ISO 45001:2018
Occupational health and safety
management systems
John Keen - RKMS
About RKMS:
25 years experience with consultancy & standards team of
10 consultants – Chartered Professional Status: CQP, IEMA,
NEBOSH, IIRSM, IOSH & IRCA
▪ Company accreditations:
ISO9001  ISO14001 OHSAS18001
 Recognised Practice with IoC,
 BSI Associate Consultancy Programme,
 City & Guilds Centre
 Highfield Approved Centre
 NFCE Approved Centre
Certifications
AGENDA
• Main Differences ISO 45001 vs OHSAS 18001
• Annex SL
• Definitions
• ISO 45001 active clauses
• Action Plan
New/enhanced requirements
• Understanding the organisations
context
What this means in practice
• Assess external influences – market,
geographical areas, technologies etc…
• Leadership
• More interaction with workers & “Top
Management” involvement
• Emphasis on “worker involvement”
• Workers to be involved in planning &
risk assessment
Main Differences
• Annex SL and its associated appendices collectively define a
generic management system framework. In the future, all
new ISO management system standards will adhere to the
framework and all current management system standards
will migrate to it at their next revision.
• As a result of the introduction of Annex SL, all ISO
management system standards should become more
consistent in time, and hence more compatible. They will
share the same look and feel, having been built on a
common foundation.
• Annex SL represents the beginning of the end of the
conflicts, duplication, confusion and misunderstanding
arising from subtly different requirements across the
various management system standards.
Annex SL
• For management system standards writers, Annex SL will provide
the template for their work and they can concentrate their
efforts on the discipline-specific requirements that will be
focused on in Clause 8 – Operation
• Annex SL addresses the requirements for proposals for
management system standards. It consists of nine clauses and
three appendices, and the audience for this annex is primarily
ISO technical committees who develop management system
standards. However, all users of management system standards
will feel the impact of Appendix 2 of Annex SL in the future.
Appendix 2 is in three parts:
• High-level structure
• Identical core text
• Common terms and core definitions.
Annex SL
Plan
Set policy
Identify requirements, legislation standards etc.
Identify aspects of the business that interact with the environment (utility usage waste generation etc…)
Identify risk (impacts on the environment CO2 landfill etc…)
Develop procedures and controls to minimise impact
Identify possible emergency situations
Do
Deliver goods/service/install products
Control activities (normal abnormal and emergency situations)
Follow procedures and controls
Generate records and evidence
Check
Work/site inspections
Internal audit
Review risk / impacts assessment(s)
Monitor impacts (CO2 energy/utility consumption etc…)
Act
Containment (spillages etc…)
Incident investigation
Corrective & preventive action
Continual improvement
Annex SL
Active Clauses of ISO standards (Annex SL)
1 Scope
2 Normative references
3 Terms & definitions
4 Context of the organisation
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance
10 Improvement
Annex SL
Definitions
X 37 documented in the standard
Definitions
3.2 interested party (preferred term)
stakeholder (admitted term)
person or organization (3.1) that can affect, be
affected by, or perceive itself to be affected by a
decision or activity
Definitions
3.3 worker
person performing work or work-related activities that are under the control
of the organization (3.1)
• Note 1 to entry: Persons perform work or work-related activities under
various arrangements, paid or unpaid, such as regularly or temporarily,
intermittently or seasonally, casually or on a part-time basis.
• Note 2 to entry: Workers include top management (3.12), managerial and
non-managerial persons.
• Note 3 to entry: The work or work-related activities performed under the
control of the organization may be performed by workers employed by
the organization, workers of external providers, contractors, individuals,
agency workers, and by other persons to the extent the organization
shares control over their work or workrelated activities, according to the
context of the organization.
