Category: OHSMS Implementation

Implementing an OHSMS – 7 Steps to Take First

steps1Are you thinking about implementing an occupational health and safety management system?

There are 7 Steps you should take FIRST. 

Want to know what they are?

Sign-up below for my mini-course (delivered to you in 7 e-mail installments) – The 7 Steps to Take Before You Implement an OHSMS.


May 23, 2013 | 0 Comments More


There are a number of websites and political candidates touting the benefits of the Ready-Fire-Aim approach.  Decisiveness is characterized as a virtue; hesitation as a sign of weakness.

Decisive action is good – sometimes.

Sometimes it is fatal.

The classic example of this is when a co-worker rushes into a confined space to save a buddy – and they both end up dead.

Most of the pundits favoring the Ready-Fire-Aim approach are focused on overcoming the negative impacts of inertia within an organization.  They are seeking to address those situations within organizations where endless studies are conducted but action is never taken. 

The want action and they want action NOW.

Inertia is a problem within many organizations that does need to be addressed.  But simply focusing on taking action more quickly – speeding up the response – is not always the answer.

Prior to making changes, it is important consider the downside risks of the action being proposed.

October 21, 2012 | 0 Comments More

Systems vs. Controls

Earlier this month, I attended the ISO Working Group meeting for the revision of ISO 14001 (TC 207/SC1/WG5).  This revision will result in a number of significant changes to the ISO 14001 standard.  These changes are likely to be carried over to a subsequent revision of OHSAS 18001.

There was a great deal of discussion at this meeting about a change that will fundamentally change the nature of the ISO 14001 requirements.  If this change is made, it will entirely transform what the ISO 14001 standard is all about.

The primary focus of the current ISO 14001 standard is on ensuring that an organization being certified has procedures in place to achieve the desired results.  The language of the new revision will change the focus of the certification process to verification of results (i.e. performance). 

October 14, 2012 | 0 Comments More

Managing PLCs in an OHSMS

Earlier this week, I was asked to respond to a question posed on the ASQ Ask the Experts blog. The question requested information about standards applicable to making modifications to PLCs (Programmable Logic Controllers).  In my response, I identified a number of potentially applicable regulations and standards.

As I pointed out in my answer, in order to meet the requirements of OHSAS 18001, an OHSMS must include management of change procedures that assess the potential hazards of PLC modifications prior to any changes being made.

As I thought about the management of change (MOC) procedures I have reviewed over the years, I realized that this has been important deficiency in most of them.  MOC procedures tend to focus on equipment (i.e. hardware) changes and often ignore changes to the software that operates the equipment.  This is a concern because more and more industrial equipment is computer – rather than human – controlled.

How should this issue be addressed in an OHSMS?

  1. Appropriate individuals within the company should become familiar with the PLC requirements set out in any applicable regulations and appropriate consensus standards. (Again, for a list of potentially applicable standards, check out the ASQ blog post.)
  2. Just as equipment is evaluated for developing appropriate lockout-tagout procedures, organizations should develop an up-to-date inventory of their PLCs – focusing first on those computer controls used for safety-related functions or in high-hazard processes (for example, mechanical presses, industrial robots, control of chemical reactions).
  3. Guidelines on maintaining and modifying PLCs (and other computer controls) should be incorporated into existing routine maintenance work orders (e.g. PM databases) and MOC procedures.  Appropriate limitations should be placed on PLC modifications based on the associated risks.
  4. Individuals responsible for maintaining, troubleshooting and modifying PLCs need to trained AND competent.
  5. Periodic reviews need to be conducted to ensure that procedures are being followed, PLCs are used correctly, security measures are in place (to prevent unauthorized “hacking”) and backup copies of PLC programs are retained.

As we move toward a future with more and more computer-controlled operations, having management system processes established to ensure they are functioning as intended will become increasingly important for managing both safety and organizational risks.

© ENLAR Compliance Services, Inc. (2012)
September 20, 2012 | 0 Comments More

Unnecessary Bureaucracy

Many of the recent high-profile instances of organizational failures – such as the BP Deepwater Horizon explosion, Penn State Sandusky scandal and the Barclays Bank Libor manipulation – have resulted in independent investigations.  The point of these investigations is to identify what went wrong in order to prevent similar failures in the future.  Often these investigations result in reports with recommendations for management system changes.

Recently, one commentator characterized one of these reports as follows:

These recommendations are simply the imposition of unnecessary bureaucracy on the hapless many in the organization because of the misconduct of a very few.  In the end, the changes recommended will not work anyway.  What this failure shows is a lack of leadership that management systems can’t solve.

