Thea Dunmire, JD, CIH, CSP,
is the president of ENLAR Compliance Services, Inc., where she specializes in
helping organizations implement management systems.
She can be reached on her blog about management system standards at
Many of the requirements set out in occupational health and safety (OHS) management system standards focus on ensuring that things go right. When organizations implement management systems, they typically focus on establishing the appropriate processes for identifying hazards, implementing controls, and assigning responsibilities to competent individuals with the goal of everything going as planned.
Yet sometimes things don’t go right. There are three sets of requirements in OHS management system standards that focus on when things go wrong: the requirements for dealing with emergencies, incidents, and nonconformities. Although these three concepts are similar in some ways, they differ in focus. This means that the associated management system requirements also vary. EMERGENCY PREPAREDNESS The Oxford dictionary defines an emergency as “a serious, unexpected, and often dangerous situation requiring immediate action.” Common emergency situations include weather-related events (such as blizzards, hurricanes, tornados, or floods), human-related events (workplace violence or terrorist attacks, for example), and equipment or infrastructure failures (like building collapses, tank failures, or ground subsidence).
For the most part, the requirements for dealing with emergencies focus on being prepared for events that can be characterized as low probability (“unexpected”) and high severity (“serious”) where some kind of immediate action is needed to prevent death or serious injury. What emergencies have in common is a focus on being prepared in the event that the emergency does occur, even when the probability of occurrence may be extremely low.
The management system requirements for emergencies include:
- identifying potential emergencies and the associated health and safety risks
- developing plans and procedures to be prepared in the event an emergency does occur
- communicating these plans to appropriate individuals so they know what to do if an emergency does occur
- periodic testing of emergency plans and updating of these plans as needed
For purposes of a management system, the focus for incidents is on having appropriate processes in place to analyze what happened (particularly for near-misses) so appropriate steps can be taken to prevent others from being harmed in the future. In other words, the goal is to learn from the bad experience of others.
The management system requirements for incident investigation include:
- having processes in place to identify (“report”) incidents
- having processes in place to investigate and analyze incidents in a timely manner, focusing on how similar events can be prevented in the future
- ensuring the results of investigations are communicated so others can learn from the experience
The focus when dealing with incidents is on analysis of the underlying causes and implementation of appropriate actions to prevent future injuries. There are clear links between incident investigation and the management system processes for hazard identification and risk assessment. The main difference for incidents is that the probability of harm is 100 percent, or close to it.
When Things Go Wrong
Dealing with Emergencies, Incidents, and Nonconformities BY THEA DUNMIRE
ADDRESSING NONCONFORMITIES For the purposes of ISO management system standards, a nonconformity is defined as “non-fulfillment of a requirement.” In general, a nonconformity occurs when an organization fails to meet a management system requirement that it has identified as applicable or has established for itself. In the United States, a requirement is often viewed as a legal obligation enforced by OSHA or another government regulator. Although nonconformities include the failure to meet regulatory requirements, the meaning is broader for purposes of an ISO management system. Examples of nonconformities include failure to implement established management system processes, lack of competence on the part of individuals assigned OHS responsibilities, internal communication failures, and inadequate preservation of required documentation. Some of these may be related to legal compliance; others are associated with internal requirements set out in organizational procedures. Particularly for internally imposed requirements, one way of addressing a nonconformity is to assess whether the requirement can be changed. Sometimes organizations establish internal processes that sound good in theory but are impractical when it comes to actual implementation. The mantra to remember when it comes to implementing management systems is “Say what you do; do what you say.” If an internally set requirement is too difficult to meet, consider changing it.
The management system requirements for addressing nonconformities include:
- having processes in place to identify nonconformities
- taking immediate action to deal with the nonconformity (sometimes referred to as “correction”)
- having processes in place to investigate and determine the causes of the nonconformity, focusing on identifying appropriate actions to ensure it does not happen again (also called “corrective action”)
- assessing whether actions are needed to address similar situations to ensure the problem doesn’t occur elsewhere (sometimes referred to as “preventive action”)
- implementing the actions identified and reviewing whether they are, in fact, effective in preventing the nonconformity
Accident, Incident, or Kerfuffle? One of the ongoing debates among OHS professionals is whether to use the term “accident,” “incident,” or both. These debates can be spirited at times. Both ANSI Z10-2012 and OHSAS 18001:2007 use the term “incident”; ISO 14001:2004 uses the term “accident.” In the drafting of the ISO 45001 standard, discussions are ongoing about which terms to use, how to define them, and the requirements that should be associated with each term. For a lighthearted discussion of this issue, including a suggested term for resolving this debate, check out “Accident vs. Incident,” a video by safety speaker Richard Hawk, at http://bit.ly/richardhawk.