Health and safety survey findings - the key challenges
Transitioning from OHSAS 18001 to ISO 45001:2018
Implementing a health and safety management system
A look at 3 case study organisations
Technology recommendations for:
Capturing risk and incident data
Root cause analytics, Big Data, IoT and predictive scoring
A culture of wellbeing and safety
Integrating health and safety considerations into business change processes
Examples of how our software is used
Get your questions answered
https://quality.eqms.co.uk/health-and-safety-webinar
2. This webinar
Three objectives:
1. An overview of the new ISO 45001:2018 requirements
2. Applying the principles of ISO 45001
3. How organisations are creating a culture of
proactive health and safety
Chris Owen
Services Director
Robert Oakley
Commercial Director
Kate Armitage
Head of Quality Assurance
3. Webinar based around you
“Implementing a health and safety management
system.”
“How to make the best use of technology for a
proactive health and safety culture.”
“Better understanding of the principles of a
health and safety culture.”
“Getting the data I need to focus on the key
priorities.”
“Case study examples.”
“Understand the changes from OHSAS 18001 to
ISO 45001 and how Qualsys’s system can
“Health and safety refresher.”
“Risks and metrics and how they apply to
the standard.”
“Interested in how Qualsys can help
configured the software for health and
safety.”
“A different take on managing health and
safety.”
“Best practice ideas.”
Webinar form: What would you like to get out of
this webinar? Summary from 150 responses
4. About Qualsys
• Focus on culture
• Integrated business management system software for:
• Quality / ISO 9001:2015
• Information security / ISO 27001:2013
• Health and safety / ISO 45001:2018
• Risk / ISO 31000:2018
• Environment / ISO 14001:2015
• Business continuity / ISO 22301:2012
• 97% customer retention
• £20m+ cumulative investment
• Established in 1995
• 128+ countries
7. 554 cases prosecuted with fines from
convictions totalling £69.9 million
http://workplaceinsight.net/workplace-injuries-ill-health-cost-britain-14-9-billion-according-latest-
hse-data/
8. It’s not just fatalities
• Ill health in the UK costs £13.8
billion
• 31.2 million work days lost
• 521,000 workers suffered a
new case of ill health cause by
or made worse by work
• Poor mental health costs
employers £42 billion a year
9. Changes from OHSAS 18001 to ISO 45001
• Adoption of Annex SL – aiding IBMS
• Removal of management representative
• Designed to embed H&S responsibility
• Enhanced role of top management
• H&S = BAU
• Extension of worker participation
• Focus on health – not just safety
• Long term impact, not just short term
• H&S opportunities
• Definition changes
https://quality.eqms.co.uk/hubfs/ISO%
2045001%202018%20brochure%20.pdf
12. The key health and safety principles
Old approach ISO 45001:2018
Reactive Proactive
Individualism Culture
Compliance thinking Risk-based thinking
Control and command Worker consultation and participation
Siloed management systems Integrated management systems
Management representative Top management
Risks Opportunities
Short term focus Long term focus
13. Building blocks for health and safety
Safe, healthy
workplaces
Process
improvement
Trust
Competency
Assessment
Accountability
Strategy
Information
technology
Leadership
Systems
Improvement
Culture
14. Case organisation one: IT systems
The challenge:
• OSHA compliance
• Complex spreadsheets
• Visibility of risks, near-miss and opportunities
Solution:
• Workflows: Assign roles and responsibilities
• Audit trails: Who did what and when
• Standardised approach – processes, policies and
Standard Operating Procedures
• Document Manager, Audit Manager, CAPA Manager, Risk
Manager
15. Case organisation one: Improvement
The challenge:
• High number of agency staff
• Knowing which staff are trained on
equipment
Solution:
• Standardised approach – processes,
policies and Standard Operating
Procedures
16. Case organisation three: Culture
The challenge:
• Reporting near miss incidents
• Proactive management
Solution:
• Capture data using Kiosk
• Performance evaluation
Kate:
Hello everyone and welcome to this ISO 45001 Health and Safety webinar where we’ll be talking through how organisations can apply the requirements of the Standard using our software.
