Kevin has been president of ECSI for over 25 years. His practice focuses on environmental and health and safety management systems training, consulting and auditing. He is an active member of the US Technical Advisory Committees to ISO 14001 and ISO 45001. He represents that USA at international meetings of these committees. He is also the lead developer of the CorrectTrack corrective action tracking app.
RDO Equipment Co. Founded in 1968, RDO Equipment Co. sells and supports agriculture, construction, environmental, irrigation, positioning, and surveying equipment from leading manufacturers, including John Deere, Vermeer, and Topcon. RDO Equipment Co. is a total solutions provider with more than 75 locations across the United States and partnerships in Africa, Australia, Mexico and Ukraine. RDO contacted ECSI for assistance in developing an Occupational Health and Safety Management System to help improve its OHS performance.
RDO also wanted to show its business partners, customers and employees, their commitment to keeping employees safe. RDO chose to align the OHS management system with ISO 45001. They also decided to initially seek certification from an accredited certification body for their corporate headquarters and one of the company stores. Their intention is to certify the remaining 42 stores over the year or so. ECSI conducted an initial gap assessment that helped RDO identify gaps that needed to be filled before getting certified.
Gaps were entered into a database application tool (CorrectTrack) and assigned to the OHSMS implementation team for follow-up. One of the gaps identified was the need for a comprehensive Job Hazard/Job Safety analysis. ECSI helped develop process maps that supported JHA/JSA development at one of the RDO maintenance facilities. Below is an example of how the results of the JHA/JSA risk analysis were recorded.
This tool helped RDO evaluate the effectiveness of existing risk controls and identify priority hazards for additional risk reduction. The tool also helped internal auditors identify what material risks need to be audited during the internal audit process.
ECSI also helped RDO train its internal auditors in performing audits to the ISO 45001 standard. This was done in a three day combined internal audit training and actual audit at the corporate headquarters and one of the RDO maintenance facilities. ECSI assisted RDO in preparing for several management review meetings that were conducted prior to the Stage 1 and Stage 2 audits by an accredited certification body. Congratulations RDO on a successful outcome to the ISO 45001 implementation and certification process.
ISO 45001 is an international standard that helps organizations improve Occupational Health and Safety (OHS) performance. The ISO 45001 standard can be used to ensure workers are safe by protecting them from workplace injury and ill health. As the Vice Chair of the US Technical Advisory Group to ISO 45001, I have been seeing a significant rise in awareness of ISO 45001 benefits. Environmental Compliance Systems, Inc has also helped many organizations plan, implement and integrate an ISO 45001 OHSMS with their other business management systems. A recent webinar produced with ASSP describes the many benefits of an ISO 45001 OHSMS. Here is a link to free ASSP webinar: https://player.vimeo.com/video/844292169?. Please watch if you are interested in improving your organizations OHS performance.
Environmental Compliance Systems, Inc. (ECSI) is pleased to announce the release of CorrectTrack 2.0 soon. CorrectTrack 2.0 marks a significant improvement in the applications ability to provide important ISO management system performance information quickly to users.
Over a decade ago ECSI began to explore digital tools to enhance our ISO consulting, auditing, and training practice. We were looking for a cloud-based application that helps our clients and others implement and operate ISO continual improvement management systems. Being unable to find a suitable off the shelf solution we began adapting available open-source bug tracking software. The objective was to provide a systematic corrective action tracking process that was superior to existing Microsoft access database and excel spreadsheet solutions. The list of organizations using CorrectTrack has now grown to over 40 organizations and 450 individual users. To our knowledge CorrectTrack continues to be the only cloud-based application designed exclusively for ISO 14001, 45001, and 9001 management systems.
CorrectTrack 2.0 has better dashboard user experience and more flexibility to let users configure it to their specific needs. Users will have access to all the application features including:
Permissions based user access and functionality.
Approval gate process for corrective action investigation, verification, and closure
Risk management module for all ISO management system standards including 9001, 14001 and 45001.
Internal audit planning and follow-up.
CorrectTrack 2.0 Dashboard and Landing Page
As part of the CorrectTrack 2.0 rollout we are offering a free consultation to ISO management system experts and representative to explore how the application can benefit you ISO management system and improve your organizations occupational health and safety, environmental and even quality performance.
Contact us for more information on how CorrectTrack 2.0 can help your organization’s ISO management system performance. If you like what you see, we will help you get started with a free application trial period without any obligations or fees.
The Securities and Exchange Commission (“Commission”) is proposing for public comment amendments to its rules under the Securities Act of 1933 (“Securities Act”) and Securities Exchange Act of 1934 (“Exchange Act”) that would require registrants to provide certain climate-related information in their registration statements and annual reports. The comment period closed May 22, 2022.
