protecting their physical and mental 149 health. 150

The adoption of an occupational health and safety (OH&S) management system can enable an organization 151 to improve its OH&S performance in the enhancement of health and safety at work and to manage its OH&S 152 risks. 153

NOTE 1 The term "occupational safety and health" ("OSH") has the same meaning as "occupational health and safety" 154 ("OH&S"). 155

NOTE 2 The term "worker" is defined to include both managerial and non-managerial persons 156

0.2 Aim of an OH&S management system 157

The purpose of an OH&S management system is to provide a framework for managing the prevention of injury 158 and ill-health. The implementation of an OH&S management system can be a strategic decision for an 159 organization. 160

An organization’s activities can pose a risk of injury or ill-health, consequently it is critically important for the 161 organization to eliminate or minimize OH&S risks by taking appropriate preventive measures. When these 162 measures are applied by the organization through its OH&S management system (supported by the use of 163 appropriate methods and tools, at all levels in the organization) they proactively improve its OH&S 164 performance. 165 166

The intended outcome for an organization's OH&S management system is to prevent injury and ill-health, to 167 improve and enhance the safety and health of its workers and the others persons under its control. 168

169 An OH&S management system can enable an organization to improve its OH&S performance by; 170

a) developing and implementing an OH&S policy and OH&S objectives; 171

b) establishing systematic processes which consider its "context" and which take into account its risks and its 172 opportunities, its legal requirements and the other requirements to which it subscribes; 173

c) determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or 174 putting in controls to minimize their potential effects; 175

d) establishing operational controls to manage its OH&S risks, and to comply with its applicable legal and the 176 other requirements; 177

e) increasing awareness of its OH&S risks; 178

f) evaluating its OH&S performance and seeking to improve it; 179

ISO/CD 45001.2

© ISO 2014 – All rights reserved viii

g) establishing the necessary competencies; 180

h) developing a positive health and safety culture in the organization; 181

i) ensuring the consultation and participation of the workers. 182

NOTE 1 For further information on the ‘context’ in item b) above, refer to Annex A.4 183

NOTE 2 An OH&S management system can help an organization to be in conformity with applicable legal 184 requirements; however, being in conformity with the requirements of this International Standard cannot be used as a proof 185 of conformity to such legal requirements. 186

0.3 Success factors 187

The success of the OH&S management system depends on leadership, commitment and participation from all 188 levels and functions of the organization. 189

The implementation and sustainability of an OH&S management system, its effectiveness and its ability to 190 achieve its objectives are dependent on a number of key factors which can include: 191

a) top management leadership and commitment; 192

b) promotion of a positive health and safety culture; 193

c) participation of workers (and, as applicable, their representatives); 194

d) consultation – two way communication; 195

e) allocation of the necessary resources for sustainability; 196

f) clear OH&S policies, which are in line with the overall strategic objectives of the organization; 197

g) the integration of the OH&S management system into the organization's business processes; 198

h) the continuous evaluation and monitoring of the OH&S management system to improve OH&S 199 performance; 200

i) OH&S objectives that align with the OH&S policy and reflect the organization's OH&S risks; 201

j) awareness of its applicable legal and other requirements; 202

k) identification of hazards and control of the OH&S risks. 203

Demonstration of successful implementation of this International Standard can be used by an organization to 204 give assurance to workers and other interested parties that an effective OH&S management system is in 205 place. 206

Adoption of this International Standard, however, will not in itself guarantee optimal outcomes. 207

The level of detail, the complexity, the extent of documented information, and the resources needed for an 208 organization's OH&S management system will depend on a number of factors, such as: 209

― the organization’s context (e.g. its number of workers, its size, its geography, its culture, its social 210 conditions, its applicable legal and other requirements); 211

― the scope of its OH&S management system; 212

― the nature of its activities, its products, its services, and its OH&S risks. 213

ISO/CD 45001.2

© ISO 2014 – All rights reserved ix

0.4 "Plan, Do, Check and Act" cycle 214

The basis of the OH&S management system approach applied in this International Standard is founded on the 215 concept of “Plan, Do, Check and Act” (PDCA), which requires leadership, commitment and participation from 216 all levels and functions of the organization. 217

The PDCA model demonstrates an iterative process used by organizations to achieve continual improvement. 218 It can be applied to a management system and to each of its individual elements. It can be described as 219 follows: 220

� Plan: establish objectives, programmes and processes necessary to deliver results in accordance 221 with the organization’s policy. 222

� Do: implement the processes as planned. 223

� Check: monitor and measure activities and processes with regard to the policy and, objectives, and 224 report the results. 225

� Act: take actions to continually improve the OH&S performance to achieve the intended outcomes. 226

This International Standard incorporates the PDCA concept into a new framework, as shown in Figure 1. 227

228

NOTE The numbers given in brackets refer to the clause numbers in this International Standard 229

Figure 1 — OH&S management system model for this International Standard 230

0.5 Contents of this International Standard 231

This International Standard has adopted the “high-level structure” (i.e. clause sequence, common text and 232 common terminology) developed by ISO to improve alignment among its International Standards for 233 management systems. 234

ISO/CD 45001.2

© ISO 2014 – All rights reserved x

This International Standard does not include requirements specific to other management systems, such as 235 those for quality, environmental, security, or financial management, though its elements can be aligned or 236 integrated with those of other management systems. 237

Clauses 4 to 10 contain requirements that can be used to assess conformity. Annex A provides informative 238 explanations to assist in the interpretation of those requirements. 239

240

COMMITTEE DRAFT ISO/CD 45001

© ISO 2014 – All rights reserved 1

Occupational health and safety management systems — 241

Requirements with guidance for use 242

1 Scope 243

This International Standard specifies requirements for an occupational health and safety (OH&S) 244 management system, with guidance for its use, to enable an organization to provide safe and healthy working 245 conditions for the prevention of injury and ill-health and to proactively improve its OH&S performance. 246

This International Standard is applicable to any organization that wishes to: 247

a) establish, implement and maintain an OH&S management system to improve occupational health and 248 safety, eliminate or minimize OH&S risks and address OH&S management system nonconformities 249 associated with its activities. 250

b) continually improve its OH&S performance and the fulfilment of its OH&S objectives; 251

c) demonstrate conformity with the requirements of this International Standard. 252

This International Standard is intended to be applicable to any organization regardless of its size, type and 253 activity and applies to the OH&S risks that the organization determines it can manage, taking into account 254 factors such as the context in which the organization operates and the needs and expectations of its workers 255 and other interested parties. 256

This International Standard does not state specific criteria for OH&S performance, nor is it prescriptive about 257 the design of an OH&S management system. 258

This International Standard enables an organization, through its OH&S management system, to integrate 259 other aspects of health and safety, such as worker wellness/ wellbeing. The organization can also be required 260 by applicable legal requirements to address such issues. 261

This International Standard does not address issues such as product safety, property damage or 262 environmental impacts, beyond the risks they provide to workers. 263

2 Normative references 264

There are no normative references. 265

3 Terms and definitions 266

For the purposes of this document, the following terms and definitions apply. 267

3.1 268 organization 269

person or group of people that has its own functions with responsibilities, authorities and relationships to 270 achieve its objectives (3.16) 271

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, 272 firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether 273 incorporated or not, public or private. 274


3.2 275 interested party 276

person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or 277 activity related to the OH&S management system (3.11) 278

Note 1 to entry: This International Standard sets out requirements (3.7) with respect to workers (3.3) beyond their status 279 as interested parties. 280

Note 2 to entry: For examples of potential interested parties see A.4.2. 281

3.3 282 worker 283

person performing work or work-related activities, under the control of the organization (3.1) 284

Note 1 to entry: Persons perform work or work-related activities under various arrangements, paid or unpaid, such as 285 regularly or temporarily, intermittently or seasonally, casually or on a part-time basis. 286

Note 2 to entry: Workers include managerial and non-managerial persons. 287

Note 3 to entry: Control can include work relationships beyond recognized employment relationships, e.g. workers from 288 external providers, and situations where the organization has some degree of control over the workers such as agency 289 workers. 290

3.4 291 workplace 292

place where a person needs to be or to go by reason of work and which is under the control of the 293 organization (3.1) 294

Note 1 to entry: The organization’s responsibilities under the OH&S management system (3.11) for the workplace 295 depends on the degree of control over the workplace. 296

3.5 297 contractor 298 299 external person(s) providing services to an organization (3.1) at a workplace (3.4) in accordance with agreed 300 specifications terms and conditions 301

Note 1 to entry: External person(s) can include one person, a group of persons, an organization or a group of 302 organizations. 303 304 3.6 305 representative 306 307 person(s) elected or appointed in accordance with national laws, regulations and practice to represent 308 workers’ (3.3) interests as they relate to the OH&S management system (3.11) 309

3.7 310 requirement 311

need or expectation that is stated, generally implied or obligatory 312

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.1) and 313 interested parties (3.2) that the need or expectation under consideration is implied. 314

Note 2 to entry: A specified requirement is one that is stated, for example in documented information (3.22). 315


3.8 316 legal requirement 317

requirement (3.7), established by law that is applicable to the organization (3.1) 318

3.9 319 legal and other requirement 320 321 legal requirements (3.8) and other legally–binding obligations and other requirements (3.7) to which the 322 organization (3.1) subscribes that are relevant to the OH&S management system (3.11) 323

Note 1 to entry: Legally-binding obligations can include the provisions in collective agreements that relate to the health and 324 safety of workers (3.3). 325

3.10 326 management system 327

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.14) and objectives 328 (3.16) and processes (3.23) to achieve those objectives 329

Note 1 to entry: A management system can address a single discipline or several disciplines. 330

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning and 331 operation. 332

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified 333 functions of the organization, specific and identified sections of the organization, or one or more functions across a group 334 of organizations. 335

3.11 336 occupational health and safety management system 337 OH&S management system 338

management system (3.10) or part of a management system used to achieve the OH&S policy (3.15). 339

Note 1 to entry: The overall objective of the OH&S management system is to prevent injury or ill-health to workers 340 (3.3) and to provide safe and healthy workplace(s) (3.4). These are the intended outcomes of the OH&S management 341 system . 342

Note 2 to entry – The terms “occupational health and safety” (OH&S) and “occupational safety and health” (OSH) have the 343 same meaning. 344

3.12 345 top management 346

person or group of people who directs and controls an organization (3.1) at the highest level 347

Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization 348 provided ultimate responsibility for the OH&S management system (3.11) is retained. 349

Note 2 to entry: If the scope of the management system (3.10) covers only part of an organization, then top 350 management refers to those who direct and control that part of the organization. 351

3.13 352 effectiveness 353

extent to which planned activities are realized and planned results achieved 354


3.14 355 policy 356

intentions and direction of an organization (3.1), as formally expressed by its top management (3.12) 357

3.15 358 occupational health and safety policy 359 OH&S policy 360

policy (3.14) to prevent work-related injury and ill-health to worker(s) (3.3) and to provide a safe and healthy 361 workplace(s) (3.4) 362

3.16 363 objective 364

result to be achieved 365

Note 1 to entry: An objective can be strategic, tactical, or operational. 366

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental 367 goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.23)). 368

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational 369 criterion, as an OH&S objective (3.17), or by the use of other words with similar meaning (e.g. aim, goal, or target). 370