Kate:
I’m Kate Armitage, I’m your host today. As the Head of Quality Assurance at Qualsys, one of my key roles is to lead and drive the quality management strategy. This involves working closely with our staff and customers and to influence the product development roadmap. For example, at the moment I am working closely with the University of Leeds to develop an inspection management application.
I’m joined today by Chris Owen, our Services Director and Robert Oakley, our Commercial Director.
Chris & Rob: – Hello
Kate:
You may be wondering why you have 3 members of Qualsys SMT presenting this webinar; well in answer to that question; it ultimately comes down to the point that as members of the senior management team we have a responsibility for health and safety I the workplace. It should be noted that the key act to bear in mind is the H+S @ work act 1974 which is enforced by the Health and Safety executive (HSE).
Today we’re going to give you an overview of the new ISO 45001:2018 requirements, how to apply the key themes and principles of ISO 45001 to your own health and safety management system and we’ll share with you how organisations are creating a culture of proactive health and safety management.
Kate:
When you signed up for this webinar, we asked you what would you like to get out of this session. We’ve put some of the key themes above.
Many of you are transitioning from OHSAS 18001 to ISO 45001 and want ideas and best practices on how to improve the health and safety management system.
Only 30% of those on this webinar are currently customers, so we’ll start with a brief introduction to our software, and then take a holistic look at health and safety, and applying the principles of ISO 45001 throughout.
So I’ll hand over to Rob…
Rob:
We provide and implement software and practices that make all aspects of governance, risk and compliance the responsibility of everyone.
Our management system software can be used for quality, health and safety, environment etc.
Since 1995, we’ve implemented over 700 configurations of our software for organisations such as BT, Sodexo, and Diageo.
Our software system is made up of 7 integrated modules which can be configured to meet your internal requirements. Each module works well together or on their own.
Our business philosophy is that governance, risk and compliance is the responsibility of everyone – so we offer free end user licenses, it’s available on any device anywhere in the world, and our team coach your system champions throughout the best practice implementation process to engage the wider business.
Kate:
Across the world today, over 7 600 people will die from work-related accidents or diseases. that’s over 2.78 million every year*.
These deaths are preventable but do not have the proper structures and systems in place.
Time and time again, we see issues such as:
Health and safety is the responsibility of an individual. It’s perceived as an overhead, called upon only when something goes very wrong.
Leadership don’t communicate the importance of good safety practice, data is misleading or missing, and people at all levels cut corners to avoid red tape.
Health and safety is isolated from the core business processes, meaning it’s always bolted on – an afterthought.
Kate:
And it’s not just fatalities organisations you need to be preventing.
The burden of occupational injuries and diseases is significant, both for employers and the wider economy, resulting in losses from early retirements, staff absence and rising insurance premiums.
To combat the problem, ISO has developed a new standard, ISO 45001, Occupational health and safety management systems, that provides a framework to improve employee safety, reduce workplace risks and create better, safer working conditions, all over the world.
ISO 45001 Occupational Health & Safety (OH&S) management system is the world’s first OH&S ISO standard which will help thousands of organizations to provide a safe and healthy workplace for their workers and other people, prevent deaths, work-related injury and ill-health and to continually improve their OH&S performances.
As an international standard, ISO 45001 crosses geographic, political, economic, commercial and social boundaries. It sets a single benchmark for the management of occupational health and safety. So if your organization operates or trades internationally, you can work to a single standard which can simplify your business.Whether you are currently working to BS OSHAS 18001 or country specific standards such as ANSI/ASSE Z10 2012, CAN/CSA-Z1000-14, AS/NZS 48001:2001 or others, you can upgrade to ISO 45001 now.
Direct benefits of Implementing 45001:
Improving its ability to respond to regulatory compliance issues
Reducing the overall costs of incidents
Reducing downtime and the costs of disruption to operations
Reducing the cost of insurance premiums
Reducing absenteeism and employee turnover rates
Recognition for having achieved an international benchmark (which may in turn influence customers who are concerned about their social responsibilities)
Kate:
The standard was developed by a committee of occupational health and safety experts, and follows other generic management system approaches such as ISO 14001 and ISO 9001.
