ISO 45001:2018 Overview: A Comprehensive Guide

Introduction

ISO stands for International Organization for Standardization. ISO 45001 is an international standard that deals with Occupational health and safety management systems provides framework for organizations to manage its OH&S risks and improve its OH&S performance. ISO 45001 was OHSAS 18001, which in recent times have been revised and changed to ISO 45001.

Background: The Evolution And Development Of ISO 45001 Standard

The background of ISO 45001 coming into picture is also interesting. This evolution came about when humans were seen as more than just a resource, there came into picture was ISO 45001:2018 which was for occupational health and safety management system. With the exploitation of workers for more productivity and inhumane working conditions created discomfort among customers and investors. This is when ISO 45001:2018 (previously OHSAS 18001) came in to being.

Most giant organizations in the industry used to have its primary processes executed from industries set in either underdeveloped or developing countries where labor and other materials were cheap, norms were flouted or not adhered to and lacked legal obligations. Finished goods or partially finished goods from such industries would be bought in home countries where final packing and labelling would done in the respective location before final dispatch. Such industries set up in underdeveloped or developing countries were either owned or in most cases a third party owned entities. Such transactions with these industries either work in the model of Buy-to-sell (which means an external vendor would do everything from manufacture to pack and then parent company just markets it through own channel) or outsourcing (a part of on process if offloaded to a different vendor and when that is completed, it goes back to parent company to finish the rest of the processes).

When OHSAS 18001 certification used to be done previously, the clauses didn’t cover the part of “outsourcing” and hence only a specific corporate building or a partial manufacturing set up under the scope would be audited which was seen as the biggest gap. It excluded a major junk of any industry.

Previously ISO 45001 was known as OHSAS 18001, it was not in line with high level structure i.e. 10 Clauses with plan do check act as the base principle. But it was revised recently in 2018 and now it is named as ISO 45001:2018 called the Occupational Health and safety Management Systems.

The Main Pillars Of ISO 45001

ISO 45001 aims to help organizations create a safer and healthy work environment for its employees and visitors. 

Main pillars on which OHSMS standard is based on are these:

•    Worker Safety

•    Hazard Management

•    Risk Reduction

•    Injury Prevention

•    Occupational Health Measures

•    Regulatory identification and Compliance Evaluation

•    Improve Productivity

•    Enhance Organizational Safety Culture

Understanding The Structure Of ISO 45001:2018

Below is the structure of ISO 45001:2018:

Introduction - Requirements of implementing the occupational safety and health management system principles

1. Scope - Defines the scope of the standard, i.e. Requirements of OHSMS intended to be applicable to any organization, regardless of its type or size, or the products and services it provides

2. Normative references

3. Terms and definitions - terms and definitions that are used in the standard

4. Context of the organization - lays down requirements of context of the organization, Internal and external issues, Interested parties Stakeholders

4.1    Understanding the organization and its context

4.2    Understanding the needs and expectations of workers and other interested parties

4.3    Determining the scope of the OH&S management system

4.4    OH&S management system

5. Leadership and worker participation - is all about leadership and worker participation, policy requirements, etc

5.1    Leadership and commitment

5.2    OH&S policy

5.3    Organizational roles, responsibilities and authorities

5.4    Consultation and participation of workers

6. Planning - is about identifying and addressing risks and opportunities

6.1    Actions to address risks and opportunities

6.1.1    General

6.1.2    Hazard identification and assessment of risks and opportunities

6.1.3    Determination of legal requirements and other requirements

6.1.4    Planning action

6.2    OH&S objectives and planning to achieve them

6.2.1    OH&S objectives

6.2.2    Planning to achieve OH&S objectives.

7. Support - ensure availability of resources, competence mapping, awareness

7.1    Resources

7.2    Competence

7.3    Awareness

7.4    Communication

7.4.1    General

7.4.2    Internal communication

7.4.3    External communication

7.5    Documented information

7.5.1    General

7.5.2    Creating and updating

7.5.3    Control of documented information

8. Operation - deals with Operational controls and emergency preparedness and response

8.1    Operational planning and control

8.1.1    General

8.1.2    Eliminating hazards and reducing OH&S risks

8.1.3    Management of change

8.1.4    Procurement

8.2    Emergency preparedness and response

9. Performance evaluation - is all about performance evaluation

9.1    Monitoring, measurement, analysis and performance evaluation

9.1.1    General

9.1.2    Evaluation of compliance

9.2    Internal Audit

9.2.1    General

9.2.2    Internal Audit Programme

9.3    Management Review

10.  Improvement - deals with continual improvement actions

10.1    General

10.2    Incident, non-conformity and corrective action

ISO 45001 standard is a systematic approach to occupational health and safety management system which when combined with workers participation and Policy, standard, procedures, guidelines etc result in improved processes, develop a safe working environment to the organization. It is based on the PDCA cycle.

