ISO 45001 Awareness Training Programme

ISO 45001 AWARENESS
TRAINING PROGRAMME
OH&SMS – OCCUPATIONAL HEALTH &

SAFETY MANAGEMENT SYSTEMS
INTRODUCTION TO THE COURSE
After completion of this course, the learner will be able to:

 Explain the OH&SMS standard
 Define the fundamental concepts and terminology used in OH&SMS
 Summarize the systems involved in OH&SMS
 Explain who is responsible for developing the ISO 45001 standard
 Illustrate the timeline involved in the development of ISO 45001
 Discuss the compatibility of ISO 45001 with other standards
 Describe the timeline involved for migrating to ISO 45001
 List the benefits ISO 45001 can yield to businesses
 Outline the benefits ISO 45001 yields to managers and professionals
INTRODUCTION TO ISO 45001:2018
 ISO 45001 2018 is an occupational health and safety management standard. It defines a set of occupational health
and safety (OH&S) management requirements. These requirements can be found in the following sections:
o Context
o Leadership
o Planning
o Support
o Operations
o Evaluation
o Improvement
 The purpose of this standard is to help organizations to prevent work-related injury and ill-health and to provide a
safe and healthy workplace. According to ISO 45001, any organization can achieve these important objectives if it
establishes an OH&S management system (OHSMS) and if it continually tries to improve the suitability, adequacy,
and effectiveness of this system.
HISTORY OF ISO 45001
HISTORY OF ISO 45001
SCOPE OF ISO 45001
 ISO 45001 applies to all types of organizations. It doesn't matter what they do or what
size they are. It can help any organization to prevent work-related injury and ill-health
and to provide a safe and healthy workplace.
 According to ISO 45001 2018, your organization's OHSMS must meet every
requirement if you wish to claim that it complies with this occupational health and
safety management standard. However, how you choose to meet ISO's requirements,
and to what extent, will depend on and be influenced by many factors. It will depend
on your organization’s context, its structure, its activities, its objectives, its
compliance obligations, and its products and services and will be influenced by its
OH&S risks and opportunities. Consequently, OH&S management systems can vary
quite a bit.
HOW TO USE ISO 45001?
If you don't already have an OH&S management system (OHSMS), you can use this ISO 45001 2018
standard to establish one. And once you've established your OHSMS, you can use it to prevent work-related
injury and ill-health, to provide a safe and healthy workplace, and:
o To minimize OH&S risks.
o To eliminate OH&S hazards.
o To achieve OH&S objectives.
o To implement OH&S policies.
o To meet OH&S requirements.
o To investigate OH&S incidents.
o To pursue OH&S opportunities.
o To enhance OH&S performance.
o To respond to OH&S emergencies.
o To manage OH&S nonconformities.
According to ISO 45001, any organization can achieve these important objectives by establishing,
implementing, and maintaining an OHSMS.
COURSE OUTLINE
 Module 1 – Fundamentals of Occupational Health

and Safety Management Systems
 Module 2 – Requirements of an OH&SMS
 Module 3 – Performance Evaluations and
Improvement
 Module 4 – Course Assessment
MODULE 1 – FUNDAMENTALS OF OCCUPATIONAL HEALTH AND
SAFETY MANAGEMENT SYSTEMS
 Fundamentals of OH&SMS – Learning Outcomes

 Introduction to ISO 45001:2018 OH&SMS
 Publication of ISO 45001:2018
 Important Terminology in ISO 45001:2018
 Fundamentals of OH&SMS – Lesson Summary
MODULE 2 – REQUIREMENTS OF AN OH&SMS
 Requirements of an OH&SMS – Learning Outcomes

 Leadership and Organizational Context
 Managing Risk: Opportunities and Support Functions
 Operational Controls and Emergency Responses
 Requirements of an OH&SMS – Lesson Summary
MODULE 3 – PERFORMANCE EVALUATIONS AND IMPROVEMENT
 Performance Evaluations and Improvement –

Learning Outcomes
 Monitoring, Measurement and Analysis
 Internal Audits and Management Reviews
 Continuous Improvement
 Performance Evaluations and Improvement – Lesson
Summary
MODULE 1 – FUNDAMENTALS OF OCCUPATIONAL
HEALTH AND SAFETY MANAGEMENT SYSTEMS
FUNDAMENTALS OF OH&SMS – LEARNING OUTCOMES
After completing this module, you will be able to:

 Explain the OH&SMS standard
 Define the fundamental concepts and terminology used in OH&SMS
 Summarize the systems involved in OH&SMS
 Explain who is responsible for developing the ISO 45001 standard
 Illustrate the timeline involved in the development of ISO 45001
 Discuss the compatibility of ISO 45001 with other standards
 Describe the timeline involved for migrating to ISO 45001
 List the benefits ISO 45001 can yield to businesses
 Outline the benefits ISO 45001 yields to managers and professionals
WHAT IS OHSMS?
 An Occupational Health and Safety Management System (OH&SMS), is a

collaborative and systematic approach to effectively managing occupational health
and safety risks.
 OH&SMS helps companies to improve their occupational health and safety
performance continually. Moreover OH&SMS provides a framework for companies
to comply with health and safety ordinances, regulations, state laws and compliance
obligations.
GOALS
OH&SMS systems primarily direct organizations in the following ways:

 Identify occupational health and safety hazards.
 Examine the risks associated with the identified hazards.
 Establish controls to minimize the risks.
 Define goals for health and safety performance.
 Create a plan to achieve the goals.
 Monitor performance against the targets and goals.
 Report performance results.
 Review OHSMS results and continuously improve.
STANDARDS
National standards used for implementing OH&SMS, before the introduction of ISO
45001:2018 include:
 BS OHSAS 18001
 ANSI/AIHA Z10
 CSA Z1000
BS OHSAS 18001
 BS OHSAS 18001 (Occupational Health & Safety Assessment Series) is a globally recognized British
Standard for occupational health and safety management systems. Its purpose is to assist different types
of organizations who endeavor to perform well in aspects of occupational health and safety.
 Companies worldwide recognize the need to monitor and enhance their health and safety performance.
To do so, they need to implement an occupational health and safety management system (OH&SMS).
 OHSAS 18001 helps companies to develop a healthy and safe working environment, by providing a
framework to achieve the following:
 Determine health and safety risks and minimize them to an acceptable level
 Minimize the likelihood of accidents
 Establish a framework to assess legal compliance
 Improve overall health and safety performance
ANSI/AIHA Z10
 ANSI is the American National Institute standard. The American Industrial Hygiene Association
(AIHA) serves as its Secretariat. The Accredited Standards Committee, Z10, approved the standard
in 1999.
 The standard’s scope is “minimum requirements of occupational health and safety management
systems”.
 The standard’s purpose is “[as a] Management tool to minimize the risk of illnesses, injury and
fatalities in the workplace.”
 The application of the standard includes organizations of all types and sizes, including contractors.
 While making the standard, the Z10 Committee adopted inputs from OSHA, US industry, ISO Quality
and environmental systems and the International Labor Organization.
CSA Z1000-06
 The Canadian Standard Association (CSA), published a standard for Occupational Health and
Safety Management Systems in 2006, known as CSA Z1000-6. This standard lays out the
conditions for the creation, enforcement and improvement of a Health and Safety Management
System.
 The elements are like those outlined in other management systems and include the following:
 Management Commitment and Participation
 Health and Safety Planning
 Implementation of Controls
 Performance Evaluation
 Management Review
 Continuous Improvement
REQUIREMENTS
 The need for a globally recognized standard for occupational health and safety
management systems, has always been felt. Professionals have had the ISO 9001 - quality
management system and ISO 14001 - environmental management system, since the early
2000s. However different systems for occupational health and safety, were being followed
in different countries.
 Experts claim that the development of the new ISO 45001 OHSMS standard, is well
timed, because it matches the recent publication of the newly revised ISO 9001:2015
(quality management system) and the ISO 14001:2015 (environmental management
system). Both employ a risk-based structure.
 The shared common requirements of the three most widely used international standards,
should empower organizations to incorporate them more easily into their organizational
processes.
OHSAS 18001:2007
 OHSAS 18001:2007 has been the most important standard for occupational health and safety
management systems and has been adopted by many companies, operating in countries other than the
UK. Since it has been employed and observed in multiple organizations, it is important to compare the
two standards (OHSAS 18001 and ISO 45001). This will serve as an aid, to help organizations
transition.
 What are the major differences between OHSAS 18001 and ISO 45001? The primary difference is
that ISO 45001 focuses on the interface of an organization and its business environment: OHSAS
18001 concentrates on managing OH&S hazards and internal issues. However, the standards differ in
other ways.
HISTORY
 ISO 45001 was initially created on 25th October 2013. The committee responsible for
its development is known as ISO/PC 283. It is estimated that a minimum of seventy
countries worked on the drafting process of its development.
 Planning the standard and the drafting of issues continued until December 2015. From
this period until the first draft of its development in 2017, it failed to achieve adequate
support from ISO members. In 2017, a revised second draft was approved, and this
was made into the final draft. The standard was published on 12 March 2018.
PDCA – PLAN
 The ISO 45001 standard comprises the Plan-Do-Check-Act (PDCA) model. This
model offers a mechanism for organizations to plan what they require, to mitigate the
probability of OH&S damages.
 The “Plan” part of the model should reflect concerns relating to health problems in
the long term and absenteeism at work. The measures used, should address the factors
that contribute to accidents at work.
 For instance, many workers undergo stress, which is classed as a psycho-social risk.
Stress is one of the main problems at work in the current economy. Plans can also
include measures to deal with stress management.
PDCA – DO
 The ISO 45001 standard directs top management to "own" the workplace and the
hazards associated with it. Top management must prove their commitment through
leadership, to make sure that workers have the sufficient skills, knowledge, and
expertise.
 Moreover, top management should put in place effective controls in the “Do” phase
of the PDCA model; these are known as operational controls. Encouraging workers'
participation and advice is necessary, in order to be able to enforce better
occupational health and safety measures.
PDCA – CHECK
 The “Check” part of the PDCA model, lists all the main constituents that
should be resolved, to make sure that the system is operational. This
includes opportunities for enhancement and improvement in the “Act”
phase.
PDCA – ACT
 The “Act” part of the PDCA model is the improvement part of the

