ISO45001 Occupational health and safety management systems

ISO45001 Occupational health and safety management systems — Requirements with guidance for use

Systèmes de management de la santé et de la sécurité au travail — Exigences et lignes directrices pour son utilization

ISO/PC 283

Date:    2015-12-01

ISO/DIS 45001

ISO/PC 283/WG 1

Secretariat: SIS

Contents  Page

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of workers and other interested parties

4.3 Determining the scope of the OH&S management system

4.4 OH&S management system

5 Leadership and worker participation

5.1 Leadership and commitment

5.2 OH&S policy

5.3 Organizational roles, responsibilities, accountabilities and Authorities

5.4 Participation and consultation

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 General

6.1.2 Hazard identification and assessment of OH&S risks

6.1.3 Determination of applicable legal requirements and other Requirements

6.1.4 Planning to take action

6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives

6.2.2 Planning to achieve OH&S objectives

7 Support

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Information and communication

7.5 Documented information

7.5.1 General

7.5.2 Creating and updating

7.5.3 Control of documented Information

8 Operation

8.1 Operational planning and control

8.1.1 General

8.1.2 Hierarchy of controls

8.2 Management of change

8.3 Outsourcing

8.4 Procurement

8.5 Contractors

8.6 Emergency preparedness and response

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.1.1 General

9.1.2 Evaluation of compliance with legal requirements and other requirements

9.2 Internal audit

9.2.1 Internal audit objectives

9.2.2 Internal audit process

9.3 Management review

10 Improvement

10.1 Incident, nonconformity and corrective action

10.2 Continual improvement

10.2.1 Continual improvement objectives

10.2.2 Continual improvement process

Annex A (informative)  Guidance on the use of this International Standard

A.1 General

A.2 Normative references

A.3 Terms and definitions

A.4 Context of the organization

A.4.1 Understanding the context of the organization

A.4.2 Understanding the needs and expectations of workers and other interested parties

A.4.3 Scope of the OH&S management system

A.4.4 OH&S management system

A.5 Leadership and worker participation

A.5.1 Leadership and commitment

A.5.2 Policy

A.5.3 Organizational roles, responsibilities, accountabilities and authorities

A.5.4 Participation and consultation

A.6 Planning

A.6.1 Actions to address risks and opportunities

A.6.2 OH&S objectives and planning to achieve them

A.7 Support

A.7.1 Resources

A.7.2 Competence

A.7.3 Awareness

A.7.4 Information and communication

A.7.5 Documented information

A.8 Operation

A.8.1 Operational planning and controls

A.8.2 Management of change

A.8.3 Outsourcing

A.8.4 Procurement

A.8.5 Contractors

A.8.6 Emergency preparedness and response

A.9 Performance evaluation

A.9.1 Monitoring, measurement, analysis and evaluation

A.9.2 Internal audit

A.9.3 Management review

A.10 Improvement

A.10.1 Incident, nonconformity and corrective action

A.10.2 Continual improvement

Alphabetical index of terms

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and nongovernmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives,

Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with

the editorial rules of the ISO/IEC Directives,

Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during  the development  of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For  an explanation on  the  meaning  of ISO  specific terms  and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.

The committee responsible for this document is Project Committee ISO/PC 283, Occupational health and safety management systems.

NOTE TO THIS DRAFT (which will not be included in the published International Standard):

This text has been prepared using the “high-level structure” (i.e. clause sequence, common text and terminology) provided in Annex SL, Appendix 2 of the ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014. This is intended to enhance alignment among ISO’s management system standards, and to facilitate their implementation for organizations that need to meet the requirements of two or more such standards simultaneously.

The text of Annex SL is highlighted in the main body of the text (clauses 1 to 10) by the use of bluefont. This is only to facilitate analysis and will not be incorporated in the final version of ISO 45001.

This new harmonized approach allows for the addition of discipline-specific (in this case OH&S specific) text which has been applied by including the following:

a)specific OH&S management system requirements considered essential to meet the scope of the ISO 45001 standard;

b)requirements and notes to clarify and ensure consistent interpretation and implementation of the common text in the context of an OH&S management system.

Where text from Annex SL has not been applied, this is indicated in blue font with strikeout.

Introduction

0.1 Background

At the time of developing this International Standard, the International Labour Organization (ILO) estimates that 2.3 million people die every year from work-related accidents and diseases. An organization is responsible for the health and safety of its workers and that of other persons under its control who are performing work on its behalf, including promoting and protecting their physical and mental health. The adoption of an occupational health and safety (OH&S) management system is intended to enable an organization to improve its OH&S performance in the enhancement of health and safety at work and to manage its OH&S risks.

NOTE 1  The term "occupational safety and health" ("OSH") has the same meaning as "occupational health and safety" ("OH&S").

NOTE 2  The term "worker" (see 3.3) is defined to include top management (see 3.12), managerial and non-managerial persons.

0.2 Aim of an OH&S management system

The purpose of an OH&S management system is to provide a framework for managing the prevention of death, work-related injury and ill health. The intended outcome is to prevent death, work-related injury and ill health to workers, to improve and provide a safe and healthy workplace for its workers and other persons under its control. An organization’s activities can pose a risk of death, work-related injury and ill health, consequently it is critically important for the organization to eliminate or minimize OH&S risks by taking effective preventive measures. When these measures are applied by the organization through its OH&S management system (supported by the use of appropriate controls, methods and tools, at all levels in the organization) they improve its OH&S performance. It can be more effective and efficient to take early action to address potential opportunities for improvement of OH&S performance.

