Category: OHSMS Implementation

Objectives & OHSAS 18001


At the end of the year, our attention often focuses on planning – the setting of goals and objectives for the coming year.  This can be exciting – plans for launching new projects or products – or it can be depressing – setting aside time to organize old files.


Planning is a key component of an OH&S management system.  The planning section of OHSAS 18001 consists of 3 elements –

  • Identifying hazards and risks (4.3.1)
  • Identifying legal and other requirements (4.3.2)
  • Establishing objectives and programs (4.3.3)

Many organizations put a great deal of time and attention into identifying both their hazards and risks and their legal and other requirements. Often, less attention is paid to establishing objectives and programs.

This lack of attention to objectives and programs may be due, in part, to a lack of clarity about how “objectives” actually fit into a management system.  This lack of clarity about objectives, and their interrelationship with risk management, has been an issue of much heated discussion.  It has lead to a lack of consensus in ISO’s attempt to develop consistent definitions across all of its management system standards (see discussion of ISO’s MSS initiative).

December 29, 2011 | 0 Comments More

Phases of a Management System

There are 3 phases in adopting a management system approach within an organization –

  1. Establishing a management system
  2. Implementing a management system
  3. Maintaining a management system

The activities associated with each of these phases are distinct.

The activities associated with establishing a management system include – identifying organizational goals and objectives, evaluating existing practices and processes, assigning roles and responsibilities, and writing documentation (e.g. procedures and work instructions).

The activities associated with implementing a management system include – communicating responsibilities, developing competencies and implementing new or revised business practices.

The activities associated with maintaining a management system include – developing performance metrics, evaluating and auditing performance and undertaking corrective and preventive action.

These phases need to be sequential.

Some organizations make the process much more difficult than it needs to be because they attempt to accomplish all three phases at the same time.  This rarely works.

© ENLAR® Compliance Services, Inc. (2011)
November 29, 2011 | 0 Comments More

Correction vs Corrective Action in an EHSMS

In a previous blog, I discussed that an incident is NOT the same as a nonconformity.  An incident is a situation where some kind of harm occurs (or could occur); a nonconformity is defined as “non-fulfillment of a requirement”.  There is often a relationship between the two – but not always.

Similarly, correction and corrective action are NOT the same.

These are defined terms that have been taken from the quality world and applied to EHS management systems.  They are also an entrenched part of registration audits so it is important to understand how registrars define them (i.e. their ISO 9000 definitions).  When registrars issue corrective action requests (CARs), they often request information on any corrections done as well as a description of the corrective action planned.

A correction is defined as “action to eliminate a detected nonconformity”.  In the quality world, correction is often referred to as containment (as in preventing nonconforming product from reaching the customer).  Correction in a QMS can consist of repair, rework, scrapping the product, etc.  The first action taken is often segregation and control of non-conforming product.

This quality concept was incorporated into ISO 14001 as correction and mitigation – as in taking action to mitigate environmental impacts (see Section 4.5.3 a).  The same concept was also incorporated into OHSAS 18001 as correction and mitigation – as in taking action to mitigate OH&S consequences (see Section a).

In all the standards, the focus of correction is on the immediate fix.

corrective action is defined as “action to eliminate the cause of a detected nonconformity or other undesirable situation.” A note to this definition in ISO 9000 states that “there is a distinction between correction and corrective action.”  The distinction is the focus.  In corrective action, the focus is on what CAUSED the nonconformity.

Since the focus of corrective action is on causation, some type of root cause analysis is a prerequisite to defining the appropriate corrective action.

© ENLAR® Compliance Services, Inc. (2011)
October 26, 2011 | 0 Comments More

What is PDCA?

If you are exploring the web looking for information about implementing management systems, pretty soon you will come across the acronym PDCA.  You will quickly discover that PDCA stands for plan-do-check-act but it may not be clear to you what this actually means.

This page provides access to a FREE mini-course that provides clear and concise answers to the following questions –

  •   What is a Management System?
  •   What is PDCA and what does it mean?
  •   Why is PDCA important?
  •   How can I determine if an OHSMS standard is  based on PDCA or not?

