BSI- Ohs as 18001 Introduction

Colombian Safety Council, 2 July 2004 1

Occupational Health and Safety Occupational Health and Safety Management Systems and Management Systems and

Integrated Management SystemsIntegrated Management Systems

byCharles Corrie

Secretary of the OHSAS Project Group

Clive StallwoodBSI Representative to the OHSAS Project Group


Contents

1. About BSI2. Background to OHSAS 180013. Future developments with 180014. ISO and Integrated management Systems


1. The British Standards Institution (BSI)


BSI is Incorporated by a Royal Charter


BSI group: 100 years of innovation

• 1901 World’s first national standards body

• 1926 Kitemark launched

the world’s first product certification mark

• 1929 Royal Charter is granted

• 1948 Founder member of ISO

(International Organisation for Standardisation)

• 1998 Founder member of the OHSAS Project Group


BSI Group: 100 years of innovation (cont’d)

• 1979 BS 5750 published - now ISO 9000



• 1999 BSI OHSAS 18001 published


BSI Group today: products & services


BSI’s registered marks


BSI now has offices in 110 countries


2. OHSAS 18001


Key Issues in OHSMS

• CONTROL - is there an adequate structure?• CO-OPERATION - are there adequate

arrangements? • COMMUNICATIONS - are the arrangements

effective?• COMPETENCE - are the systems and

competencies available?


PDCA Cycle

Plan

DoCheck

Act

Regulations

Continuous Improvement


OHSAS 18001 – PDCA approach

Implementation & operation

PlanningChecking & corrective action

Management Review

OHS Policy

Continual improvement Initial ReviewInitial Review


Occupational Health and Safety (OH&S)

1996 ISO OH&S workshop indicated lack of support for OH&S management systems standardization at that time

In 1998 the International Labour Organisation (ILO) proposed joint work to ISO on a guidance document. BSI responded by proposing that ISO jointly with ILO develop BS 8800 into an international document.

In January 1999 the vote was 29 in favour, 20 against, so under ISO’s balloting procedures was not accepted. Those who voted against indicated that they would prefer ILO to develop such a document, not ISO.


Occupational Health and Safety (OH&S)

However, ISO/TMB decided that it would be willing to accept a formal new work proposal for OH&S management system standardization in the future, if supported by sufficient ISO member bodies, in accordance with the ISO Directives (USA lodged formal objection)

As a result of the ISO decision, a group of national standards bodies and certification bodies published OHSAS 18001 in April 1999

The increasing use and adoption of OHSAS 18001 as national standards has now led many countries to question why ISO is not yet doing work in this field.

ILO published its guidance document in December 2001


Development of 18001• OHSAS 18001 and the accompanying OHSAS 18002,

Guidelines for the implementation of OHSAS 18001, were developed in response to urgent customer demand for a recognizable OHSMS against which their management systems can be assessed and certified.

• OHSAS 18001 has been developed ….. To be compatible with ISO 14001 and 9001.. to facilitate the integration of Q, E, and OHS, should they wish to do so.

• The OHSAS specification will be reviewed or amended when considered appropriate.

• The OHSAS specification will be withdrawn on publication of its contents in, or as, an international standard, or in the UK a British Standard


Scope of 18001a) establish an OH&S management system to eliminate or

minimize risk to employees and other interested parties who may be exposed to OH&S risks associated with its activities;

b) implement, maintain and continually improve an OH&S management system;

c) assure itself of its conformance with its stated OH&S policy;d) demonstrate such conformance to others;e) seek certification/registration of its OH&S management

system by an external organization; orf) make a self-determination and declaration of conformance

with this OHSAS specification.


Feedback from measuring performance

Audit

Management Review

Planning

Policy

4.2 OH&S Policy


Planning


Policy

Implementation and operation

Audit

4.3 Planning


Planning


Policy


Audit

4.3 Planning


Implementation and Operation


Planning

Checking and Corrective Action

Audit

4.4 Implementation and Operation


4.5 Checking and corrective action

Checking And

Corrective action



Management review

Audit


4.6 Management Review

Management review

Checking and corrective action

External Factors

Policy

Internal Factors


ISO 19011:2002 Guidelines for quality and/or environmental management systems auditing

Authority for audit programme (5.1)

Establishing anaudit programme(5.2,5.3)

Implementing audit programme(5.4,5.5)

Monitoring and reviewing auditProgramme (5.6)

Auditor CompetenceClause 7

Audit activitiesClause 6

Improving auditProgramme(5.6)

PLAN

DO

CHECK

ACT


The great debate

• Requirement standards or guidelines?

