Tag Archives: ISO 45001

Pro-Tips for Best EHS Audits (Part 2): Conducting an EHS Compliance Audit

Posted on by

Compliance audits confirm an organization’s compliance status with environmental and occupational health and safety regulations. Audits also help manage risk of violations and fines. Customers, boards of directors and others care about EHS regulatory compliance and use audit results to make important business decisions. EHS audits will become even more important in the future as more organizations seek independent verification of their EHS and ESG performance.

Opening Meeting 

An EHS compliance audit can be intimidating for an organization. Conducting an opening meeting helps to: 

  • Explain the purpose, scope, and objective(s) of the audit.
  • Introduce the audit team, the auditee leadership and audit participants. 
  • Present the audit schedule.
  • Discuss who has authorized the performance of the audit and why.
  • Describe how evidence will be collected during the audit.
  • Review how audit results will be reported.

Participation of leadership at the opening meeting helps communicate support for the audit process and expectations for employee participation in the audit.

Collecting EHS Compliance Audit Evidence 

In Part 1 of this series, we discussed how to plan an EHS compliance audit focusing on what matters (materiality).  Auditors use the audit plan to develop audit trails that result in positive or negative evidence of compliance. A questions like “tell me about the processes operated in this department” is often a good starting point for developing audit trails. Here is an example follow-up questions an auditor could ask to further develop the compliance audit trails. 

Auditor: I see the metal parts grit blast process is operating today. What kind of parts are you blasting now.

Auditee: We are cleaning several hundred parts before they are electroplated.

Auditor: What are some of the important environmental aspects and OHS hazards you need to consider when operating the grit blaster and dust collector when cleaning stainless steel parts?

A well-prepared auditee will have identified the environmental and occupational health and safety regulations before the audit. Figure 1 is an example of a risk analysis tool that helps prepare for an audit and helps auditors identify important areas to audit. For more information about risk analysis watch this Risk Overview brief video.  Learn more about CorrectTrack app.

EHS risk analysis tool
Figure 1- EHS risk analysis tool

Tools like CorrectTrack provide a listing of environmental aspects and OHS hazards. The list helps quickly identify important aspects and hazards that are good candidates for improvement or for developing audit trails.  The highlighted row in Figure 1 is an example of an environmental aspect to check during an audit.  Clicking on Risk ID 803 link shows the risk detail page (Figure 2).

Grit Blast Dust Emission Environmental Risk Detail
Figure 2 – Grit Blast Dust Emission Environmental Risk Detail

This page shows important details about a dust emissions risk and provides links to other information like risk controls, applicable compliance obligations and related files. Clicking on the link under “Files” provides more detailed information (Figure 3). The red box in Figure 3 shows the specific requirements (risks) that need to be addressed or that are (audit criteria) an auditor can check.

Air Permit Audit Criteria for Dust Collector
Figure 3 – Air Permit Audit Criteria for Dust Collector

Collecting And Evaluating Evidence 

An audit checklist can help jog an auditor’s memory of the audit trails they want to follow. Checklists can be as needed. A good checklist points the auditor to what they are trying to prove true.  It should be more than a simple check the box yes or no checklist. Check the box checklists discourage looking for and recording evidence of conformity of compliance and should be avoided

The best checklists are prepared by the auditor before or during the onsite portion of the audit. They are specific to the process being audited and the requirement being assessed. The line of questioning can be spontaneous and not always needs to be documented. The questions can be recorded on the spot in the auditors notes along with any evidence observed. Often, audit questions will lead to another question as the auditor follows the audit trail trying to get to the ultimate evidence that a requirement is being met.

Auditor Notes

Auditors need to be able to take good notes during the audit. This helps them recall the details of the audit when preparing the audit report. Notes need to record the evidence the auditor observed during the audit. This can be evidence of conformity or not.  Being able to show what the auditor saw or heard during the audit is an important part of the audit process. Good note taking skills are one of the competencies auditors need to possess and continually develop.   

