Category: OHSAS 18001:2007 Revisions

Proposal for an ISO OHSMS Standard

Yesterday, I received a copy of the ISO New Work Item Proposal (NWIP) for a new requirements standard for occupational health and safety management systems.  ANSI has requested that comments on this NWIP be sent to ANSI by April 26, 2013, so ANSI can decide how it will vote on this proposal. 

There are several interesting aspects to this NWIP –

1.  This is a proposal for a Project Committee (PC), not a Technical Committee (TC). 

The distinction is that a Project Committee is authorized to develop a single standard.  This is the approach that was used for the development of ISO 50001:2011 – the ISO Energy Management System standard.  An ISO PC can be converted into a TC in the future but, at least initially, the standard development authority of this ISO committee will be limited solely to the development of the one standard being proposed – an OHSMS requirements document.

2.  Given the past controversy that has surrounded the development of an ISO OHSMS standard, this NWIP includes two additional letters. 

The first is a letter from the Rob Steele, the ISO Secretary General, addressing the right and ability of ISO to deal with the subject area.  The second is a letter from the International Labour Organization (ILO) expressing its concerns with ISO’s decision to proceed with this standard development effort.

3.  Any ISO OHSMS standard will be required to meet the requirements for management system standards that are set out in Annex SL of the ISO Directives. 

What this means is that an ISO OHSMS will not be based on any of the existing OHSMS standards – including OHSAS 18001 or ANSI Z10.  These standards can serve as reference documents but many of the important requirements of an ISO OHSMS will be determined solely by the high-level structure and core common text that are set out in Annex SL. 

ANSI is in the process of circulating this proposal to stakeholder groups in the United States.  I am confident there will be a great deal of discussion of this NWIP.  It is likely that there will be continued disagreement concerning the appropriate venue for developing OH&S standards. 

As set out in BSI’s justication document, the world is markedly different today from what it was when an ISO OHSMS standard was last proposed. 

Today, protection of workers is as much driven by a complex web of supply chain relationships and sustainability initiatives as it is by governmental decrees and enforcement actions.  As show by the success of the certification initiatives that have developed around the handling of electronics waste, publicity and supply chain initiatives can have a greater impact in protecting worker health than governmental rulemaking. 

In addition, given the increased use of outsourcing arrangements, many individuals performing work on an organization’s behalf are no longer employees in the traditional labor law sense.  By extension, worker safety is no longer solely an employment issue.  As explicitly set out in OHSAS 18001, and recognized in several OSHA standards, an organization’s obligation to protect workers extends beyond employees to individuals who are performing work on an organization’s behalf.  This can include a range of parties – including contract workers, employees of contractors, volunteers, visitors to the workplace and employees. 

Worker safety is no longer simply a labor issue to be addressed through governmental action.

Want to know more?

If you want to know more about Annex SL and the revision of ISO 14001, check out my previous blog post – New Year – New Standards.

If you want to review the ISO NWIP for an OHSMS standard click here (note – this document does not include the Justification Study and other attachments to the NWIP but does include copies of the letters discussed above).

© ENLAR Compliance Services, Inc. (2013)
March 13, 2013 | 0 Comments More

Systems vs. Controls

Earlier this month, I attended the ISO Working Group meeting for the revision of ISO 14001 (TC 207/SC1/WG5).  This revision will result in a number of significant changes to the ISO 14001 standard.  These changes are likely to be carried over to a subsequent revision of OHSAS 18001.

There was a great deal of discussion at this meeting about a change that will fundamentally change the nature of the ISO 14001 requirements.  If this change is made, it will entirely transform what the ISO 14001 standard is all about.

The primary focus of the current ISO 14001 standard is on ensuring that an organization being certified has procedures in place to achieve the desired results.  The language of the new revision will change the focus of the certification process to verification of results (i.e. performance). 

October 14, 2012 | 0 Comments More

Identifying Applicable Legal Requirements

Last week, I received the following question from a reader about the OHSAS 18001 requirements related to the identification of applicable legal and other requirements  –

We are an OHSAS 18001 certified company…. Our Hazard Identification and Risk assessment (HIRA) first page tells about the legal requirement clause and the legal statements for complying with the HIRA.  Our external auditor (certifying body) insists we insert a column in the HIRA chart to identify what legal requirement clause comes against the control of each identified risk.

1.     Is my auditor correct?

2.     Does the OHSAS 18001 Standards say that?

 My answer –

That is NOT an OHSAS 18001 requirement. I believe your external auditor is confusing the ISO 14001 and OHSAS 18001 requirements. 

