Continually Improving Your OH&S Management System

August 14, 2007

Yesterday, I discussed areas to concentrate on for maintaining your OHSAS 18001 management system.  What about continual improvement of your occupational health and safety management system?

 Section 4.1 of OHSAS 18001:2007 sets out five general requirements for an OH&S management system -

  1. establishing a management system
  2. documenting your management system
  3. implementing your management system
  4. maintaining your management system
  5. continually improving your management system

The first three of these tasks (establishing, documenting and implementing your OHSMS) are typically completed up-front when an organization makes changes to its existing OH&S programs to conform to OHSAS 18001.  Maintaining and continually improving the occupational health and safety management system are different - they are on-going tasks that are never done.  They are the requirements that transform an OHSMS from “a dusty binder on a shelf” to a meaningful part of an organization’s overall management system.

Continual improvement is an important requirement of an OHSAS 18001 management system.  It is one of the commitments an organization must make in its OH&S policy.  It is a major reason why an organization sets OHSMS objectives (section 4.3.3) and measures OH&S performance (section 4.5.1).  It is “the lenses” through which outputs from management review are viewed.  Section 4.6 of OHSAS 18001 states “The outputs from management reviews shall be consistent with the organization’s commitment to continual improvement….”

So what is continual improvement? 

OHSAS 18001:2007 defines it as the “recurring process of enhancing the OH&S management system in order to achieve improvements in overall OH&S performance consistent with the organization’s OH&S policy.”

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in OHSMS Implementation, OHSAS 18001:2007 Revisions Comments 0 Comments »   Trackback This Post

Maintaining Your OH&S Management System

August 13, 2007

Last week, a reader e-mailed me the following question –”What are the most important areas to concentrate on in maintaining an OHSAS 18001 management system that is already in place?”

This is an excellent question.  Sometimes organizations put so much effort into developing and implementing an occupational health and safety management system, they run out of energy when it comes to its on-going maintenance.

There are two areas that are particularly important for maintaining your OHSMS –

  • On-Going Management of Change
  • An Effective Internal Audit Program

To quote the Greek philosopher Heraclitus - Nothing endures but change

Since change is a constant in all organizations (in activities, products, people, responsibilities, etc.), addressing the occupational health and safety impacts of those changes is a major challenge.  That is why OHSAS 18001:2007 added explicit management of change requirements (check out my previous blog - “What is Management of Change?” - for information on what these requirements are).

An effective internal audit program is also important for maintaining your management system.  It lets you know whether your efforts have been successful or if changes are needed. It is also the primary means for top management to fulfill its management review responsibilities - to determine whether the OH&S management system continues to be suitable, adequate and effective.

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in FAQ, OHSMS Implementation Comments 0 Comments »   Trackback This Post

Occupational Health & Social Responsibility

August 10, 2007

I attended the meeting of the U.S. Technical Advisory Group for ISO TC 207 this week (TC 207 is the ISO technical committee that develops international environmental management system standards).  It was held at the same venue where the U.S. delegates to the ISO Working Group on Social Responsibility were having their meeting.  According to my discussions with a colleague who attended that meeting, progress on the ISO Social Responsibility standard is slow. 

It reminded me of my thoughts after attending the American Industrial Hygiene Conference in Philadelphia this year.  One of the “hot” topics at the conference was the setting of occupational exposure limits (OELs). With the European Union’s REACH legislation coming into force, determining appropriate occupational exposure limits has become an important concern for many companies. 

It is not; however, really a new issue.

Recently, when I was reviewing some old files, I came across a World Health Organization (WHO) Technical Report published in 1977.  The title of the publication — Methods used in establishing permissible levels in occupational exposure to harmful agents.

This report is a summary of the conclusions of a WHO Expert Committee that met in August of 1976 for the purposes of reviewing the information available on methods used to establish permissible limits, providing advice to developing countries on appropriate approaches and identifying gaps in knowledge.

What did I find interesting in this report, almost 30 years later?

The Recommendations. 

I found the following particularly poignant:

“Industrial nations should ensure that multinational corporations and national aid programmes fulfill their ethical responsibility to consider occupational health needs.  Industrial development should be planned to prevent and not repeat the lamentable mistakes of the past that caused serious occupational health problems.  Multinational companies have a responsibility to ensure that permissible levels accepted by these companies in developed nations are not ignored in developing nations…”

Unfortunately, this recommendation is as relevant today as it was in 1977. 

