9 essentials you need to know about OHSAS 18001 and ISO 45001.

OHSAS 18001, ISO 45001

1. What are OHSAS 18001 and ISO 45001?

If you work for a large organisation you have probably seen the abbreviations OHSAS and ISO and know that they are related to safety.

But, what exactly do the letters stand for.

If you would like to find out or have other questions about OHSAS 18001 and ISO 45001 but, are too embarrassed to ask, then this article is for you.

They are both standards relating to how organisations should manage occupational health and safety (OH&S).

OHSAS 18001 and ISO 45001 help organisations prevent injuries and ill health to anyone who could be affected by what they do.

And anyone means just about anyone, person or organisation and it includes:

  • workers,
  • contractors,
  • visitors,
  • customers and,
  • general public.

These standards apply to any organisation regardless of size or what they do – you adjust the detail and complexity of your documents to suit; one size really does fit all.

They do not give you detailed instructions on what you must do.

Instead they help you to organise your company so that your own people can figure out what you need to do –  a risk based approach where you think for yourself rather than the law trying to anticipate everything that could go wrong and making a rule to prevent it.

They will help you to:

  • Write a policy statement about what you are trying to achieve – your intentions.
  • Identify the risks that could stop you from achieving your goals.
  • Plan what you are going to do about your risks.
  • Assign roles and responsibilities.
  • Organise your workforce and establish good reporting relationships.
  • Establish lines of communication and consultation.
  • Identify the things that you will need in the way of: documents, people, training and resources.
  • Monitor how well you are doing and how to bring about continual improvement.

2. What does OHSAS and ISO stand for?

OHSAS stands for Occupation Health and Safety Assessment Series. I don’t know why they added the final word “series” since I am only aware of OHSAS 18001 and OHSAS 18002.

OHSAS 18002 is a guideline on how to implement OHSAS 18001.

OHSAS 18001 is a widely recognised standard since more than 90,000 organisations, in more than 127 countries, meet the OHSAS 18001 standard.

No doubt many more follow it but have not been formally accredited.

ISO stands for International Organisation for Standards – you are right it should be IOS.

However, the ISO has three official languages: English, French, and Russian.

In French it should be OIN and in Russian it should be three letters from the Cyrillic script – they went for ISO after pulling three letters out of a hat; luckily no Russian letters came out (just kidding – if anyone knows how it came to be ISO then please let me know).

ISO represents a worldwide group of national standards bodies – referred to as member bodies.

Technical committees produce new standards and each member body has the right to be represented on any of the committees.

OHSAS 18001 is often incorrectly called ISO 18000 or ISO 18001.

ISO 18001 is a standard on radio frequencies.

3. Who wrote OHSAS 18001 and ISO 45001?

OHSAS 18001 is a British Standards Institute standard and ISO 45001 is a standard from the International Organisation for Standards.

OHSAS 18001 is from the British Standards Institution (BSI) – the national standards body of the UK.

OHSAS 18001 was first published in 1999.

OHSAS 18001 is based on HSG65 “managing for health and safety’ which was published by the UK Health and Safety Executive in 1991; the third edition of this document is dated 2013.

HSG65 is still a very useful document since it provides additional supporting information. A free pdf download is available or you can buy a hardcopy for £15.

I haven’t been able to locate a free copy of OHSAS 18002 but you can buy it for £100.

ISO 45001 is based on OHSAS 18001. It was proposed in March 2013 and a standards writing committee has been working on ISO 45001 since June 2013.

Many organisations from more than 60 countries have commented on the standard. Countries contributing to the standard include: most of Europe, USA, China, India, and Japan; so ISO 45001 is likely to become a world standard.

You can view a draft copy of ISO 45001 at the link provided.

4. Does my organisation need OHSAS 18001 or ISO 45001?

It is a sad fact that last year in the UK (2015/16):

  • 144 workers were killed at work,
  • 2,415 workers died prematurely due to a cancer caused by asbestos and,
  • 611,000 people were injured at work.

The international labour organisation say that worldwide there are more than:

  • 2.3 million deaths per year due to occupational accidents or disease – that is a worker dies EVERY 15 seconds and,
  • 10 workers have an accident EVERY second.

So, to answer the question ‘does my organisation need OHSAS 18001 or ISO 45001’ my reply is “a lot of organisations across the world clearly need help and you probably do too.”

Health and safety experts from across the world have been working on these standards so why not use their expertise.

Working safely uses total quality management principles and is all about doing the right thing, first time, on time, every time. However with OH&S you don’t usually get a second chance.

Working safely ALL the time is the key to success.

Well-run organisations have an accident rate of less than one per million man-hours worked – so, for the vast majority of the time they are doing a good job.

It’s a very small percentage of jobs that are causing the problem.

Have you noticed, when there has been a serious accident, there is something unusual going on – and you have thought “what a coincidence, weren’t they unlucky, chance in a million”.

It’s not just the routine situations that you need to manage it’s these unusual circumstances as well.

The only way to be right all of the time is to be systematic, thorough and constantly vigilant.

