October 8, 2008
What does the current meltdown of the global financial markets teach us?
To paraphrase a line from the last presidential election - “It’s the System, Stupid.”
Right now, there is a lot of finger-pointing and plenty of blame to spread around. This mess is not, however, the fault of a single individual, a single institution or, even, a single political party. Instead, it is the system that is flawed.
Read the rest of this entry »
Posted in OHSAS 18001:2007 Revisions, OHSMS Implementation 
0 Comments » Trackback This Post
August 29, 2008
The ANSI-ASQ National Accreditation Board (ANAB) is seeking public comment on its Draft Accreditation Rule A on OHSMS Program. ANAB is the U.S. accreditation body for a number of different management system standards, including ISO 9001, ISO 14001 and ANSI/AIHA Z10. ANAB has posted a link on its web site (under Public Ballots) that provides access to this draft rule.
This draft accreditation rule sets out the requirements for certification bodies to obtain accreditation to their choice of -
- ANSI/AIHA Z10, Occupational Health and Safety Management Systems (the US standard)
- CSA Z1000, Occupational health and safety management (the Canadian standard)
- BS OHSAS 18001, Occupational health and safety management systems – Requirements (the British standard, which is identical to the international OHSAS 18001:2007 standard)
Read the rest of this entry »
Posted in Standards & Certification, Upcoming Events 0 Comments » Trackback This Post
August 29, 2008
One of the requests I commonly get from organizations seeking to integrate occupational health and safety into an existing environmental management system is –
“Can you provide a generic risk assessment process I can just plug into my aspect/impact procedure?”
The short answer to this request is “No.”
This is the fundamental difference between the OHSAS 18001 and the ISO 14001 standards. To conform to ISO 14001, many organizations have a single aspect/impact evaluation process. It may be complex and involve several factors and complicated calculations but it is typically one process. This is not the case for OHSAS 18001 hazard identification and risk assessment.
To quote from the OHSAS 18002 guidance –
Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessment to complex quantitative analyses with extensive documentation. Individual hazards may require that different methods be used, e.g. an assessment of long term exposure to chemicals may need a different method than that taken for equipment safety or for assessing an office workstation. Each organization should choose approaches that are appropriate to its scope, nature and size, and which meet its needs in terms of detail, complexity, time, cost and availability of reliable data. Taken together, the chosen approaches should result in a comprehensive methodology for the ongoing evaluation of the organization’s risk.
In other words – there is no simplistic answer or cookie-cutter methodology. It is not one process but several that, when taken together, make up a comprehensive risk management strategy.
© ENLAR® Compliance Services, Inc. (2008)
Posted in FAQ, Risk Management 0 Comments » Trackback This Post
August 25, 2008
In a previous blog, I discussed the difference between competency and awareness in an occupational health and safety management system (OHSMS). In that blog, I used the ISO 9000:2000 definition of competence as “demonstrated ability to apply knowledge and skills” since OHSAS 18001:2007 does not include a definition.
It seems that the appropriate definition of competence is now subject of some debate within ISO and may be subject to being “re-defined.”
Competency is a significant component of at least four standards currently under development within ISO –
- ISO 10018 – Quality management: Guidelines on people involvement and competencies
- ISO 14066 – Greenhouse Gases – Competency requirements for greenhouse gas validators and verifiers
- ISO 17021 Part B – Conformity assessment – Requirements for third-party certification auditing of management systems
- ISO 19011 (revision) – Guidelines for management system auditing
Interestingly, each of these standards has apparently rejected the dictionary definition, as well as the ISO 9000 definition, and each ISO Technical Committee appears to be in the process of developing its own concept of competence.
ISO 10018 is apparently focusing on how “human factors” impact the effective functioning of management systems with the definition of competency being passed to a subcommittee. ISO 14066 is structured to set out detailed lists of the skills and knowledge that must be possessed by GHG verification and validation teams – with the focus on team rather than individual competency. The initial committee draft of ISO 17021 defined competence as “personal attributes and ability to apply knowledge and skills” with a heavy focus on personal attributes and generic audit skills but essentially no guidance as to the needed discipline-specific knowledge (e.g. quality, environmental, OH&S). The revision of ISO 19011 has just begun; however, the issue of auditor competency has already been identified as one of the “hot-button issues” associated with revision of this standard.
A review of the various standards and other reference materials appear to set out three different, and distinct, attributes that underlie competency:
- Attitude and personality traits –who you are
- Knowledge – what you know
- Skills – what you can do
Where the ISO standards seem to diverge is in the relative importance to be given to each attribute (personality vs. knowledge vs. skill) as well as in the specifics of what is actually required and how it should be demonstrated.
What do you think? What is competency?
© ENLAR® Compliance Services, Inc. (2008)
Posted in Standards & Certification, Training & Communication 3 Comments » Trackback This Post
July 21, 2008
An article in the 6/30/2008 issue of CRN Magazine reported on the problem of “sprawl proliferation” associated with the use of virtualization in IT datacenters. Because virtual machines are easy to deploy, they don’t get the same scrutiny as the purchase of physical machines. The result – virtual machines that are not doing any meaningful work and thousands of dollars of assets locked away in computer redundancy.