An OH&S management system can enable an organization to improve its OH&S performance by:

a) developing and implementing an OH&S policy and OH&S objectives;

b) ensuring top management demonstrate leadership and commitment with respect to the OH&S management system;

c) establishing systematic processes which consider its context (see A.4.1) and which take into account its risks and its opportunities;

d) determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or putting in controls to minimize their potential effects;

e) establishing operational controls to eliminate or minimize its OH&S risks;

f) increasing awareness of its OH&S hazards and risks, and associated operational controls, through information, communication and training;

g) evaluating its OH&S performance and seeking to improve it;

h) establishing and developing the necessary competencies;

i) developing and supporting an occupational health and safety culture in the organization;

j) ensuring that workers, and where they exist, workers’ representatives, are informed, consulted and participate.

An OH&S management system can assist an organization to fulfil its applicable legal requirements.

0.3 Success factors

The implementation of an OH&S management system is a strategic and operational decision for an organization. The success of the OH&S management system depends on leadership, commitment and participation from all levels and functions of the organization. The implementation and sustainability of an OH&S management system, its effectiveness and its ability to achieve its objectives are dependent on a number of key factors which can include:

a) top management leadership and commitment;

b) top management developing, leading and promoting a culture in the organization that supports the OH&S management system;

c) participation of workers, and where they exist, workers’ representatives;

d) processes for communication and consultation;

e) allocation of the necessary resources for its sustainability;

f) clear OH&S policies, which are compatible with the overall strategic objectives and direction of the organization;

g) the integration of the OH&S management system into the organization's business processes;

h) the continual evaluation and monitoring of the OH&S management system to improve OH&S performance;

i) OH&S objectives that align with the OH&S policies and reflect the organization's OH&S hazards and risks;

j) awareness of its applicable legal requirements and other requirements;

k) effective processes for identification of OH&S hazards, control of the OH&S risks and taking advantage of OH&S opportunities.

This International Standard, like other International Standards, is not intended to increase or change an organization’s legal requirements.

Demonstration of successful implementation of this International Standard can be used by an organization to give assurance to workers and other interested parties that an effective OH&S management system is in place. Adoption of this International Standard, however, will not in itself guarantee optimal outcomes.

The level of detail, the complexity, the extent of documented information, and the resources needed to ensure the success of an organization's OH&S management system will depend on a number of factors, such as:

― the organization’s context (e.g. number of workers, size, geography, culture, social conditions, applicable legal requirements and other requirements);

― the scope of the organization’s OH&S management system;

― the nature of the organization’s activities and the related OH&S risks.

0.4 Plan-Do-Check-Act cycle  

The basis of the OH&S management system approach applied in this International Standard is founded on the concept of Plan-Do-Check-Act (PDCA), which requires leadership, commitment and participation of workers, and where they exist, workers’ representatives, from all levels and functions of the organization.

The PDCA model is an iterative process used by organizations to achieve continual improvement. It can be applied to a management system and to each of its individual elements, as follows:

• Plan: establish objectives, programmes and processes necessary to deliver results in accordance with the organization’s OH&S policy.

• Do: implement the processes as planned.

• Check: monitor and measure activities and processes with regard to the OH&S policy and objectives, and report the results.

• Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.

This International Standard incorporates the PDCA concept into a new framework, as shown in Figure 1.

Figure 1 — OH&S management system model for this International Standard

NOTE          The numbers given in brackets refer to the clause numbers in this International Standard

0.5 Contents of this International Standard  

This International Standard has adopted the “high-level structure” (i.e. clause sequence, common text and common terminology) developed by ISO to improve alignment among its International Standards for management systems.

This International Standard does not include requirements specific to other management systems, such as those for quality, environmental, security, or financial management, though its elements can be aligned or integrated with those of other management systems.

Clauses 4 to 10 contain requirements that can be used to assess conformity. Annex A provides informative explanations to assist in the interpretation of those requirements.

In this International Standard, the following verbal forms are used:

• “shall” indicates a requirement;

• “should” indicates a recommendation;

• “may” indicates a permission;

• “can” indicates a possibility or a capability.

Information marked as "NOTE" is for guidance in understanding or clarifying the associated requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the terminological data and can contain provisions relating to the use of a term.

The terms and definitions in Clause 3 are arranged in conceptual order, with an alphabetical index provided at the end of the document.

1 Scope  

This International Standard specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organization to provide safe and healthy working conditions for the prevention of work-related injury and ill health and to proactively improve its OH&S performance. This includes the development and implementation of an OH&S policy and objectives which take into account applicable legal requirements and other requirements to which the organization subscribes.

This International Standard is applicable to any organization that wishes to:

a) establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate or minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities;

b) continually improve its OH&S performance and the achievement of its OH&S objectives;

c) assure itself of conformity with its OH&S policy;

d) demonstrate conformity with the requirements of this International Standard.

This International Standard is intended to be applicable to any organization regardless of its size, type and activities and applies to the OH&S risks under the organization’s control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.

This International Standard does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.

This International Standard enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/ wellbeing.

This International Standard does not address issues such as product safety, property damage or environmental impacts, beyond the risks they provide to workers and other relevant interested parties

This International Standard can be used in whole or in part to systematically improve OH&S management. However, claims of conformity to this International Standard are not acceptable unless all its requirements are incorporated into an organization's OH&S management system and fulfilled without exclusion.

NOTE  For further guidance on the intent of the requirements in this International Standard, see Annex A.

