Overview of FDIS ISO 45001 – December 2017

The Final Draft International Standard (FDIS) of ISO 45001, the Occupational Health and Safety Management System standard was published in late November with the final version to be published in February/March 2018. The final standard will be published with only very minor changes to the FDIS version.

The structure of ISO 45001 is based on Annex SL format and terminology. Annex SL was developed to ensure that all ISO management system standards share a common format irrespective of the specific discipline to which they relate.

Annex SL prescribes a high-level structure, identical core text, and common terms and core definitions. ISO 45001 contains the following principal and sub-principal clauses:

Clause 1 Scope

Clause 2 Normative references

Clause 3 Terms and definitions

Clause 4 Context of the organisation

4.1 Understanding the organisation and its context

4.2 Understanding the needs and expectations of workers and other interested parties

4.3 Determining the scope of the OH&S management system

4.4 OH&S management system

Clause 5 Leadership and worker participation

5.1 Leadership and commitment

5.2 OH&S policy

5.3 Organizational roles, responsibilities and authorities

5.4 Consultation and participation of workers

Clause 6 Planning

6.1 Actions to address risks and opportunities

6.2 OH&S objectives and planning to achieve them

Clause 7 Support

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented Information

Clause 8 Operation

8.1 Operational planning and control

8.2 Emergency preparedness and response

Clause 9 Performance evaluation

9.1 Monitoring, measurement, analysis and performance evaluation

9.2 Internal audit

9.3 Management review

Clause 10 Improvement

10.1 General

10.2 Incident, nonconformity and corrective action

10.3 Continual improvement

In the new disposition, the Plan – Do – Check – Act cycle is transposed as follows:

Clause 4: Context of the Organisation; clause 5: Leadership and worker participation; clause 6: Planning; clause 7: Support (Plan)

Clause 8: Operation (Do)

Clause 9: Performance evaluation (Check)

Clause 10: Improvement (Act)

In this blog I propose to highlight the main changes that in ISO 45001 compared to OHSAS 18001 and I will review all of the clauses in greater detail in subsequent blogs.

4.1 Understanding the organisation and its context

The organization must understand the internal and external issues that can impact in a positive or negative manner on its health and safety performance including, inter alia, organizational culture and structure, and the external environment including cultural, social, political, legal, financial, technological, economic, market competition and natural factors of significance to its performance.

4.2 Understanding the needs and expectations of workers and other interested parties

The organization needs to consider who the interested parties are and what their relevant interests might be, e.g. workers, customers, shareholders, suppliers, contractors and legal and regulatory authorities.

4.3 Determining the scope of the OH&S management system

When determining the scope, the organisation must:

• Consider the external and internal issues referred to in clause 4.1;
• Take into account the requirements referred to in clause 4.2;
• Take into account the work-related activities performed.

The scope, once defined, must be available as documented information.

5.1 Leadership and commitment

Top management is expected to demonstrate leadership and commitment to the OH&S management system by taking overall responsibility and accountability for the prevention of work-related injury and ill-health as well as providing safe and healthy working conditions. It is also expected to ensure adequate resources are available to implement, maintain and improve the OH&S management system and ensure that OH&S management system requirements are integrated into the organization’s business processes.

5.4 Consultation and participation of workers

The organization is required to promote worker consultation and participation and, where they exist, workers’ representatives’ engagement in OH&S management system activities.

It must also promote the participation of and consultation with non-managerial workers in a range of health and safety activities including assigning organizational roles and responsibilities, planning internal audits, identifying hazards and conducting risk assessments, determining what needs to be monitored, measured and evaluated and assessing competence requirements and training needs.

6.1 Actions to address risks and opportunities

When planning for the OH&S management system, the organization must consider the organizational context, the needs and expectations of workers and other interested parties and the scope of its OH&S management system in order to determine the risks and opportunities that need to be addressed. Legal and other requirements must also be identified and considered in this clause.

7.5 Documented Information

Documented information replaces control of documents and control of records in OHSAS 18001 and can originate internally or externally.

When ISO 45001 refers to “maintain documented information”, this means ensuring that information is kept up-to-date, e.g. the information contained in documented procedures, manuals, process maps and other documented information such as the health and safety policy and health and safety objectives.

Where ISO 45001 refers to “retain documented information”, this means ensuring that information that is used to provide evidence about whether or not a requirement had been fulfilled is protected against any deterioration or unauthorized change. Examples of retained information include competence, audit findings and management review minutes/actions.

8.1.2 Eliminating hazards and reducing OH&S risks

This clause specifies the hierarchy of controls in order of preference with regard to the elimination of hazards and the reduction of risks.

8.1.3 Management of change

The organization is required to manage temporary and permanent changes that could impact its health and safety performance including inter alia changes to working conditions, equipment and the work force and changes to legal and other requirements.

8.1.4 Procurement

The organization must control the procurement of products and services in order to ensure their conformity to its OH&S management system.

It must co-ordinate its procurement activities with its contractors to identify hazards and assess and control the risks arising from both organizational and contractor activities. Examples of contractor activities include maintenance, construction, operations, security and cleaning.

The organization must also ensure that outsourced functions and processes are controlled.

10.2 Incident, nonconformity and corrective action

Preventive action has been dropped, as it is considered to be a fundamental requirement of the OH&S system in its entirety.

I will expand on these and other clauses of ISO 45001 in subsequent blogs.