ISO 45001 explained – by David Smith, chair of the project committee that developed the standard
It has finally arrived! The long-waited international business standard on occupational health and safety (OH&S) ISO 45001 was published on 12th March 2018.
The UK began its development of a UK standard BS 8800 about 25 years ago with the long-term intention that this should be internationalised. I was the Chairman of the BSI Committee responsible for drafting the UK guidance standard and this proved to be a difficult project – not only technically but also politically challenging.
David Smith, Chair of Project Committee ISO/PC 283
A lot of time has passed since 1996 and there have been many attempts to develop an ISO standard all of which have failed for several reasons. It the absence of an agreement at ISO level, a consortium of bodies produced the requirement standard OHSAS 18001 in 1999 which became a recognised standard upon revision in 2007 and adopted in many countries including UK. The International Labour Organization (ILO) produced its own guidelines in 2001 which are probably more aligned with the previous version of HSG65 in the UK rather than a structured business management model. Many of the other ILO standards have been adopted throughout the world and in some cases, they are the foundation for OH&S regulation in the adopting country. Despite this, there would appear to have been only a small penetration of the marketplace whereas it was found that over 90,000 organizations had certified to OHSAS or its equivalent in 2011 across 127 countries.
In 2013, BSI took the initiative again and a proposal was made to ISO for a OH&S requirement standard that followed the structure being used for the revision of ISO 9001(quality) and ISO 14001(environment). All National Standards Bodies affiliated to ISO were entitled to vote and the outcome was an positive vote for the development of a new standard. The first meeting of Project Committee (PC283) was hosted in the UK by BSI in October 2013
Despite the strong vote for developing ISO 45001, the journey has been long and demanding. There have been six PC283 meetings in total with the last being held in Melaka, Malaysia, in October 2017. As well as these events, there have been many working group (WG) meetings held under the convenorship of Kristian Glaesel, of Denmark, as well as task group meetings where the text has been developed by groups set up to address specific areas.
All the work has been undertaken by volunteers and the final text was agreed by consensus of the WG and PC283 before being issued as a draft for international comments and voting. After the meeting in Melaka, the final draft standard (FDIS) was issued with a 2-month period to complete the ballot. Votes in favour of the new document were a resounding success with 94% in favour and publication as a full standard was agreed.
What does ISO 45001 offer for organisations?
The format of the standard follows the ISO high-level structure (HLS) and uses common terms and definitions that will be familiar to many following the revisions to ISO9001, 14001, 27001 and 55001.
Organisations will be able to integrate/align 45001 requirements and avoid unnecessary duplication, integrating the requirements into their business processes. This means that silo management should be something of the past and that these areas of operation cannot be micromanaged as separate entities.
The approach is risk -based Plan, Do, Do, Check, Act (PDCA) and is focussed on minimising the risk of harm in the workplace. Occupational issues are of equal concern to accidents and a key component of the management of risks. In the UK the deaths arising from occupational disease/ill-health is many thousands per year from long term exposure to workplace risks and the statistics dwarf those arising from accidents. Those implementing ISO 45001 need to be mindful of exposure to all types of risk, physical as well as psychosocial.
The new standard requires the organisation to consider external and internal issues that impact upon it as well as the expectations of workers and other interested parties. The output of this assessment is used when determining the risks and opportunities that an organization must address.
Leadership has always been recognised as of critical importance for OH&S management and the requirements on organisations to demonstrate leadership and commitment and involvement of workers through consultation and participation will be a challenge for some. All managers will have to show their commitment where they impact on OH&S and not just the person designated as being responsible. The fact that procurement, outsourcing and sub-contracting must be managed to “ensure their conformity to its OH&S management system” means that those engaged in these activities will have to take into account OH&S risks in the letting of contracts.
Those with OHSAS 18001 systems will have to determine their next steps as OHSAS will be withdrawn in 3 years-time. Those with systems that have accredited certification will be able to migrate over years to ISO 45001 and will find that much that they have in place will meet the requirements of ISO 45001. There are some areas as described above that will probably need more attention.
All the participants in the committee have worked very hard to achieve the consensus necessary to take the new standard forward. It is hoped that organizations around the world will adopt this standard in the same way that ISO9001/ISO14001 has been adopted and that that is will make a real contribution to the improvement of OH&S of workers.
David A Smith (Chair of PC 283)
For more information about the publication of ISO 45001 see here.