Management systems are nothing new. Early systems can be traced back to the trade guilds of Medieval Europe, which developed stringent rules for craftmanship and service. To be a guild member, and receive the benefits of membership, artisans and merchants had to adhere to these rules. Guilds operated collectively, and successes and failures were shared across the members of a particular guild. So, a ‘peer pressure’ of sorts usually guaranteed an accepted level of service or quality of product.
Through the industrial revolution and into the factory age of the early 20th century, product inspection became the norm for suppliers. The development of early quality processes helped meet the need for the exacting requirements of military production during World War II. Then as military production gave way to post-war consumerism, the total quality ethos, spearheaded by Japan (under advisement from American quality pioneers W. Edwards Deming and Joseph M. Juran) took hold. As the quality of Japanese products led the world from the 1970s, the American response of Total Quality Management, or TQM, laid the groundwork for the modern quality management system.
Today, quality management systems have expanded in scope and advanced well beyond their ‘product inspection’ foundations. Furthermore, management systems have now jumped into the realms of business, information technology, energy, medicine, environment, transportation and more. When applied, they generally offer process consistency, continual improvement, improved efficiency and waste reduction, and improved customer satisfaction. Risk management is now a major component of many systems too.
Organizations have a duty of care to their employees, contractors, sub-contractors and any other individual that interacts with the organization in a work-related capacity. By adopting an occupational health and safety (OHS) management system, an organization can establish a structured and accountable approach to managing its health and safety opportunities and risks.
Globally, ISO (International Organization for Standardization) standards have become a regular feature of the business landscape. ISO publishes a broad range of standards, relating to many subjects and business areas, but its quality, health, safety and environment (or QHSE) standards are perhaps the mostly widely recognized and adopted. The ISO 9000 series of quality management system standards launched in 1987, based on the British Standard BS 5750, followed by the environmental management system standard ISO 14001 in 1996, based on BS 7750. Both have received revisions and updates since the original releases and are the most widely adopted of all ISO standards.
What is ISO 45001?
ISO 45001, the occupational safety and health management system standard, was launched in March 2018 as a direct replacement for OHSAS 18001. It builds on the OHSAS18001 standard and offers several improvements and enhancements. Upon the launch of ISO 45001, there was a three-year migration period to allow OHSAS 18001 certificate holders to transition to the newer standard. Due to COVID-19, this transition period has been extended to September 2021, when the former standard will be formally retired.
The ISO 45001 standard is designed “to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.” (ISO 45001, 2018). Despite being one of the newest ISO standards, it is already ranked third in certificate issuance globally, behind the quality and environmental standards.
(ISO 45001, 2018). Despite being one of the newest ISO standards, it is already ranked third in certificate issuance globally, behind the quality and environmental standards.
Table 1: Active ISO certifications, by standard, as of Dec. 31, 2019:
The Role of Safety Management Software
Learning Management Systems (LMS), Incident Management Systems (IMS) and other software can help an organization meet many of the requirements of a formal structured OHS management system like ISO 45001. Safety software applications don’t simply hand you a compliant OHS management system on a platter — in fact far from it — but when used strategically they can do a lot of the heavy lifting for you.
SafetySkills Empower combines our SafetySkills LMS and award-winning content with additional IMS and risk assessment services in one application. The software is structured in a way that parallels elements of OSHA guidance and ISO 45001 requirements. Using Empower for certain tasks or actions, you can be sure you are conforming with the relevant elements of the ISO standard, while given the added security of helping meet OSHA obligations. The main features of Empower allow you to:
- Assign and track online competency-based training
- Complete risk assessments through Job Hazard Analysis
- Hold regular safety conversations through Toolbox Talks
- Perform an incident investigation in line with OSHA-recommended guidance
- Complete a root cause analysis
- Develop, assign and tract corrective actions
- Complete and archive OSHA 300 reporting forms
Using a software application like SafetySkills Empower is an effective and efficient way of supporting your internal. OHS management system and helps align your organization with domestic regulation and established international management standards.
Looking for an online EHS management system?
ISO 45001 offers a number of enhancements over the OHSAs standard:
- Primarily, ISO 45001 takes a more proactive approach. Whereas the OSHAS standard set a framework for reacting and responding to incidents and the hazards that cause them, ISO 45001 requires hazards to be identified, assessed and remedied before incidents occur. It is a ‘prevention is better than cure’ approach.
- ISO 45001 has a wider scope, encouraging the inclusion of all stakeholders in company operations. As such this scope extends to seasonal and contract workers, subcontractors, and suppliers.
- It provides legal and compliance guidance for all phases of the Deming Cycle, commonly known as Plan-Do-Check-Act, or PDCA.