Definitions
3.4 participation
involvement in decision-making
3.5 consultation
seeking views before making a decision
Definitions
4 Context of the Organisation
• 4.1 understanding the organisation and its context
• 4.2 Understanding the needs & Expectations of workers & other interested
parties
• 4.3 Determining the scope of the OH&S management system
• 4.4 OH&S management system
What this means in practice: write down what you provide and what your market is, what your
products/services are and describe what OH&S issues / benefits / risks there are related to your
product/services and what (if any) legal requirements are associated with your products and or services
including any outsourced materials, products or services.
Context
4.1 understanding the organisation and its context
4.2 Understanding the needs & Expectations of
workers & other interested parties
PESTLE
SWOT
RISK ANALYSIS
Context
4.3 Boundaries and applicability of scope
After establishing the “context” of the organisation
you should review the scope.
As with ISO 9001 & 14001 the boundaries of the
management system should be documented as well
as the scope of activities.
Scope
5 Leadership
•
•
•
•
5.1 Leadership & commitment
5.2 OH&S policy
5.3 Organisational roles, responsibilities and authorities
5.4 Consultation and participation of workers
• What this means in practice: generate an organisation chart
and details roles responsibilities and authorities for all
members of staff. Develop a policy and ensure it is approved
by senior management (MD, CEO or owner)
• Ensure workers are involved in risk assessment & identifying
opportunities for improvement
Leadership
5.1 Leadership & commitment
Far more emphasis on involvement of Top
Management – Requirement for Management
Representative removed
5.2 OH&S Policy
No major changes
Leadership
5.3 Organisational roles, responsibilities and authorities
Organisational
Competence
Define responsibilities
(job descriptions)
Training Matrix
Organisation Chart
Leadership
5.4 Consultation and Participation
H&S committees
Tool box talks
Evidence of involvement / participation in risk
assessment activity
Leadership
6.1 Actions to address risk & opportunities
6.1.1 General
6.1.2 Hazard identification and assessment of risks and opportunities
6.1.3 Determination of legal requirements & other requirements
6.1.4 Planning action
6.2 OH&S objectives & planning to achieve them
6.2.1 OH&S objectives
6.2.2 Planning to achieve OH&S objectives
What this means in practice: develop a management programme document including a list of risks to the
business what controls are in place or required to reduce the risks. Add quality objectives to the plan and
ensure any changes are properly planned using this process. You will need to set targets and methods of
measurement towards achievement of improvement objectives.
Planning / Risk & Opportunity
6.1.2 Hazard identification and assessment of risks
and opportunities
1. Eliminate the Risk
2. Substitute materials or substances with less hazardous substances / materials
3. Control the hazard to reduce risk (LEV’s Guards etc)
4. Safe Systems of work / Permits to work
5. Use / issues personal protective equipment only when no other controls is suitable
Planning / Risk & Opportunity
6.1.3 Determination of legal requirements &
other requirements
Planning / Risk & Opportunity
6.2.1 OH&S Objectives
6.2.2 Planning to achieve OH&S objectives
No
Category
QHE
1
H
2
EH
3
H
4
QH
H
5
H
Aspect (product/service)
Impact (risk)
Controls
Who
When
Maintain effective participation &
co-operation
Raise profile of OH&S throughout
the business
H&S Committee established for
over 2 years participation in RA /
SSoW development
ALL
Jul-21
Increase awareness of Environment
& OH&S of staff
Add to agenda of communication meetings
Regular associates meetings held
with agenda covering E & OH&S
JK
(on-going)
Maintain below average RIDDOR
Incidence Rate
Measure on a rolling 12-month
basis (UK National average 3030)
Highest in 2018 - 1990
(Dec-19 459)
ALL
Dec-20
Improve safety of drivers &
passengers
Undertake mystery passenger
assessments
Round of assessments scheduled
for Jan-20
DH
Feb-20
Improve safety of drivers &
passengers
Maintain and improve safety
awareness for all drivers
CPC update for all drivers
First checks, safety, customer
service, disability regs & low
bridges (roll out from Jan-20)
DH
Dec-21
Move to purpose-built depot
Improve safety by designing into
the layout of the depot
Plans drafted by Architect
BW
Jan-23
Planning / Risk & Opportunity
Linkage from Context to
Management Programme
No
Category
QEH
1
2
3
Objective
Target
Progress to Date
Q
Ensure customer satisfaction levels are
maintained
Minimum overall satisfaction to be at
least 90% on all project reviews
Current satisfaction has remained
constant at around 95% for all project
reviews to date
AN
Q
Increase online sales
Develop a robust sales & marketing plan
Engage with external PR & Marketing
company (wesell4U)
BC
12/20
Establish strategic partnerships (Affinity
Programme) with other providers and
support organisations
A N Other Provider
Co Tinual Improvement
XYZ online
eBay
JK
JK
JK
AC
06/21
09/21
09/21
10/21
Planning / Risk & Opportunity
Who
When
(on-going)
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.4.1 General
7.4.2 Internal communication
7.4.3 External communication
What this means in practice: identify required resources – this can be done on the management
programme or detailed in procedures. Make a list of key competences required to operate the business
effectively. This can be a skills matrix with all skills employees listed. Ensure you communicate with your
staff – share the management programme with them and let them know how they can contribute.
