Original-To: [email protected] X-Originating-IP: … · OHSAS 18002 quotes the specific...

Original-To: [email protected] Delivered-To: [email protected] X-VirusChecked: Checked X-Env-Sender: [email protected] X-Msg-Ref: server-5.tower-84.messagelabs.com!1207813947!30707798!1 X-StarScan-Version: 5.5.12.14.2; banners=bsigroup.com,-,- X-Originating-IP: [62.189.76.23] Subject: FW: OHSAS 18002 Working Draft 2 for review Date: Thu, 10 Apr 2008 08:52:21 +0100 X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: OHSAS 18002 Working Draft 2 for review thread-index: AciaZizIDJRf6goLSfawmxLe5AYvJgACinwAABurmfA= From: "Jose Alcorta" <[email protected]> To: "Jose Alcorta" <[email protected]> X-Virus-Scanned: amavisd-new at uni.com

Dear BT WG 168 Expert, I attach an e-mail from the Secretary of the OHSAS Project Group with the latest working draft for public review. If you have any comments, please send them to Charles Corrie [email protected] by 1 August 2008. Yours sincerely José Alcorta

From: Charles Corrie Sent: 09 April 2008 19:43 To: Charles Corrie Subject: OHSAS 18002 Working Draft 2 for review Dear Sir or Madam, Working Draft 2 of OHSAS 18002 Occupational health and safety management systems – Guidelines for the implementation of OHSAS 18001:2007 Following the circulation of OHSAS 18002, Working Draft 1, for public review in November 2007 we received approximately 400 comments and suggestions for improving the text. These were analysed at the meeting of the OHSAS Project Group held in March this year, and taken forward into the development of a revised draft. Noting the extent of the changes that had been accepted for the text, the meeting decided that it would be preferable to circulate a second draft for public review, rather than to proceed to publication. Please now find attached a “zip” file containing MS Word format versions of:

- a copy of the Working Draft 2 - a template for the return of comments on the WD2 - the collation of comments received on the first Working Draft, with details of the actions that were

agreed against them.

We would be pleased to receive any comments that you would care to make on the WD2, and would request that they be returned by e-mail to [email protected] before: 1 August 2008 We expect to hold a further meeting of the OHSAS Project Group during September 2008, to review any received comments. Given the decision to go for a second draft for public review, we realise that this will push back the expected publication date for the new edition of OHSAS 18002. We now expect to achieve publication in November 2008. Your participation in this project will be very much appreciated Yours faithfully Charles Corrie For the BSI Secretariat of the OHSAS Project Group

====================================================================

Visit the BSI website at www.bsigroup.com

This email may contain confidential information and/or copyright material. This email is intended for the use of the addressee only. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software.

Thank you for your cooperation.

________________________________________________________________________ This e-mail has been scanned for all known viruses.

OHSAS 18002, Working Draft 2, 2008-04-10.zip

Working Draft 2, April 2008

OHSAS 18002

Occupational health and safety management systems - Guidelines for the implementation of OHSAS 18001:2007

OHSAS 18002, Working Draft 2, April 2008

© OHSAS Project Group 2008 – All rights reserved ii

Contents

Acknowledgement .............................................................................................................................................iv Foreword…………………………………………………………………………………………………………………v Introduction…………………………………………………………………………………………………………….vi

1 Scope ......................................................................................................................................................1 2 Reference publications .........................................................................................................................1 3 Terms and definitions ...........................................................................................................................2 4 OH&S management system requirements..........................................................................................5 4.1 General requirements ...........................................................................................................................5 4.2 OH&S policy ...........................................................................................................................................6 4.3 Planning..................................................................................................................................................8 4.3.1 Hazard identification, risk assessment and determining controls...................................................8 4.3.2 Legal and other requirements ............................................................................................................17 4.3.3 Objectives and programme(s)............................................................................................................19 4.4 Implementation and operation ...........................................................................................................21 4.4.1 Resources, roles, responsibility, accountability and authority......................................................21 4.4.2 Competence, Training and awareness..............................................................................................23 4.4.3 Communication, participation and consultation..............................................................................25 4.4.4 Documentation.....................................................................................................................................29 4.4.5 Control of documents .........................................................................................................................30 4.4.6 Operational control..............................................................................................................................31 4.4.7 Emergency preparedness and response ..........................................................................................36 4.5 Checking...............................................................................................................................................39 4.5.1 Performance measurement and monitoring.....................................................................................39 4.5.2 Evaluation of compliance ...................................................................................................................42 4.5.3 Incident investigation, nonconformity, corrective action and preventive action .........................43 4.5.4 Control of records ...............................................................................................................................46 4.5.5 Internal audit ........................................................................................................................................46 4.6 Management review ............................................................................................................................51 Annex A (informative) Correspondence between OHSAS 18001:2007, ISO 14001:2004 and ISO

9001:2000..............................................................................................................................................53 Annex B (informative) Correspondence between OHSAS 18001, OHSAS 18002, and the

ILO-OSH:2001 Guidelines on occupational safety and health management systems.................56 Annex C (Informative) Examples of items for inclusion in a hazard identification checklist..................60 Annex D (Informative) Comparisons of some examples of risk assessment tools and

methodologies .....................................................................................................................................62

Summary of pages

This document comprises a front cover, an inside front cover, pages i to viii, pages 1 to 64, an inside back cover and a back cover

The copyright notice displayed in this document indicates when the document was last issued


© OHSAS Project Group 2008 – All rights reserved iii

Acknowledgement

To be completed


© OHSAS Project Group 2008 – All rights reserved iv

Foreword

This Occupational Health and Safety Assessment Series (OHSAS) guideline, and OHSAS 18001:2007, Occupational health and safety management systems — Requirements, have been developed in response to customer demand for a recognizable occupational health and safety management system standard against which their management systems can be assessed and certified, and for guidance on the implementation of such a standard.

OHSAS 18001 is compatible with the ISO 9001:2000 (Quality) and ISO 14001:2004 (Environmental) management systems standards, in order to facilitate the integration of quality, environmental and occupational health and safety management systems by organizations, should they wish to do so.

OHSAS 18002 quotes the specific requirements from OHSAS 18001 and follows with relevant guidance. The clause numbering of OHSAS 18002 is aligned with that of OHSAS 18001. Text given with an outlined box is an exact duplication of text from OHSAS 18001.

OHSAS 18002 will be reviewed or amended when considered appropriate. Reviews will be conducted when new editions of OHSAS 18001 are published (expected when revised editions of either ISO 9001 or ISO 14001 are published).

This OHSAS Standard will be withdrawn on publication of its contents in, or as, an International Standard.

This OHSAS Standard has been drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. This second edition cancels and replaces the first edition (OHSAS 18002:2000), which has been technically revised. The principal changes with respect to the previous edition are as follows: - OHSAS 18002:2000 included a presentation format where firstly the relevant OHSAS 18001 clause was given followed by a) a description of the intent of the clause; b) typical inputs needed for meeting the requirements of the clause; c) a description of processes that an organization could use to meet the requirements; d) typical outputs expected from meeting the requirements. This format was found to be difficult to apply, so has not been followed in this edition (in fact the format had not been applied consistently in the 2000 edition). Instead this OHSAS standard is now presented in a more logical format, in which items in a) to d) have been followed during the drafting of the guidance, but have not been given overtly, as previously. - Additional items to be added - - This publication does not purport to include all necessary provisions of a contract. Users are responsible for its correct application.

Compliance with this Occupational Health and Safety Assessment Series (OHSAS) Standard cannot confer immunity from legal obligations.


© OHSAS Project Group 2008 – All rights reserved v

Introduction

Organizations of all kinds are increasingly concerned with achieving and demonstrating sound occupational health and safety (OH&S) performance by controlling their OH&S risks, consistent with their OH&S policy and objectives. They do so in the context of increasingly stringent legislation, the development of economic policies and other measures that foster good OH&S practices, and increased concern expressed by interested parties about OH&S issues. Many organizations have undertaken OH&S “reviews” or “audits” to assess their OH&S performance. On their own, however, these “reviews” and “audits” may not be sufficient to provide an organization with the assurance that its performance not only meets, but will continue to meet, its legal and policy requirements. To be effective, they need to be conducted within a structured management system that is integrated within the organization. The OHSAS Standards covering OH&S management are intended to provide organizations with the elements of an effective OH&S management system that can be integrated with other management requirements and help organizations achieve OH&S and economic objectives. These standards, like other International Standards, are not intended to be used to create non-tariff trade barriers or to increase or change an organization's legal obligations. OHSAS 18001 specifies requirements for an OH&S management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and information about OH&S risks. It is intended to apply to all types and sizes of organizations and to accommodate diverse geographical, cultural and social conditions. The basis of the approach is shown in Figure 1. The success of the system depends on commitment from all levels and functions of the organization, and especially from top management. A system of this kind enables an organization to develop an OH&S policy, establish objectives and processes to achieve the policy commitments, take action as needed to improve its performance and demonstrate the conformity of the system to the requirements of OHSAS 18001. The overall aim of OHSAS 18001 is to support and promote good OH&S practices, including self regulation, in balance with socio-economic needs. It should be noted that many of the requirements can be addressed concurrently or revisited at any time. The second, 2007, edition of OHSAS 18001 is focused on clarification of the first, 1999, edition, and has taken due consideration of the provisions of ISO 9001, ISO14001, ILO-OSH, and other OH&S management system standards or publications to enhance the compatibility of these standards for the benefit of the user community. There is an important distinction between OHSAS 18001, which describes the requirements for an organization's OH&S management system and can be used for certification/registration and/or self-declaration of an organization's OH&S management system, and a non-certifiable guideline, such as OHSAS 18002, intended to provide generic assistance to an organization for establishing, implementing or improving an OH&S management system. OH&S management encompasses a full range of issues, including those with strategic and competitive implications. Demonstration of successful implementation of OHSAS 18001 can be used by an organization to assure interested parties that an appropriate OH&S management system is in place. Any reference to other International Standards is for information only.


© OHSAS Project Group 2008 – All rights reserved vi

NOTE This OHSAS Standard is based on the methodology known as Plan-Do-Check-Act (PDCA). PDCA can be briefly described as follows.

― Plan: establish the objectives and processes necessary to deliver results in accordance with the organization's OH&S policy.

― Do: implement the processes.

― Check: monitor and measure processes against OH&S policy, objectives, legal and other requirements, and report the results.

― Act: take actions to continually improve OH&S performance.

Many organizations manage their operations via the application of a system of processes and their interactions, which can be referred to as the “process approach”. ISO 9001 promotes the use of the process approach. Since PDCA can be applied to all processes, the two methodologies are considered to be compatible.

Figure 1 – OH&S management system model for this OHSAS Standard


© OHSAS Project Group 2008 – All rights reserved vii

Figure 2: Relationship between the "PDCA" cycle and the clauses in OHSAS 18002 addressing hazard identification, risk assessment and risk control.

OHSAS 18001 contains requirements that can be objectively audited; however it does not establish absolute requirements for OH&S performance beyond the commitments, in the OH&S policy, to comply with applicable legal requirements and with other requirements to which the organization subscribes, to the prevention of injury and ill health and to continual improvement. Thus, two organizations carrying out similar operations but having different OH&S performance can both conform to its requirements. OHSAS 18001 does not include requirements specific to other management systems, such as those for quality, environmental, security, or financial management, though its elements can be aligned or integrated with those of other management systems. It is possible for an organization to adapt its existing management system(s) in order to establish an OH&S management system that conforms to the requirements OHSAS 18001. It is pointed out, however, that the application of various elements of the management system might differ depending on the intended purpose and the interested parties involved. The level of detail and complexity of the OH&S management system, the extent of documentation and the resources devoted to it depend on a number of factors, such as the scope of the system, the size of an organization and the nature of its activities, products and services, and the organizational culture. This may be the case in particular for small and medium-sized enterprises.

Note 1 As all of the requirements of OHSAS 18001:2007 are included within OHSAS 18002:2008, organizations can choose to retain a copy of OHSAS 18002 alone, for certification purposes.

Note 2 There are some small variations in text between the Introduction given in OHSAS 18001 and this Introduction, apart from the inclusion of Figure 2, to account for the differences in the two OHSAS standards.

Management Review 4.6

OH&S Policy 4.2

Develop methodology 4.3.1.2 Identify hazards 4.3.1.3 Assess risks 4.3.1.4 Determine controls 4.3.1.6

Operational control 4.4.6 Management of change 4.3.1.5

Checking 4.5 Corrective action 4.5.3.2


© OHSAS Project Group 2008 – All rights reserved 1

Occupational health and safety management systems - Guidelines for the implementation of OHSAS 18001:2007

1 Scope This Occupational Health and Safety Assessment Series (OHSAS) guideline provides generic advice on the application of OHSAS 18001.

It explains the underlying principles of OHSAS 18001 and describes the intent, typical inputs, processes and typical outputs, against each requirement of OHSAS 18001. This is to aid the understanding and implementation of OHSAS 18001.

OHSAS 18002 does not create additional requirements to those specified in OHSAS 18001 nor does it prescribe mandatory approaches to the implementation of OHSAS 18001.

OHSAS 18001 text This Occupational Health and Safety Assessment Series (OHSAS) Standard specifies requirements for an occupational health and safety (OH&S) management system, to enable an organization to control its OH&S risks and improve its OH&S performance. It does not state specific OH&S performance criteria, nor does it give detailed specifications for the design of a management system. This OHSAS Standard is applicable to any organization that wishes to: a) establish an OH&S management system to eliminate or minimize risks to personnel and other

interested parties who could be exposed to OH&S hazards associated with its activities;

b) implement, maintain and continually improve an OH&S management system;

c) assure itself of its conformity with its stated OH&S policy;

d) demonstrate conformity with this OHSAS Standard by:

1) making a self-determination and self-declaration, or

2) seeking confirmation of its conformance by parties having an interest in the organization, such as customers, or

3) seeking confirmation of its self-declaration by a party external to the organization, or

4) seeking certification/registration of its OH&S management system by an external organization.

All the requirements in this OHSAS Standard are intended to be incorporated into any OH&S management system. The extent of the application will depend on such factors as the OH&S policy of the organization, the nature of its activities and the risks and complexity of its operations. This OHSAS Standard is intended to address occupational health and safety, and is not intended to address other health and safety areas such as employee wellbeing/wellness programs, product safety, property damage or environmental impacts.

2 Reference publications Other publications that provide information or guidance are listed in the Bibliography. It is advisable that the latest editions of such publications be consulted. Specifically, reference should be made to the following publications:

OHSAS 18001:2007, Occupational health and safety management systems — Requirements.

International Labour Organization:2001, Guidelines on occupational safety and health management systems (ILO-OSH:2001)

ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing.

Note ISO 19011 has just been approved (in March 2008) for a revision that will now expand its scope to cover the auditing of additional fields of management systems, including OH&S management systems. Reference should be made to the revised version when it is available.



3 Terms and definitions For the purposes of this document, the terms and definitions given in OHSAS 18001 apply.

OHSAS 18001 text 3.1 acceptable risk risk that has been reduced to a level that can be tolerated by the organization having regard to its legal obligations and its own OH&S policy (3.16)

3.2 audit systematic, independent and documented process for obtaining "audit evidence" and evaluating it objectively to determine the extent to which "audit criteria" are fulfilled

[ISO9000:2005, 3.9.1] NOTE 1 Independent does not necessarily mean external to the organization. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.

NOTE 2 For further guidance on "audit evidence" and "audit criteria", see ISO 19011.

3.3 continual improvement recurring process of enhancing the OH&S management system (3.13) in order to achieve improvements in overall OH&S performance (3.15) consistent with the organization's (3.17) OH&S policy (3.16)

NOTE 1 The process need not take place in all areas of activity simultaneously.

NOTE 2 Adapted from ISO 14001:2004, 3.2.

3.4 corrective action action to eliminate the cause of a detected nonconformity (3.11) or other undesirable situation

NOTE 1 There can be more than one cause for a nonconformity.

NOTE 2 Corrective action is taken to prevent recurrence whereas preventive action (3.18) is taken to prevent occurrence.

[ISO 9000:2005, 3.6.5] 3.5 document information and its supporting medium NOTE The medium can be paper, magnetic, electronic or optical computer disc, photograph or master sample, or a combination thereof.

[ISO 14001:2004, 3.4] 3.6 hazard source, situation, or act with a potential for harm in terms of human injury or ill health (3.8), or a combination of these 3.7 hazard identification

process of recognizing that a hazard (3.6) exists and defining its characteristics



3.8 ill health

identifiable, adverse physical or mental condition arising from and/or made worse by a work activity and/or work-related situation

3.9 incident

work-related event(s) in which an injury or ill health (3.8) (regardless of severity) or fatality occurred, or could have occurred NOTE 1 An accident is an incident which has given rise to injury, ill health or fatality.

NOTE 2 An incident where no injury, ill health, or fatality occurs may also be referred to as a “near-miss”, "near-hit", "close call" or "dangerous occurrence".

NOTE 3 An emergency situation (see 4.4.7) is a particular type of incident.

3.10 interested party

person or group, inside or outside the workplace (3.23), concerned with or affected by the OH&S performance (3.15) of an organization (3.17) 3.11 nonconformity

non-fulfilment of a requirement [ISO 9000:2005, 3.6.2; ISO 14001, 3.15] NOTE A nonconformity can be any deviation from:

- relevant work standards, practices, procedures, legal requirements, etc.

- OH&S management system (3.13) requirements.

3.12 occupational health and safety (OH&S)

conditions and factors that affect, or could affect, the health and safety of employees or other workers (including temporary workers and contractor personnel), visitors, or any other person in the workplace (3.23) NOTE Organizations can be subject to legal requirements for the health and safety of persons beyond the immediate workplace, or who are exposed to the workplace activities

3.13 OH&S management system

part of an organization's (3.17) management system used to develop and implement its OH&S policy (3.16) and manage its OH&S risks (3.21) NOTE 1 A management system is a set of interrelated elements used to establish policy and objectives and to achieve those objectives.

