Iso 45001-2018 Course PDF

ISO 45001:2018 - Principles of Occupational
Health and Safety Management Systems
MODULE 1: FUNDAMENTALS OF OCCUPATIONAL

HEALTH AND SAFETY MANAGEMENT SYSTEM
1. Learning Outcomes
After completing this module you will be able to:
o Explain the OH&SMS standard
o Define the fundamental concepts and terminology used in OH&SMS
o Summarize the systems involved in OH&SMS
o Explain who is responsible for developing the ISO 45001 standard
o Illustrate the timeline involved in the development of ISO 45001
o Discuss the compatibility of ISO 45001 with other standards
o Describe the timeline involved for migrating to ISO 45001
o List the benefits ISO 45001 can yield to businesses
o Outline the benefits ISO 45001 yields to managers and professionals.
2. Introduction to ISO 45001: 2018 OH&SMS

What is OH&SMS?
INTRODUCTION: An Occupational Health and Safety
Management System (OH&SMS), is a collaborative and systematic
approach to effectively managing occupational health and safety risks.
OH&SMS helps companies to improve their occupational health and
safety performance continually. Moreover OH&SMS provides a
framework for companies to comply with health and safety ordinances,
regulations, state laws and compliance obligations.
GOALS: OH&SMS systems primarily direct organizations in the following ways:

1. Identify occupational health and safety hazards.
2. Examine the risks associated with the identified hazards.
3. Establish controls to minimize the risks.
4. Define goals for health and safety performance.
5. Create a plan to achieve the goals.
6. Monitor performance against the targets and goals.
7. Report performance results.
8. Review OHSMS results and continuously improve.
STANDARDS: National standards used for implementing OH&SMS, before the

introduction of ISO 45001:2018 include:
• BS OHSAS 18001
• ANSI/AIHA Z10
• CSA Z1000
Comparing Standards
BS OHSAS 18001: BS OHSAS 18001 (Occupational Health &

Safety Assessment Series) is a globally recognized British Standard for
occupational health and safety management systems. Its purpose is to
assist different types of organizations who endeavor to perform well in
aspects of occupational health and safety.
Companies worldwide recognize the need to monitor and enhance their health and safety
performance. To do so, they need to implement an occupational health and safety
management system (OH&SMS).
OHSAS 18001 helps companies to develop a healthy and safe working environment, by
providing a framework to achieve the following:
• Determine health and safety risks and minimize them to an acceptable level
• Minimize the likelihood of accidents
• Establish a framework to assess legal compliance
• Improve overall health and safety performance.
ANSI / AIHA Z10: ANSI is the American National Institute standard. The American
Industrial Hygiene Association (AIHA) serves as its Secretariat. The Accredited Standards
Committee, Z10, approved the standard in 1999.
• The standard’s scope is “minimum requirements of occupational health and safety
management systems”.
• The standard’s purpose is “[as a] Management tool to minimize the risk of illnesses, injury
and fatalities in the workplace.”
• The application of the standard includes organizations of all types and sizes, including
contractors.
While making the standard, the Z10 Committee adopted inputs from OSHA, US industry,
ISO Quality and environmental systems and the International Labor Organization.
CSA Z1000-06: The Canadian Standard Association (CSA), published a standard for
Occupational Health and Safety Management Systems in 2006, known as CSA Z1000-6.
This standard lays out the conditions for the creation, enforcement and improvement of a
Health and Safety Management System.
The elements are similar to those outlined in other management systems and include the
following:
• Management Commitment and Participation
• Health and Safety Planning
• Implementation of Controls
• Performance Evaluation
• Management Review
• Continuous Improvement
Other Standards
REQUIREMENTS: The need for a globally recognized standard for
occupational health and safety management systems, has always
been felt. Professionals have had the ISO 9001 - quality management
system and ISO 14001 - environmental management system, since the
early 2000s. However different systems for occupational health and
safety, were being followed in different countries.
Experts claim that the development of the new ISO 45001 OHSMS standard, is well timed,
because it matches the recent publication of the newly revised ISO 9001:2015 (quality
management system) and the ISO 14001:2015 (environmental management system). Both
employ a risk-based structure.
The shared common requirements of the three most widely used international standards,
should empower organizations to incorporate them more easily into their organizational
processes.
OHSAS 18001:2007: OHSAS 18001:2007 has been the most important standard for
occupational health and safety management systems and has been adopted by many
companies, operating in countries other than the UK. Since it has been employed and
observed in multiple organizations, it is important to compare the two standards (OHSAS
18001 and ISO 45001). This will serve as an aid, to help organizations transition.
What are the major differences between OHSAS 18001 and ISO 45001? The primary
difference is that ISO 45001 focuses on the interface of an organization and its business
environment; OHSAS 18001 concentrates on managing OH&S hazards and internal
issues. However, the standards differ in other ways. See below the table for comparison.
TABLE:
History: ISO 45001 was initially created on 25th October

2013. The committee responsible for its development is known
as ISO/PC 283. It is estimated that a minimum of seventy
countries worked on the drafting process of its development.
Planning the standard and the drafting of issues continued until
December 2015. From this period until the first draft of its
development in 2017, it failed to achieve adequate support from
ISO members.
In 2017, a revised second draft was approved and this was made into the final draft. The
standard was published on 12 March 2018.
Plan-Do-Check-Act:
PLAN: The ISO 45001 standard comprises the Plan-Do-Check-Act
(PDCA) model. This model offers a mechanism for organizations to plan
what they require, so as to mitigate the probability of OH&S damages.
The “Plan” part of the model, should reflect concerns relating to health
problems in the long term and absenteeism at work. The measures
used, should address the factors that contribute to accidents at work.
For instance, many workers undergo stress, which is classed as a psycho-social risk.
Stress is considered to be one of the main problems at work in the current economy. Plans
can also include measures to deal with stress management.
DO: The ISO 45001 standard directs top management to "own" the
workplace and the hazards associated with it. Top management must
prove their commitment through leadership, to make sure that
workers have the sufficient skills, knowledge and expertise.
Moreover, top management should put in place effective controls in
the “Do” phase of the PDCA model; these are known as operational
controls. Encouraging workers' participation and advice is necessary,
in order to be able to enforce better occupational health and safety measures.
CHECK: The “Check” part of the PDCA model, lists all of the main constituents that
should be resolved, to make sure that the system is operational. This includes opportunities
for enhancement and improvement in the “Act” phase.
ACT: The “Act” part of the PDCA model is the improvement part of the process and is
referred to, in the standard, as “Continual Improvement”.
It is a recurring activity that needs to be maintained, in order to enhance performance.
Migration and Features

MIGRATION: Companies need to migrate from OHSAS 18001 to ISO
45001. As part of this migration, numerous steps must be followed, in
order to upgrade the existing management system to the new
standard. The following sequence is recommended:
1) Analyze interested parties (i.e. individuals or organizations that can
influence or be influenced by your organization’s activities). Moreover,
analyze internal and external factors that might influence the
organization’s business; then check how the risks can be managed with the help of the
management system.
2) Recognize the scope of the system, while reflecting what your management system is
bound to deliver.
3) Utilize the data and information to: institute the organization’s processes, for risk
evaluation and assessment and to develop the key performance indicators (KPIs) for the
organization’s activities.
Once the organization has resolved the knowledge and tools of OHSAS 18001, the
organization can re-utilize most of what it already has, in the new management system.
Thus, even if the approaches of the two management systems are different, the
fundamental tools are identical.
FEATURES: What is new in ISO 45001, compared with other