Not an easy thing to do when you’ve also got your products or services to think about.

Not to mention budgets – you have a limited amount of money to spend on OH&S.

Spend it wisely; spend too little and accidents will put you out of business. Spend too much and your competitors will put you out of business.

In some ways safety is like football.

You must produce products and services (score goals) but you must also stop accidents (prevent the opposing team from scoring goals).

If your main focus of attention is on attacking and scoring goals then you might score a lot of goals but you still lose the match because you failed to defend properly.

Health and safety incidents bring pain and suffering to the victim

If eliminating pain and suffering is not enough to motivate your organisation then consider the cost of accidents.

It has been estimated that, on average, failings in the way that health and safety is managed costs a country, 4% of Gross Domestic Product – every year; GDP is the value of ALL the goods and services produced.

OHSAS 18001 – soon to become ISO 45001, has evolved into what the experts say is the best way to manage health and safety.

I am not aware of a law that says you must follow a health and safety standard.

However, if you have a serious accident you will almost certainly be asked to explain how you allowed it to happen – that’s right – “how you allowed it to happen.”

And, if you have not taken reasonable precautions to prevent it, senior managers could be held accountable.

In 2007 the corporate manslaughter act became law in the UK.

Now organisations can be found guilty of serious management failures and held liable for gross negligence.

Fines have been hefty and, in a few cases, senior managers have gone to prison.

So, OHSAS 18001 or ISO 45001 is the way to stop pain and suffering, reduce waste and keep you out of prison; why would you not use them.

5. What do OHSAS 18001 and ISO 45001 contain?

Both OHSAS 18001 and ISO 45001 management systems are based on three principles.

OHSAS 18001 and ISO 45001 management system standards are based on three key principles: Plan Do Check Act, HEMP and integration with business activities.

A. Plan Do Check Act

The first is: plan, do, check and act – also known as the Deming cycle. This is a continuous quality improvement cycle.

To meet the requirements of both OHSAS 18001 and ISO 45001 one of your policy statements must declare that you will continually strive for improvements.

This is achieved by measuring how well you are doing and asking the question ‘how can I do it better’?

For more information about the Plan, Do, Check, Act cycle go to Mind Tools.

The Deming cycle: Plan Do Check Act is a continuous quality improvement cycle driven by leadership and commitment.

B. Identify Assess Control Recover

The second principle is HEMP – hazard and effect management procedure.

The steps are:

  • identify the hazard and how it could be released,
  • assess the risk,
  • identify ways to: a) control the hazards and the threats that release them and, b) defend the person or thing that could be harmed.
  • the final step assumes that your controls and defences have failed and the incident that you identified earlier has occurred. The question now is ‘what recovery measures should you put in place, in advance, to stop the situation becoming worse’.

HEMP - Hazard and effect management procedure - is a four-step process that is the basis for most risk management processes.

C. OH&S activities integrated into day to day business

The third principle is not a process but an acknowledgement that activities related to OH&S should be integrated into the on-going day-to-day business.

No one goes to work and says, ‘for the first part of the day I’ll do the safety stuff then I’ll move on to the stuff that makes the money’ – of course not.

OH&S is all about doing the stuff that makes the money in a safe way.

The following diagram shows the hierarchical nature of ISO 45001.

The hierarchy and relationships of elements within OHSAS 18001 & ISO 45001

A key requirement is the driving force to make it all happen i.e. leadership and commitment and the involvement of the workers.

Box number one in the above diagram impacts on all the other boxes.

Leadership and commitment involves everyone but the more senior the person the more influential their behaviour is.

It is extremely difficult for an organisation to perform well at OH&S without good leadership from the top.

Many organisations make a big mistake in relying too much on consultants when designing and implementing their management system.

You will learn a lot about your company when you write the OH&S management system – make sure it’s your people who do the learning.

Always keep in mind that the document describing your management system is only words on paper.

There is a world of difference between writing about your intentions and actually doing it – continuously.

The things that your workers do every day is the output from your OH&S system.

Their combined actions are the controls and defences that are managing risk.

That pristine book sitting in the OH&S directors office is just a book.

It can take years to move from a mediocre company, having the occasional incident, to a highly reliable organisation having almost zero incidents.

6. Why change from OHSAS 18001 to ISO 45001?

OHSAS 18001 is lacking in the following ways:

  • it is not a world standard.
  • there are about 40 variations in use.
  • the definition of terms and the document structure are not aligned with ISO 9001 – Quality and, ISO 14001 – Environment.
  • there is no specific requirement to involve society in the way the organisation manages risk.
  • insufficient emphasis is placed on leadership and commitment.
  • insufficient emphasis is placed on establishing lines of communication and consultation between managers and workforce.

Although OHSAS 18001 is widely used throughout the world there are about 40 different versions in use.

This has come about due to individual national standards organisations tailoring OHSAS 18001 to suite their particular circumstances.

Furthermore there are many countries where it has not been adopted.

Our attitude towards large organisations has changed over recent years due, in part, to the many man made major disasters.