• Auditing

• Certification-pros and cons


Facts and figures

OHSAS Standards and Certificates survey (to October 2003)

• 31 guidance documents• 23 requirement standards• Certification in 70 countries• 8399 certificates in total• 3898 to 18001 or direct equivalent


3. OHSAS and the future


The Future

• Increasing adoption of 18001 as a national standard in different countries

• Development of OHS standards by USA-ANSI , and by Canada

• Development of a CEN Guidance document• ISO ??????


Systematic ReviewDuring 2004, a Systematic Review of 18001 and 18002 will be conducted.

This will lead to a decision to either:

-Confirm (unchanged)

- Withdraw

- Amend

- Revise

the standards.

Expected outcome is for an Amendment.


Drivers for change

- Ongoing revision to ISO 14001 for EMS, and the need for the standards to remain “compatible”

(Note with ISO 9001:2000 revision, this merely led to revised “Correspondence tables” being included in Annex A)

- The need to reduce identified risks to a situation of being “As low as reasonably practicable” or ALARP.

(Note, this is the only technical comment received against 18001 in 5 years)


Other OHSAS Project Group considerations

• 2004 Standards and certificates survey

• An auditing standard (or a supplement to ISO 19011)

• Auditor qualification criteria

• ISO ?????


4. Integrated Management Systems


Historic background

Military / Nuclear quality programmes

Conversion to civilian use by the automotive industries

Driven by poor quality supply problems, or safety issues

Military standards in the 1960s

National standards in the 1970s

ISO 9000 in 1987 (although started in 1979)

ISO 14001 in 1996


Historic background

1980s saw the rise of the environmental protection movement

1992 ISO established its Strategic Advisory Group on Environment (SAGE)

Led to the establishment of ISO/TC 207 in 1993 for ISO 14001

Other management systems standards started to be developed in the early 1990s, e.g. Dependability management, Project management, Software quality


Historic background

With the publication of ISO 14001in 1996, a number of papers were presented to ISO concerning “Integrated”management system standards.

This led to the establishment of an ISO Technical Advisory Group (TAG12) which recommended that ISO 9001 and ISO 14001 should be developed to be “compatible”

Additionally, it led to the establishment of ISO Guide 72 -Guidelines for the justification and development of management system standards


Established Management system standards

ISO 9000 – Quality

ISO 14000 – Environment

ISO/IEC 17799 – Information Security

IEC 60300 - Dependability

ISO 15161/(ISO 22000) - Food Safety (and HACCP)

ISO 10006 Project management

ISO/IEC Guide 73 Risk Management Terminology


Sectoral documentsTS 16949 – Automotive

ISO/IEC 90003 – Software

ISO/TR 14061 - EMS for Forestry organizations

ISO/IWA 1 - Healthcare

ISO/IWA 2 - Education


Outside of ISO /IEC

Malcolm Baldrige quality award, EFQM, Deming Prize

ILO OSH 2001/ BS 8800 / OHSAS 18001 –Occupational Health and Safety

SA 8000 – Social Accountability

AS 9000/EN 9100 – Aerospace quality

FIDIC Guide on quality for Consulting Engineers

International Martine Organization quality documents

Chemical industries – Responsible cares (an IMS programme)


Many other fields of management systems are now being standardized at a national level

AS/NZ 4360 or PD 6668 – Risk management

PD 75000 - Knowledge management

BS 7000-5 - Obsolescence

BS 3843 or PAS 55 - Asset management

Personnel (UK Investors in People programme)


New fields being considered at ISO

Organizational (Corporate) Social responsibility [OSR]including: - Business Ethics

- Sustainable development- Organizational (Corporate) responsibility- Social Accountability

Food Safety

I.T. Services management


Organizational (Corporate) Social Responsibility (OSR)Work proposed to ISO in 2003

Strategic Advisory Group established 2003

Consultants appointed for a worldwide survey of OSR work

Consultants have recommended that ISO develop a guidance document (see www.iso.org/sr)

ISO workshop June 2004

ISO decision on OSR expected 3rd quarter 2004

Note: A key element of OSR is OHS reporting


Compatibility - Need for ?Users advised ISO that they wished to minimise the:

-Disruption to business due to: - multiple audits, - high level personnel having to accompany auditors - interruptions to other personnel during audits

- High cost of certification

Led to requests for high degree of compatibility:

- Between the standards

- For the auditing process


ISO/TMB/TAG 12Established in January 1997

Constitution included several “User Representatives”

Report presented to, and adopted by, ISO/TMB in January1998

Key recommendations:

•Encourage national standards bodies to be more active in seeking the views of Users, and in considering compatibility

•Seek new ways of encouraging input from a broader base of Users

•Relevant terms and definitions should be identical, and use of terminology should be consistent


ISO/TMB/TAG 12Key recommendations -continued:

•Management systems standards should be “compatible”, and as far as possible “aligned”

•Auditing standards should be “integrated”

•There should be active communication and participation between members of ISO/CASCO, associations of accreditation bodies, certification bodies and ISO/TC 176 and ISO/TC 207.

•Levels of national co-ordination to be monitored

•Development of transition plans to link 2000/2001 standards with training needs, field implementation challenges and conformity assessment responsibilities


Compatibility - Definition

“Compatibility” means that common elements of the two series of standards can be implemented in a shared manner, in whole or in part, by organizations without unnecessary duplication or the imposition of conflicting requirements.

(Based around ISO/IEC Guide 2:1996, term 2.2)

TAG 12 Note: “Compatibility” does not mean that the text of common elements of the standards needs to be identical, although they should be whenever practicable.


CompatibilityDefinition of compatibility only reached after much discussion on the merits of

“Integrated” versus “aligned” standards

Considered that only ‘aligned’ standards would be acceptable at this time for management systems, but that ‘integrated’ auditing standards would be acceptable.


CORE

Q E ?(OH&S)

Integrated /Aligned MSS

Integrated


CORE CORE


Aligned


1 2 3 4 5

Core X X +Struct +small + large

Subject/

Aspect 2 2 2 2 large 2 small

Concepts diff = = = =

Structure diff = = = =

Terms some

diff = = = =



COMPATIBILITY

INTEGRATED ALIGNED

CONSISTENT



Risk Management

Risk assessment considered a fundamental aspect of all management disciplines

(Assess, prioritise, actively manage and control to minimise risks)

ISO/TMB/WG Risk Management Terminology established June 1998

ISO/IEC Guide 73:2002 Risk management – Vocabulary –Guidelines for use in standards


ISO/IEC Guide 73

Not a guide to Risk Management

•Aim of Guide is “ to promote a coherent approach to the description of risk management activities and the use of risk management terminology”

•The Guide is generic, compiled to encompass the general field of risk management, and not to replace established terms in specialist areas of the subject

•Guide 73 contains 38 defined terms


Risk Management

June 2004 –proposal to ISO/TMB to adopt AS/NZ 4360 as an ISO standard


What do you need to examine in the standards for Integration ?

Across the standards, you need to examine their:

- Basic principles

- Terminology

- General management system requirements

- Technology specific requirements

- Structure


Basic principles – ISO 9000 versus EFQM

ISO 9001 EFQM Customer focus Customer focus Leadership Leadership & Constancy of purpose Involvement of people People Development and Involvement Process Approach Management by Processes and Facts Systems approach to management

Continual Improvement Continuous learning, Improvement and Innovation

Factual approach to decision making

Management by processes and Facts

Mutually beneficial supplier arrangements

Partnership Development

Corporate Social Responsibility Results orientation


Basic principles – ISO 14000

Principle 1 — Commitment and policy

An organization should define its environmental policy and ensure commitment to its EMS.

Principle 2 — Planning

An organization should formulate a plan to fulfill its environmental policy.

Principle 3 — Implementation

For effective implementation, an organization should develop the capabilities and support mechanisms necessary to achieve its environmental policy, objectives and targets.

Principle 4 — Measurement and evaluation

An organization should measure, monitor and evaluate its environmental performance.


Basic principles

Conclusion – the principles are very similar


Terminology

Many similar terms are used in the differing standards, however, their definitions appear to vary considerably.

Is this a problem ? Answer = No

Why not ? Because the underlying intent, or concept, of the definitions are generally very similar

Beware the interpretation of definitions by regulators !


