The purpose of this brief webinar is to discuss the advantages of using internal audits and corrective actions to check that an organizations Covid-19 program is effective. The webinar explores how organizations can use ISO 45001 management system tools to respond to new challenges from the Covid -19 pandemic.
As the economy reopens organizations are being required to establish new programs and controls to minimize the spread of the virus among employees. Internal audits combined with corrective action programs help organizations establish and operate effective Covid-19 programs rapidly.
The webinar covers the following topics:
Identifying Covid-19 compliance obligations
Risk assessment methods for determining which Covid-19 Risk to addressed
Establish operational controls for Covid-19 risks to employees
When and how often to audit the Covid-19 program
How to safely conduct Covid-19 audits
How to effectively address Covid-19 internal audit findings through corrective action.
Report the results of Covid-19 audits and corrective action to leadership
Kevin Lehner is a member of the US Technical Advisory Group (US-TAG) to ISO 45001: He is an expert and represents the US-TAG at international meetings. He recently traveled to Kigali, Rwanda to attend the 9th international meeting of TC 283 (interview with Martin Cottam in Kigali). Kevin is a certified lead auditor conducting ISO 45001 audits for clients including accredited ISO 45001 certification bodies.
The WDNR Green Tier program requires participants to conduct periodic “outside” EMS audits to check that the system is functionally equivalent to ISO 14001:2015. By law, the minimum frequency of these audits is once every three years for Tier 1 participants and annually for Tier 2 participants.
Many organizations choose to perform WDNR Green Tier audits more frequently than prescribed by the Green Tier law. Longer than a year between audits result in increased risk to the organization. Postponing an annual physical from your doctor increases the risk that a medical condition will becoming a bigger medical issue.
WDNR Green Tier audits also provide important information to leadership. Reviewing Green Tier audit findings during management reviews allows leadership to evaluate how the EMS is functioning and if it is achieving the intended results. Leadership may miss important information when it reviews the results of audits only every three years.
Organizations that invest in their WDNR Green Tier audit program have better performing EMS’s and get a better return on their EMS investment. ISO 19011:2018, Guidelines for auditing management systems provides guidance for organizations wishing to improve their EMS audits. This guidance includes:
WDNR Green Tier EMS audits evaluate audit criteria against audit evidence. Performing WDNR Green Tier audits ensures that “what should be is” and “what should not be is not”. Examples of audit criteria are requirements of Green Tier functional equivalence, compliance obligations such as permit requirements or requirements such as WDNR universal waste and hazardous waste regulations. They can also be internal requirements the organization has set for itself.
A robust EMS audit process and procedures coupled with effective corrective action process to address audit findings is critical to the effectiveness of am EMS. If the audit process or the corrective action process is weak the EMS may not be able to achieve the intended results of the EMS.
WDNR Green Tier Audit Corrective Actions
Green Tier audits are fundamental to superior environmental performance, but audits alone do not make changes that improve performance. Audits simply identify conformance and nonconformance to the requirements of Green Tier and the organizations internal requirement for the EMS.
Audits can be good news or bad news. If an organization is performing audits and find nothing but “good news” that is not especially noteworthy to leadership. Things are going along well, according to plan, and there is no identified need for action. When audits find nonconformances or bad news, this is good news to leadership because the audit has identified things that need to be fixed.
If organizations are either not performing effective audits or no audits at all this is bad news for leadership. Leadership has no way of knowing if the EMS is performing as planned. “No news” is bad news.
Audit nonconformance findings are good news and a source of EMS performance improvement. Audit nonconformances are not evidence of failure or reason to find fault. Doing so will create fear of the audit process within the organizations and increase the difficulty in gaining employees trust and cooperation with the audit process.
To benefit from the results of audits organizations also need to fix the nonconformance problems the audits discover. Performing audits and then being unable to correct the problems discovered is often a bigger problem than not performing audits at all. An example is an audit of regulatory compliance status that discovers a potential noncompliance. Uncorrected findings later discovered in a regulatory agency compliance audit could result in enhanced “knowing and willful” criminal penalties. Finding a potential noncompliance problem and not fixing it is worse than not finding it in the first place. To reduce risk, organizations need to take corrective action on audit findings in a timely fashion.