2 Normative references  

There are no normative references.

3 Terms and definitions  

For the purposes of this document, the following terms and definitions apply.

3.1 organization  

person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.16)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.

3.2 interested party  

person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or activity

Note 1 to entry: This International Standard sets out requirements (3.8) with respect to workers (3.3) who are also interested parties.

3.3 worker  

person performing work or work-related activities under the control of the organization (3.1)

Note 1 to entry: Persons perform work or work-related activities under various arrangements, paid or unpaid, such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis.

Note 2 to entry: Workers include top management (3.12), managerial and non-managerial persons.

Note 3 to entry: The work or work-related activities performed under the control of the organization may be performed by workers employed by the organization, or other persons, including workers from external providers, contractors, individuals, and situations where the organization has some degree of control over the workers such as agency workers.

3.4 participation  

involvement of workers (3.3) in decision-making process(es) in the OH&S management system (3.11)

3.5 consultation  

process (3.25) by which the organization (3.1) seeks the views of the workers (3.3) before it makes a decision

3.6 workplace  

place under the control of the organization (3.1) where a person needs to be or to go by reason of work

Note 1 to entry: The organization’s responsibilities under the OH&S management system (3.11) for the workplace depends on the degree of control over the workplace.

3.7 contractor  

external organization (3.1) providing services to the organization at a workplace (3.6) in accordance with agreed specifications, terms and conditions

Note 1 to entry: Services may include construction activities.

3.8 requirement  

need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is a custom or common practice for the organization (3.1) andinterested parties (3.2) that the need or expectation under consideration is implied. that is consistent with the OH&S policy (3.15).

Note 2 to entry: A specified requirement is one that is stated, for example in documented information.

3.9 legal requirements and other requirements  

requirements (3.8) established by law that are applicable to the organization (3.1), legally–binding obligations of the organization and requirements to which the organization subscribes

Note 1 to entry: For the purposes of this International Standard, legal requirements and other requirements are those relevant to the OH&S management system (3.11).

Note 2 to entry: Legally-binding obligations may include the provisions in collective agreements.

Note 3 Legal requirements and other requirements include those that identify the persons who are workers’ (3.3) representatives in accordance with laws, regulations, collective agreements and practice.

3.10 management system  

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.14) and objectives(3.15) and processes (3.25) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning and operation, performance evaluation and improvement.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

3.11 occupational health and safety management system  

OH&S management system

management system (3.10) or part of a management system used to achieve the OH&S policy (3.15).

Note 1 to entry: The intended outcomes of the OH&S management system are to prevent injury and ill health (3.18) toworkers (3.3) and to provide safe and healthy workplace(s) (3.4).

Note 2 to entry: The terms “occupational health and safety” (OH&S) and “occupational safety and health” (OSH) have the same meaning.

3.12 top management  

person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the organizationprovided ultimate responsibility for the OH&S management system (3.11) is retained.

Note 2 to entry: If the scope of the management system (3.10) covers only part of an organization, then top management refers to those who direct and control that part of the organization.

3.13 effectiveness  

extent to which planned activities are realized and planned results achieved

3.14 policy  

intentions and direction of an organization (3.1), as formally expressed by its top management (3.12)

3.15 occupational health and safety policy  

OH&S policy

policy (3.14) to prevent work-related injury and ill health (3.18) to worker(s) (3.3) and to provide a safe and healthy workplace(s) (3.6)

3.16 objective  

result to be achieved

Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.25)).

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an OH&S objective (3.17), or by the use of other words with similar meaning (e.g. aim, goal, or target).

Note 4 to entry: In the context of XXX management systems, XXX objectives are set by the organization, consistent with the XXX policy, to achieve specific results.

3.17 occupational health and safety objective  

OH&S objective

objective (3.16) set by the organization (3.1) to achieve specific results consistent with the OH&S policy (3.15)

3.18 injury and ill health  

adverse effect on the physical, mental or cognitive condition of a person

Note 1 to entry: These conditions may include occupational disease, illness and death.

3.19 hazard  

source or situation with a potential to cause injury and ill health (3.18)

3.20 risk  

effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential "events" (as defined in ISO Guide 73:2009, 3.5.1.3) and "consequences" (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated "likelihood" (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.21 occupational health and safety risk  

OH&S risk

combination of the likelihood of occurrence of a work-related hazardous event or exposure(s) and the severity of injury and ill health (3.18) that can be caused by the event or exposures

3.22 occupational health and safety opportunity  

OH&S opportunity

circumstance or set of circumstances that can lead to improvement of OH&S performance (3.28)

3.23 competence  

ability to apply knowledge and skills to achieve intended results

3.24 documented information  

information required to be controlled and maintained by an organization (3.1) and the medium on which it is contained

Note 1 to entry: Documented information can be in any format and media and from any source.

Note 2 to entry: Documented information can refer to:

a) the management system (3.10), including related processes (3.25);

b) information created in order for the organization to operate (documentation);

c) evidence of results achieved (records).

3.25 process  

set of interrelated or interacting activities which transforms inputs into outputs

3.26 procedure  

specified way to carry out an activity or a process (3.25)

Note 1 to entry: Procedures may be documented or not.

3.27 performance

measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings. Results can be determined and evaluated by qualitative or quantitative methods.

Note 2 to entry: Performance can relate to the management of activities, processes (3.25), products (including services), systems or organizations (3.1).