Occupational Health and Safety (OHS) standards? How will its
migration influence small and medium-sized enterprises (SMEs)? The
short answer is: a preventive approach is upgraded with risk-based
thinking.
Risk-based thinking, to manage health and safety risks and opportunities in ISO 45001 is
not new, nor does it contradict earlier OHS standards. However, the preventive action of the
management system is upgraded with a risk management approach.
The Focus is the workplace. The standard does not interact with products or product
quality, or how they should be utilized or sustained. The focal point of the ISO 45001
standard is the workplace. There is a requirement to list significant hazards in the
workplace, in order to eradicate or mitigate them.
PROACTIVE: Organizations need to be proactive. In a rapidly

growing and creative world, the requirement is felt for organizations to
be proactive rather than reactive. Organizations should foresee actions,
instead of waiting for regulations and codes of practice to be instituted.
Most organizations are small or medium-sized enterprises and ISO
45001 is applicable to them, just as it is to larger enterprises. The easy-
to-follow risk-oriented approach in ISO 45001 is highly implementable
for SMEs and is well matched with the approaches used in OHSAS 18001.
Certification and Advantages
CERTIFICATION: It is expected that a large number of

organizations will employ ISO 45001 to build an effective occupational
health and safety management system. In addition, significant
numbers of organizations will want to receive the recognition that
comes with having ISO 45001 certification. Certification exhibits to
external parties that an organization has attained compliance with a
particular standard.
The potential dividends of implementing the ISO 45001 OHSMS is enormous, if the
standard is implemented effectively. The standard mandates that Occupational Health and
Safety risks in an organization, be identified and managed. For the risk management
approach to be effective, it is important that the system is continually improved, to surpass
the organization’s ever-changing objectives.
The enforcement of the standard ensures compliance with current legislation. The activities
envisioned by the ISO 45001 standard can help to develop an organization’s reputation as
a “safe place to work”. There are many advantages, ranging from minimizing insurance
costs to elevating workers’ morale, together with the improved ability to meet the
organization’s strategic targets.
ADVANTAGES: How will the new ISO 45001 standard perform for
users of, for example OHSAS 18001? It is expected that users of
OHSMS standards, such as OHSAS 18001 and the ILO-OSH
Guidelines, will easily be able to take up ISO 45001, as it does not
contradict these standards. In addition, ISO 45001 empowers
organizations with the opportunity of incorporating OHSMS into their
integrated business processes.
The advantages of implementing ISO 45001, aside from the fact that it is now the accepted
new international standard by consensus, is that it will naturally integrate with earlier
management approaches, especially in the area of business risks. It will thus act as an
added advantage to SMEs, when opting to have more than one standard.
3. Publication of ISO 45001: 2018
Illness and Injury

GLOBAL: The awaited international standard for occupational
health and safety management systems (OH&SMS), is envisioned to
modify workplace practices globally.
ISO 45001:2018 OH&SMS, offers a vigorous and effective set of
processes, for improving work safety in global supply chains.
The standard is designed to help organizations and industries of all
sizes. It is also expected to reduce workplace injuries and illnesses globally.
STATISTICS: The International Labor Organization (ILO) calculated

workplace injuries and fatalities in 2017. According to the ILO data,
2.78 million fatal accidents happen at workplaces annually. In other
words, seven thousand, seven hundred people die each day because
of work-related illness and injury.
Moreover, there are approx. 374 million incidents of non-fatal, work-
related illness and damage each year. Most of these incidents cause
loss-of-time injuries, meaning absenteeism from work. These facts are a sober reflection of
the contemporary reality of workplace damage and illness. Moreover, people and
businesses run the risk of experiencing illness and damage, as a consequence of merely
doing their job to earn a living.
Global Solution
SOLUTION: Is ISO 45001 the answer to the problem of occupation

health and safety performance globally? ISO 45001 is expected to
change the situation by empowering companies to perform better. It
offers legislative and regulatory bodies, industry and other interested
parties, practical management solutions for ensuring worker safety
across all industries.
The recognized ISO standardization framework can be utilized to promote better health and
safety conditions. Moreover, it is a practical solution for original equipment manufacturers,
contractual partners and production houses. This management system can assist everyone
to achieve a safer workplace, irrespective of their nationality and regional dynamics.
INTERNATIONAL: What makes ISO45001 internationally important?
International experts and writers worked together to produce the
standard. It is the result of a close collaboration from contributors from
more than seventy nation states.
As discussed, the ISO 45001 OH&SMS has been produced by the ISO
committee ISO/PC 283. Also, the British Standards Institution (BSI)
served as the committee’s secretariat for the development of the
standard.
SUITABILITY: Why is ISO 45001 better than OHSAS 18001? ISO 45001 was developed
in collaboration with other ISO management systems.
Developers tried to ensure it is an easy-to-use framework, compatible with the latest
versions of the ISO 9001 QMS and the ISO 14001 EMS. Companies who have already
implemented other ISO standards, will find it easy to implement ISO 45001.
Substituting OHSAS 18001

SUBSTITUTION: ISO 45001 works as a substitute for OHSAS 18001, the world’s most
widely used reference for occupational health and safety standards.
Companies already compliant with and certified by OHSAS 18001, will have a 3
year migration period to comply with the new ISO 45001 standard. However, certification is
not a requirement of the ISO 45001 standard.
GAP ANALYSIS: If your organization is currently using the OHSAS 18001 standard,
migrating to ISO 45001:2018 is a beneficial solution, as multiple clause
requirements of ISO 45001:2018 are equivalent or analogous. Note
however, that clauses may utilize different terminology or be arranged
in a different order.
Guide to existing OHSAS 18001 users:
• Get a copy of the standard from the ISO Store at: www.iso.org/iso/iso45001 or from your
national ISO representative.
• Examine the changes in the standard, or use the comparative matrix in this course as a
free resource.
• Conduct a 'gaps analysis' between ISO 45001 and your current OHSAS 18001 system.
• Apply the necessary actions to fill any identified gaps.
Employee Participation
CLAUSES: The internal and external issues of organizations need to
be addressed, in a business context analysis perspective, with
occupational health and safety in mind, as per Clause 4.1 of the ISO
45001:2018 standard. This mandates the company to recognize
systematically and study the various issues which effect their business operations, as well
as the management system.
Clause 4.2 focuses on the need for organizations to address workers’ needs and
expectations, as well as the needs and expectations of other effected parties, in the matter
of workplace health and safety. The company is required to address these issues through a
verifiable occupational health and safety management system. Clause 4.3 relates to scope.
Unlike in OHSAS 18001, scope should only be defined when clauses 4.1 and 4.2 have
been adequately addressed.
RESPONSIBILITY: Similar to ISO 9001 and ISO 14001, there is a

high stress in ISO 45001:2018, on the responsibility top management
has, to enforce consultation with and participation from workers, as
per clause 5.2. In addition, top management must encourage workplace
safety and employee health and monitor health and safety performance,
ensuring the effectiveness of the OHSMS.
Organizational leadership is accountable for developing health and safety policy. Moreover,
policy should be agreed with the organization's labor union representatives and health and
safety personnel, where applicable. As per clause 5.3 of the standard, all roles,
responsibilities and authorities must be properly defined, communicated and documented.
However, the accountability of top management for the overall OHSMS system cannot be
delegated.
PARTICIPATION: Clause 5.4 of the ISO 45001:2018 OH&SMS, is a

much improved clause, compared with OHSAS 18001. It documents
information related to assisting the participation, involvement and
communication of all workers, at every level in an organization, with the
occupational health and safety management system.
Many organizations do not have a management representative or a
health and safety representative. If there is no union representative in an
organization, the ISO 45001:2018 OH&SMS standard will not mandate this on companies.
However top management must ensure worker participation and consultation by other
means.
Additions and Improvements

DOCUMENTATION: Clause 6.2 of ISO 45001:2018, deals with incentives for
organizational improvement and performance evaluation (see also clause 9.1.1). Clauses
7.1 to 7.5, deal with various organizational support functions, including the availability of
resources, the competency of workers to perform work safely, health and safety awareness
of workers, visitors and contractors, health and safety communication and the requirements
for documenting information.
Important points relating to support requirements:
• Communications are evaluated for their effectiveness.

• Employee awareness includes: policies, hazardous risks, employees/contractor’s role in
health and safety performance (e.g. the awareness to remove oneself from ‘serious
danger’).
• The documentation of information is similar to ISO 9001 and ISO 14001. This
encompasses how an organization creates, maintains and retains information that is
compulsory for the OH&SMS.
PROVISIONS: Clauses 8.1 to 8.2, deal with organizational operations, preparedness

planning, identifying risk and hazards, controls and emergency
situations. Risks and hazards should be addressed by implementing a
hierarchy of controls. The management of change and operational
modifications, is described in clause 8.1.3. This includes managing
instruments, circumstances, employees, obligations, legal issues and
compliance.
What would be the impact to your organizational reputation, if one of your suppliers or
contractors was involved in a major occupational health and safety incident? ISO 45001
requires organizations to analyze risks associated with an organization’s reputation.
Procurement and outsourcing are covered in the new standard, whereby it is required to
scrutinize purchased goods and services, in relation to health and safety requirements. In
addition, there is an improved requirement relating to the health and safety of contractors,
regarding the requirement to ensure a safe and healthy work environment.
ADDITIONS: ISO 45001:2018, Clause 9, includes enhanced and extended evaluation of

performance, compared with the British OHSAS 18001 standard:
• Compliance evaluation has been extended to incorporate the means and regularity of
evaluation; the organization is required to maintain knowledge and awareness of the
organization's compliance.
• Internal audit results need to be discussed with workers.
• The management review clause has improved the inputs and requirements of OHSAS
18001. It has added risks and opportunities, improvements, communications, management
system effectiveness and the issues of interested parties.
Risk and Prevention
PREVENTION: ISO 45001:2018 Clause 10, removes the linguistic reference to