Preparing EHS Compliance Audit Findings 

Auditor notes are the evidence of conformity, but sometimes the audit shows things are not the way they are supposed to be.  Auditors call these nonconformance’s, or potential noncompliance findings. There are many formats for preparing these negative findings. One approach is to write the negative finding in three parts:

1. the requirement,
2. the finding and
3. the evidence that supports the finding

The requirement part of the finding describes the audit criteria the auditor was trying to prove true.  It can be a regulatory requirement or a requirement the organization has set for itself.  The finding part is a statement of what the problem was, and often refers to the requirements. The evidence part of the audit finding is a summary of what an auditor saw that led them to the conclusion there was a nonconformity.   

The following is an example of a negative finding for potential noncompliance with a State issued Title V air emission permit. 

  • Requirement: [s. NR 439.055(2)(a), Wis. Adm. Code, 02-DCF-178] The pressure drop across the dust collector baghouse shall be measured and recorded once every 8 hours of operation or once per day, whichever yields more measurements.  
  • Finding:  Auditee not able to produce records of baghouse pressure drop readings
  • Evidence: No records of metal finishing baghouse pressure drop were able to be produced for 2nd & 3rd shift when baghouse was operating in May 2023. 

Communicating EHS Compliance Audit Findings

When a negative finding is made auditors should try to get consensus with auditee that the finding is valid. This will help avoid disagreement on the validity of a finding during the closing meeting. This also helps confirm the auditee has a clear understanding of what was wrong so they begin to fix the problem. Well written findings also help auditees identify appropriate corrective actions. A correction is a quick fix to “stop the bleeding”. A corrective action prevents the nonconformity from recurring.  

Closing Meeting

A closing meeting should be held for all EHS audits. During the closing meeting the audit team shares the results of the audit with the auditee. The closing meeting should include the following:

  • Audit findings
  • Audit conclusions
  • Audit recommendations (if appropriate)
  • Circumstances that affected confidence in the audit results
  • Audit report timing and distribution
  • Follow-up actions to be taken by the auditors and auditee
  • Process for appealing an audit finding or conclusion

Conclusion

This is Part 2 of a three-part article about environmental and health and safety (EHS) auditing. Part 1 discussed how to plan an EHS audit. In Part 3 of this series we will explore how to follow-up on an audit including preparing an audit report, approving corrective actions and verifying corrective action effectiveness during subsequent audits. 

ECSI provides auditing, consulting and training services to organizations interested in improving their EH&S performance. For more information, contact us.

ISO 45001 Webinar – FREE!

Posted on by
Watch Webinar

ISO 45001 is an international standard that helps organizations improve Occupational Health and Safety (OHS) performance.  The ISO 45001 standard can be used to ensure workers are safe by protecting them from workplace injury and ill health.  As the Vice Chair of the US Technical Advisory Group to ISO 45001, I have been seeing a significant rise in awareness of ISO 45001 benefits.  Environmental Compliance Systems, Inc has also helped many organizations plan, implement and integrate an ISO 45001 OHSMS with their other business management systems.   A recent webinar produced with ASSP describes the many benefits of an ISO 45001 OHSMS.  Here is a link to free ASSP webinar: https://player.vimeo.com/video/844292169?. Please watch if you are interested in improving your organizations OHS performance.

Join US at the 2022 ASSP Risk, Health & Safety for All Conference.

Posted on by

We are looking forward to seeing you at the 2022 ASSP Risk, Health & Safety for All Conference Thursday, September 29 & Friday, September 30, 2022 at The Ingleside Hotel in Pewaukee, Wisconsin. With two days of educational sessions, workshops, and panel discussions, this event is full of super rich networking and collaboration opportunities. More

Preview our Presentation

Please be sure to come see us at session #12 where we will be sharing information on Semi-quantitative Risk Analysis – An OHS Leading Indicator. Here is a description of the presentation:

OHS Managers need to find good ways to predict and influence future OHS
performance. These predictors of OHS performance are referred to as “leading indicators”. Semi-quantitative OHS risk analysis is now being recognized as a good leading indicator of OHS performance. This session describes how semiquantitative risk analysis is used as a leading indicator of OHS performance

Come see us at our booth at the show to say hello  or for a quick demo of the CorrectTrack app.. Be sure to put your name into our raffle that will award a lucky winner at our ever-popular beer tasting on Thursday evening and taste premium beers with one of the Tyranena brewers..

