ISO 45001 vs OHSAS 18001. David Goodfellow, UK Business Assurance Manager at TÜV SÜD, a global product testing and certification organisation, talks about the transition to ISO 45001, which replaces OHSAS 18001 from 31 March 2021.
To survive in today’s competitive global marketplace, organisations must proactively manage all types of risk to the business, and OH&S is no exception. The consequences of poor OH&S management are far reaching, resulting in loss of experienced people, extended absences, business interruption, legal action and rising insurance premiums. The physical and mental integrity of an organisation’s workers are therefore central to its reputation and commercial performance.
Furthermore, all organisations have both a moral and legal responsibility to ensure the health of their employees by providing them with a safe working environment. This includes either minimising their exposure to hazards or equipping them with the appropriate understanding and tools to mitigate risk. Developing a robust OH&S management system should therefore be viewed as an opportunity, rather than a financial and administrative inconvenience.
A new OH&S approach
ISO 45001, which replaces OHSAS 18001 from 31 March 2021, is the first international standard to provide a comprehensive framework for management systems addressing OH&S issues. OHSAS 18001 was used by over 100,000 organisations worldwide, as the primary OH&S standard used internationally. The new standard sets out the requirements for an OH&S management system and includes an implementation guide. This enables organisations to proactively improve OH&S performance, as well as provide a safe and healthy working environment that prevents work-related injury and ill health. By providing a comprehensive management system targeted at mitigating negative effects of the physical, mental and cognitive condition of employees, contracted employees, leased personnel and visitors, ISO 45001 also assists an organisation to fulfil its legal requirements.
ISO 45001 is designed to place a proactive and preventative emphasis on risk control factors, by identifying and assessing the likelihood of hazards in the workplace. It can be implemented by any size of organisation in any industry and can be integrated into other health and safety programmes. ISO 45001 certification formalises and documents a comprehensive and effectively implemented system, to prove that an organisation has taken appropriate measures to mitigate hazardous situations.
ISO 45001 uses the ‘high level structure’ (HLS), so that it has a common framework with other management systems, such as ISO 9001 and ISO 1400, and can be integrated with other management systems, already in operation. This makes it easier for organisations to pool their certifications within an integrated management system, delivering significant cost savings as it improves application, simplifies implementation and eliminates duplication.
ISO 45001 requirements are described in sections 4 – 10.
Clause 4 – Context of the organisation
ISO 45001 requires the organisation to identify the external and internal issues that will have an impact on the intended outcomes of the OH&S management system. This includes understanding the needs and expectations of both workers and other interested parties. The term ‘workers’ means personnel performing work or work-related activities that are under the control of the organisation – not just employees. At this stage, the scope of the OH&S management system must be agreed so that its boundaries are clear in terms of how far the system will apply, for example if it is part of a larger parent organisation.
Clause 5 – Leadership and worker participation
This relates to the involvement of top management and how they must demonstrate leadership and commitment to the organisation’s OH&S management system. It lists 13 specific requirements, including having overall accountability for the protection of workers, and spearheading a culture that supports the OH&S management system, which in itself must be compatible with the strategic direction of the organisation. A key requirement for an organisation is to establish, implement and maintain an OH&S policy. The consultation and participation of workers is also required.
Clause 6 – Planning
The first part of Clause 6 covers action that should be taken to identify and address hazards, risks and opportunities. The second part looks more specifically at how planning should be implemented to accomplish OH&S objectives. Action must be planned, to address risks and opportunities, legal and other requirements, as well as preparation and response to emergency situations.
Clause 7 – Support
The OH&S plan must be actioned by a competent people who is supported by the appropriate level of resource. There is also is a requirement to retain evidence of workers’ competence in terms of how it could impact OH&S performance, while ensuring appropriate education and training, as well as awareness raising about OH&S issues.
A communication process must make workers aware of the OH&S policy and the hazards, alongside risks that relate to them. It must also have a process for communicating information relevant to the OH&S management system, both internally and externally. Documented evidence of these practices is also required, referred to as ‘documented information’.
Clause 8 – Operation
This covers how plans and processes, outlined in the other clauses, should be executed. This includes processes that eliminate hazards and reduce OH&S risks using the standard’s “hierarchy of controls”. This clause also includes managing change, procurement processes and preparedness for responding to emergency situations. Procurement activities must cover the control of contractors, as well as outsourced processes and activities.
Clause 9 – Performance evaluation
To give an indication of how the OH&S management system is performing, organisations must ascertain what must be measured and monitored, by whom and with what frequency. Documented evidence must be retained, and top management is responsible for reviewing the organisation’s OH&S management system.
Clause 10 – Improvement
The organisation must identify opportunities for improvement. Emphasis is given to the reporting and investigating of incidents, accidents and nonconformities. ISO 45001 also contains detailed corrective action requirements. This includes taking action to correct incidents or nonconformities, and determining whether similar incidents or nonconformities have the potential to occur elsewhere in the organisation, as well as taking the appropriate corrective actions.
Although ISO 45001 is a completely new standard, its foundations already exist within OHSAS 18001. Companies that have already implemented an occupational health and safety management system in accordance with OHSAS 18001, and actively apply it in everyday company practice, can therefore expect a smooth transition to ISO 45001.
Nevertheless, there are some fundamental differences. While OHSAS 18001 focused on managing internal issues and OH&S hazards, ISO 45001 is based on the interaction between the organisation and its external business environment. Furthermore, ISO 45001 includes the consideration of opportunities, as opposed to the purely risk-based thinking of OHSAS 18001. On an overall level, the perception of OH&S has shifted from procedure-based to process-based thinking, thereby recognising workplace safety as a prerequisite for the long-term success of any organisation.
The success of an OH&S management system largely relies on the commitment of the organisation’s top management. Once an organisation has that, it is ready to start the ISO 45001 implementation process. Before a certification audit can take place, the organisation must have implemented and documented the effectiveness of the management system and compliance to the standard requirements. When the management system has matured sufficiently and its effect can be thoroughly proven, the certification process can be initiated.
Interesting reading… and very informative as well.
It all depends on the priority given to the core subject and its objectives rather than just having some records in place.