Note 4 to entry: In the context of XXX management systems, XXX objectives are set by the organization, consistent with 371 the XXX policy, to achieve specific results. 372

3.17 373 occupational health and safety objective 374 OH&S objective 375

objective (3.16) set by the organization (3.1) to achieve specific results consistent with the OH&S policy (3.15) 376

3.18 377 risk 378

effect of uncertainty on objectives (3.16) 379

Note 1 to entry: An effect is a deviation from the expected — positive or negative. 380

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or 381 knowledge of, an event, its consequence, or likelihood. 382

Note 3 to entry: Risk is often characterized by reference to potential "events" (as defined in ISO Guide 73:2009, 383 3.5.1.3) and "consequences" (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these. 384

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes 385 in circumstances) and the associated "likelihood" (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence. 386

3.19 387 hazard 388

source or situation with a potential to cause human injury or ill-health 389

3.20 390 occupational health and safety risk 391 OH&S risk 392


combination of the likelihood of an occurrence of a work-related hazardous event or exposure(s), and the 393 severity of injury or ill-health that can be caused by the event or exposures 394

3.21 395 competence 396

ability to apply knowledge and skills to achieve intended results 397

3.22 398 documented information 399

information required to be controlled and maintained by an organization (3.1) and the medium on which it is 400 contained 401

Note 1 to entry: Documented information can be in any format and media and from any source. 402

Note 2 to entry: Documented information can refer to: 403

a) the management system (3.10), including related processes (3.23); 404

b) information created in order for the organization to operate (documentation); 405

c) evidence of results achieved (records). 406

3.23 407 process 408

set of interrelated or interacting activities which transforms inputs into outputs 409

3.24 410 procedure 411

specified way to carry out an activity or a process (3.23) 412

Note 1 to entry: Procedures can be documented or not. 413

3.25 414 performance 415

measurable result 416

Note 1 to entry: Performance can relate either to quantitative or qualitative findings. 417

Note 2 to entry: Performance can relate to the management of activities, processes (3.23), products (including 418 services), systems or organizations (3.1). 419

3.26 420 occupational health and safety performance 421 OH&S performance 422

performance (3.25) related to the effectiveness (3.13) of the prevention of injury and ill-health to workers (3.3) 423 and the provision of safe and healthy workplace(s) (3.4) 424

3.27 425 outsource (verb) 426

make an arrangement where an external organization (3.1) performs part of an organization’s function or 427 process (3.23) 428


Note 1 to entry: An external organization is outside the scope of the management system (3.10), although the 429 outsourced function or process is within the scope. 430

3.28 431 monitoring 432

determining the status of a system, a process (3.23) or an activity 433

Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe. 434

3.29 435 measurement 436

process (3.23) to determine a value 437

3.30 438 audit 439

systematic, independent and documented process (3.23) for obtaining audit evidence and evaluating it 440 objectively to determine the extent to which the audit criteria are fulfilled 441

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third 442 party), and it can be a combined audit (combining two or more disciplines). 443

Note 1 2 to entry: An internal audit is conducted by the organization (3.1) itself, or by an external party on its behalf. 444

Note 2 to entry: Independence can be demonstrated by freedom from responsibility for the activity being audited and 445 freedom from bias or conflict of interest. 446

Note 3 to entry: “Audit evidence” is “records, statements of fact and other information which are relevant to the audit 447 criteria and verifiable” and “audit criteria” are “set of policies (3.14), procedures (3.24) or requirements (3.7) used as a 448 reference against which audit evidence is compared”, as defined in ISO 19011, Guidelines for auditing management 449 systems. 450

3.31 451 conformity 452

fulfilment of a requirement (3.7) 453

3.32 454 nonconformity 455

non-fulfilment of a requirement (3.7) 456

Note 1 to entry: Nonconformity relates to requirements in this International Standard and additional OH&S 457 management system (3.11) requirements that an organization (3.1) establishes for itself. 458

3.33 459 incident 460

occurrence(s) arising out of or in the course of work that could or does result in injury or ill-health 461

Note 1 to entry: An incident where injury or ill-health occurs is referred to by some as an “accident.” 462

Note 2 to entry: An incident where no injury or ill-health occurs is referred to by some as a “near- miss”, “near-hit”, 463 “close call”, or “dangerous occurrence.” 464

3.34 465 corrective action 466


action to eliminate the cause(s) of a nonconformity (3.32) or an incident (3.33) and to prevent recurrence 467

3.35 468 continual improvement 469

recurring activity to enhance performance (3.25) 470

Note 1 to entry: Enhancing performance relates to the use of the OH&S management system (3.11) in order to 471 achieve improvement in overall OH&S performance (3.26) consistent with the OH&S policy (3.15) and OH&S objectives 472 (3.17). 473

Note 2 to entry: The activity need not take place in all areas simultaneously. 474

4 Context of the organization 475

4.1 Understanding the organization and its context 476

The organization shall determine external and internal issues that are relevant to its purpose and objectives 477 and that affect its ability to achieve the intended outcome(s) of its OH&S management system. 478 479

4.2 Understanding the needs and expectations of workers and other interested parties 480

The organization shall determine: 481 482

a) the workers and other interested parties that are relevant to the OH&S management system; 483

b) the relevant needs and expectations (i.e. requirements) of these interested parties, and which of these 484 are added to applicable legal and other requirements. 485

4.3 Determining the scope of the OH&S management system 486

The organization shall determine the boundaries and applicability of the OH&S management system to 487 establish its scope. 488 489 When determining this scope, the organization shall consider : 490 491

a) consider the external and internal issues referred to in 4.1; 492

b) take into account the requirements referred to in 4.2; 493

c) consider the work related activities performed. 494

495 The scope shall be available as documented information. 496 497

4.4 OH&S management system 498

The organization shall establish, implement, maintain and continually improve an OH&S management system, 499 including the processes needed and their interactions, in accordance with the requirements of this 500 International Standard to improve its OH&S performance. 501

5 Leadership, worker participation and consultation 502

5.1 Leadership and commitment 503

Top management shall demonstrate leadership and commitment with respect to the OH&S management 504 system by ensuring processes are established for: 505


a) taking overall responsibility and accountability for the protection of worker´s health and safety and for the 506 effectiveness of the OH&S management system; 507

508 b) ensuring that knowledge of the organization’s context as well as OH&S risks and OH&S opportunities are 509

considered when establishing the OH&S management system; 510

c) ensuring that the OH&S management system nonconformities and opportunities are identified and action 511

is taken in response to improve OH&S performance; 512

d) ensuring that work related hazards are systematically identified, OH&S risks are evaluated and 513

prioritized, and action is taken to achieve risk reduction to improve OH&S performance; 514

e) ensuring that opportunities to enhance health and safety at the workplace are systematically identified 515

and action is taken in response to improve OH&S performance; 516

f) ensuring that the OH&S policy and related OH&S objectives are established and are compatible with the 517 strategic direction of the organization; 518

g) ensuring the integration of the OH&S management system processes and requirements into the 519 organization’s business processes; 520

h) ensuring that the resources needed for to establish, implement, maintain and improve the OH&S 521 management system are available; 522

i) ensuring that the organization establishes processes for the consultation and active participation of 523 workers (and, as applicable, their representatives) in the establishment, implementation, maintenance, 524 and continual improvement of the OH&S management system, identifying and removing obstacles or 525 barriers to participation; 526

j) communicating the importance of effective OH&S management and of conforming to the OH&S 527 management system requirements; 528

k) ensuring that the OH&S management system achieves its intended outcome(s); 529

l) directing and supporting persons to contribute to the effectiveness of the OH&S management system for 530 all functions; 531

m) promoting continual improvement; 532

n) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of 533 responsibility; 534

o) promoting and leading a positive culture with regard to the OH&S management system. 535

NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that 536 are core to the purposes of the organization’s existence. 537

5.2 Policy 538

Top management shall establish an OH&S policy that: 539

a) is appropriate to the purpose and context of the organization and to the nature of its OH&S risks and 540 OH&S opportunities; 541

b) provides a framework for setting the OH&S objectives; 542

c) includes a commitment to satisfy applicable legal and other requirements; 543


d) includes a commitment to the control of OH&S risks through a hierarchy of control; 544

e) includes a commitment to continual improvement of the OH&S management system; 545

f) includes a commitment to worker (and, as applicable, their representatives) participation and consultation. 546

The OH&S policy shall: 547

— be available as documented information; 548

— be communicated to workers within the organization; 549

— be available to interested parties, as appropriate; 550

— be reviewed periodically to ensure that it remains relevant and appropriate. 551

5.3 Organizational roles, responsibilities, accountabilities and authorities 552

Top management shall ensure that the responsibilities, accountabilities and authorities for relevant roles 553

relevant within the OH&S management system are assigned and communicated at all levels within the 554

organization and retained as documented information. Workers at each level of the organization shall assume 555

responsibility for those aspects of OH&S management system over which they have control. 556

Top management shall assign the responsibility and authority for: 557

a) ensuring that the OH&S management system conforms to the requirements of this International 558 Standard; 559

b) reporting on the performance of the OH&S management system to top management. 560

5.4 Participation, consultation and representation 561

The organization shall establish a process to ensure effective participation and consultation in the OH&S 562 management system by workers at all levels and functions of the organization by: 563

a) providing workers (and, as applicable, their representatives) at all levels under its direct control with 564 the mechanisms, time and resources necessary to participate in, at a minimum, the following 565 processes of the OH&S management system: 566

1) Context of the organization (see Clause 4); 567

2) Planning (see Clause 6); 568

3) Support (see Clause 7); 569

4) Operation (see Clause 8); 570

5) Performance evaluation (see Clause 9); 571

6) Improvement (see Clause 10). 572

b) providing workers (and, as applicable, their representatives) at all levels under its direct control with 573 the mechanisms, time, training and resources necessary to be consulted in, at a minimum the process 574 of developing the policy (see 5.2); 575

c) providing workers (and, as applicable, their representatives) at all levels with timely access to clear, 576 understandable and relevant information about the OH&S management system; 577


d) identifying and removing obstacles or barriers to participation and minimizing those that cannot be 578 removed; 579

e) encouraging timely reporting and response to work-related hazards, OH&S risks, OH&S opportunities, 580 incidents and nonconformities. 581

The organization shall ensure that, when appropriate, relevant external interested parties are consulted about 582 matters pertinent to the OH&S management system. 583

NOTE 1 The reporting and investigation of incidents without delay can assist in the removal of hazards and in 584 minimizing associated risks. 585

NOTE 2 Obstacles or barriers include but are not limited to lack of response to worker input or suggestions, 586 language or literacy barriers to clear communication, reprisals (supervisory and co-worker), or any policy, practice or 587 program that penalizes or discourages participation.(see A.7.4.2 f)). 588

589

NOTE 3 Effective participation includes, as applicable, engaging health and safety committees and representatives. 590

NOTE 4 Effective participation of workers (and, as applicable, their representatives) includes consultation which 591 involves an exchange of relevant information and advice as part of the decision making process related to the OH&S 592 management system. 593

NOTE 5 The provision of personal protective equipment (PPE) at no cost to workers can remove an important barrier to 594 participation in the OH&S management system. 595

