The Final Draft International Standard (FDIS) of ISO 45001, the Occupational Health and Safety Management System standard was published in late November with the final version to be published in March 2018. The final standard was published with only very minor changes to the FDIS version. This is the tenth in a series of blogs, in which we describe what the implementing company must do in order to meet the requirement of the standard. We will continue to look at clause 6.1: Actions to address risks and opportunities.
Clause 6.1.2: Hazard identification and assessment of risks and opportunities
Clause 188.8.131.52 Hazard identification
The overall purpose of the risk assessment process is to evaluate the hazards that arise or might arise in the course of the organization’s activities, and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled to eliminate hazards or reduce risks to acceptable levels.
Hazards have the potential to cause injury or ill health. They need to be identified before the risks associated with these hazards can be assessed and, if no controls exist or existing controls are inadequate, effective controls should be implemented according to the hierarchy of controls.
Hazard identification should aim to determine proactively all sources, situations or acts (or a combination of these), arising from an organization’s activities, with a potential for harm in terms of injury or ill health. Examples include:
- Sources (e.g. moving machinery, radiation or energy sources);
- Situations (e.g. working in confined spaces, working at height);
- Acts (e.g. manual handling, wearing PPE).
Hazard identification should consider the different types of hazards in the workplace, including:
- Physical (e.g. slips, trips and falls, entanglement, noise, vibration, harmful energy sources);
- Chemical (e.g. inhalation, contact with or ingestion of chemicals);
- Biological (e.g. contact with allergens or pathogens such as bacteria or viruses);
- Psychosocial (e.g. threat of physical violence, bullying or intimidation);
The organization’s hazard identification process should take account of the following:
- Routine and non-routine activities such as plant cleaning and maintenance, extreme weather conditions, refurbishment and plant start-ups/shut-downs;
- Activities of all persons having access to the workplace including contractors, visitors and home-based workers;
- Human behaviour, capabilities and other human factors;
- Identified hazards originating outside the workplace capable of adversely affecting the health and safety of person under the control of the organization within the workplace;
- Hazards created in the vicinity of the workplace by work-related activities under the control of the organization;
- Infrastructure, equipment and materials at the workplace, whether provided by the organization or others;
- Changes or proposed changes in the organization or its activities;
- Modifications to the OH&S management system, including temporary changes, and their impact on operations, processes and activities;
- Any applicable legal obligations relating to risk assessment and the implementation of necessary controls;
- The design of work areas, processes, installations, machinery/equipment, operating procedures and work organization, including their adaptation to human capabilities;
- Potential emergency situations;
- Changes in knowledge of, and information about, hazards;
- New or changed hazards.
Clause 184.108.40.206 Assessment of OH&S risks and other risks to the OH&S management system
The organization must establish, implement and maintain a process to:
- Assess OH&S risks from the identified hazards, whilst taking into account the effectiveness of existing controls;
- Determine and assess the other risks related to the establishment, implementation and maintenance of the OH&S management system.
An organization needs to apply the process of hazard identification and risk assessment to determine the controls that are necessary to reduce the risks of injury and/or ill health. The purpose of risk assessment is to address the hazards that might arise in the course of the organization’s activities and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled.
This is achieved by:
- Developing a methodology for hazard identification and risk assessment;
- Identifying hazards;
- Estimating the associated risk levels, taking into account the adequacy of existing controls, based on an assessment of the likelihood of the occurrence of a hazardous event or exposure and the severity of injury or ill health that can be caused by the event or exposure;
- Determining whether these risks are acceptable vis a vis the organization’s legal obligations and its OH&S objectives;
- Determining the appropriate risk controls, where these are found to be necessary;
- Documenting the results of the risk assessment;
- Reviewing the hazard identification and risk assessment process on an ongoing basis.
The outputs from the risk assessment process should be used in the implementation and development of other parts of the OH&S management system such as competence, operational planning and control, and monitoring, measurement, analysis and performance evaluation.
There is no single methodology for hazard identification and risk assessment that is suitable for all organizations. Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessments to complex numerical methods with extensive documentation. Individual hazards might require that different methods be used, e.g. an assessment of long term exposure to hazardous substances might need a different method from that taken for equipment safety or for assessing an office workstation. Each organization should choose the method that is appropriate to its scope, nature and size. The chosen approach should result in a comprehensive methodology for the ongoing evaluation of the organization’s risks.
Where the organization’s risk assessment uses descriptive categories for assessing severity or likelihood of harm, these should be clearly defined, e.g. clear definitions of terms such as “likely” and “unlikely” are needed to ensure that different individuals interpret them consistently.
The organization should consider risks to sensitive populations (e.g. pregnant employees) and vulnerable groups (e.g. young workers) as well as any particular susceptibilities of the individuals involved in performing particular tasks (e.g. the ability of an individual to read instructions).
The risk assessment should involve consultation with, and participation by, workers and take into account legal and other requirements.
Risk assessment should be conducted by personnel with competence in risk assessment methodologies and techniques and appropriate knowledge of the organization’s work activities.
The organization should also consider risks which are not directly related to the health and safety of people, but which affect the OH&S management system itself and can have an impact on its intended outcomes.
Risks to the OH&S management system include:
- Failure to understand the context of the organization;
- Failure to address the needs and expectations of relevant interested parties;
- Inadequate consultation and participation of workers;
- Inadequate planning or allocation of resources;
- An ineffectual audit programme;
- An incomplete management review;
- Poor succession planning for key roles;
- Poor engagement by top management.
Clause 220.127.116.11 Assessment of OH&S opportunities and other opportunities to the OH&S management system
The organization must establish, implement and maintain a process to assess:
- OH&S opportunities to enhance OH&S performance, while considering planned changes to the organization, its policies, processes or activities;
- Other opportunities for improving the OH&S management system.
Opportunities to improve OH&S performance can include:
- Consideration of hazards and risks when planning and designing facilities, processes, plant and equipment, and materials;
- Modification of working processes including the alleviation of monotonous and repetitive work;
- Introduction of new technology to ameliorate high-risk activities;
- Collaborating in forums that focus on issues relating to occupational health and safety.
- Introduction of job safety analysis and task-related assessments;
- Implementation of permit-to-work processes;
- Implementation of ergonomic and other injury prevention-related assessments;
- Improvement of the occupational health and safety culture of the organization;
Opportunities to improve the OH&S management system include:
- Enhancing the visibility of top management’s support for the OH&S management system;
- Improving worker consultation and participation in OH&S decision making;
- Enhancing the incident investigation process;
- Improving two-way communication on OH&S issues and promoting OH&S in the work place;
- Expediting corrective actions to address OH&S nonconformities;
- Implementing OH&S objectives with the same passion as other business objectives;
- Improving competency in identifying hazards, dealing with OH&S risks and implementing appropriate controls;
- Adopting a risk assessment approach to conducting OH&S audits;
- Viewing workers at all levels as a key resource of the organization;
- Ensuring that the management review promotes a strategic and critical evaluation of the OH&S management system.