ISO/DIS 45001 is the new ISO Standard for Occupational Health and Safety Management Systems. The public comment period for the draft international standard is open until April 2, 2016. One of the important issues debated at the recent meeting of the US TAG in Dallas. TX, Feb 22-25, 2016 was a requirement unique to ISO 45001 that organizations are required to assess “other risks” to the OHSMS. Neither ISO 9001:2015,14001:2015 or OHSAS 18001 have such a requirement. Here is what is required:
6.1.2.2 Assessment of OH&S risks and other risks to the OH& S management system
The organization shall establish, implement and maintain a process(es) to:
b) identify and assess the risks related to the establishment, implementation, operation and maintenance of the OH&S management system that can occur from the issues identified in 4.1 and the needs and expectations identified in 4.2.
To better understand what is expected one needs to go to the Annex of the standard where there is a list of examples in A.6.1.2.2 of what needs to be considered as follows:
“The organization should also give consideration to those risks which are not directly related to the health and safety of people and address factors affecting the OH&S management system, its performance and intended outcomes. These risks should be assessed using an appropriate method”.
Potential sources of risk to the OH&S management system can include:
- inappropriate context analysis; outdated analysis;
- inadequate consideration of OH&S management system requirements, change management and other health and safety issues in strategic planning and other business processes;
- the absence of resources for the OH&S management system, whether financial, human or other;
- an ineffective audit program;
- poor succession planning for key OH&S management system roles;
- poor top management engagement in the OH&S management system activities;
- failure to address the needs and expectations of relevant interested parties;
- poor OH&S performance leading to reputational risks.
The standard also requires organizations to identify “Other Opportunities” in clause 6.1.2.3(b) when it says:
“The organization shall establish, implement and maintain processes to identify:
b) opportunities for improving the OH&S management system”.
Again the annex provides a bit more guidance regarding “other opportunities” in A 6.1.2.3. Here is what it says:
Opportunities to improve the OH&S management system can include:
- improving the visibility of top management’s support for the OH&S management system;
- enhancing incident investigation processes;
- improving the processes for worker participation;
- benchmarking, including consideration of both the organization’s own past performance and that of other organizations;
- collaborating in forums which focus on topics dealing with health and safety.
Some of the US TAG experts argue that without a requirement to address these other OH&S Risks and Other OH&S Opportunities the management system will be ineffective and will not lead to OH&S performance improvement. Others on the US TAG maintain that by implementing and operating an ISO 45001 OHSMS the organizations will address these potential risks and requiring an additional step to look at these other risks is redundant and confusing to potential users.
What do you think? Leave a comment here and… if you like… take the survey and express your opinion.