Iso45001 2018 Iosh Branch Presentation 16-01-2020
Iso45001 2018 Iosh Branch Presentation 16-01-2020
Iso45001 2018 Iosh Branch Presentation 16-01-2020
Implementation
BS ISO45001:2018
What its not – Certification of Excellence
No Grading System
BS OHSAS18001:2007
vs
BS ISO45001:2018
Annex SL
ISO 45001:2018, like most other ISO standards, has adopted the Annex SL
High Level Structure (HLS).
Understanding Annex SL isn't just crucial for ISO 45001 - it's the core of any
modern ISO standard you can expect to accredit to in the future, so you
should start your reading as soon as possible.
The role of the management representative
Under OHSAS 18001, the operation of the occupational health and safety
management system could be delegated by senior management to a
representative.
That means senior management are now expected to take a stronger top-
down leadership role, driving performance improvements into action and
taking responsibility for the protection of their employees.
This goes beyond just training your staff on health and safety procedures
and expecting them to stick to them.
And the influence of Annex SL permeates into the risk focus of ISO 45001 -
so the context and external influences on your organisation should be as
much a part of your H&S risk register as a piece of machinery.
Risks, hazards and opportunities continued
In short, you should go beyond simple pinch points and slip hazards and
adopt a more holistic understanding of health and safety risk.
Planning
Closely connected to risk-based thinking is a stronger emphasis on planning
and setting objectives.
And ISO 45001 is more explicit than OHSAS 18001 about formalising
organisational goals, linking them to health and safety objectives, setting
priorities and establishing documentation.
A new definition of 'health'
Health and safety tends to make people think in purely physical terms.
And while mental health isn't explicitly mentioned in ISO 45001, the
standard is designed to be flexible enough to map onto your specific
company needs.
Clause 4.2: the needs of workers and interested parties can include mental
wellbeing, and can be included in your health and safety policy
Clause 6.2: mental health can be integrated into your H&S improvement
objectives and plans, and tracked as a KPI through mechanisms like annual
reviews and satisfaction surveys.
Clause 8.1.2: mental health risks can be treated and their residual risk
scores lowered like any other risk. For instance, mentally taxing processes
can be rotated and divided among employees to prevent excessive stress.
Terminology
Of the 37 terms and definitions included in ISO 45001, only 3 are identical to
those in OHSAS 18001.
3.1
organisation
person or group of people that has its own functions with responsibilities,
authorities and relationships to achieve its objectives (3.16)
3.2
interested party (preferred term)
stakeholder (admitted term)
person or organisation (3.1) that can affect, be affected by, or perceive itself
to be affected by a decision or activity
Terminology continued
3.3
worker
person performing work or work-related activities that are under the
control of the organisation (3.1)
Note 1 to entry: Persons perform work or work-related activities under
various arrangements, paid or unpaid, such as regularly or temporarily,
intermittently or seasonally, casually or on a part-time basis.
Terminology continued
3.4
participation
involvement in decision-making
Note 1 to entry: Participation includes engaging health and safety
committees and workers’ representatives, where they exist.
3.5
consultation
seeking views before making a decision
Note 1 to entry: Consultation includes engaging health and safety
committees and workers’ representatives, where they exist.
Terminology continued
3.6
workplace
place under the control of the organisation (3.1) where a person needs to be
or to go for work purposes
Note 1 to entry: The organisation’s responsibilities under the OH&S
management system (3.11) for the workplace depend on the degree of
control over the workplace.
Gap Analysis
Guidance: The standard does not require documented information. However, evidence will need to be provided to your
auditor to provide assurance your organisation is reviewing and regularly updating the external and internal issues that have
been identified. If documented information is not available, then a number of in-depth face-to-face interviews will be required.
4.2 Understanding the needs and Has your organisation determined:
expectations of workers and other
interested parties 1. The relevant interested parties who can affect or be affected by the OH&S management system?
New Requirement 2. The relevant needs and expectations of workers and other interested parties
3. Which of the above needs and expectations are or could become legal and other requirements?
Both standards require definition of OH&S management system scope; only ISO45001 elaborates requirements for the
scope in more detail. Documenting the scope of the OH&S management system is required by both standards.
