The ISO 45001:2018 occupational health and safety management system (OHSMS) standard was published in March 2018, replacing the OHSAS 18001 management system standard. Publication of this new standard is part of a broader effort by the International Organization for Standardization (ISO) to update and align all of the specification standards for the management of Environmental, Energy, Health and Safety, and Quality (EEHSQ). Other EEHSQ standards that have been updated in the past few years are listed in the Table 1 below.

EQ_Spring_2018_article5-pic1

The objective of the ISO 45001 effort was to implement an international OHSMS standard to replace OHSAS 18001 (a British Standard developed by a coalition of registrars and used internationally). It included making structural changes in accordance with a model that is affecting all new ISO standards, addressing broader national and international OHS elements, and ensuring adherence to the basic principles of OHSAS 18001 (which include continual improvement).

Key Changes to the OHSAS 18001 Standard

The new ISO 45001 standard encompasses two types of changes from the OHSAS 18001 standard. The first change involves a significant overhaul of the clauses to follow a new organizational structure that is being implemented for all ISO management system standards. ISO developed Annex SL - a framework for a generic management system and the blueprint for all new and revised management system standards. The revised versions of the ISO 14001 and ISO 9001 standards and the new ISO 45001 standard are organized in accordance with this new structure. A Plan-Do-Check-Act model is retained in the new structure for all management system standards, with the clauses organized to facilitate implementation of an integrated management system.

Annex SL - The New High-Level Structure
Annex SL incorporates seven main clauses (plus three introductory clauses, each with sub-elements that are intended to define how processes under a specific discipline (e.g., environmental, quality, occupational health and safety, energy) are implemented. This new high-level structure is incorporated into all of ISO's management system standards, including ISO 45001, as illustrated in Table 2. 

EQ_Spring_2018_article5-table-2

The New Themes
One might conclude that the new themes are not truly new at all but instead represent a restatement of underlying objectives in the OHSAS 18001 standard. That view would be especially true for organizations with a robust OHSMS, global reach, and sustainability initiatives already in place, where less effort would be required to align with the new ISO 45001 standard. But, for organizations with a less robust existing or no formal OHSMS, more effort will be required.

An overview of how the new Annex SL elements are being incorporated into the ISO 45001:2018 standard, how the new themes are reflected in each, and how the resulting content differs from that of the OHSAS 18001 standard is provided below. The elements of the ISO 45001:2018 standard where the changes are most significant include Context, Leadership and Worker Participation, Planning, and Operation.

  1. Context of the Organization. This section acts as a springboard from which organizations can begin to form and develop their OHSMS. Understanding the interaction between the organization's key OHS conditions, external issues (such as legal, social, and political), and internal conditions (such as products/services, culture, and strategic direction) is crucial to determining the functionalities and goals of the OHSMS. Through this analysis, the organization must identify the needs and expectations of interested parties that should be accounted for in the OHSMS - whether it be sustainability initiatives of a primary customer, concerns of a local community, or OHS legal requirements. Ultimately, the determination of organizational context leads to defining the scope of the OHSMS, which should reflect elements the organization would like to influence and has the authority to influence with the OHSMS.

    The OHSAS 18001 standard provides some guidance on how to address this and the need to establish the scope of the OHSMS. The new ISO 45001:2015 standard also presents this in a more focused manner, as well as placing additional emphasis on evaluating internal and external elements that could affect the scope and outcomes of the OHSMS.

  2. Leadership and Worker Participation. This section not only marks a change in the structure of the standard but also emphasizes a theme that was not as prominent in the OHSAS 18001 standard by assigning additional responsibilities to top management. An emphasis is placed on top management being held responsible and accountable for the effectiveness and performance of the OHSMS, ensuring that the resources necessary for sustaining the OHSMS are available, and promoting continual improvement. Organizational roles, responsibilities, and authorities also are discussed in this section.

    Another significant enhancement presented in this section from the OHSAS 18001 standard pertains to the commitments that must be included in an organization's OHS policy. The commitments of the OHSAS 18001 standard have been reworked to provide a direct linkage to organizational context and explicit commitments to provide safe and healthy working conditions, and to comply with legal and other requirements (including those that may arise from the needs/expectations of interested parties). The commitment to continual improvement is focused on the OHSMS, and there are explicit expectations regarding processes for consultation and participation of workers.

  3. EQ_Spring_2018_article5-pic2Planning. This section is somewhat similar to that in the OHSAS 18001 standard. It covers several key components of an OHSMS, including the identification of hazards and assessment of risks and opportunities, legal and other requirements, and objectives and targets. The most notable addition to this section is that hazards and risks, opportunities, and legal requirements are framed in the context of risk and opportunity management. And, legal and other requirements explicitly incorporate those that may arise from the needs and expectations of interested parties. Hazard, risk, and opportunity have a symbiotic relationship in the new standard.

    The new standard reiterates the need for top management to be involved by urging organizations to consider their technological options and business requirements when setting OHS objectives, with the hope that these objectives can be integrated into an organization's business operations. This is reflected in the new standard's “Planning Action” clause, which requires organizations to formulate actions to address risks, opportunities, and legal and other requirements, and prepare for and respond to emergency situations. Taking into account the OHS hierarchy of controls is further emphasized when planning actions.

