Category: OHSAS 18001:2007 Revisions

Identifying Applicable Legal Requirements

Last week, I received the following question from a reader about the OHSAS 18001 requirements related to the identification of applicable legal and other requirements  –

We are an OHSAS 18001 certified company…. Our Hazard Identification and Risk assessment (HIRA) first page tells about the legal requirement clause and the legal statements for complying with the HIRA.  Our external auditor (certifying body) insists we insert a column in the HIRA chart to identify what legal requirement clause comes against the control of each identified risk.

1.     Is my auditor correct?

2.     Does the OHSAS 18001 Standards say that?

 My answer –

That is NOT an OHSAS 18001 requirement. I believe your external auditor is confusing the ISO 14001 and OHSAS 18001 requirements. 

Section 4.3.2 of ISO 14001 requires that an organization determine how its applicable environmental legal and other requirements apply to its environmental aspects.  This is often done as your external auditor suggests, although it does NOT have to be done that way.  You can use whatever method is appropriate for your organization.

Section 4.3.2 of OHSAS 18001 does NOT have the same requirement as ISO 14001. It requires that an organization “take into account” its applicable legal other requirements in its OHSMS.  No column, chart, matrix is required.  Nor does it require identifying requirements by individual risk.  This requirement was specifically rejected when OHSAS 18001 was revised in 2007.

© ENLAR® Compliance Services, Inc. (2011)
June 7, 2011 | 0 Comments More

AIAG and OHSAS 18001

Apparently the Automotive Industry Action Group (AIAG) issued a position statement in March 2009 stating that although they support the integration of health and safety programs into existing management systems, they will not “specifically mandate OHSAS 18001 certification.”  A recent blog post asked “Is it politics once again?”

According to the AIAG statement they firmly believe that “the use of formal management systems are necessary for effective management of health safety and environmental programs.” 

AIAG’s concern appears to be that the OHSAS 18001 standard was developed by an independent group – the OHSAS Project Group chaired by BSI – rather than ISO. 

This is where the “politics” comes in.  Despite intensive lobbying by the OHSAS Project Group, ISO appears unwilling to develop an OHS management system standard. 

Why? 

 The International Labor Organization (ILO) has raised objections and several member countries – including the U.S. – have consistently voted against it.  An OHSMS standard seems to be the exception to the rule that any proposed ISO standard-setting activity is guaranteed to be approved.

© ENLAR® Compliance Services, Inc. (2009)

April 2, 2009 | 0 Comments More

“It’s The System, Stupid.”

What does the current meltdown of the global financial markets teach us?

To paraphrase a line from the last presidential election – “It’s the System, Stupid.”

Right now, there is a lot of finger-pointing and plenty of blame to spread around.  This mess is not, however, the fault of a single individual, a single institution or, even, a single political party.  Instead, it is the system that is flawed. 

October 8, 2008 More

Three HSE Strategies

I attended the annual American Industrial Hygiene Association conference (AIHce) last week in Minneapolis, Minnesota.

There were many excellent sessions covering a wide range of topics important to the practice of industrial hygiene.  In particular, the Tuesday morning general session focused on demonstrating the value of the industrial hygiene profession and included a presentation by Jeffrey P. Pino, President of Sikorsky Aircraft Corporation.

In his presentation, Mr. Pino stated that there are three strategies important to a successful HSE (health, safety and environmental) program:

  • Leadership Commitment
  • Employee Engagement
  • Risk Management

These three strategies are also critical to the implementation of an occupational safety and health management system based on OHSAS 18001:2007.

June 11, 2008 More

Continually Improving Your OH&S Management System

Yesterday, I discussed areas to concentrate on for maintaining your OHSAS 18001 management system.  What about continual improvement of your occupational health and safety management system?

Section 4.1 of OHSAS 18001:2007 sets out five general requirements for an OH&S management system –

  1. establishing a management system
  2. documenting your management system
  3. implementing your management system
  4. maintaining your management system
  5. continually improving your management system

The first three of these tasks (establishing, documenting and implementing your OHSMS) are typically completed up-front when an organization makes changes to its existing OH&S programs to conform to OHSAS 18001.  Maintaining and continually improving the occupational health and safety management system are different – they are on-going tasks that are never done.  They are the requirements that transform an OHSMS from “a dusty binder on a shelf” to a meaningful part of an organization’s overall management system.

Continual improvement is an important requirement of an OHSAS 18001 management system.  It is one of the commitments an organization must make in its OH&S policy.  It is a major reason why an organization sets OHSMS objectives (section 4.3.3) and measures OH&S performance (section 4.5.1).  It is “the lenses” through which outputs from management review are viewed.  Section 4.6 of OHSAS 18001 states “The outputs from management reviews shall be consistent with the organization’s commitment to continual improvement….”

So what is continual improvement?