Guidance 1: The scope should not be used to exclude activities, products or services that have or can impact your
organisations OH&S performance or to evade legal and other requirements. The scope is a factual and representative
statement of your organisation’s operations included within the OHSMS boundaries that should not mislead interested
parties.
Guidance 2: Your auditor will gather evidence that the scope has been correctly defined and considers context and
applicable legal and other requirements and your organisations activities, products and services. Auditors will also evaluate
the accuracy of the scope to ensure that it does not mislead interested parties.
Audit evidence – 4.3
• Outsourcing
• Logistics
• Multiple sites
• Service centres
• Servicing at customer premises
• Collaborative products and services
Context of the organisation
Context of the organisation - The context of an organisation refers to the combination of internal and external factors and conditions that can have an effect on an
organisation’s approach to its products and or services. As a result, the design and implementation of your organisation’s occupational health and safety
management system will be influenced by its context.
ISO 45001 Guidance
4.4 OH&S management system and The organisation shall establish, implement, maintain and continually improve an OH&S management
its processes system, including the processes needed and their interactions, in accordance with the requirements of
this document.
Audit evidence – 4.4
Guidance 1: Top management refers to a person or a group of people who directs and controls the organisation at the
highest level
Guidance 2: Top management must not only be aware of the new requirements but must be able to demonstrate
leadership and commitment in tangible ways. They will be audited as a matter of routine. Evidence of leadership and
commitment will be revealed as the auditor interviews not only top management but all members of the organisation.
Audit evidence – 5.1
Visible and tangible evidence of Leadership such as:
• Knowledge of Process, events, incidents and accidents
• Investment in resources, equipment, manpower
• Completion of site audits and inspections
Leadership and worker participation
Leadership and worker participation - There is an emphasis on leadership rather than just management. Top management are required to demonstrate greater
direct involvement in your organisation’s OHSMS. The removal of the need for a specific management representative is to ensure that ‘ownership’ of your
organisation’s OHSMS is not simply focused on one individual but on that person or group of people who directs and controls your organisation at the highest level.
This is a key clause and is fundamental to the whole standard. If it is not followed in its basic and profound meaning, the whole management system may still
achieve some good results, but fail to reach its full potential.
ISO 45001 Guidance
5.2 OH&S Policy Have top management established an OH&S policy that is consistent with the purpose and context of the organisation?
Does the established policy include a commitment to:
Provide safe and healthy working conditions?
A. Fulfil legal and other requirements
B. Eliminate hazards and reduce OH&S risks
C. Consultation and participation of workers (and if applicable workers representatives)
Guidance: Top management must be able to demonstrate that they have established the policy and that they have not just
signed a policy written by somebody else. The external auditor will discuss the policy in detail with top management to
ensure they can demonstrate from their own understanding that the policy is compatible with the strategic direction and
context of the organisation. They will be looking for evidence that the policy has been communicated and understood
throughout the organisation.
Leadership and worker participation
Leadership and worker participation - There is an emphasis on leadership rather than just management. Top management are required to demonstrate greater
direct involvement in your organisation’s OHSMS. The removal of the need for a specific management representative is to ensure that ‘ownership’ of your
organisation’s OHSMS is not simply focused on one individual but on that person or group of people who directs and controls your organisation at the highest level.
This is a key clause and is fundamental to the whole standard. If it is not followed in its basic and profound meaning, the whole management system may still
achieve some good results, but fail to reach its full potential.
ISO 45001 Guidance
5.3 organisational roles, Has a process been developed and implemented for consultation and participation of workers at all applicable levels and
responsibilities and authorities functions and where they exist workers representatives, in the development, planning, implementation, performance
evaluation and actions for improvement of the OHSMS?
Guidance: Worker includes all persons working under the control of the organisation including visitors, contractor’s
personnel and personnel carrying out an outsourced process.
Audit evidence – 5.3
• Organisational Charts
• Roles and Responsibilities for Emergency Positions and ensure that
personnel are aware of such duties
• Should include contractors
Leadership and worker participation
Leadership and worker participation - There is an emphasis on leadership rather than just management. Top management are required to demonstrate greater
direct involvement in your organisation’s OHSMS. The removal of the need for a specific management representative is to ensure that ‘ownership’ of your
organisation’s OHSMS is not simply focused on one individual but on that person or group of people who directs and controls your organisation at the highest level.