3.28 occupational health and safety performance  

OH&S performance

performance (3.25) related to the effectiveness (3.13) of the prevention of injury and ill health(3.18) toworkers (3.3) and the provision of safe and healthy workplace(s) (3.6)

3.29 outsource (verb)  

make an arrangement where an external organization (3.1) performs part of an organization’s function orprocess (3.25)

Note 1 to entry: An external organization is outside the scope of the management system (3.10), although the outsourced function or process is within the scope.

3.30 monitoring  

determining the status of a system, a process (3.25) or an activity

Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.

3.31 measurement  

process (3.25) to determine a value

3.32 audit  

systematic, independent and documented process (3.25) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).

Note 1 2 to entry: An internal audit is conducted by the organization (3.1) itself, or by an external party on its behalf.

Note 2 to entry: An independent process includes provisions for ensuring objectivity and impartiality.

Note 3 to entry: “Audit evidence” is “records, statements of fact and other information which are relevant to the audit criteria and verifiable” and “audit criteria” are “set of policies (3.16), procedures (3.26) or requirements (3.8) used as a reference against which audit evidence is compared”, as defined in ISO 19011, Guidelines for auditing management systems.

3.33 conformity  

fulfilment of a requirement (3.8)

3.34 nonconformity  

non-fulfilment of a requirement (3.8)

Note 1 to entry: Nonconformity relates to requirements in this International Standard and additional OH&S management system (3.11) requirements that an organization (3.1) establishes for itself.

3.35 incident

occurrence(s) arising out of or in the course of work that could or does result in injury and ill health (3.18)

Note 1 to entry: An incident where injury and ill health occurs is referred to by some as an “accident.”

Note 2 to entry: An incident where no injury and ill health occurs but has the potential to do so may be referred to as a “near-miss”, “near-hit”, “close call”.

Note 3 to entry: Although there can be one or more nonconformities (3.34) related to an incident, an incident can also occur where there is no nonconformity.

3.36 corrective action  

action to eliminate the cause(s) of a nonconformity (3.34) or an incident (3.35) and to prevent recurrence

3.37 continual improvement  

recurring activity to enhance performance (3.27)

Note 1 to entry: Enhancing performance relates to the use of the OH&S management system (3.11) in order to achieve improvement in overall OH&S performance (3.26) consistent with the OH&S policy (3.15) and OH&S objectives (3.17).

Note 2 to entry: Continual does not mean continuous so the activity does not need to take place in all areas simultaneously.

4 Context of the organization  

4.1 Understanding the organization and its context  

The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its OH&S management system.

4.2 Understanding the needs and expectations of workers and other interested parties  

The organization shall determine:

a) the other interested parties, in addition to its workers, that are relevant to the OH&S management system;

b) the relevant needs and expectations (i.e. requirements) of workers and these other interested parties;

c) which of these needs and expectations become applicable legal requirements and other requirements.

NOTE  It is important to determine the different needs and expectations of managerial and non-managerial workers.

4.3 Determining the scope of the OH&S management system  

The organization shall determine the boundaries and applicability of the OH&S management system to establish its scope.

When determining this scope, the organization shall consider :

a) consider the external and internal issues referred to in 4.1;

b) take into account the requirements referred to in 4.2;

c) take into account the work related activities performed.

Once the scope is defined, the OH&S management system shall include activities, products and services within the organization’s control or influence that can impact the organization’s OH&S performance.

The scope shall be available as documented information.

4.4 OH&S management system  

The organization shall establish, implement, maintain and continually improve an OH&S management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.

5 Leadership and worker participation  

5.1 Leadership and commitment  

Top management shall demonstrate leadership and commitment with respect to the OH&S management system by:

a) taking overall responsibility and accountability for the protection of workers’ work-related health and safety;

b) ensuring that the OH&S policy and related OH&S objectives are established and are compatible with the strategic direction of the organization;

c) ensuring the integration of the OH&S management system processes and requirements into the organization’s business processes;

d) ensuring that the resources needed for to establish, implement, maintain and improve the OH&Smanagement system are available;

e) ensuring active participation of workers, and where they exist, workers’ representatives, using consultation and the identification and removal of obstacles or barriers to participation;

f)  communicating the importance of effective OH&S management and of conforming to the OH&Smanagement system requirements;

g) ensuring that the OH&S management system achieves its intended outcome(s);

h) directing and supporting persons to contribute to the effectiveness of the OH&S management system

i) ensuring and promoting continual improvement of the OH&S management system to improve OH&S performance by systematically identifying and taking actions to address nonconformities, opportunities, and work related hazards and risks, including system deficiencies;

j) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility;

k) developing, leading and promoting a culture in the organization that supports the OH&S management system.

NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.

5.2 OH&S policy  

Top management shall establish, implement and maintain an OH&S policy in consultation with workers at all levels of the organization (see 5.3 and 5.4) that:

a) includes a commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health and is appropriate to the purpose, the size and context of the organizationand to the specific nature of its OH&S risks and OH&S opportunities;

b) provides a framework for setting the OH&S objectives;

c) includes a commitment to satisfy applicable legal requirements and other requirements;

d) includes a commitment to the control of OH&S risks using the hierarchy of controls (see 8.1.2);

e) includes a commitment to continual improvement of the OH&S management system (see 10.2) to enhance the organization’s OH&S performance;

f)  includes a commitment to participation, i.e. the involvement of workers’, and where they exist, workers’ representatives, in the decision-making processes in the OH&S management system .