This course is about 15  minutes long.  Since it is a flash presentation located on a separate web page, you may need modify your browser settings to allow pop-ups in order to access the course. Also, in order to hear the audio, you will need speakers on your computer. When you are ready to begin, just click on the link below. 

Click here to open – Plan-Do-Check-Act – An Introduction to PDCA

Have comments or questions about this course? 

You can type your questions or comments into the comment box below (you may need to click on the more button if you are on the home page) or send me an e-mail at ecsi2008@ENLAR.c0m.

Did you enjoy this course? 

Check out my Introduction to OHSAS 18001 Course.

This course provides insight into interpreting the OHSAS 18001:2007 requirements as well as expert guidance in implementing an OHSMS for purposes of third-party certification.

© ENLAR® Compliance Services, Inc. (2011)
August 2, 2011 | 0 Comments More

Launching an OHSMS

Last Monday, I watched as Atlantis lifted off from the Kennedy Space Center.  Living in Florida, I heard the sonic boom as it returned early Thursday morning.  I watched on TV as it landed for the last time.

I am saddened by the end of shuttle program and the associated loss of jobs.  Some of those impacted are fellow safety and health professionals. They are friends of mine who have participated in my training programs and helped me by providing references when I have asked.

As I watched the launch, I was struck by the discipline imposed by the formalized processes NASA uses to ensure safety.  The launch was momentarily paused – with only 31 seconds to go – to double check that the GOX Vent Arm had properly retracted and latched.  This was confirmed visually using a closed circuit camera while those watching the launch waited in suspense. 

This is what an occupational health and safety management system is all about.  It is putting processes in place, and using them, to ensure safety.  Many organizations write procedures and checklists.  World-class organizations use them – even when the whole world is watching.

Want help in launching your own management system?  Click here to go the webpage where you can request your copy of ENLAR’s EHSMS Implementation Checklist. 

As a special tribute to the NASA Shuttle Program, I am making it available for FREE for the next month. 

© ENLAR® Compliance Services, Inc. (2011)
July 26, 2011 | 0 Comments More

Irrational Decisions Impact OHSMS Implementation

Last May, I gave a presentation on auditing occupational health and safety management systems at the American Industrial Hygiene Conference (click here to access my blog post about that presentation).   I was followed by a speaker who talked about behavioral considerations in implementing an OH&S management system.  The focus of her presentation was on helping people make rational decisions about safety.

The problem is that individuals do NOT make rational decisions – particularly when it comes to safety and health.

  • They refuse to wash their hands and come to work sick – even though these are the best strategies to prevent a potential epidemic.
  • They talk and text on their cell phones while driving – even though it is as dangerous as drinking and driving.
  • They wear their safety glasses on the top of their head rather than as protection for their eyes – as seen over and over again on HGTV shows.  (I keep meaning to write a letter to HGTV pointing out the poor example they are setting for all of the DIYers in the audience.)

Why do people act irrationally?

My favorite book on this topic is Predictably Irrational (click on the link below to order from Amazon).  In this book, Dan Ariely explores the reasons why individuals appear to act irrationally – this includes overvaluing our possessions, letting options distract us from our real objectives, and following established social norms in the workplace.  As he puts it – “we consistently overpay, underestimate and procrastinate.”

July 19, 2011 | 0 Comments More

Process NOT Perfection

I received the following question from a reader last week –

 When it comes time for our company to be audited on the OHSAS 18001 system, our auditor usually says, “Your Company has not identified ALL the hazards at your facility.”

…  I don’t believe that every potential hazard needs to be identified in order to be compliant.  I always explain this to the auditor, and address what it states in 4.3.1:

“The organization shall establish, implement and maintain a procedure(s) for the ongoing hazard identification, risk assessment, and determination of necessary controls.”

… I don’t feel our auditor is correct in saying we are not compliant because we have not identified all potential hazards.

I really would appreciate your thoughts on this matter.

You are correct in your analysis of the requirement in Section 4.3.1 of OHSAS 18001. What is required – and what auditors should be looking for – is a process NOT perfection.

This is an important distinction and a fundamental principle underlying all of the ISO management system standards and OHSAS 18001.  It is one of the 14 Points for Management that Deming emphasized in his 1982 book, Out of the Crisisand it is what the plan-do-check-act (PDCA) approach is all about.