ISO 45001:201X – Occupational Health and Safety Management

Posted on by

Safety-BlogsThe development of ISO 45001 for Occupational Health and Safety Management Systems had a significant setback early this year.  By a narrow margin the international committee voted to refer it for additional review and comment.   ISO 45001 is being developed to replace OHSAS 18001:2007.

The effect of the no vote was discussed at the June 2016 international meeting held in Toronto.  Also discussed in Toronto were the 3000 comments that had been made internationally on the draft standard.  The development process is proceeding slowly because many of the participants are still  learning  how ISO management systems work.  These include traditional OH&S professionals and those representing organized labor.

Traditional OH&S Professionals

Traditional OH&S professionals make up a large portion of the members of the US TAG and the international committee.  Most of these members are new to management systems and do not understand how management systems work.  OH&S professionals are quite familiar with “compliance” to OSHA laws.  However, they sometimes struggle to understand that the purpose of a management system is to improve performance over time.  As a result the proposed Standard has become prescriptive including:

  • Requirements to use a Hierarchy of Controls when addressing OH&S hazards
  • Requiring more documentation than necessary
  • Inserting requirements that do not add value

Organized Labor

Organized Labor s a participant in the development of ISO 45001 and represent over 1 million members nationally.  One of the roles of organized labor has  been to help workers negotiate contracts between labor and management on compensation, benefits and workplace safety.   Labor has adopted the position that ISO 45001 should be a “workers’ rights” standard. Their approach to providing input to the ISO 45001 development process is like a contract negotiation.

This has created tension at both the national and the international levels.  Labor views the rest of the TAG as representing “management”.   When others on the TAG propose language that is not aligned with labors’ position, they voice strong  opposition. More then once labor representatives have accused other TAG members of wanting to “kill workers”.

What’s Next for ISO 45001

A committee was formed in Toronto to create the second draft international standard ISO/DIS2 45001:201X which is expected to be issued in the late fall to early winter.  We remain cautiously optimistic that both traditional OH&S and those representing labor will become more informed about the purpose of management systems and how they help organizations improve OH&S performance.  This in turn will help them participate more effectively in the consensus process.  If all goes well, a final international standard could be expected in mid-2017.

ISO 45001 Status Update – What’s Next after DIS Vote Failure

Posted on by

The Committee Draft (CD) of ISO 45001:201x issued July 17, 2014 did not receive enough international support during voting which ended October 18th, 2014.  This means that the Standard will be reissued as another CD2 and will not be moved to the next level of development as a Draft International Standard (DIS) at this time.   The results of the vote were published in PC283 Ballot Report of 10-2014 which showed a 63% approval level, which is 12% shy of the requisite 75% approval for the standard to be moved to the next level.   Of 47 votes cast, 11 were Yes votes to agree to circulation of the draft as a DIS.  18 votes were cast as “Yes with comments” and 17 members cast a no vote.  There was one abstention.

ISO 45001 US TAG Meeting at AIG Headquarters in Ney York, August, 2014

US TAG PC 283 Meeting at AIG Headquarters in New York, August, 2014

The initial proposed date for publication of the final international standard outlined in ISO/PC 283/N68 issued October 24, 2013 was September 2016.  This proposed release date was based on the assumption that the CD and DIS documents would be approved by 75% of the PC members on the first vote.  The consequence of the failure of the CD to be moved to the DIS level is unclear at present but this turn of events is likely to delay the release of the final version of ISO 45001somewhat beyond September 2016.  The International PC will be meeting the third week of January 2015 in Trinidad to work on preparation of the next draft of the Standard (CD2) which is expected to be released in February 2015.

Why Did The ISO 45001 DIS Vote Fail?

The reason for failure of the vote to move to the DIS level is simple to explain. The CD  did not get the required 75% approval needed.  Why there was not enough support is more complicated but in general not enough PC members believed the standard was mature enough to move to the next level of development.  Enough members felt the standard needed more work at the CD level to prevent it from becoming a DIS.

ISO 45001 PC 283 US TAG Meeting August 2014 NYC

US TAG PC 283 Meeting In NYC August 2014

As part of the voting process almost 2500 comments were submitted on the CD which is a good indication that many believe this new standard needs additional effort invested in it before it can be issued as a DIS.  The US submitted 152  comments and the  International Labor Organization (ILO) submitted 174.  Along with its 119 comments Japan submitted a position paper (ISO/PC 283/N134) against ISO/CD 45001 that summed up in three comments, some of the most important issues that need resolution before this important standard can be moved to the next level of development .  The following is a brief summary of these comments.

