OHSAS 18001 and ISO 45001 – ISO Health and Safety Management Systems

In late October 2013 ISO (International Organization for Standardization) decided to move forward with the development of an ISO standard that will replace OHSAS 18001 Occupational health and safety management systems – Requirements (British Standard Institute) within the next three years.  The ISO Occupational Health and Safety Management System Standard (OHSMS) is expected to be issued under the number ISO 45001.   The exact title is still up in the air but will be similar to something like Occupational health and safety management systems – Requirements with guidance for use.   The first Working Draft of the new OHSMS standard is expected to be circulated to the US Technical Advisory Group (U.S. TAG) members within the next few weeks. 

Important issues that will be discussed early in the standard development process are:

Defining the term “persons under the control of the organization”. 

There will be discussion about how much flexibility organizations will have when defining the scope of its OHSMS under the ISO 45001 requirements.  This issue will have a significant impact on organizations who have chosen to shift OH&S risks to onsite contractors’ through contracts that require the contractors to assume some or all responsibly for their employees health and safety and for compliance with all regulatory requirements.   The questions will likely boil down to will the standard allow a complicated scope statement that excludes substantial portions of the facility’s physical location thereby excluding many contractors from the scope of the OHSMS,  or will the standard discourage this type of scoping in favor of a more inclusive approach to the scope of the OHSMS. 

Questions about acceptable levels of risk shifting or sharing will need to be discussed  and answered.

Hazard Identification, Risk Assessment and Risk Control

This will be an important topic of discussion and deliberation with the U.S. TAG to reach consensus on what the standard will require of organizations to develop, implement and maintain a process for performing hazard identification and risk assessment.   There are many approaches to risk assessment and it will be interesting to see how detailed the requirements will be regarding this important area of an OHSMS.  Appendix F of ANSI Z10 will be a starting point for the U.S. TAG for developing the guidance on this important OHSMS topic.

The new structure required by ISO (Annex SL) places emphasis on the concept of risk management.   OHSAS 18001 emphasized this aspect of an OHSMS but you can expect more in the way of guidance in ISO 45001 describing appropriate methods for assessing OH&S risks.   The guidance will be in the annex of the ISO 45001 standard with examples of how to perform an OH&S risk assessment and there will likely be a figure that looks something like the figure below where risk is estimated based on multiplying the likelihood value by the consequence value to arrive at the risk score.

 risk score 112113





Time Frame for ISO 45001 Development

Here is the current schedule for required 3 year development of the standard that was provide to TAG members on November 15, 2013.

  • Dec 2013 –Working Draft 1 (WD1) circulated Working Group 1 (WG1)
  • Jan 2014 – Submit Comments on WD1
  • Jan 2014 – US TAG Face to Face Meeting (to develop US positions/concerns on WD1) – ECSI will attend this meeting.
  • March 2014 – PC Meeting – Development of Committee Draft 1 (CD1)
  • November 2014 – PC Meeting – Development of Draft International Standard (DIS)
  • November 2015 –PC Meeting – Development of Final Draft International Standard (FDIS)
  • October 2016 – Publish ISO 45001

ECSI is a voting member of the U.S. Technical Advisory Group to ISO 45001 and will be directly involved in developing the US position on the content of this important standard.  We will be publishing updates on the progress of ISO 45001 and are happy to discuss any ideas, issues or concerns you have with the development of this new standard or any other OH&S issues you would like to discuss.  Don’t be shy.  You can either post a comment / question here or contact us directly at 920-648-4134 or email us kalehner@envcompsys.com.


Rethinking Job Hazard Analysis

Understanding potential occupational health and safety risks and how to control them is essential to any Occupational Health and Safety Management System (OHSMS). If done with skill, it can have immediate positive results. If not, the opposite effect of increasing potential risk and legal liability may result.

Limits of JHA/JSA

Job Safety Analysis (JSA) and Job Hazard Analysis (JHA) have been the mainstay in workplace hazard assessment for at least the last decade. These tools have helped organizations improve their incident rates but are now at the limits of what they can do to advance an organizations health and safety performance.

The JSA/JHA process provides a very detailed analysis of all potential hazards from each task of a particular job but the JHA/JSA process can be time consuming. Often the JHA/JSA process is limited to identifying job hazards and a listing of the operational controls used to reduce risk. Rarely do the JHA/JSA’s assess the remaining risk from the hazards after the control is in place. This leads to uncertainty if the hazard and associated risk have been controlled to an acceptable level or not. The question, “is the control in place adequate” and “is the job safe enough” remain mostly unanswered using the JHA/JSA process.