‘preventive’ action, as it is already covered in the risk management phase. Organizations
have to deal with incidents, correct the problem, investigate the root cause and take
corrective action. The corrective action is then evaluated to check its effectiveness.
The organization is required to show that it has implemented the values of risk
management and continual improvement through: root cause investigation, in-depth
analysis, modified risk analysis and required operations. Organizations must be able to
prove that they are using the outputs from performance analysis and evaluation, to
recognize and resolve gaps and opportunities.
RISKS & OPPURTUNITIES: In clauses 6.1.1, 6.1.2.3 and 6.1.4, organizations need
to identify significant risks and opportunities concerned with the factors of the organization’s
context, as referenced in clauses 4.1 and 4.2.
These risks and opportunities need to be identified and considered and action needs to be
taken to optimize performance. Risk management concerns not just hazards, but also
internal and external issues and the needs and expectations of interested parties.
All these factors together influence the capability of the management system to yield its
intended results i.e. improved health and safety performance at work.
4. Important Terminology in ISO 45001:2018
Workers & Interested Parties
INTERESTED PARTY: Interested Party - This term is defined as a “person or

organization that can affect, be affected by, or perceive to be affected by a [organization's]
decision or activity.”
Interested party is an important inclusion in the ISO 45001:2018 standard. It was not
considered as much in OHSAS 18001:2007. The term is defined in clause 3.2. It is also
referred to as "stakeholder" in the standard.
Examples of Interested parties regarding occupational health and safety management
systems are: employees, management and shareholders, external parties, contractors and
service providers, manufacturing partners, government and legislative bodies, pressure
groups, neighbors, trade unions, company insurers. See the illustration on the following tab.
ILLUSTRATION
WORKERS: Worker - The ISO 45001 standard defines the term
“worker” (clause 3.3), as a “person performing work or work-related
activities, that are under the control of the organization”.
The concept of 'worker' in the standard, is different to that which is
perceived in certain industries. The term worker, in the standard, includes
top management, managerial and non-managerial staff.
This term incorporates the following:
1. Workers from external providers
2. Contractors
3. Individuals
4. Agency workers
5. Other persons involved in work-related activities
Consultation and Participation
CONSULTATION: Consultation is defined in clause 3.5 of the

ISO 45001 standard as “Seeking views before making a decision”.
Consultation includes engaging with health and safety committees and
workers’ representatives in the decision-making process and the
consideration of workers’ views. See the illustration on the next tab.
It is related to the terminology of participation, but is limited to obtaining
the views of workers, before making decisions. It is not necessary that
workers' views become the major factor in the decision-making process; however, they
should have merit. In the participation part of the standard, workers are an integral part of
the decision-making process.
Consultation is also a style of management - a consultative style of management, in which
there is less liberty and involvement of stakeholders, compared to a democratic style.
However, the consultative style offers more liberty than the autocratic style of management,
in which top management directs what is to be done, without consulting others. A
consultative style of management is considered a more "balanced approach" by many
experts, compared with the autocratic and democratic styles of management.
ILLUSTRATION A.
PARTICIPATION: Participation is a term defined in clause 3.4 of the ISO 45001
standard, as “involvement in decision making”, regarding the occupational health and safety
management system. It includes the involvement of health and safety committees and
workers’ representatives, or by other parties in the organization.
The involvement of workers and staff in decisions, is part of the ownership of the health and
safety management system. Participation is different from consultation. In the former,
workers are part of the decision-making process; in the latter workers' views are welcomed
and considered but are not necessarily a deciding factor. In consultation, management
considers workers' views on the basis of their merit.
Participation is a democratic style of management, where opinions are directly involved in
the decision-making process. This means a more empowered role for workers in the
management system, giving workers an increased level of ownership and involvement. See
the illustration on the next tab.
ILLUSTRATION B.
Contractors and Contracts
CONTRACTORS: ISO 45001:2018 defines contractor in clause

3.7 as “[an] external organization providing services in accordance with
agreed specifications, terms and conditions”. The standard further says
that services also include activities related to construction. A contractor is
also an interested party in the organization’s management system.
There are two types of 'organizational circles', with regard to an
organization's control over contractors - a 'circle of control' and a 'circle of influence'. In a
circle of control, all contractors’ work is the responsibility of the organization. In a circle of
influence, the organization influences contractors to work safely and according to certain
protocols.
CONTRACTS: A contractor working at the premises of an organization,
has to follow all health and safety related operational controls, as
developed by the organization. However, a contractor doing work outside
an organization's premises, will be influenced to take certain measures, in
order to control the health and safety levels at another location.
The selection process for contractors, should consider their health and
safety performance record, in addition to the quality of services they provide. It is also
pertinent that the terms relating to an organization's health and safety management system,
should be incorporated into the terms and conditions of the contract made with contractors.
This will create a contractual binding for compliance.
Hazards and the Workplace
WORKPLACE: Workplace is defined in the ISO 45001:2018 standard as “[a] place

under the control of the organization, where a person needs to be, or to
go, for work purposes.”
Workplace is a physical entity with a defined periphery. Large
organizations with large workplaces, usually employ area managers who
have responsibility for certain areas. The scope of an organization's
occupational health and safety management system, is validated by site
visits to the workplace.
The organization's responsibility for the workplace, is dependent on the level of control that
the organization has. If the management area of an organization has direct control, then the
workplace is under the control of the organization. If the workplace is at a contractor's
premises, then the organization can influence the workplace, but it cannot control it.
HIRA: ISO 45001 defines the term hazard, as a “source with a

potential to cause injury and ill health”. Hazards can include sources with
the potential to cause harm, or hazardous situations.
They can also include circumstances that have the potential of exposure,
leading to injury and ill health. Hazards exist, due to unsafe work
conditions and unsafe work practices.
Unsafe conditions pose a direct source of potential harm. An unsafe act also creates a
situation where injury or damage is possible. ISO 45001 mandates that organizations carry
out hazard identification and risk analysis of the workplace. Together, the process is known
as hazard identification and risk assessment (HIRA).
Health, Injury and Objectives

HEALTH & INJURY: ISO 45001 defines injury and ill health as
“adverse effect on the physical, mental or cognitive condition of a person”.
These adverse effects include occupational disease, illness and death.
When we say occupational disease or occupational illness, it means that
the illness or disease is related to, or a consequence of work-related activity.
The term “injury and ill health”, implies the presence of injury or ill health, either separately
or in combination. The occupational health and safety management system's main focus, is
to prevent injury and ill health at work. Recording incidents of injury and ill health at work, is
part of the performance monitoring criteria of the OH&SMS. Successful organizations aim
to achieve zero occupational injury and ill health at work, as their primary OH&S objective.
OBJECTIVES: ISO 45001 defines the term OH&S objective as “set

by the organization to achieve specific results consistent with the OH&S
policy”. It means that the targets are set in the form of objectives and that
the objectives are consistent with the policies of the occupational health
and safety management system.
SMART: Objectives are made so that specific results can be obtained

from the activities that are taken to achieve them. Objectives are usually based on
the S.M.A.R.T concept, i.e. specific, measurable, achievable, realistic and time bound. See
the illustration on the next tab.
If objectives are made using SMART principles, it is likely that an organization will achieve
its targets. Also, it will be easier for people to follow the procedures and to complete
activities that are defined in the objectives. Examples of OH&S objectives include: zero
accidents, reduction in loss-of-time injuries, increase in safe working hours, decrease in the
number of reports of unsafe acts and unsafe conditions.
ILLUSTRATION:
Risk and Uncertainty
RISK: ISO 45001 defines the term risk as “the effect of uncertainty”. The standard further
explains that the effect is a deviation from the expected. This effect can
be positive or negative. Uncertainty is a state of deficiency of
information relating to the understanding or knowledge of an event, its
consequences, or its likelihood. Risk is often characterized by
reference to potential “events” and “consequences”, or a combination of
these.
Risk is often expressed in terms of a combination of the severity and consequences of an
event (including changes in realities) and likelihood or occurrence. Therefore, risk is
commonly a multiple of severity and occurrence (Risk = Severity x Occurrence). The joint
terminology of “risks and opportunities” is used in ISO 45001. See the illustration on the
next tab.
ILLUSTRATION:
OH&S RISKS: ISO 45001 defines Occupational Health and Safety

(OH&S) Risk, as the “combination of the likelihood of occurrence of a
work-related hazardous event(s) or exposure(s) and the severity of
injury and ill health, that can be caused by the event(s) or exposure(s)”.
This means OH&S risk is a risk related to hazards in the workplace, as
opposed to business and financial risks. The standard specifically
defines OH&S risks as the combination of probability of occurrence and
the severity of the hazard.
Occurrence is the frequency of the event that is expected. Severity is the impact of the
hazard when or if it occurs. Severity, from an OH&S perspective, can be fatal, a disability, a
first aid case, or a near miss. Organizations must bear the financial and reputational losses
resulting from incidents where they have to compensate workers for loss.
Incidents and Accidents
ISO 45001 defines the term incident as “occurrence arising out of, or in the course of,
work that could or does result in injury and ill health”. Examples of incidents are accidents
and near-miss reports. An incident where injury or ill health occurs is referred to as
an accident.
Within accidents there are: fatalities, disabilities, asset damage, first aid cases and injuries
etc. An incident where no injury or ill health occurs, can be referred to as a “near-miss”,
“near-hit” or “close call”. Although there may be nonconformity related to an incident,
incidents can occur where there is no nonconformity.
5. Fundamentals of occupational health & safety