Section 4.3.2 of ISO 14001 requires that an organization determine how its applicable environmental legal and other requirements apply to its environmental aspects.  This is often done as your external auditor suggests, although it does NOT have to be done that way.  You can use whatever method is appropriate for your organization.

Section 4.3.2 of OHSAS 18001 does NOT have the same requirement as ISO 14001. It requires that an organization “take into account” its applicable legal other requirements in its OHSMS.  No column, chart, matrix is required.  Nor does it require identifying requirements by individual risk.  This requirement was specifically rejected when OHSAS 18001 was revised in 2007.

© ENLAR® Compliance Services, Inc. (2011)
June 7, 2011 | 1 Comment More

AIAG and OHSAS 18001

Apparently the Automotive Industry Action Group (AIAG) issued a position statement in March 2009 stating that although they support the integration of health and safety programs into existing management systems, they will not “specifically mandate OHSAS 18001 certification.”  A recent blog post asked “Is it politics once again?”

According to the AIAG statement they firmly believe that “the use of formal management systems are necessary for effective management of health safety and environmental programs.” 

AIAG’s concern appears to be that the OHSAS 18001 standard was developed by an independent group – the OHSAS Project Group chaired by BSI – rather than ISO. 

This is where the “politics” comes in.  Despite intensive lobbying by the OHSAS Project Group, ISO appears unwilling to develop an OHS management system standard. 


 The International Labor Organization (ILO) has raised objections and several member countries – including the U.S. – have consistently voted against it.  An OHSMS standard seems to be the exception to the rule that any proposed ISO standard-setting activity is guaranteed to be approved.

© ENLAR® Compliance Services, Inc. (2009)

April 2, 2009 | 0 Comments More

“It’s The System, Stupid.”

What does the current meltdown of the global financial markets teach us?

To paraphrase a line from the last presidential election – “It’s the System, Stupid.”

Right now, there is a lot of finger-pointing and plenty of blame to spread around.  This mess is not, however, the fault of a single individual, a single institution or, even, a single political party.  Instead, it is the system that is flawed. 

October 8, 2008 More

Three HSE Strategies

I attended the annual American Industrial Hygiene Association conference (AIHce) last week in Minneapolis, Minnesota.

There were many excellent sessions covering a wide range of topics important to the practice of industrial hygiene.  In particular, the Tuesday morning general session focused on demonstrating the value of the industrial hygiene profession and included a presentation by Jeffrey P. Pino, President of Sikorsky Aircraft Corporation.

In his presentation, Mr. Pino stated that there are three strategies important to a successful HSE (health, safety and environmental) program:

  • Leadership Commitment
  • Employee Engagement
  • Risk Management

These three strategies are also critical to the implementation of an occupational safety and health management system based on OHSAS 18001:2007.

June 11, 2008 More

Continually Improving Your OH&S Management System

Yesterday, I discussed areas to concentrate on for maintaining your OHSAS 18001 management system.  What about continual improvement of your occupational health and safety management system?

Section 4.1 of OHSAS 18001:2007 sets out five general requirements for an OH&S management system —

  1. establishing a management system
  2. documenting your management system
  3. implementing your management system
  4. maintaining your management system
  5. continually improving your management system

The first three of these tasks (establishing, documenting and implementing your OHSMS) are typically completed up-front when an organization makes changes to its existing OH&S programs to conform to OHSAS 18001.  Maintaining and continually improving the occupational health and safety management system are different – they are on-going tasks that are never done.  They are the requirements that transform an OHSMS from “a dusty binder on a shelf” to a meaningful part of an organization’s overall management system.

Continual improvement is an important requirement of an OHSAS 18001 management system.  It is one of the commitments an organization must make in its OH&S policy.  It is a major reason why an organization sets OHSMS objectives (section 4.3.3) and measures OH&S performance (section 4.5.1).  It is “the lenses” through which outputs from management review are viewed.  Section 4.6 of OHSAS 18001 states “The outputs from management reviews shall be consistent with the organization’s commitment to continual improvement….”

So what is continual improvement?

OHSAS 18001:2007 defines it as the “recurring process of enhancing the OH&S management system in order to achieve improvements in overall OH&S performance consistent with the organization’s OH&S policy.”

© ENLAR® Compliance Services, Inc. (2007)

August 14, 2007 More

Incidents vs. Nonconformities in OHSAS 18001:2007

In a previous blog, I listed five significant changes made to OHSAS 18001 in the 2007 revision.  One of these significant changes is the clarification of the role of incident investigation in an occupational health and safety management system (OHSMS).  In particular, incident investigation is now a separate subsection of section 4.5.3 — Incident investigation, nonconformity, corrective action and preventive action with its own specific requirements.