We expect organisations to take into account the impact their actions could have on the environment and society in general and we expect to be involved with the decision making process.

ISO 45001 is better than OHSAS 18001 in meeting society’s expectations of how organisations should behave.

Labour unions are insisting that workers be more involved in the risk management process since the workers are the ones who:

  • work with the hazards,
  • have most of the accidents,
  • know what will work and what will not.
  • implement the controls.

In time, large organisations following ISO 45001 will insist on their suppliers following it also.

Once a critical number of organisations have adopted ISO 45001 there will be enormous pressure for others to follow.

Gradually more workers across the world will be better protected and gradually we will reduce the number of people being killed at work.

7. How does ISO 45001 differ from OHSAS 18001?

In 2012 ISO published annex SL – a standard for writing standards.

ISO 45001 follows annex SL – and so do the latest versions of ISO 9001 and ISO 14001.

ISO 45001 also has a revised glossary of terms and definitions.

These new definitions also apply to ISO 9001 quality standard and ISO 14001 environmental standard.

A common structure and common terms and definitions will make it easier to integrate all three management systems into a single: Quality / Safety / Environment system.

Many of the factors that determine whether an OH&S management system will be successful or not have been added to ISO 45001 (or made more prominent) such as:

  • Considering the context within which they are operating e.g. understanding the needs and expectations of the workers and other interested parties.
  • Demonstrating leadership and commitment.
  • Developing, promoting and maintaining a culture that supports the OH&S MS.
  • Promoting participation of workers.
  • Establishing processes for communication and consultation.
  • Allocating resources.
  • Recognising the nature of the organisations business and external factors that could have an impact.
  • Looking for opportunities rather than only dealing with risks.
  • Managing: change, outsourcing, procurement and contractors.

ISO 45001 will become the world standard for managing occupational health and safety.

8. When will ISO 45001 replace OHSAS 18001?

Writing a standard that is acceptable to most of the world is never going to be a quick job and ISO 45001 is no exception.

The original publication date for ISO 45001 was 2016 but it has slipped to 2017.

The project started in 2013 when it was agreed to use OHSAS 18001 as the starting point for the new ISO 45001.

Since then, many people have been consulted and lots of comments have been carefully considered – this takes time.

A timeline showing the development of ISO 45001 and it’s expected publication date.

Health and Safety at Work magazine reported that the some of the objections in the May 2016 vote were related to the way the standard was structured.

If you’d like to know more about how a standard is produced go to ISO.

OHSAS 18001 will still be recognised for three years after the introduction of ISO 45001 to give organisations time to switch over.

9. How can I use OHSAS 18001 and ISO 45001 to make changes now?

If you work for an organisation who are thinking about switching from OHSAS 18001 to ISO 45001 or adopting ISO 45001 you may wish to consider the following:

  • Introduce the new terms and definitions.
  • Follow the control of risk hierarchy given in the standard:
    • Eliminate the hazard.
    • Substitute with less hazardous material, processes, operations, or equipment.
    • Use engineering controls.
    • Use administrative controls.
    • Use personal protective equipment.

ISO 45001 regards personal protective equipment such as safety: helmet, gloves, glasses, shoes and hearing protection, as the lowest level of risk management controls.

  • Document how you manage the risks associated with the four processes specifically mentioned in ISO 45001:
    • Management of change.
    • Outsourcing.
    • Procurement.
    • Managing contractors.
  • Develop, lead and promote a culture in the organisation that supports the OH&S management system. A start for this might be:
    • Be mindful of OH&S risks – this could be achieved by
      • compile issues and hazard registers.
      • provide safety alerts, newsletters, notices.
      • make known the findings from incident investigations.
      • promote reporting of incidents.
    • Demonstrate leadership through measurable actions e.g.
      • Make site visits (schedule during working hours, talk to people, use a checklist).
      • Attend OH&S meetings.
      • Lead incident investigation teams.
      • Lead audit teams.
      • Seek feedback on how others see your performance as a leader.
    • Motivate, coach and develop workers.
      • Identify competences required.
      • Provide opportunities and on the job training.
      • Act as a role model.
    • Set OH&S targets and hold individuals accountable for their behaviour.
      • set OH&S targets in regular appraisals.
      • provide feedback.
    • Remove:
      • a) Rewards for non-compliance (e.g. allowing workers to go home once they finish the job).
      • b) Punishment for compliance (e.g. complaining if the job takes longer than expected or, not promoting the one who is always complaining about safety).
    • Consult workers in:
      • Determining how to apply legal requirements.
      • Determining applicable controls for outsourcing, procurement and contractors.
      • Determining what needs to be monitored, measured and evaluated.
      • Planning, establishing and implementing an audit programme.
      • Establishing a continual improvement process.

When it comes to promoting a positive attitude it is better to do it by deeds rather than words.

However, your deeds must be seen and, to be seen, you need to get out and about and engage with people.

Oil industry managers who never leave their offices are known as Olympic flames (never go out); need I say that this is regarded as a very negative habit.

ISO 45001 recognises the importance of management engagement with the workers in managing risks and this is best done face to face in the workplace.