Some organizations struggle to get traction on their corrective action process for two primary reason.
A clear process or workflow for performing corrective action has not been defined and or communicated by the organization.
The organization has not established a systematic way to keep track of and report on if and how the nonconformance are being addressed.
WDNR Green Tier Audit Corrective Action Workflows
Corrective action workflows for audit nonconformance should be a team effort. Teams should follow several sequential steps collaboratively and reach consensus on each stage in the workflow. The last stage of the workflow is verification of effectiveness of the corrective action.
This team approach is similar to the collaborative product design process used by industries to develop products. The design process has desecrate points in the process called gates. Design teams agree that each step was completed before the design process can progress through the gate to the next stage
The purpose of this design review workflow is to ensure the design process is proceeding in a systematic fashion and to minimize the potential for design flaws that will become apparent in the production or use stage of product or service.
Figure 1 is an example of a corrective action workflow with approval gates and stages.
Gates separate some of the stages in the corrective action workflow. The number of approval-gates in the corrective action process can vary depending on the organizations’ needs. Stages in the corrective action workflow can include:
Stage 1 – New (Contain and Assign)
Recognition of the problem is the first step in the corrective action workflow. Recognition can occur as the result of an audit or incident. How the workflow proceeds after recognition depends on the gravity of the problem or incident encountered. The team leader or gate keeper needs to quickly decide what type of problem it is such as:
Easy to Fix – We understand the problem cause and we can just fix it because it is unlikely to recur
Not so easy to fix – We do not fully understand the problem but believe that the cause and solution can be discovered without commitment of substantial resources at this stage.
Difficult to fix – This type of problem needs significant resource (horsepower) to address it with skill.
The preliminary evaluation will determine the size and competencies of the team needed to address the problem.
The team should consider Immediate steps to contain the problem (stop the bleeding) and what that containment should be. Placing lables and dates on the universal waste containers corrects the audit finding.The person assigned to the corrective action task should not delay implementation.
Stage 2 – Investigate (Cause and Corrective Action)
Putting a band aid on the problem with a short-term correction alone will not address the underlying problem cause and the nonconformance is likely to recur. Determining the cause of a problem is necessary to find a solution that fixes the problem and prevents recurrence. The team should investigate why the problem happened in the first place.
Root cause analysis is a huge topic and there are many approaches to doing a cause analysis, but sometimes asking “why did that happen?” several times can help identify the underlying cause of the problem (5 why analysis). Other problems can be more complex and require more horsepower than a 5 why analysis can deliver. These types of problems may need more sophisticated cause analysis techniques such as Six Sigma (DMAIC), 8 Disciplines (8D) or others.
The root cause of the problem helps the team discover an effective corrective action that will prevent the problem from recurring. The team should reach consensus that the proposed corrective action is appropriate to the cause before the corrective action is implemented. This will improve the likelihood that the corrective action will fix the problem in a way that it will not happen again..
Corrective action solutions that are based on one individual’s perception of the root cause and how to fix that problem often oversimplify both the cause and the solution. The tendency is for individuals to hurry the process and close the nonconformance as quickly as possible. This leads to weak root cause analysis which in turn compromises the selection of an appropriate corrective action.
If the corrective action process is not monitored in a team setting the assignee is more likely to close out the issue (get it off their desk) as soon as possible. A team approach to the corrective action process that use approval-gates can help avoid this consequence. Approval-gates encourage robust cause analysis.
The following is an example of poor cause analysis and proposed corrective action for the audit finding that universal waste containers were not properly labeled and dated.
Proposed Cause – “The employee had not been trained in how to properly package and label the universal waste”.
Proposed Corrective Action: Train the employee in how to properly package and label universal waste.
This cause analysis simply repeats the finding. It does not describe why the problem happened in the first place and the proposed corrective action is more of a correction than a corrective action. Implementing this action will not ensure that the same problem does not happen again.
Root Cause Analysis
Figure 2 shows the results of a more appropriate cause analysis of the universal waste packaging and labeling nonconformance.
Once the root cause is identified an appropriate corrective action can be proposed that will prevent it from happening again.
