Category: Standards & Certification

ISO OHSMS Standard – What Now?

Last week, I did a blog post announcing that ISO had approved moving forward with the development of an occupational health and safety management system standard.

In response, I have gotten the following question – “What now?”

Let me try to answer this question.

ISO has established a Project Committee, ISO PC 283.   This PC is charged with developing this standard.  The standard will be entitled – Occupational Health and Safety Management Systems – Requirements.  The number designation has not yet been announced.

Based on information in the New Work Item Proposal (NWIP), this standard development effort will start later this year with a meeting in the U.K. and conclude with the publishing of an ISO Final Standard – likely in 2016. 

Once published, this ISO standard will replace other country-specific OHSMS standards such as ANSI Z10.  It will also replace OHSAS 18001.

The standard will be a specification standard intended to be used for third-party certification.  This means it will have auditable “shall” clauses.  The development of the standard will be governed by the requirements set out in the ISO directives, including the requirements for management system standards set out in Annex SL.   This means it will have the same top-level structure, use the same terminology and have many of the same core requirements as the other ISO management system standards.

Each ISO member body will have an opportunity to participate and to designate individual experts to represent it in this international standard development process.  These experts will be the ones who draft the language for the OHSMS standard.   Consensus among the experts will be reached in a series of international meetings where the content of the standard is discussed and agreed upon.   Opportunity will also be provided for others to review one or more committee drafts (i.e. CDs) of the standard and to provide comments to the designated experts for their consideration. 

In the United States, the American Society of Safety Engineers (ASSE) has applied to ANSI to become the TAG Administrator.  The activities of this committee will be governed by the ANSI rules for U.S. Technical Advisory Groups.  The members of this TAG will determine the U.S. position for the international standard development meetings held by PC 283 and designate the members of the TAG who will be the U.S. Experts.

Although the ISO OHSMS standard will be developed as a voluntary consensus standard, it is very likely that it will be incorporated into or referenced in other documents.  This may include supply-chain contracts, sustainability frameworks and governmental regulations.  It is this use of the standard that may make conformance with the ISO OHSMS standard mandatory.

What to know more?

For more information about the likely impacts of an ISO OHSMS standard, click on the link below to download your copy of the ENLAR Executive Briefing Paper  –
Impacts of an ISO OH&S Management System Standard.

Have a question about the development of this standard?

Ask it in the comment box below or send me an e-mail at

June 25, 2013 | 0 Comments More

Validity of Certification

I recently got the following question about a blog post I did back in 2009 – OHSAS 18001 “Governing Body”.

The question was –

My company is an Environmental Laboratory in India.  It holds an unaccredited certificate issued by an Indian company.  Can you clarify how far this certificate is valid.

My response –

I can’t answer your question since the answer is specific to your organization, the clients you conduct work for and the laws of your jurisdiction.  For example, in the United States, there are laws that require testing laboratories to be accredited – including those doing certain environmental tests.

As I mentioned in the blog post you referenced, management system standards are used for a variety of different purposes.

One of those purposes is to set out the requirements upon which certification programs are based.  Some of these certifications are reputable and legitimate, whether they are accredited or not.  Others are only sham certifications.  They are issued primarily to deceive or encourage reliance on the part of third parties that is not justified based on the level of investigation actually being performed by the individual or organization providing the certification.

The issue is not so much accreditation or not.  The issue is the credibility of the certification based on the level of due diligence that supports the determination being made.

I posted this question and response because of the increased interest and reliance on OHSMS certification that is being driven by an increase in public sustainability reporting.  It is important to understand that certification alone does not represent due diligence unless it is clear exactly what assessment activities were done to support the certification.

© ENLAR Compliance Services, Inc. (2013)
March 20, 2013 | 0 Comments More

Proposal for an ISO OHSMS Standard

Yesterday, I received a copy of the ISO New Work Item Proposal (NWIP) for a new requirements standard for occupational health and safety management systems.  ANSI has requested that comments on this NWIP be sent to ANSI by April 26, 2013, so ANSI can decide how it will vote on this proposal. 

