ISO 45001 is a standard created with various requirements to help organisations improve employee safety, reduce workplace risks and create better working conditions. Some of these are:

Hazard identification and assessment of risks and opportunities
You’ll need a process for ongoing and proactive hazard identification, which will take into account many factors – how work is organised, social factors, leadership, culture, routine and non-routine activities, infrastructure, equipment, physical factors, human factors, past and potential incidents and emergencies, people in the workplace, in the vicinity of the workplace and workers at a location not under direct control of the organisation (e.g. mobile workers or workers who travel to perform work-related activities at another location), actual and proposed changes and changes in knowledge. These hazards and the methodology you’ve used to assess them needs to be documented.

Incident, nonconformity and corrective action
This is all about how you are reporting, investigating and taking action on incidents or nonconformities. You need to: react in a timely manner to control, correct and deal with consequences; evaluate, with participation of workers and other relevant interested parties as appropriate; analyse to determine and eliminate root causes; formally investigate if deemed significant; determine if similar incidents have or could occur; review existing risk assessments; review effectiveness of the action taken; check that corrective actions are appropriate.

Consultation and participation of workers
You should have a process for consultation and participation of workers at all applicable levels and functions, including workers’ representatives as necessary, in development, planning, implementation, performance evaluation and improvements of your OH&S system. You need to provide time, training, resources, access to information and remove obstacles and barriers to participation. You should ensure consultation of non-managerial workers on needs and expectations of interested parties, policy, roles and responsibilities, etc.

Determination of legal requirements and other requirements
Similar to ISO 14001, the organisation should have a process to determine and have access to health and safety (as opposed to environmental) legal requirements and other requirements applicable to its OHSMS, and to determine how these requirements apply to the OHSMS. The process should cover:

• What are the organisation’s legal and other requirements and how are they determined, accessed and kept up-to-date;
• How do these legal and other requirements apply to the organisation’s activities, processes, plant & equipment, workforce, hazard profile & associated OH&S risks, the overall OH&SMS and its OH&S performance;
• How these legal and other requirements are taken into account when establishing, implementing, maintaining and continually improving the organisation’s OH&S management system.

Then there are ‘other’ requirements, and this is used as a catch-all term for a range of sources which may or may not apply to you, such as:

• Parent company protocols or policies;
• Collective bargaining agreements;
• Voluntary adherence to sector or trade body guidance documents;
• Contractual conditions;
• Employment agreements;
• Voluntary principles, codes of practice, technical specifications, charters;
• Public commitments of the organisation or its parent company.

Eliminating hazards and reducing OH&S risks
You’ll need to establish, implement and maintain processes for the elimination of hazards using the ‘hierarchy of controls’. This concept is key in health & safety, where risks should be reduced to the lowest reasonably practicable level by taking preventative measures, in order of priority. 

The table below sets out an ideal order to follow when planning to reduce risk from construction activities, and you should consider the headings in the order shown - do not simply jump to the easiest control measure to implement:​

Management of change
You should have a process for implementation and control of planned temporary and permanent changes. This can involve (but is not limited to!) new products, services and processes; workplace locations; work organisation; conditions; equipment; workforce; legal and other requirements; and knowledge about hazards and risks and developments in technology. You need to review the consequences of any unintended changes and take action to mitigate any negative H&S impacts.

If you would like to look at how to implement an ISO 45001 H&S management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

Last month we looked at why a H&S management system is important. This week we’ll take a closer look at what sort of things are in a H&S management system, the kind of issues that it will need to address.

So, for starters, the sort of things that you'll need to consider would be:

• Defining the OHSMS and its scope within your organisation
• Developing procedures for the ongoing identification of hazards, assessments of risks and determination of the necessary controls
• Developing an OH&S programme with objectives and targets
• Defining relevant management, accountability, structure, roles, responsibilities, authorities, etc
• Ensure that persons performing tasks are competent and trained to do them safely
• Outline effective processes for internal & external communications
• Controlling H&S-related documents so that current versions are distributed and available at points of use and obsolete versions are removed
• Identifying critical functions associated with the identified hazards where controls are necessary
• Having a process in place for identifying and responding to H&S-related emergencies
• Developing plans to monitor and measure OH&S performance on a regular basis
• Developing processes for scheduling evaluations of compliance, investigating incidents and acting on health and safety non-conformances, and conducting audits at planned intervals

 
Why you should use ISO 45001 as your Health & Safety Management System
 
Workplace accidents and injuries significantly damage the productivity and efficiency of your operations. Studies have estimated that for every £1 of direct costs incurred in treating and providing disability benefits to an injured employee, employers incur an additional £4 in indirect costs, such as management time spent investigating and handling the claim, lost productivity of the injured worker, hiring and retraining a replacement employee, associated property damage and more.
 