process and is referred to, in the standard, as “Continual Improvement”.
 It is a recurring activity that needs to be maintained, in order to enhance
performance.
MIGRATION
 Companies need to migrate from OHSAS 18001 to ISO 45001. As part of this migration, numerous
steps must be followed, in order to upgrade the existing management system to the new standard. The
following sequence is recommended:
 Analyze interested parties (i.e. individuals or organizations that can influence or be influenced by your
organization’s activities). Moreover, analyze internal and external factors that might influence the
organization’s business; then check how the risks can be managed with the help of the management
system.
 Recognize the scope of the system, while reflecting what your management system is bound to deliver.
 Utilize the data and information to institute the organization’s processes, for risk evaluation and
assessment and to develop the key performance indicators (KPIs) for the organization’s activities.
 Once the organization has resolved the knowledge and tools of OHSAS 18001, the organization can
re-utilize most of what it already has, in the new management system. Thus, even if the approaches of
the two management systems are different, the fundamental tools are identical.
FEATURES
 What is new in ISO 45001, compared with other Occupational Health and Safety (OHS)
standards? How will its migration influence small and medium-sized enterprises
(SMEs)? The short answer is a preventive approach is upgraded with risk-based
thinking.
 Risk-based thinking, to manage health and safety risks and opportunities in ISO 45001 is
not new, nor does it contradict earlier OHS standards. However, the preventive action of
the management system is upgraded with a risk management approach.
 The Focus is the workplace. The standard does not interact with products or product
quality, or how they should be utilized or sustained. The focal point of the ISO 45001
standard is the workplace. There is a requirement to list significant hazards in the
workplace, in order to eradicate or mitigate them.
PROACTIVE
 Organizations need to be proactive. In a rapidly growing and creative world, the

requirement is felt for organizations to be proactive rather than reactive.
Organizations should foresee actions, instead of waiting for regulations and codes of
practice to be instituted.
 Most organizations are small or medium-sized enterprises and ISO 45001 is
applicable to them, just as it is to larger enterprises. The easy-to-follow risk-oriented
approach in ISO 45001 is highly implementable for SMEs and is well matched with
the approaches used in OHSAS 18001.
CERTIFICATION
 It is expected that many organizations will employ ISO 45001 to build an effective occupational health
and safety management system. In addition, significant numbers of organizations will want to receive
the recognition that comes with having ISO 45001 certification. Certification exhibits to external
parties that an organization has attained compliance with a standard.
 The potential dividends of implementing the ISO 45001 OHSMS is enormous, if the standard is
implemented effectively. The standard mandates that Occupational Health and Safety risks in an
organization, be identified and managed. For the risk management approach to be effective, it is
important that the system is continually improved, to surpass the organization’s ever-changing
objectives.
 The enforcement of the standard ensures compliance with current legislation. The activities envisioned
by the ISO 45001 standard can help to develop an organization’s reputation as a “safe place to work”.
There are many advantages, ranging from minimizing insurance costs to elevating workers’ morale,
together with the improved ability to meet the organization’s strategic targets.
ADVANTAGES
 How will the new ISO 45001 standard perform for users of, for example OHSAS
18001? It is expected that users of OHSMS standards, such as OHSAS 18001 and
the ILO-OSH Guidelines, will easily be able to take up ISO 45001, as it does not
contradict these standards. In addition, ISO 45001 empowers organizations with the
opportunity of incorporating OHSMS into their integrated business processes.
 The advantages of implementing ISO 45001, aside from the fact that it is now the
accepted new international standard by consensus, is that it will naturally integrate
with earlier management approaches, especially in the area of business risks. It will
thus act as an added advantage to SMEs, when opting to have more than one standard.
ILLNESS AND INJURY
 The awaited international standard for occupational health and safety management systems (OH&SMS), is
envisioned to modify workplace practices globally.
 ISO 45001:2018 OH&SMS, offers a vigorous and effective set of processes, for improving work safety in global
supply chains.
 The standard is designed to help organizations and industries of all sizes. It is also expected to reduce workplace
injuries and illnesses globally.
 The International Labor Organization (ILO) calculated workplace injuries and fatalities in 2017. According to the
ILO data, 2.78 million fatal accidents happen at workplaces annually. In other words, seven thousand, seven
hundred people die each day because of work-related illness and injury.
 Moreover, there are approx. 374 million incidents of non-fatal, work-related illness and damage each year. Most of
these incidents cause loss-of-time injuries, meaning absenteeism from work. These facts are a sober reflection of
the contemporary reality of workplace damage and illness. Moreover, people and businesses run the risk of
experiencing illness and damage, as a consequence of merely doing their job to earn a living.
SOLUTION
 Is ISO 45001 the answer to the problem of occupation health and safety performance
globally? ISO 45001 is expected to change the situation by empowering companies to
perform better. It offers legislative and regulatory bodies, industry and other
interested parties, practical management solutions for ensuring worker safety across
all industries.
 The recognized ISO standardization framework can be utilized to promote better
health and safety conditions. Moreover, it is a practical solution for original
equipment manufacturers, contractual partners, and production houses. This
management system can assist everyone to achieve a safer workplace, irrespective of
their nationality and regional dynamics.
INTERNATIONAL
 What makes ISO 45001 internationally important? International experts and writers

worked together to produce the standard. It is the result of a close collaboration from
contributors from more than seventy nation states.
 As discussed, the ISO 45001 OH&SMS has been produced by the ISO
committee ISO/PC 283. Also, the British Standards Institution (BSI) served as the
committee’s secretariat for the development of the standard.
SUITABILITY
 Why is ISO 45001 better than OHSAS 18001? ISO 45001 was developed in
collaboration with other ISO management systems.
 Developers tried to ensure it is an easy-to-use framework, compatible with the latest
versions of the ISO 9001 QMS and the ISO 14001 EMS. Companies who have
already implemented other ISO standards, will find it easy to implement ISO 45001.
SUBSTITUTING OHSAS 18001
 ISO 45001 works as a substitute for OHSAS 18001, the world’s most widely used
reference for occupational health and safety standards.
 Companies already compliant with and certified by OHSAS 18001, will have a 3-
year migration period to comply with the new ISO 45001 standard. However,
certification is not a requirement of the ISO 45001 standard.
GAP ANALYSIS
 If your organization is currently using the OHSAS 18001 standard, migrating to ISO