There are several interesting aspects to this NWIP –

1.  This is a proposal for a Project Committee (PC), not a Technical Committee (TC). 

The distinction is that a Project Committee is authorized to develop a single standard.  This is the approach that was used for the development of ISO 50001:2011 – the ISO Energy Management System standard.  An ISO PC can be converted into a TC in the future but, at least initially, the standard development authority of this ISO committee will be limited solely to the development of the one standard being proposed – an OHSMS requirements document.

2.  Given the past controversy that has surrounded the development of an ISO OHSMS standard, this NWIP includes two additional letters. 

The first is a letter from the Rob Steele, the ISO Secretary General, addressing the right and ability of ISO to deal with the subject area.  The second is a letter from the International Labour Organization (ILO) expressing its concerns with ISO’s decision to proceed with this standard development effort.

3.  Any ISO OHSMS standard will be required to meet the requirements for management system standards that are set out in Annex SL of the ISO Directives. 

What this means is that an ISO OHSMS will not be based on any of the existing OHSMS standards – including OHSAS 18001 or ANSI Z10.  These standards can serve as reference documents but many of the important requirements of an ISO OHSMS will be determined solely by the high-level structure and core common text that are set out in Annex SL. 

ANSI is in the process of circulating this proposal to stakeholder groups in the United States.  I am confident there will be a great deal of discussion of this NWIP.  It is likely that there will be continued disagreement concerning the appropriate venue for developing OH&S standards. 

As set out in BSI’s justication document, the world is markedly different today from what it was when an ISO OHSMS standard was last proposed. 

Today, protection of workers is as much driven by a complex web of supply chain relationships and sustainability initiatives as it is by governmental decrees and enforcement actions.  As show by the success of the certification initiatives that have developed around the handling of electronics waste, publicity and supply chain initiatives can have a greater impact in protecting worker health than governmental rulemaking. 

In addition, given the increased use of outsourcing arrangements, many individuals performing work on an organization’s behalf are no longer employees in the traditional labor law sense.  By extension, worker safety is no longer solely an employment issue.  As explicitly set out in OHSAS 18001, and recognized in several OSHA standards, an organization’s obligation to protect workers extends beyond employees to individuals who are performing work on an organization’s behalf.  This can include a range of parties – including contract workers, employees of contractors, volunteers, visitors to the workplace and employees. 

Worker safety is no longer simply a labor issue to be addressed through governmental action.

Want to know more?

If you want to know more about Annex SL and the revision of ISO 14001, check out my previous blog post – New Year – New Standards.

If you want to review the ISO NWIP for an OHSMS standard click here (note – this document does not include the Justification Study and other attachments to the NWIP but does include copies of the letters discussed above).

© ENLAR Compliance Services, Inc. (2013)
March 13, 2013 | 0 Comments More

An ISO OHSMS Standard?

I have gotten the following question for several readers –

I hear there is an initiative to develop an ISO safety and health management standard.  Will ANSI Z10 be a key input in developing an ISO OHSMS standard?

The short answer is – “I don’t know.”

The longer answer is much more complex and requires delving into the processes – and politics – of international standard development.

It is my understanding that the British Standards Institute (BSI) is seriously considering submitting a proposal to ISO for the development of occupational health and safety management system (OHSMS) standards.

This is not as straightforward as it seems nor does it mean that an ISO OHSMS specification standard, like OHSAS 18001, is a foregone conclusion.

January 16, 2013 | 0 Comments More

Systems vs. Controls

Earlier this month, I attended the ISO Working Group meeting for the revision of ISO 14001 (TC 207/SC1/WG5).  This revision will result in a number of significant changes to the ISO 14001 standard.  These changes are likely to be carried over to a subsequent revision of OHSAS 18001.

There was a great deal of discussion at this meeting about a change that will fundamentally change the nature of the ISO 14001 requirements.  If this change is made, it will entirely transform what the ISO 14001 standard is all about.

The primary focus of the current ISO 14001 standard is on ensuring that an organization being certified has procedures in place to achieve the desired results.  The language of the new revision will change the focus of the certification process to verification of results (i.e. performance). 

