ISO 45001 – Occupational Health and Safety Management Systems

  1. What is ISO 45001?

ISO 45001:2018 is the replacement of OHAS 18001:2007 dealing with the health and safety management standards of workers and non workers. The previous version OHSAS 18001:2007 will not be valid after March 2021.

The companies that use the previous version have to do the transition and AURION helps in achieving it.

  1. Which is the latest version of ISO 45001 standard to implement?

ISO 45001:2018 is the first edition published on 2018 and is the replacement of OHSAS 18001:2007. The previous version OHSAS 18001:2007 will not be valid after March 2021.

Companies that uses earlier version of the standard have to complete the transition of ISO 45001:2018 and complete the assessment of certification before March 2021, or else the certificate will be invalid.

  1. How is ISO 45001 different from OHSAS 18001?
  • Structure similar to other management system standards
  • Top-down approach to safety
  • Ensures workers are aware of the risks and their responsibilities
  • More focus on prevention than control
  • New clause structure
  • Ensure suppliers and contractors manage risks
  1. What are the main clauses and structure of ISO 45001:2018?

The first few sections of the standard are scope of the standard, references and definitions to support organizations looking to implement an EMS. The next seven clauses are auditable clauses of the standard. They are

  • Context of the organization
  • Leadership and worker participation
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

The above clauses are split based on PDCA model.

  1. What are the documented information required for ISO 45001?

 Mandatory documents

  • Scope of the OH&S management system (clause 4.3)
  • OH&S policy (clause 5.2)
  • Responsibilities and authorities within OH&SMS (clause 5.3)
  • OH&S process for addressing risks and opportunities (clause 6.1.1)
  • Methodology and criteria for assessment of OH&S risks (clause
  • OH&S objectives and plans for achieving them (clause 6.2.2)
  • Emergency preparedness and response process (clause 8.2)

Mandatory Records

  • OH&S risks and opportunities and actions for addressing them (clause 6.1.1)
  • Legal and other requirements (clause 6.1.3)
  • Evidence of competence (clause 7.3)
  • Evidence of communications (clause 7.4.1)
  • Plans for responding to potential emergency situations (clause 8.2)
  • Results on monitoring, measurements, analysis and performance evaluation (clause 9.1.1)
  • Maintenance, calibration or verification of monitoring equipment (clause 9.1.1)
  • Compliance evaluation results (clause 9.1.2)
  • Internal audit program (clause 9.2.2)
  • Internal audit report (clause 9.2.2)
  • Results of management review (clause 9.3)
  • Nature of incidents or nonconformities and any subsequent action taken (clause 10.2)
  • Results of any action and corrective action, including their effectiveness (clause 10.2)
  • Evidence of the results of continual improvement (clause 10.3)
  1. What are the new requirements for risks and opportunities in ISO 45001?

This is the new requirement of this standard in (OH&SMS) and covers two different types of risk for the individual processes and for the overall OH&SMS.

In detail, for your activities, processes and work areas, you must identify the hazard that exists of all involved including contractors and visitors. Then to identify the risk for the hazard and what controls you needed to put in place to mitigate the risk. The requirements to assess risk of the processes are still part of the planning for the OH&SMS. Controlling the risk is an important part of ensuring the health and safety of people within your facilities. This assessment of the hazards and risks posed by the organization’s activities is still a critical part of what is needed to improve occupational health & safety performance.

In continuation with above, there are new conditions for assessing risk and opportunities of the overall OH&SMS. This type includes the assessment of the context of the organization with respect to the purpose of the management system, including the internal and external issues that affect it, to identify all of the interested parties and their needs and expectations. Considering these issues, interested parties and expectations into account, the company must assess what risks and opportunities exist for the company with respect to the management system. For the OH&SMS this means the risks and opportunities that could affect the company’s ability to enhance OH&S performance, fulfill compliance obligations and achieve OH&S objectives. Many companies have a strategic planning function which addresses these requirements of the standard.

If you have more than one management system in place (such as a quality management system or environmental management system), this same process can be used for all of them.

  1. Is occupational health and safety policy mandatory for an organization and how detailed should be the policy?

It is the responsibility of top management to establish, implement and maintain an OH&S policy.

The new version of standard is significantly different from OHSAS 18001:2007 in many ways, also the OH&S policy being one of the mandatory requirements of the OH&SMS.