An incident is not the same as a nonconformity.


First, the definitions are not the same.  OHSAS 18001 uses the ISO 9000 and ISO 14001 definition of a nonconformity — the non-fulfillment of a requirement.  An incident is defined in OHSAS 18001 as a “work-related event(s) in which an injury or ill health (regardless of severity) or fatality occurred, or could have occurred.”  An accident is a particular type of incident in which an injury or illness actually occurs.  A near-miss is an incident where no injury or illness occurs.  Therefore, an incident can be either an accident or a near-miss.


An incident may relate to a nonconformity — but then again, it may not.  It is possible to have accidents and near-misses even if an organization has fulfilled its occupational health and safety management system requirements.  Similarly, an organization may have nonconformities, e.g. “paperwork” issues, which would not be considered incidents.


Not all incidents are the same

  • Some incidents are catastrophic disaster events (i.e. emergencies) such as bridge collapses or explosion.

  • Some incidents involve unseen hazards, e.g. exposure to chemical releases or biological agents.

  • Some incidents involve human factors or behaviors, some involve equipment failure, some involve faulty procedures or processes, and some involve all of these.

  • Some involve multiple injuries and deaths; in others, there are no injuries.

Therefore, an organization’s incident investigation procedure needs to be flexible enough to deal with a variety of different types of incidents.

Want some ideas for conducting incident investigations?

Check out the links to various sites on preparing incident investigation reports at


© ENLAR® Compliance Services, Inc. (2007)

August 2, 2007 More

What is Accountability?

In the 2007 revision of OHSAS 18001, a requirement was added for allocating, documenting and communicating accountabilities — as well as responsibilities. While accountability is not defined in OHSAS 18001, it is an important concept in a management system.  The dictionary definition is “the state of being accountable, liable or answerable.”  According to wikipedia, the word “accountability” is an extension of the terminology used in money lending systems that first developed in Ancient Greece.  One would borrow money from a money lender and would then be held responsible for their account to that party.

It is worthwhile, in this context, to explore the differences between authority, responsibility and accountability in an organization:

  • Authority is the right to make a decision or take an action
  • Responsibility is the obligation to ensure that an action is taken
  • Accountability is to be answerable for a particular activity or action to a particular entity

Although clearly related, these terms are not synonymous.  One may have the authority to take a certain action — for example, to spend money on behalf of the organization — but not be obligated to take that action.  Similarly, an individual may have an obligation to do something — for example, to ensure the organization complies with a particular legal requirement — but not be accountable.  The organization may lack a mechanism to hold that individual responsible (answerable) even if compliance is lacking.  Similarly,  an individual may be held accountable — e.g. fired for a particular action — even if he or she did not have the authority or the responsibility to accomplish the activity in question.

There are five key elements of an effective accountability system:

  1. Clearly specified standards for authority and responsibility
  2. Adequate resources to meet the assigned responsibilities
  3. Monitoring and assessment of individual performance
  4. Appropriate consequences for taking or failing to take action
  5. Consistent and unbiased application of accountability standards


 It should be noted that accountability is not necessarily the same as blame.  Often, organizations seek to assign accountability only when they are looking for someone to blame.

How can you distinguish the difference?

In most organizations, much of what is done requires a group effort where no one person is completely responsible for a particular action or decision.  In addition, accountability goes hand-in-hand with authority and responsibility.  This means that, generally, those with the greatest accountability will be highest up in the organization.  Therefore, if you are truly attempting to identify who is accountable, the result will be a list of people that includes individuals at the top, as well as the bottom, of the org chart.  If you are seeking to assign blame, usually finding a single “fall guy” will be sufficient.


Top managers need to keep in mind the sign President Truman kept on his desk to remind him who was accountable.  It read:  “The BUCK STOPS here!”


© ENLAR® Compliance Services, Inc. (2007)

July 27, 2007 More

How is OHSAS 18001 Different?

As mentioned in a previous blog, there are many different OH&S management system standards and guidance documents that have been developed over the years.  The 2005 survey conducted by the OHSAS Working Group identified 44 specification and 43 guidance documents in use around the world.  There are three factors, when taken together, distinguish OHSAS 18001 from other OH&S management system standards:

  • Alignment with ISO 14001
  • Use in Third-party Certification
  • Development as a Global Standard
July 25, 2007 More