The OH&S policy shall:

— be available as documented information;

— be communicated to workers within the organization;

— be available to interested parties, as appropriate;

— be reviewed periodically to ensure that it remains relevant and appropriate.

5.3 Organizational roles, responsibilities, accountabilities and authorities  

Top management shall ensure that the responsibilities, accountabilities and authorities for relevant roleswithin the OH&S management system are assigned and communicated at all levels within the organizationand maintained as documented information. Workers at each level of the organization shall assume responsibility for those aspects of OH&S management system over which they have control.

Top management shall assign the responsibility and authority for:

a) ensuring that the OH&S management system conforms to the requirements of this International Standard;

b) reporting on the performance of the OH&S management system to top management.

5.4 Participation and consultation  

The organization shall, establish, implement and maintain process(es) for participation (including consultation) in the development, planning, implementation, evaluation and actions for improvement of the OH&S management system by workers at all applicable levels and functions, and where they exist, workers’ representatives.

The organization shall:

a) provide mechanisms, time, training and resources necessary for participation;

b) provide timely access to clear, understandable and relevant information about the OH&S management system;

c) identify and remove obstacles or barriers to participation and minimize those that cannot be removed;

NOTE 1 Obstacles and barriers can include failure to respond to worker inputs or suggestions, language or literacy barriers, reprisals or threats of reprisals and policies or practices that discourage or penalize worker participation.

 d) give additional emphasis to the participation of non-managerial workers in the following:

1) determining the mechanisms for their participation and consultation;

2) hazard identification and assessment of risk (see 6.1, 6.1.1, and 6.1.2);

3) actions to control hazards and risks (see 6.1.4);

4) identification of needs of competence, training and evaluation of training (see 7.2);

5) determining the information that needs to be communicated and how this should be done (see 7.4);

6) determining control measures and their effective use (see 8.1, 8.2, and 8.6);

7) investigating incidents and nonconformities and determining corrective actions (see 10.1);

e) give additional emphasis to the inclusion of non-managerial workers in consultation related to the following:

1) determining the needs and expectations of interested parties (see 4.2);

2) establishing the policy (see 5.2);

3) assigning organizational roles, responsibilities, accountabilities and authorities as applicable (see 5.3);

4) determining how to apply legal requirements and other requirements (see 6.1.3);

5) establishing OH&S objectives (see 6.2.1);

6) determining applicable controls for outsourcing, procurement and contractors (see 8.3, 8.4, and 8.5);

7) determining what needs to be monitored, measured and evaluated (see 9.1.1);

8) planning, establishing, implementing and maintaining an audit programme(s) (see 9.2.2);

9) establishing a continual improvement process (see 10.2.2).

NOTE 2 Participation can include, as applicable, engaging health and safety committees and workers’ representatives.

 NOTE 3 The ILO’s ILS recommend the provision of personal protective equipment (PPE) at no cost to workers, in order to remove an important barrier to participation in the OH&S management system.

6 Planning  

6.1 Actions to address risks and opportunities  

6.1.1 General  

When planning for the OH&S management system, the organization shall consider the issues referred to in 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its OH&S management system) and determine the risks and opportunities that need to be addressed to:

a) give assurance that the OH&S management system can achieve its intended outcome(s);

b) prevent, or reduce, undesired effects;

c) achieve continual improvement.

The organization shall consider the effective participation of workers (see 5.4) in the planning process and, where appropriate, the involvement of other interested parties.

When determining the risks and opportunities that need to be addressed, the organization shall take into account:

a) OH&S hazards and their associated OH&S risks (see 6.1.2.3) and OH&S opportunities (see 6.1.2.4);

b) applicable legal requirements and other requirements (see 6.1.3);

c) risks (see 6.1.2.3) and opportunities (see 6.1.2.4) related to the operation of the OH&S management system that can affect the achievement of the intended outcomes.

The organization shall assess the risks and identify the opportunities that are relevant to the intended outcome of the OH&S management system associated with changes in the organization, its processes, or the OH&S management system. In the case of planned changes, permanent or temporary, this assessment shall be undertaken before the change is implemented (see 8.2).

The organization shall maintain documented information of its:

—  OH&S risks and OH&S opportunities that need to be addressed;

—  processes needed to address risks and opportunities (see 6.1.1 to 6.1.4) to the extent necessary to have confidence they are carried out as planned.

6.1.2 Hazard identification and assessment of OH&S risks  

6.1.2.1 Hazard identification  

The organization shall establish, implement and maintain a process for the on-going proactive identification of hazards arising. The process shall take into account but not be limited to:

a) routine and non-routine activities and situations, including consideration of:

1) infrastructure, equipment, materials, substances and the physical conditions of the workplace;

2) hazards that arise as a result of product design including during research, development, testing, production, assembly, construction, service delivery, maintenance or disposal;

3) human factors;

4) how the work is actually done;

b) emergency situations;

c) people, including consideration of:

1) those with access to the workplace and their activities, including workers, contractors, visitors and other persons;

2) those in the vicinity of the workplace who can be affected by the activities of the organization;

3) workers at a location not under the direct control of the organization;

d) other issues, including consideration of:

1) the design of work areas, processes, installations, machinery/equipment, operating procedures and work organization, including their adaptation to human capabilities;

2) situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organization;

3) situations not controlled by the organization and occurring in the vicinity of the workplace that can cause work-related injury and ill health to persons in the workplace;

e) actual or proposed changes in the organization, its operations, processes, activities and OH&S management system (see 8.2);

f) changes in knowledge of, and information about, hazards;

g) past incidents, internal or external to the organization, including emergencies, and their causes;

h) how work is organized and social factors, including workload, work hours, leadership and the culture in the organization.