Adoption of Annex SL – aiding IBMS
Removal of management representative
Designed to embed H&S responsibility
Enhanced role of top management
H&S = BAU
Extension of worker participation
Focus on health – not just safety
Long term impact, not just short term
H&S opportunities
Definition changes
Health and safety must be integrated across the business
Interpretations of ISO 45001 in different sectors - the standard can be adopted by any sector
Pivotal role of preventative measures - In other words, the standard recognises the pivotal role that preventative measures play in tackling not only physical injuries but also ill-health in the long term, which remains a major concern in the UK
From pure compliance to the process of risk management - The publication of ISO 45001 comes at a time when the Internet of Things (IoT) and data automation are already shifting the approach to risk-management from one of pure compliance to a process that is becoming more information-based.
Kate:
Clause 1: Scope.
This sets out the requirements for the management system and the intended outcomes. ISO 45001 is aimed at not only providing a framework for an occupational health and safety management systems (OH&S MS) but on the explicit prevention of work-related injury and ill-health and the provision of safe and healthy workplaces. This is fundamentally different from OHSAS 18001 which aimed to support and promote good OH&S practices and provided organisations with the ‘elements’ of an effective OH&S management system.
Clause 2: Normative references.
There are no normative references. This clause was retained simply to maintain consistent numbering across all ISO management system standards.
Clause 3: Terms and definitions.
These are listed in conceptual importance and not alphabetically. There are a number of new and revised definitions from OSHAS 18001. It is important to review these carefully as some of the key terms are fundamental to the requirements of the standard – such as “consultation – seeking views before making a decision”.
Clause 4: Context of the organization.
New from OSHAS 18001 but part of the HLS, this clause ‘sets the scene’ for the organization and the scope and boundaries for the occupational health and safety management system. Importantly ISO 45001 should be aligned to the strategic direction of the organization, embedding OH&S management into the core business functions, rather than as a stand-alone discipline.
Within this clause the organization has to determine the internal and external factors that may affect its ability to achieve the intended outcomes of its OH&S MS. Externally this may be issues such as socio-economic and political instability; internally, it may be issues such as restructuring, acquisitions or new products.
Clause 5: Leadership and worker participation.
This clause is the cornerstone for the success of the OH&S MS. Whilst in OHSAS 18001 top management were responsible for OH&S and were required to ‘appoint’ a member of top management with specific responsibility for OH&S. Top management in ISO 45001 are responsible and accountable for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces (not simply providing support for a management system).
This requires top management to be personally involved in order to develop, lead and promote a culture that supports OH&S. It should also be noted that leadership and culture is identified as a potential hazard later in the standard (6.1.2.1a). It is also top management that has to ensure that a process for consultation and participation with workers is established. This may include establishing a health and safety committee. It is also top management’s responsibility to establish, implement and maintain the health and safety policy. The required contents for the policy are enhanced from OSHAS 18001 and include elements such as a commitment to consultation and participation of workers. Importantly consultation with workers on the health and safety policy is included later in this clause. Consultation and participation of workers is significantly enhanced from OSHAS 18001 which was limited to participation in hazard identification and consultation on changes. In ISO 45001 consultations involve seeking views before making a decision with clear two-way communication, whilst participation is involvement in decision-making. This must include non-managerial workers. The organization is now required to provide the mechanisms, time, training and resources for consultation and participation of workers. This includes removing any obstacles or barriers such as language, literacy or fear of reprisals.
Clause 6 Planning.