Document procedures required.
Support
7.2 Competence
OVED TRAINERS
ooper
ton
n
ng
whouse
rr
atley
tchard
uby
ley
berfield
Donald
berfield
sbery
athias
rt
hickett
bert
3
Category Location
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
2
2
2
2
2
UK
UK
NW
NW
UK
UK
UK
S & SE
UK
S MID
UK
UK
UK
UK
NI
UK
UK
UK
SCO
UK
UK
UK
9001
1
1
1
1
1
1
0.5
1
1
1
0.5
1
NVQ BIT
14001 18001 22000 EN1090 2012 50001 27001 23001 TS16949 AS900 13485 H&S Lean IIP Lexcel FSC CE Mrk NEBOSH IOSH EFAW FRA CIEH HR Audit BIT
1
1
1
0.5
1
1
1
1
1
1
1
1
1
0.5
0.5
1
1
1
1
1
1
0.5
0.5
1
1
1
1
0.5
0.5
1
1
1
1
1
1
1
1
1
1
1
1
1
0.5
1
1
1
1
1
0.5
1
1
1
1
0.5
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
0.5
14.5
Support
0.5
1
1
14.5
IV TOTAL
1
1
1
1
1
1
1
1
1
1
1
1
1
1
14
5
6
1
1
1
1
0.5
1
1
13
A
1
1
1
0.5
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
0.5
1
1
1
1
1
1
1
2
4
2
2.5
6
5
3
3
1
11.5
1
2
2.5
4
4.5
2
1
1
1
1
1
1
1
1
3
2
4
8
4
1
2
20
6
6.5
3.5
11.5
6
8.5
12
5
17
5
5.5
5.5
2
3
2
1
3
7
6
3
7
146
7.3 Awareness
Support
7 Support
•
•
•
•
7.5 Documented information
7.5.1 General
7.5.2 Creating & Updating
7.5.3 Control of documented information
What this means in practice: other sections have detailed the information (documentation) required by
the standard. Documentation needs to be identified with issue levels and who approved them, where
software is referenced it must state the name and version level. Information needs to be controlled and
protected from loss or damage – back up and security measures should be documented.
Support
8 Operation
8.1 Operational planning and control
8.1.1 General
8.1.2 Eliminating hazards & reducing OH&S risks
8.1.3 Management of change
8.1.4 Procurement
8.2 Emergency preparedness & response
What this means in practice: detail process parameters/criteria and detailing what could go wrong and
how to respond e.g maintenance requirements and evidence of effective maintenance being completed
as identified. This information should also be generated and shared with suppliers/contractors. Establish
what actions are to be taken when things go wrong e.g spillage procedure, undertake drills and document
findings/results (similar to a fire drill)
Operation
8.1.2 Eliminating hazards & reducing OH&S risks
1. Eliminate the Risk
2. Substitute materials or substances with less hazardous substances / materials
3. Control the hazard to reduce risk (LEV’s Guards etc)
4. Safe Systems of work / Permits to work
5. Use / issues personal protective equipment only when no other controls is suitable
Operation
8.1.3 Management of change
The organization shall establish a process(es) for the implementation and control of
planned temporary and permanent changes that impact OH&S performance,
including:
a) new products, services and processes, or changes to existing products, services
and processes, including:
— workplace locations and surroundings;
— work organization;
— working conditions;
— equipment;
— work force;
b) changes to legal requirements and other requirements;
c) changes in knowledge or information about hazards and OH&S risks;
d) developments in knowledge and technology.
