PART 3 - AUDITING AGAINST BS OHSAS18001:2007

Section 3.2 - Auditing against BS OHSAS

18001:2007 Clause 4.2 Policy
The occupational health and safety (OH&S) Policy is a written statement demonstrating the
commitment of an organization to OH&S of its employees and those that its activities impact
upon. It is a formal declaration by top management committing them to implementing a system
for preventing harm to those who may be affected by their activities. Ideally it should be less than
a page in length, written in simple language, dated and signed by the chief executive officer
(CEO) or appropriate director with responsibility at board level for health and safety.

Every organization must be committed to protecting the health and safety of its employees and
all others that might be affected by its work activities.

BS OHSAS 18001 has 8 important requirements, together with an overall assurance that the
policy has been authorized. These can be found in clause 4.2 which requires top management
to:

“… define and authorise the organization's OH&S policy…”

OH&S policy requirements - OHSAS 18001 Clause 4.2
The OH&S policy demonstrates the commitment of an organization by establishing an overall
sense of direction, and by setting the principles that underpin the actions to be taken.

There is a legal obligation in the UK for every organization with five or more employees to prepare
a written statement of general policy on occupational health and safety, and similar requirements
exist in many other countries.

BS OHSAS 18001 specifies eight important requirements for the OH&S policy:

1. “… appropriate to the nature and scale of the organization’s OH&S risks”

The policy should be realistic and relevant to the nature of risks faced by the organisation.

2. “includes a commitment to prevention of injury and ill health and continual Improvement in
OH&S management and OH&S performance”

It is impossible to make every workplace totally safe, but management are expected to commit to
preventing injury and ill health. In the case of ill health, this includes stress as well as other
disabling effects.

Organizations need to achieve not only a high level of OH&S performance but also to seek a
continual improvement in that performance as well as meeting legal requirements.

3. “includes a commitment to at least comply with applicable legal requirements and with other
requirements to which the organization subscribes that relate to its OH&S hazards”

Naturally, there is a requirement to comply with legal requirements. However, there might be
other codes of practice, industry standards, voluntary agreements etc to which the organization
subscribes and in this context “other requirements” covers all of these areas.

© 2009 RMS v1.0 Section 3.2 1

 PART 3 - AUDITING AGAINST BS OHSAS18001:2007

4. “provides the framework for setting and reviewing OH&S objectives”

Policy statements should enable realistic objectives and management programmes to be

established.

5. “is documented, implemented and maintained”

The organization’s top management should set in place procedures to define, document and
endorse its OH&S policy.

6. “is communicated to all persons working under the control of the organization with the intent
that they are made aware of their individual OH&S obligations”

Everyone working on behalf of the organization, whether employees, sub-contractors or agents

etc., should be recognised as being equally important.

7. “is available to interested parties”

The policy statement should be made available to relevant interested parties.

8. “is reviewed periodically to ensure that it remains relevant and appropriate to the organization”

The policy should be reviewed periodically to ensure that it remains relevant and appropriate to
the organization.

Top management is defined as:

"Person or group of people who direct and control an organization at the highest level"
Top management – ISO 9000:2005
Internal auditors need to assure themselves that the policy is currently relevant and is reviewed
regularly at management review meetings for its continuing suitability. Only a policy that has
objectives with tangible outcomes that can be measured and audited can be shown to be
working. Some points that the internal auditor might wish to consider would be:

z Is there commitment to minimize risk?

z Is the policy appropriate to the scale of the organization?

z Is there commitment to comply with legislation?

z Is there commitment to minimize ill health?

z Does top management demonstrate commitment by example?

z Is OH&S a prime responsibility of line managers?

z How is the policy communicated to workers, contractors etc?

z Does the policy encourage employee participation and consultation?

z Is there evidence that there is a regular review of policy?

© 2009 RMS v1.0 Section 3.2 2