Category: Standards & Certification

Control of Documented Information

In a previous blog, I discussed the new High Level Structure and identical text requirements that has been proposed for all ISO management system standards.  One of the proposed changes is to eliminate the document control and record control elements and replace them with a new provision requiring control of “documented information”.  Documented information is somewhat vaguely defined in this new scheme as “the information required to be controlled and maintained by an organization”.

Although this may be seen as progressive by those who developed this new management system structure, it is likely to create confusion on the part of users of the standards who are not information management experts.

There are important reasons for distinguishing between the documents that  need to be controlled in a management system and record retention requirements.  Even though both document control and record control are control of documented information, their purpose and use is very different.

April 15, 2011 | 0 Comments More

High Level Structure for MS Standards

An initiative has been underway within ISO that is likely to have a significant long-term impact on all management systems within an organization – including occupational health and safety management systems.

This is the development of a document that sets out a common High Level Structure and core definitions to be used in all ISO management system standards.  This document was developed by an ISO Joint Technical Coordination Group (JTCG) tasked by the ISO Technical Management Board (TMB).  It was published as JTCG N44 in December 2010.

January 14, 2011 | 0 Comments More

OHSAS 18001 “Governing Body”

A reader recently posted the following question –

I am dealing with an organization that claims it is certified to OHSAS 18001… Does anyone know if there is an accreditation board or other governing body which administrates OHSAS 18001 who would be responsible for auditing conformance with these practices? Or does this system rely solely on internal audits only? (click here to read the entire comment)

There is no one OHSAS 18001 governing body or accreditation board.

As a voluntary international standard, OHSAS 18001 is utilized by organizations in several different ways.

November 24, 2009 | 0 Comments More

Challenges & Opportunities in Developing OHSMS Standards

This week I had the opportunity to attend and give a presentation at the NIOSH NORA Health Care and Social Assistance Sector Council Meeting in Washington DC.  It was the first NIOSH NORA meeting I have attended and I found the discussion both very enlightening and somewhat scary.

At this meeting I gave a presentation – Challenges & Opportunities in Developing OHSMS Standards – that outlined five common barriers to implementing Occupational Health and Safety Management Systems.  Also giving presentations on this topic were Mike Seymour from OSHA and Barbara Braun from The Joint Commission.  Mike Seymour discussed the OHSMS guidance document that OSHA is currently in the process of developing and Barbara Braun discussed how the Joint Commission standards also include worker safety requirements.  As several of the attendees pointed out, there is a clear and obvious link between patient safety and worker safety.

The purpose of these presentations was to assist the HCSA Sector Council in developing implementation plans for the new National Occupational Research Agenda for this sector (currently out for public comment until the end of October 2009).  A key strategic goal in this agenda is promoting the use of OH&S management systems and improving safety culture in healthcare organizations.

The scary part of the meeting…

The critical issues that need to be addressed to protect health care workers – particularly as it relates to the H1N1 pandemic.  There was a great deal of discussion concerning the precautions that need to be taken related to providing proper respiratory protection - NOT JUST SURGICAL MASKS – and the current lack of hospital preparedness.  The importance of this topic was emphasized by the advisory issued by the Institute of Medicine yesterday that urges health care workers to use N95 respirators instead of surgical masks for protection.

© ENLAR® Compliance Services, Inc. (2009) 
September 4, 2009 | 0 Comments More

AIAG and OHSAS 18001

Apparently the Automotive Industry Action Group (AIAG) issued a position statement in March 2009 stating that although they support the integration of health and safety programs into existing management systems, they will not “specifically mandate OHSAS 18001 certification.”  A recent blog post asked “Is it politics once again?”

According to the AIAG statement they firmly believe that “the use of formal management systems are necessary for effective management of health safety and environmental programs.” 

AIAG’s concern appears to be that the OHSAS 18001 standard was developed by an independent group – the OHSAS Project Group chaired by BSI – rather than ISO. 

This is where the “politics” comes in.  Despite intensive lobbying by the OHSAS Project Group, ISO appears unwilling to develop an OHS management system standard. 

Why? 