This is a key clause and is fundamental to the whole standard. If it is not followed in its basic and profound meaning, the whole management system may still
achieve some good results, but fail to reach its full potential.
ISO 45001 Guidance
5.4 Consultation and Participation of Has a process been developed and implemented for consultation and participation of workers at all applicable levels and
workers functions and where they exist workers representatives, in the development, planning, implementation, performance
evaluation and actions for improvement of the OHSMS?
Guidance: Worker includes all persons working under the control of the organisation including visitors, contractor’s
personnel and personnel carrying out an outsourced process.
Audit evidence
• Minutes of safety committee meetings
• Observation & intervention process
• Employee and contractors feedback & surveys
• Interviews with employees & contractors
Planning
Planning - Although planning has always been an integral part in establishing and maintaining an OHSMS, ISO 45001:2018 now places a greater emphasis on the
planning that your organisation does to proactively identify any circumstances which could lead to any undesired occurrences that could prevent the achievement of
continual improvement. Your organisation is now required to consider both its context and interested parties when planning and implementing its OHSMS.
ISO 45001 Guidance
6.1 Actions to address risks and Considering the organisations context (clause 4.1) and requirements of relevant interested parties (clause 4.2) have the
opportunities risks and opportunities been considered and have actions been defined to take advantage of the opportunities and mitigate
the risks?
Does this include consideration of hazards, risk, opportunities and legal and other requirements that may be applicable?
Is documented information available on risks and opportunities and the processes and actions needed to determine and
address the risks and opportunities?
Have hazards (sources of potential to cause injury or ill health) associated with operational processes throughout the
organisation been identified?
Planning
Planning - Although planning has always been an integral part in establishing and maintaining an OHSMS, ISO 45001:2018 now places a greater emphasis on the
planning that your organisation does to proactively identify any circumstances which could lead to any undesired occurrences that could prevent the achievement of
continual improvement. Your organisation is now required to consider both its context and interested parties when planning and implementing its OHSMS.
ISO 45001 Guidance
6.1 Actions to address risks and Guidance: When identifying hazards organisations should take account the definition of “workplace”. Workplace is not
opportunities limited to the site where organisations perform their activities. Workplace also covers any place under the full or partial
Continued control of the organisation, where workers need to be present or go to for work purposes.
Have risk assessments been completed and the methodology used for risk assessment and the criteria applied been
documented? Has documented information been retained on the results of your determination and assessment of risks and
opportunities?
Is there a process in place to determine and have access to legal and other requirements applicable to the OHSMS and how
the requirements apply within the OHSMS?
Is documented information maintained and retained on this process and on the organisations legal and other requirements?
Has the organisation determined how to address risks and opportunities including the actions required (including how to
address legal and other requirements and to prepare for and respond to emergency situations)?
Note: when planning to take action you need to apply whenever possible, the ‘hierarchy of controls’.
Audit evidence – 6.1
• Risk assessments – suitable & sufficient
• Methodology
• Review periods
• Competence of assessor
• All activities
• All work locations
• Physical, phycological, illness and COSHH
Planning
Planning - Although planning has always been an integral part in establishing and maintaining an OHSMS, ISO 45001:2018 now places a greater emphasis on the
planning that your organisation does to proactively identify any circumstances which could lead to any undesired occurrences that could prevent the achievement of
continual improvement. Your organisation is now required to consider both its context and interested parties when planning and implementing its OHSMS.
ISO 45001 Guidance
6.2 OH&S objectives and planning to Have (SMART) objectives been established at relevant functions and levels within the organisation in order to maintain and
achieve them continually improve the OHSMS and OH&S performance?
Are the objectives consistent with the policy, OH&S risks and opportunities, business context and adequately resourced,
monitored, communicated and updated as appropriate?
Are plans to achieve objectives determined in terms of what is required, who is responsible, agreed timings, and the
required measures to establish progress.
Is documented information maintained and retained on OH&S objectives and plans to achieve them?