6 Planning 596

6.1 Actions to address risks and opportunities 597

6.1.1 General 598

When planning for the OH&S management system, the organization shall consider the issues referred to in 599 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its OH&S 600 management system) and determine the risks and opportunities that need to be addressed to: 601

a) give assurance that the OH&S management system can achieve its intended outcome(s) (including 602 enhanced health and safety at the workplace); 603

b) prevent, or reduce, undesired effects; 604

c) achieve continual improvement. 605

The organization shall consider the effective participation in the planning process of workers (and as 606 applicable, their representatives) and, where appropriate, other interested parties. 607

When determining the risks and opportunities that need to be addressed, the organization shall take into 608 account: 609

a) OH&S risks related to its hazards (see 6.1.2.2) and OH&S opportunities; 610

b) applicable legal and other requirements (see 6.1.3); 611

c) risks and opportunities related to the operation of the OH&S management system (see 6.1.4) that can 612 affect the achievement of the intended outcomes. 613

The organization shall assess the risks and opportunities that are relevant to the intended outcome of the 614 OH&S management system associated with changes in the organization, its processes, or the OH&S 615


management system. In the case of planned changes, permanent or temporary, this assessment shall be 616 undertaken before the change is implemented (see Clause 8). 617

The organization shall maintain documented information to the extent necessary to have confidence that the 618 process has been carried out as planned. 619

6.1.2 Hazard identification and assessment of OH&S risks 620

6.1.2.1 General 621

The organization shall ensure that the processes for hazard identification and assessment of OH&S risks 622 involve the participation of workers (and, as applicable, their representatives). 623

6.1.2.2 Hazard identification 624

The organization shall establish, implement and maintain a process for the on-going proactive identification of 625 hazards arising in the workplace, and to workers. The process shall take into account: 626

a) routine and non-routine activities and situations, including consideration of 627

1) infrastructure, equipment, materials, substances and the physical conditions of the workplace; 628 629

2) hazards that arise as a result of product design including during research, development, testing, 630 production, assembly, construction, service delivery, maintenance or disposal; 631 632

3) human factors; 633

b) emergency situations; 634

c) people, including consideration of: 635

1) those with access to the workplace and their activities, including workers, contractors and visitors; 636 637

2) those in the vicinity of the workplace who can be affected by the activities of the organization; 638 639

3) workers who perform work-related activities at a location which is not under the direct control of the 640 organization; 641 642

d) the organization’s operations and activities, including consideration of: 643

1) the design of work areas, processes, installations, machinery/equipment, operating procedures and 644 work organization, including their adaptation to human capabilities; 645

2) changes in knowledge of, and information about, hazards; 646

3) situations occurring in the vicinity of the workplace caused by work-related activities under the control 647 of the organization; 648

4) situations not controlled by the organization and occurring in the vicinity of the workplace that can 649 cause injury or ill-health to persons in the workplace; 650

e) actual or proposed changes in the organization, its operations, processes, activities and OH&S 651 management system; 652 653

f) past incidents, internal or external to the organization, including emergencies, and their causes. 654 655

6.1.2.3 Assessment of OH&S risks 656


The organization shall establish, implement and maintain a process to: 657 658

a) assess OH&S risks from the identified hazards taking into account applicable legal and other 659 requirements, the effectiveness of existing controls and considering the hierarchy of controls set out in 660 8.1.2; 661

b) identify opportunities to eliminate or reduce OH&S risks. 662

The organization’s methodology(ies) and criteria for assessment of OH&S risks shall be defined with respect 663 to scope, nature and timing, to ensure it is proactive rather than reactive and used in a systematic way. 664

6.1.2.4 OH&S opportunities 665 666 The organizations shall establish, implement and maintain a process to identify opportunities to enhance 667 health and safety taking into account: 668

a) planned changes to the organization, its processes or its activities; 669

b) opportunities to eliminate or reduce OH&S risks; 670

c) opportunities to adapt work to workers, as applicable. 671

6.1.3 Determination of applicable legal and other requirements 672

The organization shall establish, implement and maintain a process to: 673

a) identify and have access to up-to-date legal and other requirements that are applicable to its OH&S risks 674 and OH&S management system; 675

b) determine how to apply and meet these requirements. 676

The organization shall maintain and retain documented information of: 677

applicable legal and other requirements, ensuring this documented information is updated to reflect 678 changes; 679

how compliance with its applicable legal and other requirements will be achieved. 680

6.1.4 Other risks and opportunities to the OH&S management system 681

The organization shall establish, implement and maintain a process to assess the risks and identify 682 opportunities related to the establishment, implementation, operation and maintenance of the OH&S 683 management system that can occur from the issues identified in 4.1 and 4.2. 684 685

6.1.5 Planning to take action 686

The organization shall plan: 687

a) actions to address these the risks and opportunities (see 6.1.2 and 6.1.4); 688

b) actions to address applicable legal and other requirements (see 6.1.3); 689

c) actions to prepare for, and respond to, emergency situations (see 8.6); 690

d) how to integrate and implement the relevant actions, including the determination and application of 691 controls, into its OH&S management system processes; 692

e) how to evaluate the effectiveness of these actions and respond accordingly. 693


6.2 OH&S objectives and planning to achieve them 694

6.2.1 OH&S objectives 695

The organization shall establish OH&S objectives at relevant functions and levels to maintain and improve the 696 OH&S management system and to achieve continual improvement in OH&S performance (see Clause 10). 697

The OH&S objectives shall: 698

a) be consistent with the OH&S policy; 699 700 b) measurable (if practicable); [drafting note: moved to line 705] 701

b) take into account applicable legal and other requirements; 702

c) take into account the outcome of the assessment of OH&S risks and opportunities; 703

d) take into account the result of any consultation with workers (and, as applicable, their representatives); 704

e) be measurable (if practicable); 705

f) be monitored; 706

g) be communicated (see 7.4); 707

h) be updated as appropriate. 708

The organization shall retain documented information on the XXX objectives [drafting note: moved to line 723] 709

When establishing its OH&S objectives the organization shall consider best practices, technological options, 710 financial, operational and business requirements. 711

The organization shall arrange for the participation of workers (and, as applicable, their representatives). 712

6.2.2 Planning to achieve OH&S objectives 713

When planning how to achieve its OH&S objectives, the organization shall determine, for each one: 714

a) what will be done; 715

b) what resources will be required; 716

c) who will be responsible; 717

d) when it will be completed; 718

e) how it will be measured through indicators (if practicable) and monitored including frequency; 719

f) how the results will be evaluated; 720

g) how the actions to achieve OH&S objectives will be integrated into the organization´s business 721 processes. 722

The organization shall retain documented information on the OH&S objectives and plans to achieve them. 723


7 Support 724

7.1 Resources 725

The organization shall determine and provide the resources needed for the establishment, implementation, 726 maintenance and continual improvement of the OH&S management system in order to enhance OH&S 727 performance. 728

The organization shall determine the knowledge necessary for the operation of its OH&S management 729 system. 730

This knowledge shall be maintained, and be made available to the extent necessary. 731

When addressing changing needs and trends, the organization shall consider its current knowledge and 732 determine how to acquire or access the necessary additional knowledge. 733

7.2 Competence 734

The organization shall: 735

a) determine the necessary competence of person(s) doing work under its control workers that affects or 736 can affect its OH&S performance; 737

b) ensure that these workers persons are competent on the basis of appropriate education, training, 738 qualification and/or or experience; 739

c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of 740 the actions taken; 741

d) retain appropriate documented information as evidence of competence. 742

Actions taken to ensure competence, shall take into account: 743

— the hazards identified and associated OH&S risks assessed by the organization; 744

— preventive and control measures resulting from the OH&S risk assessment process; 745

— assigned roles and responsibilities; 746

— individual capabilities, including experience, language skills and literacy; 747

— the relevant updating of the competencies made necessary by context or work changes; 748

— the evaluation of the competence of workers according to the determined necessary competence. 749

NOTE 1 Necessary competencies also include those prescribed by applicable legal and other requirements. 750

NOTE 2 Applicable actions can include, for example, the provision of training to, the mentoring of, or the re-751 assignment of currently employed persons; or the hiring or contracting of competent persons. 752

NOTE 3 Workers (and, as applicable, their representatives) can assist in both identifying needs and assisting in 753 building necessary competencies. 754

NOTE 4 Workers (and, as applicable, their representatives) can play a key role in both identifying competencies and 755 developing processes to achieve them. 756

NOTE 5 It is beneficial to provide training to all workers at no cost and during working hours. 757


7.3 Awareness 758

Persons doing work or work-related activities, regularly or temporarily, under the organization’s direct and 759 indirect control shall be aware of: 760

a) the OH&S policy; 761

b) their contribution to the effectiveness of the OH&S management system, including the benefits of 762 improved OH&S performance; 763

c) the implications of not conforming with the OH&S management system requirements, including the 764 consequences, actual or potential, of their work activities; 765

d) information and lessons learned concerning relevant incidents. 766

7.4 Information and communication 767

The organization shall determine the need for internal and external information and communications relevant 768 to the OH&S management system including decisions: 769

a) what information to disseminate and on what it will communicate; 770

b) when to communicate; 771

c) with whom to communicate: 772

1) internally among the various levels and functions of the organization; 773

2) with contractors and other visitors to the workplace; 774

3) with other external or interested parties; 775

d) how to communicate; 776

e) how it will receive, maintain documented information on, and respond to relevant communications. 777

The organization shall define the intent to be achieved by informing and communicating, and shall evaluate 778 whether the objectives have been met. 779 780 The organization shall take into account diversity aspects (e.g. language, culture, literacy, disability), where 781 they exist, when considering its information and communication needs. 782

7.5 Documented information 783

7.5.1 General 784

The organization’s OH&S management system shall include: 785

a) a description of the main elements of the OH&S management system, its processes and their interaction, 786 and reference to related documented information; 787

b) documented information required by this International Standard; 788

c) documented information determined by the organization as being necessary for the effectiveness of the 789 OH&S management system. 790

NOTE The extent of documented information for an OH&S management system can differ from one organization to 791 another due to: 792


― the size of organization and its type of activities, processes, products and services; 793

― the complexity of processes and their interactions; 794

― the competence of persons. 795

7.5.2 Creating and updating 796

When creating and updating documented information the organization shall ensure appropriate: 797

a) identification and description (e.g. a title, date, author, or reference number); 798

b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic); 799

c) review and approval for suitability and adequacy, to ensure that it can be understood by the users. 800

7.5.3 Control of documented Information 801

Documented information required by the OH&S management system and by this International Standard shall 802 be controlled to ensure: 803

a) it is available and suitable for use, where and when it is needed; 804

b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity). 805

For the control of documented information, the organization shall address the following activities, as 806 applicable: 807

— distribution, access, retrieval and use; 808

— storage and preservation, including preservation of legibility; 809

— control of changes (e.g. version control); 810

— retention and disposition; 811

— access for workers (and, as applicable, their representatives) to documented information relevant to their 812 working environment and health, while respecting the need for personal confidentiality. 813

Documented information of external origin determined by the organization to be necessary for the planning 814 and operation of the OH&S management system shall be identified as appropriate, and controlled. 815

NOTE Access can imply a decision regarding the permission to view the documented information only, or the 816 permission and authority to view and change the documented information. 817