“Data sprawl” is also a significant concern for OH&S management systems.
In the “good old days,” data was collected, disseminated and stored on paper. It had a physical form. Record control was relatively straight-forward – if you controlled the paper, you controlled the data. Data sprawl had a physical limitation. When paper sprawl reached a certain size, it was pruned back to keep it manageable.
Today, it is different. Data no longer has a physical form – it exists virtually. It is easily and instantly transferred from place to place with the click of a mouse. It exists in multiple forms, in multiple folders, on multiple machines. It is modified and kept in multiple versions – in some case almost indistinguishable from the original. It is printed out multiple times and stored on disks, on flash drives, in folders and 3-ring binders.
The result – DATA SPRAWL – the proliferation of information with no meaningful control.
Just as for IT data centers, there are significant costs associated with this sprawl –
- Files clogged with multiple copies of documents
- Time and productivity loss associated with searching for records
- Redundant files and databases hogging computer space and taking time to maintain
- Loss of original records in the mass of multiple copies
- Litigation risk associated with incomplete production of documents or maintenance of records that should have been destroyed
The solution? Implement meaningful record control. Don’t let “data sprawl” engulf you.
© ENLAR® Compliance Services, Inc. (2008)
Posted in Uncategorized 0 Comments » Trackback This Post
June 26, 2008
“Training” is the shorthand term most often used to describe the requirements set out in Section 4.4.2 of OHSAS 18001. In actuality, OHSAS 18001 does not require training. What OHSAS 18001 does require is either competency or awareness. Training is simply a means to an end and it is not the only way to get there.
What is the Difference Between Competence and Awareness?
Competence is the “demonstrated ability to apply knowledge and skills” (see 3.9.12 of ISO 9000-2000). Awareness is defined as “having knowledge.” Awareness is to know something; Competence is the ability to do something. For example, I “have knowledge” (awareness) concerning the installation of ceramic tile but I do not have the demonstrated skill or ability (competence) to do so (as demonstrated by a past home improvement project). I am, however, competent to install wood trim (again, as demonstrated by past performance).
Training to Competence
The primary focus of section 4.4.2 of OHSAS 18001 is competence — ensuring that individuals have the demonstrated skills and abilities needed to perform tasks that can impact occupational safety and health.
Training alone is often insufficient to establish competence. Most training programs do not include the needed demonstration of skills and abilities. Sign-in sheets documenting “seat time” in a training session do not verify competence. On the other hand, a training program is not needed if competence can be established in other ways — for example, by third-party certification or licensing.
So who needs to have demonstrated competence?
- Individuals with responsibility for establishing, implementing & maintaining the OHSMS
- OHSMS auditors
- Individual workers, including contractors, performing dangerous tasks
- Individuals responsible for workplace conditions that impact OH&S
- Top management
What competence these individuals need will be the subject of future blog posts.
Developing Awareness
OHSAS 18001 Section 4.4.2 requires that workers have the following types of awareness:
- The safety and health impacts of assigned tasks
- What needs to be done to do these tasks safely
- What will happen if the tasks are not done safely
Again, awareness does not require training. In fact, training may not be the most effective way of establishing awareness. Other methods — signs, e-mail notifications, hand-outs, etc. — are often more effective in communicating the information needed to establish awareness.
© ENLAR® Compliance Services, Inc. (2008)
Posted in Training & Communication 1 Comment » Trackback This Post
June 24, 2008
One of the interesting, and challenging, issues in developing an OH&S management system is the tension between developing detailed work instructions versus relying on competent individuals to perform critical OH&S tasks.
On one hand, there is the view that all tasks, especially important ones, need to be reduced to written work instructions. After all, the person performing these tasks might “win the lottery” and never return to work. On the other hand, there is the view that it is more important to have competent people performing critical tasks. The example — “If you were going to have brain surgery, would you want a surgeon who is competent or an individual who is simply following a set of written work instructions?”
This conflict of views was recently brought into focus for me. A senior manager in a company suggested that the work being done by the OH&S staff should be reduced to “work instructions that anyone can follow” for entry into the company’s preventive maintenance program.
This suggestion made me stop and ask myself the following questions –
Can OH&S professionals be replaced by a preventive maintenance (PM) program?
OH&S professionals are not the first, or only, ones that face being replaced by computer programs. Accountants have faced it with the growth and acceptance of tax preparation software. Lawyers have faced it with do-it-yourself wills and contracts programs. Doctors are facing it with improved medical diagnosis software. Every knowledge worker is facing the prospect that at least some aspect of their “professional practice” will be replaced by a computerized software system. Therefore, at least in part, OH&S professionals likely can be replaced by a PM program.
Should they be?
This question is much more difficult to answer. It brings me back to the title of this post — “You will be assimilated.” As Star Trek fans know, this quote is the message sent by the Borg when they targeted a new species for integration into “the collective.” Once in the collective, individual independence was lost. Conformance replaced creativity.