The cumulative consequences of injuries and accidents are sobering. Such incidents seriously affect bottom-line profit by adding unnecessary costs to your operations and subjecting your company to potential fines and penalties. These costs can range from tens to hundreds of thousands of pounds, depending on the size and scope of your business.
 
In fact, in February 2016, the H&S punishments regime was considerably beefed up - when the court embarks on its consideration of the appropriate financial penalty, it is required to consider a number of separate steps including:

• the seriousness of the offence by determining the risk of harm (low, medium or high) and culpability of an offender;
• the appropriate starting point and category range for an offence, based on a company’s turnover, using tables provided in guidelines. There are five categories of organisation ranging from micro (where turnover is not more than £2 million) to ‘very large’ (where the offending organisation’s turnover very greatly exceeds the threshold for large organisations, namely £50 million and over);
• a range of factual elements providing the context of the offence to establish if further adjustment of the fine within the category range is required (the aggravating and mitigating features);
• whether the proposed fine fulfils the objectives of sentencing these types of offences (i.e. reflecting the seriousness of the offence and the financial circumstances of the offender). The court may adjust the fine upwards or downwards, including outside the range, by looking at factors such as profitability and the impact of the fine on the ability of the offender to improve conditions in the organisation;
• any factors which indicate a reduction, such as assistance to the prosecution and a reduction for guilty pleas. 

 
Courts expect full financial accounts to be served and will consider wider financial information such as details of director remuneration, assets, loans, etc, to establish a clear picture of the company’s financial resources. The guidelines are clear - the fine must be sufficiently substantial to have a real economic impact and bring home to management and any shareholders the need to comply with health and safety legislation. 
 
The need for putting in an OHSMS has never been greater, and ISO 45001 fits the bill perfectly. Once your organisation has embraced the need to prioritise workplace safety, the standard gets you to focus on two interrelated, yet distinctly different, objectives: compliance and accident prevention.
 
Many organisations, however, make the mistake of limiting their efforts to this first objective, and neglect the second, much greater, challenge: accident prevention. A successful workplace safety programme requires that an organisation address and achieve both objectives.
 
If you would like to look at how to implement an ISO 45001 H&S management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

It is becoming more and more important that organisations can demonstrate that they are thinking about their health & safety duties. But it is not just a case of ‘doing the right thing’, there’s also a strong business case to putting in place a strong health and safety management system.

Businesses owe a duty of care to safeguard health and safety at the workplace and they must have an awareness of the main provisions of the Health and Safety at Work Act and subordinate regulations relevant to their activities.

The primary purpose of the Health and Safety at Work Act should be to help prevent death, injury and ill-health within the workplace – not simply to prosecute offenders – and this objective should not be forgotten, despite the increased amount of health and safety prosecutions, particularly of individuals, in recent years.

In order to reduce the risk of prosecution and maintain a preventative approach to health and safety, businesses should:

• Develop and regularly review their health and safety policies;
• Properly assess the risks posed by their activities;
• Consult their employees about anything that could significantly affect their health and safety at work; and
• Seek the advice of competent health and safety professionals to ensure that they are discharging their legal duties.

ISO 45001 is an Occupational Health and Safety Management System (OHSMS) which will make sure you meet these legal obligations as well as providing a system for measuring and improving your health and safety impact.

ISO 45001:2018, as the designation suggests, is a relatively new standard in the ISO community, and is based on OHSAS 18001, as well as conventions and guidelines of the International Labour Organization including ILO OSH 2001, and other national standards. It includes elements that are additional to BS OHSAS 18001 which it replaced over a three-year migration period from 2018 to 2021.

The key additions in ISO 45001 compared to OHSAS 18001 are:

• Context of the organisation
• Understanding the needs and expectations of workers and other interested parties - interested parties would include workers, suppliers, subcontractors, clients, and regulatory authorities
• Risk and opportunities - this would include enhancing health and safety at the workplace
• Leadership and management commitment
• Planning

ISO 45001 follows the High Level Structure of other ISO standards, such as ISO 9001:2015 and ISO 14001:2015, which makes integration of these standards easier.