The proposed rules would require information about a registrant’s climate-related risks that are reasonably likely to have a material impact on its business, results of operations, or financial condition. The required information about climate-related risks would also include disclosure of a registrant’s greenhouse gas emissions, which have become a commonly used metric to assess a registrant’s exposure to such risks. In addition, under the proposed rules, certain climate-related financial metrics would be required in a registrant’s audited financial statements.
The first 465 pages of the document are the SEC response to comments provided during the development phase of the proposed rules last year. The proposed new rules begin on page 465. There is some interesting stuff on what SEC is looking for regarding how registrants assess climate related risk (see § 229.1503 (Item 1503) Risk management starting on page 482).
Join us at the conference. We are presenting on E-Tools for OHS Risk Management. Learn about how cloud based app and relational database are emerging as essential tools for EHS Managers. We will cover how to use these tools to:
Covid made us change how we work. Virtual meetings are the new normal when connecting with others and conducting business. Our certified training courses, internal and third party audits are conducted virtually with great results. A positive is dramatic reduction in effort and resources invested in travel to and from our clients or public courses. The negatives include more difficulty in performing audits on specific processes. Hand held devices do not show what is happening on the manufacturing floor well. They are also prone to loosing connection due to poor WiFi in some areas of the facility.
Contact us to learn more about how we are adapting and what we can do to help your organizations as it adapts to the new normal of Covid 19.
ISO 45001:2018, 14001:2015 and 9001:2015 are based on the High Level Structure. The International Organizations for Standardization (ISO) High Level Structure (HLS) is about to enter another phase of revision of the HLS. The definition of “Risk” in the ISO HLS and the term “risk and opportunity” is causing confusion with drafters and users of ISO 45001.
Removing the special definition of term risk and eliminating use of the term risk and opportunity will help standards drafters reduce ambiguity in the standard requirements and help other users better understand how to plan. implement, operate and audits ISO management systems.. The following discussion is based on our extensive experience auditing, teaching and consulting for ISO 45001, 14001 and 9001.
The Definition of “Risk” and Use of the Term “Risk and Opportunity” in ISO High Level Structure
The HLS was introduced in 2012 to “harmonize” management system standards around a common structure. The common structure helps organizations integrate quality, environmental, health and safety and other management systems.
Figure 1 is the Table of Contents of the HLS as currently proposed in Draft ISO/DGuide 83 – 06/03/2020.
In this post we discuss two issues being raised during the HLS revision process.
These are:
the definition of the term risk in the HLS,
use of the terms risk and opportunity in the HLS.
Resolving these two issues is important to users understanding of what ISO 45001 is designed to manage.
In a previous post, we provided an overview of proposed changes to the HLS duirng the minor revision stage, As the HLS revision begins to enter the major revision stage we believe there are important issues to be addressed by ISO. We believe that ISO should carefully consider the unintended negative consequences of creating a special definition of risk and using the term risk and opportunity in future versions of the HLS.
Risk as a “defined term”.
Definition of risk
The Oxford English Dictionary (OED) is the official dictionary of ISO and defines risk as the “possibility of loss, injury, or other adverse or unwelcome circumstance”. The Merriam-Webster definition is similar, “possibility of injury or ill health”. These definitions of risk have been in use for many decades and with great success by organizations managing Occupational Health & Safety (OH&S) performance.
In 2012 ISO introduced the term risk as a “defined term” giving it a different definition than OED or Merriam -Websters. The HLS definition of risk is now “the effect of uncertainty” (see Figure 2).
The new definition is designed to encourage organizations to take a broader view of both the positive and negative characteristics of risk. This approach is supported by the ISO technical committee that develops guidance standards on risk management (TC 262). ISO 31000 is the flagship standard in this series. ISO 31010 is guidance on risk assessment techniques.
Use of “on objectives” in the HLS definition of risk
TC 262 isnow promoting another revision to the definition of risk that adds the words “on objectives” to the HLS definition of risk They believe the concept of risk cannot be comprehended without reference to the term objectives in the definition of risk (Figure 3).
However, adding the words “on objectives” creates ambiguity and confuse drafters and users of ISO 45001. This is because the term objectives is already used in 45001 referring to specific goals the organization needs to achieve to improve OH&S performance.
The objectives refereed to in the ISO 31000 definition of risk are more broad and include business and societal objectives. The potential unintended consequence of adding the words on objectives to the definition of risk is users will only address risk associated with objectives and not more broadly address OH&S risk to workers and the organization..
Unintended consequences of changing the definition of risk
The addition of a special definition of risk has increased ambiguity about the meaning of the term risk. It has also had unintended consequences for both those using the HLS when developing management system standards, and those using these standard to plan and implement OH&S management systems..