The fundamental issue in determining whether professionals should be replaced by computer programs is whether there is value in the “independent creativity” that cannot be assimilated into a computerized system. At least for now, I am much more comfortable relying on competent OH&S professionals than on work instructions entered into a PM program.
What do you think?
© ENLAR® Compliance Services, Inc. (2008)
Posted in OHSMS Implementation 0 Comments » Trackback This Post
June 19, 2008
As discussed in previous posts, OHSAS 18001:2007 has a foundation based on risk management principles.
To meet the OHSAS 18001 requirements, an organization must:
- Identify its OH&S hazards
- Assess the risks associated with the OH&S hazards that are identified
- Determine the controls that are necessary to reduce OH&S risks to an acceptable level
Identification of OH&S hazards and assessment of the associated risks is one of the primary inputs for setting objectives for continual improvement, identifying training needs and establishing operational controls.
The risk management foundation of OHSAS 18001 is not explicitly found in either ISO 9001 or ISO 14001. ISO 9001 focuses on identifying customer requirements and achieving customer satisfaction; ISO 14001 focuses on identifying environmental aspects and prevention of pollution. Although risk management is important to quality and environmental management, neither ISO management system standard explicitly addresses this.
Interestingly, ISO is currently in the process of developing several risk management standards. According to ISO, these standards are intended to provide guidance to assist organizations in managing risk - including safety and environmental risk. In addition, according to its Scope statement, ISO 31000 is intended to “harmonize risk management processes and definitions in existing and future standards.”
The ISO risk management standards currently under development include the following:
- Substantial changes to the definition of risk in Guide 73 - Risk management - Vocabulary - Guidelines for use in standards
- Drafting of a new “strategic-level” risk management standard - ISO 31000 - Risk management - Principles and guidelines on implementation
- Adoption of an IEC standard outlining risk assessment methods as an ISO standard - ISO 31010 - Risk Management - Risk Assessment Techniques
- Drafting of a new standard on risk assessment of structures - ISO 13824 - General principles on risk assessment of systems involving structures
This ISO standard-setting activity raises a couple of interesting questions –
- Will future revisions of ISO 9001 and ISO 14001 include a risk management focus as well?
- Might risk management become the unifying foundation for an integrated management system standard?
© ENLAR® Compliance Services, Inc. (2008)
Posted in Risk Management, Standards & Certification 4 Comments » Trackback This Post
June 16, 2008
June 1 marked the beginning of the 2008 Hurricane Season. Both individuals and organizations in Florida are being urged to review and update their emergency plans to ensure we are ready in case a serious storm comes our way this year. There are articles in the paper on ensuring that our pets are save, putting together our “Grap-and-Go Kits” and hurricane-proofing our landscaping.
So what does that have to do with an occupational safety and health management system?
A great deal, as it turns out.
As I mentioned in my last post, I attended the annual AIHce two weeks ago. The keynote speaker on Wednesday morning was Dr. Robin Herbert. She is the director of the World Trade Center Medical Monitoring Program Data and Coordination Center with the Mount Sinai Medical Center in New York, New York.
Her presentation covered, in sometimes graphic detail, the on-going health impacts to those who responded to the World Trade Center (WTC) attack on 9/11. This includes both physical and psychological health effects – including respiratory disease, stomach problems and post-traumatic stress disorder (PTSD). Some of these effects are the result of the fact that individuals worked long hours, ate their meals and slept outdoors at the site – in effect having 24/7 exposure to a toxic environment.
Dr. Herbert ended her presentation with a list of recommendations that every organization should consider in their annual review of their emergency plan to prevent future impacts to the health of their emergency workers and first responders:
-
Ensure that each person has, and is trained to use, appropriate personal protective equipment
-
Include the steps (and supplies) necessary to define a “boundary” around areas that are not safe and limit access to those areas
-
Limit the time individuals spend in emergency response and in areas with unsafe exposures
-
Record the name of each individual who participates in the emergency response in case future follow-up is needed
-
Take action to prevent and address psychological as well as physical trauma
Just as we have learned for confined space entry, we need to be aware that emergency response to disaster events can kill or maim responders. We need to have plans in place to prevent this from happening – before the disaster occurs. In other works - we need to include emergency response as part of an OH&S management system.
© ENLAR® Compliance Services, Inc. (2008)
Posted in Emergency Planning, OHSMS Implementation 0 Comments » Trackback This Post
June 11, 2008
I attended the annual American Industrial Hygiene Association conference (AIHce) last week in Minneapolis, Minnesota.
There were many excellent sessions covering a wide range of topics important to the practice of industrial hygiene. In particular, the Tuesday morning general session focused on demonstrating the value of the industrial hygiene profession and included a presentation by Jeffrey P. Pino, President of Sikorsky Aircraft Corporation.
In his presentation, Mr. Pino stated that there are three strategies important to a successful HSE (health, safety and environmental) program:
- Leadership Commitment
- Employee Engagement
- Risk Management
These three strategies are also critical to the implementation of an occupational safety and health management system based on OHSAS 18001:2007. Read the rest of this entry »
Posted in OHSAS 18001:2007 Revisions, OHSMS Implementation, Risk Management 0 Comments » Trackback This Post