6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system  

The organization shall establish, implement and maintain a processes to:

a) assess OH&S risks from the identified hazards taking into account applicable legal requirements and other requirements and the effectiveness of existing controls;

b) identify and assess the risks related to the establishment, implementation, operation and maintenance of the OH&S management system that can occur from the issues identified in 4.1 and the needs and expectations identified in 4.2.

The organization’s methodology(ies) and criteria for assessment of OH&S risks shall be defined with respect to scope, nature and timing, to ensure it is proactive rather than reactive and used in a systematic way. These methodologies and criteria shall be maintained and retained as documented information.

6.1.2.3 Identification of OH&S opportunities and other opportunities  

The organization shall establish, implement and maintain processes to identify:

a) opportunities to enhance OH&S performance taking into account:

1) planned changes to the organization, its processes or its activities;

2) opportunities to eliminate or reduce OH&S risks;

3) opportunities to adapt work, work organization and work environment to workers;

b) opportunities for improving the OH&S management system.

6.1.3 Determination of applicable legal requirements and other requirements  

The organization shall establish, implement and maintain a process to:

a) determine and have access to up-to-date legal requirements and other requirements to which the organization subscribes that are applicable to its hazards and OH&S risks;

b) determine how these legal requirements and other requirements apply to the organization and what needs to be communicated (see 7.4);

c) take these legal requirements and other requirements into account when establishing, implementing, maintaining and continually improving its OH&S management system.

The organization shall maintain and retain documented information on its applicable legal requirements and other requirements and shall ensure that it is updated to reflect any changes.

NOTE Legal requirements and other requirements can result in risks and opportunities to the organization.

6.1.4 Planning to take action  

The organization shall plan:

a) actions to:

1) address these risks and opportunities (see 6.1.2.3 and 6.1.2.4);

2) address applicable legal requirements and other requirements (see 6.1.3);

3) prepare for, and respond to, emergency situations (see 8.6);

b) how to

1) integrate and implement the actions into its OH&S management system processes or other business processes;

2) evaluate the effectiveness of these actions.

The organization shall take into account the hierarchy of controls (see 8.1.2) and outputs from the OH&S management system (see 10.2.2) when planning to take action.

When planning its actions the organization shall consider best practices, technological options, financial, operational and business requirements and constraints.

6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives  

The organization shall establish OH&S objectives at relevant functions and levels to maintain and improve the OH&S management system and to achieve continual improvement in OH&S performance (see Clause 10).

The OH&S objectives shall:

a) be consistent with the OH&S policy;
b) measurable (if practicable); [drafting note: moved to bullet e)]

b) take into account applicable legal requirements and other requirements;

c) take into account the results of the assessment of OH&S risks and OH&S opportunities and other risks and opportunities;

d) take into account the outputs of consultation with workers, and where they exist, workers’ representatives;

e) be measurable (if practicable) or capable of evaluation;

f) be monitored;

g) be clearly communicated (see 7.4);

h) be updated as appropriate.

The organization shall retain documented information on the XXX objectives [drafting note: moved to last paragraph of clause 6.2.2, see line 788]

6.2.2 Planning to achieve OH&S objectives  

When planning how to achieve its OH&S objectives, the organization shall determine:  

a) what will be done;

b) what resources will be required;

c) who will be responsible;

d) when it will be completed;

e) how it will be measured through indicators (if practicable) and monitored, including frequency;

f) how the results will be evaluated;

g) how the actions to achieve OH&S objectives will be integrated into the organization´s business processes.

The organization shall maintain and retain documented information on the OH&S objectives and plans to achieve them.

7 Support  

7.1 Resources  

The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the OH&S management system.

7.2 Competence  

The organization shall:

a) determine the necessary competence of person(s) doing work under its control workers that affects or can affect its OH&S performance;

b) ensure that these workers persons are competent on the basis of appropriate education, induction,training, or experience;

c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;

d) retain appropriate documented information as evidence of competence.

NOTE Applicable actions can include, for example: the provision of training to, the mentoring of, or the re-assignment of currently employed persons; or the hiring or contracting of competent persons.

7.3 Awareness  

Workers Persons doing work under the organization’s control shall be made aware of:

a) the OH&S policy;

b) their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance;

c) the implications of not conforming with the OH&S management system requirements, including the consequences, actual or potential, of their work activities;

d) information and outcome of the investigation of relevant incidents;

e) OH&S hazards and risks that are relevant for them.

NOTE  The ILO’s ILS recommend that where workers identify circumstances of danger or a hazardous environment which can cause injury and ill health, they should be able to remove themselves and inform the organization of the circumstances, without risk of penalization.

7.4 Information and communication  

The organization shall determine the need for internal and external information and communications relevant to the OH&S management system including:

a) on what it will inform about and communicate;

b) when to inform and communicate;

c) who to inform and with whom to communicate:

1) internally among the various levels and functions of the organization;

2) with contractors and visitors to the workplace;

3) with other external or interested parties;

d) how to inform and communicate;

e) how it will receive, maintain documented information on, and respond to relevant communications.

The organization shall define the objectives to be achieved by informing and communicating, and shall evaluate whether those objectives have been met.

The organization shall take into account diversity aspects (for example language, culture, literacy, disability),where they exist, when considering its information and communication needs.

The organization shall ensure that, when appropriate, the views of relevant external interested parties about matters pertinent to the OH&S management system are considered.