45001:2018 is a beneficial solution, as multiple clause requirements of ISO
45001:2018 are equivalent or analogous. Note however, that clauses may utilize
different terminology or be arranged in a different order.
GUIDE TO EXISTING OHSAS 18001 USERS
 Get a copy of the standard from the ISO Store at: www.iso.org/iso/iso45001 or from
your national ISO representative.
 Examine the changes in the standard or use the comparative matrix in this course as a
free resource.
 Conduct a 'gaps analysis' between ISO 45001 and your current OHSAS 18001
system.
 Apply the necessary actions to fill any identified gaps.
EMPLOYEE PARTICIPATION
 The internal and external issues of organizations need to be addressed, in a business

context analysis perspective, with occupational health and safety in mind, as
per Clause 4.1 of the ISO 45001:2018 standard. This mandates the company to
recognize systematically and study the various issues which effect their business
operations, as well as the management system.
 Clause 4.2 focuses on the need for organizations to address workers’ needs and
expectations, as well as the needs and expectations of other effected parties, in the
matter of workplace health and safety. The company is required to address these
issues through a verifiable occupational health and safety management
system. Clause 4.3 relates to scope. Unlike in OHSAS 18001, scope should only be
defined when clauses 4.1 and 4.2 have been adequately addressed.
RESPONSIBILITY
 Like ISO 9001 and ISO 14001, there is a high stress in ISO 45001:2018, on the
responsibility top management has, to enforce consultation with and participation
from workers, as per clause 5.2. In addition, top management must encourage
workplace safety and employee health and monitor health and safety performance,
ensuring the effectiveness of the OHSMS.
 Organizational leadership is accountable for developing health and safety policy.
Moreover, policy should be agreed with the organization's labor union representatives
and health and safety personnel, where applicable. As per clause 5.3 of the standard,
all roles, responsibilities, and authorities must be properly defined, communicated,
and documented. However, the accountability of top management for the overall
OHSMS system cannot be delegated.
PARTICIPATION
 Clause 5.4 of the ISO 45001:2018 OH&SMS, is a much-improved clause, compared

with OHSAS 18001. It documents information related to assisting the participation,
involvement, and communication of all workers, at every level in an organization,
with the occupational health and safety management system.
 Many organizations do not have a management representative or a health and safety
representative. If there is no union representative in an organization, the ISO
45001:2018 OH&SMS standard will not mandate this on companies. However top
management must ensure worker participation and consultation by other means.
DOCUMENTATION
 Clause 6.2 of ISO 45001:2018, deals with incentives for organizational improvement and performance
evaluation (see also clause 9.1.1). Clauses 7.1 to 7.5, deal with various organizational support
functions, including the availability of resources, the competency of workers to perform work safely,
health and safety awareness of workers, visitors and contractors, health and safety communication and
the requirements for documenting information.
 Important points relating to support requirements:
 Communications are evaluated for their effectiveness.
 Employee awareness includes policies, hazardous risks, employees/contractor’s role re. health and safety
performance (e.g. the awareness to remove oneself from ‘danger’).
 The documentation of information is like ISO 9001 and ISO 14001. This encompasses how an organization
creates, maintains, and retains information that is compulsory for the OH&SMS.
PROVISIONS
 Clauses 8.1 to 8.2, deal with organizational operations, preparedness planning, identifying
risk and hazards, controls, and emergency situations. Risks and hazards should be addressed
by implementing a hierarchy of controls. The management of change and operational
modifications is described in clause 8.1.3. This includes managing instruments,
circumstances, employees, obligations, legal issues, and compliance.
 What would be the impact to your organizational reputation, if one of your suppliers or
contractors was involved in a major occupational health and safety incident? ISO 45001
requires organizations to analyze risks associated with an organization’s reputation.
 Procurement and outsourcing are covered in the new standard, whereby it is required to
scrutinize purchased goods and services, in relation to health and safety requirements. In
addition, there is an improved requirement relating to the health and safety of contractors,
regarding the requirement to ensure a safe and healthy work environment.
ADDITIONS
ISO 45001:2018, Clause 9, includes enhanced and extended evaluation of performance,

compared with the British OHSAS 18001 standard:
 Compliance evaluation has been extended to incorporate the means and regularity of
evaluation; the organization is required to maintain knowledge and awareness of the
organization's compliance.
 Internal audit results need to be discussed with workers.
 The management review clause has improved the inputs and requirements of OHSAS
18001. It has added risks and opportunities, improvements, communications,
management system effectiveness and the issues of interested parties.
RISK PREVENTION
 ISO 45001:2018 Clause 10, removes the linguistic reference to ‘preventive’ action, as it is
already covered in the risk management phase. Organizations must deal with incidents,
correct the problem, investigate the root cause, and take corrective action. The corrective
action is then evaluated to check its effectiveness.
 The organization is required to show that it has implemented the values of risk management
and continual improvement through root cause investigation, in-depth analysis, modified risk
analysis and required operations. Organizations must be able to prove that they are using the
outputs from performance analysis and evaluation, to recognize and resolve gaps and
opportunities.
RISKS AND OPPORTUNITIES
 In clauses 6.1.1, 6.1.2.3 and 6.1.4, organizations need to identify significant risks and
opportunities concerned with the factors of the organization’s context, as referenced
in clauses 4.1 and 4.2.
 These risks and opportunities need to be identified and considered and action needs to
be taken to optimize performance. Risk management concerns not just hazards, but
also internal and external issues and the needs and expectations of interested parties.
 All these factors together influence the capability of the management system to yield
its intended results i.e. improved health and safety performance at work.
INTERESTED PARTIES
 This term is defined as a “person or organization

that can affect, be affected by, or perceive to be
affected by a [organization's] decision or activity.”
 Interested party is an important inclusion in the
ISO 45001:2018 standard. It was not considered as
much in OHSAS 18001:2007. The term is defined
in clause 3.2. It is also referred to as "stakeholder"
in the standard.
 Examples of Interested parties regarding
occupational health and safety management
systems are employees, management and
shareholders, external parties, contractors and
service providers, manufacturing partners,
government and legislative bodies, pressure
groups, neighbors, trade unions, company insurers.
WORKERS
 Worker - The ISO 45001 standard defines the term “worker” (clause 3.3), as a “person performing
work or work-related activities, that are under the control of the organization”.
 The concept of 'worker' in the standard, is different to that which is perceived in certain industries. The
term worker, in the standard, includes top management, managerial and non-managerial staff. This
term incorporates the following:
 Workers from external providers
 Contractors
 Individuals
 Agency workers
 Other persons involved in work-related activities
CONSULTATION
 Consultation is defined in clause 3.5 of the ISO 45001 standard as
“Seeking views before making a decision”. Consultation includes
engaging with health and safety committees and workers’
representatives in the decision-making process and the consideration of
workers’ views. It is related to the terminology of participation, but is
limited to obtaining the views of workers, before making decisions. It is
not necessary that workers' views become the major factor in the
decision-making process; however, they should have merit. In the
participation part of the standard, workers are an integral part of the
decision-making process.
 Consultation is also a style of management - a consultative style of
management, in which there is less liberty and involvement of
stakeholders, compared to a democratic style. However, the
consultative style offers more liberty than the autocratic style of
management, in which top management directs what is to be done,
without consulting others. A consultative style of management is
considered a more "balanced approach" by many experts, compared
with the autocratic and democratic styles of management.
PARTICIPATION
 Participation is a term defined in clause 3.4 of the ISO 45001
standard, as “involvement in decision making”, regarding the
occupational health and safety management system. It includes
the involvement of health and safety committees and workers’
representatives, or by other parties in the organization.
 The involvement of workers and staff in decisions, is part of the
ownership of the health and safety management system.
Participation is different from consultation. In the former, workers
are part of the decision-making process; in the latter workers'
views are welcomed and considered but are not necessarily a
deciding factor. In consultation, management considers workers'
views based on their merit.
 Participation is a democratic style of management, where opinions
are directly involved in the decision-making process. This means
a more empowered role for workers in the management system,
giving workers an increased level of ownership and involvement.
CONTRACTORS
 ISO 45001:2018 defines contractor in clause 3.7 as “[an] external organization