8 Operation 818

8.1 Operational planning and control 819

8.1.1 General 820

The organization shall plan, implement and control the processes needed to meet OH&S management system 821 requirements, and to implement the actions determined in 6.1 Clause 6, by: 822

a) determining processes that are associated with identified hazard(s) where the implementation of controls 823 is necessary to prevent or reduce the OH&S risks; 824

b) establishing criteria for the processes; 825


c) implementing the control of the processes in accordance with the criteria; 826

d) establishing processes to verify the effective implementation of controls; 827

e) keeping documented information about the controls to the extent necessary to have confidence that the 828 processes have been carried out as planned; 829

f) covering situations where the absence of documented information could lead to deviations from the OH&S 830 policy and the OH&S objectives. 831

8.1.2 Hierarchy of controls 832

The organization shall establish a process for achieving reduction in OH&S risks using the following hierarchy: 833

a) eliminate the hazard; 834

b) substitute with less hazardous materials, processes, operations or equipment; 835

c) use engineering controls; 836

d) use administrative controls including safety signs, markings, warning devices and safe system of work; 837

e) use personal protective equipment. 838

The organization shall ensure that the OH&S risks and determined controls are taken into account when 839 establishing, implementing and maintaining its OH&S management system. 840

8.2 Management of change 841

The organization shall plan and manage temporary or permanent changes to the OH&S management system 842 to ensure they do not have a negative impact on OH&S performance including: 843

a) the resolution of incidents and nonconformities; 844

b) new products, processes or services at the design stage or re-design stage 845

c) changes in knowledge or information about hazards; 846

d) changes to work processes, procedures, equipment, organizational structure, staffing, products, services, 847 contractors or suppliers; 848

e) developments in knowledge and technology; 849

f) changes to applicable legal or other requirements. 850

The organization shall establish a process for the implementation and control of planned changes. The 851 responsibilities and authorities for managing changes and their associated OH&S risks shall be identified. 852 853 The organization shall and review the consequences of unintended changes, taking action to mitigate any 854 adverse effects, as necessary. 855

8.3 Outsourcing 856

The organization shall ensure that outsourced processes affecting its OH&S management system are 857 controlled. The type and degree of control to be applied to these processes shall be defined within the OH&S 858 management system. 859


8.4 Procurement 860

The organization shall establish controls for procurement, e.g. of products, hazardous materials or 861 substances, raw materials, equipment, or services, in order to ensure that procured items conform to its 862 OH&S management system requirements. 863

8.5 Contractors 864

The organization shall establish processes to identify and communicate on the hazards, and to evaluate and 865 control the OH&S risks, arising from the: 866

a) contractor’s activities and operations to the organization’s workers; 867

b) organization’s activities and operations to the contractors' workers; 868

c) contractor’s activities and operations to other interested parties in the workplace. 869

The organization shall establish and maintain processes to ensure that the requirements of the organization's 870 OH&S management system, or at least the equivalent, are met by contractors and their workers. These 871 processes shall include the criteria for selection of contractors. 872

On multi-employer workplaces, the organization shall implement a process for coordinating the relevant 873 portions of the OH&S management system with other organizations. 874

8.6 Emergency preparedness and response 875

The organization shall assess OH&S risks associated with emergency situations and establish, implement and 876 maintain a process to anticipate, prevent or minimize OH&S risks from potential emergencies, including: 877

a) the identification and planning for potential emergency situations; 878

b) the preparation of a planned response to emergency situations; 879

c) the periodic testing and exercise of emergency response capability; 880

d) the evaluation and revision of emergency preparedness as necessary, including after testing and in 881 particular after the occurrence of emergency situations; 882

e) the provision of relevant information to all members of the organization, at all levels, on their duties and 883 responsibilities; 884

f) the provision of training for emergency prevention, preparedness and response; 885

g) the communication of information to contractors, visitors, relevant emergency response services, 886 government authorities, and the local community. 887

In all stages of the process the organization shall take into account the needs and capabilities of all relevant 888 interested parties and ensure their involvement. 889

The organization shall keep up-to-date documented information for the process and on the plans for potential 890 emergency situations. 891

9 Performance evaluation 892

9.1 Monitoring, measurement, analysis and evaluation 893

9.1.1 General 894


895 The organization shall determine: 896 897 a) what needs to be monitored and measured to meet requirements of this International Standard, 898

applicable legal and other requirements, including: 899

— its operations with identified hazards and OH&S risks; risks, and opportunities; 900

— operational controls; 901

— progress towards the organization’s OH&S objectives; 902

b) the criteria against which the organization will evaluate its OH&S performance; 903

c) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; 904

d) when the monitoring and measuring shall be performed; 905

e) when the results from monitoring and measurement shall be analysed, and evaluated and communicated. 906

The organization shall ensure the participation of workers (and, as applicable, their representatives) in these 907 activities. 908

The organization shall ensure that calibrated or verified monitoring and measurement equipment is used and 909 maintained as appropriate. 910

The organization shall retain appropriate documented information as evidence of the results. [drafting note: 911 incorporated in lines 916 and 917] 912

The organization shall evaluate the OH&S performance, and determine the effectiveness of the OH&S 913 management system. In particular the organization shall use the monitoring and measuring results during its 914 evaluations. 915

The organization shall retain appropriate documented information as evidence of the monitoring, 916 measurement, analysis and evaluation results. 917

9.1.2 Evaluation of compliance 918

The organization shall plan implement and maintain a process for evaluating compliance with applicable legal 919 requirements and other requirements to which the organization subscribes (see 6.1.3). 920


a) determine the frequency and method(s) by which compliance will be evaluated; 922

b) evaluate compliance and take action if needed; 923

c) maintain knowledge and understanding of its status of conforming with legal and other requirements. 924

The organization shall retain documented information as evidence of the compliance evaluation result(s). 925

9.2 Internal audit 926

9.2.1 Internal audit objectives 927

The organization shall conduct internal audits at planned intervals to provide information on whether the 928 OH&S management system: 929


a) conforms to: 930

1) the organization’s own requirements for its OH&S management system, including the OH&S policy 931 and OH&S objectives; 932

2) the requirements of this International Standard; 933

b) is effectively implemented and maintained. 934

9.2.2 Internal audit process 935

The organization, in consultation with workers (and, as applicable, their representatives), shall: 936

a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, 937 responsibilities, planning requirements and reporting, which shall take into consideration the importance 938 of the processes concerned performance evaluation outcomes, OH&S risks, risks and opportunities, and 939 the results of previous audits; 940

b) define the audit criteria and scope for each audit; 941

c) select competent auditors and conduct audits to ensure objectivity and the impartiality of the audit 942 process; 943

d) ensure that the results of the audits are reported to relevant management, relevant workers (and, as 944 applicable, their representatives) and relevant interested parties (7.4.1); 945

e) take appropriate action in line with 10.1 or 10.2; 946

f) retain documented information as evidence of the implementation of the audit programme and the audit 947 results. 948

Note For more information on auditing, refer to ISO 19011. 949

9.3 Management review 950

Top management shall review the organization’s OH&S management system at planned intervals to ensure 951 its continuing suitability, adequacy and effectiveness. 952

The management review shall include consideration of: 953

a) the status of actions from previous management reviews; 954

b) changes in 955

1) external and internal issues that are relevant to the OH&S management system; 956

2) applicable legal and other requirements; 957

3) the organization's OH&S risks, risks and opportunities; 958

c) the extent to which OH&S policy and OH&S objectives have been met; 959

d) information on the OH&S performance, including status and trends in: 960

1) incidents, nonconformities, continual improvement, and corrective actions; 961

2) worker participation and consultation; 962


3) monitoring and measurement results; 963

4) audit results; 964

5) results of evaluation of compliance; 965

6) OH&S risks, risks and opportunities; 966

e) relevant communication(s) with interested parties; 967

f) opportunities for continual improvement; 968

g) the adequacy of resources for maintaining an effective OH&S management system. 969

The outputs of the management review shall include: 970 971 — conclusions on the continuing suitability, adequacy and effectiveness of the OH&S management system; 972

— decisions related to continual improvement opportunities; 973

— decisions on and any need for changes to the OH&S management system, including resources needs; 974

— actions if needed, when objectives have not been met; 975

— any implications for the strategic direction of the organization. 976

The organization shall communicate the outputs of the management review to its workers (and as applicable, 977 to their representatives) (see 7.4.1). 978

The organization shall retain documented information as evidence of the results of management reviews. 979

10 Improvement 980

10.1 Incident, nonconformity and corrective action 981

When an incident or a nonconformity occurs, the organization shall: 982

a) react in a timely manner to the incident or nonconformity, and, as applicable: 983

1) take action to control and correct it; 984

2) deal with the consequences; 985

b) evaluate the need for corrective action, with the participation of workers (and, as applicable, their 986 representatives), to eliminate the root causes of the incident or nonconformity, in order that it does not 987 recur or occur elsewhere, by: 988

1) reviewing the incident or nonconformity; 989

2) determining causes of the incident or nonconformity; 990

3) determining if similar incidents and nonconformities or causes exist, or could potentially occur; 991

c) review the hazard identification and the assessment of OH&S risks and risks, as appropriate (see 6.1); 992

d) implement any action needed including corrective action, in accordance with 8.2; 993


e) review the effectiveness of any corrective action taken; 994

f) make changes to the OH&S management system, if necessary. 995

Corrective actions shall be appropriate to the effects or potential effects of the incidents or nonconformities 996 encountered. 997


retain documented information as evidence of: 999

1) the nature of the incidents or nonconformities and any subsequent actions taken; 1000

2) the results of any corrective action, including the effectiveness of the actions taken. 1001

communicate the documented information to relevant workers (and, as applicable, their representatives) 1002 and relevant interested parties. 1003

10.2 Continual improvement 1004

10.2.1 Continual improvement objectives 1005

The organization shall continually improve the suitability, adequacy and effectiveness of the OH&S 1006 management system to: 1007

1008

a) prevent occurrence of incidents and nonconformities; 1009

b) promote a positive health and safety culture; 1010

c) enhance OH&S performance. 1011

10.2.2 Continual Improvement Process 1012

The organization shall establish, implement and maintain a continual improvement process(es), in 1013 consultation with its workers (and, as applicable, their representatives), which takes into account the outputs 1014 of the activities described in: 1015

a) Clause 4 ‘Context of the organization’; 1016

b) 6.1 ‘Actions to address risks and opportunities’; 1017

c) 6.2 ‘OH&S Objectives and plans to achieve them’ ; 1018

d) 7.4 ‘Information, communication participation and consultation’; 1019

e) 9.1 ‘Monitoring, measurement, analysis and evaluation’; 1020

f) 9.2 ‘Internal Audit’; 1021

g) 9.3 ‘Management review’; 1022

h) 10.1 Incident, nonconformity and corrective action. 1023

The results of continual improvement shall be communicated to its workers (and, as applicable, their 1024 representatives). 1025

The organization shall retain documented information as evidence of the results of continual improvement. 1026


Annex A 1027

(informative) 1028

1029

Guidance on the use of this International Standard 1030

A.1 Scope 1031

This International Standard outlines the requirements of a robust, credible and reliable OH&S management 1032 system. The additional text given in this Annex is strictly informative and is intended to prevent 1033 misinterpretation of the requirements contained in this International Standard. While the information in this 1034 Annex addresses and is consistent with these requirements, it is not intended to add to, subtract from, or in 1035 any way modify them. This Annex does not contain explanatory information on Clause 1. 1036