7.5 Documented information  

7.5.1 General  

The organization’s OH&S management system shall include:

a) documented information required by this International Standard;

b) documented information determined by the organization as being necessary for the effectiveness of theOH&S management system.

NOTE The extent of documented information for an OH&S management system can differ from one organization to another due to:

― the size of organization and its type of activities, processes, products and services;

― the complexity of processes and their interactions;

― the competence of persons.

7.5.2 Creating and updating  

When creating and updating documented information the organization shall ensure appropriate:

a) identification and description (e.g. a title, date, author, or reference number);

b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);

c) review and approval for suitability and adequacy.

7.5.3 Control of documented Information  

Documented information required by the OH&S management system and by this International Standard shall be controlled to ensure:

a) it is available and suitable for use, where and when it is needed;

b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

For the control of documented information, the organization shall address the following activities, as applicable:

— distribution, access, retrieval and use;

— storage and preservation, including preservation of legibility;

— control of changes (e.g. version control);

— retention and disposition;

— access by workers, and where they exist, workers’ representatives, to relevant documented information.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the OH&S management system shall be identified as appropriate, and controlled.

NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

8 Operation  

8.1 Operational planning and control 

8.1.1 General  

The organization shall plan, implement and control the processes needed to meet requirements of the OH&S management system, and to implement the actions determined in 6.1 Clause 6, by:

a) establishing criteria for the processes;

b) implementing control of the processes in accordance with the criteria;

c) keeping documented information to the extent necessary to have confidence that the processes have been carried out as planned;

d) determining situations where the absence of documented information could lead to deviations from the OH&S policy and the OH&S objectives;

e) adapting work to workers.

On multi-employer workplaces, the organization shall implement a process for coordinating the relevant parts of the OH&S management system with other organizations.

8.1.2 Hierarchy of controls  

The organization shall establish a process and determine controls for achieving reduction in OH&S risks using the following hierarchy:

a) eliminate the hazard;

b) substitute with less hazardous materials, processes, operations or equipment;

c) use engineering controls;

d) use administrative controls;

e) provide and ensure use of adequate personal protective equipment.

8.2 Management of change  

The organization shall establish a process for the implementation and control of planned changes that impact OH&S performance such as:

a) new products, processes or services;

b) changes to work processes, procedures, equipment, or organizational structure;

c) changes to applicable legal requirements and other requirements;

d) changes in knowledge or information about hazards and related OH&S risks;

e) developments in knowledge and technology.

The organization shall control temporary and permanent changes to promote OH&S opportunities and to ensure they do not have an adverse impact on OH&S performance.

The organization shall and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary, including addressing potential opportunities (see Clause 6).

8.3 Outsourcing  

The organization shall ensure that outsourced processes affecting its OH&S management system are controlled. The type and degree of control to be applied to these processes shall be defined within the OH&S management system.

NOTE  The type and degree of control of an outsourced process are part of the OH&S management system, wherever the process is carried out at the workplace.

8.4 Procurement  

The organization shall establish controls to ensure that the procurement of goods (for example products, hazardous materials or substances, raw materials, equipment) and services conform to its OH&S management system requirements.

8.5 Contractors  

The organization shall establish processes to identify and communicate the hazards and to evaluate and control the OH&S risks, arising from the:

a) contractors’ activities and operations to the organization’s workers;

b) organization’s activities and operations to the contractors' workers;

c) contractors’ activities and operations to other interested parties in the workplace ;

d) contractors’ activities and operations to contractors’ workers.

The organization shall establish and maintain processes to ensure that the requirements of the organization's OH&S management system are met by contractors and their workers. These processes shall include the OH&S criteria for selection of contractors.

8.6 Emergency preparedness and response  

The organization shall identify potential emergency situations; assess OH&S risks associated with these emergency situations (see 6.1.2) and maintain a process to prevent or minimize OH&S risks from potential emergencies, including:

a)  the establishment of a planned response to emergency situations and including first aid;

b)  the periodic testing and exercise of emergency response capability;

c) the evaluation and, as necessary, revision of emergency preparedness processes and proceduresincluding after testing and in particular after the occurrence of emergency situations;

d) the communication and provision of relevant information to all workers and at all levels of the organization on their duties and responsibilities;

e) the provision of training for emergency prevention, first aid, preparedness and response;

f) the communication of relevant information to contractors, visitors, emergency response services, government authorities, and, as appropriate, the local community.

In all stages of the process the organization shall take into account the needs and capabilities of all relevant interested parties and ensure their involvement.

The organization shall maintain and retain documented information on the process and on the plans for responding to potential emergency situations.

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.1.1 General

The organization shall establish, implement and maintain a process for monitoring, measurement and evaluation.

The organization shall determine:

a) what needs to be monitored and measured, including:

1) applicable legal requirements and other requirements;

2) its activities and operations related to identified hazards and OH&S risks; risks, and OH&S opportunities;

3) operational controls;

4) the organization’s OH&S objectives;

b) the criteria against which the organization will evaluate its OH&S performance;

c) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;

d) when the monitoring and measuring shall be performed;

e) when the results from monitoring and measurement shall be analyzed, and evaluated and communicated.

The organization shall ensure, as applicable, that monitoring and measurement equipment is calibrated or verified and is used and maintained as appropriate.

NOTE There can be legal requirements or other requirements (e.g. national or international standards) concerning the calibration or verification of monitoring and measuring equipment.

