Barbour EHS recently hosted the Understanding ISO 45001 Occupational Health and Safety’ webinar, which saw safety experts Kate Field, Global Product Champion for Health and Safety at BSi and Mike Taylor, Associate Director, SHEQ at Turner & Townsend discuss the brand new occupational health and safety standard and how it will affect us as safety professionals.
If you asked a question on the day and did not get a chance to hear the answer or if you did not attend at all, the below Q&A from the informative live session will help you to better understand the changes that will impact you and your organisation.
Kate Field:
What will be the timeframe for implementation?
18001 will be withdrawn on the 11th March 2021, so if you have 18001 you will need to migrate to 45001 by then.
Mike:
When does a ‘process’ require a written procedure? 18001 was clear about this, 45001 is very unclear!
The reason it may be unclear is that ISO 45001 gives you the opportunity to decide how you ‘prove that you do what you say’. In the past many organisations have relied on having written procedures in place to work against – sometimes driven by certification bodies. ISO 45001 requires you to demonstrate that you have processes in place which you can work to. Written procedures are one way of demonstrating such a process, so if you have them, that’s fine. However, these often go out of date and become a resource drain. However, certification bodies will now be looking for evidence that processes are embedded without necessarily being written down (e.g. through demonstration of reliable actions and activity, training and competence, records of activity etc.). One example might be fire drills – why have a written procedure saying it happens, when you can demonstrate what it does, seeing training records and having records reviewing the effectiveness.
Kate:
Do organisations currently OHSAS 18001 certificated need to undergo the full 5-day (2 +3) certification process when applying for ISO 45001 certification?
If you have 18001 accredited certification, then you won’t have to go through a full stage 1 and stage 2 audit. However, as 45001 does have extra requirements, additional audit time will be required. How much time will depend on how prepared you are and how big your organisation is. There are 3 routes to migration – a special one of audit, progressive migration (using remaining audit days) or at re-certification. Speak with your certification body to understand your options. For information on preparing for migration, follow this link https://www.bsigroup.com/en-GB/ohsas-18001-occupational-health-and-safety/ISO-45001/.
Mike:
What are the major change in managing safety and health at workplace compare to previous OHSAS 18001?
There are very little changes. If you are already managing health and safety effectively through OHSAS 18001 then most of the requirements for ISO 45001 will already be in place. The new standard has just tightened up on some areas we covered in the webinar such as; demonstrable leadership, employee communication and consultation, management of change and understanding of health and safety management in your supply chains etc. These were areas that have traditionally been a little weak in many organisations.
Kate:
In comparison with OHSAS 18001, what will be the most challenging part in the implementation of ISO 45001?
45001 uses 18001 as a framework so there are many similarities. If you do not have any other management systems, following the ISO HLS, then the challenges will be around Context and Leadership.
Mike:
Are there any specific updates that directly relate to retail we should be aware of?
As discussed, ISO 45001 should be applicable to all sectors. Good and effective health and safety management together with demonstrable understanding of the specific requirements of your sector / industry are needed – but you should already have this. However, keep abreast of changes and good / best practices in your sector (in this case retail) and drive continual improvement.
What are the main changes between ISO 45001 and OHSAS 18001?
This leaflet gives overview https://www.bsigroup.com/globalassets/localfiles/en-gb/iso-45001/resources/iso-45001-guide-final-mar2018.pdf.
Mike:
Other annexe XL standards require a risk assessment to identify risk, does 45001 require the same?
Yes – ISO 45001 is based on Annex SL – and good and effective risk assessment has always been a cornerstone of effective health and safety management – hasn’t it?
Kate:
Where is the best place for small consultancy firms to obtain training on ISO 45001?
BSI offers training to all industries and size of company. Details can be found here https://www.bsigroup.com/en-GB/Occupational-Health-and-Safety-ISO-45001/iso-45001-training-courses/.
Mike:
For companies who have already been through the transition to ISO14001:205, is there much more to do for ISO 45001?
Obviously ISO 45001 is for health and safety and ISO 1400 is for environmental management – there will be many common management processes which can be used for both.
Kate:
In comparison with OHSAS 18001, what will be the most challenging part in the implementation of ISO 45001?
45001 uses 18001 as a framework so there are many similarities. If you do not have any other management systems, following the ISO HLS, then the challenges will be around Context and Leadership.
Mike:
What practical steps can Senior Management undertake to demonstrate their commitment to H&S?
Simple – set a clear example for others to follow, get involved, show they are involved, and take an active interest in the management of health and safety on site and in organisations they are responsible for and drive improvement by holding their management teams accountable for delivery and continual improvement.
Kate:
Is certification of conformity to ISO 45001 required, i.e. will we have to obtain certification?
There is no specific requirement for certification, however seeking accredited certification is a good way of seeking public assurance that you are meeting the requirements of ISO 45001. In some instances clients/customers may require certification and/or it can strengthen bids for work.
Mike:
If you’re not working globally (not outside the UK borders), is this standard required?
No standard is required, but is an effective way to demonstrate that you manage health and safety in a consistent way. Most organisations will choose to use it, and many organisation in supply chains will require it.
Kate:
Internal Auditing – Who would be a typical Internal Auditor for 45001 in an organisation?
Guidance on internal auditing, including competency requirements can be found in ISO 19011.
Mike:
Is 45001 the initial step to a fully integrated business standard incorporating 9001 and 14001?
It is one of the final steps, as many high level (Annex SL) compatible standards already exist ISO 9001, ISO 14001, and ISO 27001 etc.