A.2 Normative reference 1037

There are no normative references in this International Standard. Users can refer to the documents listed in 1038 the Bibliography for further information. 1039

A.3 Terms and definitions 1040

In addition to the terms and definitions given in Clause 3, and in order to avoid misunderstanding, clarifications 1041 of selected concepts are provided below: 1042

— ‘Continual’ indicates duration that occurs over a period of time, but with intervals of interruption (unlike 1043 ‘continuous’ which indicates duration without interruption). ‘Continual’ is therefore the appropriate word to 1044 use in the context of improvement; 1045

— The word ‘consider’ means it is necessary to think about but can be rejected, whereas ‘take into account’ 1046 means it is necessary to think about but cannot be rejected; 1047

— The words ‘appropriate’ and ‘applicable’ are not interchangeable. ‘Appropriate’ means suitable (for, to) 1048 and implies some degree of freedom, while ‘applicable’ means relevant or possible to apply and implies 1049 that if it can be done, it shall be done; 1050

— This International Standard uses the term ‘interested party’, the term ‘stakeholder’ is a synonym as it 1051 represents the same concept; 1052

— The word ‘ensure’ means the responsibility can be delegated, but not the accountability to make sure that 1053 it is performed; 1054

— ‘Documented information’ is used to include both documents and records. This International Standard 1055 uses the phrase ‘retain documented information as evidence of…’ to mean records, and ‘shall be 1056 available as documented information’ to mean documents, including procedures. The phrase ‘to retain 1057 documented information as evidence of….’ is not intended to require that the information retained will 1058 meet legal evidentiary requirements. Instead, it is intended to define the type of records that need to be 1059 retained. 1060

Organizations can be subject to legal requirements related to the OH&S management system that mandate 1061 the use of certain terms or their meaning. In such cases, conformity to this International Standard still requires 1062 that its intent be fulfilled even when using such legally prescribed terms. 1063


A.4 Context of the organization 1064

A.4.1 Understanding the context of the organization 1065

The intent of this clause is to provide a high-level understanding of the issues that can affect, either positively 1066 or negatively, the way the organization manages its responsibilities in relation to the OH&S management 1067 system for persons working under its control. 1068 1069 The issues of interest are those that affect the organization’s ability to achieve the intended outcomes 1070 including the objectives it sets for its OH&S management system, as well as meeting its OH&S policy 1071 commitments. Issues can include conditions, characteristics or changing circumstances that can affect the 1072 OH&S management system, for example: 1073 1074 a) external context issues, such as: 1075

1) the cultural, social, political, legal, financial, technological, economic and natural surroundings and 1076 market competition, whether international, national, regional or local; 1077

2) introduction of new competitors, new technologies, new laws and the emergence of new occupations; 1078

3) key drivers and trends relevant to the industry or sector having impact on the objectives of the 1079 organization; 1080

4) relationships with, and perceptions and values of, its external interested parties; 1081

5) changes in relation to any of the above. 1082

b) internal context issues, such as: 1083

1) governance, organizational structure, roles and accountabilities; 1084

2) policies, objectives, and the strategies that are in place to achieve them; 1085

3) the capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, 1086 processes, systems and technologies); 1087

4) information systems, information flows and decision-making processes (both formal and informal); 1088

5) introduction of new products and equipment; 1089

6) relationships with, and perceptions and values of, internal interested parties; 1090

7) the organization’s culture; 1091

8) standards, guidelines and models adopted by the organization; 1092

9) form and extent of contractual relationships; 1093

10) changes in relation to working time requirements and any of the above. 1094

The results of the context review should be used to assist the organization in understanding and determining 1095 the scope of its OH&S management system, determining its risks and opportunities, developing or enhancing 1096 its OH&S policy, setting its OH&S objectives and determining the effectiveness of its approach to maintaining 1097 compliance with its applicable legal and other requirements. 1098 1099


A.4.2 Understanding the needs and expectations of workers and other interested parties 1100

Workers (and, as applicable, their representatives) and other interested parties can be either internal or 1101 external to the organization. The organization should seek to ensure that it is aware of all relevant interested 1102 parties that can affect the OH&S management system, or which perceive themselves to be affected by it, in 1103 order to plan how to meet their needs and expectations, when relevant. 1104

Other Interested parties to an OH&S management system can include: 1105

a) legal and regulatory authorities (local, regional, state/provincial, national or international); 1106

b) parent organizations; 1107

c) suppliers, contractors and subcontractors, external providers; 1108

d) owners, shareholders, clients, visitors, local community and neighbours of the organization; 1109

e) customers, medical and other community services, media, academia, business associations, non-1110 governmental organizations (NGOs); 1111

f) health and safety organizations and occupational health-care professionals (including doctors). 1112

Interested party needs and expectations are not necessarily requirements of the organization. It is important to 1113 distinguish between what these needs and expectations will lead to: 1114

— mandatory requirements: laws, regulations, corporate requirements, provisions of the organization’s 1115 collective agreements that relate to the health and safety of workers where they are given legal effect; 1116

— commitment requirements: voluntary commitments to interested parties to which the organization 1117 voluntarily subscribes. It also includes rules, guides and technical references; 1118

— other requirements to which the organization voluntarily subscribes that relate to the OH&S management 1119 system. 1120

Needs and expectations from interested parties become obligatory requirements for an organization if that 1121 organization chooses to adopt them. Once the organization adopts them, then they become requirements and 1122 should be considered when planning and establishing the OH&S management system. 1123

A.4.3 Scope of the OH&S management system 1124

The scope of the OH&S management system is intended to clarify the spatial and organizational boundaries 1125 to which the system will apply, especially if the organization is a part of a larger organization at a given 1126 location. An organization has the freedom and flexibility to define its boundaries. It may choose to implement 1127 this International Standard with respect to the entire organization, or to (a) specific part(s) of the organization, 1128 as long as the top management of that part of the organization has authority for establishing an OH&S 1129 management system. 1130

In setting the scope, the credibility of the OH&S management system will depend upon the choice of 1131 organizational boundaries. It should be noted that 4.3 requires that the organization should take into account 1132 all its activities, products or services that are within its control or influence that can impact on OH&S 1133 performance when defining the scope for its OH&S management system. 1134

The scope should be factual and representative of the organization’s operations included within its OH&S 1135 management system boundaries so that it does not mislead interested parties. 1136

Once the organization asserts it conforms to this International Standard, the scope should be documented and 1137 where necessary made available to interested parties. 1138


The scope of activities, products and services can extend beyond the immediate direct control of the 1139 organization (see 8.3 regarding outsourcing and 8.5 for contractors). Supply and procurement policies should 1140 address hazards and potential OH&S risks to persons in the organization and, as far as possible, impacts on 1141 persons, outsourced or subcontracted, carrying out activities or producing products or delivering services for 1142 the organization. 1143

A.4.4 OH&S management system 1144

The organization retains authority, accountability, and autonomy, to decide how it will fulfil the requirements of 1145 this International Standard, including the level of detail and extent to which it will: 1146

a) integrate requirements of the OH&S management system into its various business operations, such as 1147 design & development, procurement, human resources, sales and marketing, etc.; 1148

b) incorporate issues associated with its context (4.1) and interested party requirements (4.2) within its 1149 OH&S management system. 1150

If this International Standard is implemented for a specific part(s), of an organization, the policies and 1151 processes developed by other parts of the organization can be used to meet the requirements of this 1152 International Standard, provided that they are applicable to the specific part(s) that will be subject to them. 1153

A.5 Leadership, worker participation and consultation 1154

A.5.1 Leadership and commitment 1155

Commitment, responsiveness, active support and feedback from the organization’s top management are 1156 critical for the success of the OH&S management system and therefore they have specific responsibilities for 1157 which they need to be personally involved or which they need to direct. Leadership includes communicating 1158 not only what needs to be done but why it should be done. To achieve improved acceptance and 1159 implementation of OH&S management system processes, communication of requirements should include 1160 both "what" needs to be done and "why" it should be done. 1161

Resources include, but are not limited to, the people, finances and infrastructure needed by the organization 1162 to establish, implement, maintain and continually improve its OH&S management system and OH&S 1163 performance. 1164

An organization should promote a positive culture that encourages workers (and, as applicable, their 1165 representatives) to actively participate in the OH&S management system. 1166

An organization’s culture is largely determined by top management and the product of individual and group 1167 values, attitudes, perceptions, competencies and patterns of activities that determine the commitment to, and 1168 the style and proficiency of, its OH&S management system. An organization with a positive culture is 1169 characterized by communications founded on mutual trust, by shared perceptions of the importance of the 1170 OH&S management system and by confidence in the effectiveness of preventive measures. 1171

The organization should foster a positive culture relative to its OH&S management system that promotes the 1172 elimination of any reprisals, or fear of reprisal, for worker participation, such as identification and reporting of 1173 hazards, incidents, recommending control measures, consultation with other members of the organization, 1174 and reporting issues relating to the OH&S management system to responsible authorities as required. 1175

A.5.2 Policy 1176

The OH&S policy is a set of principles stated as commitments in which top management outlines the long-1177 term direction of the organization to support and continually improve its OH&S performance. The OH&S policy 1178 sets the framework for the organization to set its objectives and take actions to achieve the intended 1179 outcomes of the OH&S management system. 1180


Clause 5.2 specifies three basic commitments for the OH&S policy: to provide a healthy and safe working 1181 environment, to satisfy applicable legal and other requirements and to continually improve its OH&S 1182 performance. These commitments are then addressed in specific requirements in other clauses to establish, 1183 implement, maintain and continually improve a robust, credible and reliable OH&S management system. 1184

It is important to understand that the organization needs to have an appreciation for the relationship between 1185 the organization's policy commitments and the requirements for the other parts of its OH&S management 1186 system. 1187

While all the commitments are important, some interested parties are especially concerned with the 1188 organization’s commitment to satisfy its applicable legal and other requirements. In this respect it is important 1189 to acknowledge that this International Standard specifies a number of interconnected requirements related to 1190 this commitment. This includes the need to identify the applicable legal and other requirements, to ensure 1191 operations are carried out in accordance with these legal and other requirements and to evaluate conformity 1192 with the applicable legal and other requirements. 1193

A.5.3 Organizational roles, responsibilities, accountabilities and authorities 1194

The successful implementation of an OH&S management system calls for a commitment from all persons 1195 working under the control or influence of the organization. This commitment should begin with top 1196 management. 1197

The organization should communicate and promote that it is the responsibility of all persons working under the 1198 organization’s control or influence to prevent injuries and ill-health, not just the responsibility of those with 1199 defined OH&S management system responsibilities. In fulfilling their responsibilities, all persons in the 1200 workplace need to consider not only their own health and safety but also the health and safety of others. 1201

Accountability means ultimate responsibility and relates to the person who is held to account if something is 1202 not done, does not work, or fails to achieve its objective. 1203

The organization should define and communicate the responsibilities, accountability and authorities of all 1204 persons whose work relates to its OH&S management system. OH&S management system responsibilities 1205 should be assigned in appropriate areas of the organization, such as operational management (e.g. design, 1206 maintenance, manufacturing) or other staff functions (e.g. middle-management and supervisors). The 1207 resources provided by the top management should enable the fulfilment of the responsibilities assigned. The 1208 responsibilities, accountabilities and authorities should be reviewed when a change in structure of the 1209 organization occurs. 1210