NOTE 2 A management system includes organizational structure, planning activities (including for example, risk assessment and the setting of objectives), responsibilities, practices, procedures (3.19), processes and resources.


3.14 OH&S objective

OH&S goal, in terms of OH&S performance (3.15), that an organization (3.17) sets itself to achieve



NOTE 1 Objectives should be quantified wherever practicable.

NOTE 2 4.3.3 requires that OH&S objectives are consistent with the OH&S policy (3.16)

3.15 OH&S performance

measurable results of an organization's (3.17) management of its OH&S risks (3.21) NOTE 1 OH&S performance measurement includes measuring the effectiveness of the organization's controls

NOTE 2 In the context of OH&S management systems (3.13), results can also be measured against the organization's (3.17) OH&S policy (3.16), OH&S objectives (3.14), and other OH&S performance requirements.

3.16 OH&S policy

overall intentions and direction of an organization (3.17) related to its OH&S performance (3.15) as formally expressed by top management NOTE 1 The OH&S policy provides a framework for action and for the setting of OH&S objectives (3.14)


3.17 organization

company, corporation, firm, enterprise, authority or institution, or part or combination thereof, whether incorporated or not, public or private, that has its own functions and administration NOTE For organizations with more than one operating unit, a single operating unit may be defined as an organization.

[ISO14001:2004, 3.16] 3.18 preventive action

action to eliminate the cause of a potential nonconformity (3.11) or other undesirable potential situation NOTE 1 There can be more than one cause for a potential nonconformity.

NOTE 2 Preventive action is taken to prevent occurrence whereas corrective action (3.4) is taken to prevent recurrence.

[ISO 9000:2005, 3.6.4] 3.19 procedure

specified way to carry out an activity or a process NOTE Procedures can be documented or not.

[ISO 9000:2005, 3.4.5]

3.20 record

document (3.5) stating results achieved or providing evidence of activities performed [ISO 14001:2004, 3.20]



3.21 risk

combination of the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health (3.8) that can be caused by the event or exposure(s). 3.22 risk assessment

process of evaluating the risk(s) (3.21) arising from a hazard(s), taking into account the adequacy of any existing controls, and deciding whether or not the risk(s) is acceptable 3.23 workplace

any physical location in which work related activities are performed under the control of the organization NOTE When giving consideration to what constitutes a workplace, the organization (3.17) should take into account the OH&S effects on personnel who are, for example, travelling or in transit (e.g. driving, flying, on boats or trains), working at the premises of a client or customer, or working at home.

4 OH&S management system requirements

4.1 General requirements OHSAS 18001 text The organization shall establish, document, implement, maintain and continually improve an OH&S management system in accordance with the requirements of this OHSAS Standard and determine how it will fulfil these requirements. The organization shall define and document the scope of its OH&S management system.

4.1.1 OH&S management system

This OHSAS 18001 requirement is a general statement concerning the establishment and maintenance of an OH&S management system within an organization

"Establish" implies a level of permanency and the system should not be considered established until all its elements have been demonstrably implemented. "Maintain" implies that, once established, the system continues to operate. This requires active effort on the part of the organization. Many systems start well but deteriorate due to lack of maintenance. Many of the elements of OHSAS 18001 (such as checking and corrective action and management review) are designed to ensure active maintenance of the system. An organization seeking to establish an OHS management system that conforms to OHSAS 18001 should determine its current position with regard to its OH&S risks by means of an initial review (see 4.1.2 for further details on initial review). In determining how it will fulfil the requirements of OHSAS 18001 the organization should consider the conditions and factors that affect, or could affect, the health and safety of persons, what OH&S policies it needs, and how it will manage its OH&S risks.

The level of detail and complexity of the OH&S management system, the extent of documentation and the resources devoted to it are dependent on the nature (size, structure, complexity) of an organization and its activities.

4.1.2 Initial Review

An initial review should compare the organization's current management of OH&S against the OHSAS 18001 requirements and determine the extent to which these requirements are being met or whether improvements can be made.

The initial review will provide information which an organization can use to identify if there are any existing gaps in the OH&S management system and will guide the organization in formulating plans for implementing and prioritising improvements to the OH&S management system.



The aim of an initial review should be to consider all OH&S risks faced by the organization, as a basis for establishing the OH&S management system. An organization should consider, but not limit itself to, the following items within its initial review:

⎯ legislative and regulatory and other requirements

⎯ identification of the OH&S hazards and evaluation of risks faced by the organization;

⎯ occupational health and safety assessments:

⎯ an examination of existing OH&S management practices, processes and procedures;

⎯ an evaluation of feedback from the investigation of previous incidents, work related ill health, accidents and emergencies.

⎯ relevant management systems and available resources

A suitable approach to the initial review can include the use of checklists, interviews, direct inspection and measurement, results of previous management system audits or other reviews depending on the nature of the organization's activities. Where hazard identification and risk assessment processes already exist, they should be reviewed for adequacy against the requirements of OHSAS 18001.

It is emphasized that an initial review is not a substitute for the implementation of the structured systematic approach to hazard identification, risk assessment and determining controls given in 4.3.1. However an initial review can provide additional inputs into planning these processes.

4.1.3 Scope of the OH&S management system

The scope of the OH&S management system should define how, where and what the OH&S management system applies to within the organization.

The scope should be defined and documented so that it is clear and takes account of the definition of "workplace" (see 3.23) and "OH&S" (see 3.12).

An organization has the freedom and flexibility to choose to implement OHSAS 18001 with respect to the entire organization, or to specific operating units or activities of the organization, consistent with its definition of its workplace.

Care should be taken in defining the scope of the OH&S management system. The scope should not be limited so as to exclude an operation or activity that can impact on the OH&S of an organization's employees and other persons under its control in the workplace.

4.2 OH&S policy OHSAS 18001 text Top management shall define and authorise the organization's OH&S policy and ensure that within the defined scope of its OH&S management system it:

a) is appropriate to the nature and scale of the organization’s OH&S risks;

b) includes a commitment to prevention of injury and ill health and continual improvement in OH&S management and OH&S performance;

c) includes a commitment to at least comply with applicable legal requirements and with other requirements to which the organization subscribes that relate to its OH&S hazards;

d) provides the framework for setting and reviewing OH&S objectives;

e) is documented, implemented and maintained;

f) is communicated to all persons working under the control of the organization with the intent that they are made aware of their individual OH&S obligations;

g) is available to interested parties; and

h) is reviewed periodically to ensure that it remains relevant and appropriate to the organization.



Top management should demonstrate the leadership and commitment necessary for the OH&S management system to be successful and to achieve improved OH&S performance.

An OH&S policy establishes an overall sense of direction and is the driver for implementing and improving an organization's OH&S management system so that it can maintain and potentially improve its OH&S performance. It should enable persons under the control of the organization to understand the overall commitment of the organization and how this may affect their individual responsibilities. The responsibility for defining and authorizing an OH&S policy rests with the organization's top management. The ongoing, proactive, involvement of top management in developing and implementing an OH&S policy is crucial.

The organization's OH&S policy should be appropriate to the nature and scale of its identified risks and should guide the setting of objectives. In order to be appropriate, the OH&S policy should:

⎯ be consistent with a vision of the organization’s future, and

⎯ be realistic, neither overstating the nature of the risks the organization faces, nor trivializing them.

In developing its OH&S policy, an organization should consider:

⎯ its mission, vision, core values and beliefs

⎯ co-ordination with other (corporate or integrated etc.) policies

⎯ the needs of persons working under the control of the organization

⎯ the OH&S hazards of the organization;

⎯ legal and other requirements to which the organization subscribes that relate to its OH&S hazards;

⎯ historical and current OH&S performance by the organization;

⎯ opportunities and needs for continual improvement and the prevention of injury and ill health;

⎯ the views of interested parties.

⎯ what is needed to establish realistic and achievable objectives

The policy is, as a minimum, required to include statements about the commitment of an organization to:

⎯ the prevention of injury and ill health

⎯ continual improvement in OH&S management

⎯ continual improvement in OH&S performance

⎯ compliance with applicable legal requirements and

⎯ compliance with other requirements to which the organization subscribes

The OH&S policy can be linked with other policy documents of the organization and should be consistent with the organization's overall business policies and with its policies for other management disciplines e.g. quality management or environmental management. The OH&S policy should be communicated to all persons working under the control of the organization in order to assist them to understand:

⎯ what top management is committed to

⎯ what they are individually required to do,



by:

⎯ demonstrating the commitment of top management and the organization to OH&S

⎯ increasing awareness of the commitments made in the policy statement

⎯ explaining why the OH&S system is established and is maintained

⎯ guiding individuals in understanding their OH&S accountabilities and responsibilities (see 4.4.2)

In communicating the policy, consideration should be given to how to create and maintain awareness in both new and existing persons under the control of the organization. The policy can be communicated in alternative forms to the policy statement itself, such as through the use of rules, directives and procedures, wallet cards, posters, etc. In communicating the policy, account should be taken of issues such as diversity in the workplace, literacy levels, language skills etc.

Account should be taken of diversity in the workplace, literacy levels, language skills etc.

It is for the organization to determine how it wishes to make the policy available to its interested parties, e.g. through publication on a web site, or by providing printed copies on request.

The OH&S policy should be reviewed periodically (see 4.6) to ensure that it remains relevant and appropriate to the organization. Change is inevitable, legislation and societal expectations evolve; consequently, the organization’s OH&S policy and OH&S management system need to be reviewed regularly to ensure their continuing suitability and effectiveness. If changes are made to the policy the revised policy should be communicated to relevant persons as soon as is practicable.

4.3 Planning 4.3.1 Hazard identification, risk assessment and determining controls

OHSAS 18001 text

The organization shall establish, implement and maintain a procedure(s) for the ongoing hazard identification, risk assessment, and determination of necessary controls. The procedure(s) for hazard identification and risk assessment shall take into account:

a) routine and non-routine activities;

b) activities of all persons having access to the workplace (including contractors and visitors);

c) human behaviour, capabilities and other human factors;

d) identified hazards originating outside the workplace capable of adversely affecting the health and safety of persons under the control of the organization within the workplace

e) hazards created in the vicinity of the workplace by work-related activities under the control of the organization;

NOTE 1 It may be more appropriate for such hazards to be assessed as an environmental aspect.

f) infrastructure, equipment and materials at the workplace, whether provided by the organization or others;

g) changes or proposed changes in the organization, its activities, or materials;

h) modifications to the OH&S management system, including temporary changes, and their impacts on operations, processes, and activities.

i) any applicable legal obligations relating to risk assessment and implementation of necessary controls (see also the NOTE to 3.12)

j) the design of work areas, processes, installations, machinery/equipment, operating procedures and work organization, including their adaptation to human capabilities

The organization’s methodology for hazard identification and risk assessment shall: a) be defined with respect to its scope, nature and timing to ensure it is proactive rather than



reactive; and

b) provide for the identification, prioritization and documentation of risks, and the application of controls, as appropriate.

For the management of change, the organization shall identify the OH&S hazards and OH&S risks associated with changes in the organization, the OH&S management system, or its activities, prior to the introduction of such changes. The organization shall ensure that the results of these assessments are considered when determining controls. When determining controls, or considering changes to existing controls, consideration shall be given to reducing the risks according to the following hierarchy:

a) elimination;

b) substitution;

c) engineering controls;

d) signage/warnings and/or administrative controls;

e) personal protective equipment.

The organization shall document and keep the results of identification of hazards, risk assessments and determined controls up-to-date. The organization shall ensure that the OH&S risks and determined controls are taken into account when establishing, implementing and maintaining its OH&S management system.

4.3.1.1 General

Hazards have the potential to cause human injury or ill health. Hazards therefore need to be identified before the risks associated with these hazards can be assessed and, if no controls exist or existing controls are inadequate, effective controls should be implemented according to the hierarchy of controls.

An organization will need to apply the process of hazard identification (see 3.7) and risk assessment (see 3.22) to determine the controls that are necessary to reduce the risks of incidents (see 3.9). The overall purpose of the risk assessment process is to recognize and understand the hazards (see 3.6) that might arise in the course of the organization’s activities and ensure that the risks (see 3.21) to people arising from these hazards are assessed, prioritized and controlled to a level that is acceptable (see 3.1).

This is achieved by:

⎯ developing a methodology for hazard identification and risk assessment

⎯ identifying hazards

⎯ estimating the associated risk levels, taking into account the adequacy of any existing controls (it may be necessary to obtain additional data and perform further analysis in order to achieve a reasonable estimation of the risk level)

⎯ determining whether these risks are acceptable, and

⎯ determining the appropriate risk controls, where these are found to be necessary (workplace hazards and the way they are to be controlled are often defined in regulations, codes of practice, guidance published by regulators, and industry guidance documents).

The results of risk assessments enable the organization to compare risk reduction options and prioritize resources for effective risk management.

The outputs from the hazard identification, risk assessment and determining control processes should also be used throughout the development and implementation of the OH&S management system .

Figure 3 provides an overview of the risk assessment process.



Note: The development of the methodology can itself be subject to change or improvement

Figure 3 Overview of the hazard identification and risk assessment process

4.3.1.2 Developing a methodology and procedures for hazard identification and risk assessment

Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessments to complex quantitative analyses with extensive documentation. Individual hazards may require that different methods be used, e.g. an assessment of long term exposure to chemicals may need a different method than that taken for equipment safety or for assessing an office workstation. Each organization should choose approaches that are appropriate to its scope, nature and size, and which meet its needs in terms of detail, complexity, time, cost and availability of reliable data. Taken together, the chosen approaches should result in a comprehensive methodology for the ongoing evaluation of the organization’s risks.

The management of change may need to be applied to changes in assessed risks, determination of controls , or the implementation of controls. Management review should be used to determine whether changes to the methodology are needed overall

To be effective, the organization's procedures for hazard identification and risk assessment should take account of the following:

⎯ hazards

⎯ risks

⎯ controls

⎯ management of change

⎯ documentation

⎯ on-going review

Manage Change

Assess Risks

Determine Controls

Implement Controls

Identify Hazards

Monitor & Review

Develop Methodology



To ensure consistency of application, it is recommended that these procedure(s) be documented.

OHSAS 18001, clause 4.3.1, identifies in bullets a) to j) what should be taken into account in developing the procedure(s). Guidance on these can be found in sections 4.3.1.3 to 4.3.1.8.

4.3.1.3 Hazard Identification

In any workplace there may be sources (e.g. moving machinery; radiation or energy sources), situations (e.g. working at heights), or acts (e.g. manual lifting) with a potential for harm in terms of human injury or ill health, or a combination of these (see the definition of "hazard" in 3.6). Hazard identification should aim to proactively identify all such sources, situations or acts arising from an organization's activities.

Hazard identification should consider different types of hazards including physical, chemical, biological and psychosocial which are hazard found in many workplaces (see Annex C for examples of hazards).

The organization should establish specific hazard identification tools and techniques that are relevant to the scope of its OH&S management system.

The following sources of information or inputs should be considered during the hazard identification process:

⎯ OH&S legal and other requirements (see 4.3.2), e.g. those that prescribe how hazards should be identified ;

⎯ OH&S policy (see 4.2);

⎯ monitoring data (see 4.5.1);

⎯ occupational exposure and health assessments;

⎯ records of incidents (see 3.9);

⎯ reports from previous audits, assessments or reviews;

⎯ input from employees and other interested parties (see 4.4.3);

⎯ information from other management systems (e.g. for quality management or environmental management);

⎯ information from employee OH&S consultations,

⎯ process review and improvement activities in the workplace;

⎯ information on best practice and/or typical hazards in similar organizations;

⎯ reports of incidents that have occurred in similar organizations;

⎯ information on the facilities, processes and activities of the organization, including the following:

• workplace design, traffic plans (e.g. pedestrian walkways, vehicle routing), site plan(s);

• process flowcharts and operations manuals;

• inventories of hazardous materials (raw materials, chemicals, wastes, products, sub-products);

• equipment specifications

• product specifications, material safety data sheets, toxicology and other OH&S data.

Hazard identification processes should be applied to both routine and to non-routine (e.g. periodic, occasional, or emergency) activities and situations.

Examples of non-routine activities and situations that should be considered during the hazard identification process include:

⎯ facilities or equipment cleaning



⎯ temporary process modifications;

⎯ non-scheduled maintenance,

⎯ plant or equipment start-ups/shut-downs

⎯ field trips

⎯ refurbishment

⎯ extreme weather conditions

⎯ utility (e.g. power, water, gas etc.) disruptions

⎯ temporary arrangements

⎯ emergency situations

Hazard identification should consider all persons having access to the workplace (e.g. customers, visitors, service contractors, delivery personnel, as well as employees) and;

⎯ the hazards and risks arising from their activities;

⎯ the hazards arising from the use of products or services supplied to the organization by them;

⎯ their degree of familiarity with the workplace; and

⎯ their behaviour.

Taking human factors into account means applying what is known about human capabilities, behaviours and limitations when evaluating the hazards and risks of processes, equipment and work environments. Human factors should be considered whenever there is a human interface and takes into account issues such as ease of use, potential for operational errors, operator stress and user fatigue.

In considering human factors, the organization's hazard identification process should consider the following

⎯ the nature of the job (workplace layout, operator information, work load, physical work, work patterns)

⎯ the environment (heat, lighting, noise, air quality)

⎯ human behaviour (temperament, habits, attitude)

⎯ psychological capabilities (cognition, attention)

⎯ physiological capabilities (biomechanical, anthropometrics/physical variation of people).

In some instances, there may be hazards which occur or originate outside the workplace that can impact individuals within the workplace (e.g. releases of toxic materials for neighbouring operations). Where such hazards are foreseeable, these should be addressed.

The organization may need or wish to give consideration to hazards created beyond the boundary of the workplace particularly where there is a legal obligation or duty of care concerning such hazards. These hazards may also be addressed through the organization's environmental management system.