There can be a range of benefits to companies who use an ISO 45001 OHSMS, such as: 

• Building an organisation around H&S best practice (particularly useful if you operate in a high-risk sector)
• Reducing third party audits - if you work in a high-risk sector, you can often by-pass the need for supplier audits if you can produce evidence of having an OHSMS in place
• Reducing risk of accidents and incidents
• Improving employee motivation, awareness, and morale if you can show you take their H&S welfare seriously
• Lowering insurance premiums
• Improving managerial oversight for H&S - remember, what you can’t meaningfully manage you can’t meaningfully improve
• Continually looking for new H&S risks (e.g. a global pandemic!) and opportunities for improvement

The true value of ISO 45001 comes from linking your business strategy and your health and safety management system - not developing a standalone set of documents.

Using ISO 45001 to help manage risks and contractors, core and support processes, equipment and people gives you the opportunity not only to control but to assess and improve the health and safety of your workers, subcontractors, clients and others. 

If you would like to look at how to implement an ISO 45001 Health & Safety management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

​When future history books are written, the pandemic of 2020 may well go down as the time when the way we live and work changed fundamentally.

The workplace of the future could look markedly different from the ones we were using in 2019, from flexible working spaces to plasma ventilation systems, body temperature sensors, desk screens, and the many other things which may become commonplace.

Undoubtedly many things will change because they will have to, in order to remain relevant and useful to our current plight. And ISO standards will be no different.

There are current elements of ISO standards which have already become more prominent and important to the organisations that use them. Hopefully this will also spur others to see the value they can bring in a Covid and (hopefully, and soon) post-Covid world.

Our first example will be ISO 9001, which is the standard that deals with the management of quality systems, and its focus on disaster recovery and business continuity.

With this standard you have to look at your risks and document them, along with the controls you’ll use to minimise any adverse affects this would have. Typical risks have traditionally been identified as extreme weather events affecting property, transport and power supplies (which can also have an impact on global supply chains); cyber-attacks and disruption to IT systems; changes to regulations and the political landscape; an loss of customer confidence due to negative publicity.

The idea is that you’ll manage disruption and limit the effects of these events to ensure business gets back to normal as quickly as possible.

Now, we’ve seen many a Business Continuity Plan that has also listed ‘pandemic’ as a scenario, but one that has probably never been envisaged as coming to pass. However, this is without doubt going to change, and how a business weathers a ‘virus event’ will become a hot topic for discussion across management teams up and down the country for years to come.

Another big area of significance will be attached to ISO 45001 - the standard addressing health & safety - and how assessing the risk of Covid in the workplace will become a primary concern.

In the UK, this falls under general management of health and safety in the workplace regulations, and all employers have to take reasonable steps to protect workers and others from the virus. A Covid-19 risk assessment is seen as a key part of this.

Guidance from the Health and Safety Executive, itself using guidance from Public Health England, drew up a series of issues an employers need to take into account when undertaking this assessment, such as identifying what work activity or situations might cause transmission of the virus; who could be at risk; how likely it was that someone could be exposed; and how they would act to remove the activity or situation, or if this wasn’t possible, control the risk.

In addition, some groups of people could be at more risk of being infected and/or an adverse outcome if infected, and this also need to be considered in the risk assessment.

So having a properly set up health & safety management system with a defined way of carrying out risk assessment using all of the available guidance definitely made life easier for organisations that had the ISO 45001 standard, and will continue to do so.

And finally, a nod to the importance of the ISO 27001 information security standard - organisations that had an information security management system in place found it so much easier to handle setting up staff working from home.

​Organisations with the standard already had a suite of policies for working from home, along with risk assessments already completed, controls in place to combat unauthorised remote access, logging access to networks traced in the event of an incident, along with processes in place to close down any incidents as quickly as possible.

So as we change our ways of working, many elements of the most popular ISO standards are there to make it as easy as possible.

​And the reason? Because they are all ‘risk-based’ standards. This means that they help you to focus your resources toward things that present a higher risk to you and your customers and clients. And these days, that means a lot.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

​As isolation is eased and people return to work, governments across the UK are requiring organisations to complete risk assessments as part of the permission to resume normal service.

