Patty's Industrial Hygiene, Program Management and Specialty Areas of Practice. Группа авторовЧитать онлайн книгу.
auditing is a common activity in organizations historically focused on determining compliance to governmental regulatory standards, rules, and laws, as well as its own voluntary requirements. However, the focus for the internal audit prescribed in ISO 45001:2018 is whether the OHSMS is effectively implemented, including compliance considerations, in conformance with the standard as well the organization's own OHSMS requirements. It states:
“the organization shall conduct internal audits at planned intervals to provide information on whether the OH&S management system conforms to the organization's own requirements for its OH&S management system, including the OH&S policy and OH&S objectives; and, the requirements of [45001:2018]” (66). As well, internal OHSMS audits need to address whether the OHSMS “is effectively implemented and maintained (66).”
Criteria and requirements are included related to the internal audit program's structure and activities (§9.2.2). Included are issues related to: audit planning, methods, frequency, scope, auditor qualification/character, and reporting. Internal audit criteria need to be established, along with ensuring auditors selected to do audits are objective and impartial. Results need to be reported to “relevant managers,” and “relevant audit results need to be reported to workers, workers' representatives (where they exist), and relevant interested parties” (67). As well, the organization is required to “take action to address nonconformities and continually improve its OH&S performance; and, retain documented information as evidence of the implementation of the audit programme and the audit results” (67).
For more information on auditing and the competence of auditors, users of ISO 45001:2018 are directed to ISO 19011:2018, Guidelines for auditing MS (68).
5.8.4 Management Review
A legacy element in the OHSMS approach is management review (§9.3). ISO 45001:2018 contains management review guidance and requirements. The standard states that “top management shall review the organization's OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness” (67). Key here is evaluation of the OHSMS's suitability, adequacy, and effectiveness. Top management needs to determine whether maintaining the OHSMS is aligned with strategic objectives, and if not, should maintaining conformance to it be continued, and if it is, to ensure that proper resources and support are being given to it. Criteria and requirements for conducting management reviews include the types of information and data that need to be considered.
ISO 45001:2018 requires that:
“the outputs of the management review shall include decisions related to: the continuing suitability, adequacy and effectiveness of the OH&S management system in achieving its intended outcomes; continual improvement opportunities; any need for changes to the OH&S management system; resources needed; actions, if needed; opportunities to improve integration of the OH&S management system with other business processes; and, any implications for the strategic direction of the organization” (69).
As well, top management is required to “communicate the relevant outputs of management reviews workers, and, where they exist, workers' representatives” (69).
5.9 Improvement (§10)
The term “improvement” finds its way into ISO 45001:2018 from ISO's MSS requirements. A number of “improvement” related activities and requirements are bundled here, these are incident, nonconformity, and corrective action responses (§10.2), and continual improvement (§10.3).
5.9.1 Incident, Nonconformity, and Corrective Action
ISO 45001:2018 (§10.2) states that “the organization shall establish, implement, and maintain, a process(es) including reporting, investigating and taking action to determine and manage incidents and nonconformities” (69). Specific requirements include the following: timely response; conducting root cause analysis, with worker involvement; assessing potential historical trends; and ensuring that findings are feed back into the planning process. The standard defines nonconformity, incident, and corrective action as follows.
Nonconformity (§3.34) – the “non‐fulfilment of a requirement” (70). This relates to the requirements of ISO 45001, as well as requirement that the organization establishes for itself.
Incident (§3.35) – is an “occurrence arising out of, or in the course of, work that could or does result in injury and ill health” (70). An incident where no injury and ill health occurs, but has the potential to do so, may be referred to as a “near‐miss,” “near‐hit,” or “close call.” Although there can be one or more nonconformities related to an incident, an incident can also occur where there is no nonconformity.
Corrective action (§3.36) – is an “action to eliminate the cause(s) of a nonconformity or an incident and to prevent recurrence” (70). This term is one of the common terms and core definitions for ISO MSSs. The definition has been modified to include a reference to “incident,” as incidents are a key factor in OHS, yet the activities needed for resolving them are the same as for nonconformities, through corrective action.
5.9.2 Continual Improvement
A hallmark of the OHSMS approach is continual improvement. 45001:2018 continues this trajectory, stating in §10.3 that:
“…the organization shall continually improve the suitability, adequacy and effectiveness of the OH&S management system: by enhancing OH&S performance; promoting a culture that supports an OH&S management system; promoting the participation of workers in implementing actions for the continual improvement of the system; and, communicating the relevant results of continual improvement to workers, and where they exist, workers' representatives” (71).
The standard defines continual improvement as a “recurring activity to enhance performance,” (49) and reinforces the idea that continual does not mean continuous, that is, the activity does not need to take place in all areas simultaneously. The addition of a separate clause on improvement also emphasizes that the clauses in ISO 45001 do not work independently but rather together. Improvements identified here are a result in part from monitoring and measurements, including management reviews, and addressed in planning as possible new objectives.
6 PRE ISO 45001 APPROACHES
As previously indicated, there have been at least several dozen OHSMS standards and guidance documents developed since the 1980s, and leading up to the publication of ISO 45001:2018. Several of these are briefly mentioned here.
6.1 OHSAS 18001
With the publication of ISO 45001:2018, the BSI announced that 45001:2018 would replace OHSAS 18001:2007, and that organizations would need to migrate to 45001 in the 2019 to 2021 timeframe. The brief information about OHSAS 18001 is provided here for historical purposes.
Britain has been a leader in the development of management system standards and approaches. British standards 5750 (quality) and 7750 (environment), were influential in the development of ISO 9001:1987 and 14001:1996, respectively.
In 1991, Britain's Health and Safety Executive (HSE) published a document titled “Successful health and safety management” (HSG 65) to provide OHS management guidance to organizations (72). In 1996, the BSI published the OHS management system guide BS 8800 at the same time ISO was in the process of developing ISO 14001:1996. BS 8800 was intended as a best practice document with some resistance to making it an auditable standard. Therefore, it's provisions were written as “shoulds” (recommendations), as opposed to “shalls” (requirements). This made it challenging for registration bodies using BS 8800 noting this weakness or lack of firm requirements. BS 8800 was subsequently revised in 2004 to harmonize it with OHSAS 18001:1999 with additional updates considering revisions made to ISO 14001:2004.
BSI