Tag: ISO 14001

Systems vs. Controls

Earlier this month, I attended the ISO Working Group meeting for the revision of ISO 14001 (TC 207/SC1/WG5).  This revision will result in a number of significant changes to the ISO 14001 standard.  These changes are likely to be carried over to a subsequent revision of OHSAS 18001.

There was a great deal of discussion at this meeting about a change that will fundamentally change the nature of the ISO 14001 requirements.  If this change is made, it will entirely transform what the ISO 14001 standard is all about.

The primary focus of the current ISO 14001 standard is on ensuring that an organization being certified has procedures in place to achieve the desired results.  The language of the new revision will change the focus of the certification process to verification of results (i.e. performance). 

October 14, 2012 | 0 Comments More

Identifying Legal and Other Requirements in an OHSMS

I received a follow-up e-mail from a reader asking for additional clarification about the requirements for identifying legal and other requirements in OHSAS 18001.  Her organization has tasked her with updating their existing ISO 14001 matrix to include “OH&S requirements, aspects and categories”.  She asked whether she was wasting her time given my response to a reader’s question I posted in a previous blog about identifying legal and other requirements.

There are similarities between the requirements in the ISO 14001 and OHSAS 18001 standards.  Section 4.3.2 of OHSAS 18001 – like Section 4.3.2 in ISO 14001 – requires that an organization establish a procedure to identify its applicable legal and other requirements.  (It is important to keep in mind that a procedure is defined as a specified way of doing some activity.)

The majority of companies use some sort of matrix – often a Word table or Excel spreadsheet – to document the results of their determination of which legal and other requirements are applicable to them.  This is often called a Legal Register.  This matrix or Legal Register provides the answer to the question – “What are the legal and other requirements we must comply with?”  (Although creation of a Legal Register is a common practice, it is NOT required.  What is required is that you follow whatever your procedure says you are going to do to identify your applicable legal and other requirements.)

July 7, 2011 | 0 Comments More

Identifying Applicable Legal Requirements

Last week, I received the following question from a reader about the OHSAS 18001 requirements related to the identification of applicable legal and other requirements  –

We are an OHSAS 18001 certified company…. Our Hazard Identification and Risk assessment (HIRA) first page tells about the legal requirement clause and the legal statements for complying with the HIRA.  Our external auditor (certifying body) insists we insert a column in the HIRA chart to identify what legal requirement clause comes against the control of each identified risk.

1.     Is my auditor correct?

2.     Does the OHSAS 18001 Standards say that?

 My answer –

That is NOT an OHSAS 18001 requirement. I believe your external auditor is confusing the ISO 14001 and OHSAS 18001 requirements. 

Section 4.3.2 of ISO 14001 requires that an organization determine how its applicable environmental legal and other requirements apply to its environmental aspects.  This is often done as your external auditor suggests, although it does NOT have to be done that way.  You can use whatever method is appropriate for your organization.

Section 4.3.2 of OHSAS 18001 does NOT have the same requirement as ISO 14001. It requires that an organization “take into account” its applicable legal other requirements in its OHSMS.  No column, chart, matrix is required.  Nor does it require identifying requirements by individual risk.  This requirement was specifically rejected when OHSAS 18001 was revised in 2007.

© ENLAR® Compliance Services, Inc. (2011)
June 7, 2011 | 1 Comment More

OH&S Risk Assessment is NOT a Single Process

One of the requests I commonly get from organizations seeking to integrate occupational health and safety into an existing environmental management system is –

“Can you provide a generic risk assessment process I can just plug into my aspect/impact procedure?”

The short answer to this request is “No.”

This is the fundamental difference between the OHSAS 18001 and the ISO 14001 standards.  To conform to ISO 14001, many organizations have a single aspect/impact evaluation process.  It may be complex and involve several factors and complicated calculations but it is typically one process.  This is not the case for OHSAS 18001 hazard identification and risk assessment.

To quote from the OHSAS 18002 guidance –

Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessment to complex quantitative analyses with extensive documentation.  Individual hazards may require that different methods be used, e.g. an assessment of long term exposure to chemicals may need a different method than that taken for equipment safety or for assessing an office workstation.  Each organization should choose approaches that are appropriate to its scope, nature and size, and which meet its needs in terms of detail, complexity, time, cost and availability of reliable data.  Taken together, the chosen approaches should result in a comprehensive methodology for the ongoing evaluation of the organization’s risk.

In other words – there is no simplistic answer or cookie-cutter methodology.  It is not one process but several that, when taken together, make up a comprehensive risk management strategy.

© ENLAR® Compliance Services, Inc. (2008)

August 29, 2008 More