Implicit in this comment are the following assumptions –

  • Management systems are simply bureaucratic burdens that get in the way of doing “real work.”
  • Management systems don’t work; what is important is leadership.

I disagree. 

Taking each of these assumptions in turn –

August 17, 2012 | 0 Comments More

Risk Management Requires ACTION

Although planning is an important part of an occupational health and safety management system, planning alone will not result in improved safety performance unless what is planned is actually done.

There is often a huge gulf between what an organization says about safety and what it actually does.  It is not unusual for the OH&S Policy statement to commit an organization to best-in-class performance when the day-to-day reality is not even close. This is the gap between intention and results.

Implementing a functioning OHSMS means making hard decisions about how an organization is going to use the resources it has available – time, money and infrastructure (e.g. software).  Even if an organization has unlimited funding, It is not possible to actually do everything immediately.  It still takes time, personnel and, very often, infrastructure improvements and organizational culture changes to accomplish lasting improvement in OH&S performance.

Prioritization of what will be done right now is what is critical. 

Saying you are going to take action “someday” does not manage risk.  Writing procedures that set out tasks that cannot actually be completed because the personnel needed to do them are not available does not manage risk. Implementing inspection programs without having the resources available to track and fix the problems that are identified does not manage risk.  Managing risk requires action.

This is why section 4.3.1 of OHSAS 18001 requires that the organization identify the controls that are needed to reduce OH&S risks to acceptable levels and then implement and maintain these controls within the OHSMS.

Obviously, this means implementing the selected control measures.  It also means having “checking” processes in place to ensure that the controls are both maintained (e.g. continuing to be done over time) and actually effective in reducing OH&S risk to acceptable levels.

Many organizations miss this “checking” component associated with implementing OHSAS 18001; yet, it is critical to managing risk. For example –

  • Safety lockouts may fail – yet no one notices or reports the failure since it is “not their job.”
  • Inspections or preventive maintenance is scheduled and tracked – but not actually completed when scheduled because production equipment cannot be shut down.
  • Facility inspections are no longer done – individuals assume that since no one ever reviews the results why bother continuing to do them.
  • Procedures continue to be followed – but the actions being taken do not address the activities or conditions that actually create the real risks (e.g. having two processes that inspect vehicle tires but none that replace windshield wipers).

Yes – plan.  But don’t stop there.  You then need to act and check that the actions being taken actually work.  If they don’t, revise your plans and try again.  In other words – Plan, Do, Check, Act.

For additional information about the importance of resources in an OHSAS 18001 management system, check out these previous blog posts –

© ENLAR Compliance Services, Inc. (2012)
July 25, 2012 | 0 Comments More

Safety Culture – The Power of Habit

Last week I was browsing in an airport bookstore – looking for something to read on the plane. 

I found something truly amazing – at least to me.  A mainstream business book, a best-seller in fact, that had an entire chapter developed to worker safety!

Why was I amazed? 

Lately, it seems the only mention of worker safety is in the context of reducing OSHA regulations in order to unburden business.  Safety is typically demonized as a business burden not touted as a benefit.

Yet here was a book that made the convincing argument that focusing on worker safety was the “keystone habit” that drove the economic turnaround of a multi-billion dollar company.  Wow.

This book – The Power of Habit by Charles Duhigg – focuses on explaining why habits exist, why they are so powerful and how they can be changed.  It provides advice that can be used for changing personal habits – such as overeating chocolate chip cookies.  But it has more. What elevates it above a typical self-help book is that it also discusses the importance of organizational habits – the routines that underlay most business performance. 

As I read this book, I was struck by the similarities and synergies between organizational habits and management systems.  The routines that are the basic building blocks of habits are equivalent to the procedures (i.e. specified ways of conducting activities) that are the basic building blocks of management systems.  It struck me that the reason some organizations get great benefits from implementing management systems and others do not is the extent to which management systems are used to create and promote habits of success.

Are you interested in developing an OHSMS that creates positive cultural change?  Read this book.

© ENLAR Compliance Services, Inc. (2012)
March 27, 2012 | 0 Comments More

The Forgotten R

It is common for the clauses of the management system standards – including OHSAS 18001 – to be known by “shorthand” names.

Clause 4.4.5 of OHSAS 18001 is known as “document control”; clause 4.5.2 is known as “CAPA” (corrective action and preventive action).

Similarly, clause 4.4.1 is often referred to as roles & responsibilities or “R2A2” – roles, responsibilities, authorities, and accountabilities.

What is left out?  The first R – RESOURCES.

