I am dealing with an organization that claims it is certified to OHSAS 18001… Does anyone know if there is an accreditation board or other governing body which administrates OHSAS 18001 who would be responsible for auditing conformance with these practices? Or does this system rely solely on internal audits only? (click here to read the entire comment)

There is no one OHSAS 18001 governing body or accreditation board.

As a voluntary international standard, OHSAS 18001 is utilized by organizations in several different ways.

Some companies use OSHAS 18001 as a guidance document to develop their OH&S management system.  In that case, conformance is discretionary and there is no “certification” or “accreditation”.  In this case, verification of conformance relies solely upon the adequacy and effectiveness of the internal audit program.

OHSAS 18001 is also used for purposes of third-party certification. 

Many of the registrars who provide ISO 9001 and ISO 14001 certification also offer OHSAS 18001 certification to their customers.  Because of how OHSAS 18001 was developed (independent of ISO), there are two types of certification being offered by registrars – accredited and unaccredited.   The majority of OHSAS 18001 certifications are unaccredited.

In order to determine the type of certification an organization has, you will need to carefully review the actual certificate.  This can be easier said than done.  Since there is no public access to registration certificates, or any master database of OHSAS 18001 certified companies, you have to get a copy of the certificate from the company that is claiming to be OHSAS 18001 certified.  It is often posted on the wall somewhere.

You would also want to confirm the validity of this certification with the registrar identified on the certificate.  There have been problems with “sham” or fake certificates.  The certificate should also indicate whether or not it is an “accredited” certification and the scope of the certification (what it covers).  In some cases, the actual scope of the certification is narrower than the public relations representations made by the company (certain operations, locations or workers are excluded).

For either accredited or unaccredited certification, the registrar who issued the certificate to the company does periodic audits to determine whether or not the organization has a management system in place that conforms to OSHAS 18001.  Typically, these audits are done either once or twice a year. 

If it is an accredited certification, the registrar’s overall certification program is also periodically reviewed by an independent accreditation body.  This review would not include an in-depth review of each of the certificates issued by the registrar.  The focus of accreditation is primarily on the processes used – not the results achieved.

© ENLAR® Compliance Services, Inc. (2009)

At this meeting I gave a presentation – Challenges & Opportunities in Developing OHSMS Standards – that outlined five common barriers to implementing Occupational Health and Safety Management Systems.  Also giving presentations on this topic were Mike Seymour from OSHA and Barbara Braun from The Joint Commission.  Mike Seymour discussed the OHSMS guidance document that OSHA is currently in the process of developing and Barbara Braun discussed how the Joint Commission standards also include worker safety requirements.  As several of the attendees pointed out, there is a clear and obvious link between patient safety and worker safety.

The purpose of these presentations was to assist the HCSA Sector Council in developing implementation plans for the new National Occupational Research Agenda for this sector (currently out for public comment until the end of October 2009).  A key strategic goal in this agenda is promoting the use of OH&S management systems and improving safety culture in healthcare organizations.

The scary part of the meeting…

The critical issues that need to be addressed to protect health care workers – particularly as it relates to the H1N1 pandemic.  There was a great deal of discussion concerning the precautions that need to be taken related to providing proper respiratory protection - NOT JUST SURGICAL MASKS – and the current lack of hospital preparedness.  The importance of this topic was emphasized by the advisory issued by the Institute of Medicine yesterday that urges health care workers to use N95 respirators instead of surgical masks for protection.

© ENLAR® Compliance Services, Inc. (2009) 

According to the AIAG statement they firmly believe that “the use of formal management systems are necessary for effective management of health safety and environmental programs.” 

AIAG’s concern appears to be that the OHSAS 18001 standard was developed by an independent group – the OHSAS Project Group chaired by BSI – rather than ISO. 

This is where the “politics” comes in.  Despite intensive lobbying by the OHSAS Project Group, ISO appears unwilling to develop an OHS management system standard. 

Why? 

 The International Labor Organization (ILO) has raised objections and several member countries – including the U.S. – have consistently voted against it.  An OHSMS standard seems to be the exception to the rule that any proposed ISO standard-setting activity is guaranteed to be approved.

© ENLAR^® Compliance Services, Inc. (2009)

The purpose of this blog is to provide real-world practical advice to assist you in establishing, documenting, implementing and maintaining an integrated management system.

This website provides information and resources to help you understand the requirements of the various management system standards - ISO 9001, ISO 14001, OHSAS 18001, etc.  In addition, it provides an opportunity for you to post your questions and comments on a variety of management system topics.

An integral part of this blog is the monthly FREE teleseminar that ENLAR will be hosting.  These monthly ”conversations with experts” will provide a unique opportunity for you to BOTH listen to experts on a variety of management system topics AND ask questions for them to answer in their calls.

Click here to check out this new blog.  While you are there, check out the upcoming teleseminars on -

• Revision of ISO 19011 – The Challenge of Drafting a Generic Auditing Standard
• Five Steps for Achieving Employee Engagement

 Thanks!  I hope you like this new site.