providing services in accordance with agreed specifications, terms and conditions”.
The standard further says that services also include activities related to construction.
A contractor is also an interested party in the organization’s management system.
 There are two types of 'organizational circles', about an organization's control over
contractors - a 'circle of control' and a 'circle of influence'. In a circle of control, all
contractors’ work is the responsibility of the organization. In a circle of influence, the
organization influences contractors to work safely and according to certain protocols.
CONTRACTS
 A contractor working at the premises of an organization, has to follow all health and
safety related operational controls, as developed by the organization. However, a
contractor doing work outside an organization's premises, will be influenced to take
certain measures, in order to control the health and safety levels at another location.
 The selection process for contractors, should consider their health and safety
performance record, in addition to the quality of services they provide. It is also
pertinent that the terms relating to an organization's health and safety management
system, should be incorporated into the terms and conditions of the contract made
with contractors. This will create a contractual binding for compliance.
WORKPLACE
 Workplace is defined in the ISO 45001:2018 standard as “[a] place under the control of
the organization, where a person needs to be, or to go, for work purposes.”
 Workplace is a physical entity with a defined periphery. Large organizations with large
workplaces, usually employ area managers who have responsibility for certain areas.
The scope of an organization’s occupational health and safety management system is
validated by site visits to the workplace.
 The organization's responsibility for the workplace, is dependent on the level of control
that the organization has. If the management area of an organization has direct control,
then the workplace is under the control of the organization. If the workplace is at a
contractor's premises, then the organization can influence the workplace, but it cannot
control it.
HIRA
 ISO 45001 defines the term hazard, as a “source with a potential to cause injury and
ill health”. Hazards can include sources with the potential to cause harm, or
hazardous situations.
 They can also include circumstances that have the potential of exposure, leading to
injury and ill health. Hazards exist, due to unsafe work conditions and unsafe work
practices.
 Unsafe conditions pose a direct source of potential harm. An unsafe act also creates a
situation where injury or damage is possible. ISO 45001 mandates that organizations
carry out hazard identification and risk analysis of the workplace. Together, the
process is known as hazard identification and risk assessment (HIRA).
HEALTH AND INJURY
 ISO 45001 defines injury and ill health as “adverse effect on the physical, mental or
cognitive condition of a person”. These adverse effects include occupational disease,
illness, and death. When we say occupational disease or occupational illness, it means
that the illness or disease is related to, or a consequence of work-related activity.
 The term “injury and ill health”, implies the presence of injury or ill health, either
separately or in combination. The occupational health and safety management
system’s focus is to prevent injury and ill health at work. Recording incidents of
injury and ill health at work, is part of the performance monitoring criteria of the
OH&SMS. Successful organizations aim to achieve zero occupational injury and ill
health at work, as their primary OH&S objective.
OBJECTIVES
 ISO 45001 defines the term OH&S objective as “set by the
organization to achieve specific results consistent with the
OH&S policy”. It means that the targets are set in the form of
objectives and that the objectives are consistent with the policies
of the occupational health and safety management system.
 Objectives are made so that specific results can be obtained
from the activities that are taken to achieve them. Objectives are
usually based on the S.M.A.R.T concept, i.e. specific,
measurable, achievable, realistic and time bound.
 If objectives are made using SMART principles, it is likely that
an organization will achieve its targets. Also, it will be easier for
people to follow the procedures and to complete activities that
are defined in the objectives. Examples of OH&S objectives
include: zero accidents, reduction in loss-of-time injuries,
increase in safe working hours, decrease in the number of
reports of unsafe acts and unsafe conditions.
RISK
 ISO 45001 defines the term risk as “the effect of uncertainty”. The
standard further explains that the effect is a deviation from the
expected. This effect can be positive or negative. Uncertainty is a state
of deficiency of information relating to the understanding or knowledge
of an event, its consequences, or its likelihood. Risk is often
characterized by reference to potential “events” and “consequences”, or
a combination of these.
 Risk is often expressed in terms of a combination of the severity and
consequences of an event (including changes in realities) and likelihood
or occurrence. Therefore, risk is commonly a multiple of severity and
occurrence (Risk = Severity x Occurrence). The joint terminology of
“risks and opportunities” is used in ISO 45001.
OH&S RISKS
 ISO 45001 defines Occupational Health and Safety (OH&S) Risk, as the “combination of
the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and the
severity of injury and ill health, that can be caused by the event(s) or exposure(s)”.
 This means OH&S risk is a risk related to hazards in the workplace, as opposed to business
and financial risks. The standard specifically defines OH&S risks as the combination of
probability of occurrence and the severity of the hazard.
 Occurrence is the frequency of the event that is expected. Severity is the impact of the
hazard when or if it occurs. Severity, from an OH&S perspective, can be fatal, a disability, a
first aid case, or a near miss. Organizations must bear the financial and reputational losses
resulting from incidents where they must compensate workers for loss.
INCIDENTS & ACCIDENTS
 ISO 45001 defines the term incident as “occurrence arising out of, or in the course of,
work that could or does result in injury and ill health”. Examples of incidents are
accidents and near-miss reports. An incident where injury or ill health occurs is
referred to as an accident.
 Within accidents there are: fatalities, disabilities, asset damage, first aid cases and
injuries etc. An incident where no injury or ill health occurs, can be referred to as a
“near-miss”, “near-hit” or “close call”. Although there may be nonconformity related
to an incident, incidents can occur where there is no nonconformity.
MODULE 1 – SUMMARY
 Occupational Health and Safety Management Systems help companies to improve their occupational health and
safety performance continually.
 Some of the national standards for implementing OH&SMS systems, prior to ISO 45001:2018 have been: BS
OHSAS 18001; ANSI/AIHA Z10 and CSA Z1000.
 The BS OHSAS 18001, Occupational Health & Safety Assessment Series, is a globally recognized British
Standard for occupational health and safety management systems.
 ANSI stands for the American National Standards Institute. The Accredited Standards Committee “Z10” approved
the standard in 1999.
 The Canadian Standards Association (CSA), published a standard for Occupational Health and Safety
Management Systems, in 2006, known as CSA Z1000-6.
 The ISO 45001 standard matches closely with the newly revised ISO 9001:2015 quality management system and
the ISO 14001:2015 environmental management system. Both similarly employ a risk-based structure.
 The committee responsible for the development of the ISO 45001 standard is known as ISO/PC 283.
 Experts from approximately seventy countries, collaborated on the drafting of ISO 45001.
 The British Standards Institution (BSI), served as the committee’s secretariat for the development of ISO 45001.
 ISO 45001 incorporates a Plan-Do-Check-Act (PDCA) model. This is a mechanism for organizations to plan what
they require, in order to mitigate the probability of OH&S damages.
 Companies need to migrate from OHSAS 18001 to ISO 45001 within three years after publication of ISO 45001
(March 2018).
 Brief comparison between the ISO 45001 and OHSAS 18001 standards: ISO 45001 uses a process-based
approach > OHSAS 18001 uses a procedure-based approach; ISO 45001 uses a risk-based approach > OHSAS
18001 uses a preventive approach; ISO 45001 incorporates both risks and opportunities > OHSAS 18001
considers risk only; ISO 45001 incorporates the views of interested parties > OHSAS 18001 does not include the
views of interested parties.
 In a rapidly growing and creative world, the requirement is felt for organizations to be proactive in the area of
occupational health and safety management, rather than reactive. ISO 45001 provides such a framework.
 Most organizations are small to medium-sized enterprises. ISO 45001 is applicable to those, as well as to larger
enterprises.
 Most organizations will benefit from ISO 45001 and significant numbers will welcome the recognition that comes
with ISO 45001 certification.
 The users of existing OH&SMS, such as OHSAS 18001 and the ILO-OSH Guidelines, will easily be able to
implement ISO 45001, as it does not contradict these standards.
 The ISO 45001:2018 OH&SMS, offers a vigorous set of processes for improving workplace safety in the area of
global supply chains.
 The new ISO 45001:2018 international standard, when implemented, is expected to reduce workplace injuries and
illness significantly around the world.
 According to ILO statistics (2017), 2.78 million fatal accidents occur in the workplace each year. In addition, there are approx.
374 million non-deadly incidents of work-related damage and illness each year. Most of these incidents involve loss-of-time
injuries, meaning absenteeism from work, loss of productivity and loss of revenue.
 According to the ISO 45001:2018 standard, the ultimate accountability of top management for the OH&SMS cannot be
delegated.
 The support functions listed in clauses 7.1 to 7.5 of ISO 45001:2018, include: availability of sufficient resources; competency of
workers to perform work safely, the necessary awareness of workers, visitors and contractors regarding occupational health and
safety; sufficient communication; documentation of information.
 Clauses 8.1 to 8.2, deal with operational planning and controls; emergency situations; cases of failure and the development of
preparedness plans by organizations.
 Clause 9 in ISO 45001 deals with performance evaluation, similar to that contained in the British standard OHSAS 18001.
 The linguistic reference to ‘preventive’ action in OHSAS 18001, has been removed from clause 10 in ISO 45001, as it is already
considered in the risk management phase.
 Risk should not only be managed for hazards, but also for internal and external issues, including the needs and expectations of
'interested parties'.
MODULE 2 – REQUIREMENTS OF AN OCCUPATIONAL
HEALTH AND SAFETY MANAGEMENT SYSTEM
MODULE 2 – LEARNING OUTCOMES

 List the expectations top management has in a OH&SMS.
 Describe how best to manage health and safety risks.
 Explain how support functions affect an organization's performance.
 Define what operational controls are.
 Summarize how organizations enforce operational controls.
 Discuss what an emergency response is and how organizations are required to plan for
emergency situations.
LEADERSHIP ROLES AND RESPONSIBILITIES
What is a leadership role and how is it mandated in the ISO 45001:2018 standard?
Top management must ensure leadership roles and exhibit commitment towards the OH&SMS by:
 Owning responsibility and accountability for avoiding work-based injuries and illness; provide a safe
and healthy work environment and processes.
 Making sure that the OH&S policy objectives are identified and relate to the strategy of the company.
 Making sure the OH&SMS integrates into the business processes of the organization.
 Ensuring the availability of the resources required to develop, apply, sustain, and enhance the
OH&SMS.
 Communicating the significance of the implementation of the OH&SMS and compliance to the
standard.
 Ensuring the OH&SMS attains its intended results.
LEADERSHIP ROLES AND RESPONSIBILITIES
 Guiding and empowering workers to play their role in the sustenance of the OH&SMS.
 Ensuring and encouraging continuous improvement.
 Empowering other management to prove their leadership in the areas they lead.
 Establishing, leading, and encouraging an organizational culture that assists the desired results of the
OH&SMS to succeed.
 Safeguarding workers from retaliation or reprisals, when it comes to reporting accidents, unsafe
conditions, hazards, risks, and areas for improvement.
 Ensuring that the organization develops and applies processes for discussion and the participation of
workers.
 Empowering the development and operation of health and safety committees.
OH&SMS POLICY
Who is responsible for establishing, implementing, and maintaining the OH&SMS policy? Top management i.e. the
leadership of the organization must develop, apply, and sustain this policy, which should have the following elements:
 A commitment to offer a safe and healthy working environment. The commitment should ensure that work-based
accidents and illnesses are avoided. The policy should be relevant to the objectives, size and business context of
the organization and the nature of the health and safety risks that exist.
 A framework for setting out the health and safety objectives.
 A commitment to meet legal and other requirements.
 A commitment to eliminate hazards and reduce risks.
 A commitment to the continuous improvement of the OH&SMS.
 A commitment to consultation and participation. The policy should encourage discussion and the involvement of
workers/bodies representing workers and managers.
COMPONENTS
The organization's health and safety management policy should ensure the following:
 The policy must be controlled and documented.
 It must be communicated throughout all levels of the organization.
 It should be suitable, applicable, and available to all interested parties.
REPRESENTATION
 Worker representation in the OH&SMS steering committee, can be a source of