Audit evidence – 6.2
Verify that the organisation’s overall objectives:
• Have been defined
• Reflect the relevant policy
• Are substantially coherent
• Compliance obligations and consider risks/opportunities
• OHSMS, take into account assessment of risk and results of
consultation with workers
• Are aligned and compatible with the organisation’s context and
strategic direction
• Documented information has been maintained.
Support
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place greater emphasis on the provision of resources necessary to
establish and maintain an effective OH&S MS.
ISO 45001 Guidance
7.1 Resources Have competence requirements of workers that affects or can affect the OH&S performance been determined?
7.2 Competence
Are workers competent on the basis of appropriate education, training or experience?
Note that the standard singles out the identification of hazards as a particular competence requirement.
Have actions been taken to acquire the necessary competence where any gaps have been identified? Are actions taken
evaluated for effectiveness in raising competence to the required level?
Guidance: The term “workers” means all persons performing work under the organisations control under various
arrangements: paid or unpaid, full-time or part-time, temporarily, intermittently or seasonally, managerial and non-
managerial. Workers can be employed by the organisation, by external providers, contractors, agency workers or any other
person to the extent the organisation shares control over their work.
Audit evidence – 7.1 & 7.2
To satisfy the competence/effectiveness requirements of relevant standards,
an organization will typically need to do several things:-
• Determine what competencies are required by persons performing work
• Determine which persons already performing the work have the required
competencies
• Decide if additional competencies are required
• Decide how these additional competencies are to be obtained – training of
persons (external or internal), theoretical or practical training, hiring of new
competent persons, assignment of existing competent personnel to different
work
• Train, hire or reassign persons
• Review the effectiveness of actions taken to satisfy competence needs and
to ensure that the necessary competence has been achieved
• Periodically review competence of persons
Support
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place greater emphasis on the provision of resources necessary to
establish and maintain an effective OH&S MS.
ISO 45001 Guidance
7.3 Awareness Are workers aware of OH&S policy requirements and objectives and how they are contributing to the effectiveness of the
OHSMS and the implications of not conforming to OH&S requirements?
Are workers made aware of the incidents, related investigations, hazards and OH&S risks relevant to them?
Are workers able to remove themselves from work situations that they consider present an imminent and serious danger to
their life and health without fear of reprisal?
Support
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place greater emphasis on the provision of resources necessary to
establish and maintain an effective OH&S MS.
ISO 45001 Guidance
7.4 Communication Has a process been established and implemented regarding internal and external communications relevant to the OHSMS?
Does the process include what is to be communicated, the timing of such communications, the target audience and the
method of delivery?
Does the process ensure that the communication is reliable and consistent with the information generated by the OHSMS
and that the organisation responds to relevant communications on its OHSMS?
When considering communication needs has the organisation taken into account the legal and other requirements and
diversity considerations (e.g. gender, culture, literacy, disability) which may affect communications?
Is documented information retained as evidence of communications?
Audit evidence – 7.4
Some or all of the following means of communicating information
within the organization should be examined by an auditor:
• Management led communication in work areas
• Team briefings and other meetings, such as those for recognition of
achievement
• Notice boards
• E-mail, intranet and web sites
• Company or in house magazine/newsletter
• Staff meetings
• Individual notices or letters
• Stakeholder / Interested Party communications
Support
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place greater emphasis on the provision of resources necessary to
establish and maintain an effective OH&S MS.
ISO 45001 Guidance
7.5 Documented information Has the organisation maintained and/or retained the following documented information in order to be compliant with ISO
45001:
• Scope of the OHSMS (clause 4.3)
• OH&S Policy (clause 5.2)
• Roles and responsibilities (clause 5.3)
• OH&S risks and OH&S opportunities (clause 6.1.1)
• Processes needed to address risks and opportunities (clause 6.1.1)
• Methodology and criteria for assessment of OH&S risks (clause 6.1.2)
• Applicable legal and other requirements (clause 6.1.3)
• OH&S objectives and plans (clause 6.2.2)
• Records of training, skills, experience and qualifications (evidence of competence) (clause 7.2)
• Communication (clause 7.4)
• Operational controls (clause 8.1.1)
• Emergency preparedness and response (clause 8.6)
Support
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place greater emphasis on the provision of resources necessary to
establish and maintain an effective OH&S MS.