For the hazard identification to be effective the organization should use a comprehensive approach that includes information from a variety of sources, especially inputs from people who have knowledge of its processes, tasks or systems, e.g.:

⎯ observations of behaviour and work practices

⎯ benchmarking

⎯ interviews and surveys



⎯ safety tours and inspections

⎯ incident reviews

⎯ monitoring and assessment of hazardous exposures (chemical and physical agents)

⎯ workflow and process analysis

Hazard identification should be conducted by a person(s) with competence in relevant hazard identification methodologies and techniques (see 4.4.2) and appropriate knowledge of the work activity.

Checklists can be used as a reminder of what types of potential hazards to consider and to record the initial hazard identification; however, care should be taken to avoid over reliance on the use of checklists (see Annex C). Checklists should be specific to the work area, process or equipment being evaluated.

4.3.1.4 Risk assessment

4.3.1.4.1 General

Risk is the combination of the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health (3.8) that can be caused by the event or exposure(s) (see 3.21).

Risk assessment is a process of evaluating the risk(s) arising from a hazard(s), taking into account the adequacy of any existing controls, and deciding whether the risk(s) is acceptable (see 3.22).

An acceptable risk (see 3.1) is a risk that has been reduced to a level that the organization is willing to assume with respect to its legal obligation, its OH&S policy and its OH&S objectives.

NOTE Some reference documents use the term "risk assessment" to encompass the entire process of hazard identification, determination of risk, and the selection of appropriate risk reduction or risk control measures. OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process separately and use the term "risk assessment" to refer to the second of its steps, namely the determination of risk.

4.3.1.4.2 Risk assessment Inputs

Inputs to the risk assessment processes may include, but are not be limited to, information or data on the following:

⎯ details of location(s) where work is carried out;

⎯ the proximity and scope for hazardous interaction between activities in the workplace;

⎯ security arrangements

⎯ the human capabilities, behaviour, competence, training and experience of those who normally and/or occasionally carry out hazardous tasks;

⎯ toxicological data, epidemiological data and other health related information

⎯ the proximity of other personnel (e.g. cleaners, visitors, contractors, the public) who might be affected by hazardous work;

⎯ details of any work instructions, systems of work and/or permit-to-work procedures, prepared for hazardous tasks;

⎯ manufacturers' or suppliers' instructions for operation and maintenance of equipment and facilities,

⎯ the availability and use of control measures (e.g. for ventilation, guarding, personal protective equipment, etc);

⎯ abnormal conditions e.g. the potential interruption of utility services such as electricity and water, or other process failures;

⎯ environmental conditions affecting the workplace;



⎯ the potential for failure of plant and machinery components and safety devices or for their degradation from exposure to the elements or process materials;

⎯ details of access to, and adequacy/condition of emergency procedures, emergency equipment, emergency escape routes, emergency communication facilities, and external emergency support etc.;

⎯ monitoring data related to incidents associated with specific work activities;

⎯ the findings of any existing assessments relating to hazardous work activity;

⎯ details of previous unsafe acts either by the individuals performing the activity or by others (e.g. adjacent personnel, visitors, contractors, etc.);

⎯ the potential for a failure to induce associated failures or disabling of control measures

⎯ the duration and frequency at which tasks are carried out;

⎯ the accuracy and reliability of the data available for the risk assessment

⎯ any legal or other requirements (see 4.3.2) which prescribe how the risk assessment has to be performed or what constitutes an acceptable risk, e.g. sampling methods to determine exposure, use of specific risk assessment methods, or permissible exposure levels.

Risk assessment should be conducted by a person(s) with competence in relevant risk assessment methodologies and techniques (see 4.4.2) and appropriate knowledge of the work activity.

4.3.1.4.3 Risk assessment methodologies

An organization can use different risk assessment methods as part of an overall strategy for addressing different areas or activities. When seeking to establish the likelihood of harm, the adequacy of existing control measures should be taken into account. A risk assessment should be detailed enough to identify appropriate control measures.

Some risk assessment methods are complex and appropriate to special or particularly hazardous activities. For example, risk assessment of a chemical process plant might require complex mathematical calculations of the probabilities of events that could lead to a release of agents that might affect individuals in the workplace or the public. In many countries, sector-specific legislation specifies where this degree of complexity is required.

In many circumstances, OH&S risk can be addressed using simpler methods and may be qualitative. These approaches typically involve a greater degree of judgment, since they place less reliance on quantifiable data. In some cases, these methods will serve as initial screening tools, to identify where a more detailed assessment is needed.

The risk assessment should involve consultation with workers and take into account legal and other requirements. Regulatory agency guidance should be taken into account where applicable.

The organization should consider limitations in the quality and accuracy of the data used in the risk assessments and the possible effect this could have on the resulting calculation of risk. The higher the level of uncertainty in the data the greater is the need for caution in determining whether the risk is acceptable.

Note See Annex D for a comparison of risk assessment tools and methodologies

4.3.1.4.4 Other considerations for risk assessment

Some organizations develop generic risk assessments for typical activities that may occur in several different sites or locations. Such generic assessments can be useful as a starting point for more specific assessments, but may need to be customized to be appropriate to the particular situation. This approach can improve the speed and efficiency of the risk assessment process and improve the consistency of risk assessments for similar tasks.

When the organization's risk assessment method uses descriptive categories for assessing severity or likelihood of harm, they should be clearly defined, e.g. clear definitions of terms such as “likely” and “unlikely” are needed to ensure that different individuals interpret them consistently.



The organization should consider risks to sensitive populations (e.g. pregnant workers) and vulnerable groups (e.g. inexperienced workers) as well as any particular susceptibilities of the individuals involved in performing particular tasks (e.g. the ability of an individual who is colour-blind to read instructions).

The organization should evaluate how the risk assessment will take into account the number of workers that may be exposed to a particular hazard. Hazards that could cause harm to large numbers of persons should be given careful consideration even when they are less likely to occur.

Risk assessments to evaluate the harm from exposure to chemical, biological and physical agents might require measurement of exposure concentrations with appropriate instruments and sampling methods. Comparison of these concentrations should be made to applicable occupational exposure limits or standards. The organization should ensure that the risk assessment considers both the short-term and long-term consequences of exposure and the additive effects of multiple agents and exposures.

In some cases risk assessments are performed using sampling to cover a variety of situations and locations. Care should be taken to ensure that the samples used are sufficient and adequately represent all the situations and locations being assessed.

4.3.1.5 Management of Change

The organization should manage and control any changes that can affect or impact its OH&S hazards and risks. This includes changes to an organization's structure, personnel, management system, processes, activities, use of materials etc. Such changes should be evaluated through hazard identification and risk assessment prior to their introduction.

The organization should consider hazards and potential risks associated with new processes or operations at the design stage as well as changes in the organization, existing operations, products, services or suppliers. The following are examples of conditions that should trigger a management of change process:

⎯ new or modified technology (including software), equipment, facilities, or work environment

⎯ new or revised procedures, work practices, design specification or standards

⎯ different types or grades of raw materials

⎯ significant changes to the site’s organizational structure and staffing, including the use of contractors

⎯ modifications of health and safety devices and equipment or controls.

The management of change process should include consideration of the following questions to ensure that any new or changed risks are acceptable:

⎯ Have new hazards been created (see 4.3.1.4)?

⎯ What are the risks associated with the new hazards?

⎯ Have the risks from other hazards changed?

⎯ Could the changes adversely affect existing risk controls?

⎯ Have the most appropriate controls been chosen, bearing in mind usability, acceptability and both the immediate and long-term costs?

4.3.1.6 Determining the need for controls

Having completed a risk assessment and having taken account of existing controls the organization should be able to determine whether existing controls are adequate or need improving, or if new controls are required.

If new or improved controls are required, they should be prioritized and determined in accordance with the principle of the elimination of hazards where practicable, followed in turn by risk reduction (either by reducing the likelihood of occurrence or potential severity of injury or harm), with the adoption of personal protective equipment (PPE) as a last resort (i.e. the hierarchy of controls)

The following provides examples of implementing the hierarchy of controls:



a) Elimination – modify a design to eliminate the hazard, e.g. introduce mechanical lifting devices to eliminate the manual handling hazard.

b) Substitution – substitute a less hazardous material or reduce the system energy (e.g. lower the force, amperage, pressure, temperature, etc.)

c) Engineering Controls – install ventilation systems, machine guarding, interlocks, sound enclosures, etc.

d) Signage, warnings, and/or administrative controls – install alarms, safety procedures, equipment inspections, access controls

e) Personal protective equipment – safety glasses, hearing protection, face shields, safety harnesses and lanyards, respirators and gloves

In applying the hierarchy consideration should be given to the relative costs, risk reduction benefits, and reliability of the available options. An organization may also need to take into account: ⎯ the need for a combination of controls, combining elements from the above hierarchy (e.g. engineering and

administrative controls);

⎯ established good practice in the control of the particular hazard under consideration

⎯ adapting work to the individual (e.g. to take account of individual mental and physical capabilities);

⎯ taking advantage of technical progress to improve controls;

⎯ using measures that protect everyone (e.g. by selecting engineering controls that protect everyone in the vicinity of a hazard in preference to PPE);

⎯ human behaviour and whether a particular control measure will be accepted and can be effectively implemented ;

⎯ typical basic types of human failure (e.g. simple failure of a frequently repeated action, lapses of memory or attention, lack of understanding or error of judgement, and breach of rules or procedures) and ways of preventing them

⎯ the need to introduce planned maintenance of, for example, machinery safeguards;

⎯ the possible need for emergency/contingency arrangements where risk controls fail.

⎯ the potential lack of familiarity with the workplace and existing controls of those not in the direct employment of the organization e.g. visitors, contractor personnel

Once the controls have been determined the organization may need to prioritize its actions to implement them. In the prioritization of actions the organization should take into account the potential for risk reduction of the planned controls. It may be preferable that actions addressing a high risk activity or offering a substantial reduction of risk could take priority over actions that have only limited risk reduction benefit.

In some cases, it may be necessary to modify work activities until risk controls are in place or apply temporary risk controls until more effective actions are completed. For example, the use of hearing protection as an interim measure until the source of noise can be eliminated, or the workplace segregated to reduce the noise levels. Temporary controls should not be regarded as a long-term substitute for more effective risk control measures.

Legal requirements, voluntary standards and codes of practice can specify appropriate controls for specific hazards. In some cases, controls will need to be capable of attaining "as low as reasonably practicable" (ALARP) levels of risk. The organization should conduct ongoing monitoring to ensure that the adequacy of the controls is being maintained (see 4.5.1). Note The term "residual risk" is often used to describe the risk that remains after controls have been implemented.

4.3.1.7 Recording and documenting the results



The organization should document and keep the results of hazard identification, risk assessments and determined controls.

The following types of information should be recorded:

⎯ identification of hazards;

⎯ determination of the risks associated with the identified hazards;

⎯ indication of the levels of the risks related to the hazards,

⎯ description of, or reference to, the measures to be taken to control the risks;

⎯ identification of the competency requirements for implementing the controls (see 4.4.2).

When existing or intended controls are used in determining OH&S risks, these measures should be clearly documented so that the basis of the assessment will be clear when it is reviewed at a later date.

The description of measures to monitor and control risks can be included within operational control procedures (see 4.4.6). The identification of competency requirements can be included within training procedures (see 4.4.2).

4.3.1.8 On-going review

It is a requirement that hazard identification and risk assessment be on-going. This requires the organization to consider the timing and frequency of such reviews, as affected by the following types of issues: ⎯ the need to determine whether existing risk controls are effective and adequate

⎯ the need to respond to new hazards

⎯ the need to respond to changes that the organization itself has made (see 4.3.1.5)

⎯ the need to respond to feedback from monitoring activities, incident investigation (see 4.5.3), emergency situations or the results of testing of emergency procedures (see 4.4.7)

⎯ changes in legislation

⎯ external factors, e.g. emerging occupational health issues

⎯ advances in control technologies

⎯ changing diversity in the workforce, including contractors

⎯ changes proposed by corrective and preventive action (see 4.5.3)

Periodic reviews can help ensure consistency across risk assessments carried out by different people at different times. Where conditions have changed and/or better risk management technologies have become available, improvements should be made as necessary. It is not necessary to perform new risk assessments when a review can show that the existing or planned controls remain valid. Internal audits (see 4.5.5) can provide an opportunity to check that hazard identifications, risk assessments and controls are in place and up to date. Internal audits can also be a useful opportunity to check whether the assessment reflects actual workplace conditions and practice.

4.3.2 Legal and other requirements OHSAS 18001 text The organization shall establish, implement and maintain a procedure(s) for identifying and accessing the legal and other OH&S requirements that are applicable to it. The organization shall ensure that these applicable legal requirements and other requirements to which the organization subscribes are taken into account in establishing, implementing and maintaining its OH&S management system.



The organization shall keep this information up-to-date. The organization shall communicate relevant information on legal and other requirements to persons working under the control of the organization, and other relevant interested parties.

The organization should have made a policy commitment to compliance with applicable legal and other OH&S requirements that relates to its OH&S hazards (see 4.2).

These legal requirements can take many forms, such as

⎯ legislation, including statutes, regulations and codes of practice,

⎯ decrees and directives

⎯ orders issued by regulatory agencies

⎯ permits, licences or other forms of authorization

⎯ judgements of courts or administrative tribunals

⎯ treaties, conventions protocols

Depending on its circumstances and needs, an organization may subscribe voluntarily to requirements, other than legal requirements, that relate to its OH&S hazards. Such other OH&S requirements, can include

⎯ contractual conditions

⎯ agreements with employees

⎯ agreements with interested parties

⎯ agreements with health authorities

⎯ non-regulatory guidelines

⎯ voluntary principles, best practices or codes of practice, charters,

⎯ public commitments of the organization or its parent organization, and

⎯ corporate/company requirements

Some of these commitments or agreements may address a range of issues in addition to OH&S matters. The OH&S management system need only address such commitments or agreements to the extent that they relate to the organization's OH&S hazards.

To meet its policy commitments, the organization should have a structured approach to ensure that the legal and other requirements can be identified, evaluated for applicability, be accessed, communicated and be kept up to date.

Depending on the nature of its OH&S hazards, operations, equipment, materials etc., an organization should seek out relevant applicable OH&S legislative or other requirements. This may be achieved through the use of knowledge within the organization and/or through the use of external sources such as

⎯ internet

⎯ libraries

⎯ trade associations

⎯ regulatory bodies

⎯ legal services



⎯ OH&S institutes

⎯ OH&S consultants

⎯ equipment manufacturers

⎯ materials suppliers

⎯ contractors

From the results of the initial review, the organization should consider the legal or other requirements that are applicable to:

⎯ its sector

⎯ its activities,

⎯ its products, processes, facilities, equipment, materials, personnel

⎯ its location

External resources, such as those previously listed, may be helpful in locating and evaluating these requirements.

Having identified what is applicable, the organization's procedure needs to include information on how it can access the legal or other requirements. There is no requirement to maintain a library; it is sufficient that the organization be able to access the information when needed.

The organization's procedure should ensure that it can identify any changes that affect the applicability of legal or other requirements relevant to its OH&S hazards.

The organization's procedure needs to identify who should receive information on legal or other requirements, and ensure that relevant information is communicated to them (see 4.4.3)

Further guidance on how legal requirements should be taken into account in an organization's OH&S management system can be found throughout this OHSAS standard.

4.3.3 Objectives and programme(s) OHSAS 18001 text The organization shall establish, implement and maintain documented OH&S objectives, at relevant functions and levels within the organization. The objectives shall be measurable, where practicable, and consistent with the OH&S policy, including the commitments to the prevention of injury and ill health, to compliance with applicable legal requirements and with other requirements to which the organization subscribes, and to continual improvement. When establishing and reviewing its objectives, an organization shall take into account the legal requirements and other requirements to which the organization subscribes, and its OH&S risks. It shall also consider its technological options, its financial, operational and business requirements, and the views of relevant interested parties. The organization shall establish, implement and maintain a programme(s) for achieving its objectives. Programme(s) shall include as a minimum

a) designation of responsibility and authority for achieving objectives at relevant functions and levels of the organization; and

b) the means and time-frame by which the objectives are to be achieved.

The programme(s) shall be reviewed at regular and planned intervals, and adjusted as necessary, to ensure that the objectives are achieved.



4.3.3.1 Setting objectives

In the planning process, an organization sets objectives to fulfil the commitments established in its OH&S policy and its commitments to the prevention of injury and ill health

The process of setting and reviewing objectives and implementing programmes to achieve them provides a mechanism for the organization to improve the OH&S management system and/or to improve its OH&S performance.

When setting OH&S objectives the organization need to ensure that they:

- are consistent with its OH&S policy;

- take account of legal and other requirements,

- relate to its OH&S risks

The organization should also identify what other issues and factors it needs to consider, such as:

⎯ technological options, financial, operational and business requirements

⎯ policy and objectives relevant to the organization's business as a whole

⎯ results of hazard identification, risk assessment and existing controls

⎯ evaluations of the effectiveness of the OH&S management system (e.g. from internal audits)

⎯ views of workers (e.g. from employee perception or satisfaction surveys)

⎯ information from employee OH&S consultations, reviews and improvement activities in the workplace (these activities can be either reactive or proactive in nature)

⎯ analysis of performance against previously established OH&S objectives

⎯ past records of OH&S nonconformities and incidents

⎯ the results of the management review (see 4.6)

⎯ the need for and availability of resources.

The organization should identify the OH&S risks for which it needs to apply additional controls, or OH&S performance issues that it needs to improve. It needs to examine if these can be consolidated down into a number of groupings of key issues that can be defined as its OH&S objectives. Objectives that are specific; measurable; achievable; relevant; and timely can enable progress against the attainment of the objectives to be measured more readily by the organization. Note 1 Sometimes such objectives are referred to as being "SMART" Note 2 Objectives are sometimes given associated "targets". For the purpose of the OHSAS standards "targets" are viewed as being a sub-set of objectives. It is also advisable that the organization records the basis of the objectives, in order to facilitate future review

Examples of objectives can include:

• Objectives to increase or reduce something should specify a numerical figure (e.g. reduce handling incidents by 20 %)



• Objectives to introduce controls or eliminate hazards (e.g. noise reduction in a workshop)

• Objectives to introduce less hazardous materials in specific products

• Objectives to increase worker satisfaction in relation to OH&S, e.g. reduction of workplace stress

• Objectives to reducing worker exposure to hazardous substances, equipment or processes, e.g. the introduction of access controls, or guarding.