The organization shall retain appropriate documented information as evidence of the results. [drafting note: moved to being the last paragraph in this clause]

The organization shall evaluate the OH&S performance, and determine the effectiveness of the OH&Smanagement system.

The organization shall retain appropriate documented information as evidence of the monitoring, measurement, analysis and evaluation results.

9.1.2 Evaluation of compliance with legal requirements and other requirements

The organization shall plan, establish, implement and maintain a process for evaluating compliance with applicable legal requirements and other requirements (see 6.1.3).

The organization shall:

a) determine the frequency and method(s) by which compliance will be evaluated;

b) evaluate compliance;

c) take action if needed in accordance with 10.1;

d) maintain knowledge and understanding of its status of compliance with legal requirements and other requirements;

e) retain documented information of the compliance evaluation result(s).

9.2 Internal audit

9.2.1 Internal audit objectives

The organization shall conduct internal audits at planned intervals to provide information on whether the OH&S management system:

a) conforms to:

1) the organization’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives;

2) the requirements of this International Standard;

b) is effectively implemented and maintained.

9.2.2 Internal audit process  

The organization shall:

a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, consultation, planning requirements and reporting, which shall take into consideration the importance of the processes concerned and the results of previous audits, as well as:

1) significant changes impacting the organization;

2) performance evaluation and improvement results (see Clauses 9 and 10);

3) significant OH&S risks, risks and OH&S opportunities;

b) define the audit criteria and scope for each audit;

c) select competent auditors and conduct audits to ensure objectivity and the impartiality of the audit process;

d) ensure that the results of the audits are reported to relevant management;

e) ensure that relevant audit findings are reported to relevant workers, and where they exist, workers’ representatives, and relevant interested parties;

f) take appropriate action to address nonconformities (see 10.1) and continually improve its OH&S performance (see 10.2);

g) retain documented information as evidence of the implementation of the audit programme and the audit results.

NOTE  For more information on auditing, refer to ISO 19011 Guidelines for auditing management systems.

9.3 Management review  

Top management shall review the organization’s OH&S management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness.

The management review shall include consideration of:

a) the status of actions from previous management reviews;

b) changes in external and internal issues that are relevant to the OH&S management system including:

1) applicable legal requirements and other requirements;

2) the organization's OH&S risks, risks and OH&S opportunities;

c) the extent to which the OH&S policy and the OH&S objectives have been met;

d) information on the OH&S performance, including trends in:

1) incidents, nonconformities, corrective actions and continual improvement;

2) worker participation and the outputs of consultation;

3) monitoring and measurement results;

4) audit results;

5) results of evaluation of compliance;

6) OH&S risks, risks and OH&S opportunities;

e) relevant communication(s) with interested parties;

f)  opportunities for continual improvement;

g) adequacy of resources for maintaining an effective OH&S management system.

The outputs of the management review shall include decisions related to:
— conclusions on the continuing suitability, adequacy and effectiveness of the OH&S management system;

— continual improvement opportunities and;

— any need for changes to the OH&S management system, including resources needed;

— actions needed, when objectives have not been met.

The organization shall communicate the relevant outputs of the management review to its relevant workers,and where they exist, workers’ representatives (see 7.4.).

The organization shall retain documented information as evidence of the results of management reviews.

10 Improvement

10.1 Incident, nonconformity and corrective action

The organization shall plan, establish, implement and maintain a process to manage incidents and nonconformities including reporting, investigating and taking action.

When an incident or a nonconformity occurs, the organization shall:

a) react in a timely manner to the incident or nonconformity, and, as applicable:

1) take direct action to control and correct it;

2) deal with the consequences;

b) evaluate, with the participation of workers (see 5.4) and the involvement of other relevant interested parties, the need for corrective action to eliminate the root cause(s) of the incident or nonconformity, in order that it does not recur or occur elsewhere, by:

1) reviewing the incident or nonconformity;

2) determining causes of the incident or nonconformity;

3) determining if similar incidents, nonconformities, exist, or could potentially occur;

c) review the assessment of OH&S risks and risks, as appropriate (see 6.1);

d) determine and implement any action needed, including corrective action, in accordance with the hierarchy of controls (see 8.1.2) and the management of change (see 8.2);

e) review the effectiveness of any corrective action taken;

f) make changes to the OH&S management system, if necessary.

Corrective actions shall be appropriate to the effects or potential effects of the incidents or nonconformities encountered.

The organization shall retain documented information as evidence of:

—  the nature of the incidents or nonconformities and any subsequent actions taken;

—  the results of any corrective action, including the effectiveness of the actions taken.

The organization shall communicate this documented information to relevant workers, and where they exist, workers’ representatives, and relevant interested parties.

NOTE  The reporting and investigation of incidents without delay can assist in the removal of hazards and in minimizing associated OH&S risks.

10.2 Continual improvement  

10.2.1 Continual improvement objectives  

The organization shall continually improve the suitability, adequacy and effectiveness of the OH&Smanagement system to:

a) prevent occurrence of incidents and nonconformities;

b) promote a positive occupational health and safety culture;

c) enhance OH&S performance.

The organization shall ensure the participation of workers, as appropriate, in the implementation of its continual improvement objectives.

10.2.2 Continual improvement process  

The organization shall plan, establish, implement and maintain a continual improvement process(es), which takes into account the outputs of the activities described in this International Standard.

The organization shall communicate the results of continual improvement to its relevant workers, and where they exist, workers’ representatives.

The organization shall retain documented information as evidence of the results of continual improvement.

Annex A      further >>>>