 The International Labor Organization (ILO) has raised objections and several member countries – including the U.S. – have consistently voted against it.  An OHSMS standard seems to be the exception to the rule that any proposed ISO standard-setting activity is guaranteed to be approved.

© ENLAR® Compliance Services, Inc. (2009)

April 2, 2009 | 0 Comments More

A NEW blog about Management Systems

I am pleased to announce that ENLAR has launched a new blog – www.managementsystemexpert.com

The purpose of this blog is to provide real-world practical advice to assist you in establishing, documenting, implementing and maintaining an integrated management system.

This website provides information and resources to help you understand the requirements of the various management system standards - ISO 9001, ISO 14001, OHSAS 18001, etc.  In addition, it provides an opportunity for you to post your questions and comments on a variety of management system topics.

An integral part of this blog is the monthly FREE teleseminar that ENLAR will be hosting.  These monthly ”conversations with experts” will provide a unique opportunity for you to BOTH listen to experts on a variety of management system topics AND ask questions for them to answer in their calls.

Click here to check out this new blog.  While you are there, check out the upcoming teleseminars on -

  • Revision of ISO 19011 – The Challenge of Drafting a Generic Auditing Standard
  • Five Steps for Achieving Employee Engagement

 Thanks!  I hope you like this new site.

© ENLAR® Compliance Services, Inc. (2009)

March 11, 2009 | 0 Comments More

ANAB Seeks Comments on OHSMS Accreditation Rule

The ANSI-ASQ National Accreditation Board (ANAB) is seeking public comment on its Draft Accreditation Rule A on OHSMS Program.  ANAB is the U.S. accreditation body for a number of different management system standards, including ISO 9001, ISO 14001 and ANSI/AIHA Z10.  ANAB has posted a link on its web site (under Public Ballots) that provides access to this draft rule.

This draft accreditation rule sets out the requirements for certification bodies to obtain accreditation to their choice of -

  • ANSI/AIHA Z10, Occupational Health and Safety Management Systems (the US standard)
  • CSA Z1000, Occupational health and safety management (the Canadian standard)
  • BS OHSAS 18001, Occupational health and safety management systems – Requirements (the British standard, which is identical to the international OHSAS 18001:2007 standard)
August 29, 2008 More

What is Competency? The Answer Seems Subject To Change.

In a previous blog, I discussed the difference between competency and awareness in an occupational health and safety management system (OHSMS).  In that blog, I used the ISO 9000:2000 definition of competence as “demonstrated ability to apply knowledge and skills” since OHSAS 18001:2007 does not include a definition. 

It seems that the appropriate definition of competence is now subject of some debate within ISO and may be subject to being “re-defined.”

Competency is a significant component of at least four standards currently under development within ISO –

  • ISO 10018 – Quality management: Guidelines on people involvement and competencies
  • ISO 14066 – Greenhouse Gases – Competency requirements for greenhouse gas validators and verifiers
  • ISO 17021 Part B – Conformity assessment – Requirements for third-party certification auditing of management systems
  • ISO 19011 (revision) – Guidelines for management system auditing

Interestingly, each of these standards has apparently rejected the dictionary definition, as well as the ISO 9000 definition, and each ISO Technical Committee appears to be in the process of developing its own concept of competence. 

ISO 10018 is apparently focusing on how “human factors” impact the effective functioning of management systems with the definition of competency being passed to a subcommittee.  ISO 14066 is structured to set out detailed lists of the skills and knowledge that must be possessed by GHG verification and validation teams – with the focus on team rather than individual competency.  The initial committee draft of ISO 17021 defined competence as “personal attributes and ability to apply knowledge and skills” with a heavy focus on personal attributes and generic audit skills but essentially no guidance as to the needed discipline-specific knowledge (e.g. quality, environmental, OH&S).  The revision of ISO 19011 has just begun; however, the issue of auditor competency has already been identified as one of the “hot-button issues” associated with revision of this standard.

A review of the various standards and other reference materials appear to set out three different, and distinct, attributes that underlie competency:

  • Attitude and personality traits –who you are
  • Knowledge – what you know
  • Skills – what you can do

Where the ISO standards seem to diverge is in the relative importance to be given to each attribute (personality vs. knowledge vs. skill) as well as in the specifics of what is actually required and how it should be demonstrated.