What Is PDCA Cycle?

PDCA cycle is a four-step model approach that is used when implementing continual improvement. 

• P stands for Plan

• D stands for Do

• C stands for Check

• A stands for Act

P D C A is continuous process. Let us understand take the example of a process called grinding and we need to implement PDCA to this particular process.

Implementing PDCA 

Step 1: We start with the Planning process

• We create a Standard operating procedures.
  
  
• We look at hazards of the process along with workers involved in executing the process.

Step 2: We then move on to implement the plan

• We check the available resources.
  
  
• We check the competence of manpower available.
  
  
• We fill the gaps by providing trainings.
  
  
• We execute the plan.

Step 3: While executing the plan we also ensure to verify and check if the task is being carried out as per plan, that’s the Check phase done using

• Inspections of the work area
  
  
• Monitoring
  

Step 4: We verify in case the output does not match as per plan, we come to act phase i.e. do corrections and take corrective actions. If the output remains constant as per plan for a period, we try and look for opportunities to improve further and that is called continual improvement. Reporting incidents and process of analyzing is also in the act phase.

Understanding Auditing Of ISO 45001:2018

OHSMS originally was occupational health and safety assessment series which was a British standard introduced in 1999 which was later by ISO and published as ISO 45001 in 2018. Once the standard was published, a period of 3 years was provided to all organisations to transition to ISO 45001.

Major changes that were made from 18001 to ISO 45001 were:

• It adopted the high-level standard with standard clauses from 1 to 10 same as that of ISO 14001 or 9001.
  
  
• Focus on the role of top management - ISO 45001 emphasizes the enhanced role of top management in the incorporation of health and safety in the organizational culture along with the management system of the company.
  
  
• Awareness on health and safety requirements - It was encouraged that the staff be aware of the health and safety as well as support and contribute in keeping the workplace safe, identifying risks and opportunities , defining and identifying health and safety objectives to establishing complete plans, prioritizing, and following them through; allowing the company to incorporate mental health requirements to ensure mental well-being of the staff.

The standard consists of 10 clauses and out of 11, Clauses 4 to 10 are auditable.

Every Organisation needs to assess the applicability of clauses and then comply with the same.

Implementation Of ISO 45001

The implementation process for ISO standard is same as project management.

Step 1: We start with a team formation, we ensure proper roles and responsibilities are defined

Step 2: We ensure list of all tasks are noted with target dates and responsibilities and so on. Defined roles such as project manager, project team, management representative i.e MR. Even though appointing MR is not a mandatory requirement but since OHSMS requires ongoing maintenance of the system, a single focal helps better in managing the system. Although the decision to appoint a MR is up to the organization.

Step 3: Here role of leadership is important in ensuring proper guidance is provided.

Step 4: Regular tracking of action listed and escalation at right time ensure that the implementation is effective and on time.

Step 5: Documentation is one the important aspects of implementation of ISO 45001:2018. Across all clauses of ISO 45001, there is a term used often called “documented information”.

Now Documented information is also two types:

1. One that needs to be maintained

• Includes information that can be changes and updated such as SOP’s, Policies, etc
  

2. Other that needs to be retained

• Includes proofs that act as an evidence such as training records, inspection records, etc
  

The main task is to thoroughly examine the clauses and classify the documented information requirements. ISO 45001:2018 does not require to document a procedure for every small process. And the amount of documents will vary with organizational complexity.

If a document is not mandatory, there are certain criteria to decide such as:

• Size of Company - Number of Employees
  
  
• Importance and Complexity of processes
  

There is no specification of format to document the requirements of ISO 45001:2018 such as electronic or hard copy.

Impact of ISO 45001:2018

Of many benefits that a standard brings to the organization, there are few most definite benefits such as:

• Reduced organization risk
  
  
• Improved OH&S performance
  
  
• Enhanced competitiveness
  
  
• Employee motivation
  
  
• Increase trust of stakeholders
  
  
• Employee engagement, etc

To Note: 

• Any organization with any employee number/ any process/ any product or service can get certified with ISO 45001:2018.
  
  
• External Service Provider for first time certification
  
  
  • Stage 1
    
    
  • Stage 2
    
    
  • Final Certification
    

Post 1st time, every 3 years recertification audit is conducted, and every year surveillance audit is conducted.

Conclusion

The ISO 45001: 2018 is a critical standard enabling organizations to take the initiative to control risks of occupational health and safety. This all round model alleviates safety as part of all business operations such that a safety culture of prevention, accountability and continual improvement are promoted. With ISO 45001, companies can safeguard the workforce, increase compliance, minimize incidents, and improve productivity in general. Essentially, ISO 45001:2018 turns the aspect of workplace safety into a proactive requirement rather than an opportunity to enhance sustainable development and operational excellence.