Establishing an occupational health & safety management system based on ISO 45001

Establishing an occupational health &

safety management system based on

ISO 45001

Establishing an

occupational health &

safety management system

based on ISO 45001

NAEEM SADIQ

Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:

IT Governance Publishing Ltd

Unit 3, Clive Court

Bartholomew’s Walk

Cambridgeshire Business Park

Ely, Cambridgeshire

CB7 4EA

United Kingdom

www.itgovernancepublishing.co.uk

© Naeem Sadiq 2019

The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.

First published in the United Kingdom in 2019 by IT Governance Publishing.

ISBN 978-1-78778-142-9

FOREWORD

People are spending more time at their workplace, with many spending more than 40 hours at work every week. Workers expect to spend this time in a safe and healthy working environment, and getting injured or falling sick at work is not an eventuality they hope to encounter. For most individuals, health and safety is a matter of utmost importance and priority, next only to their basic physiological needs.

Unfortunately, workplaces across the globe still have a lot to do to provide safe and healthy working conditions. It is estimated that every 15 seconds a worker dies from a work-related accident or disease, and 153 people experience a work-related injury. This is an enormous burden for organisations and society as a whole, with more than 2.78 million deaths a year, not to mention the more than 370 million non-fatal accidents.¹

2017/2018 UK health and safety statistics can be found on the Health and Safety Executive’s website www.hse.gov.uk/statistics/. They provide some idea of the extent of health and safety concerns, even in a well-organised society such as the UK:

•1.4 million working people suffered from a work-related illness;

•2,523 mesothelioma deaths because of past asbestos exposures (2017);

•147 workers killed at work;

•555,000 injuries occurred at work according to the Labour Force Survey;

•71,062 injuries to employees reported under Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR);

•30.7 million working days lost because of work-related illness and workplace injury;

•£15 billion estimated cost of injuries and ill health from current working conditions (2016/17).

Many of these incidents result in extended periods of absence from work. The human cost of this daily adversity is vast, and the economic burden of poor occupational health and safety (OH&S) practices is estimated to be as high as 3.94% of global GDP every year.²

It is therefore not surprising that organisations across the globe have begun to assume greater responsibility for their role and obligation in providing safe and healthy working environments. The push towards improved health and safety comes not just from ethical considerations but is equally driven by the needs and policies of organisations, industrial practices, concerns of stakeholders and regulatory requirements.

This book is about establishing an occupational health and safety management system (OHSMS) based on the new ISO 45001:2018 Standard. ISO 45001 is an international standard that specifies requirements for an OHSMS with guidance for its use, to enable an organisation to proactively improve its OH&S performance in preventing injury and ill health. The new standard replaces OHSAS 18001, which has been in practice since 1999.

Occupational health deals with the promotion and maintenance of the physical, mental and cognitive health of workers, and their protection from disease and health-related risks. Safety, on the other hand, is often defined as freedom from unacceptable risk or harm. The subject of OH&S focuses on the identification of health as well as safety-related hazards, assessment of risks and the application of controls to eliminate or minimise the OH&S risks.

Driven by moral, legal and economic considerations, the requirements of health and safety at work play a vital role for workers as well as employers. It is now a legal obligation for the management of an organisation to provide a safe working environment, and to exercise due diligence to prevent ill health or injury to individuals at work.

This book is intended to help those who need to develop and implement an effective OHSMS based on the international standard ISO 45001. Standards often carry a formality about them, with each word bearing a specific meaning and context. They define requirements on ‘what’ must be done, without prescribing any specific details or methodology on ‘how’ it may be accomplished. This book is an attempt to demystify the ISO 45001 standard, by presenting its contents and implementation methodology in a simple, user-friendly and easily understandable manner. A large number of OH&S examples, procedures, plans, formats and reports have also been included to help explain the implementation of ISO 45001.

This book will cover two related topics: how to establish an OHSMS and how ISO 45001 can help an organisation establish such as system. Managers, OH&S auditors, trainers and OH&S professionals who are involved in any aspect of an OHSMS, including development, documentation, implementation, training, supervision or auditing, will find it useful to consult this book. It follows a hands-on and step-by-step approach to building an OHSMS. It explains the purpose and the requirements of each clause of ISO 45001, and goes on to describe how these requirements can be fulfilled by an organisation. It includes numerous examples, suggestions, sample formats and sample procedures to facilitate an understanding and implementation of an OHSMS. This book will also be helpful to those who have no previous background of the subject.

Naeem Sadiq

________________

¹ www.ilo.org/global/topics/safety-and-health-at-work/lang--en/index.htm.

² www.ilo.org/global/topics/safety-and-health-at-work/lang--en/index.htm .

ABOUT THE AUTHOR

Naeem Sadiq holds a BSc in Aerospace and a Masters in Manufacturing Engineering. He is a certified lead auditor, an ASQ-certified manager and a quality system auditor. Naeem’s work experience in engineering and management includes 25 years as an independent consultant, auditor and trainer for the ISO 9001, ISO 14001 and OHSAS 18001 standards.

Naeem has presented a number of papers at national conferences on management system standards, and has provided consultancy, training and auditing support to more than 100 organisations. As a freelance writer, he is a regular contributor to national newspapers reporting on safety, environmental and social issues. He is also the author of two books, OHSAS 18001 Step by Step – A practical guide and ISO 14001 Step by Step – A practical guide.

ACKNOWLEDGEMENTS

To all those individuals and organisations with whom I have had the opportunity to interact as a friend, trainer, consultant or auditor, and who not only shared their experiences but also asked hundreds of questions, the answers of which I was compelled to seek.

To Vicki Utting, for her patience, support and value-adding nudging. To Asif Hayat and Affan Khalid, for their critical feedback. To my wife Shifa Naeem, for her love, support, constant encouragement, frequent editorial corrections and countless cups of green tea. To my grandchildren, Aameneh, Deena, Laila, Pareevash, Sophia, Zaara and Zarak, who were sometimes resentful but always very amused at my spending long hours working on my computer while writing this book.

I would also like to thank Chris Achillea, Belhaj Hajar, Roland Tan and Chris J Ward, for their time and helpful comments during the review process.

DISCLAIMER

All names and examples quoted in this book are fictitious and have been presented solely for learning, understanding and explaining purposes. Websites quoted in this book may change over a period of time, and readers will need to look up the new addresses if a change has taken place.

CONTENTS

Chapter 1: ISO 45001

1.1 The need for ISO 45001:2018

1.2 What is ISO 45001?

1.3 Terms and definitions

Chapter 2: Context of the organisation

2.1 Understanding the organisation and its context (ISO 45001:2018, Clause 4.1)

2.2 Understanding the needs and expectations of workers and other interested parties (ISO 45001:2018, Clause 4.2)

2.3 Determining the scope of the OHSMS (ISO 45001:2018, Clause 4.3)

2.4 An example of the ‘scope’ of an organisation’s OHSMS

2.5 OHSMS (ISO 45001:2018, Clause 4.4)

Chapter 3: Leadership

3.1 Leadership and commitment (ISO 45001:2018, Clause 5.1)

3.2 OH&S policy (ISO 45001:2018, Clause 5.2)

3.3 An example of an OH&S policy

Chapter 4: Organisational roles and worker participation

4.1 Organisational roles, responsibilities and authorities (ISO 45001:2018, Clause 5.3)

4.2 Consultation and participation of workers (ISO 45001:2018, Clause 5.4)

Chapter 5: Planning

5.1 Actions to address risks and opportunities (ISO 45001:2018, Clause 6.1)

5.2 Hazard identification (ISO 45001:2018 Clause 6.1.2.1)

5.3 Assessment of OH&S risks and other risks to an OHSMS (ISO 45001:2018, Clause 6.1.2.2)

5.4 Assessment of OH&S and other opportunities for the OHSMS (ISO 45001:2018, Clause 6.1.2.3)

Chapter 6: Determination of legal and other requirements (ISO 45001:2018, Clause 6.1.3)

6.1 What are legal and other requirements?

6.2 Determination of legal and other requirements

6.3 Implementing OH&S legal requirements

6.4 Useful sources for regulatory information

Chapter 7: Planning actions

7.1 Planning for risks and opportunities (ISO 45001:2018 Clause 6.1.4)

7.2 Planning to address legal and other requirements (ISO 45001:2018 Clause 6.1.4)

7.3 Planning to ‘prepare for’ and ‘respond to’ emergency situations (ISO 45001:2018 Clause 6.1.4)

7.4 Planning to integrate actions and evaluate their effectiveness (ISO 45001:2018 Clause 6.1.4)

Chapter 8: OH&S objectives and their planning (ISO 45001:2018, Clause 6.2)

