Category: OHSAS 18001:2007 Revisions

What is “Management of Change?”

Although it is often used as a term of art in the safety field, “management of change” is not a defined term in OHSAS 18001:2007.  It is, however; vital to an effective OH&S management system. 

Explicit requirements for management of change were added into section 4.3.1 of OHSAS 18001 in the 2007 revision of the standard.  This addition was an explicit request of the American Industrial Hygiene Association for purposes of aligning OHSAS 18001 with the U.S. Occupational Health and Safety Management System standard — ANSI/AIHA Z10-2005.  In addition, management of change is also an explicit requirement for safety management systems implemented to comply with the Seveso II Directive (see Annex III of EU Council Directive 96/82/EC).

 The following requirements related to management of change were added in section 4.3.1:

 The procedures for hazard identification and risk assessment shall take into account:

g) changes or proposed changes in the organization, its activities or materials; h) modifications to the OH&S management system, including temporary changes, and their impacts on operations, processes and activities;…. For the management of change, the organization shall identify the OH&S hazards and risks associated with changes in the organization, the OH&S management system or its activities, prior to the introduction of such changes. 

In addition, reference to Management of Change was also included in section 4.4.6: 
The organization shall determine those operations and activities that are associated with the identified hazard(s) where the implementation of controls is necessary to manage the OH&S risk(s). This shall include the management of change (see 4.3.1).

These new requirements cover four important concepts:

  • Identification of the hazards associated with “change”
  • Assessment of the risks associated with “change”
  • Consideration of OH&S hazards and risks prior to the introduction of the “change”
  • Implementation of the controls needed to address the hazards and risks associated with the “change”

For purposes of management of change within an OH&S management system, the changes that need to be addressed include:

  • Organizational changes (e.g. personnel or staffing changes)
  • Activity changes (e.g. changes to processes, equipment, infrastructure, software)
  • Material changes (e.g. new chemicals, packaging)
  • Changes to the OH&S management system (e.g. procedures)

Why is management of change so important?

Ineffective management of change is one of the leading causes of serious incidents.  To quote the U.S. Chemical Safety and Hazard Investigation Board (CSB), “In industry, as elsewhere, change often brings progress.  But it can also increase risks that, if not properly managed, create conditions that may lead to injuries, property damage or even death.” (from CSB press release announcing its 8/28/2001 Safety Bulletin concerning “Management of Change”)  Ineffective management of change is one of the major contributing factors in many of the incident investigations conducted by the CSB.  To check it out, go to the CSB web site at  and enter “management of change” as your search term at the link “Search this Site.”

© ENLAR® Compliance Services, Inc. (2007)

July 18, 2007 More

New Requirements for Risk Assessment

Section 4.3.1 of OHSAS 18001 (Hazard Assessment, Risk Assessment & Determining Controls) was completely changed during the revision process.  Overall, these changes align OHSAS 18001 more closely with other OH&S management system standards such as ANSI/AIHA Z10:2005.

This section now sets out additional details on both the inputs to be considered and the methodology to be used for the hazard identification and risk assessment process.  In addition, specific requirements have been added related to “management of change” and for determining appropriate controls to reduce the OH&S risks that are identified.

The standard now clearly links the requirements in 4.3.1 with those set out in 4.4.6 (operational control) so it is clear that the controls identified during the OH&S planning process need to be implemented and maintained as an integral part of operational control.

Overall, the process can be visualized as set out below:

Risk Assessment Management

In addition to these substantive changes to the standard, the definitions of hazard, risk and risk assessment have changed.  Hazard is now defined as a “source, situation or act with a potential for harm in terms of human injury or ill health, or a combination of these.”  Risk is defined as the “combination of the likelihood of an occurrence of a hazard event or exposure and the severity of injury or ill health that may be caused by the event or exposure.”  Risk assessment is defined as the “process of evaluating the risks arising from a hazard, taking into account the adequacy of any existing controls, and deciding whether or not the risk is acceptable.”

It should be noted that other standards and guidance documents may define “risk assessment” to include the entire process of hazard identification, risk analysis and selection of measures for risk reduction (i.e. “determining controls”).  OHSAS 18001 refers to each of these processes separately and uses the term risk assessment to refer to the risk analysis process only.

There are many different ways and approaches for conducting hazard identification and risk assessment.  Therefore, no one approach will suit every organization.  An organization with limited hazards is not required to implement complex risk assessment procedures.  In addition, different types of hazards may require different risk assessment strategies.  For example, the methodologies for evaluating the risks associated with employee exposure to noise may be distinctly different from the ones used for evaluating equipment safety.  The methodologies selected need to be appropriate for the hazards identified. 

© ENLAR® Compliance Services, Inc. (2007)

July 14, 2007 | 4 Comments More

Participation and Consultation

One of the major criticisms of the 1999 version of OHSAS 18001 was that it was a “management” standard that ignored “labor” interests.  Significant changes were made in section 4.4.3 of the standard to address these concerns.

First, this section of the standard was divided into two sub-sections: Communication and Participation and Consultation.  The requirements in sub-section for internal and external communication are similar to the communication requirements in ISO 14001.  The requirements in sub-section; however, are unique to OHSAS 18001 and focused specifically on getting input from workers and contractors.

An organization’s OHSMS communication procedures now need to address communication with several different parties:

  • internal communication between various departments and functions
  • communicating with visitors to the workplace
  • participation of workers in OHSMS activities
  • communication and consultation with contractors, and
  • consultation with external interested parties, when appropriate

In particular, the procedures developed for worker participation now need to address the following:

  • appropriate involvement in hazard identification, risk assessment and determination of controls
  • appropriate involvement in incident investigation
  • involvement in the development and review of OH&S policies and objectives
  • consultation where there are changes that affect a worker’s OH&S
  • representation on OH&S matters
  • informing workers about the arrangements made for their participation and the identity of their representative(s) on OH&S matters

It should be noted that this worker participation requirement is not strictly a “labor” (employee-employer) issue.  In the context of OHSAS 18001, the OHSMS needs to provide for the participation of all persons performing work under the control of the organization.

July 13, 2007 | 0 Comments More

Improved Alignment with ISO 14001:2004

As discussed in a previous Blog, one of the major drivers in the revision of OHSAS 18001 was alignment with ISO 14001:2004.  When OHSAS 18001 was originally developed in 1999, it was drafted to be consistent with ISO 14001:1996 in language and structure.  When ISO 14001 was revised in 2004, some of the alignment between the standards was lost.

OHSAS 18001:2007 has been aligned in overall structure and numbering with ISO 14001:2004.  In addition, many of the core management system elements (document control, record control, internal audit and management review) are aligned in language as well.

A significant change in OHSAS 18001 that is based on alignment with ISO 14001:2004 is the addition of new requirements related to identification and evaluation of compliance with OH&S legal and other requirements (Sections 4.3.2 and 4.5.2).  Section 4.3.2 now requires that organizations ensure that applicable legal and other requirements are taken into account in establishing, implementing and maintaining their OH&S management systems.  Section 4.5.2, Evaluation of Compliance, is new.  As in ISO 14001, organizations will need to establish a procedure to periodically evaluate their compliance with applicable OH&S legal and other requirements.  This new requirement is more expansive than the requirement in the 1999 standard that organizations provide proactive measures of performance to monitor applicable legislation and regulatory requirements.

Not all of the language in OHSAS 18001 is aligned with ISO 14001:2004.  There are four areas where there are significant differences between the two standards:

  • Identification and evaluation of OH&S hazards and risks (as opposed to the aspect/impact analysis provisions of ISO 14001)
  • Requirements related to worker participation and consultation with other parties such as contractors
  • Selection and implementation of operational controls
  • Specific requirements for incident investigation

© ENLAR® Compliance Services, Inc. (2007)

July 12, 2007 More