As an example, because of the way ISO has now defined risk, the developers of ISO 45001 found it necessary to add two additional notes to the definition of risk (Figure 4). The ISO 45001 definition of risk now has 6 notes (198 words) to explain the three word definition of term risk.
The drafters of ISO 45001 also found it necessary to create another defined term OH&S risk (Figure 5). This new definition was added to clarify ambiguity caused by the HLS definition of risk and how OH&S professionals had traditionally understood the concept of risk in the OH&S management discipline.
The intent of the new ISO special definition of risk was to shed light on the practice of risk management and encourage organizations to take a broader view of the dynamics between risk and opportunity. That objective may have been achieved but with significant additional confusion by standards drafters and users. ISO should consider removing the special definition of risk from the HLS and return to use of the Oxford English Dictionary of risk.
Risk and Opportunity in the High Level Structure.
The association of the word risk with the word opportunity (risk and opportunity) in HLS clause 6 has confused drafters and users of ISO 45001. There is uncertainty if the term risk and opportunity refers to a single concept or two different concepts. To help explain what is meant by risk and opportunity ISO prepared a white paper titled Risk Based Thinking in ISO 9001:2015. Although the title indicates the topic is ISO 9001 Quality Management systems, the examples used in the white paper are also applicable to an ISO 45001.
To clarify ambiguity about the term risk and opportunity, drafters of ISO 45001 added a new defined term OH&S opportunity (Figure 6).
The ISO 45001 definition of OH&S opportunity refers the concept of OH&S performance improvement, another defined term in ISO 45001 (Figure 7) . The definition of OH&S performance references another 5 defined terms in ISO 45001. The need to create a separate defined term of OH&S opportunity and then refer to 5 other defined terms to explain the OH&S performance, This tortured effort to reduce ambiguity is further evidence of the confusion the term risk and opportunity has introduced to ISO 45001.
ISO 45001 also refers to other risks and other opportunities that the organizations needs to address (Figure 8). These terms are not defined in ISO 45001. This adds uncertainty about the concept of risk and opportunity in ISO 45001.
Figure 8 – ISO 45001 Other Risk and Other Opportunities
These many terms associated with the concept of risk and opportunity in Clause 6 creates uncertainty about what ISO 45001 is supposed to manage. Those implementing, operating and auditing an OHSMS are confused, especially when identifying what is important to the organization’s OH&S performance. The unintended consequence of adding the term risk and opportunity is user confusion about answers to important questions like:
When the HLS uses the term opportunities is it referring to potential financial or societal gain or to a discipline specific intended result such as a safer workplace?
What is the difference between the concept of risks and opportunities and the concept of OH&S risk, OH&S opportunity and other risk and other opportunity or are these the same thing?
Are the concepts of hazards and risks being tre focus of OH&S management systems now obsolete, or can it still be used when planning an OH&S management system?
Conclusion and Recommendation
The introduction of a special definition of risk and the use of the term risk and opportunity in the HLS has led to unintended and unnecessary confusion by drafters and users of ISO 45001. ISO should remove the definition of risk and use of the term risk and opportunity from the ISO HLS. during the next phase of the HLS revision.
Here is a webinar we lead for ASSP on Covid-19 recently. The webinar discusses how organizations can use occupational health and safety management system audits and the corrective action process to respond to Covid-19 challenges.
Leadership commitment to a management system is critical to its performance. Encouraging support is sometimes challenging. The management review process required by ISO management system standards can help gain leadership commitment.
Do’s and Don’ts
Coordinate management review with management other business review meetings. Conducting “management review” during regular business review meetings gives the sense that the management systems is part of the overall business. Management reviews conducted infrequently and apart from the other important business management meetings leads to a silo-ed perception of the management system.
Make management review value added. Ensure the information being presents is actionable by leadership. Give them a few choices for recommendations with supporting information and ask them to decide. They will appreciate your opinion and recommendations to help make decisions.
Do the Math and Have Backup.
Defend your recommendations for improvement with cost and return on investment information. Showing leadership how the management system helps save and even makes money, contributes to their support and commitment.
Take Good Notes
Recording leadership decisions during the management review helps ensures follow-up. Records of management review are also evidence of their leadership commitment, especially during audits.
Timely Management Review Follow-up
Follow-up on management review recommendations in a timely fashion and report on progress at the next management review opportunity. This will enhance leaderships perception of the management system, their support and commitment.
Management Review Frequency
Most organizations perform periodic reviews of the business performance to make sure things are going along smoothly and to make any course corrections needed. Integrating the ISO system management review with these regular business review meetings will help ensure that:
Management system performance issues are addressed in a timely fashion
The management system is integrated with all other business processes
Timely information is provided to leadership to help make important business decisions
Management Review Inputs
Management review meetings should not necessarily address all management review inputs during each meeting. Management review inputs that should be reviewed at every management review include:
Follow-up from previous management reviews
Status of actions from previous management reviews;
Status of corrective actions and incident investigation
Progress toward achieving objectives.