- Because it is an ISO standard, it shares a common framework with other ISO standards, and so more readily integrates with an organization’s already implemented 9000 and 14001 systems. Consistency of language is a theme throughout the new standard.
- Worker participation is a fundamental concept behind the standard and it is not confined to management and safety professional personnel. Full, organization-wide participation is strongly encouraged.
- This broader, overarching scope encompassing legal, risk, opportunity and stakeholder elements drives a leadership and management commitment to fully incorporate safety objectives into the overall management, operations and philosophy of an organization.
How can Empower help?
A major component of Empower is the ability to perform and document a Job Hazard Analysis. The software comes loaded with more than 200 predefined hazards – with the ability to add your own – and Empower users can easily customize hazard menus to meet their needs. Specific hazards can then be selected to complete a risk assessment or to apply during the root cause determination during an incident investigation.
Empower also comes loaded with hundreds of training and non-training controls which can be assigned at the Job Hazard Analysis level, or as corrective actions following an incident investigation. By performing a thorough safety assessment of job activities, you can identify the best controls to eliminate or mitigate your hazards. Controls don’t have to be complicated or expensive to be effective.
Implementing an OHS Management System
Embarking on implementing any OHS management system, ISO 45001 or otherwise, is a major undertaking. Safety managers need to assess current safety practices in their organization and understand these questions before going further:
- Is safety done piecemeal or is there already a degree of ‘systematic’ procedure?
- What is good about what is already being done? What works well?
- What doesn’t work so well? What can be improved?
- Are other ISO standards in place?
- What knowledge currently exist?
- Is there anything obviously missing? (Note that a formal gap analysis comes later)
Reviewing ISO 45001 and understanding its purpose is vital whether certification is a goal or not. If your organization already runs ISO 9001 or ISO 14001, then you have a significant head start, particularly if certification is your aim. Your colleagues will be already familiar with the way of working under ISO, organizational structures will be in place and existing ISO procedures will be available to serve as templates. So, the addition of 45001 can reasonably be expected to run smoother than in an organization with no ISO history.
There is going to be some organizational change – how much will usually depend on how familiar your organization is with ISO, or any other set of standards. Some members of your organization will embrace the change, others will resist, but if handled correctly, most, if not all, will respond favorably to the new way of doing things. Engage your employees, contractors and suppliers, and take people along with you. Establish creativity, ownership and joint responsibility rather than dictate, control and command.
Start scoping what your system will cover. A gap analysis can help drill down to what is needed, then prioritize what to focus on. You’ll need to make sure any legal obligations are met – that’s mandatory – and then bring in the safety aspects most important to your organization and your employees. Keep business needs and objectives in mind too because your safety and business goals must align so you can monitor and measure progress – an essential part of any ISO standard. At the end of the day, your OHS management system should be improving your business performance.
Consistent styling in the standard’s structure
Specifically, ISO 45001 follows the ISO Annex SL format. This provides a high-level structure for all ISO management systems, and this expands and extends ISO Guide 83 which laid foundation for common structure.
Annex SL has been created to (1) streamline the structure of all ISO standards, (2) standardize the structure, content and language of these standards, and (3) simplify and facilitate the integration of multiple management systems. This means more than just sharing a format; there are parts of modern ISO standards where identical text is used.
As a result, ISO 45001, ISO 9000:2015 and ISO 14001:2015 (the latest versions of each) all follow the same structure and the specific content for each system may be found within the common section of each standard.
How can Empower help?
Empower is heavily influenced by the ISO adoption of standardized language and in fact it’s necessary to fully leverage the power of the software over time. Standardizing language makes system operation simpler. One term is used where multiple options might be possible. So, for example with identification of hazards, each hazard is standardized. Where possible, language commonly used by OSHA, ANSI and other major safety organizations is adopted. This makes the language familiar to users across different industries and may even already match terms used by the user organization internally.
Aside from simplicity, the real benefit here is being able to track data and understand trends. By standardizing language, over time that data becomes very helpful. We can calculate which hazards are most prevalent in which industries, what controls are most used and which are most often assigned as corrective actions, which training courses are most effective in reducing risk, and much more. Standardizing language helps us begin to truly analyze and understand our safety data.
Implementing ISO 45001 without certification
It’s no secret that the greatest implementation of ISO standards has been in Europe. There are several reasons why this is the case, but in no small part it is due to the nature of European Union legislation, which in many cases, and certainly in the case of environmental, health and safety operations, is issued in the form of Directives, which instruct goals and outcomes rather than push specific regulations. This gives the member countries some freedom as to how to adopt European Directive ‘intent’ domestically, and consequently management system standards provide a ready framework.
Combine that with the policy of aligning European Standards with the international ISO standards (European Commission, 2021), and we can see a political and business culture primed for the adoption of ISO standards as an operational norm. This ‘performance environment’ is less evident in the United States where federal and state compliance-heavy regulations tend to be the primary and often unyielding drivers.