  4. Support. The Support section of the new standard includes requirements for communication and documentation, as well as competence and awareness (which were derived from the OHSAS 18001 standard's “Competence, Training, and Awareness” clause). Within the Competence subsection in the new standard, we see another instance of the emphasis on OHS performance. The new standard requires determining the necessary competence for workers that can affect the organization's OHS performance, while the OHSAS 18001 standard required training associated with its OHS risks and OHS management system.

    Communication requirements have been augmented and made more specific compared to the OHSAS 18001 standard. The new standard accentuates the need to determine what, when, with whom, and how communications will be established and implemented. For example, the organization's internal communication process must allow for fluid communication between all levels of the organization regarding changes to the OHSMS and each individual's ability to contribute to continual improvement. Information relevant to the OHSMS must also be communicated to external parties, beyond simply responding to inquiries.

    Finally, in recognition of the advent of electronic information management systems, the term “documented information” replaces the use of “documents” and “records” as separate items. However, an organization may continue to use the familiar designations of documents and records, if preferred.

  5. Operation. This section encompasses the elements of “Operational Planning and Control” (formerly known as “Operational Control”) and “Emergency Preparedness and Response.” Two themes are more prominent in this section - Management of Change and Procurement. Establishment of a process(es) for the implementation and control of planned temporary and permanent changes that can affect OHS performance is required, and unintended changes must be reviewed for controls to minimize any adverse effects. With respect to procurement, organizations must ensure that the requirements of its OHS management system are met by contractors and their workers. Additionally, outsourced functions and processes need to be controlled and be consistent with achieving the outcomes of the OHSMS.

  6. Performance Evaluation. A common trend throughout the ISO 45001:2018 standard is the inclusion of more concrete and specific requirements, as exemplified in the clause covering “Monitoring, Measurement, Analysis and Performance Evaluation.” The OHSAS 18001 standard was general in its requirements for monitoring OHS performance, as well as calibrating and maintaining necessary equipment. The new standard not only requires specifying what should be monitored and measured, it also addresses methods; criteria; when monitoring and measuring should be performed; and when results must be analyzed, evaluated, and communicated.
    EQ_Spring_2018_article5_pic3
    The internal audit clause defines the necessity for conducting such audits and enhances the requirements around establishment of an internal audit program. The new Management Review clause now includes a more in-depth look at additional components of the ISO 45001 OHSMS. Elements such as risks and opportunities, needs and expectations of interested parties, adequacy of resources, consultation and participation with workers, and opportunities for continual improvement must be addressed and considered in determining the direction of the organization.

  7. Improvement. The last section of the high-level structure reflects a key theme of the ISO 45001:2018 standard. While the OHSAS 18001 standard relies upon preventive action to minimize nonconformities, the new standard enhances the corrective action process such that a cohesive OHSMS can affect preventive action. Essentially, during the corrective action process, an organization must determine if a similar nonconformity exists or could potentially occur and proceed with the necessary steps to eliminate these causes. The new standard mandates that the OHSMS be continually improved in order to enhance OHS performance and the suitability, adequacy, and effectiveness of the OHS management system.

How Should a Company Prepare?

Most organizations should expect to expend at least a modest level of effort in reconfiguring their existing OHSMS to align with the new standard. Important tasks include the following:

  • Gap Analysis - Conduct a gap analysis and establish a development plan for aligning current OHSMS procedures with the new organizational structure and underlying themes. Particular emphasis should be given to assessing how new themes can be incorporated in the following OHSMS areas: Context, Leadership and Worker Participation, Planning, and Operation.
  • EQ_Spring_2018_article5_pic4
  • Needs and Expectations of Interested Parties - Identify interested parties, along with their influence on the organization and its dependence on those interested parties. Interested parties have a more prominent influence on the scope and requirements of the OHSMS than in the OHSAS 18001 standard.
  • Risk and Opportunity Evaluation - Establish a risk and opportunity evaluation process to prioritize how OHS issues will be addressed. Ideally, this should be done in conjunction with the revised hazards identification/risk evaluation procedure.
  • Management of Change - Establish a management of change process to ensure that the organization maintains an acceptable level of risk when changes occur to equipment, processes, products, personnel, etc., and to ensure that the objectives of the change are achieved.
  • Supply Chain Engagement - Increase engagement with supply chain partners to enhance OHS management actions. Evaluate how such engagement can help with addressing the Procurement theme within the new standard.
  • Leadership Evaluation - Examine internal policies and practices to ensure that top management is obligated to demonstrate visible support for the OHSMS, and assumes responsibility, accountability, and authority for ensuring its success. This examination also should include ensuring that OHSMS objectives are incorporated into organizational strategy and decision-making processes.

Timing Considerations

The official transition period for converting to the new standard is three years, meaning that the OHSAS 18001 standard will be withdrawn as of March 12, 2021. In practice, many registrars may not want to issue certificates under the OHSAS 18001 standard beyond 2020 because in those cases the certificate would be valid for much less than a year (instead of the typical three-year time period).

In general, organizations likely will find it most convenient to transition to the new ISO 45001:2018 standard at the time of their next recertification. With that said, much depends on the timing of recertification and the estimated level of effort necessary for realignment (coming from the Gap Analysis task noted above). Organizations should contact their registrar as soon as possible to discuss transition timing.

Trinity Consultants supports organizations in developing management systems and preparing for certification to EHS&Q-related ISO standards, including the new ISO 45001 standard. For assistance, please contact Rich Pandullo at rpandullo@trinityconsultants.com or John Fillo at jfillo@trinityconsultants.com .