About Kevin Lehner

Kevin has been president of ECSI for over 25 years. His practice focuses on environmental and health and safety management systems training, consulting and auditing. He is an active member of the US Technical Advisory Committees to ISO 14001 and ISO 45001. He represents that USA at international meetings of these committees. He is also the lead developer of the CorrectTrack corrective action tracking app.

ISO High Level Structure and EH&S Management Systems

ISO 14001 and OHSAS 18001 are undergoing significant change intended to improve these standards.  The new ISO High Level Structure will align all ISO standards along a common management systems structure and promote integration.   The recent US Technical Advisory Group meeting in Orlando, Florida was a particularly enlightening conference for us where US TAG members were able to share their ideas of the way the HLS applies to EHS management Systems.



An important part of the revision processes is being able to communicate to current and new users how the standards are changing and how these changes will affect an existing EHSMS.  This diagram represents how we at ECSI see the developing changes to ISO 14001 and ISO 45001 and the relationships between some of the important clauses of the revised standards.

We are interested in understanding how users of the EHSMS standards feel about the changes and what information they need to begin to plan for the changes to their EHSMS.  ECSI will be conducting a short, one hour webinar Tuesday, April 22, 2014 from 10am-11am Central Standard Time.  The purpose of the seminar is to provide the current state of the revision process and to discuss how we see the EHSMS standard revisions progressing.  If you are interested in participating in one of these webinars send us an email to webinar@envcompsys.com and we will reply with the logon instructions.

ISO 45001 Annex 6 – Response to Comments

My draft was meant to be for the Annex only.  It was not intended to be included, or as a supplement to, the normative part of the standard.  I offered the draft of the Annex more to stimulate discussion than expecting it to be incorporated in its entirety.  As I have said from the beginning.  I believe that the HLS should remain largely intact without significant discipline specific additions.  Most discipline specific language for clarification of intent should be introduced in the Annex.

I like the idea of working the development process of this and other standards like ISO 14001 from back to front.  In other words, let’s work on the Annex (informative part of the standard) first, agree on what we want it to achieve and what the Annex should contain, and then decide what needs to be changed in the normative part of standard to meet the discipline specific outcome we want.

I also understand the desire to use much of Z10 to form the basis for ISO 45001.  However, I believe that we can improve upon the ideas presented in Z10 as we develop 45001, especially appendix F and the example risk matrix it contains.

Regarding the question of how opportunities should be addressed in the standard, I believe it matters little where opportunities are addresses.  It may be appropriate to address them in both 8 and 10 and maybe a little bit in 6.  I do however believe that we need to have a better idea about what we mean by opportunities before we add discipline specific language to the HLS in any or all of those clauses.

I believe there are at least two types of opportunities that can be identified, those being opportunities to reduce risk, and those opportunities that can result in other value enhancement.  Sometimes exploiting one type of opportunity comes at the expense of the other. ice3 Ice diving is a good example.  Personally I think you need to be out of your mind to do it, but some folks find great pleasure in scuba diving below the ice and take every opportunity they can to enjoy it.  One of the hazards of ice diving is getting lost under the ice and not being able to return to  the hole before your air supply is exhausted.  The bigger the hole, the easier it is to find when you want out of the water.  But cutting a big hole through 3 foot thick ice is hard and there comes a point where the discomfort in cutting the hole out weights the fun the divers expect to have on their adventure.  So the divers manage the likelihood of becoming trapped beneath the ice in other ways, like roping up and having folks at the surface holding the other end of the rope.  Managing the risks and enjoyment of an ice dive becomes an optimization problem.

The ISO 45001 standard Annex (either 6, 8 or 10) should include information to help users understand the relationship between risks and opportunities and that there are different types of opportunities they can exploit.  Once we have the right language in the annex, we can then think about what changes might be need in the standard itself to make the HLS work for the OH&S discipline.  Again this is the back to front approach to standard development I prefer.

Spring? Really?

If you are living in the North Country as I am, the weather has been a perpetual topic of discussion.  Just for fun, a couple of years ago, I decided to start to learn how to harvest ice from our local lake.  Last week I got a call from some  local divers needing a hole cut in the lake to do a certification ice dive.

Having cut some ice earlier this year to build Ice Henge, I had an idea that cutting a hole in the ice now was not going to be easy.  20140210_165329_2It turned out that the ice on our local lake is almost 3 feet thick and it took over 3 hours to cut a 3′ x 6′ hole.  At the time they started diving the outside air temperature was about 9 degrees F and dropping.  The entire idea of ice diving offended every sensibility.  Its just not right!


32 inch bar

20140301_140300_3DCIM100GOPROice3 Ice Divers

ISO 45001 Update – Annex A Clause 6 Planning

The US Technical Advisory Group (US TAG) for the new Occupational Health and Safety Management System Standard ISO 45001 met in Washington DC in late January which we attended as voting members.  The objective of the meeting was to review the first working draft of the new standard and provide comments on the US position.  The area of greatest interest was Clause 6 Planning where discussion centered on how best to address the concept of hazard identification, risk assessment and risk treatment (control).  A key question discussed was how much discipline specific information should be inserted into the High Level Structure (HLS), the normative part of the standard, and how much should be presented in the Annex (the informative part of the standard).

My opinion is that the requirements part of the HLS should be left mostly as it is with only little additional discipline specific (OH&S) information being added.  Additional discipline specific information should be placed in the Annex as informative interpretation and guidance on how to use the standard.

As the DC meeting concluded several members of the group offered to prepare the Annex portion of the standard to be presented in Morocco next month at the international meeting of the full ISO 45001 Project Committee.

ECSI prepared a proposed Annex A section for the standard which was based partially on other international and national standards like ISO 31000:2009 – Risk Management, ISO 31010:2009 Risk Assessment, OHSAS 18001:2007 and ANSI Z10:2012.

Here is one of the figures we introduces to explain the relationship between the various parts of ISO 45001 and the risk assessment process.

Risk Assessment Parts 8x8

The Annex we prepared explained the different steps in the risk assessment process and also included a figure that could be used to explain the concept of Risk Analysis (Figure A6-2).  The information we provided was combined with information offered by others on the US TAG.  The proposed annex will be presented by the US TAG next month in Morocco. Now we just need to sit back and see what the rest of the international ISO 45001 Project Committee thinks about the US proposal for Annex A clause 6. .

Risk Assessment Matrix

ISO 14001 Continual Improvement Survey 2013 Results

ISO recently published the results of a survey questionnaire circulated last year to the international community .  The purpose of the survey was to help guide the ISO technical committee (TC 207) revision of ISO 14001 scheduled to be released next year.  The survey reached over 5000 organizations or individuals in 110 countries worldwide.  57% of the respondents were in Europe with only 17% responding from North America.  54% of those responding were actual users of the standard such as industries and 45% were either consultants, certification bodies performing audits or other types of organizations.

The survey asked questions about the perceived value of ISO 14001 to Environmental Management and Business Management.  The areas where ISO 14001 was thought to be most valuable were:

  • Ability to meet legal requirements
  • Environmental performance improvement

The areas where ISO 14001 was thought to be of least value were:

  • Providing financial benefit
  • Improvement in supplier environmental performance

The overall average percent of very high to high value responses was 54% with only an average of 15% recording a perceived low or no value for all areas.  This suggests that participants have a generally positive opinion of the value of ISO 14001.

Value of ISO 14001

One  of the puzzling results of the survey was over 75% of respondents rated  ISO 14001 very high or high in its value  for environmental performance improvement but only about 25% believe that the standard provides a significant financial benefit.  Apparently survey respondents do not believe that investing in ISO 14001 as a way to reduce waste and resource use will provide an acceptable  return on investment.

Another surprising result is that almost 70% of respondents rated meeting stakeholder requirements as very high or high but only 27% believe that ISO 14001 has very high or high value when it comes to improving supplier environmental performance.  It’s difficult to tell from the data what survey respondents were thinking when they read “stakeholders”, but in my opinion there is a good chance they were thinking about their customers that require them to have an ISO 14001 EMS.  If 70% believe ISO 14001 improves performance and 60% implemented ISO 14001 to satisfy a customer requirement why are they not making the connection that the purpose of them being required to have an ISO 14001 is a result of their customers’ efforts to influence the environmental performance of their suppliers?

Thanks to Dr. Lisa Greenwood, Lecturer in Environmental Sustainability, Health and Safety at Rochester Institute of Technology for leading the evaluation of the survey. Here are links to documents evaluating the survey responses:

ISO 14001 Survey 2013 – Final Report and Analysis

ISO 14001 Survey 2013  – Summary Report

First ISO 45001 US Technical Advisory Group Meeting In DC

ECSI is currently attending day one of the 2-day ISO 45001 US Technical Advisory Group (TAG) meeting in Washington DC January 15-16, 2014.  We will be reviewing comments on the first working draft of the standard and then breaking into several working groups to revise specific sections of the standard.  One of the key issues  to be discussed will be how much additional discipline specific text should be added to the required High Level Structure (HSL) language.  As a voting member of the US TAG I intend to advocate for a less-is-more approach.  In other words, I believe that most of the discipline specific text (occupational health and safety in this case) should reside in the annex of the standard.

The HLS is designed to facilitate seamless integration of discipline specific management systems into an organizations overall business management system.  In the past ISO standards had significantly different structures which made integration of the standards difficult.  An example is ISO 14001 Environmental Management Systems (EMS) which has only 4 sections and ISO 9001 Quality Management Systems (QMS) which has 8 sections.   The difference in the way the standards were organized lead to considerable confusion among many standard users who wondered why the structure of an EMS needed to be so different than a QMS.

In response to those concerns ISO created the HSL to standardize the way it writes standards which is a really good idea for a standards writing body.  ISO requires that all new and revised standards follow the HLS with little deviation.  My experience with the ongoing revision of ISO 14001 has been that trying to incorporate significant additional discipline specific language into the standard is not always value added and can sometimes diminish the clarity and usability of the standard.  Because of the significant additional language in the ISO 14001 standard it seems overweight or bloated at 19 pages versus 9 pages for ISO 14001:2004.  As we hash over this important issue I hope that both the US TAG and the international project committee PC 283 recognize this potential pitfall and endeavor to limit the amount of additional discipline specific language in the new ISO 45001.


Should ISO 45001 Require Multi-Step Hierarchy of Control?

The first face-to-face meeting of the United States Technical Advisory Group (US TAG) will be taking place in Washington DC late next week, January 15-16, 2014.  The purpose of this meeting is to review the recently released first working draft (WD1) of the ISO 45001 Occupational Health and Safety Standard and attempt to find consensus among the members of the US TAG regarding the US position on important technical issues.  One of the important issues to be discussed is what  the ISO 45001 standard should include as requirements and what information should be presented in the Annex A as guidance.

The WD of ISO 45001 currently requires a hierarchy of control in clause 8.1.2 of the standard.  Most occupational health and safety (OH&S) professionals are familiar with this hierarchy of control, which prefers elimination of the hazard as the best choice for controlling an OH&S risk. The hierarchy of control requirement is a good example of what one might consider to be an “overreach” of the standard, in that it prescribes a specific risk control process that may be more appropriate as guidance in the Annex of the standard.  As currently drafted, the WD1 states the following:

When determining prevention and control measures, or considering changes to existing controls, consideration shall be given to reducing the risks according to the following hierarchy:

a) eliminate the hazard;

b) substitution with less hazardous materials, processes, operations or equipment;

c) use engineering controls;

d) signage/warnings;

e) administrative controls;

f) personal protective equipment.

These six steps are almost identical to those listed in the American National Standards Institute, ANSI Z10, clause 5.1.2.  The Occupational Health and Safety Assessment Series standard, OHSAS 18001, clause 4.3.1, has similar requirements, but only lists 5 steps; and  the USA OSHA’s required hierarchy of control lists only 4 steps.

With a quick search of the internet, many other examples of hierarchy of control sequences and steps can be found.  Some national regulatory agencies around the world have other required processes for determining appropriate controls.  Given this apparent lack of national and international consensus for the optimal number and sequence of control steps, is it appropriate for the new ISO 45001 OH&S standard to prescribe either a requirement to use a hierarchy of control process or to specify the number and sequence of the steps in the required process?

Based on our experience on the US TAG working on revision to ISO 14001, we believe that, when making additions to the ISO Annex SL High Level Structure (HLS) required text (see related post), adding less in the requirements sections helps to maintain the integrity of the HLS.  ECSI believes that the elegant simplicity of the HLS is diminished when significant amounts of discipline-specific text (OH&S in the case of ISO 45001) are added to the standard itself.  We believe that most of the additional discipline-specific text in the WD1, especially in clauses 6, 7 and 8, should be moved to the Annex A and treated as guidance.  By doing so, the ISO 45001 Project Committee (PC) will be able to avoid protracted discussions and negotiations over the content of the requirement section of the standard, which in turn will help the PC meet the tight deadlines (3 years) for publication of the standard.

Scope Change for ISO 45001 Set for Vote by ISO TBM

When the idea to create an ISO standard for Occupational Health and Safety Management Systems (OHSMS) was recently resurrected the scope of the project was limited to preparing requirements only.  Guidance on use of the new standard was excluded from the scoped of the project.

At its inaugural meeting in October 2013 ISO/PC 283 reviewed its scope and the PC agreed that it was essential to provide guidelines on the use of the OH&S requirements that it is mandated to develop.  The form of the guidelines is expected to be an annex to the requirements standard similar to what was done with ISO 14001.

This scope change needs to be 652px-Logo-ISO[1]approved by something called the ISO TBM (Technical Management Board).  A ballot is being circulated with the TBM to modify the title of ISO/PC 238 by eliminating the word “requirements”.  The voting period will close on December 28, 2013.  The TBM will also be voting on whether to change the scope of PC 283 to the following:

Development of a standard on occupational health and safety management systems “Requirements with guidance for use”.

Although this may seem like a subtle change the impact on the OH&S standard development will be large and will improve the value of the standard for users.  My guess is that the greatest area of impact in the guidance portion of the standard will be in the front end work to set up a conforming OHSMS.  Specifically the part of the standard the addressed hazard identification and risk assessment.

I am interested in this groups opinion of what other areas of the new standard will benefit from guidance such as, employee participation or value/supply chain management , and how explicit should that guidance be?  Please don’t be afraid to post a comment here  or at the linked In at the  ISO 45001 group with you opinion or comment.

OHSAS 18001 and ISO 45001 – ISO Health and Safety Management Systems

In late October 2013 ISO (International Organization for Standardization) decided to move forward with the development of an ISO standard that will replace OHSAS 18001 Occupational health and safety management systems – Requirements (British Standard Institute) within the next three years.  The ISO Occupational Health and Safety Management System Standard (OHSMS) is expected to be issued under the number ISO 45001.   The exact title is still up in the air but will be similar to something like Occupational health and safety management systems – Requirements with guidance for use.   The first Working Draft of the new OHSMS standard is expected to be circulated to the US Technical Advisory Group (U.S. TAG) members within the next few weeks. 

Important issues that will be discussed early in the standard development process are:

Defining the term “persons under the control of the organization”. 

There will be discussion about how much flexibility organizations will have when defining the scope of its OHSMS under the ISO 45001 requirements.  This issue will have a significant impact on organizations who have chosen to shift OH&S risks to onsite contractors’ through contracts that require the contractors to assume some or all responsibly for their employees health and safety and for compliance with all regulatory requirements.   The questions will likely boil down to will the standard allow a complicated scope statement that excludes substantial portions of the facility’s physical location thereby excluding many contractors from the scope of the OHSMS,  or will the standard discourage this type of scoping in favor of a more inclusive approach to the scope of the OHSMS. 

Questions about acceptable levels of risk shifting or sharing will need to be discussed  and answered.

Hazard Identification, Risk Assessment and Risk Control

This will be an important topic of discussion and deliberation with the U.S. TAG to reach consensus on what the standard will require of organizations to develop, implement and maintain a process for performing hazard identification and risk assessment.   There are many approaches to risk assessment and it will be interesting to see how detailed the requirements will be regarding this important area of an OHSMS.  Appendix F of ANSI Z10 will be a starting point for the U.S. TAG for developing the guidance on this important OHSMS topic.

The new structure required by ISO (Annex SL) places emphasis on the concept of risk management.   OHSAS 18001 emphasized this aspect of an OHSMS but you can expect more in the way of guidance in ISO 45001 describing appropriate methods for assessing OH&S risks.   The guidance will be in the annex of the ISO 45001 standard with examples of how to perform an OH&S risk assessment and there will likely be a figure that looks something like the figure below where risk is estimated based on multiplying the likelihood value by the consequence value to arrive at the risk score.

 risk score 112113





Time Frame for ISO 45001 Development

Here is the current schedule for required 3 year development of the standard that was provide to TAG members on November 15, 2013.

  • Dec 2013 –Working Draft 1 (WD1) circulated Working Group 1 (WG1)
  • Jan 2014 – Submit Comments on WD1
  • Jan 2014 – US TAG Face to Face Meeting (to develop US positions/concerns on WD1) – ECSI will attend this meeting.
  • March 2014 – PC Meeting – Development of Committee Draft 1 (CD1)
  • November 2014 – PC Meeting – Development of Draft International Standard (DIS)
  • November 2015 –PC Meeting – Development of Final Draft International Standard (FDIS)
  • October 2016 – Publish ISO 45001

ECSI is a voting member of the U.S. Technical Advisory Group to ISO 45001 and will be directly involved in developing the US position on the content of this important standard.  We will be publishing updates on the progress of ISO 45001 and are happy to discuss any ideas, issues or concerns you have with the development of this new standard or any other OH&S issues you would like to discuss.  Don’t be shy.  You can either post a comment / question here or contact us directly at 920-648-4134 or email us kalehner@envcompsys.com.


ISO 14001Revision and ISO Annex SL – Elegant Simplicity or Redundant Complexity?

Being part of the ISO14001 revision process is fascinating. The technical advisory group (TAG) here in the USA of which I am an active member met in New Orleans late last month and I participated in the ISO 1400:201x revision process. There are likely to be significant changes to the ISO 14001 as it is aligned with something called the High Level Structure (HLS). ISO has decided that all new and revised standards will be organized in accordance with the HLS and ISO 14001 is the first major standard to go through the revision process under the HLS mandate. The revision to the standard is expected to be issued in final form in early 2015.

Under the HLS, ISO 14001 will go from 4 sections to 10. Even with six additional sections there is simplicity to the HLS that I find appealing. The HLS elegantly walks an organization through the steps needed to implement and operate any type of management system whether it’s environmental, health and safety, quality or even food safety.

Some participants in the revision process believe that a major obstacle  is that the International Organizations for Standardization (IOS) has imposed strict limitations prohibiting deletion of any of the HLS text. Text can only add where needed to make the HLS work for environmental management. There are two schools of thought on how to make the HLS work for an EMS. So far the group has used an approach where the old ISO 14001:2004 is dismantled and each section is inserted into a section of the HLS where it seems to be appropriate. The core HSL is only about 9 pages long. The approach currently being used by the TAG, to add text to the HLS from ISO 14001, has resulted in a document that is over double the length (19 pages not including the Annex).

Another emerging “less is more” approach to the ISO 14001 revision leaves the HLS mostly as it is with only subtle changes. EMS specific issues are addressed largely in Annex A. The only requirement imposed by the IOS regarding the content of the Annex is as that:

“The additional text given in this Annex is strictly informative and is intended to prevent misinterpretation of the requirements contained in this International Standard. While this information addresses and is consistent with the requirements, it is not intended to add to, subtract from, or in any way modify these requirements”.

Using this “less is more” approach solves some of the current problems with proposed revisions to the standard. It will reduce the potential problem of increased complexity and redundancy. The US TAG will continue to meet over the next few weeks to determine what the TAG experts will present as recommendations at the next international meeting of the ISO 14001 Technical Committee June 24-28, 2013 in Gaborone, Botswana. If you are interested in learning more Annex SL is where you can find the core HLS text. Look in Appendix A of Annex SL.