But, of course, Europe does not have a monopoly. Plenty of North American organizations have adopted and gained certification under ISO standards. Let’s look at some figures:
Table 2: ISO Certifications as of Dec. 31, 2019:
As we’d expect, the older the standard, the higher the number of formal certifications. The figures shown are for the G8+5 countries — the G8 nations (Canada, France, Germany, Italy, Japan, Russia, the United Kingdom and the United States) plus the five leading emerging economies (Brazil, China, India, Mexico and South Africa). Beyond this formal application though, many U.S. and Canadian organizations adopt ISO standards as frameworks for improving their QHSE performance without seeking formal certification of standard implementation. By doing this, they can benefit from many of the opportunities opened by adoption, without the formality, costs and audit requirement that full certification brings.
By following ISO 45001 as a framework, organizations may not only meet compliance and performance goals in legal and financial areas, but also meet moral and corporate sustainability obligations by going beyond the minimum requirements for providing a safe and healthful workplace.
Progressing to certification
The decision not to certify, of course, does not need to be permanent. An organization can opt to formalize their standard at any time. There can be any number of reasons why a decision to certify may be made, but internal assessments (monitoring and measurement) showing the bulk of the standard requirements are being met – and met well – will usually be a significant driver. This is evidence that the management system is understood well by employees, has integrated successfully into company operations and is mature enough to warrant external scrutiny.
Industry adoption of ISO certifications has been varied. In the U.S. and Canada, the basic metal and metal fabricated products industry leads the way with almost 5,000 combined certifications of the three standards featured in Table 2 (above). Electrical and optical equipment providers account for around 2,700 certifications, followed by machinery and equipment manufacturers, rubber and plastic production, and chemical production industry, all registering over 1,000 certifications each.
Keep in mind that that ISO 45001 certifications represent a very small percentage of each of these totals because it is by far the newest standard, and any prior OHSAS 18001 certifications are not included.
Advantages of ISO 45001
Don’t let the size of your organization influence your decision. All ISO standards are designed to work with any size organization. You’ll see benefits to your company of a dozen people, and if you’re a large organization, you can scale how far your implementation goes. You can apply ISO 45001 to a department or a process if you want to – there’s no mandatory requirement to go “company-wide” if you don’t want to. System improvements can be planned and carried out on a small scale first, before being rolled out on a larger scale.
How can SafetySkills Empower help?
The SafetySkills Empower software can match the scope of your management system implementation. You can set up users and assign permissions based on your management system roles and responsibilities. If your OHS management system only covers one department at the outset, Empower is easily configured to match. Then as you expand your scope, you can expand your use of Empower.
Improved internal management
Any ISO standard will force an organization to look at processes and procedures and document what is being done. This serves as an opportunity to review relationships between management and workforce and identify inefficiencies and communication barriers. Accountability and traceability become second nature in a successful management system.
Improved employee attitude and buy in
ISO 45001 really pushes employee involvement to the forefront. The standard expects that “(t)he organization shall establish, implement and maintain a process(es) for consultation and participation of workers at all applicable levels and functions.”
Employees at all levels of the organization are to be involved in health and safety assessments and decision making, not least in the evaluation of corrective actions and the elimination of root causes. Furthermore, management must also encourage participation in continual improvement actions and communicate results back to them effectively. In turn, this feeds back into improved internal management, with the potential to break down traditional worker/management barriers, whether perceived or real.
How can SafetySkills Empower help?
Integrating employees at all levels of your organization is incredibly straightforward with SafetySkills Empower. All employees can be added as users in the system with appropriate access permissions set. This allows managers and supervisors to select any employee they choose to be part of a safety group or incident investigation team. The employee’s inclusion is logged within the system and can be viewed and confirmed in an audit. There’s no limit to the degree of involvement Empower allows for all your employees.
Consistent outcomes measured and monitored
The Plan-Do-Check-Act cycle is a cornerstone of any ISO standard and is crucial to building your management system. It channels an organization into the principle of continual improvement of employees, processes and procedures. PDCA forces documentation of process, review of process, and improvement identification and action, but allows this to be done at a sustainable rate.
With ISO 45001, hazards, risks and potential safety opportunities must be identified at the outset of each cycle, prior to any change to the system. This way they can be related to planned outcomes, and the effectiveness of the change can be monitored and measured through the PDCA cycle.
ISO 45001 references competence of employees throughout the standard and defines competence as the “ability to apply knowledge and skills to achieve intended results.” Specifically, it states an organization shall “determine the necessary competence of workers that affects or can affect its OH&S performance” and “ensure that workers are competent (including the ability to identify hazards) on the basis of appropriate education, training or experience.” Crucially, it states that workers are provided with sufficient training on hazards and risks associated with their work. Employees must have the knowledge and skills to perform their jobs safely.