October 14, 2012 | 0 Comments More

Managing PLCs in an OHSMS

Earlier this week, I was asked to respond to a question posed on the ASQ Ask the Experts blog. The question requested information about standards applicable to making modifications to PLCs (Programmable Logic Controllers).  In my response, I identified a number of potentially applicable regulations and standards.

As I pointed out in my answer, in order to meet the requirements of OHSAS 18001, an OHSMS must include management of change procedures that assess the potential hazards of PLC modifications prior to any changes being made.

As I thought about the management of change (MOC) procedures I have reviewed over the years, I realized that this has been important deficiency in most of them.  MOC procedures tend to focus on equipment (i.e. hardware) changes and often ignore changes to the software that operates the equipment.  This is a concern because more and more industrial equipment is computer – rather than human – controlled.

How should this issue be addressed in an OHSMS?

  1. Appropriate individuals within the company should become familiar with the PLC requirements set out in any applicable regulations and appropriate consensus standards. (Again, for a list of potentially applicable standards, check out the ASQ blog post.)
  2. Just as equipment is evaluated for developing appropriate lockout-tagout procedures, organizations should develop an up-to-date inventory of their PLCs – focusing first on those computer controls used for safety-related functions or in high-hazard processes (for example, mechanical presses, industrial robots, control of chemical reactions).
  3. Guidelines on maintaining and modifying PLCs (and other computer controls) should be incorporated into existing routine maintenance work orders (e.g. PM databases) and MOC procedures.  Appropriate limitations should be placed on PLC modifications based on the associated risks.
  4. Individuals responsible for maintaining, troubleshooting and modifying PLCs need to trained AND competent.
  5. Periodic reviews need to be conducted to ensure that procedures are being followed, PLCs are used correctly, security measures are in place (to prevent unauthorized “hacking”) and backup copies of PLC programs are retained.

As we move toward a future with more and more computer-controlled operations, having management system processes established to ensure they are functioning as intended will become increasingly important for managing both safety and organizational risks.

© ENLAR Compliance Services, Inc. (2012)
September 20, 2012 | 0 Comments More

ISO 19011 & Audit History

Management system audits are an integral part of every management system.  All of the management system specification standards – including ISO 9001, ISO 14001 and OHSAS 18001 – require that an organization establish and implement an internal audit program.

I have been involved in auditing for over 30 years.

In the 1980’s – I conducted EHS audits world-wide for Bristol-Myers as part of the corporate audit team.

In the 1990’s – I started the decade reviewing a wide range of audit and assessment reports.  As an attorney for U.S. EPA, I evaluated assessments for the purposes of undertaking enforcement actions.  Then, as an attorney in private practice, I helped companies establish internal audit programs.  I also used audit reports prepared by others for advising clients on mergers, acquisitions, commercial loans and property development activities.  In 1997, I shifted my focus to assisting organizations with management system implementation and became a certified EMS Lead Auditor in 1999.

In the 2000’s – I turned my focus to management system audits and the development of audit standards.  I developed and taught numerous auditor training courses – from Lead Auditor Training to customized internal auditor training courses covering multiple disciplines (quality, environmental, OS&G, food safety, security etc.).  I also helped develop international auditing standards and participated as one of the U.S. Experts in the revision of ISO 19011.

I am pleased to announce that I have launched a new website that is based on my extensive experience in auditing:

This website focuses on providing useful information and resources to help auditors and audit program managers develop expertise in management system auditing.  In the blog associated with this site, I will be answering questions about establishing an audit program and providing insight into the intent underlying the language of the ISO standards that set out auditing requirements.

Click here to check out the initial post on this new site – Evidence-Based Auditing.

© ENLAR Compliance Services, Inc. (2012)
May 23, 2012 | 0 Comments More

Worker Health & Safety Principles

I have been spending time reviewing the draft of a new ISO document – Guide 82Guide for addressing sustainability in standards.  (For standards geeks, this document was recently circulated as Committee Draft 2 and is intended to be a guidance document for ISO standard writers.) 