Kate:
What’s the best way to migrate from HSG65 to the new standard, would it be better to try for 18001 first?
I would suggest carrying out a gap analysis first, then you can see what elements you may need to work on.
Mike:
Should risk be assessed for all activities at once or just before the activity is performed?
All activities should be assessed before carrying out, during their lifetime and reviewed regularly – this is standard risk management. ISO 45001 has not introduced any extra requirements here – this should already be happening!
Kate:
Does 45001 talk of difference between Lagging and Leading indicators?
It does not use these terms specifically but the guidance in the Annex of 45001 gives examples of objectives and monitoring which you would recognise as leading/lagging.
Mike:
What would you class as good practice for worker involvement?
Good practice for worker involvement would be to include your workers not only in the standard approaches of communication of information and consultation on health and safety issues (e.g. safety committees, carrying out risk assessments, suggestion schemes, inspections etc.), but also where decisions are being taken. Such areas might be involvement in activities such as objectives planning and improvement planning, involvement in ISO 45001 audits including opening and closing meetings, involvement in internal audits and close out of actions, involvement in policy reviews etc. This would show an inclusive element to workforce involvement.
Kate:
What elements of security risk should be considered in ISO 45001?
Where they give rise to worker safety and health risk, they would need to be considered (and if the security activity could put others at risk). Also the emergency preparedness would potentially include security issues.
Mike:
What is the best guidance or evidence to have in order to show an auditor during an audit that the leadership clause is being fulfilled in your organisation?
Visible and active commitment of the leadership team on health and safety within the workplace. This goes far beyond just turning up for the audits and signing the policy. An auditor would look for clear involvement of the senior team in all aspects of the management standard, and that they can show, and articulate verbally, their involvement and how this has had a positive impact on health and safety within the organisation. This may need some training, mentoring and coaching of the leadership team.
Kate:
Does 45001 require active monitoring and validation of contractor/third parties activities?
Under the new clause 8.1.4 procurement, contractors and outsourcing may require this.
Mike:
How do you determine how far into the supply chain the scope of the management system should extend?
This will be for you to decide, but as an indication, anything suppliers (including contractor) could do which affects your health and safety performance, and anything you do which could affect the health and safety performance of your customers. This should be documented as part of the scope and context of the organisation.
Kate:
Does any panelist know how many certification bodies are currently accredited by UKAS?
UKAS will be reviewing application by certification bodies for accreditation to 45001 in May, so currently no certification body is accredited.
Mike:
Where in 45001 does it mention the suite of assessment processes?
The term ‘suite’ is not used in the standard. The intent during the webinar was to suggest that a variety of risk assessment processes can be used to suit the organisations complexity and size. This is referred to in the guidance to the standard within section A.6.1.2.2. ‘An organization can use different methods to assess OH&S risks as part of its overall strategy for addressing different hazards or activities. The method and complexity of assessment does not depend on the size of the organization, but on the hazards associated with the activities of the organization.
Kate:
Is HSG65 reflected in 45001 and 45002?
HSG65 is the granddaddy for 45001, so you’ll see many similarities.
Mike:
How aligned is the HSG65 management model, with this new standard?
HSG65 is provided by the HSE as a framework by which organisations may choose to manage their health and safety risks. However, HSG65 was recently updated and is now based on the Plan, Do, Check, Act cycle so is now aligned somewhat with the ISO 45001 standard. However, it must be remembered that HSG65 is (a) not a certifiable standard and (b) is not an international standard and as such ISO 45001has some additional explicit elements over HSG65 (e.g. the leadership requirement, supply chain requirements etc.). As there is no requirement for external audit of HSG65, then there is a chance that an organisation using HSG 65 could stagnate if they don’t practice very close scrutiny of their management system. It is very much an individual organisations choice which path it takes.
Mike:
Does reducing the documentation demonstrate compliance in a court of law?
There will always be a requirement to keep documentation which may be required within any potential court proceedings or for insurance purposes. It will be for the organisation to decide how much documentation is needed. Standards in the past have been criticised for increasing the amount of documentation required for certification and proving compliance. The use of the word process simply means that this over-reliance on documentation could be eased, and certification bodies should accept that an organisation can demonstrate compliance by other means e.g. competence evaluation, performance monitoring, leading indicators being implemented effectively and reliably. Of course the need to demonstrate legal compliance will always be needed.
Mike:
What’s the definition of worker, an organisation such as a Retail Mall/College of Higher Education which has a lot of general public visitors? Does the application of standards encompass the visitors to the site?
Generally a worker is defined as a person performing work or work-related activities that are under the control of the organization whether paid or unpaid, such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis. It also includes top management, and other managerial grades as well as non-managerial persons. Additionally it includes workers of external providers, contractors, individuals, agency workers etc.
______________________________________________________________________________________________________________________________________
Join the panel discussion on ISO 45001 at Safety & Health Expo 2018
If you found this webinar to be useful, you may want to join Kate and Mike who will form a panel on the subject with other key industry experts on the 19th June at 14:40 pm in the Keynote Theatre.The discussion will include the processes involved in migrating from an OHSAS 18001 management system to an ISO 45001 management system.
Register here today to make sure you are part of the conversation.
______________________________________________________________________________________________________________________________________
Find upcoming live, interactive webinars plus on-demand sessions to watch back at your convenience.
SHP runs regular health and safety webinars on a wide range of topics, from high level thought leadership, to legislation updates and technical guidance.
Click below to see what’s coming up and what you can watch right now...