• Objectives to increase awareness or competence in performing work tasks

• Objectives that are put in place to meet legal requirements prior to their enactment.

During the establishment of OH&S objectives, particular regard should be given to information or data from those people most likely to be affected by individual OH&S objectives, as this can assist in ensuring that the objectives are reasonable and more widely accepted. It is also useful to consider information or data from sources external to the organization, e.g. from contractors or other interested parties.

The OH&S objectives should address both broad corporate OH&S issues and OH&S issues that are specific to individual functions and levels within the organization.

OH&S objectives may be broken down into tasks, depending on the size of the organization, the complexity of the OH&S objective and its time-scale. There should be clear links between the various levels of tasks and the OH&S objectives.

Specific OH&S objectives can be established by different functions and at different levels within the organization. Certain OH&S objectives, applicable to the organization as a whole, may be established by top management. Other OH&S objectives may be established by or for relevant individual departments or functions. Not all functions and departments are required to have specific OH&S objectives.

4.3.3.2 Programme(s)

In order to achieve the objectives a programme(s) should be established. A programme is an action plan for achieving all the OH&S objectives, or individual OH&S objectives. For complex issues more formal project plans may also need to be developed as part of the programme(s).

In considering the means necessary to establish the programme(s) the organization should examine the resources required (financial, human, infrastructure) and the tasks to be performed. The organization should assign responsibility, authority, and time-scales for the programme, in order to meet the overall time-scale of the related OH&S objective.

The OH&S objectives and programme(s) should be communicated (e.g. via training and/or group briefing sessions, etc.) to relevant personnel.

Reviews of programme(s) need to be conducted regularly, and the programme(s) adjusted or modified where necessary This can be as part of management review, or more frequently.

4.4 Implementation and operation

4.4.1 Resources, roles, responsibility, accountability and authority

OHSAS 18001 text

Top management shall take ultimate responsibility for OH&S and the OH&S management system. Top management shall demonstrate its commitment by:

a) ensuring the availability of resources essential to establish, implement, maintain and improve the OH&S management system; NOTE 1 Resources include human resources and specialized skills, organizational infrastructure, technology and financial resources.

b) defining roles, allocating responsibilities and accountabilities, and delegating authorities, to facilitate effective OH&S management; roles, responsibilities, accountabilities, and authorities



shall be documented and communicated.

The organization shall appoint a member(s) of top management with specific responsibility for OH&S, irrespective of other responsibilities, and with defined roles and authority for:

a) ensuring that the OH&S management system is established, implemented and maintained in accordance with this OHSAS Standard;

b) ensuring that reports on the performance of the OH&S management system are presented to top management for review and used as a basis for improvement of the OH&S management system. NOTE 2 The top management appointee (e.g. in a large organization, a Board or executive committee member) may delegate some of their duties to a subordinate management representative(s) while still retaining accountability.

The identity of the top management appointee shall be made available to all persons working under the control of the organization. All those with management responsibility shall demonstrate their commitment to the continual improvement of OH&S performance. The organization shall ensure that persons in the workplace take responsibility for aspects of OH&S over which they have control, including adherence to the organization’s applicable OH&S requirements.

Note: "Accountability" means ultimate "responsibility", and relates to the person who is held to account if something is not done, does not work, or fails to achieve its objective

The successful implementation of an OH&S management system calls for a commitment from all persons working under the control of the organization.

This commitment should begin at the highest levels of management and requires top management to

⎯ identify and make available, in a timely and efficient manner, all the resources needed to maintain a safe workplace

⎯ identify who needs to do what with respect to OH&S management and make sure they are aware of their responsibilities and what they are accountable for

⎯ ensure that those with responsibilities for OH&S management have the necessary authority to fulfil their role

⎯ ensure there is clarity of responsibilities at the interfaces between different functions (e.g. between departments, between different levels of management, between workers, between the organization and contractors, between the organization and its neighbours)

⎯ appoint one of its members as the person responsible for the OH&S system and reporting on its performance.

When identifying the resources needed to establish, implement and maintain the OH&S system, an organization should consider

⎯ financial, human and other resources specific to its operations

⎯ the technologies specific to its operations,

⎯ infrastructure and equipment,

⎯ information systems, and

⎯ need for expertise and training.

Resources and their allocation should be reviewed periodically, via management review, to ensure they are sufficient to carry out OH&S programmes and activities, including performance measurement and monitoring. For organizations with established OH&S management systems, the adequacy of resources can be at least partially evaluated by comparing the planned achievement of OH&S objectives with actual results. In evaluating adequacy of resources, consideration should also be given to planned changes and/or new projects or operations.

OHSAS 18001 requires that the responsibilities and authority of all persons who perform duties that are part of the OH&S management system have to be documented. These can be described and included in



⎯ OH&S management system procedures,

⎯ operational procedures or work station procedures

⎯ project and/or task descriptions

⎯ job descriptions

⎯ induction training packages.

However the organization is free to choose whatever format(s) best suits its needs.

Such documentation can, among others, be required for the following people:

⎯ the top management appointee for OH&S

⎯ management at all levels in the organization, including top management;

⎯ safety committee/safety teams

⎯ process operators and the general workforce;

⎯ those managing the OH&S of contractors;

⎯ those responsible for OH&S training;

⎯ those responsible for equipment that is critical for OH&S;

⎯ those responsible for managing facilities used as a workplace;

⎯ employees with OH&S qualifications, or other OH&S specialists, within the organization;

⎯ employee OH&S representatives on participative/consultative forums.

OHSAS 18001 requires that the OH&S management appointee has to be a member of top management. The OH&S management appointee may be supported by other personnel who have delegated responsibilities for monitoring the overall operation of the OH&S function. However, the management appointee should be regularly informed of the performance of the system, and should retain active involvement in periodic reviews and the setting of OH&S objectives. It should be ensured that any other duties or functions assigned to the top management appointee do not conflict with the fulfilment of their OH&S responsibilities.

Management at all levels should have responsibility for ensuring that OH&S is managed effectively within their area of operations. Where prime responsibility for OH&S matters rests with these levels of management, the role and responsibilities of any specialist OH&S function within the organization should be appropriately defined to avoid ambiguity with respect to responsibilities and authorities. This should include arrangements to resolve any conflict between OH&S issues and productivity considerations, and where appropriate by escalation to a higher level of management.

All managers should provide visible demonstration of their commitment to OH&S. Means of demonstration can include visiting and inspecting sites, participating in incident investigation, and providing resources in the context of corrective action, attendance and active involvement at OH&S meetings, communicating the status of safety activities, and acknowledging good OH&S performance.

However, the organization should also communicate and promote that OH&S is the responsibility of everyone in the organization, not just the responsibility of those with defined OH&S management system duties.

4.4.2 Competence, Training and awareness

OHSAS 18001 text The organization shall ensure that any person(s) under its control performing tasks that can impact on OH&S is (are) competent on the basis of appropriate education, training or experience, and shall



retain associated records. The organization shall identify training needs associated with its OH&S risks and its OH&S management system. It shall provide training or take other action to meet these needs, evaluate the effectiveness of the training or action taken, and retain associated records. The organization shall establish, implement and maintain a procedure(s) to make persons working under its control aware of:

a) the OH&S consequences, actual or potential, of their work activities, their behaviour, and the OH&S benefits of improved personal performance;

b) their roles and responsibilities and importance in achieving conformity to the OH&S policy and procedures and to the requirements of the OH&S management system, including emergency preparedness and response requirements (see 4.4.7);

c) the potential consequences of departure from specified procedures.

Training procedures shall take into account differing levels of: a) responsibility, ability, language skills and literacy; and

b) risk.

4.4.2.1 General

To enable persons under the organization's control to work and/or act safely, it should ensure that they:

- are aware of its OH&S risks,

- are aware of their roles and responsibilities

- have the necessary competence to perform tasks

- or are, where necessary, trained to achieve the required awareness/competence

The organization should require that contractors are able to demonstrate that their employees have the competence and/or appropriate training to work safely.

4.4.2.2 Competence

Management should determine the competence requirements for individual tasks and ensure that personnel meet the necessary requirements based on their education, training and/or experience. The organization may need to seek external advice in defining competence requirements.

OH&S competence requirements should be considered prior to recruiting new personnel, and/or the reassignment of those already working under the control of the organization.

An organization should identify and assess any differences between the competence needed to perform an activity and that possessed by the individual required to perform the activity. This difference can be rectified through training or other actions, e.g. additional education, skills development, etc.

When determining the level of competence required for a task, the following factors should be considered:

⎯ roles and responsibilities in the workplace; nature of the tasks to be performed, and their associated OH&S risks

⎯ the complexity and requirements of operating procedures and instructions

⎯ the results from incident investigations

⎯ legal and other requirements

⎯ individual capability (e.g. literacy, language skills etc.)



The organization should give specific consideration to the competency requirements for those person(s) who will be:

⎯ the top management appointee (see 4.4.1),

⎯ performing risk assessments (4.3.1)

⎯ performing exposure assessments (4.5.1)

⎯ performing audits (4.5.5)

⎯ performing incident investigations (4.5.3).

The organization should ensure that all personnel, including top management, are competent prior to permitting them to perform tasks that can impact on OH&S.

4.4.2.3 Training

The organization should consider the roles, responsibilities and authorities, in relation to its OH&S risks and the OH&S management system, in determining its training or other actions needed for those persons working under its control (including contractors, temporary staff etc.)

The training or other actions should focus on both competency requirements and the need to enhance awareness.

The organization should evaluate the effectiveness of the training or actions taken. This can be done in several ways, e.g. by written or oral examination, practical demonstration or observation, or other means that demonstrate competency and awareness.

Training records should be maintained (4.5.4).

4.4.2.4 Awareness

To ensure they work or act safely, the organization should make persons working under its control sufficiently knowledgeable of

⎯ emergency procedures

⎯ the consequences of their actions and behaviour in relation to OH&S risks

⎯ the benefits of improved OH&S performance

⎯ the potential consequences of departing from specified procedures

⎯ the need to conform to OH&S policies and procedures

⎯ any other aspects that might impact on OH&S.

Awareness programmes and procedures should take account of OH&S risks and individual capabilities, e.g. literacy and language skills.

Awareness programmes should be provided for contractors, temporary workers and visitors etc., according to the level of risk to which they are exposed.

4.4.3 Communication, participation and consultation

OHSAS 18001 text

4.4.3.1 Communication

With regard to its OH&S hazards and OH&S management system, the organization shall establish, implement and maintain a procedure(s) for:

a) internal communication among the various levels and functions of the organization;



b) communication with contractors and other visitors to the workplace;

c) receiving, documenting and responding to relevant communications from external interested parties.

4.4.3.2 Participation and consultation

The organization shall establish, implement and maintain a procedure(s) for: a) the participation of workers by their :

⎯ appropriate involvement in hazard identification, risk assessments and determination of controls;

⎯ appropriate involvement in incident investigation;

⎯ involvement in the development and review of OH&S policies and objectives;

⎯ consultation where there are any changes that affect their OH&S;

⎯ representation on OH&S matters.

Workers shall be informed about their participation arrangements, including who is their representative(s) on OH&S matters.

b) consultation with contractors where there are changes that affect their OH&S.

The organization shall ensure that, when appropriate, relevant external interested parties are consulted about pertinent OH&S matters.

4.4.3.1 General

The organization, through the processes of communication and consultation, should encourage participation in good OH&S practices and support for its OH&S policy and OH&S objectives from those affected by its activities or interested in its OH&S management system.

Communication is not just about the distribution of information; it should ensure that OH&S information is provided, received and understood across the organization.

Consultation is the process by which management and other persons, or their representatives, jointly consider and discuss issues of mutual concern. It involves seeking acceptable solutions to problems through the general exchange of views and information.

Examples of those who may be interested in or affected by an organization’s OH&S management system include employees at all levels of the organization, employee representatives, temporary workers, contractors, visitors, neighbours, volunteers, emergency services (see 4.4.7), insurers and government or regulatory body inspectors.

4.4.3.2 Communication

4.4.3.2.1 Procedures for internal and external communication

The organization should develop procedures for internal communication among various functions and levels of the organization and for external communication with interested parties.

The organization should effectively communicate information concerning its OH&S hazards and its OH&S management system to those involved in or affected by the management system in order for them to actively participate in, or support, the prevention of injury and ill health, as applicable.

When developing procedures for communication, the organization should consider the following:

⎯ the target audience and their information needs

⎯ appropriate methods and media

⎯ local culture, preferred styles and available technologies.

⎯ organizational complexity, structure and size



⎯ barriers to effective communication in the workplace such as illiteracy or language

⎯ legal requirements

⎯ the effectiveness of the various modes and flows of communication across all functions and levels of the organization.

⎯ evaluation of the effectiveness of the communication

OH&S issues can be communicated to employees, visitors and contractors via means, such as:

⎯ OH&S briefings and meetings, induction/orientation talks, etc.

⎯ Newsletters, posters, emails, suggestion boxes/schemes, websites, notice boards containing information on OH&S issues

4.4.3.2.2 Internal communication

It is important to effectively communicate information about OH&S risks and the OH&S management system at various levels and between various functions of the organization.

This should include information:

⎯ relating to management’s commitment to the OH&S management system (e.g. programmes undertaken and resources committed to improving OH&S performance)

⎯ concerning the identification of hazards and risks (e.g. information on process flow, materials in use, equipment specifications and observation of work practices)

⎯ about OH&S objectives and other continual improvement activities

⎯ relating to incident investigation (e.g. the type of incidents that are taking place, factors that may contribute to the occurrence of incidents, results of incident investigations)

⎯ relating to progress in eliminating OH&S hazards and risks (e.g. status reports showing progress of projects that have been completed or are underway)

⎯ relating to changes that may impact on the OH&S management system.

4.4.3.2.3 Communication with contractors and other visitors

It is important to develop and maintain procedures for communicating with contractors and other visitors to the workplace. The extent of this communication should be related to the OH&S risks faced by these parties.

The organization should have arrangements in place to clearly communicate its OH&S requirements to contractors. The procedure(s) should be appropriate to the OH&S hazards and risks associated with the work to be performed. In addition to communicating performance requirements, the organization should communicate the consequences associated with nonconformity with OH&S requirements.

Contracts are often used to communicate OH&S performance requirements. Contracts may need to be supplemented with other on-site arrangements (e.g. pre-project OH&S planning meetings) to ensure that appropriate controls are implemented to protect individuals at the workplace.

The communication should include information about any operational controls (see 4.4.6) related to the specific tasks to be performed or the area where the work is to be done. This information should be communicated before the contractor comes on site and then supplemented with additional or other information (e.g. a site tour), as appropriate, when the work starts. The organization should also have procedures in place for consultation with contractors when there are changes that affect their OH&S (see 4.4.3.4).

The following could also be relevant to the organization when developing its procedure(s) for communications with contractors:



⎯ information about the contractor’s OH&S management system (e.g. established policies and procedures to address pertinent OH&S hazards)

⎯ legal or regulatory requirements that impact on the method or extent of communication

⎯ previous OH&S experience (e.g. OH&S performance data)

⎯ the existence of multiple contractors at the worksite

⎯ staffing for accomplishing OH&S activities (e.g. exposure monitoring, equipment inspections)

⎯ emergency response

⎯ the need for alignment of the contractor’s OH&S policies and practices with those of the organization and other contractors at the worksite

⎯ the need for additional consultation and/or contractual provisions for high-risk tasks

⎯ requirements for the assessment of conformance with agreed OH&S performance criteria

⎯ processes for incident investigation, reporting of nonconformities and corrective action

⎯ arrangements for day-to-day communications

For visitors (including delivery people, customers, members of the public, service providers, etc.), communication may include warning signs and security barriers as well as verbal or written communication. Information that should be communicated includes:

⎯ OH&S requirements relevant to their visit

⎯ evacuation procedures and responses to alarms

⎯ traffic controls

⎯ access controls and escort requirements

⎯ any personal protective equipment that needs to be worn (e.g. safety glasses).

4.4.3.2.4 Communication with external interested parties

The organization needs to have a procedure(s) in place for receiving, documenting and responding to relevant communications from external interested parties.

The organization should provide appropriate and consistent information about its OH&S hazards and its OH&S management system in accordance with its OH&S policy and applicable legal and other requirements. This may include information concerning its normal operations or potential emergency situations.

External communication procedures often include the identification of designated contact individuals. This allows for appropriate information to be communicated in a consistent manner. This can be especially important in emergency situations where regular updates may be needed and a wide range of questions may need to be answered (see 4.4.7).

4.4.3.3 Procedures for Worker Participation

The organization should have a procedure(s) in place to enable worker participation.

The procedure(s) should encourage active participation in good OH&S practices and enable the involvement of workers in the development of the OH&S management system. The arrangements should take account of any legal or regulatory requirements, as applicable, language and literacy issues.

Workers should be informed about the arrangements that have been made for their participation and the individual who represents them on OH&S matters. OH&S representatives should have defined roles.



In addition to the requirements in OHSAS 18001, clause 4.4.3.2, the organization's procedure(s) for the involvement of workers could include:

⎯ consultation in the selection of appropriate controls, including discussion of alternative options for controlling specific hazards and their beneficial or adverse outcomes

⎯ involvement in recommending improvements to OH&S performance

⎯ consultation concerning changes that affect OH&S (e.g. introduction of new or modified equipment, new chemicals or materials, new processes, procedures or work patterns)

In developing its procedure(s) for worker participation, the organization should consider potential barriers to participation and incentives to good OH&S practices.

4.4.3.4 Procedures for Consultation with Contractors and External Interested Parties

The organization should have a procedure(s) for consulting with contractors and other external interested parties, where appropriate. For example, the organization may need to consult with regulatory agencies concerning certain OH&S matters (e.g. applicability and interpretation of OH&S legal requirements), or with emergency services (see 4.4.7).