OHSAS 18001:2007 defines it as the “recurring process of enhancing the OH&S management system in order to achieve improvements in overall OH&S performance consistent with the organization’s OH&S policy.”

© ENLAR® Compliance Services, Inc. (2007)

August 14, 2007 More

Incidents vs. Nonconformities in OHSAS 18001:2007

In a previous blog, I listed five significant changes made to OHSAS 18001 in the 2007 revision.  One of these significant changes is the clarification of the role of incident investigation in an occupational health and safety management system (OHSMS).  In particular, incident investigation is now a separate subsection of section 4.5.3 — Incident investigation, nonconformity, corrective action and preventive action with its own specific requirements.

 

An incident is not the same as a nonconformity.

 

First, the definitions are not the same.  OHSAS 18001 uses the ISO 9000 and ISO 14001 definition of a nonconformity – the non-fulfillment of a requirement.  An incident is defined in OHSAS 18001 as a “work-related event(s) in which an injury or ill health (regardless of severity) or fatality occurred, or could have occurred.”  An accident is a particular type of incident in which an injury or illness actually occurs.  A near-miss is an incident where no injury or illness occurs.  Therefore, an incident can be either an accident or a near-miss.

 

An incident may relate to a nonconformity – but then again, it may not.  It is possible to have accidents and near-misses even if an organization has fulfilled its occupational health and safety management system requirements.  Similarly, an organization may have nonconformities, e.g. “paperwork” issues, which would not be considered incidents.

 

Not all incidents are the same

  • Some incidents are catastrophic disaster events (i.e. emergencies) such as bridge collapses or explosion.

  • Some incidents involve unseen hazards, e.g. exposure to chemical releases or biological agents.

  • Some incidents involve human factors or behaviors, some involve equipment failure, some involve faulty procedures or processes, and some involve all of these.

  • Some involve multiple injuries and deaths; in others, there are no injuries.

Therefore, an organization’s incident investigation procedure needs to be flexible enough to deal with a variety of different types of incidents.

Want some ideas for conducting incident investigations?

Check out the links to various sites on preparing incident investigation reports at

http://ncsp.tamu.edu/reports/default.htm

 

© ENLAR® Compliance Services, Inc. (2007)

August 2, 2007 More

What is Accountability?

In the 2007 revision of OHSAS 18001, a requirement was added for allocating, documenting and communicating accountabilities — as well as responsibilities. While accountability is not defined in OHSAS 18001, it is an important concept in a management system.  The dictionary definition is “the state of being accountable, liable or answerable.”  According to wikipedia, the word “accountability” is an extension of the terminology used in money lending systems that first developed in Ancient Greece.  One would borrow money from a money lender and would then be held responsible for their account to that party.

It is worthwhile, in this context, to explore the differences between authority, responsibility and accountability in an organization:

  • Authority is the right to make a decision or take an action
  • Responsibility is the obligation to ensure that an action is taken
  • Accountability is to be answerable for a particular activity or action to a particular entity

Although clearly related, these terms are not synonymous.  One may have the authority to take a certain action – for example, to spend money on behalf of the organization – but not be obligated to take that action.  Similarly, an individual may have an obligation to do something – for example, to ensure the organization complies with a particular legal requirement — but not be accountable.  The organization may lack a mechanism to hold that individual responsible (answerable) even if compliance is lacking.  Similarly,  an individual may be held accountable – e.g. fired for a particular action – even if he or she did not have the authority or the responsibility to accomplish the activity in question.

There are five key elements of an effective accountability system:

  1. Clearly specified standards for authority and responsibility
  2. Adequate resources to meet the assigned responsibilities
  3. Monitoring and assessment of individual performance
  4. Appropriate consequences for taking or failing to take action
  5. Consistent and unbiased application of accountability standards

 

 It should be noted that accountability is not necessarily the same as blame.  Often, organizations seek to assign accountability only when they are looking for someone to blame.

How can you distinguish the difference?

In most organizations, much of what is done requires a group effort where no one person is completely responsible for a particular action or decision.  In addition, accountability goes hand-in-hand with authority and responsibility.  This means that, generally, those with the greatest accountability will be highest up in the organization.  Therefore, if you are truly attempting to identify who is accountable, the result will be a list of people that includes individuals at the top, as well as the bottom, of the org chart.  If you are seeking to assign blame, usually finding a single “fall guy” will be sufficient.

 

Top managers need to keep in mind the sign President Truman kept on his desk to remind him who was accountable.  It read:  “The BUCK STOPS here!”

 

© ENLAR® Compliance Services, Inc. (2007)

July 27, 2007 More

How is OHSAS 18001 Different?

As mentioned in a previous blog, there are many different OH&S management system standards and guidance documents that have been developed over the years.  The 2005 survey conducted by the OHSAS Working Group identified 44 specification and 43 guidance documents in use around the world.  There are three factors, when taken together, distinguish OHSAS 18001 from other OH&S management system standards:

  • Alignment with ISO 14001
  • Use in Third-party Certification
  • Development as a Global Standard
July 25, 2007 More

What is “Management of Change?”

Although it is often used as a term of art in the safety field, “management of change” is not a defined term in OHSAS 18001:2007.  It is, however; vital to an effective OH&S management system. 

Explicit requirements for management of change were added into section 4.3.1 of OHSAS 18001 in the 2007 revision of the standard.  This addition was an explicit request of the American Industrial Hygiene Association for purposes of aligning OHSAS 18001 with the U.S. Occupational Health and Safety Management System standard – ANSI/AIHA Z10-2005.  In addition, management of change is also an explicit requirement for safety management systems implemented to comply with the Seveso II Directive (see Annex III of EU Council Directive 96/82/EC).

 The following requirements related to management of change were added in section 4.3.1:

 The procedures for hazard identification and risk assessment shall take into account:

g) changes or proposed changes in the organization, its activities or materials; h) modifications to the OH&S management system, including temporary changes, and their impacts on operations, processes and activities;…. For the management of change, the organization shall identify the OH&S hazards and risks associated with changes in the organization, the OH&S management system or its activities, prior to the introduction of such changes. 

In addition, reference to Management of Change was also included in section 4.4.6: 
The organization shall determine those operations and activities that are associated with the identified hazard(s) where the implementation of controls is necessary to manage the OH&S risk(s). This shall include the management of change (see 4.3.1).

These new requirements cover four important concepts:

  • Identification of the hazards associated with “change”
  • Assessment of the risks associated with “change”
  • Consideration of OH&S hazards and risks prior to the introduction of the “change”
  • Implementation of the controls needed to address the hazards and risks associated with the “change”

For purposes of management of change within an OH&S management system, the changes that need to be addressed include:

  • Organizational changes (e.g. personnel or staffing changes)
  • Activity changes (e.g. changes to processes, equipment, infrastructure, software)
  • Material changes (e.g. new chemicals, packaging)
  • Changes to the OH&S management system (e.g. procedures)

Why is management of change so important?

Ineffective management of change is one of the leading causes of serious incidents.  To quote the U.S. Chemical Safety and Hazard Investigation Board (CSB), “In industry, as elsewhere, change often brings progress.  But it can also increase risks that, if not properly managed, create conditions that may lead to injuries, property damage or even death.” (from CSB press release announcing its 8/28/2001 Safety Bulletin concerning “Management of Change”)  Ineffective management of change is one of the major contributing factors in many of the incident investigations conducted by the CSB.  To check it out, go to the CSB web site at http://www.csb.gov  and enter “management of change” as your search term at the link “Search this Site.”

© ENLAR® Compliance Services, Inc. (2007)

July 18, 2007 More

New Requirements for Risk Assessment

Section 4.3.1 of OHSAS 18001 (Hazard Assessment, Risk Assessment & Determining Controls) was completely changed during the revision process.  Overall, these changes align OHSAS 18001 more closely with other OH&S management system standards such as ANSI/AIHA Z10:2005.

This section now sets out additional details on both the inputs to be considered and the methodology to be used for the hazard identification and risk assessment process.  In addition, specific requirements have been added related to “management of change” and for determining appropriate controls to reduce the OH&S risks that are identified.

The standard now clearly links the requirements in 4.3.1 with those set out in 4.4.6 (operational control) so it is clear that the controls identified during the OH&S planning process need to be implemented and maintained as an integral part of operational control.

Overall, the process can be visualized as set out below:

Risk Assessment Management

In addition to these substantive changes to the standard, the definitions of hazard, risk and risk assessment have changed.  Hazard is now defined as a ”source, situation or act with a potential for harm in terms of human injury or ill health, or a combination of these.”  Risk is defined as the “combination of the likelihood of an occurrence of a hazard event or exposure and the severity of injury or ill health that may be caused by the event or exposure.”  Risk assessment is defined as the “process of evaluating the risks arising from a hazard, taking into account the adequacy of any existing controls, and deciding whether or not the risk is acceptable.”

It should be noted that other standards and guidance documents may define ”risk assessment” to include the entire process of hazard identification, risk analysis and selection of measures for risk reduction (i.e. “determining controls”).  OHSAS 18001 refers to each of these processes separately and uses the term risk assessment to refer to the risk analysis process only.

There are many different ways and approaches for conducting hazard identification and risk assessment.  Therefore, no one approach will suit every organization.  An organization with limited hazards is not required to implement complex risk assessment procedures.  In addition, different types of hazards may require different risk assessment strategies.  For example, the methodologies for evaluating the risks associated with employee exposure to noise may be distinctly different from the ones used for evaluating equipment safety.  The methodologies selected need to be appropriate for the hazards identified. 

© ENLAR® Compliance Services, Inc. (2007)

July 14, 2007 | 4 Comments More
Next Page »