The persons assigned these roles should be competent and have sufficient access to, and encouragement 1211 from, top management authority and resources in order to keep top management informed of the status and 1212 performance of the OH&S management system and whether the OH&S management system conforms with 1213 the requirements of this International Standard. The persons assigned these roles should be entitled to report 1214 to supervisors or other managers about dangerous situations so that corrective and preventive action can be 1215 taken. They should be able to report concerns to responsible authorities as required without the threat of 1216 dismissal, discipline or other such reprisals. Such roles can be assigned to an individual, sometimes referred 1217 to as the ‘management representative’, shared by several individuals, or assigned to a member of top 1218 management. 1219

Workers should have sufficient competency and authority to remove themselves from hazardous situations as 1220 necessary. 1221

A.5.4 Participation, consultation and representation 1222

The participation of workers (and, as applicable, their representatives) is a key factor of success for an OH&S 1223 management system. 1224

The top management of the organization should encourage the participation of workers (and, as applicable, 1225 their representatives) in the development, implementation and maintenance of the OH&S management 1226


system, including suggestions for the improvement of the system which would lead to improvements in the 1227 organizations OH&S performance, such that they should feel safe from the threat of dismissal, discipline, or 1228 other such reprisals. 1229

Consultation is a two-way communication process. For example, workers nearest to OH&S risks (and, as 1230 applicable, their representatives) can be asked about decisions to be taken to control those OH&S risks so 1231 they can give their opinions about them. 1232

Participation of workers is a process of cooperation which includes consultation between managers and non –1233 managers (and, as applicable, their representatives) in order to contribute to decision-making processes on 1234 OH&S performance measures and proposed changes. This cooperation includes workers (and, as applicable, 1235 their representatives) being given adequate information, protection from dismissal and other prejudicial 1236 measures that would prevent them from exercising their functions in the OH&S management system, and 1237 access to workers during working hours for the purpose of communicating about health and safety issues. 1238

Means of encouraging worker participation in the OH&S management system and avoiding barriers can 1239 include: 1240

a) the provision of information and communication regarding the scope and objectives of the OH&S 1241 management system; 1242

b) the provision of operational information and training, including knowledge of identified hazards, hazard 1243 elimination and control strategies, and residual risks assessments; 1244

c) creating awareness of hazards and OH&S risks; 1245

d) improving competency; 1246

e) the provision of adequate time and resources to accomplish the items from bullets a) to c); 1247

f) the provision of mechanisms to foster, promote and enable effective cooperation between managers and 1248 non-managers e.g. workers’ safety delegates, workers’ health and safety committees, or joint health and 1249 safety committees as well as provision for the selection of representatives (through worker or union 1250 organizations) in accordance with applicable legal and other requirements; 1251

g) providing protection from reprisals, including disciplinary or other adverse measures, for reporting, or 1252 removing themselves from situations of serious danger of imminent harm; 1253

h) creating and maintaining a positive culture for the OH&S management system. 1254

Removing barriers to participation, or reducing them to a minimum when removal is not possible, is essential if 1255 the OH&S management system is to be effective. 1256

Feedback in the OH&S management system is dependent upon worker participation. The organization should 1257 make sure workers at all levels are encouraged to report hazardous situations, so that corrective and 1258 preventive action can be taken, and to report concerns to the responsible authorities. The threat of dismissal, 1259 discipline or other such reprisals can undermine this feedback process. 1260

A.6 Planning 1261

A.6.1 Actions to address risks and opportunities 1262

A.6.1.1 General 1263

The purpose of planning in the OH&S management system is to prevent undesired effects such as injury or ill-1264 health by anticipating hazardous events and their likelihood and consequences, in order to achieve the 1265 intended outcomes of the OH&S management system. It also identifies opportunities that can offer a potential 1266 advantage or beneficial outcome such as improved OH&S performance. 1267


Planning is not a single event but an on-going process, anticipating changing circumstances and continually 1268 identifying risks and opportunities. When planning the organization’s OH&S management system, the context 1269 (4.1) in which it will operate, the views of its workers and other interested parties (4.2) and its scope (4.3) are 1270 considered to ensure the system can identify its risks and opportunities. An initial review or gap analysis may 1271 be conducted when planning for the OH&S management system. The output from this review can be used in 1272 the planning process. 1273

This International Standard requires the organization to identify hazards and assess its OH&S risks (6.1.2), 1274 determine its applicable legal and other requirements (6.1.3), and to assess other risks and opportunities to 1275 the OH&S management system (6.1.4). This information is then used to determine how the risks and 1276 opportunities should be managed (6.1.5). Planning also includes determining how to incorporate the actions 1277 deemed necessary or beneficial into the OH&S management system through objective setting (6.2), 1278 operational control (8.1) or other parts of the OH&S management system, for example, resource provisions 1279 (7.1) and competence (7.2). The mechanism for evaluating the effectiveness of the preventive and protective 1280 measures is also planned and can include monitoring and measurement techniques (9.1), internal audit (9.2) 1281 or management review (9.3). 1282

Changes can present both risks to workers, and opportunities to improve the performance of the OH&S 1283 management system, and need to be carefully planned before being implemented. 1284

A.6.1.2 Hazard identification and assessment of OH&S risks 1285

A.6.1.2.1 Hazard identification 1286

A.6.1.2.1.1 The process for hazard identification should be on-going to reflect current, changing and future 1287 activities. This can include inputs from the review of data and reports of past incidents and ill-health, and 1288 complaints from both inside and outside the organization. 1289

The hazard identification process helps the organization recognize and understand the hazards to workers 1290 and in the workplace, in order to assess, prioritize and eliminate or reduce the related risks to levels as low as 1291 reasonably practicable. 1292

Hazard identification should proactively identify any source or situation (or combination of these), arising from 1293 an organization’s activities, with a potential for injury, ill-health or death. 1294

Examples of hazards include: 1295

a) sources: powered machinery, toxic substances, radiation, workload and task control, aggressive 1296 behaviour or harassment; 1297

b) situations: working at heights, working in confined spaces, working alone or worker fatigue. 1298

Hazards can be categorised in many ways including: physical, chemical, biological, psychosocial, 1299 physiological; or mechanical and electrical; or based on movement and energy. 1300

In carrying out its identification of hazards the organization should consider all of the categories detailed in the 1301 requirements. The list provided in the requirements is not exhaustive, however. It is always the responsibility 1302 of the organization to have an on-going process which identifies different hazards. 1303

A.6.1.2.1.2 Routine activities and situations include day to day operations such as using a machine. Non-1304 routine activities and situations are short-term, long-term or occasional activities and reasonably foreseeable 1305 situations such as extended work hours, production pressure, a small oil leak that affects the machine 1306 operator, periodic and breakdown maintenance or repair or disruption to utility services such as water, gas, 1307 electricity or sewage. Physical conditions which can cause hazards at the work location include lighting, 1308 ambient temperature, humidity and surrounding noise, proximity to other workers or condition of work 1309 surfaces. Human factors refers to such things as capabilities and limitations, skill levels and competence 1310 needs, differing levels of literacy or language fluency, familiarity with the site or activity, work overload and 1311 other considerations such as ergonomics or individual actual or potential behaviours. An organization should 1312 look at the underlying causes when considering human behaviours that contribute to risks and hazards, such 1313 as fear of reporting incidents or concerns. 1314


A.6.1.2.1.3 Emergency situations are unplanned or unscheduled situations that require an immediate 1315 response, for example a machine catching fire in the workplace or a natural disaster in the vicinity of the 1316 workplace or at another location where workers are performing work-related activities. It also includes 1317 situations such as civil unrest at a location at which workers are performing work-related activities, which 1318 requires their urgent evacuation. 1319

A.6.1.2.1.4 The reference to people is intended to direct the organization to consider all those who can be 1320 directly affected by the organization’s activities. For example passers-by, contractors or immediate 1321 neighbours. It also includes mobile workers, those workers who travel to perform work-related activities at 1322 another location (for example service engineers travelling to and working at a customer’s site), home-based 1323 workers or those who work alone. 1324

A.6.1.2.1.5 In relation to its operations and activities the organization should include consideration of human 1325 capabilities, such as physical stature, pregnancy or physical or mental impairment. Hazards can also be 1326 created though design, for example a machine which cannot be cleaned or maintained without working at an 1327 unsafe height or requiring work in an unsafe position or in a confined space. 1328

Situations can occur in the vicinity of the workplace that present hazards, such as within multi-organization 1329 worksites where the activities of any one of the organizations could cause injury or ill-health to persons doing 1330 work for another organization on the worksite. 1331

Situations not controlled by the organization and occurring in the vicinity of the workplace can cause injury or 1332 ill-health to persons in the workplace for example a fire or explosion in an adjacent property or a nearby public 1333 protest which escalates into civil disobedience. 1334 1335 A.6.1.2.1.6 Hazards can arise from changes in an organization. These include a reduction in the number of 1336 workers, an increase of unskilled trainees, inadequate succession planning, unfamiliar or ageing equipment, 1337 temporary loss of facilities due to routine maintenance or emergency repair. The organization should also 1338 consider hazards created by the introduction of new materials, technologies or processes. 1339 1340 A.6.1.2.1.7 Previous incidents and their causes, both within the organization and in other organizations, 1341 locations or situations, should be considered when identifying potential hazards. Examples could include 1342 incidents involving a forklift or a particular hazardous substance. 1343 1344 This International Standard does not address product safety (that is, safety to end-users of products 1345 manufactured by the organization), however hazards to workers occurring during manufacture, construction or 1346 assembly of products should be considered. 1347

A.6.1.2.2 Assessment of OH&S risks 1348

An organization can use different methods to assess risks as part of its overall strategy for addressing 1349 different hazards or activities. Each method should be appropriate to the type of risks being considered. The 1350 complexity of assessment does not depend on the size of the organization but on the hazards associated with 1351 the activities of the organization. 1352

The assessment(s) determines the levels of risks and enables the organization to identify appropriate controls 1353 and actions. 1354

The purpose of the organization's OH&S management system should be to achieve safe and healthy working 1355 conditions with a level of residual risk which is as low as reasonably practicable. (Residual risk is the risk 1356 remaining after appropriate preventive and protective measures have been taken.) 1357

A.6.1.2.3 OH&S opportunities 1358

Examples of OH&S opportunities include moving up the hierarchy of controls towards eliminating risks; 1359 encouraging workers to report incidents in a timely manner; improving OH&S performance during planned 1360 changes such as facilities relocation, process re-design or replacement of machinery and plant; using new 1361 technologies to improve OH&S performance or extending OHS competence beyond requirements/Increasing 1362 levels of competence. 1363

A.6.1.3 Determination of applicable legal and other requirements 1364


A.6.1.3.1 The applicable legal and other requirements can include those based on the hazards and OH&S 1365 risks related to its activities. 1366

A.6.1.3.2 Legal requirements can take many forms, such as: 1367

a) legislation, including statutes, regulations and codes of practice; 1368

b) decrees and directives; 1369

c) orders issued by regulators; 1370

d) permits, licences or other forms of authorization; 1371

e) judgements of courts or administrative tribunals; 1372

f) treaties, conventions, protocols, collective bargaining agreements. 1373

A.6.1.3.3 Other requirements can include: 1374

a) company requirements; 1375

b) contractual conditions; 1376

c) agreements with employees; 1377

d) agreements with interested parties; 1378

e) agreements with health authorities; 1379

f) non-regulatory standards, consensus standards and guidelines; 1380

g) voluntary principles, codes of practice, technical specifications, charters; 1381

h) public commitments of the organization or its parent organization; 1382

i) corporate/company requirements. 1383

A.6.1.4 Other risks and opportunities to the OH&S management system 1384

The organization should give consideration to those risks and opportunities which are not directly related to 1385 the health and safety of people and address the factors affecting the OH&S management system, its 1386 performance and intended outcomes. 1387