The organization shall review the consequences of unintended changes, taking
action to mitigate any adverse effects, as necessary.
Operation
8.1.4 Procurement
The organization shall establish, implement and maintain a process(es) to control
the procurement of products and services in order to ensure their conformity to its
OH&S management system.
8.1.4.2 Contractors
Risk Assessment must include risks to and from contractors that can have an impact
on interested parties (section 4.2)
8.1.4.3 Outsourcing
The organization shall ensure that outsourced functions and processes are
controlled.
Legal & other requirements
The type and degree of control to be applied to these functions and
processes shall be defined within the OH&S management system.
Operation
9 Performance evaluation
9.1 monitoring, measurement analysis and evaluation
9.1.1 General
9.1.2 Evaluation of compliance
9.2 Internal audit
9.2.1 General
9.2.2 Internal Audit Programme
9.3 Management Review
What this means in practice: once you have identified the key characteristics of your product/service you need
to look at how you can measure performance (this should be made as simple as possible). You also need to
identify legislative & regulatory requirements then check you are complying with these and retain detailed
records. You need to undertake internal audits to ensure people are following procedures – all procedures
should be audited in a 12 month cycle. Hold a management review meeting to a set agenda to look at how well
the business is performing and how it can be approved – update the management programme after the
meeting.
Performance Evaluation
9.1.2 Evaluation of compliance
Legal compliance audit
Performance Evaluation
Enter evidence of
compliance
9.2.2 Internal Audit Programme
Performance Evaluation
9.3 Management Review
1.
Actions from this meeting
2. Progress on actions from previous meeting(s)
3. Review & changes to Interested parties & Context
KPI:
Measure/data source:
No KPI
Annex 1
4. Internal & Third Party Audits:
KPI:
Measure/data source:
On time - schedule up to date Audit schedule & Reports
0 Non-conformances
External Audit Reports
5. Review of Risk
KPI:
Registers
assessed
updated
and
Measure/data source:
Annex 1
Environmental Aspects & Impacts Register
IT Asset Inventory
Data Protection Impact Assessment
Responsible:
Management Team
Responsible:
Management Team
Responsible:
Management Team
6. Customer Satisfaction & Complaints (communication with interested parties & enforcement agencies)
KPI:
Measure/data source:
Responsible:
No of days to close Problem Register
Management Team
complaints
Improvement Reports
Customer satisfaction
Excel spreadsheet/radar graph
Communication
with
enforcement
0 enforcement issues
agencies
7. Review of Legislation & Compliance
KPI:
Measure/data source:
Responsible:
0 enforcement issues
Problem Register
Management Team
0 internal issues
Improvement Reports
Findings of legal compliance audit
Review of legal register
Register of legal & Other Requirements
8. Policies:
Performance Evaluation
10 Improvement
• 10.1 General
• 10.2 Nonconformity and corrective action
• 10.3 Continual improvement
What this means in practice: when things go wrong or you get customer complaints record them
investigate them and ensure effective corrective action is taken to stop them from recurring. Review
these at the management review and identify opportunities for improvement this can be recorded in the
minutes of the meeting and on the management programme document.
Improvement
Any Questions?
Tel: 0844 815 7765
Email: info@rkmsuk.co.uk
www.rkmsuk.co.uk
www.issosmart.co.uk
www.primaryrisk.co.uk
Contact Us: