2.2 million fatalities.  Some would suggest that’s the only number needed to justify a new global standard for managing occupational health and safety risks. When the latest proposal for an occupational health and safety management systems standard surfaced within the International Organization for Standardization, 2.2 million was the number of work-related fatalities based on 2005 statistics released at the 17th World Congress on Safety and Health at Work. The findings of that study were reaffirmed in a 2015 paper published in the  that showed a 5 percent increase in work-related fatalities. More than 80 percent of the reported fatalities were related to occupational disease.  Last year, the Workplace Safety and Health Institute released an updated report, “Global Estimates of Occupational Accidents and Work-related Illnesses 2017,” that estimated the number of work-related fatalities worldwide at 2.78 million. This study also included an estimate of 374 million cases of nonfatal work-related injuries and illnesses per year, many of which resulted in extended absences from work. On March 12 of this year, the long-awaited ISO 45001 occupational health and safety management systems standard was finally published after nearly four and a half years of work. This highly anticipated standard included participation from over 70 countries and liaison organizations. Participants in the ISO 45001 development process used the British standard OHSAS 18001 as the starting point, although many countries, including the United States, came equipped with their own perspectives on what should be included in a global OHSMS standard. The other OHSMS standards used to shape ISO 45001 included the U.S.’s ANSI Z10 as well as OHSAS 18001, Canada’s CSA Z1000, and the ILO’s OHSMS guidelines. Such diversity in approaches to health and safety and management systems is the main reason why it took so long to develop the standard even though OHSMS systems have been around for over two decades with 48 identified standards used in over 120 countries, according to a 2011 report by the British Standards Institute.  Consensus means that no one entity, including the U.S., achieves everything it wants in the final standard. It also means that ISO 45001 reflects collective wisdom and acceptance for what is needed in a global standard to reduce OHS risks while seizing opportunities for improvements in health and safety performance. It is a standard that, to some degree, serves the collective needs of countries where OHSMS systems are relatively new as well as countries with a rich history of management system practices. It is also a standard that takes into account differences in language as well as culture. The core principles of the plan-do-check-act cycle are included in ISO 45001 as they have been for most OHSMS standards. What differs are the specific, often detailed, requirements and how they are applied.

The aim in the application of any OHS management system is the prevention of work-related injuries and illness (ill health) and the provision of a safe workplace. However, ISO 45001 is also about harmonizing with existing systems and how risk is managed in an integrated manner to achieve these intended outcomes. At times, ISO 45001 may seem like a fairly prescriptive checklist, particularly to more advanced users of management systems. For others, however, specific requirements will provide useful practices and considerations. Still, the intent of ISO 45001 is to provide flexibility over how these requirements are fulfilled. The Annex provides additional guidance and clarity on the requirements. What should be considered in applying this standard is how all parts of the organization, including the OHS management system, work together to meet the intended outcomes and goals of the organization. For example, skills are developed, roles and responsibilities communicated, and parties with an interest in or affected by health and safety risks provide input into how they can be effectively managed. This helps promote improved integration with business activities and enhances a culture of health and safety, both of which are mentioned several times in the standard. Reflecting the standard’s integrated approach, its clauses are interdependent rather than separate sets of requirements. For example, planning (clause 6) works with operational requirements (clause 8), leveraging support (clause 7) provided by those involved in managing risks (clause 5), which are reviewed for effective outcomes (clause 9) and continual improvements (clause 10). While the standard seeks practices that help harmonize efforts in managing risks within an organization, recent ISO directives instituted in 2012 require that all its management system standards contain common language and structure. These common elements, referred to as Annex SL, increase the opportunity for an organization to combine or leverage systems such as its quality management system (ISO 9001) and its environmental management system (ISO 14001). In addition to harmonization, there are other key differences between this OHSMS standard and those that came before it.  ISO 45001 includes a broader perspective on organizational involvement for managing health and safety risks. From top management to all workers engaged in the activities of the organization, this standard requires that everyone who has a potential to affect OHS risk in the organization has a role to play. Leadership will find itself not just directing the organization but taking overall accountability for managing risks as they do other types of risks such as economic, market, and operational considerations.

Through Annex SL, to which all ISO management system standards are obligated, ISO 45001 requires consideration of the context of the organization in determining the scope and impacts to OHS performance within the management system. “Context” refers to the internal and external issues that potentially affect the management of health and safety risks, as well as everyone affected by these issues and their interests and expectations. The so-called “interested parties” include management, employees, contractors, visitors, the community, regulators, and others who may be affected by the organization’s activities, its OHS risks, and opportunities for improvements. The intent of this requirement parallels what organizations typically consider as they determine internal and external influences on the delivery of goods, products, and services. Perhaps one of the most significant changes with this standard is the broad use of the term “workers,”  which expands coverage beyond those employed by the organization. This term recognizes current changes in the work force and the use of contractors as well as outsourced arrangements. Workers are defined as those who perform work activities that are controlled by the organization. In this regard, the organization has at least a shared responsibility in managing occupational risks that result from activities directed by the organization, no matter where the work is conducted. “Workplace” is defined as a place under the control of the organization implementing the OHSMS. The organization is required to help ensure health and safety in their workplaces. In short, the organization provides protection for its workers no matter where they work in addition to providing a safe workplace that it controls. The harmonized Annex SL language defines “risk” as the “effect of uncertainty.” This definition differs from “occupational health and safety risks,” which are related to severity and frequency. Both “risks” and “occupational health and safety risks” are used in ISO 45001. In the context of the standard, a “risk” can be thought of as an indirect risk related to a hazard. Examples of risks include how the management system operates, changes to and within the organization, financial implications, and management direction regarding health and safety performance.  This expansive thinking covers risks and opportunities for controls applied to a hazard (for example, toxic material) as well as the processes (such as chemical review) needed to manage the hazards at a higher level. Risks include non-compliance with legal and regulatory requirements, which is covered as a commitment made by the organization. As a result of the assessment of risks and opportunities, actions are planned and objectives established for relevant functions and levels of the organization.  Plans for the control of hazards and risks are implemented under the operational requirements in the standard, leveraging a hierarchy (of controls) for eliminating hazards and reducing risks. In addition to the controls applied directly to hazards, the standard requires control over the processes for managing risks and opportunities based on the criteria the organization uses to determine an acceptable level of performance. For example, rather than just looking at the mechanical effectiveness of a local exhaust, the organization must assess its process for determining ventilation as a control, the performance criteria required, installation and maintenance of the local exhaust, and subsequently its effectiveness along with the process for ensuring its proper use by the operators. OHSMS standards have always covered multi-employer workplaces and the use of contractors to some extent. In addition, ISO 45001 includes requirements for outsourced operations, which are activities where another (external) organization performs part of the organization’s function or process. For outsourced operations, the organization implementing ISO 45001 needs to ensure that the outsourced arrangements are consistent with legal requirements and other requirements that it has adopted. The organization also determines the degree to which it will apply controls to these functions and processes. This is a new requirement for OHSMS standards and will require the organization to determine how this is done. This requirement is ISO Annex SL text and is also found in ISO 9001 and ISO 14001. Organizations began addressing this requirement when those standards were updated in 2015. ISO 45001 contains the usual provisions seen in most OHSMS standards such as requirements for resources and support, checking and corrective action, and operational execution. One other thing that’s new with this standard is a separate clause reserved for “improvement,” which other OHSMS standards incorporate into their “planning” clauses. While the concept is the same, in ISO 45001 “improvement” contains a separate subclause called “continual improvement,” which includes a requirement for the promotion of a culture that supports the OHSMS. The promotion of a supportive culture is also included as a requirement of top management. One way to view this requirement is that a supportive culture is necessary for sustainable management and improvements in managing health and safety risks as a result of implementing the requirements in ISO 45001. The development of ISO 45001 began with OHSAS 18001 as the initial working draft. ISO Project Committee (PC) 283, which developed the standard, was essentially charged with improving what had been in place. The concepts presented in this article cover the most significant differences between ISO 45001 and standards such as ANSI Z10 and OHSAS 18001.  The OHSAS project group has decided to sunset 18001 and allow a three-year time frame for organizations to transition to the ISO standard.  An ANSI Accredited Standards Committee (ASC) is already working to update the ANSI Z10 standard. It is anticipated that the high-level structure will generally be aligned with ISO 45001 and that the Z10’s requirements will be enhanced to incorporate new innovative concepts such as systems thinking, fatality and serious incident prevention, and occupational health and business integration. The committee expects to see a proposed revision sometime before the end of the year. PC 283 is also seeking to add enhancements of its own—not a revision of ISO 45001 but a family of documents supporting the primary standard. It can now do so with a change in the committee’s status from project committee to a technical committee. The new TC 283 will meet later this year to decide on topics for new documents, which may include implementation guidance, psychosocial issues, and metrics/measurements. For any organization, particularly those with global entities, suppliers, or customers, ISO 45001 is worth a look. Organizations that have a management system that conforms to one of the OHSMS standards—ANSI Z10, CSA Z1000, or OHSAS 18001—are in position for an easier transition as they already have most of the processes in place. A number of organizations are offering ISO 45001 training courses, and registrars are already preparing to assist clients with certification.  For those practicing industrial hygiene, ISO 45001 is not a standard to ignore. The IH field focuses on the anticipation, recognition, evaluation, and control of hazards, which are precisely what this standard supports at the management and systems levels. ISO 45001 is a standard for managing risk, and that is exactly what we do as health and safety professionals. If organizations leverage this standard correctly, they’ll be able to reverse the trend toward increasing ill health and rising numbers of occupational injuries.     Send feedback to

The Synergist

.