Is documented information adequately controlled to ensure that it is available and suitable for use, where and when it is
needed and to ensure that it is adequately protected?
Is documented information appropriately identified and described (e.g. title, date, author, ref number)?
Is documented information of external origin that the organisation considers necessary for the planning and operation of the
OHSMS identified and controlled?
Audit evidence – 7.5
• Paper
• Electronic or optical computer disc
• Photograph
• Master sample
Operations
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and planned changes to processes, but also to unintended, unplanned
changes. Where unintended changes are made, you will have to demonstrate that you have identified any actual or potential adverse effects and have taken action
to mitigate them.
ISO 45001 Guidance
8.1.1. Operational planning and Does the organisation plan, implement and control its operational processes by establishing operating criteria and
control implementing control of the processes in accordance with the operating criteria?
Is documented information maintained and retained to the extent necessary to have confidence that the processes are
carried out as planned?
Important: If the organisation operates on sites where multiple employers are operating does the organisation co-ordinate
the relevant parts of its OHSMS with the other organisations on site?
8.1.2 Eliminating hazards and Has the organisation established and implemented processes for the elimination of hazards and reduction of OH&S risks
reducing OH&S Risks using the hierarchy of controls?
New Requirement
Note: In many countries the provision of personal protection equipment at no cost to workers is a legal requirement. While
this is not a requirement of
ISO 45001, it is a practice that could enhance OH&S performance.
Operations
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and planned changes to processes, but also to unintended, unplanned
changes. Where unintended changes are made, you will have to demonstrate that you have identified any actual or potential adverse effects and have taken action
to mitigate them.
ISO 45001 Guidance
8.1.3 Management of change Has the organisation established a process(es) for the implementation and control of planned temporary and permanent
New Requirement changes that impact OH&S performance including:
• New products, services and processes or changes to existing products, services and processes
• Changes to legal and other requirements
• Changes in knowledge or information about hazards and OH&S risks
• Developments in knowledge and technology.
Operations
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and planned changes to processes, but also to unintended, unplanned
changes. Where unintended changes are made, you will have to demonstrate that you have identified any actual or potential adverse effects and have taken action
to mitigate them.
ISO 45001 Guidance
8.1.4 Procurement Has the organisation established and implemented a process(es) to control the procurement of products and services in
New Requirement order to ensure their conformity to the OHSMS?
Does the organisations procurement process (es) define and apply occupational health and safety criteria for the selection
of contractors?
Does the organisation coordinate its procurement process(es) with its contractors in order to identify hazards and to assess
and control the OH&S risks arising from:
Does the organisation ensure that the requirements of the OHSMS are met by contractors and their workers?
Does the organisation ensure that outsourced functions and processes are controlled and outsourced arrangements are
consistent with legal and other requirements and with achieving the intended outcome of the OHSMS?
Operations
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and planned changes to processes, but also to unintended, unplanned
changes. Where unintended changes are made, you will have to demonstrate that you have identified any actual or potential adverse effects and have taken action
to mitigate them.
ISO 45001 Guidance
8.2 Emergency preparedness and Has the organisation established and implemented process (es) needed to prepare for and respond to potential emergency
response situations, including the provision of first aid?
Are the emergency plans ready to be triggered and does the organisation have the capability to respond effectively to
emergency situations i.e. are planned response actions periodically tested, reviewed and revised if necessary, in particular
after the occurrence of emergency situations and after tests?
Are interested parties (e.g. contractors, visitors, emergency services, government authorities, local community as
appropriate) made aware of relevant arrangements (and where necessary trained if they are required to participate in the
emergency response)?
Are workers informed of their duties and responsibilities in emergency situations?
Is documented information maintained and retained on the emergency response process and plans for responding to
potential emergency situations?
Guidance 1: External auditors will either seek evidence that response tests are being conducted at the time of the audit or
they will rely on interviews and documentation of tests completed to verify conformance with this requirement.
Guidance 2: discrepancy found during the audit of the emergency plans or any incident which occurred during an
emergency or drill has to be considered as a nonconformity in the system, and appropriate corrective actions have to be
taken in order to prevent recurrence.