An organization can use different methods to assess risks as part of its overall strategy. Each method should 1388 be appropriate to the type of risks being considered. The assessment(s) determines the levels of the risks and 1389 enables the organization to identify and prioritize appropriate controls and actions within the OH&S 1390 management system or other business processes. 1391

Examples of these types of risks include: 1392

a) inappropriate context analysis; outdated analysis; 1393

b) inadequate consideration of OH&S management system requirements, change management and other 1394 health and safety issues in strategic planning and other business processes; 1395

c) the absence of resources for the OH&S management system, whether financial, human or other; 1396

d) an ineffective audit programme; 1397

e) poor succession planning for key OH&S management system roles; 1398


f) poor top management engagement in the OH&S management system activities; 1399

g) failure to address the needs and expectations of relevant interested parties; 1400

h) poor OH&S performance leading to reputational risks. 1401

Examples of opportunities include: 1402 1403 — improving the visibility of top management’s support for the OH&S management system; 1404

— improving first response to incidents; 1405

— conducting in-depth incident investigations; 1406

— increasing worker participation; 1407

— exceeding applicable legal and other requirements; 1408

— benchmarking, including consideration of both own past performance and that of other organizations; 1409

— collaborating in forums which focus on topics dealing with health and safety; 1410

— improving the organization’s health and safety culture. 1411

A.6.1.5 Planning to take action 1412 1413 The actions planned to address the risks and opportunities identified may be managed through the OH&S 1414 management system or through other processes, such as those for business continuity, risks, financial or 1415 human resource management, or a combination of these. Equally, the effectiveness of the actions taken may 1416 be measured through the OH&S management system or through other processes. 1417

When the assessment of risks has identified the need for controls, the planning activity determines how these 1418 are implemented in operation (see Clause 8); for example, determining whether to incorporate these controls 1419 into work instructions or into competency improvement actions. Other controls can take the form of measuring 1420 or monitoring (see Clause 9). 1421

A.6.2 OH&S objectives and planning to achieve them 1422

A.6.2.1 OH&S objectives 1423

Objectives are established to improve OH&S performance. This includes reducing risks, improving health, or 1424 improving the OH&S management system's processes. Objectives may also be set to improve the well-being 1425 of workers if this is in scope for the organization’s OH&S management system. 1426

The objectives should be linked to the OH&S risks, opportunities and performance criteria which the 1427 organization has identified as having the highest priority for the achievement of the intended outcomes of the 1428 OH&S management system. Once a level of performance has been achieved and no further improvement is 1429 practicable, an objective may be set to maintain that level of performance pending new opportunities. 1430

OH&S objectives can be integrated with other business objectives and should be set at relevant functions and 1431 levels. Objectives can be strategic, tactical and operational, and are set to achieve the intended outcomes of 1432 the OH&S management system: 1433

a) strategic objectives can be set to improve the overall performance of the OH&S management system, for 1434 example improving the health and safety culture of the organization; 1435

b) tactical objectives can be set at project or process level, for example noise elimination to prevent hearing 1436 loss; 1437


c) operational objectives can be set at the activity level, for example minimizing chemical inventory stored in 1438 the workplace. 1439

The measurement of OH&S objectives can be qualitative or quantitative. The organization is not required to 1440 establish OH&S objectives for each of the risks it determines or identifies. 1441

A.6.2.2 Planning to achieve objectives 1442

The organization can plan to achieve objectives individually or collectively. 1443

The organization might need to develop more formal project plans for complex objectives with multiple tasks. 1444 In considering the means necessary for such planning, the organization should examine the resources 1445 required (financial, human, equipment infrastructure) for the tasks to be performed. The organization should 1446 assign responsibility and completion dates for individual tasks to ensure that the objective can be 1447 accomplished within the overall timeframe. 1448

When practicable, each objective should be associated with an indicator which can be strategic, tactical and 1449 operational (see also A.9.1.2). 1450

A.7 Support 1451

A.7.1 Resources 1452

Resources include human resources, natural resources, infrastructure, technology, and financial resources. 1453

Human resources include specialized skills and knowledge. 1454

In considering the need for resources the organization should determine the need for protective measures 1455 (such as personal protective equipment [PPE]) and the competence needs as part of a job requirement. 1456

Infrastructure includes the organization’s buildings, plant, equipment, utilities, information technology and 1457 communications systems, emergency containment systems, etc. 1458

A.7.2 Competence 1459

All persons working under the control of the organization need to be competent to take into account hazards 1460 and OH&S risks in their work. 1461

The competence requirements are not limited to those doing work that have or can be exposed to OH&S risks 1462 but also those who manage a function or undertake a role which is critical to achieving the intended outcomes 1463 of the OH&S management system. 1464

In determining the criteria of the competence for each role an organization should take into account such 1465 things as: 1466

a) the education, training, qualification and experience necessary to undertake the role; 1467

b) the work environment in which they will be working; 1468

c) the hazards identified and associated OH&S risks; 1469

d) the preventive and control measures resulting from the risks assessment process; 1470

e) requirements applicable to the OH&S management system; 1471

f) the rights and responsibilities of persons based upon applicable legal and other requirements; 1472


g) the importance of compliance with the OH&S policy, applicable procedures, applicable legal and other 1473 requirements; 1474

h) the potential consequences of compliance and noncompliance, including the impact on OH&S 1475 performance; 1476

i) the value of their participation in the OH&S management system (including, as applicable, their 1477 representative(s)). 1478

Workers should be evaluated to ensure that they meet the necessary competence criteria for their roles and, 1479 where appropriate, gaps in their competence should be filled by providing additional education, training, and 1480 experiences. 1481

Workers should be evaluated periodically to ensure that they have the required competence for their roles. An 1482 evaluation of their competence should also be carried out whenever there have been changes that can impact 1483 upon the activities undertaken in their roles. 1484

Representatives for OH&S management systems should be competent to carry out their representative 1485 functions effectively. 1486

A.7.3 Awareness 1487

To ensure they work or act safely, the organization should make persons working under its control sufficiently 1488 knowledgeable of: 1489

a) emergency processes; 1490

b) the consequences of their actions and behaviour in relation to OH&S risks; 1491

c) the benefits of improved OH&S performance; 1492

d) the potential consequences of departing from requirements of the OH&S management system; 1493

e) the need to conform to OH&S policies and good working practices; 1494

f) any other issues that might impact on OH&S performance. 1495

Awareness programmes should be provided for contractors, temporary workers and visitors, etc., according to 1496 the OH&S risks to which they are exposed. 1497

A.7.4 Information and communication 1498

The communication processes established by the organization should provide for the flow of information 1499 upwards, downwards and across the organization. It should provide for both the gathering and the 1500 dissemination of information. It should ensure that pertinent information is provided, received and understood 1501 by all relevant workers and interested parties. 1502

When determining the need for communication with external interested parties the organization should 1503 consider both its normal operations and potential emergency situations; often external communication 1504 processes include the identification of designated contact individuals and contact numbers. This allows for 1505 appropriate information to be communicated in a consistent manner and can be especially important in 1506 emergency situations where regular updates are requested and a wide range of questions need to be 1507 answered. 1508

A.7.5 Documented information 1509

It is important to keep the level of complexity of the documented information at the minimum level possible to 1510 ensure effectiveness, efficiency and simplicity at the same time. 1511


This should include documented information on action/means by the organization to achieve compliance with 1512 applicable legal and other requirements. 1513

The provisions given in 7.5.3 include the prevention of unintended use of obsolete documents. 1514

The control of documented information should not have the effect of, nor be for the purpose of, preventing 1515 workers from obtaining a full and complete picture of the hazards and risks of their work. The confidentiality of 1516 personal information of individuals should be respected. 1517

A.8 Operation 1518

A.8.1 Operational planning and controls 1519


Operational planning and controls should be established and implemented as necessary to eliminate hazards 1521 or, if impossible, to manage the OH&S risks to an acceptable level, for operational areas and activities. 1522

When planning and developing operational controls, priority should be given to control options with higher 1523 reliability in preventing injury or ill-health, consistent with the hierarchy of controls (see 8.1.2). 1524

Operational controls can use a variety of different methods, for example: 1525

a) the introduction of procedures and systems of work; 1526

b) ensuring the competency of operators; 1527

c) establishing preventive / predictive maintenance and inspection programmes; 1528

d) specifications for the procurement of good and services; 1529

e) compliance to preventive regulations and manufacturer's instructions for equipment; 1530

f) engineering controls (physical devices such as barriers) followed by administrative controls (warnings, 1531 pictograms, alarms and signals, or access control procedures and other work instructions). 1532

A.8.1.2 Hierarchy 1533

The hierarchy provides a systematic way to determine the most effective and feasible method to eliminate 1534 hazards, control risks at source, adapt work to workers (e.g. by designing the phases of any project), or to 1535 reduce the OH&S risks associated with a hazard. 1536

Controls include oversight/supervision, training, competence assessment, job planning, rotating and 1537 scheduling to minimize worker's exposure, changes to work procedures, implementation of work area 1538 protection and similar measures. 1539

A.8.2 Management of change 1540

Depending on the nature of an expected change, the organization should use an appropriate 1541 methodology(ies) for assessing the OH&S risks of the change. The objective of a management of change 1542 process is to minimize introduction of new hazards and risks into the work environment as changes occur, 1543 such as in technology, equipment, facilities, work practices and procedures, design specifications, raw 1544 materials, organizational staffing changes, and standards or regulations. Managing change in this clause can 1545 be an outcome of the plans developed in clause 6.1.5 (Planning for changes) 1546

The organization should plan how to implement the change in a manner that does not increase the risks or 1547 introduce new (unforeseen) hazards (see 6.1.5). 1548


The organization should specify and assign adequate resources for the implementation of the change. 1549

As part of the change management process, the organization should review potential changes to hazards and 1550 risks (see 6.1). The implementation of a decision to change should ensure that all affected workers are 1551 properly informed and are competent to cope with the change. 1552

A.8.3 Outsourcing 1553

An outsourced process is one for which: 1554

a) the function or process is integral to the organization’s functioning; 1555

b) the function or process is needed for the OH&S management system to achieve its intended outcome; 1556

c) liability for the function or process conforming to requirements is retained by the organization; 1557

d) the organization and the external provider have an integral relationship, e.g. one where the process is 1558 perceived by interested parties as being carried out by the organization. 1559

A.8.4 Procurement 1560

Prior to procuring goods and services, the organization should identify appropriate procurement controls that 1561 take into account applicable legal and other requirements as well as any additional requirements the 1562 organization has established within the OH&S management system. 1563

Procurement controls should be used to identify and evaluate potential OH&S risks associated with purchased 1564 products, raw materials, and other goods and related services before their introduction into the work 1565 environment. Considerations could include requirements for supplies, equipment, raw materials, and other 1566 goods and related services purchased by the organization to conform to the organization’s OH&S objectives 1567 and its need for information, participation and communication (see 7.4). 1568