Management System – Lesson Summary
Module 1 Summary
• Occupational Health and Safety Management Systems help companies to improve their occupational
health and safety performance continually.
• Some of the national standards for implementing OH&SMS systems, prior to ISO
45001:2018 have been: BS OHSAS 18001; ANSI/AIHA Z10 and CSA Z1000.
• The BS OHSAS 18001, Occupational Health & Safety Assessment Series, is a globally
recognized British Standard for occupational health and safety management systems.
• ANSI stands for the American National Standards Institute. The Accredited Standards
Committee “Z10” approved the standard in 1999.
• The Canadian Standards Association (CSA), published a standard for Occupational Health
and Safety Management Systems, in 2006, known as CSA Z1000-6.
• The ISO 45001 standard matches closely with the newly revised ISO 9001:2015 quality
management system and the ISO 14001:2015 environmental management system. Both
similarly employ a risk-based structure.
• The committee responsible for the development of the ISO 45001 standard is known as
ISO/PC 283.
• Experts from approximately seventy countries, collaborated on the drafting of ISO 45001.
• The British Standards Institution (BSI), served as the committee’s secretariat for the
development of ISO 45001.
• ISO 45001 incorporates a Plan-Do-Check-Act (PDCA) model. This is a mechanism for
organizations to plan what they require, in order to mitigate the probability of OH&S
damages.
• Companies need to migrate from OHSAS 18001 to ISO 45001 within three years after
publication of ISO 45001 (March 2018).
• Brief comparison between the ISO 45001 and OHSAS 18001 standards: ISO 45001 uses a
process-based approach > OHSAS 18001 uses a procedure-based approach; ISO
45001 uses a risk-based approach > OHSAS 18001 uses a preventive approach; ISO
45001 incorporates both risks and opportunities > OHSAS 18001 considers risk only;
ISO 45001 incorporates the views of interested parties > OHSAS 18001 does not
include the views of interested parties.
• In a rapidly growing and creative world, the requirement is felt for organizations to be
proactive in the area of occupational health and safety management, rather than reactive.
ISO 45001 provides such a framework.
• Most organizations are small to medium-sized enterprises. ISO 45001 is applicable to
those, as well as to larger enterprises.
• Most organizations will benefit from ISO 45001 and significant numbers will welcome the
recognition that comes with ISO 45001 certification.
• The users of existing OH&SMS, such as OHSAS 18001 and the ILO-OSH Guidelines, will
easily be able to implement ISO 45001, as it does not contradict these standards.
• The ISO 45001:2018 OH&SMS, offers a vigorous set of processes for improving workplace
safety in the area of global supply chains.
• The new ISO 45001:2018 international standard, when implemented, is expected to reduce
workplace injuries and illness significantly around the world.
• According to ILO statistics (2017), 2.78 million fatal accidents occur in the workplace each
year. In addition, there are approx. 374 million non-deadly incidents of work-related damage
and illness each year. Most of these incidents involve loss-of-time injuries, meaning
absenteeism from work, loss of productivity and loss of revenue.
• According to the ISO 45001:2018 standard, the ultimate accountability of top management
for the OH&SMS cannot be delegated.
• The support functions listed in clauses 7.1 to 7.5 of ISO 45001:2018, include: availability of
sufficient resources; competency of workers to perform work safely, the necessary
awareness of workers, visitors and contractors regarding occupational health and safety;
sufficient communication; documentation of information.
• Clauses 8.1 to 8.2, deal with operational planning and controls; emergency situations;
cases of failure and the development of preparedness plans by organizations.
• Clause 9 in ISO 45001, deals with performance evaluation, similar to that contained in the
British standard OHSAS 18001.
• The linguistic reference to ‘preventive’ action in OHSAS 18001, has been removed from
clause 10 in ISO 45001, as it is already considered in the risk management phase.
• Risk should not only be managed for hazards, but also for internal and external issues,
including the needs and expectations of 'interested parties'.
MODULE 2: REQUIREMENTS OF AN OCCUPATIONAL

HEALTH AND SAFETY MANAGEMENT SYSTEM
After completing this module, you will be able to:
• List the expectations top management has in a OH&SMS.
• Describe how best to manage health and safety risks.
• Explain how support functions affect an organization's performance.
• Define what operational controls are.
• Summarize how organizations enforce operational controls.
• Discuss what an emergency response is and how organizations are required to plan for
emergency situations.
2. Leadership and Organizational Context
Leadership Roles and Responsibilities
LEADERSHIP A. What is a leadership role and how is it mandated

in the ISO 45001:2018 standard?
Top management must ensure leadership roles and exhibit
commitment towards the OH&SMS by:
a) Owning responsibility and accountability for avoiding work-based
injuries and illness; provide a safe and healthy work environment
and processes.
b) Making sure that the OH&S policy objectives are identified and relate to the strategy of
the company.
c) Making sure the OH&SMS integrates into the business processes of the organization.
d) Ensuring the availability of the resources required to develop, apply, sustain and
enhance the OH&SMS.
e) Communicating the significance of the implementation of the OH&SMS and compliance
to the standard.
f) Ensuring the OH&SMS attains its intended results.
LEADERSHIP B.
g) Guiding and empowering workers to play their role in the sustenance of the OH&SMS.
h) Ensuring and encouraging continuous improvement.
I) Empowering other management to prove their leadership in the areas they lead.
j) Establishing, leading and encouraging an organizational culture that assists the desired
results of the OH&SMS to succeed.
k) Safeguarding workers from retaliation or reprisals, when it comes to reporting accidents,
unsafe conditions, hazards, risks and areas for improvement.
l) Ensuring that the organization develops and applies processes for discussion and the
participation of workers.
m) Empowering the development and operation of health and safety committees.
OH&SMS Participation
OH&SMS POLICY: Who is responsible for establishing,

implementing and maintaining the OH&SMS policy?
Top management i.e. the leadership of the organization must develop,
apply and sustain this policy, which should have the following elements:
a) A commitment to offer a safe and healthy working environment. The
commitment should ensure that work-based accidents and illnesses are
avoided. The policy should be relevant to the objectives, size and business context of the
organization and the nature of the particular health and safety risks that exist.
b) A framework for setting out the health and safety objectives.
c) A commitment to meet legal and other requirements.
d) A commitment to eliminate hazards and reduce risks.
e) A commitment to the continuous improvement of the OH&SMS.
f) A commitment to consultation and participation. The policy should encourage discussion
and the involvement of workers/bodies representing workers and managers.
COMPONENTS The organization's health and safety management

policy should ensure the following:
• The policy must be controlled and documented.
• It must be communicated throughout all levels of the organization.
• It should be suitable, applicable and available to all interested parties.
REPRESENTATION Worker representation in the OH&SMS

steering committee, can be a source of participation and consultation for
workers.
Hurdles and barriers to staff participation can involve the inability to
address inputs and opinions, language barriers and dangers of
retaliation or reprisals for "speaking up".
TRAINING: Delivering training to staff, can break major barriers to
worker participation. The participation of non-managerial employees
can involve the following:
1. Identifying hazards and assessing risks and opportunities.

