ISO 45001:2018, the replacement of OHSAS 18001:2007 & the world’s first occupational health & safety international standard, was published on 12th March 2018.
What Is ISO 45001?
- ISO 45001:2018 is the replacement of OHSAS 18001:2007 and is the first international ISO standard for Occupational Health and Safety Management Systems (OHSMS).
- As ISO 45001:2018 adopts the Annex SL structure, it makes integration with other management systems you may be operating simpler than ever before – e.g. it will align directly with ISO 9001:2015 & ISO 14001:2015.
Migration to ISO 45001
- If you currently have certification to OHSAS 18001:2007, you will need to make appropriate arrangements to migrate to ISO 45001 to maintain the validity of your OHSMS certification.
- As with ISO 9001 & ISO 14001, there has been a three-year migration period agreed (from the date of publication).
- 18001 certification will still be recognised until the end of the migration period, however 18001 certificates will not be issued by IMS with a validity past 12th March 2021.
- It is expected that in line with IAF (International Accreditation Forum) guidelines, additional assessment effort will be required in order to assess compliance with ISO 45001.
- You may migrate at any stage during your certification cycle, either as a reassessment, surveillance or special visit.
- Migration will not necessarily be ‘instead of’ 18001 certification – that is to say preparation can begin and as long as compliance to 18001 is maintained, your 18001 certificate will remain valid. Only once compliance to 45001 has been approved will 18001 certification be withdrawn. If you cannot demonstrate compliance to 45001, your 18001 certification may remain in place during the migration period as long as compliance is observed.
- IMS are in the process of applying to UKAS in order to have their Accreditation approved for ISO 45001. We are intending to be in the first tranche of applications and, dependant on UKAS, hope to have approval by Q3 2018. We will keep you up to date of progress.
- At present, we are unable to issue Accredited ISO 45001 certification. We will communicate to all existing 18001 clients the Accreditation status as above. Once Accreditation has been granted, we will communicate with you regarding the best approach & effort required. The migration process will be discussed as part of your routine assessment in order that the most suitable approach may be adopted.
- We will continue to provide Accredited 18001 certification for the foreseeable future, including new applications, however please note that these certifications will only be valid until 12th March 2021.
Revised & Clarified Terms and Definitions in ISO 45001
Risk. A universal definition of the term ‘Risk’ has been made in ISO 45001, as the meaning / interpretation of ‘Risk’ varies in some countries. The term ‘Hazard Identification’ is now covered by the terms ‘risk identification’ and ‘risk control’ to ensure consideration to all potential hazards across all industries and business sectors.
The Worker. There are differences in the definition of this term and various legal constraints around this term in different countries – in the context of ISO 45001, ‘The Worker’ is defined as the person working under the control of the organisation and includes subcontractors.
The Work Place. There are questions amongst organizations regarding what the workplace is. The workplace is a physical location that falls under the organisations control. It is somewhere that employees, contractors or any other ‘worker’ perform work for or on behalf of the organisation.
Hazard Identification: At present, OHSAS 18001 is considered very manufacturing and hardware orientated, when more and more of us are working in the service industry. ‘Hazard’ identification, therefore becomes ‘risk’ identification and ‘risk’ control to ensure we consider all potential hazards applicable to all industries and sectors.
Business Context: Clause 4.1, external and internal issues, introduces new clauses for determination and monitoring of the business context. It requires that the organisation identify & consider the various conditions & factors that influence their operations & management system.
Workers and other interested parties: Clause 4.2 introduces a requirement for an enhanced focus on the needs and expectations of workers and other interested parties and also worker involvement. The organisation will need to identify and understand the factors associated with these parties that need to be considered and managed through the management system.
Scope: Clause 4.3. Can only be defined when 4.1 & 4.2 have been considered. It should consider both direct control & influence.
Leadership & Commitment: Clause 5.1. As with 9001 & 14001, there is an enhanced emphasis on the accountability of top management in the role of ensuring consultation & participation with workers as well as promoting the performance, monitoring & effectiveness of the OHSMS.
OH&S Policy: Clause 5.2. Enhanced requirement towards communication & participation and to provide safe & healthy working conditions.
Organisational Roles, Responsibilities & Authorities: Clause 5.3. Must be documented & accountability by top management cannot be delegated.
Participation & Consultation: Clause 5.4. A much-enhanced clause, that requires documented information to support the roles & responsibilities associated with and to promote worker participation, engagement & communication. It applies to all workers at all levels within the organisation. The clause also promotes the participation of non-managerial roles within the OHSMS. The International Labour Organization wanted a lot more requirements on this issue. Many companies do not have any representatives what so ever. If there are no representatives within an organization, the standard will not force this requirement upon them as it is not a legal obligation either. While top management will be responsible for setting organizational health & safety policy, they should be in consultation with union representatives and health & safety personnel.
Risk and Opportunity Management: Clauses 6.1.1, 22.214.171.124 & 6.1.4, organisations are to determine, consider and, where necessary, take action to address any risks or opportunities (associated with the factors identified in clauses 4.1 & 4.2) that may impact (either positively or negatively) the ability of the management system to deliver its intended results, including enhanced health and safety performance at the workplace.
Objectives and Performance: Clause 6.2. Strengthened focus on objectives as drivers for improvements (clauses 6.2.1,6.2.2) and performance evaluation (clause 9.1.1). The objectives should support the policy requirements and consider the strategic direction & context of the organisation.
Support: Clauses 7.1 – 7.5. Whilst documented procedures are no longer mandated, the clauses are more prescriptive in respect of the ‘mechanics’ of communication, including determination of what, when and how to communicate (ref. clauses 5,6,8,9,10). Actions associated with communication shall be reviewed for their effectiveness. Awareness shall involve the policy, hazards & risks as well as their role within OHSMS performance as well as being made aware of the ability to remove themselves from what they may consider ‘imminent danger’. The term ‘documented information’ has been introduced (as with 9001 & 14001) and covers how an organisation chooses to create, maintain & retain information deemed as necessary for the OHSMS. The organisation will need to determine what documented information (internal & external) is required and shall control this as per their current OHSAS requirements. This includes the requirement for documented procedures.
Operation: Clauses 8.1 – 8.2. ‘Planning’ has been introduced which, in practice, means that hazard & risk controls need to be planned into the operational controls of the activities/functions of the organisation. Hazards & risks – the standard now specifies the hierarchy of controls that are to be applied. Management of change is now detailed within clause 8.1.3 – it outlines the requirements and potential sources associated with changes of the operation (for example equipment, conditions, workers, legal/compliance obligations). Procurement now needs to consider that goods and services conform to the OHSMS requirements. There is an enhanced requirement over contractors and the controls over and communication with same, as well as a requirement to give consideration to the competence and other requirements related to contractor workers. A specifically enhanced clause and requirements are now in place regarding outsourcing (126.96.36.199). What would be the damage to your business reputation if one of your outsourced suppliers or contractors created a significant OHS incident? ISO 45001 looks to define the answer in a way that can apply to all sectors and industries.
Performance Evaluation: Clause 9. Overall, the requirements have been enhanced & expanded. Compliance evaluation has been expanded to include the frequency & method of evaluation as well as maintaining knowledge and understanding of the organisations compliance status. Internal audit results shall be communicated with workers. Management review clause has enhanced previous requirements & inputs, to consider improvement, communication, risks & opportunities, overall system effectiveness, interested parties & performance analysis.
Improvement: Clause 10. The reference to ‘preventive’ action has been removed, as it should be considered that the OHSMS should in itself be a preventive system. Direct action shall be taken to control/address the incident/nonconformity. The organisation can consider further action once the direct action has been implemented (further action to prevent reoccurrence). The organisation will need to demonstrate that it has applied the principles of risk assessment & continual improvement, through cause investigation & analysis – and amend risk assessments and or operations as necessary. The organisation shall be able to demonstrate that they are utilising the outputs from processes of performance analysis & evaluation to identify & address areas of underperformance and opportunities.
Preparing for the Future
If you are currently applying 18001, many clause requirements of ISO 45001 are the same or similar – however they may be presented in a different sequence and may use different terminology.
Advice to existing users:
- Obtain a copy of the standard at www.iso.org/iso/iso45001 (other sources available);
- Examine the changes;
- Do a gap analysis against your current OHSAS 18001 system;
- Implement actions to address any gaps in your OHSMS.
IMS will maintain communication with you regarding the migration process and will be happy to answer any queries that you may have.
You can download the full guidance document by clicking the button below.