Alignment to the HLS structure has seen planning split in a slightly unusual way. There are still the elements that you would expect and know from OSHAS 18001 such as hazard identification, assessment, control, legal requirements and objective setting but the HLS requirements of risk and opportunities introduced a challenge for the expert committee that developed ISO 45001. In order to incorporate the HLS and the aim of the OH&S management system, risk and opportunities has been broken into two elements: • Assessment of OH&S risks and other risks to the management system • OH&S risks being the ‘traditional’ likelihood x severity • Risks to the management system are those more traditionally related to business risk (effect of uncertainty) such as peaks in work flow, restructuring as well as external issues such as economic change • Assessment of OH&S opportunities and other opportunities to the OH&S management system • OH&S opportunities are circumstance(s) that can lead to improvement of OH&S performance This includes adapting work to workers, eliminating hazards and other opportunities for improving the OH&S management system such as implementing ISO 45001. Importantly risks and opportunities shall be determined before planned change. There is also increased emphasis on identifying 7 bsigroup.com hazards associated with mental ill-health (adverse mental or cognitive conditions) such as workload, bullying and the leadership and culture of the organization. Additionally the identification of hazards has to start at conceptual design stage as well as the on-going lifecycle of workplace, facility, equipment, processes, activity etc. The principles of horizon scanning are also introduced within this clause. New knowledge of, and information about, hazards has to be taken into account.
Clause 7: Support.
This clause begins with a requirement that organizations shall determine and provide the necessary resources to establish, implement, maintain and continually improve the OH&S management system. These cover human resources, natural resources, infrastructure and financial resources. Simply expressed, this is a very powerful requirement covering all OH&S resource needs. The competency element of this clause is very similar to OSHAS 18001 but communication is split out in ISO 45001 into awareness, communication, internal and external communication. ISO 45001 uses the term ‘documented information’, instead of ‘documents’ and ‘records’ as used in OSHAS 18001. This reflects modern types and use of information – cloud based, multi-media etc. However one of the biggest drivers for this change was the recognition that the implementation of OH&S MS’s had led to an over reliance on documented procedures, creating unnecessary and bureaucratic paper trails, that did not actually improve OH&S performance.
Clause 8: Operation.
This clause is significantly enhanced from OSHAS 18001. Not only does it remove the ‘option’ of using the hierarchy of controls, instead making its use a specific requirement, it introduces new sub-clauses on procurement and change. One of the real strengths of OSHAS 18001 was the explicit recognition that change needed to be taken into account during hazard identification and risk assessment. However ‘taking into account’ and proactively managing change are very different things. Change presents real risks and opportunities to organizations. ISO 45001 acknowledges this and has a dedicated clause now on the management of change. Organization will need to plan how to implement change in a manner that does not introduce new (unforeseen) hazards or increase the OH&S risks, whilst also identifying the opportunities for improving OH&S performance that the change may enable. The new sub-clause on procurement provides recognition that the risks related to the supply chain are most effectively managed when they are taken into account at the very first stages of procurement – pre-tender and tender. Experience has shown that trying to manage the risks introduced by the supply chain once its operational are extremely expensive and limited in effectiveness. With ISO 45001, organizations have to establish procurement processes that conform to the OH&S MS, including defining OH&S criteria for the selection of contractors. These procurement activities have to be coordinated with those contractors. New within this section is outsourcing. Relating back to the ‘context’ of an organization and its credibility, there was concern by the expert panel that certain activities or processes with high OH&S risks were being outsourced, without due consideration of the implications for OH&S this had. A responsible organization will establish control of those outsourced functions to achieve the intended outcomes of the OH&S MS. Controls can include things such as procurement and contractual requirements, training and inspections.
Clause 9: Performance evaluation.
Very similar to OSHAS 18001 in detail, the key change is where in OSHAS 18001 it was a ‘procedure’, in ISO 45001 it now has to be a ‘process’. This is one of the fundamental changes between OSHAS 18001 and ISO 45001. Whilst the introduction of ‘processes’ is a reflection of the alignment to the HLS, it also reflects that an effective OH&S MS is a continually improving one. A process is a cycle, it should reflect a PDCA (plan, do, check, act) cycle and not be static. Therefore ISO 45001 requires processes for consultation and participation, planning, hazard identification, assessment of risk and operational control. Management reviews have to consider risks and opportunities and trends in aspects such consultation and participation of workers to ensure it is happening effectively, which is part of their leadership responsibility.
Clause 10: Improvement.
Gone from ISO 45001 is the requirement related to ‘preventative action’ that was found in OSHAS 18001. This is because the whole of ISO 45001 is about prevention. Also in this clause is the requirement to eliminate the root cause(s) of incidents and non-conformities reflecting the overall aim of the standard to prevent injury and ill-health and provide safe and healthy workplaces. The standard concludes by underlining the fact that effective OH&S management is not static and should continually improve and be supported by a proactive culture.