General management systems elements

Policy

Planning


Improvement

Management review

(See ISO Guide 72)


Table A.2 — Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:2000

Clause OHSAS 18001 Clause ISO 14001:1996 Clause ISO 9001:2000 — — — Introduction 0

0.1 0.2 0.3 0.4

Introduction General Process approach Relationship with ISO 9004 Compatibility with other management systems

1 Scope 1 Scope 1 1.1 1.2

Scope General Application

2 Reference publications 2 Normative reference 2 Normative reference 3 Definitions 3 Definitions 3 Terms and definitions 4 OH&S management

system elements 4 Environmental management

system requirements 4 Quality management system

4.1 General requirements 4.1 General requirements 4.1 5.5 5.5.1

General requirements Responsibility, authority and communication Responsibility and authority

4.2 OH&S policy 4.2 Environmental policy 5.1 5.3 8.5

Management commitment Quality policy Improvement

OHSAS 18001 – Annex A

Similar tables exist in ISO 9001 and ISO 14001


General MSS elements – Conclusion9001, 14001 (and 18001) include all the required general MSS elements detailed in ISO Guide 72, and have a high degree of commonality across their elements.


9001 / 14001 key differences

Focus: Customer requirements versus Environmental impacts

14001 – high level requirements9001 – more detailed

Operational requirements: detailed in 9001 clause 7, versus limited detail in 14001 clause 4.4

Procedures versus Processes

Internal audit: examines system effectiveness in 9001, not in 14001 (only permitted in Management Review)

Contingency planning: Emergency preparedness and response in 14001, not directly addressed in 9001


ISO 9000 Process Approach structure

Managementresponsibility

Measurement,analysis andimprovement

Resourcemanagement

Product realizationInput Output

Customers

Customers

Requirements

Satisfaction

Product

Continual improvement ofthe quality management system


ISO 14001 PDCA type structure

Continual Improvement

Management Review

Checking and Corrective Action

Environmental Policy

Planning

Implementation and Operation


High Level Loops- Product Realization

High Level Loops - Business Management

Local Loops

INPUT PROCESS

PROCESS MANAGEMENT

RESOURCE MANAGEMENT

C

U

S

T

O

M

E

R

C

U

S

T

O

M

E

R

PDC

A

MEASUREMENT, ANALYSIS, IMPROVEMENT

MANAGEMENT RESPONSIBILITY

OUTPUT

9001 Process approach structure embodies PDCA


EMS (ISO 1401) PDCA model including process approach

Measurement, analysis &

improvement

Quality policy

management systemprocedures,

resource management

Managementreview

Continualimprovement

customer

Input OutputProcess

Process Management

Customer needs& requirements,objectives and planning

customer

PLANPLAN

DODO CHECKCHECK

ACTACT

requIrements

product


Leadership Processes Business Results

People

Policy and strategy

Partnerships & Resources

People results

Customer Results

Society Results

Enablers Results

Innovation and Learning

European Foundation for Quality Management (EFQM) Business Excellence Model


CUSTOMER

MISSION VISION

STRATEGY

LEARNING AND

GROWTH

INTERNAL BUISNESS

PROCESSESFINANCIAL

Balanced Scorecard - Strategic Perspectives


Products & Services

Values

Customers

ImageResources

The Business Idea of the Firm


Corporate culture

Competence & Physical resources

Activities/ Processes

Organization structure

Means of control

Products(Price, Costs, Quality)

Strategy

Market

Competitive Environment

Business Model


Customer

Continuous Improvement

Total Participation

Fundamentals

Mutual Learning

Road Map Model


PDCA or Process Approach ?

PDCA – set policies and objectives before using “Implementation and Operation” to control processes

Process approach – What are your processes for analysing your external environment, before establishing your policies and objectives ?

Environmental, OHS, etc. Legal and Regulatory requirements can be treated in the same manner as Customer requirements, before being fed into your system of processes


Structures – conclusion

Structures themselves are a conceptual way of showing how the various management system elements fit together to form a “system”.

They also attempt to show that individual elements of the “system” cannot be treated in isolation, but have to be taken together. The “system” will fail, if any one of those elements is ignored.

The structures themselves are not a requirement to which compliance has to be achieved.

Each representation has its own merits.


Other items for consideration

New sets of stakeholders/interested parties (e.g. people passing by your factory)

Application of ISO 9001 can have the scope limited, ISO 14001 cannot.