ILO Participation –  “It is important to fully use the knowledge and experience of the ILO which has dealt with international labor issues”.

ISO and the ILO are having difficulty in reaching agreement on some important terms and concepts and if this tension cannot be resolved to the mutual satisfaction of both parties two conflicting standards may emerge.  This situation will inevitably lead to confusion by users of these standards and diminish the value  of ISO 45001and certification to this standard.

Use of the Term “Risk” Vs OH&S Risk

At present ISO 45001 uses the terms Risk and OH&S risk in several locations in the CD.  The use of these terms is thought to be potential confusing to users and the recommendation is to only use the Term OH&S Risk in the context of ISO 45001.

Annex A Not Thoroughly Reviewed

Unlike The Technical Committee for ISO 14001 which is authorized to issue multiple standards and guidance documents for environmental management such as ISO 14004 and ISO 14064, PC 282 charter was limited to development of one document only, ISO 45001.  At this time there are no plans to issue other guidance documents to supplement ISO 45001.  As a result the only guidance or interpretive information that is likely to come from ISO on OH&S management system will be in an Annex to the standard (Annex A).

Therefore it is vitally important that the information in the Annex A be reviewed and approved by PC members before it is issued.  The current state of Annex A is considered by some of the PC members as not having been reviewed thoroughly and the amount of text is too much and in need on condensation and streamlining.

Conclusion

The failure of PC 283 to move ISO 45001 to th DIS stage will likely result in some delay if the issuance of the final international standard by several months into early 2017.  However, this delay will help insure that all interested parties have an opportunity to contribute to its development.  In the end this will result in a better standard with wide international acceptance.

ISO High Level Structure and EH&S Management Systems

Posted on by

ISO 14001 and OHSAS 18001 are undergoing significant change intended to improve these standards.  The new ISO High Level Structure will align all ISO standards along a common management systems structure and promote integration.   The recent US Technical Advisory Group meeting in Orlando, Florida was a particularly enlightening conference for us where US TAG members were able to share their ideas of the way the HLS applies to EHS management Systems.

ISO HLS & EHSMS

ISO HLS & EHSMS

An important part of the revision processes is being able to communicate to current and new users how the standards are changing and how these changes will affect an existing EHSMS.  This diagram represents how we at ECSI see the developing changes to ISO 14001 and ISO 45001 and the relationships between some of the important clauses of the revised standards.

We are interested in understanding how users of the EHSMS standards feel about the changes and what information they need to begin to plan for the changes to their EHSMS.  ECSI will be conducting a short, one hour webinar Tuesday, April 22, 2014 from 10am-11am Central Standard Time.  The purpose of the seminar is to provide the current state of the revision process and to discuss how we see the EHSMS standard revisions progressing.  If you are interested in participating in one of these webinars send us an email to webinar@envcompsys.com and we will reply with the logon instructions.

First ISO 45001 US Technical Advisory Group Meeting In DC

Posted on by

ECSI is currently attending day one of the 2-day ISO 45001 US Technical Advisory Group (TAG) meeting in Washington DC January 15-16, 2014.  We will be reviewing comments on the first working draft of the standard and then breaking into several working groups to revise specific sections of the standard.  One of the key issues  to be discussed will be how much additional discipline specific text should be added to the required High Level Structure (HSL) language.  As a voting member of the US TAG I intend to advocate for a less-is-more approach.  In other words, I believe that most of the discipline specific text (occupational health and safety in this case) should reside in the annex of the standard.

The HLS is designed to facilitate seamless integration of discipline specific management systems into an organizations overall business management system.  In the past ISO standards had significantly different structures which made integration of the standards difficult.  An example is ISO 14001 Environmental Management Systems (EMS) which has only 4 sections and ISO 9001 Quality Management Systems (QMS) which has 8 sections.   The difference in the way the standards were organized lead to considerable confusion among many standard users who wondered why the structure of an EMS needed to be so different than a QMS.