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in Standards & Certification Comments 0 Comments »   Trackback This Post

International Standards - Building On Each Other

August 3, 2007

When you get involved in developing international standards, you quickly discover that they build one upon another.  The definitions used in OHSAS 18001 are from ISO 14001 - those definitions came from ISO 9000 which, in turn, came from other standards before it.  Similarly, standards are now being developed using OHSAS 18001 as a model.  If you are interested in standard-setting - or you want to have input into the standards that may impact you as a safety professional - you should check out the standard currently being developed by the European Committee for Standardization (CEN).

CEN, in conjunction with other key stakeholders, is drafting a Laboratory Biorisk Management Standard.  This standard, based in part on the language in OHSAS 18001:2007, is being developed to set the requirements necessary to control the risks associated with activities in laboratories where biological agents are handled and to enable organizations to seek certification by external third parties.  It is a management system standard, based on plan-do-check-act, that is intended to be compatible with ISO 9001, ISO 14001 and OHSAS 18001.

The draft standard is out for public comment until September 25, 2007.  A copy of the draft standard is available at http://www.cen.eu/cenorm/businessdomains/technicalcommitteesworkshops/workshops/ws31.asp 

 © ENLAR® Compliance Services, Inc. (2007)

Category Posted in Standards & Certification, Upcoming Events Comments 2 Comments »   Trackback This Post

Incidents vs. Nonconformities in OHSAS 18001:2007

August 2, 2007

In a previous blog, I listed five significant changes made to OHSAS 18001 in the 2007 revision.  One of these significant changes is the clarification of the role of incident investigation in an occupational health and safety management system (OHSMS).  In particular, incident investigation is now a separate subsection of section 4.5.3 – Incident investigation, nonconformity, corrective action and preventive action with its own specific requirements.

 

An incident is not the same as a nonconformity.   

 

First, the definitions are not the same.  OHSAS 18001 uses the ISO 9000 and ISO 14001 definition of a nonconformity – the non-fulfillment of a requirement.  An incident is defined in OHSAS 18001 as a “work-related event(s) in which an injury or ill health (regardless of severity) or fatality occurred, or could have occurred.”  An accident is a particular type of incident in which an injury or illness actually occurs. A near-miss is an incident where no injury or illness occurs.  Therefore, an incident can be either an accident or a near-miss.

 

An incident may relate to a nonconformity – but then again, it may not.  It is possible to have accidents and near-misses even if an organization has fulfilled its occupational health and safety management system requirements.  Similarly, an organization may have nonconformities, e.g. “paperwork” issues, which would not be considered incidents.

 

Not all incidents are the same. 

 

  • Some incidents are catastrophic disaster events (i.e. emergencies) such as bridge collapses or explosion.

  • Some incidents involve unseen hazards, e.g. exposure to chemical releases or biological agents.

  • Some incidents involve human factors or behaviors, some involve equipment failure, some involve faulty procedures or processes, and some involve all of these.

  • Some involve multiple injuries and deaths; in others, there are no injuries.

Therefore, an organization’s incident investigation procedure needs to be flexible enough to deal with a variety of different types of incidents. 

Want some ideas for conducting incident investigations? 

Check out the links to various sites on preparing incident investigation reports at

http://ncsp.tamu.edu/reports/default.htm

 

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in OHSMS Implementation, OHSAS 18001:2007 Revisions Comments 6 Comments »   Trackback This Post

What is Accountability?

July 27, 2007

In the 2007 revision of OHSAS 18001, a requirement was added for allocating, documenting and communicating accountabilities — as well as responsibilities. While accountability is not defined in OHSAS 18001, it is an important concept in a management system.  The dictionary definition is “the state of being accountable, liable or answerable.”  According to wikipedia, the word “accountability” is an extension of the terminology used in money lending systems that first developed in Ancient Greece.  One would borrow money from a money lender and would then be held responsible for their account to that party. 