2. Identifying the procedures for consultation and participation.
3. Identify actions that can eliminate hazards and reduce health and safety risks.
4. Identify training and competence requirements and evaluate training.
5. Identify communications issues and methods.
6. Investigate incidents and non-conformities.
7. Identify control measures and their effective applications.
Internal and External Factors
BUSINESS CONEXT: The business context for the OH&SMS (ISO

45001:2018, clause 4.1) involves the following:
• Understanding the company and its business context.
• Management must identify internal and external issues that are
applicable to the OH&SMS.
• Highlight issues that have affected, or may affect, the organization's
ability to successfully implement the OH&SMS.
INTERNAL ISSUES: Collaboration between businesses has

developed in the last two decades, with the advancement of the internet
and business without borders. Health and safety concerns have
developed too and management has more wider-reaching issues to
consider, when planning an OH&SMS. Some internal issues include:
• The competence and diversity of the organization’s workforce.
• The commitment of workers regarding health and safety regulations.
• The readiness to collaborate with declared specifications.
• The organization’s communication channels and their significance.
EXTERNAL FACTORS / ISSUES: External factors are issues that

are outside an organization, but that influence its business and operations.
Some of these are summarized below:
- Legislation and regional laws.
- Economic and political situation.
- Union rules.
- National and international agencies.
Documenting the business context, for auditors and other stakeholders, with respect to
external parameters, is recommended.
Compliance and Interests
COMPLIANCE: Compliance with applicable H&S laws and

regulations, protects businesses from legal and other financial
penalties.
Moreover, the well-being of an organization’s workers is the first and
foremost objective. Making sure operations are safe, improves the
quality of goods and services that can be provided.
The latest discoveries and research with regard to contemporary illness, e.g. recurring
stress, strains and depression, demonstrates that adhering to OH&S legislation improves
performance.
INVOLVEMENT: It's important to involve the viewpoints

of interested parties when formulating an OH&SMS. Some common
interested parties include:
• Employees/workers
• Management and shareholders - they are also connected to strategic
business decisions
• External providers, contractors and vendors
• Manufacturing and business partners
• Government, regulatory and legislative bodies – in many cases these have authority over
organizations
• Pressure groups, neighbors, trade unions – especially in the case of e.g. nuclear
power/chemical/hazardous facilities
• An organization’s insurers - an OH&SMS may significantly affect premiums.
3. Managing Risk: Opportunities and Support Functions
Risks and Hazards
ANALYSIS: When planning the OH&SMS, management must

consider the issues and requirements from a business context, i.e.
internal and external factors and those of interested parties. This
constitutes the scope of the OH&SMS.
Through the planning processes, management must identify and
examine the risks and opportunities associated with the OH&SMS
and the structural changes involved. Management must document the information
concerning the processes and measures needed to identify and address the risks and
opportunities involved. A long- and short-term risk and opportunities assessment must be
undertaken, before change is applied.
HAZARDS: Hazard identification is referred to in clause 6.1. Top

management, or its delegated personnel, must develop, apply and carry
out pre-emptive and ongoing processes for hazard identification.
These processes must take into account how work is managed,
considering the following factors:
Workload; Work hours; Victimization; Harassment and bullying; Leadership and culture.
IDENTIFICATION: Hazard identification processes must also take

into account hazards that arise from routine and non-routine
activities, including the following:
• Infrastructure, machinery, supplies, physical job areas
• Design of services and products, manufacturing, assembly, erection,
service distribution, maintenance, product and waste disposal
• Work methodology
Hazard Identification and Assessment
PERSONNEL: Hazard identification and the assessment of risks and

opportunities, involves personnel in the workplace, including:
• Those with the right of entry to the workplace (employees, third-party
workers, guests)
• Those in the locality of the work area, who are affected by the work.
• Employees in an area that is not under the direct administration of the
company.
OTHER FACTORS: Hazard identification and the assessment of

risks and opportunities, involves other factors in the workplace,
including:
• The layout of work areas, practices, installations, heavy machinery,
standard operating procedures and job management
• Changes with the needs and capabilities of employees.
• Changed conditions in the workplace, as a result of work-related
Activities.
• Conditions (not controlled by management) in work areas, that can result in illness or
injury to individuals.
• Actual or intended changes in organogram, jobs, processes, proceedings or the health
and safety management system.
• Information and knowledge relating to any changes concerning hazards.
ASSESSMENT:
Assessment of health and safety risks (Clause 6.1.2.2).
Management must develop, apply and carry out processes for the
following:
(a) Assess the health and safety risks from a list of hazards, while considering the
effectiveness of current controls;
(b) Identify and assess other risks related to the establishment, application, operation and
maintenance of the overall OH&SMS.
The management’s procedures and criteria for the assessment of health and safety risks,
must be defined, to ensure they are preemptive rather than responsive and that they are
utilized in a systematic way. Documented information must be developed and retained on
the assessment principles and methodology.
Processes, Actions and the Law

PROCESSES:
Assessment of health and safety opportunities (6.1.2.3)
Management must develop, apply and carry out processes for the following:
(a) Health and safety opportunities to enhance health and safety performance, changes to
management, policies, processes or activities.
(b) Opportunities to upgrade work, management and the work environment for employees.
(c) Opportunities to eliminate hazards and reduce health and safety risks.
(d) Opportunities for improving the OH&SMS.
LEGAL:
Legal and other requirements (6.1.3)
Management must develop, apply and carry out processes for the following:
A. Identify and subscribe to the latest legal and other requirements that are relevant to
hazards, risks and health and the OH&SMS.
B. Identify how legal and other requirements apply to management and which requirements
need to be communicated to staff.
C. Take legal and other requirements into account when developing, applying and
improving the OH&SMS.
D. Retain documented information on legal and other issues and ensure it is upgraded to
incorporate any relevant changes.
ACTIONS:
Management must plan actions relating to the following:
1) Risks and opportunities.

2) Legal and other requirements.
3) Prepare for and react to emergency situation.
4) Integrate and apply relevant counter measures to hazards and risks, through the
OH&SMS.
5) Assess the effectiveness of the counter measures and action plans taken.
Management must take into consideration the "hierarchy of controls" (clause 8.1.2) and
results from the health and safety management system, when deciding on new actions.
When planning actions, management must take into account best practice, technological
alternatives and economical, functional and business needs.
Objectives and Planning
OBJECTIVES:
Health and Safety objectives (Clause 6.2.1)
Management must develop health and safety objectives at appropriate functions and levels,
to carry out and continually improve the OH&SMS and OH&S performance (clause 10.3).
Health and safety objectives must:

(a) Be consistent with the health and safety policy.
(b) Be quantifiable (if possible) and available for evaluation.
Health and safety objectives must take into consideration the following:
(c) Relevant requirements.
(d) The outcomes resulting from the assessment of risks and opportunities.
(e) The results of consultation with employees or employees’ representatives where they
Exist.
(f) Checks, communications and upgrades.
PLANNING:
Planning to attain health and safety objectives (Clause 6.2.2)
When planning how to attain organizational health and safety objectives,
management must address the following questions:
A. What needs to be worked on?
B. What resources will be needed?
C. Who will be delegated?
D. When it will be finished?
E. How will the outcomes be assessed (including pointers for monitoring)?
F. How will the measures needed to attain health and safety objectives, be assimilated into
business processes?
Management must produce and retain documented information on health and safety
objectives and the plans to achieve them.
Duties of Management
COMPETENCE:
Support Functions - Organizational Resources (Clause 7.1)
Management must recognize and render the resources required for the establishment,
application, maintenance and continual enhancement of the OH&SMS.
Competence (Clause 7.2)

To achieve mandatory employee competence, management must perform the following:
1. Identify the influence of employee competence on health and safety performance

2. Ensure that employees are competent (including the capability to recognize hazards)
with help of education, experience and training
3. Take the necessary actions to achieve mandatory employee competence and be able to
evaluate the effectiveness of these measures
4. Retain documented information on proof of employee competence
NOTE: Relevant actions can involve the delivery of training, mentoring, the re-allocation of
presently employed persons and the hiring or outsourcing of competent persons.
AWARENESS:
Awareness (Clause 7.3)
Employees must be made aware of the following:
- Health and safety policies and objectives
- The effectiveness and benefits of the OH&SMS
- The implications and potential outcomes of not conforming to OH&S requirements
- H&S incidents and the results of investigations
- Their ability to leave work situations when there is a grave danger to their life or health
OBLIGATIONS:
Communication (Clause 7.4)
Management must develop, apply and carry out the processes required for the internal and
external communications applicable to the OH&SMS, together with identifying the following:
• The appropriate subjects of communication
• The appropriate timing
• The appropriate recipients (including contractors and visitors to the workplace)

• The appropriate methodology of communication
The standard stipulates that management must take into account the "diversity" of the
audience when considering its communications. Diversity includes: • Gender • Language •
Culture • Literacy • Disability
Management must ensure that the opinions of external interested parties are considered,
when developing the communications process. In addition, management must:
• React to appropriate communications regarding its OH&SMS

• Keep documentation, as proof of its communications
Documentation and Control
DOCUMENTED INFORMATION:
The level of documented information required (Clause 7.5) in an OH&SMS, varies from
one organization to another. This is due mainly to the types of products and services it
provides and the requirement to show legal and other compliance.
Documentation (Clause 7.5.2) should normally include the following:

1) Identification and description
2) Title, Date and Author
3) Reference Number
4) Language and format
5) Graphics and media
6) Software Version
CONTROL OF DOCUMENTED INFORMATION:

Documentation needs to be sufficiently controlled (clause 7.5.3), to
ensure:
- It is accessible and relevant for utilization where and when it is needed.
- It is sufficiently protected from loss of confidentiality and improper use.
- The availability of sharing, right to use and retrieval.
- It is conserved and stored properly.
- Version and revision control.
4. Operational Controls and Emergency Responses