Health and safety law requires employers, who continue to operate under current circumstances, to do ‘what is reasonably practicable’ to protect their staff and members of the public.

As an employer, you’re required by law to protect your employees, and others, from harm. Under the Management of Health and Safety at Work Regulations 1999, the minimum you must do is:

• identify what could cause injury or illness in your business (hazards)
• decide how likely it is that someone could be harmed and how seriously (the risk)
• take action to eliminate the hazard, or if this isn’t possible, control the risk
• Assessing risk is just one part of the overall process used to control risks in your workplace.

To fulfil this duty in addressing the risk from COVID-19 all companies must review their risk assessments and put in place measures to ensure the guidance available from their respective governments (in England, Northern Ireland, Scotland and Wales) is implemented.

Risk assessment covering exposure to Covid-19 will be different from one organisation to another. Healthcare workers, retail cashiers, home delivery drivers, utility engineers and construction workers have different exposure to this risk. 

A risk assessment should recognise the virus as a hazard. It should also reflect that the virus is spread in minute water droplets that are expelled from the body through sneezing, coughing, talking and breathing. 

The virus can be transferred to the hands and from there to surfaces. It can survive on surfaces for a period after transfer (depending on such things as the surface type, its moisture content and temperature). The risk assessment should conclude that if it is passed from one person to another, while many survive infection, some may die from the disease. It should be regarded as a high hazard.

The safety hierarchy of control can serve you well in considering what can be done. Any mitigation controls devised and implemented must reduce exposure of employees and anyone else who could be infected by your employees. 

Control considerations must include identification of those who may have the disease, preventative measures and what to do if you find if an employee has contracted the disease. In other words, there may be elements of management systems design to think about. Decisions about what may be done must be realistic and reasonably practicable: achievable given the resources available.

Elimination is the best form of control. Can we eliminate the virus? Only through vaccination, so there is little that can be done by organisations. They are reliant on government response. Organisations should monitor vaccine availability and the priority of their workforce in any future vaccination programme so that arrangements can be made promptly. Social distancing and staying at home are not forms of elimination, but an administrative control. 

Next in descending order is substitution: replacing the virus for something less harmful is not possible. Engineering controls place a physical barrier between the person and the hazard, or provide mechanical reduction of the hazard. Placing screens between people (e.g. cashier points in shops) will interrupt the flow of air from one person to another and therefore provide protection. 

Providing ventilation is also an option. Recent research has shown that downward ventilation onto a patient’s bed considerably reduces the exposure of healthcare workers to infected droplets suspended in the air. Care must be taken if ventilation is to be considered. The fundamental question is where the potentially infected water droplets are ventilated to. It’s no good if they are blown onto other people or surfaces and increase exposure elsewhere. But as a principle it is worthy of some consideration e.g. ask whether the job must be done in a workshop, or can be done outside. 

But then also consider exposure to ultraviolet radiation and other risk. Ventilation is a good control if it takes infected air away from people and transfers it to somewhere where the virus will not do harm. 

Administrative controls provide the best options for most organisations. The risk assessment must consider how you will keep the workplace and equipment clean, adjust your working practices and ensure people are safe.

As an ISO consultancy obviously there is a big focus on taking a risk-based approach and the assessment of risk, evaluating effectiveness of control measures, complying with regulations, legislation, etc.

As businesses start to mobilise they’ll have the twin issue of new, immediate significant risks which will have arisen due to the pandemic alongside dealing with budget constraints and limited compliance resources.

We’ve been helping businesses in these scenarios, assessing their risk and conducting a review with the aim of identifying core compliance requirements. Much of this has been driven by their own clients requiring supply chains to undertake a proper Risk Assessment of current working arrangements. 

Significantly, the crisis may have caused companies to find new suppliers that have not been fully vetted due to time pressures. Likewise, the pandemic may have caused substantial risks to employee safety associated with reopening businesses, such as effective social distancing. This emerging risk will likely call for the development of new policies and procedures that will require close oversight by senior management.

Our review will usually entail a historic review of internal procedures and controls to identify past activities or other problems to determine where the biggest risks reside. At this point we undertake a detailed COVID-19 Risk Assessment. External industry risks such as enforcement actions are considered as well.

But for those businesses who simply want to undertake their own detailed assessment, we are giving away the template we use for free. You can simply download it here.

There is no catch, we won’t ask you to sign up for anything, simply download, conduct the Risk Assessment and get back to work!

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).