A Better Approach

New approaches introduced with the publication of OHSAS 18001 have been taking hold and producing excellent results in obtaining additional OH&S performance improvement. The new approach is called the “Hazard Identification and Risk Assessment Process” (HIERAP). This new approach helps quickly identify important job hazards and assess the level of risk associated with the job hazard. The output of this new approach is a prioritized list of hazards and risk which can be used as an ingredient in an overall OHSMS. With the prioritized list, an organization can focus its attention on what is most important (material) to ensure safety in the workplace.

A Few Important Considerations

  • Engage employees – They often understand the risks of their jobs better than anyone else
  • Develop a procedure – Think through details of the procedure and how you will us it and document the results. Include a risk matrix with clear definitions.
  • Work with Top Management – They have ultimate responsibility for determining how safe is safe enough.
  • Work Quickly – Establish a schedule to interview employees and capture their ideas about job hazards and risks. Stick to the schedule and avoid “paralysis by analysis”.
  • Have a Plan to Act – The results of the Hazard Identification and Risk Assessment process will be enlightening or even surprising. Make sure you have a plan to follow-up on the results of the HIRAP in a timely fashion

Finally, sometimes organizational dynamics can influence how the results of hazard identification and risk assessment are perceived at different levels of the organization.  Establishing the process/procedure and introducing it to top management before it is implemented can help avoid pushback from supervisory personal and managers.

OH&S Hazard Identification and Risk Assessment – OHSAS 18001

OHSAS 18001 continues to gain popularity with organizations as an easy plug-in to their existing business management system.

ISO 14001 is to environmental management what OHSAS 18001 is to workplace employee health and Safety. OHSAS 18001 is a model that organizations can use to establish or enhance a continual improvement-based employee health and safety program or management system. An OHSAS 18001 Management System (OHSMS) can be readily integrated with other management systems, including ISO 9001 and ISO 14001.

The identification of workplace hazards and associated risks is a key element of OHSAS 18001 (Clause 4.3.1). Hazard identification is the process of identifying what could go wrong and possibly harm someone. Risk assessment is a multi-dimensional semi-quantitative evaluation of the potential likelihood of a hazard actually occurring and the potential consequences if a hazard should occur. Once the level of risk for a particular hazard has been quantified through the risk assessment process, that level of risk can be evaluated by the organization for “acceptability.” Acceptability is a subjective measure of how safe is safe enough and should be determined with the input and approval of the organization’s top management.

An example of a risk assessment might be making a comparison between the hazard of using a hand saw to cut a piece of wood and the hazard of using an unguarded table saw. Let’s assume that the hazard in question is the potential to seriously cut oneself while cutting a piece of wood. We know through experience that using a hand saw is not likely to cause a serious injury requiring substantial medical attention. The risk of serious injury is relatively low, and most would deem that risk tolerable or acceptable as is. Using an unguarded table saw, on the other hand, could result in a serious cut or even an amputation, which in some cases may be life threatening. The risk of using an unguarded table saw is therefore unacceptably high. In order to control the risk of amputation to a “tolerable” or “acceptable” level, the saw would have to be properly guarded, and all operators would need to be trained in the safe use of a table saw. The guarding and the training are referred to as operational controls. Although the hazard of a serious cut still remains, the operational controls contain the risk (the likelihood and consequences) to a tolerable level.

The task of performing an OHSAS 18001 hazard identification and risk assessment would be easy if there were only a few hazards present in the workplace. Unfortunately, most workplaces have hundreds of hazards that require evaluation. Consequently, organizations seeking to improve their OH&S performance need to find a way to prioritize these hazards so that they can address the highest risks first.

Such a numeric evaluation is similar to a Failure Mode Effects Analysis (FMEA), which is used by quality managers to prioritize potential risk to product quality. The OHSAS risk assessment process can be used to prioritize potential health and safety risks and help organizations decide what needs to be done first to get the most risk reduction as quickly as possible. These risk assessments can be tailored to each organization’s situation and risk tolerance threshold.

There is no one right way to perform hazard identification and risk assessment. However, if not performed with skill and competence, the results of the OHSAS risk assessment will dramatically affect the performance of the employee health and safety program or management system. In other words, the program or management system is only as good as the hazard identification and risk assessment process.

Following are some key points to remember:

  • Develop a documented procedure for hazard identification and risk assessment.
  • Don’t be afraid to tweak the procedure if it is not producing reasonable results.
  • Involve in the assessments those who are exposed to possible hazards.
  • Engage management to determine the risk tolerance threshold the organization wants to achieve.

What are your experiences with hazard identification and risk assessment? Let us know by placing a comment here.