In considering the need for consultation with contractors on changes that can affect their OH&S, the organization should take account of the following:

⎯ new or unfamiliar hazards (including those that may be introduced by the contractor)

⎯ re-organization

⎯ new or amended controls

⎯ changes in materials, equipment, exposures etc.

⎯ changes in emergency arrangements

⎯ changes in legal or other requirements

For consultation with external parties, the organization should give consideration to factors such as:

⎯ changes in emergency arrangements

⎯ hazards that may impact neighbours, or hazards from neighbours

⎯ changes in legal or other requirements

4.4.4 Documentation

OHSAS 18001 text The OH&S management system documentation shall include:

a) the OH&S policy and objectives;

b) description of the scope of the OH&S management system;

c) description of the main elements of the OH&S management system and their interaction, and reference to related documents;

d) documents, including records, required by this OHSAS Standard; and

e) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of processes that relate to the management of its OH&S risks.

NOTE It is important that documentation is proportional to the level of complexity, hazards and risks concerned and is kept to the minimum required for effectiveness and efficiency.



The organization should maintain up-to-date sufficient documentation to ensure that its OH&S management system can be adequately understood and effectively and efficiently operated.

Typical inputs include the following items:

⎯ details of the documentation and information systems the organization develops to support its OH&S management system and OH&S activities, and to fulfil the requirements of OHSAS 18001;

⎯ responsibilities and authorities;

⎯ information on the local environments in which documentation or information is used, and constraints that this can put on the physical nature of documentation, or the use of electronic or other media.

The organization should review its documentation and information needs for the OH&S management system, before developing the documentation necessary to support its OH&S processes.

In determining what documentation is required the organization should identify where there is any risk that a task, through lack of a written instruction, will not be performed in the required manner.

There is no requirement to develop documentation in a particular format in order to conform to OHSAS 18001, nor is it necessary to replace existing documentation such as manuals, procedures, or work instructions where these adequately describe current arrangements. If the organization already has an established, documented OH&S management system, it can prove more convenient and effective for it to develop, for example, an overview document describing the inter-relation between its existing procedures and the requirements of OHSAS 18001.

Account should be taken of the following:

⎯ the responsibilities and authorities of the users of the documentation and information, as this should lead to consideration of the degree of security and accessibility that needs to be imposed, particularly with electronic media, and change controls (see 4.4.5);

⎯ the manner in which physical documentation is used, and the environment in which it is used, as this can require consideration of the format in which it is presented. Similar consideration should be given concerning the use of electronic equipment for information systems.

Records are a particular type of document (see 4.5.4).

4.4.5 Control of documents

OHSAS 18001 text

Documents required by the OH&S management system and by this OHSAS Standard shall be controlled. Records are a special type of document and shall be controlled in accordance with the requirements given in 4.5.4. The organization shall establish, implement and maintain a procedure(s) to:

a) approve documents for adequacy prior to issue;

b) review and update as necessary and re-approve documents;

c) ensure that changes and the current revision status of documents are identified;

d) ensure that relevant versions of applicable documents are available at points of use;

e) ensure that documents remain legible and readily identifiable;

f) ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the OH&S management system are identified and their distribution controlled; and

g) prevent the unintended use of obsolete documents and apply suitable identification to them if they are retained for any purpose.



All documents and data containing information required for the operation of the OH&S management system and the performance of the organization's OH&S activities, should be identified and controlled.

Typical inputs include the following items:

⎯ details of the documentation and data systems the organization develops to support its OH&S management system and OH&S activities, and to fulfil the requirements of OHSAS 18001;

⎯ details of responsibilities and authorities.

Written procedures should define the controls for the identification, approval, issue and removal of OH&S documentation, together with the control of OH&S data (in accordance with the requirements of 4.4.5 from OHSAS 18001 above). These procedures should clearly define the categories of documentation and data to which they apply.

Documentation and data should be available and accessible when required, under routine and non-routine conditions, including emergencies. This could include ensuring that up-to-date plant engineering drawings, hazardous material data sheets, procedures and instructions etc. are available to those persons who require them in an emergency.

The organization should establish procedures for identifying any documents of external origin required for planning and implementing its OH&S management system. The distribution of these documents needs to be controlled to ensure that the most current information is used in making decisions impacting OH&S. For example, the organization should establish procedures for managing the safety data sheets developed for hazardous substances used by the organization. Responsibility for this task should be assigned. The person charged with this task should ensure that all persons in the organization are kept informed of any relevant changes to such information that affects their duties or working conditions.

Documents should be reviewed from time to time to ensure that they are still valid and accurate. This can be performed as a dedicated exercise, and could also be necessary:

⎯ as part of a review of risk assessment of processes;

⎯ after part of a response to an incident;

⎯ as part of the management of change procedure; and

⎯ following changes in processes, installation, workplace layout etc.

Obsolete documents retained for reference can present a particular risk, and great care should be taken to ensure that they do not return back into circulation. However, it is sometimes necessary to retain obsolete documents as part of the records relating to the development or performance of the OH&S management system.

Typical outputs include the following items:

⎯ document control procedure, including assigned responsibilities and authorities;

⎯ document registers, master lists or indexes;

⎯ list of controlled documentation and its location;

⎯ archive records (some of which should be held in accordance with legal or other time requirements).

4.4.6 Operational control

OHSAS 18001 text

The organization shall determine those operations and activities that are associated with the identified hazard(s) where the implementation of controls is necessary to manage the OH&S risk(s). This shall include the management of change (see 4.3.1). For those operations and activities, the organization shall implement and maintain:

a) operational controls, as applicable to the organization and its activities; the organization



shall integrate those operational controls into its overall OH&S management system;

b) controls related to purchased goods, equipment and services;

c) controls related to contractors and other visitors to the workplace;

d) documented procedures, to cover situations where their absence could lead to deviations from the OH&S policy and the objectives;

e) stipulated operating criteria where their absence could lead to deviations from the OH&S policy and objectives.

4.4.6.1 General

Once it has gained an understanding of its OH&S hazards (4.3.1), the organization should implement the operational controls that are necessary to manage the associated risks and comply with applicable OH&S legal and other requirements. The overall goal of OH&S operational controls is to manage the OH&S risks to fulfil the OH&S policy and objectives.

Information to be considered when establishing and implementing operational controls includes:

⎯ OH&S policy and objectives

⎯ results of hazard identification, risk assessment, evaluation of existing controls and determination of new controls (see 4.3.1)

⎯ management of change processes (see 4.3.1.5)

⎯ information on existing standard operating procedures

⎯ legal and other requirements to which the organization subscribes (see 4.3.2)

⎯ product supply chain controls related to purchased goods, equipment and services

⎯ feedback from participation and consultation (see 4.4.3)

⎯ the nature of and extent to which tasks are to be performed by contractors and other external personnel

⎯ access to the workplace by visitors, delivery personnel, service contractors, etc.

When developing operational controls, priority should be given to control options with higher reliability in preventing injury or ill health, consistent with the hierarchy of controls, i.e. this should start with redesign of equipment or processes to eliminate or reduce hazard(s), improved signage/warnings for hazard avoidance, improved administrative procedures and training to reduce the frequency and duration of worker exposures to inadequately controlled hazards, and lastly the use of personal protective equipment to reduce severity of injury or exposure (see 4.3.1.6).

The identified operational controls need to be implemented, evaluated on an on-going basis (4.3.1.8) to verify their effectiveness, and integrated into the overall OH&S management system.

4.4.6.2 Establishing and implementing operational controls

Operational controls should be established and implemented as necessary to manage the OH&S risks to an acceptable level, for operational areas and activities e.g. purchasing, research and development, sales, services, offices, off-site work, home based working, manufacturing, transportation and maintenance. Operational controls can use a variety of different methods e.g. physical devices (such as barriers, access controls), procedures, work instructions, alarms and signage.

The organization should establish operational controls to eliminate, or reduce and control, the OH&S risks that could be introduced into the workplace by employees, contractors, other external personnel, members of the public and/or visitors. Operational controls may also need to take into account situations where OH&S risks extend into



public areas or areas controlled by other parties (e.g. when employees of the organization are working at a client's site). It may sometimes be necessary to consult with external parties in such circumstances.

Examples of areas in which OH&S risks typically arise, and examples of their associated control measures include:

a) General control measures

⎯ Regular maintenance and repair of facilities, machinery and equipment to prevent unsafe conditions from developing;

⎯ Housekeeping and maintenance of clear walkways

⎯ Traffic management (i.e. the management of the separation of vehicle and pedestrian movements)

⎯ Provision and maintenance of workstations;

⎯ Maintenance of the thermal environment (temperature, air quality)

⎯ Maintenance of the ventilation systems and electrical safety systems;

⎯ Maintenance of emergency plans

⎯ Policies related to travel, bullying, sexual harassment, drug and alcohol abuse, etc.

⎯ Health programs (medical surveillance programmes)

⎯ Training and awareness programmes relating to the use of particular controls (e.g. permit to work systems)

⎯ Access controls

b) Performance of hazardous tasks

⎯ Use of procedures, work instructions, or approved working methods

⎯ Use of appropriate equipment

⎯ Pre-qualification and/or training of personnel or contractors for hazardous tasks

⎯ Use of permit-to-work systems, pre-approvals, or authorisations

⎯ Procedures controlling the entry and exit of personnel to hazardous work sites

⎯ Controls to prevent ill health

c) Use of hazardous materials

⎯ Identification of approved inventory levels, storage locations and storage conditions;

⎯ Conditions of use for hazardous materials

⎯ Limitations of areas where hazardous materials can be used;

⎯ Secure and safe storage provisions and control of access;

⎯ Provision of and access to material safety data and other relevant information.

⎯ Shielding of radiation sources

⎯ Isolation of biological contaminants

⎯ Knowledge in the use of and availability of emergency equipment (4.4.7)



d) Facilities and equipment

⎯ Regular maintenance and repair of facilities, machinery and equipment to prevent unsafe conditions from developing;

⎯ Housekeeping and maintenance of clear walkways, and traffic management

⎯ Provision, control and maintenance of PPE;

⎯ Inspection and testing of OH&S equipment such as guarding, fall arrest systems, shutdown systems, rescue equipment for confined spaces, lock-out systems, fire detection and suppression equipment, exposure monitoring devices, ventilation systems and electrical safety systems;

⎯ Inspection and testing of material handling equipment (cranes, forklifts, hoists and other lifting devices).

e) Purchase of goods, equipment and services

⎯ Establishment of OH&S requirements for goods, equipment and services to be purchased

⎯ Communication of the organization's own OH&S requirements to suppliers

⎯ Pre-approval requirements for the purchase or transport/transfer of hazardous chemicals, materials and substances;

⎯ Pre-approval requirements and specifications for the purchase of new machinery and equipment;

⎯ Pre-approval of procedures for the safe operation of machinery, equipment, and/or the safe handling of materials prior to their use;

⎯ Selection and monitoring of suppliers

⎯ Inspection of received goods, equipment and services, and (periodic) verification of their OH&S performance

⎯ Approval of the design of OH&S provisions for new facilities;.

f) Contractors

⎯ Establish criteria for the selection of contractors

⎯ Communication of the organization's own OH&S requirements to contractors

⎯ Evaluation, monitoring and periodic re-evaluation, of the OH&S performance of contractors;

g) Other external personnel or visitors in the workplace

As the knowledge and capabilities of visitors or other external personnel vary greatly, this should be considered when developing controls. Examples may include

⎯ Entry controls

⎯ Establishing their knowledge and capabilities prior to permitting the use of equipment

⎯ Provision of advice, training as necessary

⎯ Warning signage/administrative controls

⎯ Methods for monitoring and supervising their activities

4.4.6.3 Stipulating Operating Criteria

The organization should stipulate operating criteria where they are necessary for the prevention of injury or ill health. Operational criteria should be specific to the organization, its operations and activities, and be related to its own OH&S risks, where their absence could lead to deviation from the OH&S policy and objectives.



Examples of operating criteria can include:

a) For hazardous tasks

⎯ Use of specified equipment, and procedures/work instructions for its use

⎯ Competency requirements

⎯ Use of specified entry control processes and equipment

⎯ Authorities/guidelines/instructions/procedures for individual risk assessment prior to immediate commencement of the task

b) For hazardous chemicals:

⎯ Approved chemical lists

⎯ Exposure limits

⎯ Specific inventory limits

⎯ Specified storage locations and conditions

c) For task involving entry into hazardous areas:

⎯ Specification of personal protective equipment requirements

⎯ Specified conditions for entry

⎯ Health and fitness conditions

d) For tasks involving work performed by contractors:

⎯ Specification of OH&S performance criteria

⎯ Specification of competency and/or training requirements for contractor personnel

⎯ Specification/inspection of contractor provided equipment

e) For OH&S hazards to visitors

⎯ Entry controls (sign-in/sign-out, access limitations)

⎯ PPE requirements

⎯ Orientation

⎯ Emergency requirements

4.4.6.4 Maintaining Operational Controls

Operational controls should be reviewed on a periodic basis to evaluate their on-going suitability and effectiveness. Changes that are identified as necessary should be implemented (see 4.3.1).

In addition, procedures should be in place to identify circumstances where new controls and/or modifications of existing operational controls are needed. Proposed changes to existing operations should be evaluated for OH&S hazards and risks before they are implemented. When there are changes to operational controls, the organization should consider whether there are new or modified training needs (see section 4.4.2).



4.4.7 Emergency preparedness and response

OHSAS 18001 text The organization shall establish, implement and maintain a procedure(s):

a) to identify the potential for emergency situations;

b) to respond to such emergency situations.

The organization shall respond to actual emergency situations and prevent or mitigate associated adverse OH&S consequences. In planning its emergency response the organization shall take account of the needs of relevant interested parties, e.g. emergency services and neighbours. The organization shall also periodically test its procedure(s) to respond to emergency situations, where practicable, involving relevant interested parties as appropriate. The organization shall periodically review and, where necessary, revise its emergency preparedness and response procedure(s), in particular, after periodical testing and after the occurrence of emergency situations (see 4.5.3).

4.4.7.1 General

The organization should assess the potential for emergency situations that impact on OH&S and develop a procedure(s) for an effective response(s). This may be a stand alone procedure(s) or combined with other emergency response procedure(s). The organization should periodically test its emergency preparedness and seek to improve the effectiveness of its response activities and procedure(s).

Note Where the procedure is combined with other emergency response procedure(s), the organization needs to ensure that it addresses all potential OH&S impacts and should not presume that the procedures relating to fire safety, or environmental emergencies etc., will be sufficient.

4.4.7.2 Identification of Potential Emergency Situations

Procedures to identify potential emergency situations that could impact on OH&S should consider emergencies that can be associated with specific activities, equipment or workplaces.

Examples of possible emergencies, which vary in scale, can include:

⎯ incidents leading to serious injuries or ill health

⎯ fires and explosions

⎯ release of hazardous materials/ gases

⎯ natural disasters, bad weather

⎯ loss of utility supply, (e.g. loss of electric power)

⎯ pandemics/ epidemics/ outbreaks of communicable disease

⎯ civil disturbance, terrorism, sabotage, workplace violence

⎯ failure of critical equipment

⎯ traffic accidents

When identifying potential emergency situations, consideration should be given to emergencies that may occur during both normal operations and abnormal conditions (e.g. operation start-up or shut-down, construction or demolition activities).



Emergency planning should also be reviewed as a part of the on-going management of change. Changes in operations may introduce new potential emergencies or necessitate that changes be made to emergency response procedures. For example, changes in facility layout may impact emergency evacuation routes.

The organization should identify and assess how emergency situations will impact all persons within and/or in the immediate vicinity of workplaces controlled by the organization. Consideration should be given to those with special needs, e.g. people with limited mobility, vision and hearing. This could include employees, temporary workers, contract employees, visitors, neighbours or other members of the public. The organization should also consider potential impacts on emergency services (e.g. fire-fighters).

Information that should be considered in identifying potential emergency situations includes the following:

⎯ the results of hazard identification and risk assessment activities performed during the OH&S planning process (see Section 4.3.1)

⎯ legal requirements

⎯ the organization’s previous incident (including accident) and emergency experience

⎯ emergency situations that have occurred in similar organizations

⎯ information related to accident and/or incident investigations posted on the websites of regulatory agencies or emergency response agencies

4.4.7.3 Establishing and Implementing Emergency Response Procedures

Emergency response should focus on the prevention of ill health and injury and the minimisation of the consequences of person(s) exposed to an emergency situation.

A procedure(s) for responding to emergency situations should be developed so that the adverse OH&S consequences of an emergency event can be minimized. Emergency preparedness and response procedures should also take into account applicable legal and other requirements.

The emergency procedure(s) should be clear and concise to facilitate their use in emergency situations. They should also be readily available for use by emergency services. Emergency procedure(s) that are stored on a computer or by other electronic means may not be readily available in the event of a power failure, so paper copies of emergencies procedure(s) may need to be maintained in readily accessible locations.

Consideration should be taken account of the existence and/or capability of the following, in developing emergency response procedure(s):

⎯ inventory and location of hazardous materials storage

⎯ numbers and locations of people

⎯ critical systems that may impact on OH&S

⎯ emergency training provision

⎯ detection and emergency control measures

⎯ medical equipment, first aid kits etc.

⎯ alternate control systems, e.g. containment systems

⎯ back-up control systems or monitors

⎯ monitoring systems for hazardous materials

⎯ fire detection and suppression systems

⎯ emergency power sources



⎯ availability of local emergency services and details of any emergency response arrangements currently in place

⎯ legal and other requirements

⎯ previous emergency response experience

When the organization determines that external services are needed for emergency response (e.g. hazardous material contractors, external testing laboratories), pre-approved (contractual) arrangements should be put in place. Particular attention should be paid to staffing levels, response schedules and emergency service limitations.

Emergency response procedure(s) should define the roles, responsibilities and authorities of those with emergency response duties, especially those with an assigned duty to provide an immediate response. These personnel should be involved in the development of the emergency procedure(s) to ensure they are fully aware of the type and scope of emergencies that they may be expected to handle, as well as the arrangements needed for coordination. Emergency service personnel should be provided with the information required to facilitate their involvement in response activities.

