7 Changes Coming to ISO 45001
We already know a great deal about what ISO 45001 will contain and how it will be formatted, as the ISO has circulated multiple draft copies over the past few years. As such, it is possible for your organization to begin the gap analysis process early, and as a result be better prepared when the final revisions are released.
ISO 45001 Timeline
ISO 45001 is designed to replace OHSAS 18001. The new standard was initially proposed in June 2013. After an extensive consultation process that took into consideration more than 6,300 comments, the ISO released its first proper draft in January 2016. A final working draft followed in November 2017. Provided there is no requirement for further public consultation, the ISO is expected to publish the final version in March 2018.
Organizations that currently use OHSAS 18001 will have three years to migrate their occupational health and safety management system to ISO 45001.
In this ISO 45001 guide, we provide a general overview of some of the ISO 45001 changes you can expect, and how they will impact your organization. Keep reading to learn more. You can also contact an NQA representative for information about our role in the process.
Change No. 1: Context Of The Organization
One of the main changes between ISO 45001 and OHSAS 18001 is the new standard’s focus on organizational context. In adopting the Annex SL high-level structure, ISO 45001 requires that participants view occupational health and safety management in a broader context, one that includes regulations and governance as well as organizational culture and its impact on all stakeholders, including workers, customers and more. This also aids the integration within existing business practice, rather than being looked upon as a separate function.
Widening the scope of the system considerably, making it easier to integrate health and safety with other goals, including quality, energy management, business continuity and information security.
Change No. 2: Leadership And Worker Participation
ISO 45001 makes health and safety an organization-wide concern. It changes several requirements for management participation and engagement to a more general leadership provision — a subtle distinction designed to empower all staff to make safety a priority.
Likewise, communication and documentation take on increased significance. All staff must now be aware of their responsibilities, and work together to meet health and safety goals. To facilitate this, organizations will need to set aside adequate resources for worker participation and training on things such as incident reporting, investigations, risk assessment and other tasks that were the exclusive domain of management under the old system.
Change No. 3: Health And Safety Planning
ISO 45001 amalgamates several clauses (4.3.1, 4.3.2 and 4.3.3) in OHSAS 18001 related to defining objectives, identifying opportunities and managing risk. The new standard addresses opportunities and measures of effectiveness, legal requirements and more. When setting health and safety objectives, it requires organizations to consider the available resources and identify the responsible staff, timelines and associated metrics for gauging success. These changes require additional documentation, formalizing organizational goals and priorities to a greater extent than OHSAS 18001 did.
Change No. 4: Support
Section 7 of ISO 45001 revises several of the support provisions found in OHSAS 18001. It abandons many procedural requirements in favor of more extensive documentation. There is also an increased emphasis on communication — ISO 45001 mandates that communication objectives be defined and measured for their effectiveness. This is related to a renewed focus on awareness, in which managers must communicate with workers on policies, risks and hazards, as well as the results of any accident investigations and other official inquiries and potential changes.
Change No. 5: Operation
ISO 45001 introduces several new requirements under the general operation section of the standard. Section 8.1.2 arranges risk management principles according to a hierarchy of controls. It also identifies potential sources for operational change, and outlines their occupational health and safety requirements. These may include new personnel or equipment, changing working conditions, new regulatory requirements and more.
Other new provisions strengthen requirements related to outsourced tasks and procurement processes, as well as controls and communication when working with internal and external contract workers. Additionally, ISO 45001 features an expanded section on emergency preparedness and response.
In ISO 45001, an activity’s operational controls must be able to accommodate both new and existing hazards and risks. As a result, the overall occupational health and safety management system becomes more versatile and resilient.
Change No. 6: Performance Evaluation
ISO 45001 strengthens, expands or modifies many of the outgoing standard’s requirements for evaluation. Performance and monitoring results must now be documented information. As part of the new emphasis on organizational context, these benchmarks should consider additional factors such as legal requirements, risks, opportunities and objectives.
ISO 45001 also includes more detailed requirements for regulatory compliance and internal and external auditing. These changes are designed to actively engage workers organization-wide — relevant workers are required to know the organization's current compliance status, while management must inform workers and relevant interested parties of audit results. The new standard also expands the scope of management review to include risks and opportunities, among other factors.
Change No. 7: Improvement
Continual improvement is one of the core tenets of every ISO system. ISO 45001 further refines this. In it, occupational health and safety management systems must identify and respond to nonconformity with action. The new standard abandons the idea of preventive action as a distinct concept. Instead, preventionbecomes a fundamental requirement of the system in its entirety.
For example, following an incident, compliant organizations must complete a root cause analysis and make the appropriate changes to ensure similar incidents don’t recur. The system is no longer merely reactive — instead, incidents of nonconformity help drive the continual improvement cycle.
Completing An ISO 45001 Gap Analysis
How these changes will affect your organization’s compliance status will depend on several different factors.
If you are already OHSAS 18001 certified, the first step in preparing for ISO 45001 is to complete a gap analysis that looks at each of the above areas and identifies where changes are needed.
Getting started is easy — get in touch with an NQA representative using our Contact Us page at your convenience.