Management review inputs to be reviewed less frequently and as needed such as
Customer Complaints and interested party concerns
Changes including new compliance obligations
Adequacy of resources
changes in risks and how they are being addressed
Audit results
Management Review Outputs
The purpose of management review is to ensure the management system is able to achieve it intended outcomes. The outputs of management review are an important part of the Act part of the Plan-Do-Check-Act continual improvement cycle. It is where leadership has the opportunity to review the information generated in the “Check part of the PDCA cycle and intervene (Act) and continually improve the management system
Records of management review are the notes of the meeting (output notes). They are required by all ISO management system standards. Outputs are what leaderships asks the organization to do to improve performance. These records are also excellent evidence of leadership commitment during third party audits.
Conclusion
The goal of management review is to provide information to leadership that it can act on. Planning and conducting good management reviews will enhance leaderships opinion and support of the management system.
The ISO High-Level Structure (HLS) is the basis for all management system standards and is now being revised by ISO. These changes will affect all management system standards. Users of ISO management system standards such as ISO 14001, 9001 and 45001 will need to evaluate how these changes will affect the organizations ISO management systems.
Introduced in 2012, the HLS was created to help better integrate quality, environmental and health and safety management systems. Prior to its introduction ISO 9001 had a different structure that ISO 14001 that complicated integration of the management core processes such as corrective action and management review. The HLS solved that problem. The revision introduced a new name for the HLS and it is now called Annex L, Appendix 2.
The revision will also introduce guidance on use of the HLS for standard writers and users. This guidance is called Annex L, Appendix 3. Both Annex L, Appendix 2 and 3 will be combined as a table.
Proposed Structure of Annex L Appendix 2&3
Appendix 2 is in the final stages of an initial “limited” revision and not yet available to the public. Appendix 3 is in mid-stage revision and should be approaching the final stage later this year.
Here are a few of the most important changes to Annex L, Appendix 2 from the “limited” revision:
Definition of Risk
A lengthy debate is ongoing within ISO about if a revision to the definition of “Risk” is needed. “Risk” is currently defined in the HLS as “the effect of uncertainty”. Some within ISO argue that a better definition is “the effect of uncertainty on objectives“.
Others fear that the addition of the words “on objectives” to the definition of risk will cause confusion in standards like ISO 9001, 14001 and 45001. They believe this because these standard have a specific requirement to create measurable “objectives” within the management system.
The debate over the definition of risk has lead to several proposals including eliminating the definition of risk entirely from the HLS. A subgroup has been assigned the task of sorting this difficult issue and the results will be reflected in a future revision of the HLS. For now however the definition of “risk” will remain as it is in the HLS.
Expected Outcomes Vs Results
The previous version of the HLS used the term “expected outcomes” to describe the results organizations should expect from its ISO management system. Some users found the term “expected outcomes” confusing so it has been changed to “expected results”. The change was also made to simplify translation to other languages.
Outsourced Processes
The old HLS used the term “outsourced processes”. Manufacturers sometimes send their products to other organizations who perform specialized processes like heat treating or electroplating. This relationship between organizations was called “outsourcing” in the previous version of the HLS. The concept of “outsourced processes” however does not apply as well to other disciplines such as environmental management or health and safety management systems.
The term “external provider” is now being used in place of outsourced process. This change has been made in response to several comments that found the term “outsource” unclear. The use of external provider clarifies that outsourced, contracted, and purchased products, services and processes all need to be controlled by the management system.
Documented Information
The use of the terms “maintain” and “retain” to describe what needs to be done with certain types of documents in the management system has been replaced with the term “shall be available”. This change has been made to avoid confusion between maintaining and retaining documented information. This change is not expected to impact organizations with mature document control process and management systems.
Internal Audits
This part of the HLS has been substantially reorganized. The title of 9.2.1 was changed to General and 9.2.2 Internal Audit Program has been added. This change has been made for ease in understanding. Now the two distinct concepts covered in the paragraph (what an audit program entails and what should be considered when establishing an audit program) are listed separately.
Effects of the Annex L, Appendix 2 and 3 Revisions (Whats Next?)
The revision of Annex L is not expected to have a significant immediate effect on ISO standards or ISO management system audits. The revisions will not requires revision of any of the ISO management system standards until these standard are revised and updated as required by ISO. However, organizations in the process of implementing an ISO management system or integrating a new discipline specific standard such as ISO 45001 into an existing management system structure, should anticipate that these changes will appear in future revisions of ISO management system standards.