In response to those concerns ISO created the HSL to standardize the way it writes standards which is a really good idea for a standards writing body.  ISO requires that all new and revised standards follow the HLS with little deviation.  My experience with the ongoing revision of ISO 14001 has been that trying to incorporate significant additional discipline specific language into the standard is not always value added and can sometimes diminish the clarity and usability of the standard.  Because of the significant additional language in the ISO 14001 standard it seems overweight or bloated at 19 pages versus 9 pages for ISO 14001:2004.  As we hash over this important issue I hope that both the US TAG and the international project committee PC 283 recognize this potential pitfall and endeavor to limit the amount of additional discipline specific language in the new ISO 45001.

 

Should ISO 45001 Require Multi-Step Hierarchy of Control?

Posted on by

The first face-to-face meeting of the United States Technical Advisory Group (US TAG) will be taking place in Washington DC late next week, January 15-16, 2014.  The purpose of this meeting is to review the recently released first working draft (WD1) of the ISO 45001 Occupational Health and Safety Standard and attempt to find consensus among the members of the US TAG regarding the US position on important technical issues.  One of the important issues to be discussed is what  the ISO 45001 standard should include as requirements and what information should be presented in the Annex A as guidance.

The WD of ISO 45001 currently requires a hierarchy of control in clause 8.1.2 of the standard.  Most occupational health and safety (OH&S) professionals are familiar with this hierarchy of control, which prefers elimination of the hazard as the best choice for controlling an OH&S risk. The hierarchy of control requirement is a good example of what one might consider to be an “overreach” of the standard, in that it prescribes a specific risk control process that may be more appropriate as guidance in the Annex of the standard.  As currently drafted, the WD1 states the following:

When determining prevention and control measures, or considering changes to existing controls, consideration shall be given to reducing the risks according to the following hierarchy:

a) eliminate the hazard;

b) substitution with less hazardous materials, processes, operations or equipment;

c) use engineering controls;

d) signage/warnings;

e) administrative controls;

f) personal protective equipment.

These six steps are almost identical to those listed in the American National Standards Institute, ANSI Z10, clause 5.1.2.  The Occupational Health and Safety Assessment Series standard, OHSAS 18001, clause 4.3.1, has similar requirements, but only lists 5 steps; and  the USA OSHA’s required hierarchy of control lists only 4 steps.

With a quick search of the internet, many other examples of hierarchy of control sequences and steps can be found.  Some national regulatory agencies around the world have other required processes for determining appropriate controls.  Given this apparent lack of national and international consensus for the optimal number and sequence of control steps, is it appropriate for the new ISO 45001 OH&S standard to prescribe either a requirement to use a hierarchy of control process or to specify the number and sequence of the steps in the required process?

Based on our experience on the US TAG working on revision to ISO 14001, we believe that, when making additions to the ISO Annex SL High Level Structure (HLS) required text (see related post), adding less in the requirements sections helps to maintain the integrity of the HLS.  ECSI believes that the elegant simplicity of the HLS is diminished when significant amounts of discipline-specific text (OH&S in the case of ISO 45001) are added to the standard itself.  We believe that most of the additional discipline-specific text in the WD1, especially in clauses 6, 7 and 8, should be moved to the Annex A and treated as guidance.  By doing so, the ISO 45001 Project Committee (PC) will be able to avoid protracted discussions and negotiations over the content of the requirement section of the standard, which in turn will help the PC meet the tight deadlines (3 years) for publication of the standard.

Scope Change for ISO 45001 Set for Vote by ISO TBM

Posted on by

When the idea to create an ISO standard for Occupational Health and Safety Management Systems (OHSMS) was recently resurrected the scope of the project was limited to preparing requirements only.  Guidance on use of the new standard was excluded from the scoped of the project.

At its inaugural meeting in October 2013 ISO/PC 283 reviewed its scope and the PC agreed that it was essential to provide guidelines on the use of the OH&S requirements that it is mandated to develop.  The form of the guidelines is expected to be an annex to the requirements standard similar to what was done with ISO 14001.

This scope change needs to be 652px-Logo-ISO[1]approved by something called the ISO TBM (Technical Management Board).  A ballot is being circulated with the TBM to modify the title of ISO/PC 238 by eliminating the word “requirements”.  The voting period will close on December 28, 2013.  The TBM will also be voting on whether to change the scope of PC 283 to the following:

Development of a standard on occupational health and safety management systems “Requirements with guidance for use”.