It is worthwhile, in this context, to explore the differences between authority, responsibility and accountability in an organization:    

  • Authority is the right to make a decision or take an action
  • Responsibility is the obligation to ensure that an action is taken
  • Accountability is to be answerable for a particular activity or action to a particular entity

Although clearly related, these terms are not synonymous.  One may have the authority to take a certain action – for example, to spend money on behalf of the organization – but not be obligated to take that action.  Similarly, an individual may have an obligation to do something – for example, to ensure the organization complies with a particular legal requirement – but not be accountable.  The organization may lack a mechanism to hold that individual responsible (answerable) even if compliance is lacking.  Similarly,  an individual may be held accountable – e.g. fired for a particular action – even if he or she did not have the authority or the responsibility to accomplish the activity in question.  

There are five key elements of an effective accountability system: 

  1. Clearly specified standards for authority and responsibility
  2. Adequate resources to meet the assigned responsibilities
  3. Monitoring and assessment of individual performance
  4. Appropriate consequences for taking or failing to take action
  5. Consistent and unbiased application of accountability standards

It should be noted that accountability is not necessarily the same as blame.  Often, organizations seek to assign accountability only when they are looking for someone to blame.

  How can you distinguish the difference?   

In most organizations, much of what is done requires a group effort where no one person is completely responsible for a particular action or decision.  In addition, accountability goes hand-in-hand with authority and responsibility.  This means that, generally, those with the greatest accountability will be highest up in the organization.  Therefore, if you are truly attempting to identify who is accountable, the result will be a list of people that includes individuals at the top, as well as the bottom, of the org chart.  If you are seeking to assign blame, usually finding a single “fall guy” will be sufficient. 

Top managers need to keep in mind the sign President Truman kept on his desk to remind him who was accountable.  It read:  The BUCK STOPS here!

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in FAQ, OHSAS 18001:2007 Revisions Comments 3 Comments »   Trackback This Post

How is OHSAS 18001 Different?

July 25, 2007

As mentioned in a previous blog, there are many different OH&S management system standards and guidance documents that have been developed over the years.  The 2005 survey conducted by the OHSAS Working Group identified 44 specification and 43 guidance documents in use around the world.  There are three factors, when taken together, distinguish OHSAS 18001 from other OH&S management system standards:

  • Alignment with ISO 14001
  • Use in Third-party Certification
  • Development as a Global Standard

Category Posted in Uncategorized Comments 0 Comments »   Trackback This Post

What is “Management of Change?”

July 18, 2007

Although it is often used as a term of art in the safety field, “management of change” is not a defined term in OHSAS 18001:2007.  It is, however; vital to an effective OH&S management system.    

Explicit requirements for management of change were added into section 4.3.1 of OHSAS 18001 in the 2007 revision of the standard.  This addition was an explicit request of the American Industrial Hygiene Association for purposes of aligning OHSAS 18001 with the U.S. Occupational Health and Safety Management System standard – ANSI/AIHA Z10-2005.  In addition, management of change is also an explicit requirement for safety management systems implemented to comply with the Seveso II Directive (see Annex III of EU Council Directive 96/82/EC).  

The following requirements related to management of change were added in section 4.3.1: 

The procedures for hazard identification and risk assessment shall take into account:  

 g) changes or proposed changes in the organization, its activities or materials; h) modifications to the OH&S management system, including temporary changes, and their impacts on operations, processes and activities;….  For the management of change, the organization shall identify the OH&S hazards and risks associated with changes in the organization, the OH&S management system or its activities, prior to the introduction of such changes.  In addition, reference to Management of Change was also included in section 4.4.6: 

The organization shall determine those operations and activities that are associated with the identified hazard(s) where the implementation of controls is necessary to manage the OH&S risk(s).  This shall include the management of change (see 4.3.1). 

These new requirements cover four important concepts: 

  • Identification of the hazards associated with “change”
  • Assessment of the risks associated with “change”
  • Consideration of OH&S hazards and risks prior to the introduction of the “change”
  • Implementation of the controls needed to address the hazards and risks associated with the “change”

For purposes of management of change within an OH&S management system, the changes that need to be addressed include: 

  • Organizational changes (e.g. personnel or staffing changes)
  • Activity changes (e.g. changes to processes, equipment, infrastructure, software)
  • Material changes (e.g. new chemicals, packaging)
  • Changes to the OH&S management system (e.g. procedures)

Why is management of change so important? 