Operations
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and planned changes to processes, but also to unintended, unplanned
changes. Where unintended changes are made, you will have to demonstrate that you have identified any actual or potential adverse effects and have taken action
to mitigate them.
ISO 45001 Guidance
8.2 Emergency preparedness and Has the organisation established and implemented process (es) needed to prepare for and respond to potential emergency
response situations, including the provision of first aid?
Are the emergency plans ready to be triggered and does the organisation have the capability to respond effectively to
emergency situations i.e. are planned response actions periodically tested, reviewed and revised if necessary, in particular
after the occurrence of emergency situations and after tests?
Are interested parties (e.g. contractors, visitors, emergency services, government authorities, local community as
appropriate) made aware of relevant arrangements (and where necessary trained if they are required to participate in the
emergency response)?
Are workers informed of their duties and responsibilities in emergency situations?
Is documented information maintained and retained on the emergency response process and plans for responding to
potential emergency situations?
Guidance 1: External auditors will either seek evidence that response tests are being conducted at the time of the audit or
they will rely on interviews and documentation of tests completed to verify conformance with this requirement.
Guidance 2: discrepancy found during the audit of the emergency plans or any incident which occurred during an
emergency or drill has to be considered as a nonconformity in the system, and appropriate corrective actions have to be
taken in order to prevent recurrence.
Performance evaluation
9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance of managing through the gathering and analysis of data and there is
increased requirement placed on you to implement indicators. This will lead to a far more structured assessment of OH&S management systems and you will be
expected to establish monitoring and measuring that is relevant and reliable and that the results are evaluated and analysed.
ISO 45001 Guidance
9.1 Monitoring, measurement, Has a process (es) been established and implemented for monitoring, measurement, analysis, performance evaluation and
analysis and performance evaluation for evaluating compliance with legal and other requirements?
Guidance 1: External auditors will be obtaining evidence of analysis and evaluation of data obtained from monitoring and
measurement relating to OH&S.
Guidance 2: External auditors are not expected to conduct legal compliance audits, but they are to evaluate whether your
OHSMS processes are effective in ensuring such compliance by the organisation. It should be noted that legal compliance
audits are not required by ISO 45001.
Performance evaluation
9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance of managing through the gathering and analysis of data and there is
increased requirement placed on you to implement indicators. This will lead to a far more structured assessment of OH&S management systems and you will be
expected to establish monitoring and measuring that is relevant and reliable and that the results are evaluated and analysed.
ISO 45001 Guidance
9.2 Internal audit The requirements in ISO 45001 are very similar to the requirements found in (BS) OHSAS 18001 i.e. your organisation
must:
Conduct internal audits at planned intervals in order to provide information as to whether the OHSMS conforms to both your
organisations own requirements and the requirements of ISO 45001
Plan, establish and implement an audit programme, including the frequency, methods, responsibilities, consultation,
planning requirement and reporting of internal audits
Take action to address any nonconformities
Retain documented information as evidence of the implementation of the audit programme and audit results
A new requirement of ISO 45001 is that relevant audit results must now be reported to workers and where they exist
workers representatives and other relevant interested parties
Audit evidence – 9.2
When third party auditors examine internal audit processes, they should
evaluate issues such as:
• The competencies that are needed for and applied to the audit,
• Objectivity and impartiality of the internal audit process
• The risk based thinking performed by the organization in planning internal
audits,
• The degree of management involvement in the internal audit process
• The guidance provided by ISO 19011
• The way the outcome of the internal audit process is used by the
organization to evaluate the effectiveness of its DMS and to identify
opportunities for improvements
• How reports are communicated to management, and for OH&SMS, to
workers and interested parties
Performance evaluation
9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance of managing through the gathering and analysis of data and there is
increased requirement placed on you to implement indicators. This will lead to a far more structured assessment of OH&S management systems and you will be
expected to establish monitoring and measuring that is relevant and reliable and that the results are evaluated and analysed.
ISO 45001 Guidance
9.3 Management review Do top management review the organisations OH&S at planned intervals to ensure its continued suitability, adequacy and
effectiveness?
Is documented information retained as evidence of the results of management reviews?