Although this may seem like a subtle change the impact on the OH&S standard development will be large and will improve the value of the standard for users.  My guess is that the greatest area of impact in the guidance portion of the standard will be in the front end work to set up a conforming OHSMS.  Specifically the part of the standard the addressed hazard identification and risk assessment.

I am interested in this groups opinion of what other areas of the new standard will benefit from guidance such as, employee participation or value/supply chain management , and how explicit should that guidance be?  Please don’t be afraid to post a comment here  or at the linked In at the  ISO 45001 group with you opinion or comment.

OHSAS 18001 and ISO 45001 – ISO Health and Safety Management Systems

Posted on by

In late October 2013 ISO (International Organization for Standardization) decided to move forward with the development of an ISO standard that will replace OHSAS 18001 Occupational health and safety management systems – Requirements (British Standard Institute) within the next three years.  The ISO Occupational Health and Safety Management System Standard (OHSMS) is expected to be issued under the number ISO 45001.   The exact title is still up in the air but will be similar to something like Occupational health and safety management systems – Requirements with guidance for use.   The first Working Draft of the new OHSMS standard is expected to be circulated to the US Technical Advisory Group (U.S. TAG) members within the next few weeks. 

Important issues that will be discussed early in the standard development process are:

Defining the term “persons under the control of the organization”. 

There will be discussion about how much flexibility organizations will have when defining the scope of its OHSMS under the ISO 45001 requirements.  This issue will have a significant impact on organizations who have chosen to shift OH&S risks to onsite contractors’ through contracts that require the contractors to assume some or all responsibly for their employees health and safety and for compliance with all regulatory requirements.   The questions will likely boil down to will the standard allow a complicated scope statement that excludes substantial portions of the facility’s physical location thereby excluding many contractors from the scope of the OHSMS,  or will the standard discourage this type of scoping in favor of a more inclusive approach to the scope of the OHSMS. 

Questions about acceptable levels of risk shifting or sharing will need to be discussed  and answered.

Hazard Identification, Risk Assessment and Risk Control

This will be an important topic of discussion and deliberation with the U.S. TAG to reach consensus on what the standard will require of organizations to develop, implement and maintain a process for performing hazard identification and risk assessment.   There are many approaches to risk assessment and it will be interesting to see how detailed the requirements will be regarding this important area of an OHSMS.  Appendix F of ANSI Z10 will be a starting point for the U.S. TAG for developing the guidance on this important OHSMS topic.

The new structure required by ISO (Annex SL) places emphasis on the concept of risk management.   OHSAS 18001 emphasized this aspect of an OHSMS but you can expect more in the way of guidance in ISO 45001 describing appropriate methods for assessing OH&S risks.   The guidance will be in the annex of the ISO 45001 standard with examples of how to perform an OH&S risk assessment and there will likely be a figure that looks something like the figure below where risk is estimated based on multiplying the likelihood value by the consequence value to arrive at the risk score.

 risk score 112113

 

 

 

 

Time Frame for ISO 45001 Development

Here is the current schedule for required 3 year development of the standard that was provide to TAG members on November 15, 2013.

  • Dec 2013 –Working Draft 1 (WD1) circulated Working Group 1 (WG1)
  • Jan 2014 – Submit Comments on WD1
  • Jan 2014 – US TAG Face to Face Meeting (to develop US positions/concerns on WD1) – ECSI will attend this meeting.
  • March 2014 – PC Meeting – Development of Committee Draft 1 (CD1)
  • November 2014 – PC Meeting – Development of Draft International Standard (DIS)
  • November 2015 –PC Meeting – Development of Final Draft International Standard (FDIS)
  • October 2016 – Publish ISO 45001

ECSI is a voting member of the U.S. Technical Advisory Group to ISO 45001 and will be directly involved in developing the US position on the content of this important standard.  We will be publishing updates on the progress of ISO 45001 and are happy to discuss any ideas, issues or concerns you have with the development of this new standard or any other OH&S issues you would like to discuss.  Don’t be shy.  You can either post a comment / question here or contact us directly at 920-648-4134 or email us kalehner@envcompsys.com.