© ENLAR^® Compliance Services, Inc. (2009)

This draft accreditation rule sets out the requirements for certification bodies to obtain accreditation to their choice of -

• ANSI/AIHA Z10, Occupational Health and Safety Management Systems (the US standard)
• CSA Z1000, Occupational health and safety management (the Canadian standard)
• BS OHSAS 18001, Occupational health and safety management systems – Requirements (the British standard, which is identical to the international OHSAS 18001:2007 standard)

The overall impact of this rule would be to provide certification bodies (registrars) the ability of obtaining ANAB accreditation of their OHSAS 18001 certification services, something ANAB does not currently offer.  Although some registrars are currently accredited to offer this certification by non-U.S. accreditation bodies, many registrars currently offer non-accredited certification to OHSAS 18001.

The Due Date for providing public comment on this draft rule is September 14, 2008.

The draft rule is short – 3 pages. 

The key points –

• An applicant must be already accredited as conformant to ISO/IEC 17021.
• ANAB plans to leave it up to each certification body to develop its own OHSMS auditor competency criteria.

The draft rule does not provide specific guidance as to what this OHSMS auditor competency criteria needs to be.

This is disappointing since ANSI just completed a revision of the U.S. supplement to ISO 19011 (ANSI/ISO/ASQ QE 19011S-2008, Guidelines for management systems auditing – U.S. Version with supplemental guidance added, published May 19, 2008) which includes guidance on the competencies that OHSMS auditors should possess.  The requirements in the ANSI standard are based on a position paper jointly developed by AIHA, ASSE and ABIH in 2005.

At a minimum, certification bodies should have to consider the guidance set out in this ANSI standard if they want accreditation by an ANSI-ASQ accreditation body.

If you agree, log on and let ANAB know.

© ENLAR^® Compliance Services, Inc. (2008)

It seems that the appropriate definition of competence is now subject of some debate within ISO and may be subject to being “re-defined.”

Competency is a significant component of at least four standards currently under development within ISO –

• ISO 10018 – Quality management: Guidelines on people involvement and competencies
• ISO 14066 – Greenhouse Gases – Competency requirements for greenhouse gas validators and verifiers
• ISO 17021 Part B – Conformity assessment – Requirements for third-party certification auditing of management systems
• ISO 19011 (revision) – Guidelines for management system auditing

Interestingly, each of these standards has apparently rejected the dictionary definition, as well as the ISO 9000 definition, and each ISO Technical Committee appears to be in the process of developing its own concept of competence. 

ISO 10018 is apparently focusing on how “human factors” impact the effective functioning of management systems with the definition of competency being passed to a subcommittee.  ISO 14066 is structured to set out detailed lists of the skills and knowledge that must be possessed by GHG verification and validation teams – with the focus on team rather than individual competency.  The initial committee draft of ISO 17021 defined competence as “personal attributes and ability to apply knowledge and skills” with a heavy focus on personal attributes and generic audit skills but essentially no guidance as to the needed discipline-specific knowledge (e.g. quality, environmental, OH&S).  The revision of ISO 19011 has just begun; however, the issue of auditor competency has already been identified as one of the “hot-button issues” associated with revision of this standard.

A review of the various standards and other reference materials appear to set out three different, and distinct, attributes that underlie competency:

• Attitude and personality traits –who you are
• Knowledge – what you know
• Skills – what you can do

Where the ISO standards seem to diverge is in the relative importance to be given to each attribute (personality vs. knowledge vs. skill) as well as in the specifics of what is actually required and how it should be demonstrated.

What do you think?  What is competency?

© ENLAR^® Compliance Services, Inc. (2008)

To meet the OHSAS 18001 requirements, an organization must:

• Identify its OH&S hazards
• Assess the risks associated with the OH&S hazards that are identified
• Determine the controls that are necessary to reduce OH&S risks to an acceptable level

Identification of OH&S hazards and assessment of the associated risks is one of the primary inputs for setting objectives for continual improvement, identifying training needs and establishing operational controls.

The risk management foundation of OHSAS 18001 is not explicitly found in either ISO 9001 or ISO 14001.   ISO 9001 focuses on identifying customer requirements and achieving customer satisfaction; ISO 14001 focuses on identifying environmental aspects and prevention of pollution.  Although risk management is important to quality and environmental management, neither ISO management system standard explicitly addresses this.

Interestingly, ISO is currently in the process of developing several risk management standards.  According to ISO, these standards are intended to provide guidance to assist organizations in managing risk – including safety and environmental risk.  In addition, according to its Scope statement, ISO 31000 is intended to “harmonize risk management processes and definitions in existing and future standards.”

The ISO risk management standards currently under development include the following:

• Substantial changes to the definition of risk in Guide 73 – Risk management – Vocabulary - Guidelines for use in standards
• Drafting of a new “strategic-level” risk management standard – ISO 31000 – Risk management – Principles and guidelines on implementation
• Adoption of an IEC standard outlining risk assessment methods as an ISO standard – ISO 31010 – Risk Management - Risk Assessment Techniques
• Drafting of a new standard on risk assessment of structures - ISO 13824 - General principles on risk assessment of systems involving structures

This ISO standard-setting activity raises a couple of interesting questions –

1. Will future revisions of ISO 9001 and ISO 14001 include a risk management focus as well?
2. Might risk management become the unifying foundation for an integrated management system standard?