Emergency response procedures should give consideration to the following:

⎯ identification of potential emergency situations and locations

⎯ details of the actions to be taken by personnel during the emergency (including actions to be taken by staff working off-site, by contractors and visitors)

⎯ evacuation procedures

⎯ responsibility, authority and duties of personnel with specific response roles during the emergency (e.g. fire-wardens, first-aid staff, spill clean-up specialists)

⎯ interface and communication with emergency services

⎯ communication with employees (both on-site and off-site), regulatory agencies and other interested parties (e.g. family, neighbours, local community, media)

⎯ information necessary for undertaking the emergency response (plant layout drawings, identification and location of emergency response equipment, identification and location of hazardous materials, utility shut-off locations, contact information for emergency response providers)

4.4.7.4 Emergency response equipment

The organizations should determine and review its emergency response equipment and material needs.

Emergency response equipment and materials can be needed to perform a variety of functions during an emergency such as evacuation, leak detection, fire suppression, chemical/biological/radiological monitoring, communication, isolation, containment, shelter, personal protection, decontamination, and medical evaluation and treatment.

Equipment should be available in sufficient quantity and stored in locations where it is readily accessible, protected from being damaged and secure. This equipment should be inspected and/or tested at regular intervals to ensure that it will be operational in an emergency situation.

Special attention should be paid to equipment and materials used to protect emergency response personnel. Individuals should be informed of the limitations of personal protective devices and trained in their proper use.

The type, quantity and storage location(s) for emergency equipment and supplies should be evaluated as a part of the review and testing of emergency procedures.

4.4.7.5 Emergency response training

Personnel should be trained in how to initiate the emergency response and evacuation procedures (see 4.4.2).



The organization should identify the training needed for personnel who are assigned emergency response duties and ensure that this training is received. Emergency response personnel should remain competent and capable to carry out their assigned activities.

The need for re-training or other communications should be identified when modifications are made that impact on the emergency response.

4.4.7.6 Periodic testing of emergency procedures

Periodic testing of emergency procedures should be performed to ensure that the organization and external emergency services can appropriately respond to emergency situations and prevent or mitigate associated OH&S consequences.

Note OHSAS 18001, clause 4.4.7, specifies that emergency response procedures shall be periodically tested "where practicable". This means that such testing has to be performed if it is capable of being done.

Testing of emergency procedures should involve external emergency services providers, where appropriate, to develop an effective working relationship. This can improve communication and cooperation during an emergency.

Emergency drills can be used to evaluate the organization’s emergency procedures, equipment and training, as well as increase overall awareness of emergency response protocols. Internal parties (e.g. workers) and external parties (e.g. fire department personnel) may be included in the drills to increase awareness and understanding of emergency response procedures.

The organization should maintain records of emergency drills. The type of information that should be recorded includes a description of the situation and scope of the drill, a timeline of events and actions and observations of any significant achievements or problems. This information should be reviewed with the drill planners and participants to share feedback and recommendations for improvement.

4.4.7.7 Reviewing and revising emergency procedures

Reviews of emergency preparedness and response procedure(s) should be done periodically. Examples of when this should be done are:

⎯ on a schedule defined by the organization

⎯ during management reviews

⎯ following organizational changes

⎯ as a result of management of change, corrective action, or preventive action (see 4.5.3)

⎯ following an event that activated the emergency response procedures

⎯ following drills or tests that identified deficiencies in the emergency response

⎯ following changes to legal or regulatory requirements

⎯ following external changes impacting the emergency response

When changes are made in emergency preparedness and response procedure(s), these changes should be communicated to the personnel and functions that are impacted by the change; their associated training needs should also be evaluated.

4.5 Checking 4.5.1 Performance measurement and monitoring OHSAS 18001 text The organization shall establish, implement and maintain a procedure(s) to monitor and measure OH&S performance on a regular basis. This procedure(s) shall provide for:

a) both qualitative and quantitative measures, appropriate to the needs of the organization;



b) monitoring of the extent to which the organization’s OH&S objectives are met;

c) monitoring the effectiveness of controls (for health as well as for safety);

d) proactive measures of performance that monitor conformance with the OH&S programme(s), controls and operational criteria;

e) reactive measures of performance that monitor ill health, incidents (including accidents, near-misses, etc.), and other historical evidence of deficient OH&S performance;

f) recording of data and results of monitoring and measurement sufficient to facilitate subsequent corrective action and preventive action analysis.

If equipment is required to monitor or measure performance, the organization shall establish and maintain procedures for the calibration and maintenance of such equipment, as appropriate. Records of calibration and maintenance activities and results shall be retained.

4.5.1.1 General

An organization should have a systematic approach for measuring and monitoring its OH&S performance on a regular basis. Monitoring involves collecting information, such as measurements or observations, over time, using equipment or techniques that have been confirmed as being fit for purpose. Measurements can be either quantitative or qualitative. Monitoring and measurements can serve many purposes in an OH&S management system, such as

⎯ tracking progress on meeting policy commitments, achieving objectives and targets, and continual improvement,

⎯ monitoring exposures to determine whether applicable legal requirements or other requirements to which the organization subscribes have been met,

⎯ monitoring incidents, injuries and ill health

⎯ providing data to evaluate the effectiveness of operational controls, or to evaluate the need to modify or introduce new controls (see 4.3.1),

⎯ providing data to proactively and reactively measure the organization's OH&S performance, and

⎯ providing data to evaluate the performance of the OH&S management system.

To achieve these purposes, an organization should plan what will be measured, the competence requirements (see 4.4.2), where and when it should be measured, and what methods should be used. To focus resources on the most important measurements, the organization should identify the key characteristics of processes and activities that can be measured and that provide the most useful information. The organization needs to establish a procedure(s) for performance measurement and monitoring to provide consistency in measurements and enhance the reliability of data produced.

The results of measurement and monitoring should be analysed and used to identify both successes and areas requiring correction or improvement.

The organization's measuring and monitoring should be primarily focussed on proactive measures to drive performance improvement and injury reduction, but may also need to use reactive measures.

a) Examples of proactive measures include: ⎯ assessments of compliance with legal and regulatory OH&S requirements

⎯ the effective use of the results of workplace safety tours or inspections

⎯ evaluation of the effectiveness of OH&S training

⎯ use of OH&S behaviour based observation

⎯ use of perception surveys to evaluate OH&S culture



⎯ the effective use of the results of internal and external audits

⎯ completion of legally required and other inspections as scheduled

⎯ the extent to which programme(s) (see 4.3.3) have been implemented

⎯ the effectiveness of the employee participation process

⎯ the use of health screening

⎯ exposure modelling and monitoring

⎯ benchmarking against good OH&S practices

⎯ work activity assessments

b) Examples of reactive measures include:

⎯ monitoring of ill health

⎯ occurrences and rates of incidents and ill health

⎯ lost time incident rates, lost time ill health rates

⎯ actions required following assessments by regulatory agencies

⎯ actions following receipt of comments from interested parties

4.5.1.2 Monitoring and measuring equipment

OH&S monitoring and measurement equipment should be suitable, capable and relevant for the OH&S performance characteristics to be measured...

To assure the validity of results, monitoring equipment used to measure OH&S conditions (e.g. sampling pumps, noise meters, toxic gas detection equipment, etc) should be maintained in good working order and calibrated or verified, and adjusted if necessary, against measurement standards, traceable to international or national measurement standards. If no such standards exist, the basis used for calibration should be recorded.

Where computer software or computer systems are used to gather, analyse, or monitor data, and can affect the accuracy of OH&S performance results, they should be validated to test their suitability, prior to use.

Appropriate equipment should be selected and be used in a way that will provide accurate and consistent results. This could involve confirming the suitability of sampling methods or sampling locations or specifying that the equipment be used in a specific way.

The calibration status of measuring equipment should be clearly identified to the users. OH&S measuring equipment whose calibration status is unknown, or which is known to be out of calibration, should not be used. Additionally, it should be removed from use, and be clearly labelled, tagged, or otherwise marked, to prevent misuse.

Calibration and maintenance should be performed by competent personnel (see 4.4.2).



4.5.2 Evaluation of compliance

OHSAS 18001 text

4.5.2.1 Consistent with its commitment to compliance [see 4.2c)], the organization shall establish, implement and maintain a procedure(s) for periodically evaluating compliance with applicable legal requirements (see 4.3.2).

The organization shall keep records of the results of the periodic evaluations. NOTE The frequency of periodic evaluation may vary for differing legal requirements.

4.5.2.2 The organization shall evaluate compliance with other requirements to which it subscribes (see 4.3.2). The organization may wish to combine this evaluation with the evaluation of legal compliance referred to in 4.5.2.1 or to establish a separate procedure(s).

The organization shall keep records of the results of the periodic evaluations. NOTE The frequency of periodic evaluation may vary for differing other requirements to which the organization subscribes.

An organization should establish, implement and maintain a procedure for periodically evaluating its compliance with the legal or other requirements that are applicable to its OH&S risks, as part of its commitment to compliance.

Evaluation of the organization's compliance should be performed by competent persons either from within the organization and/or using external resources.

A variety of inputs can be used to assess compliance, including:

⎯ audits

⎯ the results of regulatory inspections

⎯ analysis of legal and other requirements

⎯ reviews of documents and /or records of incidents and risk assessments

⎯ interviews

⎯ facility, equipment and area inspections

⎯ project or work reviews

⎯ analysis of test results from monitoring and testing

⎯ facility tours and / or direct observations

The organization's processes for the evaluation of compliance can depend on its nature (size, structure and complexity). A compliance evaluation can encompass multiple legal requirements or a single requirement. The frequency of evaluations can be affected by factors such as past compliance performance or specific legal requirements. The organization can choose to evaluate compliance with individual requirements at different times or at different frequencies, or as appropriate.

A compliance evaluation programme can be integrated with other assessment activities. These can include management system audits, environmental audits or quality assurance checks.

Similarly, an organization should periodically evaluate its compliance with other requirements to which it subscribes (for further guidance on other requirements, see 4.3.2). An organization can choose to establish a separate process for conducting such evaluations or it may choose to combine these evaluations with its evaluations of compliance with legal requirements (see above), its management review process (4.6) or other evaluation processes.

The results of the periodic evaluations of compliance with legal or other requirements need to be recorded.



4.5.3 Incident investigation, nonconformity, corrective action and preventive action

4.5.3.1 Incident investigation

OHSAS 18001 text The organization shall establish, implement and maintain a procedure(s) to record, investigate and analyze incidents in order to:

a) determine underlying OH&S deficiencies and other factors that might be causing or contributing to the occurrence of incidents;

b) identify the need for corrective action;

c) identify opportunities for preventive action;

d) identify opportunities for continual improvement;

e) communicate the results of such investigations.

The investigations shall be performed in a timely manner. Any identified need for corrective action or opportunities for preventive action shall be dealt with in accordance with the relevant parts of 4.5.3.2. The results of incident investigations shall be documented and maintained.

A good system for incident investigation offers the organization

⎯ one of the best opportunities for preventing reoccurrence of incidents and identifying opportunities for proactive improvement and

⎯ to raise the overall OH&S awareness in the workplace.

Organizations should have a procedure(s) for reporting, investigating and analyzing incidents. The purpose of the procedure(s) is to provide a structured, proportionate and timely approach to identifying and dealing with the underlying (root) cause(s) of the incident.

All incidents should be investigated. The organization should seek to prevent the under-reporting of incidents. In determining the nature of the investigation, the resources needed, and the priority to be given to investigation of an incident, account should be taken of

⎯ the actual outcome and consequences of the incident, and

⎯ the frequency of such incidents and their potential consequences.

In developing those procedures the organization should give consideration to the following

⎯ the need for a common understanding and acceptance of what constitutes an “incident” (see 3.9) and the benefits that may be gained from its investigation.

⎯ that reporting should capture all types of incidents, including major and minor accidents, emergencies, near misses, instances of ill health and those that take place over a period of time (e.g. exposure).

⎯ the need to meet any legal requirements relating to the reporting and investigation of incidents, e.g. maintenance of a register of accidents.

⎯ defining the assignment of authority and responsibilities for reporting of incidents and subsequent investigations.

⎯ the need for immediate action to deal with imminent risks

⎯ the need for investigation to be impartial and objective.



⎯ the need to focus on identifying causal factors.

⎯ the benefits of involving those with knowledge of the incident

⎯ defining the requirements for the conduct and recording of the various phases of the investigation process such as

• gathering facts and collecting evidence, in a timely manner

• analyzing the results

• communicating the need for any identified corrective action and /or preventive action

• provision of feedback into the processes for hazard identification, risk assessment, emergency response, OH&S performance measurement and monitoring and management review.

Those assigned to conduct incident investigations should be competent (see 4.4.2)

The outputs from the incident investigation processes should address items a) to e) in OHSAS 18001 4.5.3.1

4.5.3.2 Nonconformity, corrective action and preventive action

OHSAS 18001 text

The organization shall establish, implement and maintain a procedure(s) for dealing with actual and potential nonconformity(ies) and for taking corrective action and preventive action. The procedure(s) shall define requirements for:

a) identifying and correcting nonconformity(ies) and taking action(s) to mitigate their OH&S consequences;

b) investigating nonconformity(ies), determining their cause(s) and taking actions in order to avoid their recurrence;

c) evaluating the need for action(s) to prevent nonconformity(ies) and implementing appropriate actions designed to avoid their occurrence;

d) recording and communicating the results of corrective action(s) and preventive action(s) taken; and

e) reviewing the effectiveness of corrective action(s) and preventive action(s) taken.

Where the corrective action and preventive action identifies new or changed hazards or the need for new or changed controls, the procedure shall require that the proposed actions shall be taken through a risk assessment prior to implementation. Any corrective action or preventive action taken to eliminate the causes of actual and potential nonconformity(ies) shall be appropriate to the magnitude of problems and commensurate with the OH&S risk(s) encountered. The organization shall ensure that any necessary changes arising from corrective action and preventive action are made to the OH&S management system documentation.

For an OH&S management system to be effective on an ongoing basis, an organization should have a procedure(s) for identifying actual and potential nonconformity(-ies), making corrections and taking corrective and preventive action, preferably preventing problems before they occur. Nonconformity is a non fulfilment of a requirement. A requirement may be stated in relation to the OHSAS 18001 management system or in terms of OH&S performance. Examples of issues that can give rise to nonconformities include:

a) for OH&S management system performance

⎯ failure of top management to demonstrate committment

⎯ failure to establish OH&S objectives

⎯ failure to define responsibilities required by an OH&S management system, such as responsibilities for achieving objectives

⎯ failure to periodically evaluate compliance with legal requirements



⎯ failure to meet training needs

⎯ documentation being out of date or being inappropriate

⎯ failure to carry out communications.

b) for OH&S performance

⎯ failure to implement the planned programme to achieve improvement objectives

⎯ consistent failure to achieve to performance improvement objectives

⎯ failure to meet legal or other requirements

⎯ failure to record incidents

⎯ failure to implement corrective action in a timely manner

⎯ consistent high rates of illness or injury that are not being addressed

⎯ deviations from OH&S procedures

⎯ introduction of new materials or processes without appropriate risk assessments being conducted

Inputs into corrective action and preventive action can be identified from the results of:

⎯ incident investigations

⎯ internal or external audits

⎯ the periodic evaluations of compliance

⎯ performance monitoring

⎯ exposure assessments

Identification of nonconformities should be made part of individual responsibilities (see 4.4.1), with individuals closest to the work being encouraged to report potential or actual problems.

Corrective actions are actions taken to eliminate the underlying (root) cause(s) of identified nonconformity or incidents in order to prevent recurrence.

Once nonconformity is identified, it should be investigated to determine the cause(s), so that corrective action can be focused on the appropriate part of the system. An organization should consider what actions need to be taken to address the problem, and/or what changes need to be made to correct the situation. The response and timing of such actions should be appropriate to the nature and scale of the nonconformity and the OH&S risk

Preventive actions are actions taken to eliminate the underlying (root) cause(s) of the potential nonconformity or potential undesirable situations, in order to prevent occurrence.

When a potential problem is identified but no actual nonconformity exists, preventive action should be taken using a similar approach as for corrective action. Potential problems can be identified using methods such as extrapolating corrective action of actual nonconformities to other applicable areas where similar activities occur, or hazard analysis.

The organization should ensure that: ⎯ where new or changed hazards or the need for new or changed controls has been identified, the proposed

corrective or preventive actions will be taken through a risk assessment, prior to implementation.

⎯ corrective actions and preventive actions are implemented

⎯ the results of corrective action and preventive action are recorded and communicated



⎯ there is follow-up to review their effectiveness.

4.5.4 Control of records

OHSAS 18001 text The organization shall establish and maintain records as necessary to demonstrate conformity to the requirements of its OH&S management system and of this OHSAS Standard, and the results achieved. The organization shall establish, implement and maintain a procedure(s) for the identification, storage, protection, retrieval, retention and disposal of records. Records shall be and remain legible, identifiable and traceable.

Records should be maintained to demonstrate that the OH&S management system operates effectively.

Records that can demonstrate conformance to the requirements include:

⎯ records of the evaluation of compliance with legal and other requirements

⎯ hazard identification, risk assessment and risk control records.

⎯ records of the monitoring of OH&S performance

⎯ calibration and maintenance records for equipment used to monitor OH&S performance

⎯ records of corrective action and preventive action

⎯ OH&S inspection reports;

⎯ training records;

⎯ OH&S management system audit reports;

⎯ participation and consultation reports;

⎯ incident reports;

⎯ incident follow-up reports;

⎯ OH&S meeting minutes ;

⎯ health surveillance reports;

⎯ PPE maintenance records;

⎯ reports of emergency response drills;

⎯ management review records.

In determining the appropriate controls for records the organization should take into account any applicable legal requirements, confidentiality issues (particularly those relating to personnel), storage/access/disposal/back-up requirements, and the use of electronic records.