To illustrate the difference, consider how one goes about controlling a manufacturing line making widgets.  There are 2 different approaches that can be used to ensure quality widgets – an inspection approach and a management system approach.

July 13, 2011 | 0 Comments More

Identifying Applicable Legal Requirements

Last week, I received the following question from a reader about the OHSAS 18001 requirements related to the identification of applicable legal and other requirements  –

We are an OHSAS 18001 certified company…. Our Hazard Identification and Risk assessment (HIRA) first page tells about the legal requirement clause and the legal statements for complying with the HIRA.  Our external auditor (certifying body) insists we insert a column in the HIRA chart to identify what legal requirement clause comes against the control of each identified risk.

1.     Is my auditor correct?

2.     Does the OHSAS 18001 Standards say that?

 My answer –

That is NOT an OHSAS 18001 requirement. I believe your external auditor is confusing the ISO 14001 and OHSAS 18001 requirements. 

Section 4.3.2 of ISO 14001 requires that an organization determine how its applicable environmental legal and other requirements apply to its environmental aspects.  This is often done as your external auditor suggests, although it does NOT have to be done that way.  You can use whatever method is appropriate for your organization.

Section 4.3.2 of OHSAS 18001 does NOT have the same requirement as ISO 14001. It requires that an organization “take into account” its applicable legal other requirements in its OHSMS.  No column, chart, matrix is required.  Nor does it require identifying requirements by individual risk.  This requirement was specifically rejected when OHSAS 18001 was revised in 2007.

© ENLAR® Compliance Services, Inc. (2011)
June 7, 2011 | 1 Comment More

Audit Objectives

In last week’s post, I discussed the two types of sustainability audits required by OHSAS 18001.  In this week’s post, I am going to focus on the objectives necessary for an effective OHSMS internal audit program.

Just as there are different types of sustainability audits, there are different types of objectives required for management system audits.  Importantly, an organization needs both audit program objectives and specific objectives to guide the conduct of each individual audit.  Although the audit program objectives and individual audit objectives are related, they are not necessarily identical.

It is important to remember that an audit and an audit program are not the same thing.  An audit is a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”.  An audit program is “set of one or more audits planned for a specific time frame and directed toward a specific purpose”.  (Definitions from ISO 19011:2002)

OHSAS 18001 requires that an audit program be established. 

An audit program involves more than just doing audits every once and a while.  It requires audit planning and it requires the creation of audit procedures.  As set out in the note to the definition in ISO 19011 –  an audit program includes “all activities necessary for planning, organizing and conducting the audits”.

May 10, 2011 | 0 Comments More

Sustainability Audits

OHSAS 18001 requires both audits of sustainability and audits for sustainability.

What does this mean?  What is the difference?

These two types of audits relate to two different definitions of sustainability.

The first definition, derived from the Brundtland Commission Report’s definition of sustainable development, is “meeting the needs of the present without compromising the ability of future generations to meet their own needs.”  Although originally environmentally focused, this concept has evolved to include other components as well.  Notably, for occupational health and safety, sustainability is seen as including the actions and conditions that affect all members of society including workers (the “social” component). 

The second definition, the dictionary definition, is to “endure without giving way.”  This concept of sustainability is focused on survival and maintenance in the face of changing conditions.  This is often referred to as management of change.  As stated in section of OHSAS 18002, “The organization should manage and control any changes that can affect or impact its OH&S hazards and risks”.

The internal audit element of OHSAS 18001 (section 4.5.5) requires that audits be conducted in order to make the following three types of determinations:

  1.  the OHSMS conforms to the OHSAS 18001 requirements and the organization’s planned arrangements;
  2. the OHSMS is properly implemented and maintained; and
  3. the OHSMS is effective in meeting the organization’s policy and objectives.

Many organizations focus almost exclusively on conducting internal audits to determine conformance – the first type of determination listed in section 4.5.5.  These organizations often ignore the other two purposes of an internal audit listed in OHSAS 18001 – the requirements for sustainability audits.

May 3, 2011 | 0 Comments More