Does the management review consider:
• Status of actions from previous management reviews?
• Changes in external and internal issues that are relevant to the OHSMS (interested parties, risks and opportunities and
legal and other requirements)?
• The extent to which OH&S policy and objectives have been met?
• Information on the OH&S performance?
• Adequacy of resources for maintaining the OHSMS?
• Relevant communications with interested parties?
• Opportunities for improvement?
Are the outputs of management reviews communicated to workers and where they exist workers representatives?
Guidance: External auditors will be expecting a more strategically focused management review. Context, risks and
opportunities need to be considered as well as the alignment of the OH&S to the organisations overall strategic objectives.
External auditors will be expected to audit this clause with top management and will be gathering evidence with senior
management on corporate strategy issues relating to the OHSMS that go beyond operational issues.
Audit evidence – 9.3
As outputs from the management review process, there should be
evidence of decisions regarding:
• Changes to the policy and objectives,
• Continuing suitability, adequacy and effectiveness of the DMS
• Plans and possible actions for improvements,
• Change of resources,
• Opportunities to improve integration
• Implications for the strategic direction of the organisation.
Improvement
10. Improvement - This section emphasizes the general need to continually improve planning, processes and operations. To comply, you will need to demonstrate
that you actively look for opportunities for improvement and implement any necessary actions identified to achieve a better OHSMS.
ISO 45001 Guidance
10.1 General Does the organisation determine opportunities for improvement and implement necessary actions to achieve the intended
outcome of the OHSMS?
Note: Preventive action is no longer an explicit requirement as preventive action is addressed through management of risks
and opportunities.
Improvement
10. Improvement - This section emphasizes the general need to continually improve planning, processes and operations. To comply, you will need to demonstrate
that you actively look for opportunities for improvement and implement any necessary actions identified to achieve a better OHSMS.
ISO 45001 Guidance
10.2 Incident, nonconformity and Have process (es) been established and implemented for reporting, investigating and taking action(s) to determine and
corrective action manage incidents and nonconformities?
• Take action to control and correct it and deal with the consequences in a timely manner?
• Evaluate, with the participation of workers and the involvement of other relevant parties the need for corrective action
to eliminate the root cause(s) of the nonconformity?
• Review existing assessments of OH&S risks and other risks as appropriate (related to clause 6.1)?
• Determine and implement any action needed in accordance with the hierarchy of controls (clause 8.1.2) and the
management of change (clause 8.1.3)?
• Assess OH&S risks that relate to new or changed hazards prior to taking action?
• Review the effectiveness of any action(s) taken?
• If required make changes to the OHSMS?
Is documented information retained as evidence of the nature of incidents and nonconformities, any action(s) taken and the
subsequent results and effectiveness of the action(s) taken?
Is the documented information above communicated to relevant workers and where they exist workers’ representatives and
other relevant interested parties?
Audit evidence – 10.2
• Recording process
• Reporting process
• Accident investigations – includes methodology of investigation
• Communication of findings
• Corrective actions & preventative action
• Reviews of current controls
Improvement
10. Improvement - This section emphasizes the general need to continually improve planning, processes and operations. To comply, you will need to demonstrate
that you actively look for opportunities for improvement and implement any necessary actions identified to achieve a better OHSMS.
ISO 45001 Guidance
10.3 Continual improvement Does the organisation strive to improve the suitability, adequacy and effectiveness of the OHSMS by:
Guidance 1: External auditors should be able to track the organisations improvement process throughout the entire
OHSMS.
Guidance 2: Auditors will be seeking evidence that the organisation is using outputs from analysis and evaluation, internal
audit and management review processes to identify improvement opportunities and OH&S underperformance. Auditors will
be assessing whether the organisation has implemented the identified opportunities for improvement in a planned and
controlled manner and whether the whole workforce, from top management to non-managerial workforce participated in the
process.
The Audit
Who should attend the opening and closing meeting:
• Managing Director
• Other Management
• Safety Manager
• Other safety members of the safety team / representatives
• Department Managers
• Others members of the Company
The Audit
Conclusion:
See gaps identified as a positive – Major or Minor
Challenge the Auditor
Grievance Process
Questions