8.1 Why OH&S objectives?

8.2 Factors that contribute towards making OH&S objectives

8.3 Typical characteristics of OH&S objectives

8.4 Some examples of OH&S objectives

8.5 Planning to achieve OH&S objectives (ISO 45001:2018, Clause 6.2.2)

Chapter 9: Competence and awareness (ISO 45001:2018, Clause 7.2)

9.1 Understanding competence (ISO 45001:2018, Clause 7.2)

9.2 The requirements about ‘competence’

9.3 Awareness (ISO 45001:2018, Clause 7.3)

9.4 Situations of imminent and serious danger

Chapter 10: Communication

10.1 General requirements (ISO 45001:2018, Clause 7.4.1)

10.2 Issues that require communication

10.3 When to communicate

10.4 How to communicate

10.5 Documented information

Chapter 11: Documented information

11.1 Documentation and ISO 45001 (Clause 7.5.1a)

11.2 Documented information required by ISO 45001

11.3 Documented information determined by an organisation (Clause 7.5.1b)

11.4 Documented information (documents and records)

11.5 Creating and updating documents (ISO 45001 Clause 7.5.2)

11.6 Control of documented information (ISO 45001 Clause 7.5.3)

Chapter 12: Operational planning and control

12.1 General (ISO 45001, Clause 8.1)

12.2 Control of OHSMS processes

12.3 The hierarchy of controls

12.4 Permit to work

12.5 Personal protective equipment

12.6 Management of change (ISO 45001, Clause 8.1.3)

12.7 Behaviour-based safety

12.8 Critical pressure equipment

Chapter 13: Procurement

13.1 General (ISO 45001, Clause 8.1.4.1)

13.2 Contractors (ISO 45001, Clause 8.1.4.2)

13.3 Outsourcing (ISO 45001, Clause 8.1.4.3)

Chapter 14: Emergency preparedness and response

14.1 General requirements (ISO 45001, Clause 8.2)

14.2 Preparedness

14.3 Response

14.4 Documented information

Chapter 15: Monitoring, measurement, analysis and performance evaluation

15.1 General (ISO 45001, Clause 9.1)

15.2 Requirements (ISO 45001, Clause 9.1.1)

15.3 Health monitoring and surveillance

15.4 Performance indicators and criteria

15.5 Measuring and monitoring equipment

15.6 Measuring and monitoring plan

15.7 Evaluation of regulatory compliance (ISO 45001, Clause 9.1.2)

Chapter 16: Internal OHSMS audit

16.1 Why conduct internal audits? (ISO 45001, Clause 9.2.1)

16.2 Internal audit programme (ISO 45001, Clause 9.2.2)

16.3 Internal audit criteria and scope

16.4 Competence of auditors

16.5 Audit as a tool for continual improvement of OH&S performance

16.6 Implementing an OH&S internal audit programme

16.7 Documented information

Chapter 17: OHSMS review

17.1 General

17.2 Requirements (ISO 45001, Clause 9.3)

17.3 Inputs to the management review process

17.4 Management review output

Chapter 18: Continual improvement of the OHSMS

18.1 General (ISO 45001, Clause 10.1)

18.2 Incident, nonconformity and corrective action (ISO 45001, Clause 10.2)

Chapter 19: Continual improvement

19.1 Requirements

19.2 Opportunities for continual improvement

Chapter 20: Beyond ISO 45001

Appendix A: A sample risk assessment for a small warehouse

Appendix B: A 3x3 risk matrix for severity and likelihood

Appendix C: A 5x5 risk matrix for severity and likelihood

Appendix D: A 6x6 risk matrix for severity and likelihood

Appendix E: A sample hazard identification and risk assessment procedure

Appendix F: HAZOP

Appendix G: A sample procedure for identifying and managing occupational health hazards

Appendix H: A sample programme for occupational health surveillance

Appendix I: An example of ‘planning’ to achieve OH&S objectives

Appendix J: A sample procedure for competence, training and awareness

Appendix K: Behaviour-based safety

Appendix L: A sample procedure for critical pressure equipment

Appendix M: A sample OH&S measuring and monitoring plan

Appendix N: A sample of an OHSMS review input report

Appendix O: A sample corrective action request form

Bibliography

Further reading

Index

CHAPTER 1: ISO 45001

1.1 The need for ISO 45001:2018

It is common for organisations to simultaneously implement a number of management system standards such as ISO 14001, ISO 9001, ISO 22001 and OHSAS 18001. Although most standards follow the ISO’s Annex SL, and have the same high-level structure in terms of clauses, sequence and terminology, this was not the case with OHSAS 18001. Hence the