Today is World Day for Health and Safety at Work - did you know that over 7600 people die worldwide each day from work-related accidents or diseases? Or did you know that 147 workers in the UK were killed at work in 2018 / 2019? That’s one person every 2.5 days…
The new ISO 45001:2018 standard was launched in March 2018 and was developed by ISO to “help organizations to improve employee safety, reduce workplace risks and create better, safer working conditions, all over the world”. If your business holds currently holds certification to OHSAS 18001:2007, you have until 30th September 2021 to ‘migrate’ your management system to meet the new requirements. Please note that the original migration deadline of March 2021 has been extended by IAF due to the ongoing Covid 19 Pandemic.
I have now successfully completed two migration projects (Schneider Electric and Herman Miller both on behalf of ConsultQA) and one implementation project (Great Western Recycling) against the requirements of ISO 45001:2018 and took the opportunity to gather some Top Tips from the certification body auditors along the way!
Top Tip 1 - Carry out a Gap Analysis
You need to identify the gaps between your current health and safety management system and the new ISO 45001:2015 requirements. There are some significant changes, particularly around consulting and communicating with your workforce and providing them with opportunities to participate in health and safety. The easiest way to carry out to carry out a gap analysis is by writing a list of clauses (or downloading this template) and asking:
- What does this clause mean to us?
- What are we already doing?
- What else do we need to do?
Top Tip 2 - Identify your Business Context
Understanding the space your business operates in is a key part of risk management - I use the basic SWOT structure combined with the PESTLE mnemonic to identify internal and external issues facing my clients, we usually do this in a discussion with a range of people across the business – not just the Directors and Managers. Here are a set of questions which are a useful starting point for the discussion:
- Who are we?
- What do we do?
- Why are we doing it?
- Where do we do it?
- Who do we do it for?
- Who do we do it with?
If you have already carried this exercise out for your Quality or Environmental Management System, you don’t need to repeat it, but you will need to review your existing information and make sure that it includes health and safety issues.
Top Tip 3 - Are you Leading health and safety?
There are now explicit requirements for leadership from ‘Top Management’ including “developing, leading and providing a culture in the organisation that supports the intended outcomes of the occupational health and safety management system” (ref: ISO 45001:2018 clause 5.1 j) What are you doing to demonstrate active involvement in the management of health and safety in your business? Are you on the shop floor talking to people? Are you making sure there are enough resources? Is there an open culture which encourages people to come forward with ideas or concerns? What happens if people do raise a concern – how are these dealt with?
Top Tip 4 - Is the way you manage health and safety integrated into normal business activities?
Don’t let ‘elf and safety’ become an add on which is perceived as getting in the way! I always try and change the language from “we do this because the rules say we have to’ to “we do this because this is important to us”.
One paragraph doesn’t provide enough room to talk about culture and perceptions but wherever you can, make doing the right thing the easy thing – for example a mobile worker can’t access the job details until they have filled in a quick dynamic risk assessment to identify if there is anything different about this particular site. Or a machine won’t start unless the safety guard is in position. Or there is a 10 minute briefing at the start of every shift to update everybody on what is going on and any issues of the day.
Top Tip 5 - Don’t forget your Workers
Although ‘workers’ are mentioned in OHSAS 18001:2007, they are now defined in ISO 45001 as “persons performing work or work related activities that are under the control of the organisation” (ref: ISO 45001:2018 clause 3.3) This can include employees, contractors, volunteers etc and are obviously a key interested party. You may need to think about organising workers into different groups as different work activities will have different hazards and consequences to manage and may need different methods of communication.
Top Tip 6 - Provide opportunities for Consultation and Participation
It is important to understand the difference between the two and work out how you are going to encourage and support both:
- Consultation is “seeking views before making a decision” (ref: ISO 45001:2018 clause 3.5)
- Participation is “involvement in decision making” (ref: ISO 45001:2018 clause 3.4)
Use the information gathered in your Gap Analysis (see Top Tip 1) to identify if there are any groups of workers who are not covered by existing consultation and participation methods – assuming you have some in place already. What about remote or mobile workers? How do you reach out and involve them?