The organization should verify that equipment, installations and materials are adequate before being released 1569 for use by its workers, e. g. that: 1570

a) equipment is delivered according to specification and is tested to ensure it works as intended; 1571

b) installations are commissioned to ensure they function as designed,; 1572

c) materials are delivered according to their specifications; 1573

d) any usage requirements, precautions or other protective measures are communicated and made 1574 available. 1575

A.8.5 Contractors 1576

The organization may delegate authority to those best capable of identifying, evaluating, and controlling health 1577 and safety risks, including to contractors. This recognizes that some contractors possess specialized 1578 knowledge, skills, methods, and means. However, this delegation does not eliminate the organization’s 1579 responsibility for the health and safety of its workers. 1580

Contractors can be specialists in maintenance, construction, operations, security, landscaping, facility upkeep, 1581 janitorial, sanitation or clean-up of production processes, and a number of other functions. Contractors can 1582 also include consultants or specialists in administrative, accounting, and other functions. 1583

An organization can achieve coordination of its contractors' activities through the use of contracts that clearly 1584 define the responsibilities of the parties involved. An organization can use a variety of tools for managing 1585 contractors' health and safety performance, including contract award mechanisms or pre-qualification criteria 1586


which consider past health and safety performance, safety training, or health and safety capabilities, as well 1587 as direct contract requirements. 1588

The relationships between an organization and its contractors can be both diverse and complex, and involve 1589 very different types and levels of risks. How an organization manages these relationships can vary, depending 1590 on the nature of the services provided and the risks identified. The degree of coordination should depend on 1591 factors such as the terms of the contract, the nature of the hazards and risks, the type and size of the 1592 operations, and the duration of the work on the site. When defining how it will coordinate, the organization 1593 should give consideration to the reporting of hazards between itself and its contractors, controlling worker 1594 access to hazardous areas, and procedures to follow in emergencies. 1595

If a contractor does not have an OH&S management system, then the organization should specify how the 1596 contractor will coordinate its activities with the organization's own OH&S management system processes, 1597 such as those used for confined space entry, lockout/tagout, exposure assessment, and process safety 1598 management. 1599

The organization should verify that contractors are capable of performing their tasks before being allowed to 1600 proceed with their work, e.g. by verifying that: 1601

a) OH&S performance records are satisfactory; 1602

b) qualification, experience and competence criteria for workers are specified; 1603

c) training and other worker requirements were undertaken; 1604

d) resources, equipment and work preparations are adequate and ready for the work to proceed. 1605

A.8.6 Emergency preparedness and response 1606

The organization should identify foreseeable emergencies applicable to its operations and plan its response; 1607 such emergencies can occur both during and beyond normal working hours, and can arise due to both natural 1608 and man-made causes. Identified emergencies should be assessed based on their OH&S risks. The 1609 organization should focus on proactive control measures (e.g. the reduction of ignition sources) not only on 1610 reactive risk controls, such as fire-fighting equipment and evacuation. 1611

A.9 Performance evaluation 1612

A.9.1 Monitoring, measurement, analysis and evaluation 1613


A.9.1.1.1 Examples of what could be monitored and measured to meet: 1615

a) the requirements of this International Standard are: 1616

1) tracking progress on meeting policy commitments, achieving objectives, and continual improvement; 1617

2) monitoring exposures to determine whether applicable legal and other requirements have been met; 1618 including the health surveillance of workers; 1619

3) monitoring incidents, injuries, ill-health, and complaints, including status and trends; 1620

4) providing data to evaluate the effectiveness of operational controls and emergency exercises, or to 1621 evaluate the need to modify or introduce new controls (see 8.1); 1622

5) providing data to proactively and reactively measure the organization’s OH&S performance; 1623


6) providing data to evaluate the performance of the OH&S management system; 1624

7) providing data for the evaluation of competence (7.2). 1625

b) legal requirements are: 1626

1) an up-to-date list of legal requirements; 1627

2) a listing of identified gaps in compliance. 1628

c) other requirements can include, but are not limited to: 1629

1) union-employer agreements; 1630

2) standards and codes; 1631

3) corporate and other policies, rules and regulations; 1632

4) insurance requirements. 1633

A.9.1.1.2 Criteria are what the organization should compare its performance against. 1634

Examples are benchmarks against: 1635

a) other organizations; 1636

b) standards and codes; 1637

c) the organization’s own codes and objectives. 1638

The organization should use the criteria to set its internal objectives for monitoring and measurement. 1639

A.9.1.1.3 The frequency of monitoring and measurement should be appropriate to the size and nature of the 1640 organization and its OH&S performance, and to changes in OH&S risk factors. 1641

A.9.1.1.4 Methods: 1642

a) Monitoring can involve continual checking, supervising, critically observing or determining the status in 1643 order to identify change from the performance level required or expected. Monitoring can be applied to 1644 the OH&S management system, to processes or to controls. Examples include the use of interviews, 1645 reviews of documented information and observations of work being performed; 1646

b) Measurement generally involves the assignment of numbers to objects or events. It is the basis for 1647 quantitative data and is generally associated with the evaluation of safety programmes and health 1648 surveillance. Examples include the use of calibrated or verified equipment to measure exposure to a 1649 hazardous substance or the counting of the required safe distance from a hazard; 1650

c) Analysis is the process of examining data to reveal relationships, patterns and trends. This can mean the 1651 use of statistical operations, including information from other similar organizations, to help draw 1652 conclusions from the data. This process is most often associated with measurement activities; 1653

d) Evaluation is an activity undertaken to determine the suitability, adequacy and effectiveness of the 1654 subject matter to achieve the established objectives of the OH&S management system. This activity is 1655 most often associated with monitoring activities. 1656

Health related worker complaints, health surveillance of workers and work environment monitoring are 1657 important elements to be looked at, where appropriate, by suitable medical monitoring or follow-up of workers 1658


for early detection of signs and symptoms of harm to health in order to determine the effectiveness of 1659 prevention and control measures. 1660

An organization may use one or a combination of the methods above depending on the nature of the hazards 1661 inherent to the organization and the scope of its OH&S management system. 1662

A.9.1.1.5 When monitoring and measuring is performed, it should be appropriate to the size and nature of 1663 the organization and to its OH&S performance. 1664

The organization should ensure that frequencies of monitoring and measurement are in alignment with 1665 analysis and evaluation of its OH&S risks and risks and opportunities. 1666

A.9.1.2 Evaluation of compliance 1667

The organization should prioritize its actions based on the identified compliance gaps. 1668

A.9.2 Internal audit 1669

A.9.2.1 Internal audit objectives 1670

An organization’s own requirements for its OH&S management system audits can include its own policies, 1671 objectives, requirements, standards, risk assessment outcomes and the results of previous audits or of 1672 corrective actions. 1673

A.9.2.2 Internal audit process 1674

Small and medium enterprises (SMEs) can establish objectivity and independence for the internal auditor by 1675 creating processes that separate their role as an internal auditor from their normal assigned duties. 1676

When planning its internal audits the organization should take into consideration the importance of the 1677 processes concerned to the OH&S management system. This can include items such as the impact the 1678 processes have on risk assessment outcomes. 1679

The extent of the audit programme should be based on the size and nature of the organization, as well as the 1680 complexity and level of maturity of the OH&S management system. 1681

A.9.3 Management review 1682

Clarifying the terms used in relation to management review: 1683

a) Suitability: The extent to which the management system fits and is right for the organization‘s purpose, 1684 operations, culture and business systems; 1685

b) Adequacy: The extent to which the management system is sufficient in meeting the applicable 1686 requirements; 1687

c) Effectiveness: The extent to which planned activities are realised and planned results achieved. 1688

The management review topics listed in 9.3 a) to f) need not be addressed all at once. The organization 1689 should determine when and how the management review topics are addressed. 1690

Management reviews are a critical part of the continual improvement of the management system. The 1691 purpose of these reviews is for top management to do a strategic and critical evaluation of the performance of 1692 the management system, and to recommend improvements. This review should not be just a presentation of 1693 information, but should focus on assessing OH&S performance and identifying opportunities for continual 1694 improvement. It is up to the organization to determine appropriate measures for the effectiveness of the 1695 management system. Management reviews should include an evaluation of how well the OH&S management 1696 system is integrated with other business processes and the strategic direction of the organization. 1697


Management reviews can include information about areas outside of the traditional health and safety arena, 1698 such as vendor and internal organizational changes and security issues. Reviews can present information in a 1699 manner (for example a scorecard) that focuses on the management system elements most in need of the 1700 attention of top management. Reviews may be conducted more frequently, to coincide with other 1701 management reviews, or to meet other business or management system needs. 1702

A.10 Improvement 1703

A.10.1 Incident, nonconformity and corrective action 1704

Separate processes may exist for incident investigations and non-conformities depending on the 1705 organization's requirements. 1706

Examples of incidents, nonconformities and corrective actions include but are not limited to: 1707

a) Incidents: occupational related near-miss events, injuries, ill-health, exposures to health hazards, vehicle 1708 accidents, property and equipment damage where it can lead to OH&S risks; 1709

b) Non-conformities: protective equipment not functioning properly, non-compliance to legal requirements 1710 or prescribed procedures not being followed; 1711

c) Corrective actions: (as indicated by the hierarchy of controls; see 8.1.2) elimination of hazards, 1712 substitution to safe materials, design or modification to equipment or tools, development of procedures, 1713 improving the competence of affected workers, changes in frequency of use, or use of personal protective 1714 equipment. 1715

Root cause analysis refers to the practice of exploring all the possible factors associated with an incident by 1716 asking what happened and why it happened, to provide the input for what can be done to prevent it from 1717 happening again. 1718

When determining the cause of an incident or nonconformity, the organization should use methods or 1719 approaches appropriate to the nature of the incident or nonconformity being analyzed. This analysis can 1720 identify multiple system failures including factors related to communication, competence, fatigue, equipment or 1721 procedures. 1722

All approaches are focused on prevention and not blame or punishment. 1723

The scope of the root cause analysis should be appropriate to the nature of the incident or the nonconformity 1724 being analysed. 1725

Effectiveness is the extent to which the implemented corrective actions adequately control the cause(s). 1726

Timeliness of actions should be based on the nature of the incident or nonconformity. 1727

Corrective actions should be appropriate to the nature of the incident or nonconformity. 1728

A.10.2 Continual improvement 1729

Continual improvement is meant to be a step by step approach over time and is focused on future OH&S 1730 performance. 1731

Examples of issues to be reviewed to identify opportunities include, but are not limited to: 1732

a) new technology; 1733

b) good practices of other organizations; 1734


c) suggestions from interested parties; 1735

d) knowledge and understanding of health and safety related issues; 1736

e) new or improved materials; 1737

f) changes in workforce capabilities or competence. 1738

1739

1740

1741

1742

1743

1744


1745

Bibliography 1746

1747

[1] ISO 9001, Quality management systems — Requirements 1748

[2] ISO 14001, Environmental management systems — Requirements with guidance for use 1749

[3] ISO 19011, Guidelines for auditing management systems 1750

[4] ISO 31000, Risk management — Principles and guidelines 1751

[5] ISO 37500, Guidance on outsourcing 1752

[6] ISO Guide 73, Risk management — Vocabulary 1753

1754