Often there are several options for corrective actions that fix the problem in a way that it does not recur. Some might have potential to be extremely effective but are costly to implement. An example might be to outsource the universal waste management to a contractor that comes to the site daily to check that the universal waste is being management correctly. This is highly effective and can transfer some of the risk of universal waste management, but it is expensive to implement. Before the corrective action is approved the team needs to decide if the proposed corrective action is appropriate for the cause.
An appropriate corrective action decided by the team for this problem and cause might be something like:
Leadership will direct the HR department to develop a training matrix that shows competence required for all jobs including temporary fill in positions.
The HR department will develop a process(es) that require(s) employees to demonstrate competence to do a job before the employee can be assigned to that job including temporary fill-in positions.
The team should reach consensus that the proposed corrective action is appropriate for the root cause before it is implemented. Once approved the actions should be implemented without delay.
The team implements the corrective action after it is approved by the team and its leadership. One individual can implement a simple corrective action quickly. Complex problem solutions may require development of a project plan that assigns team members tasks. Task assignee’s need to accomplished these task by established dates. The team monitors progress on the tasks and periodically reports to the team leaders.
Stage 4 – Verification of Effectiveness
Verification confirms that the agreed upon corrective action was implemented as planned. It also confirms that the corrective action implemented was effective and fixed the problem in a way that it will not happen again.
Corrective action verification is usually performed by internal or external auditors during regularly scheduled or other audits. Others in the organization or on the team can perform the verification but it is important that the verifier be independent to the implementation process or the area where the verification is occurring.
Stage 5 – Closed
Team can close the corrective action after it has been verified. The team may need to invest additional effort if the verification finds that the corrective action implemented did not fix the problem. The team may need to re-investigate the cause and to re-propose and implement another corrective action.
Communicating and Tracking Corrective Action Status
A significant stumbling block that organizations sometime encounter when addressing nonconformances is the absence of a method to communicate and track the status of completion of the corrective action. Information about corrective action status has traditionally been paper based or electronic. These systems assign a corrective action task to someone to investigate and complete.
The team leader passes the physical or electronic copy of the corrective form to team member responsible for investigating the cause and proposing a corrective action. Then the paper or electronic copy is passed to other team members to add information or it is returned to the team leader for review and approval.
Assignee’s can misplace paper or electronic copies of corrective actions. Paper-based tracking systems require large three ring binders to store the completed corrective action forms and associated supporting documentation such as pictures or other evidence of completion of the corrective action. Electronic documents are often individually stored in folders located on the organizations servers or in the cloud.
With paper-based systems, communicating the overall status of corrective actions to leadership requires a labor-intensive process of thumbing through the three ring binders and manually recording the status of the corrective actions. Individual documents stored on servers or in the cloud have similar problems. Sorting through individual folders and files takes time to to find important information about the corrective action program. Use of electronic spreadsheets can help here but create other problems that limit the effectiveness of this solution
Corrective Action Tracking Database Apps
Industry 4.0 revolution will soon fundamentally and significantly change almost all business. This revolution is helping organizations store data optimize equipment and operations using the cloud environment. Organizations will be able to access enormous amounts of information with a click. Affordable cloud-based applications that track corrective action progress progress of are now becoming available to all types of businesses. Some of these application are easy to use and allow quick access to trends that inform management decisions.
The heart of these cloud based applications are databases that organize and store information. They help communicate the status of corrective actions to team members and leadership. These applications make it easy to monitor the approval-gate process and communicate with team members via automated emailing functions when the status of a corrective action changes or is approaching a due date. Correcttrack.com is a cloud based application that helps organizations keep track of Green Tier audit findings and improve the effectiveness of the corrective action process.
WDNR requires Green Tier participants to periodically audit their Green Tier EMS. Audits confirm the organization has established and is operating a “Functionally Equivalent” EMS that results in superior environmental performance. They are the critical “checking” part of an effective functionally equivalent EMS. If performed with skill the audit results can provide important information that the organizations leaders need to determine if the EMS is achieving its intended results.