© ENLAR^® Compliance Services, Inc. (2008)

OHSAS 18002 is entitled Occupational health and safety management systems –Guidelines for the implementation of OHSAS 18001:2007.  It is a companion standard to OHSAS 18001:2007.

This standard is currently in the process of being revised and it is out for public comment as a second committee draft (CD2) until August 1, 2008.  This standard will likely be finalized and published before the end of 2008 by BSI.

Whereas OHSAS 18001 is specifically intended to be used for third-party certification, OHSAS 18002 is not.  It is instead intended to provide generic advice concerning the application of OHSAS 18001.  The standard is formatted to set out the text of OHSAS 18001 by section and then explain the requirements of each section of the standard.  The overall purpose is to aid in the understanding and implementation of OHSAS 18001.

To achieve this purpose, OHSAS 18002 sets out lists of items that an organization should consider in implementing the various sections of OHSAS 18001.  For example, in establishing and implementing operational controls (section 4.4.6 of OHSAS 18001), OHSAS 18002 includes bulleted lists of the various types of control measures that could be used for areas such as the following:

• performance of hazardous tasks
• use of hazardous materials
• purchasing of goods, equipment and services
• handling of external personnel or visitors in the workplace.

OHSAS 18002 contains a great deal of guidance about the identification of OH&S hazards, assessing the risks associated with these hazards and the determination of appropriate operational controls to control these risks.  This additional guidance is being provided in OHSAS 18002 because section 4.3.1 of OHSAS 18001 was significantly modified and expanded in the 2007 revision of the standard.

There are specific sections in OHSAS 18002 that cover the following:

• Developing a methodology and procedures for hazard identification and risk assessment
• Hazard identification
• Risk assessment
• Management of change
• Determining the need for controls
• Recording and documenting the results of the hazard identification and risk assessment
• On-going review

© ENLAR^® Compliance Services, Inc. (2008)

Setting aside for the moment whether ISO is the appropriate forum for setting social standards, this raises an equally interesting question:

Should Organized Labor “Own” Occupational Health & Safety?

For the following three reasons – No.

1.  Organized Labor No Longer Represents the Majority of Employees.

Labor union membership continues to plummet.  In 1945, more than one-third of employees in the U.S. belonged to unions; by 1998, union membership had fallen to 13.8 percent.  According to U.S. Department of Labor Statistics, in 2006, the percentage of workers in unions dropped to 12 percent (The Decline of Union Power and How to stem the decline of unions ).

2.  Fewer and Fewer Workers Are Employees.

The traditional employee-employer arrangement is disappearing.  Contingent workers (e.g. temporary contract workers, freelance workers, consultants) represent a substantial, and growing percentage, of the U.S. workforce.  According to various surveys, between 14 and 25 percent of the U.S. workforce is made up of contingent workers.

In addition, with the decline of manufacturing jobs and the raise of service industry jobs, the workplace is now populated with many non-employees – e.g. contractors, temporary agency employees, visitors and patrons. OH&S hazards impact them as well.

3.  Occupational Safety and Health Is Not a Union Priority

Organized labor is being battered.  In addition to losing membership, it is facing many difficult issues — factories closing, benefits vaporizing, pensions disappearing — as well as forced labor, discrimination and globalization.

With all of these difficult issues to address, occupational safety and health is no longer being given much priority in labor organizations.  As an example, in May of 2005, the AFL-CIO eliminated its safety and health department and transferred the remaining staff into a new government affairs department (ASSE article). 

In the past, organized labor was instrumental in improving workplace health and safety conditions.  This no longer seems to be the case.

On its web site, the International Labor Organization (ILO) lists its priorities and fields of action.  Where does occupational safety and health rank in its list of “fields of action“?  Last. In addition, OH&S is not even expressly mentioned in ILO’s list of four strategic objectives.

Should organized labor have a voice in setting OH&S standards?  Definitely.

But so should all those who are not represented by organized labor.

What do you think?  Add your comments below.

© ENLAR^® Compliance Services, Inc. (2007)

The International Organization for Standardization (ISO) is once again considering whether or not it should develop an OH&S Management System Standard (For information about ISO standard-setting activities go to http://www.iso.ch/iso/en/ISOOnline.frontpage)

The Technical Management Board (TMB) of ISO recently sent a survey form to the ISO member bodies (the various national standard-setting organizations from each country) asking for direction on whether to proceed in developing an OHSMS standard and, if so, what kind of standard.

Developing an ISO OHSMS standard has been an area of considerable controversy. Some labor and industry groups have been vehemently opposed to such an ISO standard.  Other interested parties believe that, given the proliferation of different OHSMS standards and increased usage of OHSAS 18001, the time has come for the development of an international consensus standard that supports third-party accreditation of occupational health and safety management systems. (See my prior post on the plethora of OH&S standards that have been developed at http://ohsas18001expert.com/2007/05/15/a-plethora-of-ohs-standards/)

What do you think?

Opinion Polls & Market Research