4.5.5 Internal audit

OHSAS 18001 text The organization shall ensure that internal audits of the OH&S management system are conducted at



planned intervals to: a) determine whether the OH&S management system:

1) conforms to planned arrangements for OH&S management including the requirements of this OHSAS Standard; and

2) has been properly implemented and is maintained; and

3) is effective in meeting the organization’s policy and objectives;

b) provide information on the results of audits to management.

Audit programme(s) shall be planned, established, implemented and maintained by the organization, based on the results of risk assessments of the organization’s activities, and the results of previous audits. Audit procedure(s) shall be established, implemented and maintained that address:

a) the responsibilities, competencies, and requirements for planning and conducting audits, reporting results and retaining associated records; and

b) the determination of audit criteria, scope, frequency and methods.

Selection of auditors and conduct of audits shall ensure objectivity and the impartiality of the audit process.

4.5.5.1 General

Audits can be used by an organization to review and evaluate the performance and effectiveness of its OH&S management system.

An internal OH&S management system audit programme should be established to review the conformity of the organization's OH&S management system to OHSAS 18001.

Planned OH&S management system audits should be carried out by personnel from within the organization and/or by external personnel selected by the organization, to establish whether the OH&S management system has been properly implemented and maintained. Individuals selected to conduct the OH&S management system audits should be competent and be selected in a manner to ensure objectivity and impartially in the audit process.

NOTE: The general principles and methodology described in ISO 19011 are appropriate to OH&S management system auditing.

4.5.5.2 Establishing an audit programme

The implementation of an internal audit programme should address the following:

⎯ Communication of the audit programme to relevant parties

⎯ Establishing and maintaining a process for the selection of auditors and audit teams

⎯ Providing the resources necessary for the audit programme

⎯ Planning, coordinating and scheduling audits

⎯ Ensuring that audit procedures are established implemented and maintained

⎯ Ensuring the control of records of audit activities

⎯ Ensuring the reporting of audit results and audit follow-up

Note: The above has been adapted from ISO 19011, clause 5.4

The audit programme should be based on the results of risk assessments of the organization's activities and the results of previous audits. The results of the risk assessments (see 4.3.1) should guide the organization in



determining the frequency of audits of particular activities, areas or functions and what parts of the management system should be given attention.

The OH&S management system audits should cover all areas and activities within the scope of the OH&S management system (see 4.1), and assess conformity to OHSAS 18001.

The frequency and coverage of OH&S management system audits should be related to the risks associated with the failure of the various elements of the OH&S management system, available data on the performance of the OH&S management system, the output from management reviews, and the extent to which the OH&S management system or the organizational activities are subject to change.

4.5.5.3 Internal audit activities

OH&S management system audits should be conducted according to the audit programme. Additional audits may need to be performed:

⎯ as changes occur in the hazards, or risk assessments,

⎯ if the results of previous audits,

⎯ the occurrence of incidents,

⎯ or other circumstances indicate that they are necessary (e.g. due to re-organization),.

An internal audit typically consists of the following activities:

⎯ initiating the audit

⎯ conducting document review and preparing for the audit

⎯ conducting the audit

⎯ preparing and communicating the audit report

⎯ completing the audit and conducting audit follow-up

Note The above has been adapted from ISO 19011, clause 6.1

4.5.5.4 Initiating an audit

The following activities are typically done to initiate an audit:

⎯ defining the audit objectives, scope and criteria for the audit

⎯ selection of appropriate auditors and audit team for the audit taking into account the need for objectivity and impartiality

⎯ determining the audit methodology

⎯ confirming audit arrangements with the auditee and other individuals who will take part in the audit

Determination of any applicable workplace OH&S rules is an important part of this process. In some cases, auditors may need additional training and/or may be required to conform to additional requirements (e.g. the wearing of specialized personal protective equipment).

4.5.5.5 Conducting document reviews and preparing for an audit

Prior to conducting an audit, the auditors should review appropriate OH&S management system documents and records, and the results of prior audits. This information should be used by the organization in making its plans for an audit.

The documentation that may be reviewed includes:



⎯ information on roles responsibilities and authorities (e.g. an organization chart);

⎯ OH&S policy statement;

⎯ OH&S objectives and programme(s);

⎯ OH&S management system audit procedures;

⎯ OH&S procedures and work instructions;

⎯ hazard identification, risk assessment and risk control results;

⎯ applicable legal and other requirements;

⎯ incident, nonconformity and corrective action reports

The amount of documentation to be reviewed and the detail provided in the plans for the audit should reflect the scope and complexity of the audit. The plans for the audit should cover the following:

⎯ audit objectives

⎯ audit criteria

⎯ audit methodology

⎯ audit scope and /or location

⎯ audit schedule

⎯ roles and responsibilities of the various audit parties

The audit planning information may be contained in more than one document. The focus should be on providing adequate information to implement the audit.

If other parties need to be included in the audit process (e.g. employee representatives), this should be included in the plans for the audit.

4.5.5.6 Conducting an audit

The following activities are typically part of the audit:

⎯ communication during the audit

⎯ collecting and verifying information

⎯ generating audit findings and conclusions

Depending on the scope and complexity of the audit, it may be necessary to make formal arrangements for communication during the audit. The audit team should communicate to the auditee in a timely manner:

⎯ the plans for the audit,

⎯ the status of the audit activities,

⎯ any concerns raised during the audit and

⎯ the audit conclusions. .

Communication of the plans for the audit may be achieved through the use of an opening meeting. Audit findings and conclusions should be reported during a closing meeting.

During the audit, information relevant to the audit objectives, scope and criteria should be collected by appropriate methods. The methods will depend on the nature of the OH&S management system audit being undertaken.



The audit should ensure that a representative sample of the important activities is audited and that relevant personnel are interviewed. This may include interviews of personnel such as individual workers, employee representatives and relevant external personnel, e.g. contractors.

Relevant documentation, records and results should be examined.

Wherever possible, checks should be built into the OH&S management system audit procedures to help to avoid misinterpretation or misapplication of collected data, information, or other records.

Audit evidence should be evaluated against the audit criteria to generate the audit findings and conclusions. Audit evidence should be verifiable. Audit evidence should be recorded.

4.5.5.7 Preparing and communicating the audit report

The results of the OH&S management system audits should be recorded and reported to management, in a timely manner.

The content of the final OH&S management system audit report should be clear, precise and complete. It should be dated and signed by the auditor.

It should contain the following elements:

⎯ the audit objectives and scope;

⎯ information about the plans of the audit (identification of the members of the auditing team and the audited representatives, dates of audit and identification of the areas subject to audit);

⎯ the identification of reference documents used to conduct the audit (e.g. OHSAS 18001, OH&S procedures);

⎯ details of identified nonconformities;

⎯ information relating to the ability of the OH&S management system to achieve the stated OH&S policy and objectives.

The results of OH&S management system audits should be communicated to all relevant parties as soon as possible, to allow corrective actions to be taken.

Confidentiality should be considered when communicating the information contained within the OH&S management system audit reports.

4.5.5.8 Completing the audit and conducting audit follow-up

A review of the results should be carried out and effective corrective action taken, where necessary.

Follow-up monitoring of audit findings should be established to ensure that identified nonconformities are addressed.

Top management should consider OH&S management system audit findings and recommendations, and take appropriate action as necessary within an appropriate time.

4.5.5.9 Selection of auditors

One or more persons may undertake OH&S management system audits. A team approach can widen involvement and improve cooperation. A team approach can also allow a wider range of specialist skills to be utilized.

In order to maintain independence, objectivity and impartiality, auditors should not audit their own work.

Auditors need to understand their task and be competent to carry it out. They need to have the experience and knowledge of the relevant standards and systems they are auditing to enable them to evaluate performance and identify deficiencies. Auditors should be familiar with the OH&S hazards and risks of the areas they are auditing and any applicable legal or other requirements.



4.6 Management review OHSAS 18001 text Top management shall review the organization's OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. Reviews shall include assessing opportunities for improvement and the need for changes to the OH&S management system, including the OH&S policy and OH&S objectives. Records of the management reviews shall be retained. Input to management reviews shall include:

a) results of internal audits and evaluations of compliance with applicable legal requirements and with other requirements to which the organization subscribes;

b) the results of participation and consultation (see 4.4.3);

c) relevant communication(s) from external interested parties, including complaints;

d) the OH&S performance of the organization;

e) the extent to which objectives have been met;

f) status of incident investigations, corrective actions and preventive actions;

g) follow-up actions from previous management reviews;

h) changing circumstances, including developments in legal and other requirements related to OH&S; and

i) recommendations for improvement.

The outputs from management reviews shall be consistent with the organization's commitment to continual improvement and shall include any decisions and actions related to possible changes to:

a) OH&S performance;

b) OH&S policy and objectives ;

c) resources; and

d) other elements of the OH&S management system.

Relevant outputs from management review shall be made available for communication and consultation (see 4.4.3).

Management reviews should focus on the overall performance of the OH&S management system and not on specific details, since these should be handled by the normal means within the OH&S management system.

Management reviews should be carried out by top management, on a regular basis (e.g. quarterly, semi-annually, or annually) and can be carried out by meetings or other communication means. Partial management reviews of the performance of the OH&S management system can be held at more frequent intervals, if appropriate. Different reviews may address different elements of the overall management review.

The management appointee (see 4.4.1) has the responsibility for ensuring that reports on the overall performance of the OH&S management system are presented to top management, for review,.

In planning for a management review, consideration should be given to the following:

⎯ the topics to be addressed;

⎯ who needs to participate to ensure the effectiveness of the review (top management, managers, OH&S specialist advisors, other personnel);

⎯ responsibilities of individual participants in respect of the review;

⎯ information to be brought to the review

⎯ how the review will be recorded.



In relation to the OH&S performance of the organization, and to show evidence of progress on the policy commitments to prevent injury and ill health the following inputs could be considered:

⎯ reports of emergencies (actual or exercises);

⎯ worker satisfaction surveys

⎯ incident statistics

⎯ results of regulatory inspections

⎯ results and/or recommendations from monitoring and measurement

⎯ OH&S performance of contractors

⎯ OH&S performance of supplied products and services

In addition to the specific inputs for management review required by OHSAS 18001, the following inputs can also be considered:

⎯ reports from individual managers on the effectiveness of the system locally;

⎯ reports of on-going hazard identification, risk assessment and risk control processes

⎯ progress in the achievement of OH&S training plans.

In addition to the outputs required by OHSAS 18001, details of the following issues can also be considered:

⎯ the suitability, adequacy and effectiveness of current hazard identification, risk assessment and risk control processes;

⎯ current levels of risk and the effectiveness of existing control measures;

⎯ adequacy of resources (financial, personnel, material);

⎯ the state of preparedness for emergency;

⎯ an assessment of the effects of foreseeable changes to legislation or technology.

Depending on the decisions and actions agreed at a review, the nature and types of communication of the results of the review, and to whom they will be communicated, should also be considered.



Annex A (informative)

Correspondence between OHSAS 18001:2007, ISO 14001:2004 and ISO 9001:2000

Table A.1 – Correspondence between OHSAS 18001:2007, ISO 14001:2004 and ISO 9001:2000 OHSAS 18001:2007 ISO 14001:2004 ISO 9001:2000

— Introduction — Introduction 0 0.1 0.2 0.3 0.4

Introduction General Process approach Relationship with ISO 9004 Compatibility with other management systems

1 Scope 1 Scope 1 1.1 1.2

Scope General Application

2 Normative references 2 Normative references 2 Normative reference

3 Terms and definitions 3 Terms and definitions 3 Terms and definitions

4 OH&S management system elements (title only)

4 Environmental management system requirements (title only)

4 Quality management system (title only)

4.1 General requirements 4.1 General requirements 4.1 5.5 5.5.1

General requirements Responsibility, authority and communication Responsibility and authority

4.2 OH&S policy 4.2 Environmental policy 5.1 5.3 8.5.1

Management commitment Quality policy Continual improvement

4.3 Planning (title only) 4.3 Planning (title only) 5.4 Planning (title only)

4.3.1 Hazard identification, risk assessment and determining controls

4.3.1 Environmental aspects 5.2 7.2.1 7.2.2

Customer focus Determination of requirements related to the product Review of requirements related to the product

4.3.2 Legal and other requirements

4.3.2 Legal and other requirements

5.2 7.2.1

Customer focus Determination of requirements related to the product

4.3.3 Objectives and programme(s)

4.3.3 Objectives, targets and programme(s)

5.4.1 5.4.2 8.5.1

Quality objectives Quality management system planning Continual improvement



Table A.1 – Correspondence between OHSAS 18001:2007, ISO 14001:2004 and ISO 9001:2000 (continued)

OHSAS 18001:2007 ISO 14001:2004 ISO 9001:2000

4.4 Implementation and operation (title only)

4.4 Implementation and operation (title only)

7 Product realization (title only)

4.4.1 Resources, roles, responsibility, accountability and authority

4.4.1 Resources, roles, responsibility and authority

5.1 5.5.15.5.26.1 6.3

Management commitment Responsibility and authority Management representative Provision of resources Infrastructure

4.4.2 Competence, training and awareness


6.2.16.2.2

(Human resources) General Competence, awareness and training


4.4.3 Communication 5.5.37.2.3

Internal communication Customer communication

4.4.4 Documentation 4.4.4 Documentation 4.2.1 (Documentation requirements) General

4.4.5 Control of documents 4.4.5 Control of documents 4.2.3 Control of documents

4.4.6 Operational control 4.4.6 Operational control 7.1 7.2 7.2.1 7.2.2 7.3.1 7.3.2 7.3.3 7.3.4 7.3.5 7.3.6 7.3.7 7.4.17.4.27.4.3 7.5 7.5.1 7.5.2

7.5.5

Planning of product realization Customer-related processes Determination of requirements related to the product Review of requirements related to the product Design and development planning Design and development inputsDesign and development outputs Design and development reviewDesign and development verification Design and development validation Control of design and development changes Purchasing process Purchasing information Verification of purchased product Production and service provisionControl of production and service provision Validation of processes for production and service provision Preservation of product



Table A.1 – Correspondence between OHSAS 18001:2007, ISO 14001:2004 and ISO 9001:2000 (continued)

OHSAS 18001:2007 ISO 14001:2004 ISO 9001:2000



8.3 Control of nonconforming product

4.5 Checking (title only) 4.5 Checking (title only) 8 Measurement, analysis and improvement (title only)

4.5.1

Performance measurement and monitoring

4.5.1

Monitoring and measurement

7.6 8.1 8.2.3 8.2.4 8.4

Control of monitoring and measuring devices (Measurement, analysis and improvement) General Monitoring and measurement of processes Monitoring and measurement of productAnalysis of data

4.5.2 Evaluation of compliance 4.5.2 Evaluation of compliance 8.2.3 8.2.4

Monitoring and measurement of processes Monitoring and measurement of product

4.5.3 Incident investigation, nonconformity, corrective action and preventive action (title only)

-- -- -- --

4.5.3.1 Incident investigation -- -- -- --

4.5.3.2 Nonconformity, corrective and preventive action

4.5.3 Nonconformity, corrective action and preventive action

8.3 8.4 8.5.2 8.5.3

Control of nonconforming product Analysis of data Corrective action Preventive action

4.5.4 Control of records 4.5.4 Control of records 4.2.4 Control of records

4.5.5 Internal audit 4.5.5 Internal audit 8.2.2 Internal audit

4.6 Management review

4.6 Management review

5.1 5.6 5.6.1 5.6.2 5.6.3 8.5.1

Management commitment Management review (title only) General Review input Review output Continual improvement



Annex B (informative)

Correspondence between OHSAS 18001, OHSAS 18002, and the ILO-OSH:2001 Guidelines on occupational safety and health

management systems

B.1 Introduction This Annex identifies the key differences between the International Labour Organization’s ILO-OSH Guidelines and the OHSAS documents, and provides a comparative assessment of their differing requirements. It should be noted that no areas of significant difference have been identified. Consequently, those organizations that have implemented an OH&S management system that is compliant with OHSAS 18001 may be reassured that their OH&S management system will also be compatible with the recommendations of the ILO-OSH Guidelines. A correspondence table between the individual clauses of the OHSAS documents and those of the ILO-OSH Guidelines is given in B.4. B.2 Overview The two prime objectives of the ILO-OSH Guidelines are:

a) to assist countries in the establishment of a national framework for occupational health and safety management systems; and

b) to provide guidance to individual organizations regarding the integration of OH&S elements into their overall policy and management arrangements.

OHSAS 18001 specifies requirements for OH&S management systems, to enable organizations to control risks and to improve their OH&S performance. OHSAS 18002 gives guidance on the implementation of OHSAS 18001. The OHSAS documents are therefore comparable with Section 3 of the ILO-OSH Guidelines “The occupational safety and health management system in the organization”. B.3 Detailed analysis of Section 3 of the ILO-OSH Guidelines against the OHSAS documents B.3.1 Scope The focus of the ILO-OSH Guidelines is on workers. The focus of the OHSAS Standards, towards persons under the control of the organization and other interested parties, is broader. B.3.2 OH&S management system models The models picturing the main elements of an OH&S management system are directly equivalent between the ILO-OSH Guidelines and the OHSAS documents. B.3.3 ILO-OSH Section 3.2, Worker participation In the ILO-OSH Guidelines, subsection 3.2.4 recommends that: "The employer should ensure as appropriate, the establishment and efficient functioning of a health and safety committee and the recognition of workers health and safety representatives in accordance with national laws and practice". OHSAS 18001, 4.4.3, requires the organization to establish a procedure for communication, participation and consultation, and to involve a wider spectrum of interested parties (due to the broader scope of application of the document). B.3.4 ILO-OSH Section 3.3, Responsibility and accountability The ILO-OSH Guidelines recommend in 3.3.2(h) the establishment of prevention and health promotion programmes. There is no requirement in the OHSAS Standards for this.