In reviewing this document, I noted that one of the intents of this document is to list general principles of sustainability.  To accomplish this goal, the document lists principles associated with several topics from environmental labeling and sustainable buildings to risk management and social responsibility.  

In reviewing these lists of principles for other areas, I realized that I was not aware of a comparable list of worker health and safety principles.  As I discussed this with other OH&S professionals, they were not aware of any generally-recognized list of worker health and safety principles either.  

I thought about it and came up with the following list of seven principles (modeled after the list of Quality Principles set out in ISO 9000).

 Worker Health and Safety Principles

 1.       Health and Safety Focus

Worker health and well-being is an important organizational resource to be protected through the prevention of injury and ill health.

 2.       Leadership Commitment

Top management needs to provide the leadership and resources necessary for effective management of OH&S issues

 3.       Worker Engagement

Workers need to have the information, opportunities and accountability necessary for them to actively participate in ensuring their own safety

 4.       Factual Approach to Decision Making

Decisions and actions related to evaluating and controlling OH&S risks should, to the extent feasible, be based on the analysis of factual information

 5.       Prioritization of Controls

Hazards should be controlled using process, equipment and facility controls before administrative controls and personal protective equipment are utilized

 6.       Prevention Instead of Reaction

Establishing systematic processes to identify and address OH&S risks is more effective than waiting until after an incident has occurred to react

 7.        Supply Chain Accountability

Organizations need to act ethically when transferring OH&S risks to others in their supply chain

 What do you think?  Let me know by posting a comment to this blog post – or sending me an e-mail at

© ENLAR Compliance Services, Inc. (2012)
April 5, 2012 | 2 Comments More

Integrated Management Systems – R2 Practices


It is clear that integrated management systems represent the future.

This is evident from directives coming from the ISO Technical Management Board (TMB) that require the ISO technical committees to use a standardized structure and definitions for all ISO management system standards.  (Click here to read more about this MSS initiative.)

It is also evident in non-ISO management system standards – such as the Responsible Recycling (R2) Practices standard. 

The R2 Practices is a certification standard developed to help address the improper handling of electronics waste (E-waste).  This “E-Waste Problem” being the health and environmental impacts that result from the improper handling of E-waste – particularly in developing countries.  The R2 Practices standard is made up of 13 Practices that include quality, environmental and OH&S management system requirements – as well as mandatory supply chain management and a demonstration of financial responsibility.

Next Monday, February 27, 2012, I am giving a presentation about this standard at the ISO 9000 Conference in Orlando Florida.  My presentation is entitled Responsible Recycling:  Using Integrated Management Systems for Handling Electronics Waste.  This presentation is part of a conference track entitled Making Integrated Management Systems Work.

In order to provide additional information to conference attendees (there being only so much one can include in a 35 minute presentation), I have launched a new website.  This website focuses specifically on understanding the R2 Practices and implementing the management system processes necessary in order to become certified. 

Interested in how to use a management system to improve management of electronics waste?

Go to to learn more.

p.s. – My presentation isn’t just for “recyclers.”  It outlines five steps that any organization can take to better manage its used electronics.

February 23, 2012 | 0 Comments More

Objectives & OHSAS 18001


At the end of the year, our attention often focuses on planning – the setting of goals and objectives for the coming year.  This can be exciting – plans for launching new projects or products – or it can be depressing – setting aside time to organize old files.


Planning is a key component of an OH&S management system.  The planning section of OHSAS 18001 consists of 3 elements –

  • Identifying hazards and risks (4.3.1)
  • Identifying legal and other requirements (4.3.2)
  • Establishing objectives and programs (4.3.3)

Many organizations put a great deal of time and attention into identifying both their hazards and risks and their legal and other requirements. Often, less attention is paid to establishing objectives and programs.

This lack of attention to objectives and programs may be due, in part, to a lack of clarity about how “objectives” actually fit into a management system.  This lack of clarity about objectives, and their interrelationship with risk management, has been an issue of much heated discussion.  It has lead to a lack of consensus in ISO’s attempt to develop consistent definitions across all of its management system standards (see discussion of ISO’s MSS initiative).

December 29, 2011 | 0 Comments More