Ensuring the results of audits are addressed in a timely fashion is critical to an effective EMS. This is especially true for nonconformance and noncompliance audit findings because findings that go unaddressed or with poor corrective actions increase the risk to organizations than if audits had not been done at all.
The ISO 45001 Technical Committee TC 283 is meeting in Kigali, Rwanda the week of October 6-12, 2019. The meeting will start with a plenary of all attendees to update national members on TC 283 developments. Task Groups (TG) and Work Groups (WG) will meet independently to work out the contents of several new work items that in are in progress including:
TG1 – Communications
TG3 – Revision of the High Level Structure
(Annex L Appendix 2 & 3)
WG2 – Psychological Health and
Safety at the Workplace
WG3 – Implementation Handbook
The TG3 discussions on revision of the ISO High
Level Structure will focus on issues that have been encountered by users of ISO
45001 with respect to:
The definition of risk as it applies
to an OHSMS
The relationship between risk and
opportunity and the traditional OH&S discipline specific terminology ‘Hazards
Outsourced processes and how these
to the OH&s discipline.
Comments are welcome here on opinions of
changes to the HLS that will benefit the discipline specific ISO 45001.
Note. I want to be clear upfront that my intention is not to discredit the contribution organized labor made to the development of ISO 45001:2018. The point I make here is that they had a significant impact on the requirements in certain sections of ISO 45001:2018. This fact may help inform users about the intent of the requirements for purposes of implementation and conformity assessment.
Clause 5.4 of ISO 45001:2018 discusses requirements for consultation and participation of workers and is the result of an interest groups desire to ensure their constituents were give certain rights to have influence over the organizations OHSMS. Organized labor got a symbolic win here for their constituents but does this additional language add value to the standard or simply create unnecessary complexity and confusion for users of the standard?
As an auditor my approach would be to check if the workers themselves believe that their opinions about the OHSMS have been considered in its development and implementation. The best way to do this is to ask them directly. Here is a line of questioning I would use to get objective evidence of conformity to the participation and consultation requirements in 5,4 of ISO 45001:2018.
My first question would be something like “Have you heard about the OHSMS here?”. The answer to this question helps me get a sense of the organizations general awareness of the existence of an OHSMS. You might have to rephrase the question to get them to understand what you are asking.
The next questions would be something like… Can you tell me about what you do as your job here and what you do to keep yourself safe from injury or ill health? A good answer would be something like… My job is to load railcars. I need to stand on top of the railcar and inspect it after it is loaded. I need to wear this fall protection harness when I am on the railcar in case I accidently fell off. The harness would break my fall and prevent or reduce my chances of injury.
The next question would go directly to participation and consultation and would be something like this. Did you participate in any of the planning part of the OHSMS giving leadership your opinion of your comfort level with safely performing you job. Another good answer would be something like…Yes, our entire crew participated in a hazard identification and risk assessment meeting where we went over all the job tasks and risks. We were asked if we felt safe doing these tasks given the safety procedures and equipment that was in place. One of the areas we raised as potentially unsafe was the absence of fall protection. Based on that, our leadership has provided us with these ladders, harnesses and showed us how to use them. I feel much safer now with this enhanced risk control.
Based on the results of this interview I would have good objective evidence that the intent of 5.4 had been achieved. If most other worker interviewed had a similar tale to tell I would feel comfortable in concluding that the organizations had meet the requirements of clause 5.4 of the standard.
Of course, this line if questioning could have gone in many other directions and the answers given may not have supported a finding of conformity to varying degrees. Auditors are certified and calibrated to make decisions during audits while considering all the evidence presented much like a judge does in a legal case. Auditors who focus on too much detail like expecting the auditee to produce evidence of each of the 21 individual requirements of 5.4 are missing the point and need to step back and look at the bigger picture.
Here is a question that was recently posed on the ISO 45001 LinkedIn Group page and our response.
ISO 45001…Looking at requirement 7.4.1 (d) “The organisation shall ensure that the views of external interested parties are considered in establishing its communication process(es).” Anyone have any thoughts on how they will address this requirement, bearing in mind that OHSAS 18001 required, where appropriate external interested parties…are consulted?
