Here is a webinar we lead for ASSP on Covid-19 recently. The webinar discusses how organizations can use occupational health and safety management system audits and the corrective action process to respond to Covid-19 challenges.
Here is a question that was recently posed on the ISO 45001 LinkedIn Group page and our response.
ISO 45001…Looking at requirement 7.4.1 (d) “The organisation shall ensure that the views of external interested parties are considered in establishing its communication process(es).” Anyone have any thoughts on how they will address this requirement, bearing in mind that OHSAS 18001 required, where appropriate external interested parties…are consulted?
Our Response –
I assume when you ask “how will they address this requirement” you are referring to certification bodies (CB’s) performing 3rd party independent audits of the OHSMS. I suspect that the answer to this question will be largely determined by how the CB calibrates their auditors for what the CB considers adequate objective evidence of conformity. My hope is that the CB’s will take a liberal view of what is acceptable here and let the auditee decide who is an external party and what views need to be considered.
I think that this section of ISO 45001:2018 is unnecessarily confusing and will likely be a source of debate between organizations and their CB auditors. The High-Level Structure text for his section was limited to the following:
The organization shall determine the internal and external communications relevant to the XXX management system, including:
— on what it will communicate;
— when to communicate;
— with whom to communicate;
— how to communicate
As a member of the US-Technical Advisory Group I observed that organized labor strongly supported adding additional language in this section and suspect that the intent is that organized labors “views” are considered when establishing the communication process.
So if organized labor is part of an organizations structure asking them to express their views on communication and documenting those views would be a good place to start. These views can then be discussed with the leadership during management review and “considered” when establishing the communication process. Producing these records during and audit should help show CB auditors that “the views of external interested parties are considered in establishing its communication process(es)”.
If organized labor is not a consideration, then it gets a bit tougher. I would start with of list of who the organizations think might conceivably be consider an external interested party. These might include:
- Regulatory agencies
- Business associations
- The community
- Local politicians
- Worker family member and relatives
I do not believe the standard compels an organization to proactively seek out the views of all external interested parties. This would be overly burdensome and of little value to the effectiveness of the OHSMS. However, after compiling its list the next question should be, have any of these external parties expressed views on how we communicate externally about our OHSMS? If the answer is no, then it would be appropriate to state to the auditor that no external parties have express views on our external communication process.
If views have been express by any of those on the list this should also be documented and discussed in management review (also documented) regarding the result of the consideration of these external views. Lastly, if the CB auditor digs in heals here and expects extensive evidence in this section you will always have the option to appeal a finding the CB’s Executive Committee of the CB for relief.
The development of ISO 45001 for Occupational Health and Safety Management Systems had a significant setback early this year. By a narrow margin the international committee voted to refer it for additional review and comment. ISO 45001 is being developed to replace OHSAS 18001:2007.
The effect of the no vote was discussed at the June 2016 international meeting held in Toronto. Also discussed in Toronto were the 3000 comments that had been made internationally on the draft standard. The development process is proceeding slowly because many of the participants are still learning how ISO management systems work. These include traditional OH&S professionals and those representing organized labor.
Traditional OH&S Professionals
Traditional OH&S professionals make up a large portion of the members of the US TAG and the international committee. Most of these members are new to management systems and do not understand how management systems work. OH&S professionals are quite familiar with “compliance” to OSHA laws. However, they sometimes struggle to understand that the purpose of a management system is to improve performance over time. As a result the proposed Standard has become prescriptive including:
- Requirements to use a Hierarchy of Controls when addressing OH&S hazards
- Requiring more documentation than necessary
- Inserting requirements that do not add value
Organized Labor s a participant in the development of ISO 45001 and represent over 1 million members nationally. One of the roles of organized labor has been to help workers negotiate contracts between labor and management on compensation, benefits and workplace safety. Labor has adopted the position that ISO 45001 should be a “workers’ rights” standard. Their approach to providing input to the ISO 45001 development process is like a contract negotiation.
This has created tension at both the national and the international levels. Labor views the rest of the TAG as representing “management”. When others on the TAG propose language that is not aligned with labors’ position, they voice strong opposition. More then once labor representatives have accused other TAG members of wanting to “kill workers”.
What’s Next for ISO 45001
A committee was formed in Toronto to create the second draft international standard ISO/DIS2 45001:201X which is expected to be issued in the late fall to early winter. We remain cautiously optimistic that both traditional OH&S and those representing labor will become more informed about the purpose of management systems and how they help organizations improve OH&S performance. This in turn will help them participate more effectively in the consensus process. If all goes well, a final international standard could be expected in mid-2017.