Process, Controls and Changes
PROCESS: Management must plan, apply, control and carry out

the processes needed to meet the requirements of the OH&SMS.
Applying actions is identified in Clause 6 and involves the following:
• Developing the criteria for processes.
• Applying the control of processes, in accordance with the criteria.
• Producing and retaining documented information, so that interested parties and observers
can have confidence that the processes have been carried out.
• Adapting work to employees.
• At multi-employer workplaces, management must coordinate the OH&SMS with other
Managers.
CONTROL MEASURES: Management must develop, apply and

carry out processes for the eradication of hazards and the minimization
of health and safety risks (Clause 8.1.1), by utilizing the
following hierarchy of controls:
(a) Remove or eliminate the hazard.
(b) Substitute or replace health and safety hazards and risks, with less
hazardous operations, processes, supplies or machinery.
(c) Use engineering controls and the management of work.
(d) Use administrative controls, such as training and visual controls.
(e) Use adequate protective equipment for employees.
CHANGES: Management must develop a process or processes, for the application and
control of intended short term and long-term changes that impact on health and safety
performance. This includes:
• Modifications to old products and services, work sites and the neighborhood
• Labor force and machinery
• Legal and other requirements
• Modifications in knowledge and facts about hazards and health and safety risks
• Upgrades of technology and related knowledge
Management must analyze the outcomes of unplanned changes and take measures to
decrease the impact of adverse effects.
Outsourcing and Emergencies
CONTRACTORS: Management must develop, apply and carry out

processes to control the acquisition of products and services
(Purchasing Controls - Clause 8.1.4), to ensure compliance with the
OH&SMS.
Management must organize the procurement process with contractors
(Clause 8.1.4.2), list hazards and analyze health and safety risks arising from:
• Contractor activity that influences the workplace
• Activities and functions that affect the contractors’ employees
The contractor's work and functions at a site, have an influence on the interested parties in
that area. Management must ensure that the needs of its health and safety management
system are fulfilled by contractors and their employees.
OUTSOURCING: Management must ensure that subcontracted jobs and processes

are managed. They must also ensure that outsourcing preparations are made in
accordance with legal and other requirements. The processes involved and the extent of
control, must be explained in the OH&SMS.
EMERGENCIES: Management must develop, apply and carry out the

processes required to prepare for emergency conditions, including the
following:
1. Develop readiness and planned reactions to emergency conditions,
together with the prompt delivery of first aid
2. Offer training for the planned responses
3. Test emergency procedures regularly
4. Send and offer suitable information to all employees during such events
5. Assess performance
Appropriate information must be sent to visitors, contractors, emergency response units,
government authorities and the community during such events. Moreover, all interested
parties must be involved in the design and fulfillment of emergency planned responses. As
usual, management must produce and retain documented information on the processes
involved.
5. Requirements of an Occupational Health and Safety
Management System - Lesson Summary
Module Two Summary
▪ An organization's policy should include a commitment to providing a safe and healthy
working environment and a commitment towards continual improvement of its occupational
health and safety management system (OH&SMS).
▪ Management must identify all "interested parties" in the system, together with employees.
Interacting with the organization’s workers, contractual partners and shareholders is an
important part of maintaining a list of all interested parties. If a business has a high accident
rate, insurance premiums will rise. Insurers are therefore an "interested party".
▪ The competence of an organization’s workforce is an internal issue and is relevant to

effective health and safety management.
▪ External factors are outside an organization's direct control. However, they influence an
organization’s business and operations and consequently its OH&SMS.
▪ The latest discoveries and research into contemporary illness in the workplace highlights:
recurring stress, strains and depression (mental health). It finds that legislation must be
upgraded and business contexts need to be fully documented, if organizations are to truly
alter their health and safety systems to function effectively.
▪ 'Scope' refers to the boundaries and applicability of an organization's OH&SMS.

▪ Management must take into account the "diversity" of its interested parties, when
formulating its health and safety communications strategy. Diversity, according to the ISO
45001:2018 standard includes: Gender, Language, Culture, Literacy and Disability.
▪ Employees must be made aware of the organization's health and safety policy and its
health and safety management objectives.
▪ Management must react to appropriate communications regarding its health and safety
management system.
▪ The documented information relevant to the OH&SMS, should include the following
components: Identification and description; Format, language and reference number; Title,
date and author; Software version (if relevant); References to media and graphics used.
▪ Documented information should be protected from: Loss of confidentiality; Improper use

and Loss of integrity (damage).
▪ Management must develop, apply and carry out processes for the eradication of hazards
and the minimization of health and safety risks, using the following 'hierarchy of controls':
(a) Remove or eliminate the hazard; (b) Substitute or replace hazards and risks with less
hazardous operations, processes, supplies and machinery; (c) Use engineering controls
and management of work; (d) Use administrative controls such as training and visual
controls; (e) Use adequate personal protective equipment.
▪ Where short or long term changes are applicable to work practices, a risk and opportunities
assessment should be undertaken before the change is applied.
▪ Only top management or its delegated personnel should develop, apply and carry out the
processes for hazard identification.
▪ Legal and other requirements relevant to health and safety, constitute risks and
opportunities for an organization, which management must address.
▪ Management must develop, apply and carry out processes to assess occupational health
and safety opportunities, in order to enhance occupational health and safety performance in
an organization.
▪ Management must develop occupational health and safety objectives relevant to different
work functions and levels.
▪ Management must identify and provide the resources needed for the establishment,
application, maintenance and continual enhancement of the OH&SMS.
▪ Management must send information regarding its OH&SMS and concerning legal and other
requirements, to any relevant external parties.
▪ Management must develop, apply and carry out processes to control the acquisition of
products and services, to ensure their compliance with the OH&SMS.
▪ Management must ensure that its outsourcing activities, with respect to health and safety,
are in fulfilment of legal and other requirements.
▪ Management must develop, apply and carry out processes to prepare for possible
emergency situations.
▪ Management must produce and retain documentation, regarding its processes and plans
for reacting to potential emergency situations.
‘’TILL HERE PRINT DONE’’

MODULE 3: PERFORMANCE EVAUATION AND

IMPROVEMENT
After completing this module, you will be able to:
o Describe the performance evaluation of occupational health and safety management

systems (OH&SMS)
o Be able to discuss monitoring, measurements and analysis
o Describe the process involved in internal audits
o Explain what is involved in management reviews
o Define what 'continual enhancement' means
o Summarize the 'check and act' part of the OH&SMS
2. Monitoring, Measurement and Analysis
Performance Measurement
PERFORMANCE: Performance evaluation (Clause 9) lists the
requirements of assessing the performance of the OH&SMS. This clause
encompasses three areas of evaluation:
• Monitoring, measurement and analysis
• Internal auditing
• Management reviews
Management must develop, apply and carry out (Clause 9.1) different processes for
monitoring, measurement and analysis. Management must identify the following:
• The level of compliance to laws and other requirements

• The activities and processes involved in recognizing hazards, risks and opportunities
• Improvements toward the attainment of the organization's health and safety objectives
• The impact and efficiency of operational (and other) controls
TASKS: Monitoring can be based on:

• Observation of work being done
• Assessment of documented information
• Interviews with people to discuss performance levels
Measurement is the allocation of numbers or values to performance, i.e. events and
objects. It is related to performance evaluation and involves verifying equipment and
actions with respect to risks and hazards.
Analysis is the study and interpretation of data to discover patterns, relationships and
trends in workplace activities. It is closely associated with measuring events.
CRITERIA: Management relates its performance in the area of

occupational health and safety, according to certain criteria.
For example, the performance of other companies, accepted codes, the

company’s own codes, acknowledged standards, the organization’s
objectives and historical OH&S statistics.
Management must assess its health and safety performance and be aware of the
efficiency of its OH&SMS. Management must ensure, for example, that work equipment is
relevant, calibrated, verified and used appropriately.
NOTE: There can be legal and other requirements (national and international standards)
concerning the use, calibration and verification of equipment.
RECORDS: Management must keep relevant documentation as proof of performance

measurement, monitoring, analysis and to demonstrate results.
Competence and Guidelines