Consider the following while writing the policy:

  • includes a commitment to provide safe and healthy working conditions for the prevention of work related injury and ill health
  • Is appropriate to the purpose, size and context of the organization, and specific nature of its OH&S risk and OH&S opportunities
  • Provides a framework for setting the OH&S objectives
  • Includes a commitment to eliminate hazards and reduce OH&S risks
  • Fulfill compliance obligations
  • Commitment on continual improvement of OH&SMS by enhancing OH&S performance
  • Includes commitment to consultation and participation of workers, and, where they exist, workers’ representatives
  1. What is an OH&S hazard?

Hazard is a “source, situation, or act with a potential for harm in terms of human injury or ill health, or a combination of these.” Simply as, an OH&S hazard is any part of your company’s activities that can have a negative effect on the health or safety of your employees, any contractors or visitors to your facilities. This could be the use of harsh chemicals in your workplace that can affect workers’ health, machines with moving parts that can cause injury to operators, or repetitive actions that can cause ergonomic repetitive strain issues with employees.

The OH&SMS needs to establish, implement, and maintain a procedure for ongoing hazard identification, risk assessment, and determining the necessary controls to manage the OH&S hazards.

  1. What is meant by OH&S risks?

The standard defines risk as the “combination of the likelihood of an occurrence of a hazardous event or exposure and the severity of injury or ill health that can be caused by the event or exposure.” In simple words, what are the chances that the hazard will happen, and how bad could it be if it did? This is the first step in risk assessment. Assessing the risk of a hazard is done to determine if the risk is acceptable in order to determine which controls, if any, need to be put in place. Acceptable risk is defined as “risk that has been reduced to a level that can be tolerated by the organization having regard to its legal obligations and its own OH&S policy.”

  1. How to define OH&S controls?

a) Elimination – Removing the hazard from your process, such as eliminating a chemical cleaning step with a harsh chemical

b) Substitution – Using something less hazardous in your process, such as a less harsh chemical that will produce the same results

c) Engineering controls – Putting control in place that will stop people from contacting the hazard, such as protective shields on machinery

d) Signage/warnings and/or administrative controls – Implementing administrative controls to prevent people from coming into contact with the hazard, such as marked areas to keep people away from a hazardous part of a machine

e) Personal protective equipment – Providing protective equipment for your workers to wear when dealing with the hazard, such as gloves, goggles, coats, etc.

11. What is meant by emergency preparedness and response?

It is one of the most critical clauses of the standard, having defined and efficient process in the event of an incident or accident that can be central to ensure that the effect is mitigated and reduced. Therefore, preventing incidents and accidents are the primary concern of an OH&SMS and responding to them and ensuring an emergency response plan is equally important. The organizations will have employees and contractors, visitors, partners, and neighbors and will have to call on emergency service in the event of an accident.

Every organization shall establish, implement and maintain a procedure for emergency preparedness. All employees and stakeholders should be aware of the procedures, changes and updates. Communication and training is vital for this activity. The standard states that the organization needs to identify the potential for emergency situations and respond to them accordingly. Identifying the potential for emergency situation is something that is determined in risk assessment. The factors can differ greatly depending on what sector you work in, but let’s consider the types of details we need to ensure that are captured in our emergency preparedness plan:

  • Qualified first aid people
  • Fire extinguisher and chemical spill kits
  • Emergency contact numbers
  • Evacuation plan
  • Employee next of kin details
  • Responsibilities and communication
  • Return to work process
  1. Is it mandatory to review and test the emergency response plan, and how?

Yes, it is mandatory to review and test the emergency response plan.

It is good practice to test your emergency plan “periodically” as advised by the standard, and the frequency of your tests will probably be determined by the sector you operate in, the number of people involved, the amount of planning required, and the time taken for the actual rehearsal. You will also have to consider the wishes of your top management team, as they will be involved.

Therefore, when it comes to the issue of testing your plan, there are certain elements that is to be considered. They are:

  • Consultation and expertise
  • Stakeholder input
  • Communication
  • Record control
  • Business needs

Key benefits of testing the emergency response plan are:

  • Reduction of future/forecast risk
  • Make your employees feel safe and valued
  • Increase interested parties and stakeholders confidence
  • Significant process improvement
  • Meeting compliance requirements and avoid any penalties

Avoiding insurance claims and reducing insurance premiums

Share this Blog!

About the author