ISO 45001/5 and the pandemic
ISO 45001/5 and the pandemic
It would be naïve to think that Covid-19 doesn’t impact our current occupational health and safety management systems, as there are very particular risks that have to be managed and controlled. Within the realm of the ISO 45001 requirements, Marina Sander and Elfriede Giard, from The World of Ethics Group, explain why it is wise for employers to look at the guideline published in ISO/PAS 45005.
The ISO/PAS 45005 will support organisations that have implemented ISO 45001 requirements, but it can be followed by any organisation, irrespective of the other suite of standards that they conform to. It provides a practical framework and will help inform the thinking of employers about various aspects of the management of Covid-19 related risks.
The standard further provides guidelines and supports the use of remote working technology – a concept that has changed the way that we work, most probably forever.
Compliance with legal and other requirements is one of the most important requirements in ISO 45001, because the lives and health of people are at stake. The ISO 45001 standard provides a good framework for identifying and monitoring compliance with all local legislation regarding occupational health and safety.
The standard mentions legal requirements in several places, indicating that they must be considered through the whole Plan-Do-Check-Act (PDCA) cycle of the occupational health and safety management system (OH&SMS), from developing the OH&S policy and defining OH&S objectives, to management review.
This is the first document that mentions the consideration of legal requirements. The standard clearly demands the inclusion of a commitment (at least) to comply with the applicable legal requirements, and with other requirements to which the organisation subscribes that relates to its OH&S hazards when writing the policy.
Procedure for identification of the legal and other requirements
The next step is in clause 6.1.3 – Determining legal and other requirements, where the standard requires you to establish a process for identifying and accessing the legal and other OH&S requirements that are applicable to the organisation.
The organisation may find occupational health and safety regulations on the website of government agencies, in charge, or via other specialised services. In a wide list of regulations, you should choose only those that are applicable to your business.
In clause 6.2, ISO 45001 states that when an organisation establishes OH&S objectives and plans to achieve them, it should take into account applicable requirements, which include legal requirements.
The organisation should plan how it is going to comply with legal requirements. If you find, during identification of applicable legal requirements, that you are only partially
in compliance with a specific applicable regulation, or you have completely ignored it, now is the time to set it as a target.
Of course, you will need to do a periodic evaluation of compliance with legal and other requirements, because even if your organisation is in compliance today, you cannot be sure that it will be in compliance in six months or a year. This is a mandatory activity and there must be a record kept as evidence.
Clause 9.3 requires the review of the occupational health and safety management system by top management, through the management review process, about results of the evaluation of compliance and possible changes in legal requirements.
This is to ensure that top management is aware of the risks of potential or actual non-compliance, and has taken appropriate steps to meet the commitment to legal compliance. Results of the evaluation of compliance, with legal and other requirements, are one of the mandatory inputs in the management review.
What are the new requirements for risks and opportunities according to ISO 45001?
There are new requirements for assessing risks and opportunities in the OH&SMS. These requirements in ISO 45001 cover two different types of risks for the individual processes and the overall OH&SMS, and both assessments are needed for a good OH&SMS.
What is required for hazards and risks?
The previous requirements in the OHSAS 18001:2007 standard were quite simply written, even though the task was rather large. In brief, for all of your activities, processes and work areas, you must identify what hazards exist for the occupational health and safety of all involved (including contractors and visitors). Once these hazards were identified, you would then identify what risks exist for the hazards and what controls you needed to put in place to mitigate the risks present.
What do you need to consider with new conditions for assessing the risks and opportunities?
There are new conditions for assessing the risks and opportunities of the overall OH&SMS. These new requirements come from the standard ISO format for all management systems, called Annex SL. This format includes the assessment of the context of the organisation with respect to the purpose of the management system, including the internal and external issues that affect it.
The next step in the standard is to identify all of the interested parties for your management system, and what their needs and expectations are.
ISO 45001 risks & opportunities: the new requirements
For instance, as part of your ongoing assessment of legal requirements, you may have learned that there is an upcoming change in the law that will make it illegal to use a certain cancer-causing chemical that is needed for creating your product.
You have an opportunity to make changes to your product that allow you to find a replacement chemical that is less hazardous to the occupational health and safety of your workforce. There is also a risk that the replacement chemical is more hazardous to the people who need to use it. It is these risks and opportunities that you will need to address.
Risk and opportunity assessment
Any company that has implemented an OH&SMS knows that the assessment of risk, and the management of the controls to address risk, is critical for managing occupational health and safety.
Risk assessments, and determining what needs to be done, have always been a part of the OH&SMS. The only real change is to include an additional focus for the important task of risk assessment, and the assessment of opportunities that can be pursued to benefit your company, which can help you with OH&S improvement.
Two phrases indicate what kind of document is required by the standard. The phrase “retain documented information as evidence of” means the record needs to be produced, while the phrase “maintain as documented information” means that the document, including the procedures, needs to be developed.