Key Changes From OHSAS 18001 To ISO 45001: What You Need To Know

ISO 45001

OHSAS 18001

Analysis

4. Context of the organization

4.1 Understanding the organization and its context

New Requirement

Clause 4 i.e. Context of an organization is a new to OHSAS 18001. Context here means the organization operational characteristics and mainly the role of leadership. ISO 45001 has placed highest emphasis on this part. ISO 45001 attempts to move beyond traditional interpretation of occupational health and safety. Organizations are required to consider external, internal issues as well as impacted parties due to their own operations as well as any impact that it might have in achieving the planned objectives.  External issues can be competition from market, technology, legislation, etc while internal issues may be management, workers, structure of the organization, etc.

4.2 Understanding the needs and expectations of works and other interested parties

New Requirement

This is also a new requirement wherein organizations must understand the needs and expectations of the stakeholders such as workers, legal authorities, contractors, customers, shareholders, local communities etc. Some needs and expectations may be voluntary while some might be mandatory.

4.3 Determining the scope of the OH&S management system

Scope & Clause 4.1

Scope of the OH&MS has to be defined by the organization; it may choose to extend the scope to entire organization or may assign it to only specific processes. It is completely upto the organization to define scope limits. 

Scope of the OHSMS will determine the external and internal issues, needs and expectations of the stakeholders, etc

4.4 OH&S management system and your processes

Clause 4.1 General Requirements

This is the same, no change

5. Leadership and worker participation

5.1 Leadership and commitment and your processes

Clauses 4.4.1, 4.4.3, 4.4.6

ISO 45001 focusses on health and safety integration into organization’s own processes and increase the top management involvement. Leadership commitment to drive the OH&SMS topics firmly throughout organization. Previously, OHSMS aspect were mostly delegated and not driven by leadership. This is new and also in addition to this, organization must have a process to identify opportunities to improve health and safety performance. 

5.2 OH&S policy

Clause 4.2 OH & S policy

OHS Policy are set of commitment by the top management to improve Occupational Health and safety performance at workplace. It commits to have a framework in place with goals, expected results. This framework must be developed with consultation of workers, include regulatory requirements and have controls in place to mitigate risks related to OH&S. ISO 45001 states requirements to increase participation of workers as well as enhance communication. OH&S policy must be documented, communicated and made readily accessible to all employees

5.3 Organizational roles, responsibilities, accountabilities and authorities

Clause 4.4.1 Resources, roles, responsibility, accountability & authority

The essence of the clause remains the same in ISO 45001. Additionally, workers are required to take responsibility for management aspects of the organization. 

5.4 Participation and consultation

Clauses 4.4.2, 4.4.3, 4.5.1, 4.5.2, 4.5.3

Organization must have a process in place to ensure participation of workers in all aspects such as planning, developments, implementation, assessment, improvement plan and actions to be undertaken to improve OH&SMS.  Workers across functions should involve themselves. Here even non managerial workers are required to participate during formulation of OH&S policy, assigning roles and responsibilities, determination of legal requirements, etc.

6. Planning

6.1 Actions to address risks and

opportunities

Clauses 4.3.1, 4.3.2, 4.3.3

This clause is now revised and is a combination of few clauses of OHSAS 18001, this helps in broadening of the concept such as inclusion of opportunities and effectiveness measurement. 

6.1.1 General

6.1.2 Hazard identification and assessment of OH&S risks

This clause states the requirement to identify hazards and assess OH&S risk pertaining to processes.  

6.1.2.1 Hazard Identification

ISO 45001 states organization to identify hazard and determine risks that may come. It should be ensured to take into considerations such as routine, non routine, emergency scenarios, workers involved, changes that are occurring in the organization, incidents that are occurring, sociological factors, etc. 

6.1.2.2 Assessment of OH&S risks and other risks to the OH& Management system

The risk assessment states requirements that risks of the hazards are assessed that may lead to the prevention of OH&S hazards. The criteria must be stated by the company, each organization may have difference criteria.

