The new Occupational health and safety standard ISO 45001 was released on the 12th of March 2018. It intends to improve the safety standards of the workplace. This standard will focus more on identifying and controlling the safety risk when compared to the OHSAS 18001 and AS/NZS 4801.
Organisations already certified to OHSAS 18001 have three years from the 12th of March 2018 to migrate to the new ISO 45001 standard. Your existing certification body will send you information about the migration but you can expect additional audit days to be added to your standard surveillance audit.
Organisations certified to AS/NZS 4801 currently can obtain non JAS-ANZ accredited certification to ISO 45001 with certification bodies planning to reissue the ISO 45001 certificates with the JAS-ANZ logo once it has been adopted by JAS-ANZ. Based on current information from Standards Australia, ISO 45001 should be adopted around October 2018.
In ISO 45001 standard, a new clause “Context of the Organisation” will be introduced. It will determine and analyse internal and external issues of an organisation that can impact the objectives it in intends to achieve with its OH&S management system.
Another difference between both the standards is that the new standard requires companies to assess risk management methods of suppliers and contractors. Every organisation needs to consider and control such methods for their contractors and subcontractors, in case they are outsourcing work.
New definitions of few terms will be introduced with the ISO 45001 standard. These terms include:
Some fundamental concepts of the OHSAS 18001 will be changed in this new standard. These concepts include:
The current OH&S standard, which is followed globally for OH&S management system focus more on hazards of risk. However, due to growing number work-related accidents, ISO 45001 puts more importance on the identification of the risks of the organisation. Moreover, it also focuses on controlling those risks.
A new term “Documented Information” has replaced “Document” and “Records” in the existing standard. This term covers the information, which is required to be maintained and controlled by an organisation. The documented Information must also contain information related to health and safety processes that are carried out according to the plan.
Previously there was a requirement for appointing a management representative which has been removed and replaced by 13 responsibilities that need to be allocated to Senior Management. Some of these responsibilities are:
ISO 45001 includes additional commitments that an organisation needs to demonstrate in their Health and Safety Policy. You will need to amend you policy to include:
Consultation and Participation of Workers (Clause 5.4)
AS/NZS 4801 had sections for consultation and communication but ISO 45001 adds the following requirements:
As part of ISO 45001 organisations are required to determine and assess risks and opportunities related to the establishment, implementation, operation and maintenance of the management system
Examples of risks are:
Examples of opportunities are:
The requirements for the identification of hazards and what you need to take into have been expanded. One item that stands out is the requirement to take into account “how work is organised, social factors (including workload, work hours, victimisation, harassment and bullying), leadership and the culture of the organisation.” when identifying hazards.
AS/NZS 4801 had required documented procedures for topics such as hazard management and training and competency. ISO 45001, like other Annex SL based ISO standards requires organisations to have documented information. Documented information is defined as:
“Information required to be controlled and maintained by an organisation and the medium on which it is contained.”
Given that ISO 45001 has a risk-based approach to management systems it is up to the organisation to determine what documented information will be retained to demonstrate compliance. Examples of this include emails, videos, forms, chat messages, software and photos. When determining what documented information is required you’ll need to take into account legal requirements, e.g. SWMS and WHS Management Plans.
A common criticism for AS/NZS 4801 was the lack of specific requirements for extending the health and safety management system to address subcontractors and other parties. ISO 45001 has a section just for procurement which outlines the specific requirements for considering and managing the health and safety risks arising from:
The procurement process needs to define and apply criteria for the selection of contractors. Outsourced processes need to be identified and controlled, the degree and extent of control should be relative to the contractors risk profile.
Evaluation of compliance (Clause 9.1.2)
Previously in AS/NZS 4801 you were required to establish procedures to identify and have access to all legal and other requirements that are applicable to the organisation. ISO 45001 requires organisations to evaluate their compliance with legal and other requirements and retain documented information of the evaluation results. For organisations already compliance with ISO 14001:2015 for environment this is something you’ve already had to consider.
For organisations that have existing health and safety management systems. Compliance Council have a simple 3 step process for migrating to ISO 45001.
Gap-Analysis
You can’t effectively migrate without understanding how your existing management system aligns with the standard.
Integrate
You have the opportunity to refine your processes and integrate them with your quality and environment management systems. Given that the majority of ISO 45001’s requirements follow the same high level structure as ISO 9001 and ISO 14001 it will be a very straightforward project to integrate the processes.
Educate
With the changes that occur as part of implementing ISO 45001, it is a good opportunity for your organisation to educate your colleagues at relevant functions and levels in your organisation from Senior Management to your frontline employees. Education doesn’t just have to be presentations and other training, it could be through involving your employees in the revision of the health and safety processes so they gain a better understanding of the requirements.