participation and consultation for workers.
 Hurdles and barriers to staff participation can involve the inability to address inputs
and opinions, language barriers and dangers of retaliation or reprisals for "speaking
up".
TRAINING
Delivering training to staff, can break major barriers to worker participation. The participation of non-managerial
employees can involve the following:
 Identifying hazards and assessing risks and opportunities.
 Identifying the procedures for consultation and participation.
 Identify actions that can eliminate hazards and reduce health and safety risks.
 Identify training and competence requirements and evaluate training.
 Identify communications issues and methods.
 Investigate incidents and non-conformities.
 Identify control measures and their effective applications.
BUSINESS CONTEXT
The business context for the OH&SMS (ISO 45001:2018, clause 4.1) involves the following:
 Understanding the company and its business context.
 Management must identify internal and external issues that are applicable to the OH&SMS.
 Highlight issues that have affected, or may affect, the organization's ability to successfully implement the
OH&SMS.
INTERNAL ISSUES
Collaboration between businesses has developed in the last two decades, with the advancement of the internet and
business without borders. Health and safety concerns have developed too, and management has wider-reaching issues
to consider, when planning an OH&SMS. Some internal issues include:
 The competence and diversity of the organization’s workforce.
 The commitment of workers regarding health and safety regulations.
 The readiness to collaborate with declared specifications.
 The organization’s communication channels and their significance.
EXTERNAL FACTORS
External factors are issues that are outside an organization, but that influence its business and operations. Some of
these are summarized below:
 Legislation and regional laws.
 Economic and political situation.
 Union rules.
 National and international agencies.
 Documenting the business context, for auditors and other stakeholders, with respect to external parameters, is
recommended.
COMPLIANCE
 Compliance with applicable H&S laws and regulations, protects businesses from legal and other financial
penalties.
 Moreover, the well-being of an organization’s workers is the first and foremost objective. Making sure operations
are safe, improves the quality of goods and services that can be provided.
 The latest discoveries and research with regard to contemporary illness, e.g. recurring stress, strains, and
depression, demonstrates that adhering to OH&S legislation improves performance.
INVOLVEMENT
It is important to involve the viewpoints of interested parties when formulating an OH&SMS. Some common interested
parties include:
 Employees/workers
 Management and shareholders - they are also connected to strategic business decisions
 External providers, contractors, and vendors
 Manufacturing and business partners
 Government, regulatory and legislative bodies – in many cases these have authority over organizations
 Pressure groups, neighbors, trade unions – especially in the case of e.g. nuclear power/chemical/hazardous facilities
 An organization’s insurers - an OH&SMS may significantly affect premiums
HAZARD AND RISK ANALYSIS
 When planning the OH&SMS, management must consider the issues and requirements from a business context,
i.e. internal and external factors, and those of interested parties. This constitutes the scope of the OH&SMS.
 Through the planning processes, management must identify and examine the risks and opportunities associated
with the OH&SMS and the structural changes involved. Management must document the information concerning
the processes and measures needed to identify and address the risks and opportunities involved. A long- and short-
term risk and opportunities assessment must be undertaken before change is applied.
HAZARDS
 Hazard identification is referred to in clause 6.1. Top management, or its delegated personnel, must develop,
apply, and carry out pre-emptive and ongoing processes for hazard identification.
 These processes must consider how work is managed, considering the following factors:
 Workload; Work hours; Victimization; Harassment and bullying; Leadership and culture.
HAZARD IDENTIFICATION
Hazard identification processes must also consider hazards that arise from routine and non-routine activities,
including the following:
 Infrastructure, machinery, supplies, physical job areas
 Design of services and products, manufacturing, assembly, erection, service distribution, maintenance, product,
and waste disposal
 Work methodology
HIRA: PERSONNEL
Hazard identification and the assessment of risks and opportunities, involves personnel in the workplace, including:
 Those with the right of entry to the workplace (employees, third-party workers, guests)
 Those in the locality of the work area, who are affected by the work
 Employees in an area that is not under the direct administration of the company
HIRA: OTHER FACTORS
Hazard identification and the assessment of risks and opportunities, involves other factors in the workplace,
including:
 The layout of work areas, practices, installations, heavy machinery, standard operating procedures, and job
management
 Changes with the needs and capabilities of employees
 Changed conditions in the workplace, as a result of work-related activities
 Conditions (not controlled by management) in work areas, that can result in illness or injury to individuals
 Actual or intended changes in organogram, jobs, processes, proceedings or the health and safety management
system
 Information and knowledge relating to any changes concerning hazards
ASSESSMENT
Assessment of health and safety risks (Clause 6.1.2.2). Management must develop, apply, and carry out processes for
the following:
 Assess the health and safety risks from a list of hazards, while considering the effectiveness of current controls.
 Identify and assess other risks related to the establishment, application, operation, and maintenance of the overall
OH&SMS.
 The management’s procedures and criteria for the assessment of health and safety risks, must be defined, to ensure
they are preemptive rather than responsive and that they are utilized in a
 systematic way. Documented information must be developed and retained on the assessment principles and
methodology.
PROCESSES
Assessment of health and safety opportunities (6.1.2.3)

Management must develop, apply, and carry out processes for the following:
 Health and safety opportunities to enhance health and safety performance, changes to management, policies,
processes, or activities.
 Opportunities to upgrade work, management, and the work environment for employees.
 Opportunities to eliminate hazards and reduce health and safety risks.
 Opportunities for improving the OH&SMS.
LEGAL
Legal and other requirements (6.1.3)

Management must develop, apply, and carry out processes for the following:
 Identify and subscribe to the latest legal and other requirements that are relevant to hazards, risks and health and
the OH&SMS.
 Identify how legal and other requirements apply to management and which requirements need to be
communicated to staff.
 Take legal and other requirements into account when developing, applying, and improving the OH&SMS.
 Retain documented information on legal and other issues and ensure it is upgraded to incorporate any relevant
changes.
ACTIONS
Management must plan actions relating to the following:

 Risks and opportunities
 Legal and other requirements
 Prepare for and react to emergency situations
 Integrate and apply relevant counter measures to hazards and risks, through the OH&SMS
 Assess the effectiveness of the counter measures and action plans taken
 Management must take into consideration the "hierarchy of controls" (clause 8.1.2) and results from the health and
safety management system, when deciding on new actions. When planning actions, management must consider
best practice, technological alternatives, and economical, functional, and business needs.
OBJECTIVES
 Health and Safety objectives (Clause 6.2.1)

 Management must develop health and safety objectives at appropriate functions and levels, to carry out and
continually improve the OH&SMS and OH&S performance (clause 10.3).
 Health and safety objectives must:
 Be consistent with the health and safety policy
 Be quantifiable (if possible) and available for evaluation
 Health and safety objectives must take into consideration the following:
 Relevant requirements
 The outcomes resulting from the assessment of risks and opportunities
 The results of consultation with employees or employees’ representatives where they exist
 Checks, communications, and upgrades
PLANNING
Planning to attain health and safety objectives (Clause 6.2.2)

When planning how to attain organizational health and safety objectives, management must address the following
questions:
 What needs to be worked on?
 What resources will be needed?
 Who will be delegated?
 When it will be finished?
 How will the outcomes be assessed (including pointers for monitoring)?
 How will the measures needed to attain health and safety objectives, be assimilated into business processes?
 Management must produce and retain documented information on health and safety objectives and the plans to
achieve them.
COMPETENCE
 Support Functions - Organizational Resources (Clause 7.1)
 Management must recognize and render the resources required for the establishment, application, maintenance, and
continual enhancement of the OH&SMS.
 Competence (Clause 7.2)
 To achieve mandatory employee competence, management must perform the following:
 Identify the influence of employee competence on health and safety performance
 Ensure that employees are competent (including the capability to recognize hazards) with help of education,
experience, and training
 Take the necessary actions to achieve mandatory employee competence and be able to evaluate the effectiveness of
these measures
 Retain documented information on proof of employee competence
 NOTE: Relevant actions can involve the delivery of training, mentoring, the re-allocation of presently employed
persons and the hiring or outsourcing of competent persons.
AWARENESS
Awareness (Clause 7.3)

