by Laura Burden
As we are all aware, ISO 45001 Occupational health and safety management systems—Requirements with guidance for use (ISO 45001) should be approved early next year and standards such as OHSAS 18001 and AS/NZS 4801 will be phased out over the following three years. However, this new standard shouldn’t be treated as the same as the standards that preceded it and top management should start thinking about the changes it will mean for them.
The following is a summary of my findings from an essay I recently wrote when I compared ISO/DIS 45001.2 and OHSAS 18001 by reviewing the standards and peer-reviewed articles. I thought nothing of this task initially, but what I learned was quite surprising.
From reading the International Organization for Standardization’s (ISO) website it appears their motivation for the new standard is to address some of the millions of workers who die every year because of work-related accidents and diseases. Studies have shown that certified OHS management systems appear to perform better over noncertified systems, however, there is no clear consensus that by adopting OHSAS 18001’s OHS performance within organizations will improve.
ISO 45001 will be the first international standard for OHS management systems. It is thought to be a better option for those organizations that operate internationally through the alignment of their systems and infiltrating through the supply chain. Like ISO 9001:2015 and ISO 14001:2015, ISO 45001 will follow the same design and make integration between the systems easier. All standards follow the same Plan-Do-Check-Act model. ISO 45001 also requires organizations to determine external and internal issues, and interested parties where this contextual stage is aimed at producing more meaningful and purposeful systems.
At nearly double the length of OHSAS 18001, ISO 45001 has more complex requirements. It is considered that this is because OHSAS 18001 hasn’t been interpreted correctly and ISO has simply clarified some requirements. With these additional requirements, organizations will need to be prepared for providing additional resources during the development, implementation, and maintenance stages of their new management system. However, the end result should be a more robust system.
Top management’s commitment
Past studies have identified that critical factors for successful implementation of OHSAS 18001 system was top management’s commitment and support. ISO 45001 has brought about a positive change by placing much more responsibility on top management to demonstrate leadership, commitment, and promoting a positive OHS culture. This may create auditing challenges for top management, but ISO 45001 has made management’s commitments clear and it should only be a matter of obtaining suitable evidence during an audit. Currently, top management isn’t accustomed to being audited and will need to adjust to this requirement. Similarly, auditors will need to adjust to interviewing top management regarding business context, objectives, strategy, and risk.
ISO 45001 places much more responsibility on top management and may lead to a reluctance to adopt it, or to only partially adopt its requirements. Additionally, there will need to be a change in mindset of some organizations whereby accountability of their OHS management systems falls on middle management, and—in some instances—the solo OHS professional. Top management could consider developing a strategy of how they will achieve these requirements, which may differ depending on worker category, type of work, and physical location. Some organizations may also need a different strategy for each of their top managers.
Past studies have identified that the main reason for OHSAS 18001 OHS management system failure was poor collaboration amongst company personnel. In fact, worker engagement and OHS management systems also predict accident rates and performance outcomes, and OHS management systems themselves can predict worker involvement. OHSAS 18001 requires a procedure for representation on OHS matters and to inform them regarding their participation.
ISO 45001 has significantly expanded on the requirements of OHSAS 18001. It has defined the term “worker,” which lends itself to employment situations, contractor arrangements, and even volunteer workers. ISO has also used the word “workers” 32 times, which is a reflection that ISO is attempting to make its standard much more worker-focused and inclusive. Its prolific use and reference to workers’ representatives in ISO 45001 lends itself to a system about the people of the workplace and their representation in organizational decision making. Beneficial outcomes of adopting this practice should drive change and ensure improvements are lasting. For example, when workers are included in ergonomic improvement processes and even recognized individually for their contribution to reducing musculoskeletal disorders.
ISO 45001 appears to require all risks to be identified and differs from that of Annex SL’s risk-based thinking approach. It could become an administrative burden as opposed to the risk-based thinking approach of other standards.
Importantly, ISO 45001 brings in the concept of risk and opportunity, which may serve to identify areas of improvement and which are different to the organization’s objectives. Interestingly and from personal experience, this may have additional and significant legal implications by identifying areas of improvement but then not acting upon them. This potential legal conundrum should probably be assessed before adopting ISO 45001.
ISO 45001 considers new and emerging risks more than OHSAS 18001. These include psychosocial factors such as workload, work hours, victimization, harassment, and bullying. I’ll speculate here that organizations with poor performance in this area may have problems completing this activity correctly and addressing psychosocial problems of contractors may also be confronting for some organizations. Also of note, work psychology is a specialization of organizational psychologists, and with little published in the general arena for identifying and then controlling these risks, this ISO 45001 requirement may be challenging even to mentally healthy organizations, especially when there is an unclear monitoring and auditing requirement.
ISO 45001 has introduced some additional operational requirements. These fit with today’s modern workplace and specifically acknowledge that outsourced processes shall be controlled, procurement shall be managed to conform to its system, and that risks of contractors shall be identified, assessed, and controlled. ISO 45001 has also expanded the explanation of hierarchy of controls and introduced a specific management of change requirement, which when applied correctly could assist to manage risks well in advance of them occurring.
As well challenges relating to auditing top management, there are some other auditing challenges. ISO 45001 refers to documented information covering the manual, procedures, and records in any format which the organization chooses. This may cause auditing challenges because organizations have greater freedom of how to structure their system and record compliance, so auditor interpretation of compliance or noncompliance may vary.
ISO 45001 has acknowledged the modern workplace with many different employers. Subsequently, an audit may require a review of all labor relationships and pose additional challenges and concerns. Given the definition of the worker and scope of the system, the audit could become very complex with principal contractors, sub-contractors, sub-contractors’ contractors, and so on being audited. Contractors may find themselves needing to comply with multiple systems. The auditor will need to understand how the organization has identified its context and require a much higher level of research and planning prior to audits, subsequently, the outcome of the audit and its usefulness may be potentially questioned. With more requirements in the standard, more time may also be required for auditing.
ISO 45001 introduces a requirement to “maintain knowledge and understanding of its compliance status with legal and other requirements,” which is a new obligation as OHSAS 18001 only requires periodic evaluations. This in itself may be challenging for organizations that only perform this activity periodically. However, ISO 45001 would be more beneficial for those organizations with shifting or unstable risks.
ISO 45001 expands management review requirements. These additional requirements place resourcing burdens on organizations, and given now there is increased responsibilities of workers up to top management, all individuals may find they are burdened by their new responsibilities.
In summary, ISO 45001 appears to be a better tool for managing risk and improving OHS performance. Continuous improvement should be far greater with an ISO 45001-compliant system. However, organizations must be fully prepared to provide additional resources for its development, implementation, and ongoing maintenance, and to address some significant issues. As a gross generalization, look at ISO 45001 as being a tool for improving workers’ rights and improving an organization’s OHS performance.
As a general recommendation, any organization looking at adopting ISO 45001 could consider conducting a gap analysis and develop a plan for its development, implementation, and maintenance. Before proceeding any further, top management should comprehend what is involved and endorse the plan, otherwise the OHS management system will probably fail and obviously be impossible to certify.
About the author
Laura Burden s an independent consultant and auditor with over 17 years of experience. She specializes in management systems and plans, audits, and compliance reviews. She has been awarded a Master of Environmental Management and a Bachelor of Science. She is currently studying a Master of Workplace Health and Safety from the University of Newcastle part time. Burden is certified by Exemplar Global as a Principal EMS Auditor and an Associate OHSMS Auditor.