COMPETENCE: Clause 9.1 defines the meaning of “measuring and
monitoring” and offers particular instances of what can be measured to
fulfill the standard. For example:
• Measurement against objectives
• Progress on continual improvement
• The monitoring of workers health and fitness
• Recorded instances of injuries and illness
• Trends
Competence is identified in Clause 9.1, as evidence that workers and management work
effectively together, in terms of the recognition of hazards and risk mitigation measures.
COMPLIANCE: The ISO 45001:2018 standard states what must be measured and
monitored to ensure OH&S legal compliance. Discontinuities must be recognized, solved
and documented. Examples of other factors that must be taken into account are:
• Corporate policies and agreements
• Insurance requirements
• Company and union agreements
• Other rules regulations
GUIDELINES: Reviewing an organization’s performance in certain areas, against other

organizations is referred to as 'benchmarking'. Performing this type of review with respect
to OH&S offers a relatively precise picture of an organization’s performance.
However, we must bear in mind the landscape in which organizations operate. For
example, financial managers may be bound by a certain financial code of conduct;
electronics manufacturers may be committed to being directed by certain standards etc.
The ISO 45001 standard renders certain guidelines as key factors that can be used to
quantify performance. For example, if incidents are measured by occurrence, frequency
and severity, this constitutes a method of measuring performance. The measurement of the
completion of a corrective action, within a certain time or at a certain rate of completion, is
another form of measurement.
Systematic, Criteria & Indicators and Assessment
SYSTEMATIC: An organization should have a systematic method for monitoring and

measuring its health and safety performance on a continuous basis and this should be part
of its OH&SMS.
Without, hopefully, labouring the point too much, monitoring and measuring an
organization's health and safety performance, should include the following:
• All relevant health and safety legislation
• Mutual relevant agreements
• Standards and codes
• Insurance requirements
• Activities and processes concerning the recognition of risks, hazards and opportunities.
CRITERIA & INDICATORS: The following is the difference between

'criteria' and 'indicators' as used in the standard:
Criteria is what organizations use to check their performance in key

areas. For example, they may benchmark their health and safety
performance against other organizations, best practices, standards etc.
To quantify particular OH&S criteria, key performance indicators are used. For
example, if a criterion is a comparison of health and safety related incidents, an
organization may check: occurrence, type, impact, incidents, statistics etc. The indicators
are the results of the comparisons.
ASSESSMENT: A compliance assessment program covers all
occupational exposure to legislation requirements. Evaluation can be
influenced by elements such as historic compliance, or the time at which
legislation was adopted or changed.
A compliance assessment plan can be joined to other evaluation
activities. These can form part of the management system audit, for
example environmental audits or quality management system assessments.
It should be remembered that legal compliance is the minimum requirement in the

standard, for evaluating the effective implementation of the OH&SMS. This means the
organization, at a minimum, must comply with all legal requirements. Finally, as discussed,
the organization must keep documentation of the results of its compliance evaluation.
3. Internal Audits and Management Reviews
Internal Audit Process
INTERNAL AUDIT: Clause 9.2.1 in ISO 45001, outlines the

execution of internal audits by management in organizations. The
internal audit must meet the criteria of the OH&SMS and the results
(outputs) must be made presentable to top management and relevant
personnel.
The internal audit plan must be well-scheduled and developed, with a
thorough understanding of the OH&SMS scope. The plan should be developed on the basis
of risk assessments and former audit reporting.
The internal audit should be conducted more vigilantly than in the comparable standards of
ISO 9001 (quality management system) and ISO 14001 (environmental management
system).
PURPOSE: The justification for conducting serious internal audits is

simple: Nonproductive internal audits in an OH&S system, can threaten
the health and safety of an organization’s workforce.
Question: How can it be ensured that an internal audit is as effective as

it should be and that the consequent actions, safeguard the health and
safety of the workforce?
NOTE: Learn to carry out management system audits in this free online course:
https://alison.com/course/iso-management-system-audit-techniques-and-best-practices
Auditing Scope
MANAGEMENT: Internal audit programme (Clause 9.2.1): Top

management or their delegated personnel must perform the following:
(a) Plan, develop, apply and carry out an audit programme, that accounts
for rate of occurrence, techniques, responsibilities, consultation, planning
needs and reporting. It must also take into account the significance of
processes and the results of former audits.
(b) Outline the criteria of the audit and its scope.
(c) Choose auditors and perform audits to ensure objectivity and non-bias in the audit
process.
(d) Make sure the results of audits are presented to: the relevant managers, employees,
and other interested parties.
(e) Take measures to remove any nonconformities and "continually improve health and
safety performance".
(f) As always, produce documentation as proof of the audit and results.
NOTE: Management should conduct internal audits at consistent intervals, as part of their
management review.
AUDITOR: The internal audit should be performed at “scheduled intervals,”

or additionally, if it is seen as helpful to the ISO 45001 system.
WHO?: The standard states that the choice of the auditor should ensure
“impartiality and neutrality’’. Also, the auditor must have knowledge,
work experience, recognized training and be familiar with health and
safety policies, objectives and performance. Managements should
receive external advice from professionals, for their internal audits. This
shows that the internal audit is a critical process.
HOW?: The internal auditor must have all the relevant information available, as part of the
“input” of the auditing process, i.e. risk assessment, data and outcomes, health and safety
performance results, stakeholder inputs and health and safety objectives. The auditor must
also have full access to all of the information and people relevant to the performance of
OH&S in the organization.
OBJECTIVITY: It is helpful, in terms of the continual improvement of the

organization's OH&SMS, when the auditor makes sound recommendations, based on the
audit's findings and results.
In this manner, management will have a more objective framework to work with. Also, the
internal audit fulfills the direct requirements and scope of the standard.
Management Reviews
CRITERIA: The ISO 45001 standard (Clause 9.3), necessitates the

review of the organization's OH&SMS appropriateness and suitability, to
be carried out by top management at scheduled
intervals. Management review enables an organization to systematically
analyze and gauge the performance of its OH&SMS, to determine if it
continues to be:
APPROPRIATE - processes, values and business systems
SATISFACTORY - is the management system applied properly?
USEFUL - does the management system achieve its intended results?
Management reviews should be completed on a regular basis, for example: quarterly, bi-
annually or annually. Fractional management reviews of an organization's OH&SMS, can
be performed at more regular intervals, if needed.
FEATURES: A management review should include the following:

• The status of actions taken following previous management review(s)
• Internal and external issues that influence the OH&SMS, for example
risks and opportunities, the requirements and expectations of interested
parties, legal and other requirements.
• Sufficient dialogue with internal and external interested parties
• An analysis of the resources needed for achieving an effective OH&SMS
• Prospects for continuous improvement.
PERFORMANCE: Reviews should include information on the organization’s

OH&S performance, including developments in the following:
1. The attainment of OH&S objectives
2. Incidents, accidents, nonconformities and corrective actions
3. Measurement and monitoring
4. The assessment of compliance with legal and other requirements
5. Internal and external audits
6. Participation, discussion and consultation with employees
7. Risks, prospects and opportunities.
EVALUATION: Decisions taken following a management review, should relate to:

1. The ongoing sufficiency, rationality and effectiveness of the OH&SMS, with regard to the
achievement of its intended results.
2. Areas for continual improvement.
3. Requirements for modifications to the system.
4. Additional resources required.
5. Other actions required.
6. Opportunities to integrate the OH&SMS further/differently with business processes, e.g.
quality, the environment, continuity etc.
7. Impacts on the strategic direction of the organization.
4. Continuous Improvement
Continuous Improvement Steps
ACTIONS Management must identify (Clause 10) opportunities

for improvement and apply mandatory actions to attain the intended
results of its OH&SMS.
Management must develop (Clause 10.2), apply and carry out
processes, together with investigations, reports and measures, to
identify and manage OH&S-related incidents and nonconformities. When
an incident or a nonconformity exists, management must:
• Respond in time
• Take measures to manage and correct it
• Manage any consequences.
INVOLVEMENT The involvement of employees and the participation

of other interested parties must be assessed. This is a requirement for
corrective action, in order to eradicate the root causes of
the nonconformity or incident and to ensure it does not occur elsewhere.
This is achieved through the following:
• Analyzing the reasons for the nonconformity or incident
• Review/update existing assessments of OH&S risks (see 6.1)
• Identify and apply any actions required, involving a hierarchy of controls
• Analyze any new potential health and safety risks or modified hazards.
DOCUMENTATION:
Management must retain documentation as proof of:
A. Nonconformities or incidents following measures taken
B. The outcomes of measures and corrective actions
C. Communication with the relevant employees, employee representatives, or other

interested parties.
Incident Analysis
ANALYSIS: It is important that a 'root cause analysis' is performed

following a nonconformity or incident, in order to avoid its recurrence.
Examples of nonconformities and OH&S-related incidents:

INCIDENTS: Near misses, injuries, poor health, impacts to property or
equipment that could result in health and safety risks, body, skin, bone
damage, hearing loss, eye-sight loss, asbestosis.
NON-CONFORMITIES: Safety equipment not working properly, inability to comply to legal
requirements, safety processes or guidelines not being followed; contractors working in a
hazardous way on-site.
ROOT CAUSE: When a nonconformity or incident occurs, the

organization must respond in a timely way. The assessment of the
requirement for corrective action(s), should be agreed with the relevant
employees and interested parties.
The goal of an incident-investigation is to identify what occurred? why it
occurred? and what can be done to avoid it occurring again?
Professional investigators must account, not only for immediate causes, they must also
focus on root causes and the corrective measures that need to be taken.
FACTORS: All incidents have causes. These can involve a cluster of

factors, together with human behavior, activities, processes and
equipment.
Investigations should highlight gaps that require improvement. The
extent of the investigation, is proportional on the extent of the OH&S-
related incident and its impact.
The incident should be documented and presented internally and externally, were
appropriate, to regulatory bodies.
INVESTIGATIONS: Who investigates? The investigation of incidents and

nonconformities should be performed by a party/parties who are not reliant on the
activities being analyzed and should include an employee representative.
Corrective Actions
MODIFICATIONS: Organizations are responsible for corrective
actions concerning the management of change and the hierarchy of
controls. They are also responsible for making modifications to the OH&SMS by:
A. Updating process maps
B. Revising procedures
C. Updating the risk register
CONTROLS: Instances of corrective actions involving a hierarchy of

controls:
• Eradicate hazards
• Use less dangerous materials
• Re-engineer or change machinery and tools
• Modify the rate of using equipment
• Enforcing the use of personal protective equipment (PPE)
Failures and Timing

FAILURES: The emphasis of root cause analysis is aversion. Root
cause analysis recognizes numerous contributory factors, including the
following:
• Fatigue
• Lack of communication
• Equipment failure
• Incompetence
• Gaps in signage/notices/warnings/documentation
TIME: While root cause analysis is being carried out, an organization

may have to perform immediate short-term actions, in order to avoid
recurrence of an incident or nonconformity.
This can be a component of the implemented corrective action. Root
cause analysis and the reporting of incidents without delay, can assist
with the permanent removal of hazards.
Continuous Improvement
REFERENCES: The concept of continuous improvement is

referenced in other management systems (Annex SL), for example: ISO
14001, ISO 9001 (see: https://alison.com/course/iso-90012015-
fundamental-concepts), as well as in the ISO 45001:2018 standard.
MEASURES: Measures, an organization can take
to implement 'continuous improvement' in their OH&SMS include:
• Enhancing a culture that supports OH&S
• Encourage the participation of employees (recognition and application)
• Use up-to-date training, practices, technology and equipment
• Promote good working practices
• Accept proposals and advice from interested parties
• Acquire the latest knowledge of occupational health and safety in the workplace
• Source better supplies and make better use of materials
• Promote worker competence
• Attain improved performance using minimal resources
5. Performance Evaluation and Improvement-

Lesson Summary
Module Three Summary
▪ Three main areas of OH&SMS evaluation are: monitoring, measurement and analysis;
Internal audits; management reviews.
▪ Management must develop, apply and carry out different processes for the monitoring,
measurement and analysis of its OH&SMS.
▪ Monitoring can be based on observation of work being done, the assessment of

documented information (e.g. records) and the utilization of interviews - this helps to identify
status, so that any deviation from performance can be recognized.
▪ 'Measurement' is the allocation of numbers to the performance of events or objects. It is

related with performance evaluation. It can be extracted from the utilization of verified or
calibrated equipment.
▪ Data analysis discovers patterns, relationships and trends in performance. It is related with
the measurement of events.
▪ Criteria is what the management compares its performance with, for example the
performance of other companies, developed codes, acknowledged standards, the
organization's own codes, the organization’s objectives and its historical health and safety
record (statistics).
▪ Management must ensure that monitoring and measuring equipment is calibrated, verified
and used as appropriate.
▪ Management must develop, apply and carry out processes for evaluating organizational
health and safety compliance, with legal and other requirements.
▪ An organization should have a systematic method for monitoring and measuring its
occupational health and safety performance, on a recurrent basis. This should be a core
component of its OH&SMS.
▪ An organization should employ preemptive and responsive measures to OH&S gaps and
should primarily focus on proactive solutions, in order to maximize its performance.
▪ The internal audit plan must be scheduled and developed according to the system's scope.
The plan should be developed according to a risk assessment and take into account the
results of former audits.
▪ When choosing auditors to perform audits, objectivity and the absence of bias in the
process, must be assured.
▪ Management should conduct internal audits at regular intervals, as part of conducting

management reviews of their OH&S status and processes.
▪ The ISO 45001 OH&SMS standard, mandates that the results of internal audits should be
presented to all employees and interested parties.
▪ Documenting the internal audit, together with the outcomes, measures and results, is a
requirement and a part of the OH&SMS continual improvement process.
▪ The management review should not only assess data and historical trends; it should aim to
improve the OH&S standards and performance in the organization.
▪ Management review of the organization's OH&S status, should be performed regularly, on a

quarterly, bi-annual or annual basis.
▪ Management must develop, apply and carry out processes, together with investigations,
reports and measures, to identify and manage OH&S-related incidents and
nonconformities.
▪ An organization must take into account the following: the results from the evaluation and
analysis of its OH&S performance; the assessment of its OH&S compliance; the lessons
learned from internal audits and the lessons learned from management reviews.
▪ Corrective actions, continuous improvements, technological changes, innovations and re-

organization can improve the organization's OH&S position.
▪ Incidents that lead to health and safety risks, include: near misses, disabilities, injuries, ill
health, damage to property and equipment.
▪ When a nonconformity or incident occurs, the organization must respond in a timely way;
they must act to manage/contain the issue, correct it and deal with the outcomes.
▪ Organizations must assess the corrective actions that are required to eliminate the root
causes of health and safety-related incidents and nonconformities. They must endeavour to
ensure that incidents and nonconformities that occur in one part of an organization, do not
occur in another part of an organization.
▪ Required corrective actions should be planned and implemented with the participation of
employees and interested parties.
▪ The concept of the continuous improvement of an organization's OH&SMS, is referenced in

management systems prior to ISO 45001:2018, for example ISO 14001 and ISO 9001.
END OF COURSE .

Iso 45001-2018 Course PDF

Uploaded by

Copyright:

Available Formats

You might also like

Iso 45001-2018 Course PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Read this document in other languages

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iso 45001-2018 Course PDF

Uploaded by

Copyright:

Available Formats

ISO 45001:2018 - Principles of Occupational

Health and Safety Management Systems

MODULE 1: FUNDAMENTALS OF OCCUPATIONAL

o Explain the OH&SMS standard

o Define the fundamental concepts and terminology used in OH&SMS

o Summarize the systems involved in OH&SMS

o Explain who is responsible for developing the ISO 45001 standard

o Illustrate the timeline involved in the development of ISO 45001

o Discuss the compatibility of ISO 45001 with other standards

o Describe the timeline involved for migrating to ISO 45001

o List the benefits ISO 45001 can yield to businesses

o Outline the benefits ISO 45001 yields to managers and professionals.

2. Introduction to ISO 45001: 2018 OH&SMS

GOALS: OH&SMS systems primarily direct organizations in the following ways:

STANDARDS: National standards used for implementing OH&SMS, before the

BS OHSAS 18001: BS OHSAS 18001 (Occupational Health &

History: ISO 45001 was initially created on 25th October

Migration and Features

FEATURES: What is new in ISO 45001, compared with other

PROACTIVE: Organizations need to be proactive. In a rapidly

Certification and Advantages

CERTIFICATION: It is expected that a large number of

3. Publication of ISO 45001: 2018

Illness and Injury

STATISTICS: The International Labor Organization (ILO) calculated

SOLUTION: Is ISO 45001 the answer to the problem of occupation

Substituting OHSAS 18001

RESPONSIBILITY: Similar to ISO 9001 and ISO 14001, there is a

PARTICIPATION: Clause 5.4 of the ISO 45001:2018 OH&SMS, is a

Additions and Improvements

• Communications are evaluated for their effectiveness.

PROVISIONS: Clauses 8.1 to 8.2, deal with organizational operations, preparedness

ADDITIONS: ISO 45001:2018, Clause 9, includes enhanced and extended evaluation of

Risk and Prevention

PREVENTION: ISO 45001:2018 Clause 10, removes the linguistic reference to

4. Important Terminology in ISO 45001:2018

Workers & Interested Parties

INTERESTED PARTY: Interested Party - This term is defined as a “person or

Consultation and Participation

CONSULTATION: Consultation is defined in clause 3.5 of the

Contractors and Contracts

CONTRACTORS: ISO 45001:2018 defines contractor in clause

Hazards and the Workplace

WORKPLACE: Workplace is defined in the ISO 45001:2018 standard as “[a] place

HIRA: ISO 45001 defines the term hazard, as a “source with a

Health, Injury and Objectives

OBJECTIVES: ISO 45001 defines the term OH&S objective as “set

SMART: Objectives are made so that specific results can be obtained

OH&S RISKS: ISO 45001 defines Occupational Health and Safety

5. Fundamentals of occupational health & safety

MODULE 2: REQUIREMENTS OF AN OCCUPATIONAL

• List the expectations top management has in a OH&SMS.

• Describe how best to manage health and safety risks.

• Explain how support functions affect an organization's performance.

• Define what operational controls are.

• Summarize how organizations enforce operational controls.