ISO 45001:2018 is the international standard for occupational health and safety management systems (OH&S). Its purpose is to provide the requirements for organizations looking to assess conformity of an existing OH&S management system, to create a new one or to integrate one into another existing management system. It defines the responsibilities for protecting the physical and mental health and safety for workers and anyone else affected by the activities of the organization.
A management system is not a software application. According to ISO, a management system is “a set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.” A management system, therefore, is a detailed, conceptual model that describes how your organization works. It includes models for coordinating people, processes, technologies and data to make it possible to achieve business goals.
Management systems are not fixed entities that persist over time without change. Instead, they need to adapt based on organizations’ understanding of the context in which they operate. This requires a thorough understanding of the internal and external issues that will have an impact on the organization’s goals. These issues change over time, which means the organization’s objectives, products, services, structure and processes need to be adjusted to accommodate them. As a result, while software and technology are not strictly requirements for an effective management system, they are generally considered vital components in supporting management system complexity in a global marketplace with multiple compliance obligations.
What Are the Benefits of ISO 45001:2018?
According to the United Nations, almost 3 million people die every year from workplace accidents and work-related illnesses. That works out to about 7,500 deaths every day. A further 374 million workers experience non-fatal injuries at work every year.
ISO 45001:2018 is a standard that provides best practices for industries to work towards the goal of eliminating death in the workplace. It is not a mandatory requirement that organizations certify to ISO 45001:2018, although it is frequently expected for organizations that want to do business in certain sectors. It is also not prescriptive about how organizations should structure their safety management systems. Instead, it is a flexible approach that recognizes the distinct qualities and priorities of every organization that needs to protect the health and safety of its workers.
When an organization implements ISO 45001:2018, it demonstrates a commitment to understanding risk in the workplace, reducing hazards that could lead to injuries or death and creating a workplace with an effective safety culture that strives to understand and prevent threats before they culminate in incidents. These organizations will also reap several operational and strategic benefits, such as a better response to regulatory issues, lower costs from injuries and equipment incidents, better insurance premiums, reduced absenteeism resulting from injuries, higher rates of productivity from engaged workers and a stronger reputation in the marketplace.
Fundamental Elements of ISO 45001:2018
ISO 45001:2018 is built on several fundamental elements that are critical to ensuring that an OH&S management system is effective in meeting desired outcomes.
Key Success Factors
The key success factors for implementing and maintaining an OH&S management system are as follows:
- Leadership commitment, responsibility and accountability.
- Leadership promoting and leading a culture of safety that supports the OH&S management system and ensures it meets defined outcomes.
- Organization-wide communication.
- Participation of the workforce in developing and maintaining the OH&S management system.
- Allocation of necessary resources.
- OH&S policies that support the overall strategic objectives of the organization.
- Processes for effectively identifying hazards and managing risks and opportunities related to OH&S.
- Evaluation and monitoring of the OH&S system to ensure continual improvement.
- Integration of the OH&S management system into the organization’s business processes.
- OH&S objectives that consider hazards, risks and opportunities and that align with the OH&S policy.
- Compliance with all legal and regulatory requirements.
Plan-Do-Check-Act (PDCA) is a process-based approach to achieving continual improvement across the organization. It is applied to all the ISO management system standards, including ISO 45001:2018. PDCA is as follows:
- Determine and assess all risks and opportunities that relate to OH&S.
- Establish OH&S objectives and processes required to deliver results that meet organizational goals.
- Implement the OH&S processes determined in the planning stage.
- Monitor, measure and report OH&S processes in relation to policy and objectives.
- Ensure continual improvement of OH&S activities to achieve defined organizational objectives.
ISO 45001:2018 integrates PDCA with the high-level structure to create a new OH&S framework (Fig. 1).
ISO 45001:2018 framework integrating high-level structure and PDCA (Note: numbers in brackets refer to clauses in ISO 45001:2018)
ISO 45001:2018 integrates risk-based thinking throughout. Risk-based thinking requires an organization to anticipate and prevent hazards instead of simply responding to them after they’ve happened. This involves identifying potential hazards relating to work areas, processes, equipment, operating procedures and training. Risk-based thinking requires that organizations determine risks related to hazards but also that they view risk as an opportunity to identify areas of continual improvement to the safety management system.
ISO 45001:2018 features the high-level structure (also known as Annex SL) common to other management systems standards from ISO, including ISO 9001:2015, ISO 14001:2015 and ISO 27001:2013. The high-level structure facilitates an easier understanding of multiple management systems to more easily meet customer expectations and compliance requirements. The high-level structure of Annex SL is as follows:
- Normative references
- Terms and definitions
- Context of the organization
- Performance evaluation
How Can Technology Enhance ISO 45001:2018?
ISO 45001:2018 does not stipulate that organizations must have a cloud-based application to support its safety management system. It is possible to certify to ISO 45001:2018 using nothing but paper and spreadsheets. However, as the world is increasingly driven by data analytics, any organization that tries to support its safety management system without embracing digitization is likely to miss most of the opportunities ISO 45001:2018 provides.
The goal of every safety management system is to understand the root causes that lead to incidents and to prevent those incidents from happening again. Traditional safety management approaches have relied on lagging indicators from incidents to provide the data safety leaders need to conduct root cause analysis. However, the digital revolution has empowered today’s frontline worker to become a critical component of a proactive safety management system that reduces injuries before they happen. Arrays of sensors and workers with mobile applications can collect data and report safety observations instantly, creating a continuous and real-time flow of safety data to the safety management system. These observations can be immediately communicated back to the entire workforce to make every worker aware of potential hazards, while safety leaders can use digital reports and dashboards to analyze the data and understand leading indicators and trends that highlight hidden hazards and threats gradually aggregating throughout the work environment.
A safety management system built on digitization and advanced data analytics is a prerequisite for any organization that wants to reap the maximum benefit from using ISO 45001:2018. The future of health and safety lies in real-time communication with a digitally empowered workforce and proactive safety built on leading indicators derived from data, not spreadsheets and paper.