Our Response –
I assume when you ask “how will they address this requirement” you are referring to certification bodies (CB’s) performing 3rd party independent audits of the OHSMS. I suspect that the answer to this question will be largely determined by how the CB calibrates their auditors for what the CB considers adequate objective evidence of conformity. My hope is that the CB’s will take a liberal view of what is acceptable here and let the auditee decide who is an external party and what views need to be considered.
I think that this section of ISO 45001:2018 is unnecessarily confusing and will likely be a source of debate between organizations and their CB auditors. The High-Level Structure text for his section was limited to the following:
The organization shall determine the internal and external communications relevant to the XXX management system, including:
— on what it will communicate;
— when to communicate;
— with whom to communicate;
— how to communicate
As a member of the US-Technical Advisory Group I observed that organized labor strongly supported adding additional language in this section and suspect that the intent is that organized labors “views” are considered when establishing the communication process.
So if organized labor is part of an organizations structure asking them to express their views on communication and documenting those views would be a good place to start. These views can then be discussed with the leadership during management review and “considered” when establishing the communication process. Producing these records during and audit should help show CB auditors that “the views of external interested parties are considered in establishing its communication process(es)”.
If organized labor is not a consideration, then it gets a bit tougher. I would start with of list of who the organizations think might conceivably be consider an external interested party. These might include:
Worker family member and relatives
I do not believe the standard compels an organization to proactively seek out the views of all external interested parties. This would be overly burdensome and of little value to the effectiveness of the OHSMS. However, after compiling its list the next question should be, have any of these external parties expressed views on how we communicate externally about our OHSMS? If the answer is no, then it would be appropriate to state to the auditor that no external parties have express views on our external communication process.
If views have been express by any of those on the list this should also be documented and discussed in management review (also documented) regarding the result of the consideration of these external views. Lastly, if the CB auditor digs in heals here and expects extensive evidence in this section you will always have the option to appeal a finding the CB’s Executive Committee of the CB for relief.
The ISO 14002 Ad Hoc Group completed its work on Wednesday, August 31 and I presented the output of the group work at the Committee Plenary with all participating countries on Friday September 2. The purpose of the presentation was to help all participants understand what ISO 14002 is about. The title of the standard is:
ISO/TC 207/SC1 Ad Hoc Group: ISO 14002:200x – Guidelines for application of ISO 14001:2015 framework to environmental aspects and environmental conditions by topic areas.
The presentation was well received and the committee will now internationally ballot the ISO 14002 New Work Item Proposal (NWIP) in October of this year. If the ballot is successful the development of these new guidelines will likely begin in early 2017 and will be discussed at the next ISO 14001 international meeting June 2017 in Halifax, NS.
The development of ISO 45001 for Occupational Health and Safety Management Systems had a significant setback early this year. By a narrow margin the international committee voted to refer it for additional review and comment. ISO 45001 is being developed to replace OHSAS 18001:2007.
The effect of the no vote was discussed at the June 2016 international meeting held in Toronto. Also discussed in Toronto were the 3000 comments that had been made internationally on the draft standard. The development process is proceeding slowly because many of the participants are still learning how ISO management systems work. These include traditional OH&S professionals and those representing organized labor.
Traditional OH&S Professionals
Traditional OH&S professionals make up a large portion of the members of the US TAG and the international committee. Most of these members are new to management systems and do not understand how management systems work. OH&S professionals are quite familiar with “compliance” to OSHA laws. However, they sometimes struggle to understand that the purpose of a management system is to improve performance over time. As a result the proposed Standard has become prescriptive including:
Requirements to use a Hierarchy of Controls when addressing OH&S hazards
Requiring more documentation than necessary
Inserting requirements that do not add value
Organized Labor s a participant in the development of ISO 45001 and represent over 1 million members nationally. One of the roles of organized labor has been to help workers negotiate contracts between labor and management on compensation, benefits and workplace safety. Labor has adopted the position that ISO 45001 should be a “workers’ rights” standard. Their approach to providing input to the ISO 45001 development process is like a contract negotiation.
This has created tension at both the national and the international levels. Labor views the rest of the TAG as representing “management”. When others on the TAG propose language that is not aligned with labors’ position, they voice strong opposition. More then once labor representatives have accused other TAG members of wanting to “kill workers”.
What’s Next for ISO 45001
A committee was formed in Toronto to create the second draft international standard ISO/DIS2 45001:201X which is expected to be issued in the late fall to early winter. We remain cautiously optimistic that both traditional OH&S and those representing labor will become more informed about the purpose of management systems and how they help organizations improve OH&S performance. This in turn will help them participate more effectively in the consensus process. If all goes well, a final international standard could be expected in mid-2017.
The term” life cycle” is not new to most, but the use of the term “Life Cycle Perspective” (LCP) in ISO 14001:2015 (2015) is one of the bigger changes in the most recent revision. Organizations transitioning to the revision must think carefully about how to use a life cycle perspective when planning the transition to the 2015 revision. 2015 requires the use of a life cycle perspective when it states:
6.1.2 Environmental aspects
Within the defined scope of the environmental management system, the organization shall determine the environmental aspects of its activities, products and services that it can control and those that it can influence, and their associated environmental impacts, considering a life cycle perspective.
The previous version of 14001 (2004) only mentioned the term life cycle once in the Annex:
The identification of environmental aspects does not require a detailed life-cycle assessment. Information already developed for regulatory or other purposes may be used in this process
In 2015, the term life cycle appears 18 times, 7 of which are associated with the concept of perspective. 2015 does not explicitly define LCP stopping short and providing only a definition of term “life cycle”:
3.3.3 life cycle
consecutive and interlinked stages of a product (or service) system, from raw material acquisition or generation from natural resources to final disposal
Note 1 to entry: The life cycle stages include acquisition of raw materials, design, production, transportation/delivery, use, end-of-life treatment and final disposal.
[SOURCE: ISO 14044:2006, 3.1, modified ? The words “(or service)” have been added to the definition and Note 1 to entry has been added.]
So the major questions are:
How should organizations use a life cycle perspective when planning its EMS?
What sort of evidence will auditors expect to see to confirm a life cycle perspective was used in planning an EMS?
Using a life cycle perspective when planning an EMS.
The introduction of 2015 provides some insight into what the standard means by Life Cycle Perspective when it states:
A systematic approach to environmental management can provide top management with information to build success over the long term and create options for contributing to sustainable development by controlling or influencing the way the organization’s products and services are designed, manufactured, distributed, consumed and disposed by using a life cycle perspective that can prevent environmental impacts from being unintentionally shifted elsewhere within the life cycle.
This statement suggests the purpose of using a life cycle perspective is to prevent the unintentional transfer of environmental impacts. In order to do this, organizations need to expand their view of the impacts derived from their product and services beyond the property fence line. Organizations need to look up their supply chain to understand the environmental impacts caused by their suppliers and those supplying their suppliers. In doing so, the organization may be able to identify environmental impacts of which they had been previously unaware. Armed with this new information the organization can then consider what, if any, control or influence they have over these supply chain environmental impacts.
Similarly, organizations will need to look down supply chains to identify environmental impacts that derive from the use of their products or services by their customers and end users. Also, they need to evaluate their ability to control or influence these impacts..
Once these up chain and down chain impacts have been identified, 2015 expects that organizations endeavor to address the environmental aspects that are causing these impacts where practical. How the organizations choose to address these life cycle aspects depends on several factors including:
the level of risk the aspect presents to the organizations
the level of risk the aspect presents to the environment
the degree of influence or control the organization has over the aspect
The amount of control or influence organizations have over life cycle aspects depends on:
how far up or down the supply chain is the aspect
how a design change will affect the performance or cost of the product
Who controls the design of the product or service
Organizations should also use a life cycle perspective when they are reviewing the potential environmental impacts and aspects from outsourced processes that are performed by other organizations on its behalf.
Evidence of a Life Cycle Perspective During Audits
Proving to an auditor that a life cycle perspective was used to identify the environmental aspects may be more difficult than actually using a life cycle perspective. Based on early experience with 2015 certifications it is apparent that the certification community has not yet reached consensus on what and how much evidence is required to show conformance with the life cycle perspective requirements. At minimum we recommend some discussion of how a Life Cycle Perspective was used perhaps in the high level documentation like an EMS Manual or in the documented procedure how the organizations addressed the requirements of Clause 6 Planning.
A graphic such as the one here describing the various life cycle stages may also be helpful in satisfying auditors need for evidence.
Unfortunately, and in the short term there is likely to be much variation between certification bodies and individual auditors regarding what is acceptable evidence of conformance the LCP requirements. We encourage organizations to have a discussion up front with the auditors before the Stage 1 or transition audit about what the Certification Body (CB) and auditor will be looking for when collecting evidence that a LCP has been used in the EMS.
ISO/DIS 45001 is the new ISO Standard for Occupational Health and Safety Management Systems. The public comment period for the draft international standard is open until April 2, 2016. One of the important issues debated at the recent meeting of the US TAG in Dallas. TX, Feb 22-25, 2016 was a requirement unique to ISO 45001 that organizations are required to assess “other risks” to the OHSMS. Neither ISO 9001:2015,14001:2015 or OHSAS 18001 have such a requirement. Here is what is required:
22.214.171.124 Assessment of OH&S risks and other risks to the OH& S management system
The organization shall establish, implement and maintain a process(es) to:
b) identify and assess the risks related to the establishment, implementation, operation and maintenance of the OH&S management system that can occur from the issues identified in 4.1 and the needs and expectations identified in 4.2.
To better understand what is expected one needs to go to the Annex of the standard where there is a list of examples in A.126.96.36.199 of what needs to be considered as follows:
“The organization should also give consideration to those risks which are not directly related to the health and safety of people and address factors affecting the OH&S management system, its performance and intended outcomes. These risks should be assessed using an appropriate method”.
Potential sources of risk to the OH&S management system can include:
inadequate consideration of OH&S management system requirements, change management and other health and safety issues in strategic planning and other business processes;
the absence of resources for the OH&S management system, whether financial, human or other;
an ineffective audit program;
poor succession planning for key OH&S management system roles;
poor top management engagement in the OH&S management system activities;
failure to address the needs and expectations of relevant interested parties;
poor OH&S performance leading to reputational risks.
The standard also requires organizations to identify “Other Opportunities” in clause 188.8.131.52(b) when it says:
“The organization shall establish, implement and maintain processes to identify:
b) opportunities for improving the OH&S management system”.
Again the annex provides a bit more guidance regarding “other opportunities” in A 184.108.40.206. Here is what it says:
Opportunities to improve the OH&S management system can include:
improving the visibility of top management’s support for the OH&S management system;
enhancing incident investigation processes;
improving the processes for worker participation;
benchmarking, including consideration of both the organization’s own past performance and that of other organizations;
collaborating in forums which focus on topics dealing with health and safety.
Some of the US TAG experts argue that without a requirement to address these other OH&S Risks and Other OH&S Opportunities the management system will be ineffective and will not lead to OH&S performance improvement. Others on the US TAG maintain that by implementing and operating an ISO 45001 OHSMS the organizations will address these potential risks and requiring an additional step to look at these other risks is redundant and confusing to potential users.
What do you think? Leave a comment here and… if you like… take the survey and express your opinion.
Section 8.1.2 of ISO/DIS 45001 requires that organizations “shall establish a process and determine controls for achieving reduction in OH&S risks using the following hierarchy:
eliminate the hazard
substitute with less hazardous materials, processes, operations or equipment
Use engineering controls
use administrative controls
provide and ensure use of adequate personnel protective equipment
The US Technical Advisory Group at its recent meeting in Dallas, TX Feb 22-26, 2016 had lengthy and at time heated discussion about requiring the use of the HOC. The basic question is should the phrase “using the following hierarchy” be revised to soften it by saying “considering the following hierarchy”.
Many of the seasoned OH&S professionals in the group believe that the language should remain as “use” . They believe the HOC is well accepted in the industry and it is also required by law. Others on the US TAG with experience in drafting and auditing ISO standards like ISO 14001 think the use of the HOC should be optional. They maintain that it will be difficult during audits to prove that the HOC was used and that additional control is not possible or practical.
The standard also requires that the OH&S Policy “includes a commitment to control OH&S risks using the hierarchy of controls.