Employees must be made aware of the following:
 Health and safety policies and objectives
 The effectiveness and benefits of the OH&SMS
 The implications and potential outcomes of not conforming to OH&S requirements
 H&S incidents and the results of investigations
 Their ability to leave work situations when there is a grave danger to their life or health
OBLIGATIONS
 Communication (Clause 7.4)  Gender
 Management must develop, apply, and carry out the  Language

processes required for the internal and external  Culture
communications applicable to the OH&SMS, together  Literacy
with identifying the following:
 Disability
 The appropriate subjects of communication
 Management must ensure that the opinions of external
 The appropriate timing
interested parties are considered, when developing the
 The appropriate recipients (including contractors and communications process. In addition, management
visitors to the workplace) must:
 The appropriate methodology of communication  React to appropriate communications regarding its
 The standard stipulates that management must OH&SMS
consider the "diversity" of the audience when  Keep documentation, as proof of its communications
considering its communications.
 Diversity includes:
DOCUMENTATION
 The level of documented information required (Clause 7.5) in an OH&SMS, varies from one
organization to another. This is due mainly to the types of products and services it provides and the
requirement to show legal and other compliance.
 Documentation (Clause 7.5.2) should normally include the following:
 Identification and description
 Title, Date and Author
 Reference Number
 Language and format
 Graphics and media
 Software Version
CONTROL
Documentation needs to be sufficiently controlled (clause 7.5.3), to ensure:

 It is accessible and relevant for utilization where and when it is needed
 It is sufficiently protected from loss of confidentiality and improper use
 The availability of sharing, right to use and retrieval
 It is conserved and stored properly
 Version and revision control
PROCESS
Management must plan, apply, control, and carry out the processes needed to meet the requirements of the OH&SMS.
Applying actions is identified in Clause 6 and involves the following:
 Developing the criteria for processes
 Applying the control of processes, in accordance with the criteria
 Producing and retaining documented information, so that interested parties and observers can have confidence that
the processes have been carried out
 Adapting work to employees
 At multi-employer workplaces, management must coordinate the OH&SMS with other managers
CONTROLS
Management must develop, apply, and carry out processes for the eradication of hazards and the minimization of
health and safety risks (Clause 8.1.1), by utilizing the following hierarchy of controls:
 Remove or eliminate the hazard
 Substitute or replace health and safety hazards and risks, with less hazardous operations, processes, supplies or
machinery
 Use engineering controls and the management of work
 Use administrative controls, such as training and visual controls
 Use adequate protective equipment for employees
CHANGES
Management must develop a process or processes, for the application and control of intended short term and long-
term changes that impact on health and safety performance. This includes:
 Modifications to old products and services, work sites and the neighborhood
 Labor force and machinery
 Legal and other requirements
 Modifications in knowledge and facts about hazards and health and safety risks
 Upgrades of technology and related knowledge
 Management must analyze the outcomes of unplanned changes and take measures to decrease the impact of
adverse effects.
CONTRACTORS
 Management must develop, apply, and carry out processes to control the acquisition
of products and services (Purchasing Controls - Clause 8.1.4), to ensure compliance
with the OH&SMS.
 Management must organize the procurement process with contractors (Clause
8.1.4.2), list hazards and analyze health and safety risks arising from:
 Contractor activity that influences the workplace
 Activities and functions that affect the contractors’ employees
 The contractor's work and functions at a site, have an influence on the interested parties in that area.
Management must ensure that the needs of its health and safety management system are fulfilled by
contractors and their employees.
OUTSOURCING
 Management must ensure that subcontracted jobs and processes are managed. They must also ensure that
outsourcing preparations are made in accordance with legal and other requirements. The processes involved and
the extent of control, must be explained in the OH&SMS.
EMERGENCIES
Management must develop, apply, and carry out the processes required to prepare for emergency conditions,
 Develop readiness and planned reactions to emergency conditions, together with the prompt delivery of first aid
 Offer training for the planned responses
 Test emergency procedures regularly
 Send and offer suitable information to all employees during such events
 Assess performance
 Appropriate information must be sent to visitors, contractors, emergency response units, government authorities
and the community during such events. Moreover, all interested parties must be involved in the design and
fulfillment of emergency planned responses. As usual, management must produce and retain documented
information on the processes involved.
MODULE 2 – LESSON SUMMARY
 An organization's policy should include a commitment to providing a safe and healthy working environment and a
commitment towards continual improvement of its occupational health and safety management system
(OH&SMS).
 Management must identify all "interested parties" in the system, together with employees. Interacting with the
organization’s workers, contractual partners and shareholders is an important part of maintaining a list of all
interested parties. If a business has a high accident rate, insurance premiums will rise. Insurers are therefore an
"interested party".
 The competence of an organization’s workforce is an internal issue and is relevant to effective health and safety
management.
 External factors are outside an organization's direct control. However, they influence an organization’s business
and operations and consequently its OH&SMS.
 The latest discoveries and research into contemporary illness in the workplace highlights: recurring stress, strains,
and depression (mental health). It finds that legislation must be upgraded, and business contexts need to be fully
documented, if organizations are to truly alter their health and safety systems to function effectively.
 'Scope' refers to the boundaries and applicability of an organization's OH&SMS.

 Management must consider the "diversity" of its interested parties, when formulating its health and safety
communications strategy. Diversity, according to the ISO 45001:2018 standard includes: Gender, Language,
Culture, Literacy and Disability.
 Employees must be made aware of the organization's health and safety policy and its health and safety
management objectives.
 Management must react to appropriate communications regarding its health and safety management system.
 The documented information relevant to the OH&SMS, should include the following components: Identification
and description; Format, language, and reference number; Title, date and author; Software version (if relevant);
References to media and graphics used.
 Documented information should be protected from: Loss of confidentiality; Improper use and Loss of integrity
(damage).
 Management must develop, apply and carry out processes for the eradication of hazards and the
minimization of health and safety risks, using the following 'hierarchy of controls': (a) Remove or eliminate
the hazard; (b) Substitute or replace hazards and risks with less hazardous operations, processes, supplies
and machinery; (c) Use engineering controls and management of work; (d) Use administrative controls such
as training and visual controls; (e) Use adequate personal protective equipment.
 Where short- or long-term changes are applicable to work practices, a risk and opportunities assessment
should be undertaken before the change is applied.
 Only top management or its delegated personnel should develop, apply, and carry out the processes for
hazard identification.
 Legal and other requirements relevant to health and safety, constitute risks and opportunities for an
organization, which management must address.
 Management must develop, apply, and carry out processes to assess occupational health and safety
opportunities, in order to enhance occupational health and safety performance in an organization.
 Management must develop occupational health and safety objectives relevant to different work functions and
levels.
 Management must identify and provide the resources needed for the establishment, application, maintenance,
and continual enhancement of the OH&SMS.
 Management must send information regarding its OH&SMS and concerning legal and other requirements, to
any relevant external parties.
 Management must develop, apply, and carry out processes to control the acquisition of products and services,
to ensure their compliance with the OH&SMS.
 Management must ensure that its outsourcing activities, with respect to health and safety, are in fulfilment of
legal and other requirements.
 Management must develop, apply, and carry out processes to prepare for possible emergency situations.
 Management must produce and retain documentation, regarding its processes and plans for reacting to
potential emergency situations
MODULE 3 – PERFORMANCE EVALUATION AND
IMPROVEMENT
MODULE 3 – LEARNING OUTCOMES

 Describe the performance evaluation of occupational health and safety management systems (OH&SMS)
 Be able to discuss monitoring, measurements, and analysis
 Describe the process involved in internal audits
 Explain what is involved in management reviews
 Define what 'continual enhancement' means
 Summarize the 'check and act' part of the OH&SMS
PERFORMANCE
Performance evaluation (Clause 9) lists the requirements of assessing the performance of the OH&SMS. This clause
encompasses three areas of evaluation:
 Monitoring, measurement, and analysis
 Internal auditing
 Management reviews
 Management must develop, apply, and carry out (Clause 9.1) different processes for monitoring, measurement,
and analysis. Management must identify the following:
 The level of compliance to laws and other requirements
 The activities and processes involved in recognizing hazards, risks, and opportunities
 Improvements toward the attainment of the organization's health and safety objectives
 The impact and efficiency of operational (and other) controls
TASKS
Monitoring can be based on:

 Observation of work being done
 Assessment of documented information
 Interviews with people to discuss performance levels
 Measurement is the allocation of numbers or values to performance, i.e. events and objects. It is related to
performance evaluation and involves verifying equipment and actions with respect to risks and hazards.
 Analysis is the study and interpretation of data to discover patterns, relationships, and trends in workplace
activities. It is strongly associated with measuring events.
CRITERIA
 Management relates its performance in the area of occupational health and safety, according to certain criteria.
 For example, the performance of other companies, accepted codes, the company’s own codes, acknowledged
standards, the organization’s objectives, and historical OH&S statistics.
 Management must assess its health and safety performance and be aware of the efficiency of its OH&SMS.
Management must ensure, for example, that work equipment is relevant, calibrated, verified, and used
appropriately.
 NOTE: There can be legal and other requirements (national and international standards) concerning the use,
calibration, and verification of equipment.
RECORDS
 Management must keep relevant documentation as proof of performance measurement, monitoring, analysis and
to demonstrate results.
COMPETENCE
Clause 9.1 defines the meaning of “measuring and monitoring” and offers particular instances of what can be
measured to fulfill the standard. For example:
 Measurement against objectives
 Progress on continual improvement
 The monitoring of workers health and fitness
 Recorded instances of injuries and illness
 Trends
 Competence is identified in Clause 9.1, as evidence that workers and management work effectively together, in
terms of the recognition of hazards and risk mitigation measures.
COMPLIANCE
The ISO 45001:2018 standard states what must be measured and monitored to ensure OH&S legal compliance.
Discontinuities must be recognized, solved, and documented. Examples of other factors that must be considered are:
 Corporate policies and agreements
 Insurance requirements
 Company and union agreements
 Other rules regulations
GUIDELINES
 Reviewing an organization’s performance in certain areas, against other organizations is referred to as

'benchmarking'. Performing this type of review with respect to OH&S offers a relatively precise picture of an
organization’s performance.
 However, we must bear in mind the landscape in which organizations operate. For example, financial managers
may be bound by a certain financial code of conduct; electronics manufacturers may be committed to being
directed by certain standards etc.
 The ISO 45001 standard renders certain guidelines as key factors that can be used to quantify performance. For
example, if incidents are measured by occurrence, frequency, and severity, this constitutes a method of measuring
performance. The measurement of the completion of a corrective action, within a certain time or at a certain rate
of completion, is another form of measurement.
SYSTEMATIC
 An organization should have a systematic method for monitoring and measuring its
health and safety performance on a continuous basis and this should be part of its
OH&SMS.
 Without, hopefully, laboring the point too much, monitoring and measuring an
organization's health and safety performance, should include the following:
 All relevant health and safety legislation
 Mutual relevant agreements
 Standards and codes
 Insurance requirements
 Activities and processes concerning the recognition of risks, hazards, and opportunities
CRITERIA AND INDICATORS
The following is the difference between 'criteria' and 'indicators' as used in the standard:
 Criteria is what organizations use to check their performance in key areas. For example, they may benchmark their
health and safety performance against other organizations, best practices, standards etc.
 To quantify OH&S criteria, key performance indicators are used. For example, if a criterion is a comparison of
health and safety related incidents, an organization may check occurrence, type, impact, incidents, statistics etc.
The indicators are the results of the comparisons.
ASSESSMENT
 A compliance assessment program covers all occupational exposure to legislation requirements. Evaluation can be
influenced by elements such as historic compliance, or the time at which legislation was adopted or changed.
 A compliance assessment plan can be joined to other evaluation activities. These can form part of the management
system audit, for example environmental audits or quality management system assessments.
 It should be remembered that legal compliance is the minimum requirement in the standard, for evaluating the
effective implementation of the OH&SMS. This means the organization, at a minimum, must comply with all
legal requirements. Finally, as discussed, the organization must keep documentation of the results of its
compliance evaluation.
INTERNAL AUDIT
 Clause 9.2.1 in ISO 45001 outlines the execution of internal audits by management in organizations. The internal
audit must meet the criteria of the OH&SMS and the results (outputs) must be made presentable to top
management and relevant personnel.
 The internal audit plan must be well-scheduled and developed, with a thorough understanding of the OH&SMS
scope. The plan should be developed on the basis of risk assessments and former audit reporting.
 The internal audit should be conducted more vigilantly than in the comparable standards of ISO 9001 (quality
management system) and ISO 14001 (environmental management system).
PURPOSE
 The justification for conducting serious internal audits is simple: Nonproductive internal audits in an OH&S
system, can threaten the health and safety of an organization’s workforce.
 Question: How can it be ensured that an internal audit is as effective as it should be and that the consequent
actions, safeguard the health and safety of the workforce?
MANAGEMENT
Internal audit programme (Clause 9.2.1): Top management or their delegated personnel must perform the following:
 Plan, develop, apply, and carry out an audit programme, that accounts for rate of occurrence, techniques,
responsibilities, consultation, planning needs and reporting. It must also consider the significance of processes and
the results of former audits.
 Outline the criteria of the audit and its scope.
 Choose auditors and perform audits to ensure objectivity and non-bias in the audit process.
 Make sure the results of audits are presented to the relevant managers, employees, and other interested parties.
 Take measures to remove any nonconformities and "continually improve health and safety performance".
 As always, produce documentation as proof of the audit and results.
 NOTE: Management should conduct internal audits at consistent intervals, as part of their management review.
AUDITOR
 The internal audit should be performed at “scheduled intervals,” or additionally, if it is seen as helpful to the ISO
45001 system.
 WHO? The standard states that the choice of the auditor should ensure “impartiality and neutrality.” Also, the
auditor must have knowledge, work experience, recognized training and be familiar with health and safety
policies, objectives, and performance. Managements should receive external advice from professionals, for their
internal audits. This shows that the internal audit is a critical process.
 HOW? The internal auditor must have all the relevant information available, as part of the “input” of the auditing
process, i.e. risk assessment, data and outcomes, health and safety performance results, stakeholder inputs and
health and safety objectives. The auditor must also have full access to all of the information and people relevant to
the performance of OH&S in the organization.
OBJECTIVITY
 It is helpful, in terms of the continual improvement of the organization's OH&SMS, when the auditor makes sound
recommendations, based on the audit's findings and results.
 In this manner, management will have a more objective framework to work with. Also, the internal audit fulfills
the direct requirements and scope of the standard.
MANAGEMENT REVIEWS
The ISO 45001 standard (Clause 9.3), necessitates the review of the organization's OH&SMS appropriateness and
suitability, to be carried out by top management at scheduled intervals. Management review enables an organization
to systematically analyze and gauge the performance of its OH&SMS, to determine if it continues to be:
 APPROPRIATE - processes, values, and business systems
 SATISFACTORY - is the management system applied properly?
 USEFUL - does the management system achieve its intended results?
 Management reviews should be completed on a regular basis, for example: quarterly, bi-annually, or annually.
Fractional management reviews of an organization’s OH&SMS can be performed at more regular intervals, if
needed.
FEATURES
A management review should include the following:

 The status of actions taken following previous management review(s)
 Internal and external issues that influence the OH&SMS, for example risks and opportunities, the requirements,
and expectations of interested parties, legal and other requirements.
 Sufficient dialogue with internal and external interested parties
 An analysis of the resources needed for achieving an effective OH&SMS
 Prospects for continuous improvement
PERFORMANCE
Reviews should include information on the organization’s OH&S performance, including developments in the
following:
 The attainment of OH&S objectives
 Incidents, accidents, nonconformities, and corrective actions
 Measurement and monitoring
 The assessment of compliance with legal and other requirements
 Internal and external audits
 Participation, discussion, and consultation with employees
 Risks, prospects, and opportunities
EVALUATION
Decisions taken following a management review, should relate to:

 The ongoing sufficiency, rationality, and effectiveness of the OH&SMS, with regard to the achievement of its
intended results.
 Areas for continual improvement.
 Requirements for modifications to the system.
 Additional resources required.
 Other actions required.
 Opportunities to integrate the OH&SMS further/differently with business processes, e.g. quality, the environment,
continuity etc.
 Impacts on the strategic direction of the organization.
CONTINUOUS IMPROVEMENT ACTIONS
 Management must identify (Clause 10) opportunities for improvement and apply
mandatory actions to attain the intended results of its OH&SMS.
 Management must develop (Clause 10.2), apply and carry out processes, together
with investigations, reports, and measures, to identify and manage OH&S-related
incidents and nonconformities. When an incident or a nonconformity exists,
management must:
 Respond in time
 Take measures to manage and correct it
 Manage any consequences
INVOLVEMENT
The involvement of employees and the participation of other interested parties must be assessed. This is a
requirement for corrective action, in order to eradicate the root causes of the nonconformity or incident and to ensure
it does not occur elsewhere. This is achieved through the following:
 Analyzing the reasons for the nonconformity or incident
 Review/update existing assessments of OH&S risks (see 6.1)
 Identify and apply any actions required, involving a hierarchy of controls
 Analyze any new potential health and safety risks or modified hazards
DOCUMENTATION
Management must retain documentation as proof of:

 Nonconformities or incidents following measures taken
 The outcomes of measures and corrective actions
 Communication with the relevant employees, employee representatives, or other interested parties
INCIDENT ANALYSIS
 It is important that a 'root cause analysis' is performed following a nonconformity or

incident, in order to avoid its recurrence.
 Examples of nonconformities and OH&S-related incidents:
 INCIDENTS: Near misses, injuries, poor health, impacts to property or equipment that could result
in health and safety risks, body, skin, bone damage, hearing loss, eye-sight loss, asbestosis.
 NON-CONFORMITIES: Safety equipment not working properly, inability to comply to legal
requirements, safety processes or guidelines not being followed; contractors working in a hazardous
way on-site.
ROOT CAUSE
 When a nonconformity or incident occurs, the organization must respond in a timely way. The assessment of the
requirement for corrective action(s), should be agreed with the relevant employees and interested parties.
 The goal of an incident-investigation is to identify what occurred, why it occurred and what can be done to avoid
it occurring again.
 Professional investigators must account, not only for immediate causes, they must also focus on root causes and
the corrective measures that need to be taken.
FACTORS
 All incidents have causes. These can involve a cluster of factors, together with human behavior, activities,
processes, and equipment.
 Investigations should highlight gaps that require improvement. The extent of the investigation is proportional on
the extent of the OH&S-related incident and its impact.
 The incident should be documented and presented internally and externally, were appropriate, to regulatory
bodies.
INVESTIGATIONS
 Who investigates? The investigation of incidents and nonconformities should be performed by a party/parties who
are not reliant on the activities being analyzed and should include an employee representative.
CORRECTIVE ACTIONS
 Organizations are responsible for corrective actions concerning the management of

change and the hierarchy of controls. They are also responsible for making
modifications to the OH&SMS by:
 Updating process maps
 Revising procedures
 Updating the risk register
CONTROLS
Instances of corrective actions involving a hierarchy of controls:

 Eradicate hazards
 Use less dangerous materials
 Re-engineer or change machinery and tools
 Modify the rate of using equipment
 Enforcing the use of personal protective equipment (PPE)
FAILURES
The emphasis of root cause analysis is aversion. Root cause analysis recognizes numerous contributory factors,
 Fatigue
 Lack of communication
 Equipment failure
 Incompetence
 Gaps in signage/notices/warnings/documentation
TIMING
 While root cause analysis is being carried out, an organization may have to perform immediate short-term actions,
in order to avoid recurrence of an incident or nonconformity.
 This can be a component of the implemented corrective action. Root cause analysis and the reporting of incidents
without delay, can assist with the permanent removal of hazards.
CONTINUOUS IMPROVEMENTS
The concept of continuous improvement is referenced in other management systems (Annex SL), for example: ISO 14001,
ISO 9001 (see: https://alison.com/course/iso-90012015-fundamental-concepts), as well as in the ISO 45001:2018 standard.
Measures an organization can take to implement 'continuous improvement' in their OH&SMS include:
 Enhancing a culture that supports OH&S
 Encourage the participation of employees (recognition and application)
 Use up-to-date training, practices, technology, and equipment
 Promote good working practices
 Accept proposals and advice from interested parties
 Acquire the latest knowledge of occupational health and safety in the workplace
 Source better supplies and make better use of materials
 Promote worker competence
 Attain improved performance using minimal resources
 Three main areas of OH&SMS evaluation are: monitoring, measurement, and analysis; Internal audits;
management reviews.
 Management must develop, apply, and carry out different processes for the monitoring, measurement, and analysis
of its OH&SMS.
 Monitoring can be based on observation of work being done, the assessment of documented information (e.g.
records) and the utilization of interviews - this helps to identify status, so that any deviation from performance can
be recognized.
 'Measurement' is the allocation of numbers to the performance of events or objects. It is related with performance
evaluation. It can be extracted from the utilization of verified or calibrated equipment.
 Data analysis discovers patterns, relationships, and trends in performance. It is related with the measurement of
events.
 Criteria is what the management compares its performance with, for example the performance of other companies,
developed codes, acknowledged standards, the organization's own codes, the organization’s objectives and its
historical health and safety record (statistics).
 Management must ensure that monitoring and measuring equipment is calibrated, verified, and used as
appropriate.
 Management must develop, apply, and carry out processes for evaluating organizational health and safety
compliance, with legal and other requirements.
 An organization should have a systematic method for monitoring and measuring its occupational health and safety
performance, on a recurrent basis. This should be a core component of its OH&SMS.
 An organization should employ preemptive and responsive measures to OH&S gaps and should primarily focus on
proactive solutions, in order to maximize its performance.
 The internal audit plan must be scheduled and developed according to the system's scope. The plan should be
developed according to a risk assessment and consider the results of former audits.
 When choosing auditors to perform audits, objectivity, and the absence of bias in the process, must be assured.
 Management should conduct internal audits at regular intervals, as part of conducting management reviews of their
OH&S status and processes.
 The ISO 45001 OH&SMS standard, mandates that the results of internal audits should be presented to all employees
and interested parties.
 Documenting the internal audit, together with the outcomes, measures, and results, is a requirement and a part of the
OH&SMS continual improvement process.
 The management review should not only assess data and historical trends; it should aim to improve the OH&S
standards and performance in the organization.
 Management review of the organization’s OH&S status should be performed regularly, on a quarterly, bi-annual, or
annual basis.
 Management must develop, apply, and carry out processes, together with investigations, reports, and measures, to
identify and manage OH&S-related incidents and nonconformities.
 An organization must consider the following: the results from the evaluation and analysis of its OH&S
performance; the assessment of its OH&S compliance; the lessons learned from internal audits and the lessons
learned from management reviews.
 Corrective actions, continuous improvements, technological changes, innovations, and re-organization can
improve the organization's OH&S position.
 Incidents that lead to health and safety risks, include near misses, disabilities, injuries, ill health, damage to
property and equipment.
 When a nonconformity or incident occurs, the organization must respond in a timely way; they must act to
manage/contain the issue, correct it and deal with the outcomes.
 Organizations must assess the corrective actions that are required to eliminate the root causes of health and safety-
related incidents and nonconformities. They must endeavor to ensure that incidents and nonconformities that occur
in one part of an organization, do not occur in another part of an organization.
 Required corrective actions should be planned and implemented with the participation of employees and interested
parties.
 The concept of the continuous improvement of an organization's OH&SMS, is referenced in management systems
prior to ISO 45001:2018, for example ISO 14001 and ISO 9001.
MODULE 4 – COURSE ASSESSMENT
 This course assessment enables you to review your learning, so you can determine your knowledge and
understanding of the following course:
 ISO 45001:2018 - Principles of Occupational Health and Safety Management Systems
 If you do not achieve the required standard after the first attempt, you can re-take the assessment until a successful
outcome is achieved.
 You need to score 80% or more to PASS.

ISO 45001 Awareness Training Programme

Uploaded by

Copyright:

Available Formats

ISO 45001 Awareness Training Programme

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO 45001 Awareness Training Programme

Uploaded by

Copyright:

Available Formats

What is the purpose of ISO 45001?

What is the purpose of ISO 45001?

What are the sections covered in ISO 45001?

What are the sections covered in ISO 45001?

ISO 45001 AWARENESS

OH&SMS – OCCUPATIONAL HEALTH &

After completion of this course, the learner will be able to:

 Module 1 – Fundamentals of Occupational Health

 Fundamentals of OH&SMS – Learning Outcomes

 Requirements of an OH&SMS – Learning Outcomes

 Performance Evaluations and Improvement –

After completing this module, you will be able to:

 An Occupational Health and Safety Management System (OH&SMS), is a

OH&SMS systems primarily direct organizations in the following ways:

 The “Act” part of the PDCA model is the improvement part of the

 Organizations need to be proactive. In a rapidly growing and creative world, the

 What makes ISO 45001 internationally important? International experts and writers

 If your organization is currently using the OHSAS 18001 standard, migrating to ISO

 The internal and external issues of organizations need to be addressed, in a business

 Clause 5.4 of the ISO 45001:2018 OH&SMS, is a much-improved clause, compared

ISO 45001:2018, Clause 9, includes enhanced and extended evaluation of performance,

 This term is defined as a “person or organization

 ISO 45001:2018 defines contractor in clause 3.7 as “[an] external organization

After completing this module, you will be able to:

 Worker representation in the OH&SMS steering committee, can be a source of

Assessment of health and safety opportunities (6.1.2.3)

Legal and other requirements (6.1.3)

Management must plan actions relating to the following:

 Health and Safety objectives (Clause 6.2.1)

Planning to attain health and safety objectives (Clause 6.2.2)

Awareness (Clause 7.3)

 Management must develop, apply, and carry out the  Language

Documentation needs to be sufficiently controlled (clause 7.5.3), to ensure:

 'Scope' refers to the boundaries and applicability of an organization's OH&SMS.

After completing this module, you will be able to:

Monitoring can be based on:

 Reviewing an organization’s performance in certain areas, against other organizations is referred to as

A management review should include the following:

Decisions taken following a management review, should relate to:

Management must retain documentation as proof of:

 It is important that a 'root cause analysis' is performed following a nonconformity or

 Organizations are responsible for corrective actions concerning the management of

Instances of corrective actions involving a hierarchy of controls:

You might also like