Monthly Archives: March 2016

ISO 45001 – Other Risks and Other Opportunities

Posted on by

risk_management_supply_chain_1320_892_60ISO/DIS 45001 is the new ISO Standard for Occupational Health and Safety Management Systems.  The public comment period for the draft international standard is open until April 2, 2016.  One of the important issues debated at the recent meeting of the US TAG in Dallas. TX,  Feb 22-25, 2016 was a requirement unique to ISO 45001 that  organizations are required  to assess “other risks” to the OHSMS.  Neither ISO 9001:2015,14001:2015 or OHSAS 18001 have such a requirement.  Here is what is required:

6.1.2.2 Assessment of OH&S risks and other risks to the OH& S management system

The organization shall establish, implement and maintain a process(es) to:

b) identify and assess the risks related to the establishment, implementation, operation and maintenance of the OH&S management system that can occur from the issues identified in 4.1 and the needs and expectations identified in 4.2.

To better understand what is expected one needs to go to the Annex of the standard where there is a list of examples in A.6.1.2.2 of what needs to be considered as follows:

“The organization should also give consideration to those risks which are not directly related to the health and safety of people and address factors affecting the OH&S management system, its performance and intended outcomes. These risks should be assessed using an appropriate method”.

Potential sources of risk to the OH&S management system can include:

  • inappropriate context analysis; outdated analysis;
  • inadequate consideration of OH&S management system requirements, change management and other health and safety issues in strategic planning and other business processes;
  • the absence of resources for the OH&S management system, whether financial, human or other;
  • an ineffective audit program;
  • poor succession planning for key OH&S management system roles;
  • poor top management engagement in the OH&S management system activities;
  • failure to address the needs and expectations of relevant interested parties;
  •  poor OH&S performance leading to reputational risks.

The standard also requires organizations to identify “Other Opportunities” in clause 6.1.2.3(b) when it says:

“The organization shall establish, implement and maintain processes to identify:

b) opportunities for improving the OH&S management system”.

Again the annex provides a bit more guidance regarding “other opportunities” in A 6.1.2.3.  Here is what it says:

Opportunities to improve the OH&S management system can include:

  • improving the visibility of top management’s support for the OH&S management system;
  • enhancing incident investigation processes;
  • improving the processes for worker participation;
  • benchmarking, including consideration of both the organization’s own past performance and that of other organizations;
  • collaborating in forums which focus on topics dealing with health and safety.

Some of the US TAG experts argue that without a requirement to address these other OH&S Risks and Other OH&S Opportunities the management system will be ineffective and will not lead to OH&S performance improvement.  Others on the US TAG maintain that by implementing and operating an ISO 45001 OHSMS the organizations will address these potential risks and requiring an additional step to look at these other risks is redundant and confusing to potential users.

What do you think?  Leave a comment here and… if you like… take the survey and express your opinion.

ISO 45001 – Hierarchy of Controls (HOC) – Should it be a Requirement?

Posted on by

Section 8.1.2 of ISO/DIS 45001 requires that organizations “shall establish a process and determine controls for achieving reduction in OH&S risks using the following hierarchy:

  1. occupational_health_safetyeliminate the hazard
  2. substitute with less hazardous materials, processes, operations or equipment
  3. Use engineering controls
  4. use administrative controls
  5. provide and ensure use of adequate personnel protective equipment

The US Technical Advisory Group at its recent meeting in Dallas, TX Feb 22-26, 2016 had lengthy and at time heated discussion about requiring the use of the HOC.  The basic question is should the phrase “using the following hierarchy” be revised to soften it by saying “considering the following hierarchy”.

Many of the seasoned OH&S professionals in the group believe that the language should remain as “use” . They believe the HOC is well accepted in the industry and it is also required by law.  Others on the US TAG with experience in drafting and auditing ISO standards like ISO 14001 think the use of the HOC should be optional.  They maintain that it will be difficult during audits to prove that the HOC was used and that additional control is not possible or practical.

The standard also requires that the OH&S Policy “includes a commitment to control OH&S risks using the hierarchy of controls.

Give us your opinion and please take the survey.

Results of ISO 45001 US TAG Meets in Dallas, TX  – February 22-26, 2016

Posted on by

We recently participated on the leadership team for the United States Technical Advisory Group (US TAG) for the Development of the  new ISO 45001 standard for Occupational Health and Safety management systems.  Group Photo at ISN

The purpose of the week long meeting held at the ISN headquarters in Dallas, TX was to disposition over 800 comments on ISO/DIS 45001.  The US TAG successfully dispositioned all of the major issues and many of the individual comments.  Our role at this meeting was as co-chair of a subcommittee with Vic Toy for Clause 6 – Planning.  Our section had 157 comments to review and decide how they would be addressed.

The meeting was attended by about 70 participants representing business, organized labor and government.  Major issues addressed during the meeting included questions and comments like:

  • Should organizations be required to use the hierarchy of controls when reducing risk?
  • Does redundancy add clarity or confusion (frequent references to workers and worker representatives)?
  • Should organizations be required to assess risk to the management system (other risks) or is this already addressed by the clauses of the standard?
  • When must workers be asked for an opinion (consultation) and when must workers have authority to influence decisions made by management about risk control and other management system issues (participation)?

We have posted some articles about the following on our website blog if you are interested in learning more about these important issues.

  • ISO 45001 – Hierarchy of Controls
  • ISO 45001 – Other Risks and Other Opportunities

The public comment period in the USA is now open until April 1, 2016 so if you are in the USA and your organization would like to submit comments for consideration send me an email to tagosh@envcompsys.com and I can help you get the comments to the right place. Also please feel free to call or email with any questions about ISO/DIS 45001.