What do you think?  What is competency?

© ENLAR® Compliance Services, Inc. (2008)

August 25, 2008 More

OHSAS 18001 & ISO’s Risk Management Standards

As discussed in previous posts, OHSAS 18001:2007 has a foundation based on risk management principles.

To meet the OHSAS 18001 requirements, an organization must:

  • Identify its OH&S hazards
  • Assess the risks associated with the OH&S hazards that are identified
  • Determine the controls that are necessary to reduce OH&S risks to an acceptable level

Identification of OH&S hazards and assessment of the associated risks is one of the primary inputs for setting objectives for continual improvement, identifying training needs and establishing operational controls.

The risk management foundation of OHSAS 18001 is not explicitly found in either ISO 9001 or ISO 14001.   ISO 9001 focuses on identifying customer requirements and achieving customer satisfaction; ISO 14001 focuses on identifying environmental aspects and prevention of pollution.  Although risk management is important to quality and environmental management, neither ISO management system standard explicitly addresses this.

Interestingly, ISO is currently in the process of developing several risk management standards.  According to ISO, these standards are intended to provide guidance to assist organizations in managing risk – including safety and environmental risk.  In addition, according to its Scope statement, ISO 31000 is intended to “harmonize risk management processes and definitions in existing and future standards.”

The ISO risk management standards currently under development include the following:

  • Substantial changes to the definition of risk in Guide 73 – Risk management – Vocabulary - Guidelines for use in standards
  • Drafting of a new “strategic-level” risk management standard – ISO 31000 – Risk management – Principles and guidelines on implementation
  • Adoption of an IEC standard outlining risk assessment methods as an ISO standard – ISO 31010 – Risk Management - Risk Assessment Techniques
  • Drafting of a new standard on risk assessment of structures - ISO 13824 - General principles on risk assessment of systems involving structures

This ISO standard-setting activity raises a couple of interesting questions –

  1. Will future revisions of ISO 9001 and ISO 14001 include a risk management focus as well?
  2. Might risk management become the unifying foundation for an integrated management system standard?

© ENLAR® Compliance Services, Inc. (2008)

June 19, 2008 More

What is OHSAS 18002?

I had a reader ask me: ”How can I learn more about the development of the OHSAS 18002 standard?”

OHSAS 18002 is entitled Occupational health and safety management systems –Guidelines for the implementation of OHSAS 18001:2007.  It is a companion standard to OHSAS 18001:2007.

This standard is currently in the process of being revised and it is out for public comment as a second committee draft (CD2) until August 1, 2008.  This standard will likely be finalized and published before the end of 2008 by BSI.

Whereas OHSAS 18001 is specifically intended to be used for third-party certification, OHSAS 18002 is not.  It is instead intended to provide generic advice concerning the application of OHSAS 18001.  The standard is formatted to set out the text of OHSAS 18001 by section and then explain the requirements of each section of the standard.  The overall purpose is to aid in the understanding and implementation of OHSAS 18001.

To achieve this purpose, OHSAS 18002 sets out lists of items that an organization should consider in implementing the various sections of OHSAS 18001.  For example, in establishing and implementing operational controls (section 4.4.6 of OHSAS 18001), OHSAS 18002 includes bulleted lists of the various types of control measures that could be used for areas such as the following:

  • performance of hazardous tasks
  • use of hazardous materials
  • purchasing of goods, equipment and services
  • handling of external personnel or visitors in the workplace.

OHSAS 18002 contains a great deal of guidance about the identification of OH&S hazards, assessing the risks associated with these hazards and the determination of appropriate operational controls to control these risks.  This additional guidance is being provided in OHSAS 18002 because section 4.3.1 of OHSAS 18001 was significantly modified and expanded in the 2007 revision of the standard.

There are specific sections in OHSAS 18002 that cover the following:

  • Developing a methodology and procedures for hazard identification and risk assessment
  • Hazard identification
  • Risk assessment
  • Management of change
  • Determining the need for controls
  • Recording and documenting the results of the hazard identification and risk assessment
  • On-going review

© ENLAR® Compliance Services, Inc. (2008)

June 9, 2008 More
« Previous PageNext Page »