Ineffective management of change is one of the leading causes of serious incidents.  To quote the U.S. Chemical Safety and Hazard Investigation Board (CSB), “In industry, as elsewhere, change often brings progress.  But it can also increase risks that, if not properly managed, create conditions that may lead to injuries, property damage or even death.” (from CSB press release announcing its 8/28/2001 Safety Bulletin concerning “Management of Change”)  Ineffective management of change is one of the major contributing factors in many of the incident investigations conducted by the CSB.  To check it out, go to the CSB web site at http://www.csb.gov  and enter “management of change” as your search term at the link “Search this Site.” 

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in OHSAS 18001:2007 Revisions Comments 0 Comments »   Trackback This Post

New Requirements for Risk Assessment

July 14, 2007

Section 4.3.1 of OHSAS 18001 (Hazard Assessment, Risk Assessment & Determining Controls) was completely changed during the revision process.  Overall, these changes align OHSAS 18001 more closely with other OH&S management system standards such as ANSI/AIHA Z10:2005.

This section now sets out additional details on both the inputs to be considered and the methodology to be used for the hazard identification and risk assessment process.  In addition, specific requirements have been added related to “management of change” and for determining appropriate controls to reduce the OH&S risks that are identified.

The standard now clearly links the requirements in 4.3.1 with those set out in 4.4.6 (operational control) so it is clear that the controls identified during the OH&S planning process need to be implemented and maintained as an integral part of operational control.

Overall, the process can be visualized as set out below:

Risk Assessment Management

In addition to these substantive changes to the standard, the definitions of hazard, risk and risk assessment have changed.  Hazard is now defined as a ”source, situation or act with a potential for harm in terms of human injury or ill health, or a combination of these.”  Risk is defined as the “combination of the likelihood of an occurrence of a hazard event or exposure and the severity of injury or ill health that may be caused by the event or exposure.”  Risk assessment is defined as the “process of evaluating the risks arising from a hazard, taking into account the adequacy of any existing controls, and deciding whether or not the risk is acceptable.” 

It should be noted that other standards and guidance documents may define ”risk assessment” to include the entire process of hazard identification, risk analysis and selection of measures for risk reduction (i.e. “determining controls”).  OHSAS 18001 refers to each of these processes separately and uses the term risk assessment to refer to the risk analysis process only.

There are many different ways and approaches for conducting hazard identification and risk assessment.  Therefore, no one approach will suit every organization.  An organization with limited hazards is not required to implement complex risk assessment procedures.  In addition, different types of hazards may require different risk assessment strategies.  For example, the methodologies for evaluating the risks associated with employee exposure to noise may be distinctly different from the ones used for evaluating equipment safety.  The methodologies selected need to be appropriate for the hazards identified. 

© ENLAR® Compliance Services, Inc. (2007)

Category Posted in Standards & Certification, OHSAS 18001:2007 Revisions Comments 2 Comments »   Trackback This Post

Participation and Consultation

July 13, 2007

One of the major criticisms of the 1999 version of OHSAS 18001 was that it was a “management” standard that ignored “labor” interests.  Significant changes were made in section 4.4.3 of the standard to address these concerns.

First, this section of the standard was divided into two sub-sections:  4.4.3.1 Communication and 4.4.3.2 Participation and Consultation.  The requirements in sub-section 4.4.3.1 for internal and external communication are similar to the communication requirements in ISO 14001.  The requirements in sub-section 4.4.3.2; however, are unique to OHSAS 18001 and focused specifically on getting input from workers and contractors.

An organization’s OHSMS communication procedures now need to address communication with several different parties:

  • internal communication between various departments and functions
  • communicating with visitors to the workplace
  • participation of workers in OHSMS activities
  • communication and consultation with contractors, and
  • consultation with external interested parties, when appropriate

In particular, the procedures developed for worker participation now need to address the following:

  • appropriate involvement in hazard identification, risk assessment and determination of controls
  • appropriate involvement in incident investigation
  • involvement in the development and review of OH&S policies and objectives
  • consultation where there are changes that affect a worker’s OH&S
  • representation on OH&S matters
  • informing workers about the arrangements made for their participation and the identity of their representative(s) on OH&S matters

It should be noted that this worker participation requirement is not strictly a “labor” (employee-employer) issue.  In the context of OHSAS 18001, the OHSMS needs to provide for the participation of all persons performing work under the control of the organization.

Category Posted in OHSAS 18001:2007 Revisions Comments 0 Comments »   Trackback This Post

« Previous Entries
Next Entries »