Risk management approach (safety risks, environmental impacts, process failure modes)

Regulations management

Improvement programme management

Public awareness/communications management (e.g. Environmental Policy has to be available for public review)

New tools (FMEA, HAZOP/HAZAN)


A lot of documentation and a lot of technical requirements !

Full “Integration” is not just limited to QMS, EMS, OHS, but can include a wide range of programmes

So, why should you move towards an integrated system ?


1. Question: Why should you move towards an integrated system ?

Answer: Because you already have one !

2. Question: Is it effective ?

Answer: Yes, otherwise you would be out of business, or be in breach of regulations (e.g. for health and safety)

3. Question: Is it efficient ?

Answer: Not as efficient as if you were to use a fully integrated management system

4. Question: Is certification necessary ?

Answer: This will depend on your business strategies and situation


Perceived benefits of an IMS:

Gives Top management a unified view of the performance of the organization, instead of a stratified one

Reduces duplication and the costs associated with the administration of separate management systems

Balances conflicting objectives

Improves control of risks

Reduces potential for conflicting responsibilities and relationships

Improves harmonization and optimisation of practices


Perceived benefits of an IMS

Can increase operational efficiency

Can improve internal and external communications

May facilitate training and development

Potentially reduces 3rd party audit times and audit frequencies

Establishes a framework that will enable the assimilation of future standards


Where do you start ?1. An IMS has to be a strategic business decision

2. Top management support and commitment is needed

3. Decide on an approach to be followed

4. Perform a “gap” analysis of the requirements of the additional standards

5. Follow a similar, or improved, process as you used to implement your QMS, e.g.- appoint a management representative- establish cross-functional teams, provide staff training- hire consultants - review your processes and documentation- implement revised processes and measure their performance- seek certification


Which approach should you follow ?

Add other disciplines to an existing system

Merge two or more existing parallel

systems

Re-engineer all business and operational systems into a unified IMS


Starting Implementation – use of consultants

This depends in part on your organization’s level of management system knowledge

For initial implementation of a QMS, how dependent were you on the services of consultants ?

Do consultants still play a part in the maintenance of your QMS, e.g. by performing internal audits ?

Or, is your organization sufficiently knowledgeable to be able to face the challenge of new standards without assistance ?

Otherwise, specialist assistance may again be needed


Starting implementation - use of consultants

Even where a consultant is not required for assistance with the general management system requirements, specialist external advice or training may be needed on the new specific technologies, e.g.

- determination of environmental aspects and impacts

- hazard analyses and risk assessments in OH&S

- security risks and controls in information security management


Initial Status Review (ISR)

An ISR helps the organization determine:

- where they are in managing QMS, EMS, OHS etc. issues

- what needs to be done

- what help and information are available from outside sources

- which of this is relevant to the organization


Initial Status review (ISR) activities

Identify all legislative/regulatory requirements

Identify all aspects of activities/products /processes that can create impacts

Collect details of commendations, complaints, fines, accidents and incidents that could form the basis for performance criteria

Evaluate performance against internal criteria, external standards, regulations, codes of practice sets of principles and guidelines

Identify existing management processes, practices and procedures


Initial Status Review (ISR) activities

Identify the existing policies and procedures dealing with procurement and contracting activities

Obtain information from investigations of incidents of previous non-compliance

Identify opportunities for competitive advantage

Seek out and analyse the views of stakeholders/ interested parties

Review those functions or activities of other organizational systems that can enable or impede performance

Examine all of the above items against the full range of operating conditions, including start-ups, shut-downs, during possible incident and emergency situations


Activity Form IMS team Environmental review OH&S Risk assessment Set Objectives Define improvement programme

Implement Improvement programme

Define Operational controls Define administrative controls Write manuals Launch to staff Operate new systems Internal audit Prove legal compliance Performance reports Management review External assessment Celebrate

Time (months) 2 4 6 8 10 12 14 16 18

An 18 month IMS implementation plan


Key enablers

Leadership and change management

Human resource management and development


Conclusion

Your organization’s management system will be unique.

Understanding the intention behind the management standards will enable you to incorporate their requirements into your organization’s management system in a planned and consistent manner.

Business efficiencies can be achieved through the use of a fully integrated system.


Thank youThank youfor your attention

Charles CorrieCharles CorrieSecretary OHSAS Project Group

Clive StallwoodBSI Representative to the OHSAS Project Group

BSI- Ohs as 18001 Introduction

Documents

Transcript of BSI- Ohs as 18001 Introduction