Section 8.1.2 of ISO/DIS 45001 requires that organizations “shall establish a process and determine controls for achieving reduction in OH&S risks using the following hierarchy:
- eliminate the hazard
- substitute with less hazardous materials, processes, operations or equipment
- Use engineering controls
- use administrative controls
- provide and ensure use of adequate personnel protective equipment
The US Technical Advisory Group at its recent meeting in Dallas, TX Feb 22-26, 2016 had lengthy and at time heated discussion about requiring the use of the HOC. The basic question is should the phrase “using the following hierarchy” be revised to soften it by saying “considering the following hierarchy”.
Many of the seasoned OH&S professionals in the group believe that the language should remain as “use” . They believe the HOC is well accepted in the industry and it is also required by law. Others on the US TAG with experience in drafting and auditing ISO standards like ISO 14001 think the use of the HOC should be optional. They maintain that it will be difficult during audits to prove that the HOC was used and that additional control is not possible or practical.
The standard also requires that the OH&S Policy “includes a commitment to control OH&S risks using the hierarchy of controls.
Give us your opinion and please take the survey.
We recently participated on the leadership team for the United States Technical Advisory Group (US TAG) for the Development of the new ISO 45001 standard for Occupational Health and Safety management systems.
The purpose of the week long meeting held at the ISN headquarters in Dallas, TX was to disposition over 800 comments on ISO/DIS 45001. The US TAG successfully dispositioned all of the major issues and many of the individual comments. Our role at this meeting was as co-chair of a subcommittee with Vic Toy for Clause 6 – Planning. Our section had 157 comments to review and decide how they would be addressed.
The meeting was attended by about 70 participants representing business, organized labor and government. Major issues addressed during the meeting included questions and comments like:
- Should organizations be required to use the hierarchy of controls when reducing risk?
- Does redundancy add clarity or confusion (frequent references to workers and worker representatives)?
- Should organizations be required to assess risk to the management system (other risks) or is this already addressed by the clauses of the standard?
- When must workers be asked for an opinion (consultation) and when must workers have authority to influence decisions made by management about risk control and other management system issues (participation)?
We have posted some articles about the following on our website blog if you are interested in learning more about these important issues.
- ISO 45001 – Hierarchy of Controls
- ISO 45001 – Other Risks and Other Opportunities
The public comment period in the USA is now open until April 1, 2016 so if you are in the USA and your organization would like to submit comments for consideration send me an email to firstname.lastname@example.org and I can help you get the comments to the right place. Also please feel free to call or email with any questions about ISO/DIS 45001.
The Committee Draft (CD) of ISO 45001:201x issued July 17, 2014 did not receive enough international support during voting which ended October 18th, 2014. This means that the Standard will be reissued as another CD2 and will not be moved to the next level of development as a Draft International Standard (DIS) at this time. The results of the vote were published in PC283 Ballot Report of 10-2014 which showed a 63% approval level, which is 12% shy of the requisite 75% approval for the standard to be moved to the next level. Of 47 votes cast, 11 were Yes votes to agree to circulation of the draft as a DIS. 18 votes were cast as “Yes with comments” and 17 members cast a no vote. There was one abstention.
The initial proposed date for publication of the final international standard outlined in ISO/PC 283/N68 issued October 24, 2013 was September 2016. This proposed release date was based on the assumption that the CD and DIS documents would be approved by 75% of the PC members on the first vote. The consequence of the failure of the CD to be moved to the DIS level is unclear at present but this turn of events is likely to delay the release of the final version of ISO 45001somewhat beyond September 2016. The International PC will be meeting the third week of January 2015 in Trinidad to work on preparation of the next draft of the Standard (CD2) which is expected to be released in February 2015.
Why Did The ISO 45001 DIS Vote Fail?
The reason for failure of the vote to move to the DIS level is simple to explain. The CD did not get the required 75% approval needed. Why there was not enough support is more complicated but in general not enough PC members believed the standard was mature enough to move to the next level of development. Enough members felt the standard needed more work at the CD level to prevent it from becoming a DIS.
As part of the voting process almost 2500 comments were submitted on the CD which is a good indication that many believe this new standard needs additional effort invested in it before it can be issued as a DIS. The US submitted 152 comments and the International Labor Organization (ILO) submitted 174. Along with its 119 comments Japan submitted a position paper (ISO/PC 283/N134) against ISO/CD 45001 that summed up in three comments, some of the most important issues that need resolution before this important standard can be moved to the next level of development . The following is a brief summary of these comments.
ILO Participation – “It is important to fully use the knowledge and experience of the ILO which has dealt with international labor issues”.
ISO and the ILO are having difficulty in reaching agreement on some important terms and concepts and if this tension cannot be resolved to the mutual satisfaction of both parties two conflicting standards may emerge. This situation will inevitably lead to confusion by users of these standards and diminish the value of ISO 45001and certification to this standard.
Use of the Term “Risk” Vs OH&S Risk
At present ISO 45001 uses the terms Risk and OH&S risk in several locations in the CD. The use of these terms is thought to be potential confusing to users and the recommendation is to only use the Term OH&S Risk in the context of ISO 45001.
Annex A Not Thoroughly Reviewed
Unlike The Technical Committee for ISO 14001 which is authorized to issue multiple standards and guidance documents for environmental management such as ISO 14004 and ISO 14064, PC 282 charter was limited to development of one document only, ISO 45001. At this time there are no plans to issue other guidance documents to supplement ISO 45001. As a result the only guidance or interpretive information that is likely to come from ISO on OH&S management system will be in an Annex to the standard (Annex A).
Therefore it is vitally important that the information in the Annex A be reviewed and approved by PC members before it is issued. The current state of Annex A is considered by some of the PC members as not having been reviewed thoroughly and the amount of text is too much and in need on condensation and streamlining.
The failure of PC 283 to move ISO 45001 to th DIS stage will likely result in some delay if the issuance of the final international standard by several months into early 2017. However, this delay will help insure that all interested parties have an opportunity to contribute to its development. In the end this will result in a better standard with wide international acceptance.
My draft was meant to be for the Annex only. It was not intended to be included, or as a supplement to, the normative part of the standard. I offered the draft of the Annex more to stimulate discussion than expecting it to be incorporated in its entirety. As I have said from the beginning. I believe that the HLS should remain largely intact without significant discipline specific additions. Most discipline specific language for clarification of intent should be introduced in the Annex.
I like the idea of working the development process of this and other standards like ISO 14001 from back to front. In other words, let’s work on the Annex (informative part of the standard) first, agree on what we want it to achieve and what the Annex should contain, and then decide what needs to be changed in the normative part of standard to meet the discipline specific outcome we want.
I also understand the desire to use much of Z10 to form the basis for ISO 45001. However, I believe that we can improve upon the ideas presented in Z10 as we develop 45001, especially appendix F and the example risk matrix it contains.
Regarding the question of how opportunities should be addressed in the standard, I believe it matters little where opportunities are addresses. It may be appropriate to address them in both 8 and 10 and maybe a little bit in 6. I do however believe that we need to have a better idea about what we mean by opportunities before we add discipline specific language to the HLS in any or all of those clauses.
I believe there are at least two types of opportunities that can be identified, those being opportunities to reduce risk, and those opportunities that can result in other value enhancement. Sometimes exploiting one type of opportunity comes at the expense of the other. Ice diving is a good example. Personally I think you need to be out of your mind to do it, but some folks find great pleasure in scuba diving below the ice and take every opportunity they can to enjoy it. One of the hazards of ice diving is getting lost under the ice and not being able to return to the hole before your air supply is exhausted. The bigger the hole, the easier it is to find when you want out of the water. But cutting a big hole through 3 foot thick ice is hard and there comes a point where the discomfort in cutting the hole out weights the fun the divers expect to have on their adventure. So the divers manage the likelihood of becoming trapped beneath the ice in other ways, like roping up and having folks at the surface holding the other end of the rope. Managing the risks and enjoyment of an ice dive becomes an optimization problem.
The ISO 45001 standard Annex (either 6, 8 or 10) should include information to help users understand the relationship between risks and opportunities and that there are different types of opportunities they can exploit. Once we have the right language in the annex, we can then think about what changes might be need in the standard itself to make the HLS work for the OH&S discipline. Again this is the back to front approach to standard development I prefer.
ECSI is currently attending day one of the 2-day ISO 45001 US Technical Advisory Group (TAG) meeting in Washington DC January 15-16, 2014. We will be reviewing comments on the first working draft of the standard and then breaking into several working groups to revise specific sections of the standard. One of the key issues to be discussed will be how much additional discipline specific text should be added to the required High Level Structure (HSL) language. As a voting member of the US TAG I intend to advocate for a less-is-more approach. In other words, I believe that most of the discipline specific text (occupational health and safety in this case) should reside in the annex of the standard.
The HLS is designed to facilitate seamless integration of discipline specific management systems into an organizations overall business management system. In the past ISO standards had significantly different structures which made integration of the standards difficult. An example is ISO 14001 Environmental Management Systems (EMS) which has only 4 sections and ISO 9001 Quality Management Systems (QMS) which has 8 sections. The difference in the way the standards were organized lead to considerable confusion among many standard users who wondered why the structure of an EMS needed to be so different than a QMS.
In response to those concerns ISO created the HSL to standardize the way it writes standards which is a really good idea for a standards writing body. ISO requires that all new and revised standards follow the HLS with little deviation. My experience with the ongoing revision of ISO 14001 has been that trying to incorporate significant additional discipline specific language into the standard is not always value added and can sometimes diminish the clarity and usability of the standard. Because of the significant additional language in the ISO 14001 standard it seems overweight or bloated at 19 pages versus 9 pages for ISO 14001:2004. As we hash over this important issue I hope that both the US TAG and the international project committee PC 283 recognize this potential pitfall and endeavor to limit the amount of additional discipline specific language in the new ISO 45001.
The first face-to-face meeting of the United States Technical Advisory Group (US TAG) will be taking place in Washington DC late next week, January 15-16, 2014. The purpose of this meeting is to review the recently released first working draft (WD1) of the ISO 45001 Occupational Health and Safety Standard and attempt to find consensus among the members of the US TAG regarding the US position on important technical issues. One of the important issues to be discussed is what the ISO 45001 standard should include as requirements and what information should be presented in the Annex A as guidance.
The WD of ISO 45001 currently requires a hierarchy of control in clause 8.1.2 of the standard. Most occupational health and safety (OH&S) professionals are familiar with this hierarchy of control, which prefers elimination of the hazard as the best choice for controlling an OH&S risk. The hierarchy of control requirement is a good example of what one might consider to be an “overreach” of the standard, in that it prescribes a specific risk control process that may be more appropriate as guidance in the Annex of the standard. As currently drafted, the WD1 states the following:
When determining prevention and control measures, or considering changes to existing controls, consideration shall be given to reducing the risks according to the following hierarchy:
a) eliminate the hazard;
b) substitution with less hazardous materials, processes, operations or equipment;
c) use engineering controls;
e) administrative controls;
f) personal protective equipment.
These six steps are almost identical to those listed in the American National Standards Institute, ANSI Z10, clause 5.1.2. The Occupational Health and Safety Assessment Series standard, OHSAS 18001, clause 4.3.1, has similar requirements, but only lists 5 steps; and the USA OSHA’s required hierarchy of control lists only 4 steps.
With a quick search of the internet, many other examples of hierarchy of control sequences and steps can be found. Some national regulatory agencies around the world have other required processes for determining appropriate controls. Given this apparent lack of national and international consensus for the optimal number and sequence of control steps, is it appropriate for the new ISO 45001 OH&S standard to prescribe either a requirement to use a hierarchy of control process or to specify the number and sequence of the steps in the required process?
Based on our experience on the US TAG working on revision to ISO 14001, we believe that, when making additions to the ISO Annex SL High Level Structure (HLS) required text (see related post), adding less in the requirements sections helps to maintain the integrity of the HLS. ECSI believes that the elegant simplicity of the HLS is diminished when significant amounts of discipline-specific text (OH&S in the case of ISO 45001) are added to the standard itself. We believe that most of the additional discipline-specific text in the WD1, especially in clauses 6, 7 and 8, should be moved to the Annex A and treated as guidance. By doing so, the ISO 45001 Project Committee (PC) will be able to avoid protracted discussions and negotiations over the content of the requirement section of the standard, which in turn will help the PC meet the tight deadlines (3 years) for publication of the standard.
When the idea to create an ISO standard for Occupational Health and Safety Management Systems (OHSMS) was recently resurrected the scope of the project was limited to preparing requirements only. Guidance on use of the new standard was excluded from the scoped of the project.
At its inaugural meeting in October 2013 ISO/PC 283 reviewed its scope and the PC agreed that it was essential to provide guidelines on the use of the OH&S requirements that it is mandated to develop. The form of the guidelines is expected to be an annex to the requirements standard similar to what was done with ISO 14001.
This scope change needs to be approved by something called the ISO TBM (Technical Management Board). A ballot is being circulated with the TBM to modify the title of ISO/PC 238 by eliminating the word “requirements”. The voting period will close on December 28, 2013. The TBM will also be voting on whether to change the scope of PC 283 to the following:
Development of a standard on occupational health and safety management systems “Requirements with guidance for use”.
Although this may seem like a subtle change the impact on the OH&S standard development will be large and will improve the value of the standard for users. My guess is that the greatest area of impact in the guidance portion of the standard will be in the front end work to set up a conforming OHSMS. Specifically the part of the standard the addressed hazard identification and risk assessment.
I am interested in this groups opinion of what other areas of the new standard will benefit from guidance such as, employee participation or value/supply chain management , and how explicit should that guidance be? Please don’t be afraid to post a comment here or at the linked In at the ISO 45001 group with you opinion or comment.