BS OHSAS 18001 vs. DIN EN ISO 45001:2018 · BS OHSAS 18001 manual scope of management system OH&S...

A guideline4/10/2018

BS OHSAS 18001 vs. DIN EN ISO 45001:2018

2/52 4/10/2018 All information is supplied without liability - DEKRA Certification GmbH

Some questions to start off with

● Why was the ISO 45001 developed?

● How long did it take to develop the ISO/FDIS 45001:2017?

● How did the content of the ISO/FDIS 45001:2017 come about?

● What do ISO/DIS 45001 and ISO/FDIS 45001 mean?

● What‘s the difference between the ISO 45001 and the EN ISO 45001?


Some facts about the ISO 45001:2018

ISO 45001:

● FDIS 11/30/2017

End of vote:

● 01/25/2018

Release date:

● 03/13/2018

New development of an international standardOHSAS 18001 will then be invalid


Development of ISO 45001


General information on the changes to the OHSAS

● Completely new structure (“high level structure”)

● Shared/same structure with/as ISO 9001 and ISO 14001

● An adaptation of the interpretations to ISO 9001 and ISO 14001

● Changed documentation requirements

● Some new and changed requirements due to the ISO structure that will require adjustments


Model of Occupational Health & Safety Managementsystems

BS OHSAS 18001 ISO 45001:2018


Mandatory documented information

BS OHSAS 18001

● manual● scope of management system● OH&S policy● roles, responsibilities and accountability● documentation for the identification and evaluation of

hazards, risk assessment and measures

● procedure for ensuring the legal requirements● goals and individual goals

● internal and external communication

ISO 45001

● scope of the management system● OH&S policy● records on consultation and participation of workers

● risks & opportunities and related measures● documents on legal obligations

● goals + planning to achieve

● records on internal and external communication


Mandatory documented information

BS OHSAS 18001

● processes for the operational control● documentation for the testing of measuring equipment● emergency and security procedures● documentation on measurements and monitoring

● assessment of legal compliance● audit program● result of management review● documentation on deviations, correction and

preventive actions

ISO/FDIS 45001

● process for operational planning and control

● documents for handling possible emergency situations● records on monitoring, measurement, analysis and

performance evaluation

● evidence of legal obligation evaluation● documents on internal audit program● records of the management review● evidences for measures of incidents and

nonconformities


Recommended documented information

● Process description for determining the context of the organization and the interested parties (sections 4.1 and 4.2)

● Process description for the identification and assessment of environmental aspects and risks (sections 6.1.1 and 6.1.2)

● Legal register, permit register, company requirements

● Documentation on skills, training and awareness-raising activities (sections 7.2 and 7.3)

● Process description for internal and external communication (section 7.4)

● Process description for document control (section 7.5)

● Process description for the internal audit (section 9.2)

● Process description for the management review (section 9.3)

● Process description for managing incidents and corrective action (section 10.2)


New high level structure

= Basic structure for all management system standards

● Identical structure for all management system standards

● Consistent terms and definitions and core elements

● Better understanding of standards

● More efficient implementation of integrated management systems


New high level structure

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organization

5. Leadership and worker participation

6. Planning

7. Support

8. Operation

9. Performance evaluation

10. Improvement

Requirements


ISO 45001 – structure

4. Context of the organization

5. Leadershipand workers participation

6. Planning 7. Support 8. Operation 9. Performance evalutation

10. Improvement

PLAN DO CHECK ACT

Changed requirementsNew requirements

4.1 Understanding the context of theorganization

4.2 Understanding the needs and expectations of workers and other interested parties

4.3 Determining the scope of the OH&S management system

4.4 OH&S management system

5.1 Leadership and commitment

5.2 OH&S policy

5.3 Organizational roles, responsibilities and authorities

5.4 Consultation and participation of workers

6.1 Actions to address risks and opportunities

6.2 OH&S objectives and planning to achieve them.

7.2 Competence

7.1 Resources

7.3 Awareness

7.4 Communication

7.5 Documented information

8.1 Operational planning and control

8.2 Emergency preparedness and response

9.1 Monitoring, measurement, analysis and performance evaluation

9.2 Internal audit

9.3 Management review

10.2 Incident, nonconformity and corrective action

10.3 Continual improvement

10.1 General


About: 4. Context of the organization


About: 4.1 Understanding the organization and its context

● The organization shall:

> identify external and internal issues that are relevant to their purpose and strategic direction, and that affect their ability to achieve the intended outcomes of their OH&S management system.

[ this is a completely new requirement; the organization will need to determine the external and internal context that affects the organization and its OH&S management system ]

Example for external and internal issues:

Purpose and strategy of the organization

Intended results of the OH & S management system

Requirements of employees and interested

parties

Determine external and internal issues

Monitore external and internal issues

Examine external and internal issues

Management system

Chances und risks

Operational planning and control

Management review


About: 4.1 Understanding the organization and its context

Example questions for evaluating the context:

● What does the market want?

● What can we afford?

● Where are we in relation to others?

● What changes are occurring in the legal, economic or social framework?

● Where do we stand with our resources, our capabilities?

● What do the employees or interested parties expect?

● What can and do we want to offer the customer?

● What resources do we need to do this?

● How is the context in which my customer uses the product changing?

● What influences my ability to meet the requirements?


About: 4.2 Understanding the needs and expectations of workers and other interested parties

● The organization shall determine:

a) the other interested parties, in addition to workers, that are relevant to the OH&S management system;

b) the relevant needs and expectations (i.e. requirements) of workers and other interested parties;

c) which of these needs and expectations are or could become legal requirements and other requirements.

Interested parties are mentioned several times in OHSAS 18001, but there were no explicit requirements for their identification and

identification of their needs and expectations. Furthermore, ISO/DIS 45001 distinguishes workers from other interested parties in order to

emphasize their importance.

[ completely new ]



Identification of

Stakeholder

Determination of

relationship

Interpretation‘and

analyze

Definitionof

measures

> Who is involved/ affected> Which processes are affected

> Internal/ external stakeholder> Intensity of relationship> Significance of stakeholder

> Expectations towards the organization> Objectives and interests of stakeholders> Influence, force and attitude on organization

(positive/ negative)

> Evaluation of risks, hazards and opportunities

> Strategy for implenting measures> Planning measures> Involvement of stakeholders

Example: stakeholder analysis



Example: stakeholder analysis


About: 4.3 Determining the scope of the OH&S management system

● When determining this scope, the organization shall:

a) consider the external and internal issues referred to in 4.1;

b) take into account the requirements referred to in 4.2;

c) take into account the planned or performed work-related activities.

The OH&S management system shall include the activities, products and services within the organization’s control or influence that can impact the organization’s OH&S performance. The scope shall be available as documented information.

[ both standards require definition of OH&S management system scope; only ISO/DIS 45001 elaborates requirements for the scope in more detail. Documenting the scope of the OH&S management system is required by both standards ]


About: 4.4 OH&S management system

The organization shall establish, implement, maintain and continually improve an OH&S management system, in accordance with the requirements of this document.

a) the processes needed;

b) the interactions of the processes;

c) determine the resources required for these processes and ensure their availability;

d) assign the responsibilities and powers for these processes.

[ the requirements are the same for both standards ]


About: 5.1 Leadership and commitment

Top management shall demonstrate leadership and commitment with respect to the OH&S management system by:

a) taking overall responsibility and accountability for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces and activities;

b) ensuring that the OH&S policy and related OH&S objectives are established and are compatible with the strategic direction of the organization;

c) ensuring the integration of the OH&S management system requirements into the organization’s business processes;

d) ensuring that the resources needed to establish, implement, maintain and improve the OH&S management system are available;

e) communicating the importance of effective OH&S management and of conforming to the OH&S management system requirements;


About: 5.1 Leadership and commitment

f) ensuring that the OH&S management system achieves its intended outcome(s);

g) directing and supporting persons to contribute to the effectiveness of the OH&S management system;

h) ensuring and promoting continual improvement;

i) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility;

j) developing, leading and promoting a culture in the organization that supports the intended outcomes of the OH&S management system;

k) protecting workers from reprisals when reporting incidents, hazards, risks and opportunities;

l) ensuring the organization establishes and implements a process for consultation and participation of workers;

m) supporting the establishment and functioning of health and safety committees.

[ similar requirements regarding top management. ISO/DIS 45001 does not require the organization to appoint a member of the top management to be responsible for the OH&S management system ]


About: 5.2 OH&S policy

Top management shall establish, implement and maintain an OH & S policy that:

a) is appropriate to the purpose and context of the organization and supports its strategic direction;

b) provides a framework for setting OH & S goals;

c) contains an obligation to meet applicable requirements;

d) contains an obligation to continuously improve the management system.

Notice of OH & S policyThe OH & S policy must:

a) be available and maintained as documented information;

b) be advertised, understood and applied within the organization;

c) be available to relevant interested parties, as appropriate.

[ no significant changes, only minor expansion ]


About: 5.3 Organizational roles, responsibilities and authorities

● Top management shall ensure that the responsibilities and authorities for relevant roles within the OH&S management system are assigned and communicated at all levels within the organization and maintained as documented information.

● Workers at each level of the organization shall assume responsibility for those aspects of OH&S management system over which they have control.

● While responsibility and authority can be assigned, ultimately top management is still accountable for the functioning of the OH&S management system.

[ the main difference is that the new standard does not require appointing a management representative ]


About: 5.4 Consultation and participation of workers

● The organization shall establish, implement and maintain a process for consultation and participation of workers at all applicable levels and functions, in the development, planning, implementation, performance evaluation and actions for improvement of the OH&S management system.

> provide mechanisms, time, training and resources necessary;

> timely access to clear, understandable and relevant information about the OH&S management system;

> determine and remove obstacles or barriers to participation or minimize those.

● Emphasize the consultation of non-managerial workers in hazard identification, risk assessment, fulfil legal requirements, determining competence requirements, training needs, determining what needs to be monitored, measured and evaluated, investigating incidentsetc.

[ the requirements of both standards are almost the same; only ISO/FDIS 45001 defines them in more detail ]


About: 6.1 Actions to address risks and opportunities

When planning for the OH&S management system, the organization shall consider the issues referred in the context, the requirements and the scope and determine the risks and opportunities

a) give assurance that the OH&S management system can achieve its intended outcome(s);

b) prevent, or reduce, undesired effects;

c) achieve continual improvement.

When determining the risks and opportunities the organization shall take into account:

> hazards> OH&S risks and other risks> OH&S opportunities and other opportunities> legal requirements and other requirements

The organization shall maintain documented information on the risks and opportunities and actions needed to determine and address its risks and opportunities

[ complete new requirement ]


About: 6.1 Actions to address risks and opportunities

● This is a completely new requirement compared to OHSAS 18001. When planning the OH&SMS, the organization will need to determine the risks and opportunities affecting the organization.

● Risks related to the OH&S management system are a new requirement compared to OHSAS 18001; this clause covers not only hazard-related risks but also risks regarding legal and other requirements and overall context of the organization.

[ complete new requirement ]


About: 6.1.2 Hazard identification and assessment of risks and opportunities

The organization shall establish, implement and maintain a process for hazard identification that is ongoing and proactive. The process shall take into account:

a) how work is organized, social factors (including workload, work hours, victimization, harassment and bullying), leadership and the culture in the organization;

b) routine and non-routine activities and situations, including all hazards;

c) past relevant incidents, internal or external to the organization, including emergencies, and their causes;

d) potential emergency situations;

e) people, including consideration of access to the workplace, contractors, visitors etc.;

f) other issues, including consideration of work areas, processes, installations, operating procedures…;

g) actual or proposed changes in organization, operations, processes, activities and OH&S management system;

h) changes in knowledge of, and information about, hazards.


About: 6.1.2.2 Assessment of OH&S and other risks

The organization shall establish, implement and maintain a process to:

a) assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls;

b) determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system;

c) The organization’s methodology and criteria for the assessment of OH&S risks shall be defined with respect to their scope, natureand timing to ensure they are proactive rather than reactive and are used in a systematic way.

Documented information shall be maintained and retained on the methodology and criteria.

[ risks related to the OH&S management system are a new requirement compared to OHSAS 18001; this clause covers not only hazard-related risks but also risks regarding legal and other requirements and overall context of the organization ]


About: 6.1.3 Determination of legal requirements and other requirements -voluntarily accepted obligations

[ besides the legal requirements, these are primarily voluntary obligations that an organization agrees to ]

Examples include voluntary commitments such as

● agreements of all kinds with employees, customers, interested parties, authorities;

● codes of conduct;

● industry standards or best practices;

● organizational requirements;

● a published sustainability report can develop a binding force if the organization has committed itself to interested parties, to a certain behavior, specific actions or something similar.


About: 6.1.3 Planning and measures

New point that is also included in ISO 14001 and ISO 9001

New requirement that defines the planning process and also replaces the preventive measures. Was in the OHSAS already partially included in other parts.

● planning measures for risks and opportunities

● legal and other requirements

● emergency situations

● how the measures are integrated and implemented in the OHS MS processes and other processes

● how to evaluate the effectiveness of these measures

● consideration of control measures and outputs from the OHS MS in the planning of measures

● consider best practices, technological, financial, operational and business options


About: 6.2 OH&S objectives and planning to achieve them

The OH&S objectives shall:

a) be consistent with the OH&S policy;

b) be measurable (if practicable) or capable of performance evaluation;

c) consider applicable requirements, results of the assessment of risks and opportunities;

d) be monitored;

e) be communicated;

f) be updated as appropriate.

It requires a planning to achieve OH&S objectives.

[ the requirements remain the same, but are further elaborated in the new standard ]


About: 6.2 OH&S objectives and planning to achieve them

When planning how to achieve its OH&S objectives, the organization shall determine:

a) what will be done;

b) what resources will be required;

c) who will be responsible;

d) when it will be completed;

e) how the results will be evaluated, including indicators for monitoring;

f) how the actions to achieve OH&S objectives will be integrated into the organization’s business processes.

[ elaborated in the new standard ]


About: 7. Support – resources, competence, awareness

The requirements regarding resource provision for both standards are the same, but the new standard emphasizes resource provision by dividing them into separate clauses.

[ no major changes ]


About: 7.2 Competence

The organization shall:

a) determine the necessary competence of workers that affects or can affect its OH&S performance;

b) ensure that workers are competent (including the ability to identify hazards) on the basis of appropriate education, training or experience;

c) where applicable, take actions to acquire and maintain the necessary competence, and evaluate the effectiveness of the actions taken;

d) retain appropriate documented information as evidence of competence.

[ the requirements are the same, only further outlined in ISO/FDIS 45001 by division into separate clauses ]


About: 7.3 Awareness

Workers shall be made aware of:

a) the OH&S policy and OH&S objectives;

b) their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance;

c) the implications and potential consequences of not conforming to the OH&S management system requirements;

d) incidents and the outcomes of investigations that are relevant to them;

e) hazards, OH&S risks and actions determined that are relevant to them;

f) the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so.

[ further outlined requirement by division into separate clauses ]


About: 7.4 Communication

The organization shall establish, implement and maintain the process needed for the internal and external communications relevant to the OH&S management system, including determining:

1. on what it will communicate;

2. when to communicate;

3. with whom to communicate;

4. how to communicate;

5. the organization shall take into account diversity aspects.

[ the requirements of both standards are pretty much the same, only elaborated in more detail in ISO/DIS 45001 ]


About: 7.5 Documented information

The organization’s OH&S management system shall include:

a) documented information required by this document;

b) documented information determined by the organization as being necessary for the effectiveness of the OH&S management system.

[ documents and records now belong to the same category – documented information; no manual is required by the new standard ]


About: 8.1 Operational planning and control

Requirements are pretty much the same, only ISO/FDIS 45001 has separate sub clauses for

● change management

● outsourced processes

● procurement and

● contractors

[ the new standard has it separated to emphasize its importance ]


About: 8.1.3 Management of change

The organization shall establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance, including:

a) new products, services and processes, or changes to existing products, services and processes, including:

− workplace locations and surroundings;− work organization;− working conditions;− equipment;− work force;

b) changes to legal requirements and other requirements;

c) changes in knowledge or information about hazards and OH&S risks;

d) developments in knowledge and technology.

[ seperate clause - elaborated in more detail ]


About: 8.1.4 Procurement – contractors, outsourcing

The organization must establish, implement and maintain procedures for controlling the sourcing of products and services to ensure its compliance with the OH & S management system.

The organization coordinates its procurement processes with its suppliers to identify risks from outside companies' activities and to assess and control risks.

The organization must ensure that the requirements of its OH & S management system are met by the contractors and their employees.

The organization's procurement process must define and apply occupational health and safety criteria for the selection of contractors.

The organization must ensure that outsourced functions and processes are controlled.

[ separate clause but no significant changes - extension to outsourced processes ]


About: 8.2 Emergency preparedness and response

The organization shall establish, implement and maintain a process needed to prepare for and respond to potential emergency situations

a) establishing a planned response to emergency situations, including the provision of first aid;

b) providing training for the planned response;

c) periodically testing and exercising the planned response capability;

d) evaluating performance and, as necessary, revising the planned response, including after testing and in particular after the occurrence of emergency situations;

e) communicating and providing relevant information to all workers on their duties and responsibilities;

f) communicating relevant information to contractors, visitors, emergency response services, government authorities and, as appropriate, the local community;

g) taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response.

[ elaborated in more detail ]


About: 9.1 Monitoring, measurement, analysis

The organization shall establish, implement and maintain a process for monitoring, measurement, analysis and performance evaluation.

The results of the analyze shall be used to determine the following:

a) what needs to be monitored and measured,

b) the methods for monitoring, measurement, analysis and performance evaluation, as applicable, to ensure valid results;

c) the criteria against which the organization will evaluate its OH&S performance;

d) when the monitoring and measuring shall be performed;

e) when the results from monitoring and measurement shall be analyzed, evaluated and communicated.

The organization shall retain appropriate documented information as evidence of the results of monitoring, measurement, analysis and performance evaluation on the maintenance, calibration or verification of measuring equipment.

[ the new clause sublimates all requirements monitoring and measuring, including legal and other requirements, OH&S performances, operational controls, etc. – no major changes to the requirements themselves ]


About: 9.1 Monitoring, measurement, analysis

The organization shall ensure that monitoring and measuring equipment is calibrated or verified as applicable, and is used and maintained as appropriate.

The organization shall retain appropriate documented information:

● as evidence of the results of monitoring, measurement, analysis and performance evaluation;

● on the maintenance, calibration or verification of measuring equipment.

[ no changes ]


About: 9.2 Internal audits

The organization shall conduct internal audits at planned intervals to provide information on whether the OH&S management system

a) conforms to:− the organization’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives;− the requirements of this document;

b) is effectively implemented and maintained.

[ the requirements are equivalent, but the new standard has divided the clause into two sub clauses to emphasize some elements of the internal audit, such as the audit objective and the audit process ]


About: 9.2 Internal audit programme

The organization shall:

a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, consultation, planning requirements and reporting, which shall take into consideration the importance of the processes concerned and the results of previous audits;

b) define the audit criteria and scope for each audit;

c) conduct audits to ensure objectivity and the impartiality of the audit process;

d) ensure that the results of the audits are reported to relevant managers; ensure that relevant audit results are reported to workers,and, where they exist, workers’ representatives, and other relevant interested parties;

e) take action to address nonconformities and continually improve its OH&S performance;

f) retain documented information as evidence of the implementation of the audit program.


About: 9.3. Management review

Top management shall review the organization’s OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

The management review shall include consideration of:

a) the status of actions from previous management reviews;

b) changes in external and internal issues that are relevant to the OH&S management system;

c) the extent to which the OH&S policy and the OH&S objectives have been met;

d) information on the OH&S performance, including trends;

e) adequacy of resources for maintaining an effective OH&S management system;

f) relevant communication(s) with interested parties;

g) opportunities for continual improvement.

Top management shall communicate the relevant outputs of management reviews to workers, and, where they exist, workers’ representatives

[ no major changes to the requirements ]


About: 10.1 General

The organization must identify and select opportunities for improvement and implement the necessary measures to achieve the intended outcomes of its OH&S management system.

[ potential for improvement must now be determined ]

About: 10.2 Incident, nonconformity and corrective action

The organization shall establish, implement and maintain a process, including reporting, investigating and taking action, to determine and manage incidents and nonconformities.

[ ISO/DIS 45001 does not have preventive actions, which aligns it with new versions of other management system standards. Also, incident investigation is merged with nonconformities and corrective actions because the same process can be used for investigation of incidents and nonconformities, and they are both resolved with corrective actions ]


About: 10.2 Incident, nonconformity and corrective action

When an incident or a nonconformity occurs, the organization shall:

a) react in a timely manner to the incident or nonconformity;

b) evaluate, with the participation of workers and the involvement of other relevant interested parties, the need for corrective action to eliminate the root cause(s) of the incident or nonconformity, in order that it does not recur or occur elsewhere;

c) review existing assessments of OH&S risks and other risks, as appropriate;

d) determine and implement any action needed, including corrective action, in accordance with the hierarchy of controls and the management of change;

e) assess OH&S risks that relate to new or changed hazards, prior to taking action;

f) review the effectiveness of any action taken, including corrective action;

g) make changes to the OH&S management system, if necessary.


Requirements/ terms no longer existing

Requirements:● Representative of top management ● Some documentation requirements e.g. management system manual● Control of records

Terms: ● Preventive actions● Written procedures


Migration to ISO 45001

● migration deadline 3 years from issuing ● Certification according OHSAS 18001:2008 still possible until 03.2021

Release dateMarch 2018

March 2018Start of the 3-year transitional period until March 2021

FDIS 11.2017 03.2018 03.20212019 2020

A guideline4/10/2018

Thank you!

Contact:

DEKRA Certification GmbHHandwerkstraße 1570565 Stuttgart

Fon. 0049 711 7861 2566

Mail. [email protected]

mailto:[email protected]

BS OHSAS 18001 vs. DIN EN ISO 45001:2018 · BS OHSAS 18001 manual scope of management system OH&S...

Documents

Transcript of BS OHSAS 18001 vs. DIN EN ISO 45001:2018 · BS OHSAS 18001 manual scope of management system OH&S...