The new Occupational health and safety standard ISO 45001 was released on the 12th of March 2018. It intends to improve the safety standards of the workplace. This standard will focus more on identifying and controlling the safety risk when compared to the OHSAS 18001 and AS/NZS 4801.

Process for Migration

Organisations already certified to OHSAS 18001 have three years from the 12th of March 2018 to migrate to the new ISO 45001 standard. Your existing certification body will send you information about the migration but you can expect additional audit days to be added to your standard surveillance audit.

Organisations certified to AS/NZS 4801 currently can obtain non JAS-ANZ accredited certification to ISO 45001 with certification bodies planning to reissue the ISO 45001 certificates with the JAS-ANZ logo once it has been adopted by JAS-ANZ. Based on current information from Standards Australia, ISO 45001 should be adopted around October 2018.

Key differences between OHSAS 18001 and ISO 45001

Context of the Organization

In ISO 45001 standard, a new clause “Context of the Organisation” will be introduced. It will determine and analyse internal and external issues of an organisation that can impact the objectives it in intends to achieve with its OH&S management system.

Accessing Risk management for Suppliers & Contractors

Another difference between both the standards is that the new standard requires companies to assess risk management methods of suppliers and contractors. Every organisation needs to consider and control such methods for their contractors and subcontractors, in case they are outsourcing work.

New Definitions

New definitions of few terms will be introduced with the ISO 45001 standard. These terms include:

• Monitoring
• Effectiveness
• OH&S Performance and Performance
• Measurement

Change in Fundamental Concepts

Some fundamental concepts of the OHSAS 18001 will be changed in this new standard. These concepts include:

• Risk
• Worker
• Workplace

Identification & Control of Risks

The current OH&S standard, which is followed globally for OH&S management system focus more on hazards of risk. However, due to growing number work-related accidents, ISO 45001 puts more importance on the identification of the risks of the organisation. Moreover, it also focuses on controlling those risks.

Documented Information

A new term “Documented Information” has replaced “Document” and “Records” in the existing standard. This term covers the information, which is required to be maintained and controlled by an organisation. The documented Information must also contain information related to health and safety processes that are carried out according to the plan.

Key differences between AS/NZS 4801 and ISO 45001

Management Representative (Clause 5.1)

Previously there was a requirement for appointing a management representative which has been removed and replaced by 13 responsibilities that need to be allocated to Senior Management. Some of these responsibilities are:

• Ensuring the integration of health and safety management system requirements into the organisations business processes
• Communicating the importance of the management system and of conforming to the requirement of the management system
• Ensuring and promoting continual improvement
• Developing, leading and promoting a culture in the organisation that supports the intended outcome of the management system
• Protecting workers from reprisals when reporting incidents and hazards

Health & Safety Policy (Clause 5.2)

ISO 45001 includes additional commitments that an organisation needs to demonstrate in their Health and Safety Policy. You will need to amend you policy to include:

• a commitment to providing safe and healthy working conditions for the prevention of work-related injury and ill health,
• a commitment to eliminating hazards and reducing OH&S risks and
• a commitment to consultation and participation of workers, and, where they exist, workers representatives.

Consultation and Participation of Workers (Clause 5.4)
AS/NZS 4801 had sections for consultation and communication but ISO 45001 adds the following requirements:

• Provide time, training and resources necessary for consultation and participation
• Determine and remove obstacles or barriers to participation and minimise those that cannot be removed. Examples of obstacles or barriers include:
• Failure to respond to worker suggestions
• Language or literacy barriers
• Reprisals or threat of reprisals
• Practices that discourage or penalise worker participation
• Consult non-managerial workers when:
• Determining the needs and expectations of interested parties
• Assigning roles and responsibilities for the management system
• Determining how to fulfil legal and other requirements
• Establishing health and safety objectives
• Seek participation of non-managerial workers when:
• Determining the competence requirements, training needs and evaluating training
• Determining what needs to be communicated and how this will be done
• Investigating incidents and nonconformities and determining corrective actions

Risks in ISO 45001 go beyond hazards (Clause 6.1)

As part of ISO 45001 organisations are required to determine and assess risks and opportunities related to the establishment, implementation, operation and maintenance of the management system

Examples of risks are:

• Lack of commitment to the implementation of an effective health and safety management system
• Non-compliance with legal and other requirements

Examples of opportunities are:

• Use of technology to improve health and safety performance
• Planning and conducting initiatives to improve health and safety culture

Psychosocial hazards (Clause 6.1.2.1)

The requirements for the identification of hazards and what you need to take into have been expanded. One item that stands out is the requirement to take into account “how work is organised, social factors (including workload, work hours, victimisation, harassment and bullying), leadership and the culture of the organisation.” when identifying hazards.

Documented information (Clause 7.5)

AS/NZS 4801 had required documented procedures for topics such as hazard management and training and competency. ISO 45001, like other Annex SL based ISO standards requires organisations to have documented information. Documented information is defined as:

“Information required to be controlled and maintained by an organisation and the medium on which it is contained.”

Given that ISO 45001 has a risk-based approach to management systems it is up to the organisation to determine what documented information will be retained to demonstrate compliance. Examples of this include emails, videos, forms, chat messages, software and photos. When determining what documented information is required you’ll need to take into account legal requirements, e.g. SWMS and WHS Management Plans.

Procurement (Clause 8.1.4)

A common criticism for AS/NZS 4801 was the lack of specific requirements for extending the health and safety management system to address subcontractors and other parties. ISO 45001 has a section just for procurement which outlines the specific requirements for considering and managing the health and safety risks arising from:

• The subcontractor’s operations
• The impact of your organisations operations on the subcontractor
• The subcontractor’s impact on other interested parties

The procurement process needs to define and apply criteria for the selection of contractors. Outsourced processes need to be identified and controlled, the degree and extent of control should be relative to the contractors risk profile.

Evaluation of compliance (Clause 9.1.2)

Previously in AS/NZS 4801 you were required to establish procedures to identify and have access to all legal and other requirements that are applicable to the organisation. ISO 45001 requires organisations to evaluate their compliance with legal and other requirements and retain documented information of the evaluation results. For organisations already compliance with ISO 14001:2015 for environment this is something you’ve already had to consider.

Three steps to migrate to ISO 45001

For organisations that have existing health and safety management systems. Compliance Council have a simple 3 step process for migrating to ISO 45001.

Gap-Analysis

You can’t effectively migrate without understanding how your existing management system aligns with the standard. 

Integrate

You have the opportunity to refine your processes and integrate them with your quality and environment management systems. Given that the majority of ISO 45001’s requirements follow the same high level structure as ISO 9001 and ISO 14001 it will be a very straightforward project to integrate the processes.

Educate

With the changes that occur as part of implementing ISO 45001, it is a good opportunity for your organisation to educate your colleagues at relevant functions and levels in your organisation from Senior Management to your frontline employees. Education doesn’t just have to be presentations and other training, it could be through involving your employees in the revision of the health and safety processes so they gain a better understanding of the requirements.