6.2 OH&S objectives and planning to achieve them

Clause 4.3.3

Same in both the standards

7. Support

7.1 Resources

Clause 4.4

Organization must determine the required resources for the successful implementation of an OH&S Management system.

7.2 Competence

Clause 4.4.2

The essence of the clause remains the same in both standards.  But a written procedure is no more a mandatory requirement but documented evidence is required as a validation for competence evaluation. 

7.3 Awareness

Clause 4.4.2

Workers (including managerial and non-managerial) must have awareness about the hazards and risks related to the processes that can have an impact on OH&S performance. Employees must be aware of requirement of OH&S policy and also regarding the incident investigations.

7.4 Information and communication

Clauses 4.4.3 and 4.4.3.2

The organization must have a process in place for communication (both internal and external). It must be documented and up to date. The process must also define the reporting framework, reporting timelines, means of reporting, reporting focal, etc. The same should be communicated timely

7.5 Documented Information

Clauses 4.4.4, 4.4.5, 4.5.4

Documented information is a new terminology adopted from Annex SL. In ISO 45001, the requirements exist but not as stringent as OHSAS 18001. Documented information includes documents records. Even operational procedures fall under documented information.

8. Operation

8.1.1 Operational planning and control

Clause 4.4.6

Planning clause is an additional requirement. ISO 45001 requires planning rather than just control as was in OHSAS 18001.

8.1.2  Eliminating hazards and reducing OH&S risks

New requirement

While selecting the controls for risk, it is required to look at hierarchy of controls. Choosing the one with lowest level of risk is preferred.

8.2 Management of Change

New requirement

Post planning there will be changes that can affect OH&S performance so in order to avoid any unforeseen consequences, organization must have a process in place for such planned changes, evaluation that it must undergo, it must be documented and all relevant risk reduction method be applied to minimize the impact of change on the OH&S performance of the organization.

8.3 Outsourcing

New requirement

This is a new requirement. ISO 45001 states the requirements of having outsourcing processes controlled as well as monitored. Organization must define controls and mitigate risks that are involved in the outsourcing activities. 

8.4 Procurement

New requirement

This is a new requirement. This clause deals with goods and service procurement. 

8.5 Contractors

New requirement

This section deals with activities that involve contractors and their impact on the OH&S performance of the organization. There has to be a close coordination between contractors and organization with respect to adherence of rules and regulations, meeting training needs, regulatory requirements, resources needed to execute the tasks, etc. 

8.6 Emergency preparedness and response

Clause 4.4.7

This is similar to requirements laid in ISO 18001. But there is slight change in the details of the requirement, wherein process is strengthened and focus is also given on communication including identification of potential emergencies, emergency plan that has been devises must be tested for efficiency and check on competence. 

9. Performance evaluation

9.1 Monitoring, measurement, analysis

Clauses 4,5 4.5.1

The clause requirements are now revised with an extended scope of including communication.  

9.1.2 Evaluation of compliance with legal requirements and other requirements

Clause 4.5.2

Documented information has replaced procedural requirements which were in OHSAS 18001. It also includes evaluation methodology and frequency.

9.2.1 Internal audit objectives

Clause 4.5.5

Here too documented information has replaced procedural requirements which were in OHSAS 18001. Objectives of Internal audit are same as it was in OHSAS 18001.

9.2.2 Internal audit process

Clause 4.5.5

This clause is revised with inclusion of workers and its representatives, and assistance in continual improvement for overall OH&SMS. The clause also states to include action when addressing any nonconformities.

9.3 Management Review

Clause 4.6

Requirement remains same. However, ISO 45001 places more focus on communication and improvement. The management must also review the trends of OH&S performance metrics.  

10.Improvement

10.2 Incident, nonconformity and corrective action

Clauses 4.5.3, 4.5.3.1, 4.5.3.2

Significant change has been introduced in this clause. ISO 45001 has replaced preventive actions and also the need for corrective actions. When an organization is using OH&SMS to manage risk and control processes, this system is a preventive tool. 

10.3 Continual improvement

Organization must identify opportunities for improvement of OH&S at workplace from various assessments carried out such as risk assessments, hazard identification, internal audits, etc.