Kate:
Identify - all the activities at your [place of work
Check – with help of your employees, whether any activities have (significant) asc harm
Reduce – the risks that can lead to serious injury (accidents or longer term sickness) by removing the hazard, modifying the work processes etc.
Verify – whether the measure you have in place are working properly
Improve – always look for ways to improve
Kate:
Because ISO 45001 is designed to integrate with other ISO management systems standards, ensuring a high level of compatibility with the new versions of ISO 9001 (quality management) and ISO 14001 (environmental management), businesses that already implement an ISO standard will have a leg up if they decide to work toward ISO 45001.
The new OH and S standard is based on the common elements found in all of ISO’s management systems standards and uses a simple Plan-Do-Check-Act (PDCA) model, which provides a framework for organisations to plan what they need to put in place in order to minimize the risk of harm. The measures should address concerns that can lead to long-term health issues and absence from work, as well as those that give rise to accidents.
ISO 45001 will replace OHSAS 18001, the world’s former reference for workplace health and safety. Organisations already certified to OHSAS 18001 will have three years to comply with the new ISO 45001 standard, although certification of conformity to ISO 45001 is not a requirement of the standard
ISO 45001:2018 went live in March. When compared with OHSAS 18001, this standard is more explicit about the need to manage health and safety opportunities, risk-based thinking. It’s a move towards a culture – engagement, communication and participation. Health and safety needs to be part of the integrated business management system.
Kate:
There are three building blocks for health and safety
At the core are the systems and structure.
Then there are effective improvement initiatives
At the top is a culture of health and safety best practice.
Chris is going to talk you through how organisations manage health and safety using our technology.
Chris:
One of our customers in the USA, regulated by OSHA, deal with toxic chemicals so if there is a spill down a drain it must be notified within 15 minutes to relevant authorities. They, like many organisations, had complex spreadsheets, it was hard to report incidents and there were manual data management practices which were slow.
Now, the organisation has migrated this complex spreadsheet into Qualsys’s software and I’ll show you some examples of how they are using the software.
Clause 4: Context
Centralised, standardised policies
Clause 5: Leadership and worker participation
Roles are assigned, integrates with the wider business management system
Demo core compliance requirements:
Document Manager – Processes and policies
Audit Manager – Scheduling health and safety audits
Risk Manager - Risk matrix – how to move a complex spreadsheet into the system
Chris: (Consider Rawsons)
One of our customers, a mid-sized manufacturer, employs a high number of agency staff to operate machinery.
Clause 6: Risk-based thinking
Policy and operational risks have been managed (Risk Manager)
Clause 7: Communication
Information is accurate , timely and properly directed (To-do list)
Clause 8: Operations
Operate safe processes managing temporary and permanent changes under controlled conditions (Supplier Manager)
Chris:
(EPC)
Another of our customers has a large, remote workforce. They operate in a dangerous, high risk sector. They celebrate days when there are no incidents.
For remote workforces, we’ve developed a kiosk application whereby data can be collected from anyone by simply clicking a few buttons on the form.
I’m going to show you an example of how organisations with remote workforces in dangerous environments can use our new Kiosk application to capture risks, near-misses, opportunities and incident data from any browser.
Clause 9: Performance evaluation
Clause 10: Improvement
Kate:
Now we will go through some questions that we have received. (Kate to pose these questions to Rob / Chris)
Q- Jane – My workforce don’t like change, there is a culture where employees do as they’ve always done.
Q- Steve - I still don’t feel as though my management team really do enough. Any suggestions?
Q- Bill – What are some examples of workforce wellbeing?
Q – Emma – How do I go about implementing a health and safety technology management system? Is it cloud-based? How does remote access work? Can the health and safety management system integrate with quality / information security / risk / Environment? How long does it take to implement?
Q – Beej - How can you get the boardroom to talk about health and safety?
Thank you all for your attendance:
Rob:
Sign off and advise to contact us should anyone require anything further.