OHSAS 18001 requires that the organization [a.k.a. “top management”] “ensure the availability of resources essential to establish, implement, maintain and improve the OH&S management system.”  These resources include human resources and specialized skills, organizational infrastructure, technology and financial resources.

Although there is a great deal of focus these days on reducing cost, the truth is management systems cost money.   An organization can strive to achieve the best value for the money spent; however, spending money is not optional.

One of the mistakes I often see organizations make is attempting to implement an OHSMS “on the cheap” – often by piling additional work onto already overworked staff and by attempting to “repurpose” existing infrastructure, such as data management software.    Although I am all about being cost effective, there is more to an OHSMS then creating documentation using a global search on someone else’s procedures to replace your organization’s name for theirs.  Similarly, the human resources needs of an occupational health and safety management system include individuals with a certain level of competence, specialized skills, and AVAILABLE TIME.  Attempting to save money by using jerry-rigged databases often causes user frustration and results in incomplete and/or meaningless data being collected for analysis.

Nor is an OHSMS a one time purchase. The resource needs of an OHSMS continue and change over time.

As OHSAS 18002 points out (in section 4.4.1) – “Resources and their allocation should be reviewed periodically, via management review, to ensure they are sufficient to carry out OH&S programmes and activities ….the adequacy of resources can be at least partially evaluated by comparing the planned achievement of OH&S objectives with actual results.”

Have you evaluated your OHSMS resource needs?

© ENLAR Compliance Services, Inc. (2012)
February 7, 2012 | 0 Comments More

Circle Back

One of the most commonly missed provision of OHSAS 18001 is the requirement in section e) that the organization’s corrective action procedure define requirements for “reviewing the effectiveness of corrective actions taken.”  This requirement is consistent with similar requirements in Section 4.5.3 e) of ISO 14001:2004 and Section 8.5.2 of ISO 9001:2008 and is often missed in quality and environmental management systems as well.

What this provision requires is that an organization have processes are in place to “circle back” at some later point in time to verify that the corrective actions taken actually worked.

What does this “effectiveness review” need to include?

At a minimum, two determinations are needed –

  1. Was the proposed corrective action done?
  2. Was the action taken “effective”?

First, was it done – was some action actually taken, was the action that was completed what was proposed and has it been sustained?

It is not uncommon to find that the proposed action was never done.  Sometimes, people get “busy” and taking the specified corrective action is constantly “put off until tomorrow” as other priorities take precedence.  In other cases, the action actually undertaken is NOT the action that was initially proposed.  Perhaps the proposed action didn’t actually work when it comes to actually implementing it.  Then there are the situations where changes are made initially but the organization quickly reverts to doing things the old way.

Second, was the action taken “effective” in fixing the issue identified as the nonconformity?

It is not uncommon to find that the action actually taken as corrective action bears little, or no, relationship to “the problem” identified as the nonconformity in the first place.  In the process of evaluating what actions should be taken, it is easy to get sidetracked by other interests and priorities and end up “fixing” something else entirely.  (“Gee, this is a great opportunity to justify getting the new training software we have always wanted.”)

The other difficulty with determining the effectiveness of the action taken is that “effective” is not a defined term and is a very subjective standard.

What qualifies as “effective”?

February 2, 2012 | 0 Comments More

Lack of Focus

An editorial in yesterday’s Tampa Bay Times, discussed the lack of focus within the Occupy movement.  The author, John Romano, described the problem as follows –

They have lots of ideas, but no direction.  Plenty of concepts, but few plans.

The same can often be said of many OH&S management system implementation projects.


This editorial goes on to discuss a New Year’s Eve gathering at the Occupy Tampa location –

They discussed how to greet the new year.  They discussed if a toast was appropriate and what the toast should be.  And who should offer it.

Eventually someone began a countdown.

They had eight seconds to spare.


This reminded me of how some organizations approach OHSAS 18001 certification.

Lots of meetings and conference calls.  Lots of discussion of what should be done – particularly by someone else.

Little “rolling up the sleeves” for taking concrete action. More importantly, little completion – until the countdown for registration starts and there are “eight seconds to spare.”

As with the Occupy movement, too many ideas by too many players and too much accommodation of every perspective leads to a scattered and disjointed approach to an OHSMS. 

At some point, decisions and focus and action are needed. 

In the end, it is better to be done than it is to be perfect. 

After all, there is always next year.

PS – Want help in figuring out your plan for implementing an OHSAS 18001 management system?   Click here to request your copy of ENLAR’s EHSMS Implementation Checklist.

© ENLAR Compliance Services, Inc. (2012)

January 4, 2012 | 0 Comments More