How can SafetySkills Empower help?
All SafetySkills online training is competency-based, meaning the trainee must demonstrate competency with each learning element before progressing to the next part of the course. Assigning online training proactively through our Learning Management System is an excellent way of building a competent workforce. But it can also be assigned as a corrective action following an incident investigation.
Increase in efficiency, productivity and profit
The aim of ISO 45001 is the development of an OHS management system to prevent workplace injury and illness. An effectively implemented system may see continual improvement in your working environment leading to less employee downtime, reduced associated injury and health costs, and potentially raised morale and job satisfaction. Though perhaps more easily measured by ISO-certified companies (due to the ability to sell to clients demanding certified providers), non-certified companies should still see gains in all these areas.
As with all ISO standards you must fulfill any legal requirements relating to your business operations, and a legal review is often part of the scoping process. Beyond this, a key feature of ISO 45001 is that it requires organizations to cast their nets beyond their immediate employees. When determining your scope, you must consider anyone who interacts with your organization in a professional capacity, and all the geographic and cultural variety that might entail. This gives an organization an opportunity to engage with policies, guidance and performance standards beyond what is mandatory in developing health and safety sustainability objectives.
How can SafetySkills Empower help?
SafetySkills Empower was designed to broadly follow OSHA’s Guidance on Performing Incident Investigations, which is used industrywide as an accepted and approved methodology for performing incident investigations.
As a subscriber to Empower, you will have access to the SafetySkills training catalog. Training courses are updated regularly to meet the latest regulatory standards. Assigning training through Empower not only means you meet the various EHS legal requirements to train your employees but also that you are ensuring they are being trained on accurate and up to date rules.
Training can also be assigned as a corrective action following an investigation should the root cause determine training is an outstanding requirement.
Globally recognized standards
The ISO mark is recognized the world over. It is not uncommon for contract awards to require ISO-certification, although this is more often ISO 9001 (Quality) or ISO 27001 (Cybersecurity) rather than the EHS-related standards. Nevertheless, adoption and possible certification of ISO 45001 demonstrates serious commitment to your workforce and may be leveraged to improve customer retention and business acquisition.
Difficulties of ISO 45001
Whether your aim is certification or not, if you’re going to implement the standard, and do it justice, you may experience a little bit of pain.
Deciding to implement an ISO system is a serious time commitment. Make sure you can commit the resources needed. It’s a time commitment needed across your organization, from top management to the newest employee, not simply a task to be given to the safety department.
It isn’t so much training that’s a disadvantage — of course correctly targeted, competency-based training is a good thing — but there’s a cost to that, and competency isn’t going to happen overnight. You need to get your employees up to speed on understanding ISO systems in general, the ISO 45001 standard in particular, then training on the mechanisms of implementation.
There is no way around this. If you’re implementing any ISO standard, then your documentation will increase. One major component of any of the standards is to document to procedures, then monitor and measure performance under those procedures. As it’s a continual improvement process, the documentation development, review and editing never ends – whether you’re certified or not.
How can SafetySkills Empower help?
The ISO 45001 standard specifically requires communication of management system tasks and documentation of information. SafetySkills Empower more than meets the requirements on this. Whenever a user is actioned, for example, as an investigation team member or the recipient of a corrective action, they are notified from the system. Users can log into their account to see communications, review records and upload their own documentation. JHAs, Incident Cases and OSHA 300 forms are all either active or archived. Any record can be easily searched and reproduced for monitoring, review or audit.
From an ISO 45001 compliance standpoint, the documentation is on us. You simply document how to use SafetySkills Empower and then our functionality and user protocols become your procedure.
There will nearly always be some resistance from some segment of your workforce. Change is painful, especially if that change isn’t communicated adequately and changes are imposed not part of an organization-wide evolution. The best course of action is to involve staff at all levels, train them and make them part of the process.
If you do go for certification, you pretty much guarantee that all the disadvantages mentioned above will increase. Certification is time-consuming and heavy in required documentation. The process can be very laborious and drawn-out, particularly if ISO are in receipt of large numbers of certification applications.
By implementing an ISO standard internally but not going for certification, you can minimize these disadvantages while gaining many of the advantages, but you miss out on the advantage of promoting your organization as an ISO-certified player. You may state that you follow the ISO 45001 framework internally, but cannot advertise certification, use ISO logos and labels, or associate your business with ISO in any formal way.
Implementing an established OHS management system such as ISO 45001 can have significant benefits for your company. There are advantages and disadvantages whether an organization formally certifies or manages its own conformance. The use of online training and safety software applications to support an organizations management system can greatly help with workload, efficiency improvement and conformance to the established standard.