- Carry out new risk assessments or reviews of existing risk assessments with a relevant group of people, walk through the activity and discuss each stage and the resulting hazards and control measures. Record everybody’s name and any suggestions for improvement
- Implement a ‘point of work’ or ‘dynamic’ risk assessment process – this is particularly useful if you have a mobile workforce who are working on different sites, a) the thought process should help workers identify hazards and do something about them on site and b) the records are another way to demonstrate participation
- Have an effective committee or group where everybody can be heard on health and safety issues - it helps if biscuits are provided (!) and the committee has a good name (one of my clients has QWEST which covers Quality, Wellness, Energy, Environmental and SafeTy) Another good idea is to include the topics listed in clause 5.4 in the standard agenda for the committee
- Create an easy way for people to tell you about ideas for improvement or things that have happened (accidents) or things that nearly happened (near misses). Act on the things you have been told about and provide feedback about what has been done (or why it hasn’t)
Consultation with workers is also a legal requirement (in the UK) under two separate pieces of legislation – there is some useful information on the Consult and Involve pages on the HSE website.
Top Tip 7 - Look at your Supply Chain
Every time you buy something and bring it into your organisation, you are potentially importing a risk, the table below provides a range of examples from low risk paperclips to high risk activities carried out by sub-contractors on your behalf.
|Item||Issues to consider||Likely level of risk|
Speed of delivery
Cost of purchase
|Sub-Contract operatives – for example working at height on a customer’s site on your behalf||Competence, working at height, self-rescue, electronics, engineering etc Insurance Experience Security requirements for individuals to access sites||High – if the sub-contract operative has an accident on the customer’s site, this could have severe consequences for both the individual, the customer and your business|
|Sub-Contract services – for example welding metal components of a walkway||Competence (coded welding etc) Non-Destructive Testing capability Delivery times Design capability if required||High – if the walkway collapses due to weld failures this could have very severe consequences for a number of people.|
Suppliers need to be evaluated and managed to control the level of risk imported into your organisation. I work with my clients to identify the high-risk suppliers, this is usually a combination of spend with that supplier and the risk of the activities being carried out or services being provided. Once we have identified the high-risk suppliers, we then review what information we hold on them and what further information we need to gather – this can include:
- Companies House information (Directors, Accounts etc)
- ISO certifications and other accreditations (SafeContractor, Constructionline, CHAS etc)
- Risk Assessments and Method Statements
- Competency records
- Accident / Incident history and what actions were taken
For more information about managing supply chains please see my World Accreditation Day 2019 blog post here.
Top Tip 8 - Get started!
Although we are all living and working in strange times at the moment, my last top tip is to get on with it your migration project. It may be that your business has slowed down so you have more time to think about and plan the project or you may well have had to review key working practices and risk assessments to manage the risk of Covid 19 to your workers. Whatever improvements you are carrying out to your existing documentation, try and do this in light of the updated requirements of ISO 45001:2018.
If your business holds OHSAS 18001:2007 certification, you have got until 30th September 2021 to migrate your certification to ISO 45001:2018 before your existing certification lapses and becomes invalid. Most certification bodies are requiring an additional day to be added onto the existing audit plan to carry out the migration, so it is worth considering where you want to add the extra day in your certification cycle. Anecdotally there seems to be a faster uptake of migration audits than in the previous ISO 9001 / ISO 14001 transitions in 2018, but it is always worth talking to your certification body early to make sure you have your preferred dates and auditors available to you.
Managing health and safety risks at work contributes to various UN Sustainable Development Goals, particularly number 3 Good health and wellbeing and number 8 Decent Work and Economic Growth the ISO 45001 page also connects the standard to numbers 5, 9, 10, 11 and 16.
I hope these Top Tips have been useful to you – if you have any questions about your ISO 45001:2018 migration project, please get in touch and contact me as I’d love to find out more about your business and how I can help.