B.3.5 ILO-OSH Section 3.4, Competence and training The recommendation of the ILO-OSH Guidelines sub-section 3.4.4: "Training should be provided to all participants at no cost and should take place during working hours if possible", is not a requirement of the OHSAS documents. B.3.6 ILO-OSH Section 3.10.4, Procurement The ILO-OSH Guidelines emphasize that safety and health requirements of the organization should be incorporated into purchasing and leasing specifications. The OHSAS Standards address procurement by their requirements for risk assessment, identification of legal requirements and the establishment of operational controls. B.3.7 ILO-OSH Section 3.10.5, Contracting The ILO-OSH Guidelines define the steps to be taken to ensure that the organization's safety and health requirements are applied to contractors (they also provide a summary of the actions needed to ensure that they are). This is implicit in OHSAS. B.3.8 ILO-OSH Section 3.12, Investigation of work related injuries, ill health, diseases and incidents, and their impact on safety and health performance The ILO-OSH Guidelines do not require corrective actions or preventive actions to be reviewed through the risk assessment process prior to implementation, as they are in OHSAS 18001, 4.5.3.2. B.3.9 ILO-OSH Section 3.13, Audit The ILO-OSH Guidelines recommend consultation on the selection of auditors. In contrast, the OHSAS documents require audit personnel to be impartial and objective. B.3.10 ILO-OSH Section 3.16, Continual improvement This is a separate subclause in the ILO-OSH Guidelines. It details arrangements that should be taken into account for the achievement of continual improvement. Similar arrangements are detailed throughout the OHSAS documents, which consequently do not have a corresponding clause.



B.4 Correspondence between the clauses of the OHSAS documents and the clauses of the ILO-OSH Guidelines Table B.1 — Correspondence between the clauses of the OHSAS documents and the clauses of the ILO-OSH Guidelines

Clause OHSAS Clause ILO-OSH Guidelines

Introduction —

3.0

Introduction

The occupational safety and health management system in the organization

Foreword — The International Labour Organization

1 Scope 1.0 Objectives

2 Reference publications — Bibliography

3 Terms and definitions — Glossary

4 OH&S management system elements (title only)

— —

4.1 General requirements 3.0 The occupational safety and health management system in the organization

4.2 OH&S policy 3.1

3.16

Occupational safety and health policy

Continual improvement

4.3 Planning (title only) — Planning and implementation (title only)

4.3.1 Hazard identification, risk assessment and determining controls

3.7

3.8

3.10

3.10.1

3.10.2

3.10.5

Initial review

System planning, development and implementation

Hazard prevention

Prevention and control measures

Management of change

Contracting

4.3.2 Legal and other requirements 3.7.2

3.10.1.2

(Initial review)

(Prevention and control measures)

4.3.3 Objectives and programme(s) 3.8

3.9

3.16


Occupational safety and health objectives


4.4 Implementation and operation (title only) — —



Table B.1 — Correspondence between the clauses of the OHSAS documents and the clauses of the ILO-OSH Guidelines (continued)

Clause OHSAS Clause ILO-OSH Guidelines 4.4.1 Resources, roles, responsibility,

accountability and authority 3.3

3.8

3.16

Responsibility and accountability




3.4 Competence and training


3.2

3.6

Worker participation

Communication

4.4.4 Documentation 3.5 Occupational safety and health management system documentation

4.4.5 Control of documents 3.5 Occupational safety and health management system documentation

4.4.6 Operational control 3.10.2

3.10.4

3.10.5

Management of change

Procurement

Contracting


3.10.3 Emergency prevention, preparedness and response

4.5 Checking (title only) — Evaluation (title only)

4.5.1 Performance measurement and monitoring

3.11 Performance monitoring and measurement

4.5.2 Evaluation of compliance — —

4.5.3 Incident investigation, nonconformity, corrective action and preventive action (title only)

— —

4.5.3.1 Incident investigation 3.12

3.16

Investigation of work related injuries, ill health, diseases and incidents and their impact on safety and health performance


4.5.3.2 Nonconformity, corrective and preventive action

3.15 Preventive and corrective action

4.5.4 Control of records 3.5 Occupational safety and health management system documentation

4.5.5 Internal audit 3.13 Audit

4.6 Management review 3.14

3.16

Management review




Annex C (Informative)

Examples of items for inclusion in a hazard identification checklist

C.1 Physical hazards

⎯ slippery or uneven ground;

⎯ working at height;

⎯ objects falling from height;

⎯ inadequate space to work;

⎯ poor ergonomics (e.g. workplace design that does not take account of human factors);

⎯ manual handling:

⎯ repetitive work;

⎯ trappings, entanglement, burns and other hazards arising from equipment;

⎯ transport hazards, either on the road or on premises/sites, while travelling or as a pedestrian (linked to the speed and external features of vehicles and the road environment);

⎯ fire and explosion (linked to the amount and nature of flammable material);

⎯ harmful energy sources such as electricity, radiation, noise or vibration (linked to the amount of energy involved);

⎯ stored energy, which can be released quickly and cause physical harm to the body (linked to the amount of energy);

⎯ frequently repeated tasks, which can lead to upper limb disorders (linked to the duration of the tasks);

⎯ unsuitable thermal environment, which can lead to hypothermia or heat stress;

⎯ violence to staff, leading to physical harm (linked to the nature of the perpetrators);

⎯ ionising radiation (from x- or gamma-ray machines or radioactive substances);

⎯ non-ionising radiation (e.g. light, magnetic, radio-waves).

C.2 Chemical hazards

Substances hazardous to health or safety due to:

⎯ inhalation of vapours, gases, or particles

⎯ contact with, or being absorbed through, the body;

⎯ ingestion;

⎯ the storage, incompatibility, or degradation of materials .

C.3 Biological hazards



Biological agents or pathogens (such as bacteria or viruses), that might be:

⎯ inhaled;

⎯ transmitted via contact, including by bodily fluids (e.g. needle-stick injuries)

⎯ ingested (e.g. via contaminated food products).

C.4 Psychosocial hazards

Situations that may lead to negative psychosocial (including psychological) conditions such as stress (including post-traumatic stress), anxiety, fatigue, depression, from e.g.:

⎯ excessive workload

⎯ lack of communication or management control

⎯ workplace physical environment

⎯ physical violence,

⎯ bullying or intimidation.

Note ISO 14121 also provides additional examples of sources and hazards



Annex D (Informative)

Comparisons of some examples of risk assessment tools and methodologies

Tool Strengths Weaknesses

Checklists/ Questionnaires

• Easy to use • Use can prevent “missing

something” in initial evaluations

• Often limited to yes/no answers • Only as good as the checklist used

– it may not take into account unique situations

Risk Matrices

• Relatively easy to use • Provides visual representation • Doesn’t require use of numbers

• Only 2-dimensional – can’t take into account multiple factors impacting risk

• Pre-determined answer may not be appropriate to the situation

Ranking /

Voting Tables

• Relatively easy to use • Good for capturing expert

opinion • Allows for consideration of

multiple risk factors (e.g. severity, probability, detectability, data uncertainty)

• Requires use of numbers • If the quality of the data is not

good, the results will be poor • Can result in comparison of

incomparable risks

Failure modes and effects analysis (FMEA); Hazard and operability studies (HAZOP)

• Good for detailed analysis of processes

• Allows input of technical data

• Needs expertise to use • Needs numerical data to input into

analysis • Takes resources (time & money) • Better for risks associated with

equipment than those associated with human factors

Exposure Assessment Strategy

• Good for analysis of data associated with hazardous materials and environments

• Needs expertise to use • Needs numerical data to input

Computer Modelling

• If you have the data, computer modelling can give good answers

• Generally uses numerical inputs and is less subjective

• Significant time and money needed to develop and validate

• Potential for over-reliance on the results, without questioning their validity



Bibliography

[1] ISO 9000:2005, Quality management systems — Fundamentals and vocabulary

[2] ISO 9001:2000, Quality management systems — Requirements

[3] ISO 14001:2004, Environmental management systems — Requirements with guidance for use

[4] ISO 14121-1:2007 Safety of machinery — Risk assessment — Part 1: Principles

[5] ISO/TR 14121-2:2007 Safety of machinery — Risk assessment — Part 2: Practical guidance and examples of methods

[6] ISO 16069:2004 Graphical symbols — Safety signs — Safety way guidance systems (SWGS)

[7] ISO/DIS 236011) Safety identification — Escape plan signs

[8] IEC 61508-5, Functional safety of electrical/electronic/programmable electronic safety-related systems. Examples of methods for the determination of safety integrity levels

1) To be published

Revision of OHSAS 18002 – Comments Template for Working Draft 2 April 2008

1

Introduction OHSAS 18001 "Occupational health and safety management systems – Requirements" was first published in 1999. During 2005 it was subjected to a "systematic review" to determine if it should be updated. A large majority of respondents indicated that it should be revised to be aligned to ISO 14001:2004. A revision programme was conducted during 2006/2007, resulting in a new edition of OHSAS 18001 being published in July 2007. OHSAS 18002 "Occupational health and safety management systems – Guidelines for the implementation of OHSAS 18001" is explicitly linked to specific editions of OHSAS 18001, so now needs to be revised to be aligned to OHSAS 18001:2007. A first "Working Draft" of OHSAS 18002 was developed by the OHSAS Project Group and circulated in November 2007 for public review. We were pleased to receive approximately 400 comments on the Working Draft, which were analysed and taken forward into improving the draft. Owing to the extent of the changes, the OHSAS Project Group decided that there was a need to release a second Working Draft for public review, and not go forward to final publication at this time. We would request that commentators submit their comments in the template (below) that is being circulated with the second Working Draft, as this will greatly assist in the process of collating and sorting them. Please note that OHSAS 18002 includes the text of OHSAS 18001 in outlined boxes in appropriate places throughout the standard; we are not looking for comment on that text, unless there have been transcription errors in coping it from OHSAS 18001. We would be grateful for the return of comments prior to:

1 August 2008 The OHSAS Project Group will meet after that date to review submitted comments and to take the draft to the next stage of development; this may be a further draft for review, or a final draft for publication, depending on the nature of the comments that are received, and the issues they raise. Our expectation is that we will move to publication after this review has been completed, around November 2008. Please return any comments to the OHSAS Project Group Secretariat, via e-mail to: [email protected] We thank you in anticipation for your participation.


2

Commentator's details: Name: Organisation: E-mail : Comments

Name

Clause No./ Subclause No./

Annex (e.g. 3.1)

Paragraph/ Figure/Table/

Note (e.g. Table 1)

Comment (justification for change) Proposed change

General

General

General

Title

Contents

Foreword

Introduction

Introduction Fig 2

1 Scope

2 Reference publications

3 Terms and definitions

4

4.1


3

Name


Annex (e.g. 3.1)


Note (e.g. Table 1)


4.1.1

4.1.2

4.1.3

4.2

4.3

4.3.1

4.3.1.1

4.3.1.1 Fig 3

4.3.1.2

4.3.1.3

4.3.1.4

4.3.1.4.1

4.3.1.4.2

4.3.1.4.3

4.3.1.4.4

4.3.1.5

4.3.1.6

4.3.1.6 a)

4.3.1.6 b)

4.3.1.6 c)

4.3.1.6 d)

4.3.1.6 e)

4.3.1.7

4.3.1.8


4

Name


Annex (e.g. 3.1)


Note (e.g. Table 1)


4.3.2

4.3.3

4.3.3.1

4.3.3.2

4.4

4.4.1

4.4.2

4.4.2.1

4.4.2.2

4.4.2.3

4.4.2.4

4.4.3

4.4.3.1

4.4.3.2

4.4.3.2.1

4.4.3.2.2

4.4.3.2.3

4.4.3.2.4

4.4.3.3

4.4.3.4

4.4.4

4.4.5

4.4.6

4.4.6.1


5

Name


Annex (e.g. 3.1)


Note (e.g. Table 1)


4.4.6.2

4.4.6.2 a)

4.4.6.2 b)

4.4.6.2 c)

4.4.6.2 d)

4.4.6.2 e)

4.4.6.2 f)

4.4.6.2 g)

4.4.6.3

4.4.6.3 a)

4.4.6.3 b)

4.4.6.3 c)

4.4.6.3 d)

4.4.6.3 e)

4.4.6.4

4.4.7

4.4.7.1

4.4.7.2

4.4.7.3

4.4.7.4

4.4.7.5

4.4.7.6

4.4.7.7

4.5


6

Name


Annex (e.g. 3.1)


Note (e.g. Table 1)


4.5.1

4.5.1.1

4.5.1.1 a)

4.5.1.1 b)

4.5.1.2

4.5.2

4.5.3

4.5.3.1

4.5.3.2

4.5.3.2 a)

4.5.3.2 b)

4.5.4

4.5.5

4.5.5.1

4.5.5.2

4.5.5.3

4.5.5.4

4.5.5.5

4.5.5.6

4.5.5.7

4.5.5.8

4.5.5.9

4.6

Annex A


7

Name


Annex (e.g. 3.1)


Note (e.g. Table 1)


Annex B

Annex C C.1

Annex C C.2

Annex C C.3

Annex C C.4

Annex D

Bibliography

Collation of comments received on WD OHSAS 18002 (Rev 1) February 2008

1

Com

men

t No.

Com

men

tato

r N

o.


Annex (e.g. 3.1)

Paragraph/ Figure/Table/No

te (e.g. Table 1)

Comment (justification for change) Proposed change Action to be taken

General Comments

1 2 General First of all I want to compliment you on this new revision of OHSAS 18002. I look forward to the implementation and application of this new requirements and details in OH&S. Thank you very much for giving us the opportunity to give input to the new BS OHSAS 18002:2008 standard. But in my opinion this draft is very good and needs no further basic improvement. I miss the former sub-structure of OHSAS 18002 (requirement / intent / typical input / typical output) a little bit but I am sure that I will cope with the new structure.

Noted

2 3 General Regarding the first WD of OHSAS 18002, I am please to tell you that I didn't receive any comments at the national level, so we agree with the proposed draft.

Noted

3 6 General On behalf of ESYD we would like to inform you that we have no comment on the above mentioned document.

Noted

4 12 General Is there an agreed principle about to which degree the contents of OHSAS 18001 (included in separate blocks) shall be repeated in the guidance parts of the document? Repetition as such is disturbing for the reader and should be avoided as far as possible.

If such a principle has not been laid down yet it should be laid down and then observed in a consistent manner.

Noted

5 12 General The guidance text contains statements that are very close to requirements although they are walking around the word "shall". There are expressions like: "have to be", "It is important to …", needs to have …", "the general principle … is that if … then …", "need to be", "is necessary". See

The normal way of writing in Guideline standards is to express what "the organization should do". Expressions equivalent with "shall" should not be used. Change to expressions of the "should" type where applicable.

Disagree. We need to use such expressions when repeating the OHSAS


2

detail comments below. 18001 requirement

6 12 General The risks, hazards, etc. stated to be applicable to "workers" could often be applicable also to other categories of personnel.

Consider if the term "worker" could not generally be replaced by other term, for example "personnel".

Reviewed all instances, but did not change

7 15 General The Swedish mirror group suggest that OHSAS 18002

should not try to be a guideline and handbook in the same document.

OHSAS 18001 gives the requirements and OHSAS 18002 should explain how to implement the requirements as clear, simple and be as explanatory as possible.

A third project could be to establish an international project group and write a handbook for OH&S published by BSI. This would simplify OHSAS 18002 and also shorten the document. Examples could be avoided and rather be used in a handbook.

What is difference between Guide and Handbook. Noted, but cannot change document

8 15 General When including the OHSAS 18001 text in the OHSAS

18002 the user of the standard will risk paying for the same content twice. We also risk mixing up the requirements and the guidance.

We propose to take out all of the OHSAS 18001 text from the OHSAS 18002 document.

Disagreed

9 15 General In ISO standards the spelling "organization" is prescribed

and tat spelling is used in OHSAS 18001:2007. Change all "organisation" to "organizations" throughout the document.

Agreed

10 17 General As currently drafted OHSAS 18002 is not only complementary tot OHSAS 18001, but replaces it as well, because the complete text of OHSAS 18001 is copied into the document. OHSAS 18001 therefore contains both the requirements of an OH&S management system and guidance on their implementation. This is, however, not reflected in the title.

On one hand it can be regarded as service to the user to have requirements and guidance together. On the other hand, our experience with the first edition of OHSAS 18002 shows that it gives rise to confusion as well. For example: a) persons that have already obtained OHSAS 18001:2007 and later on also buy OHSAS 18002, may complain that they are buying the requirements once more;

b) persons that start considering implementation of an

The best solution would be to issue only one document:OHSAS 18001 ‘OH&S management systems – Requirements with guidance for use/implementation’ (similar to but far more comprehensive than ISO 14001). This option is not feasible given the fact that the requirements have already been published last year. Therefore we propose to delete the text of OHSAS 18001 from OHSAS 18002. This is in line with the title of the document and makes it only complementary to OHSAS 18001 and not a partly overlapping document.

Disagreed


3

OH&S management system will order both the specification (OHSAS 18001) and the guidance on implementation (OHSAS 18002) and then discover that they had better only bought OHSAS 18002.

11 18 General The modification of the document from the previous format does not to appear be as supportive towards system implementation. Originally 18002:200 was presented in a process approach (primarily Input-Activity-Output).

Keep the process approach of the original document intact

Disagreed, but contained in the intention of the guidance

12 23 General There are numerous references to the organization's "OH&S hazards (or risks) and its (or the) OH&S management system"

Remove the second "OH&S" from each of these. Disagreed

13 25 General I have been considering the ideas in 18002 when conducting audits and training courses. It is an excellent document already. My comments are not addressed to OHSAS shortcomings, but to omissions in all three (QMS,EMS, OHSMS)standards. OHSAS already addresses missing items or misunderstandings in the ISO standards (risk assessment, MOC, etc). I hope that OHSAS 18002 can eliminate the ignorance and misunderstanding of terms (planned arrangements, suitable, adequate, effective) that are often ignored. I cannot get the ISO standards writers to admit that users of the standards do not understand these terms.

⎯ Disagreed

14 25 General all This is already an excellent document. I will use it as the basis for everyone's understanding of management systems in general, even if my comments are not entered. There is so much useful information, that having the original standard imbedded is confusing and time consuming to combine the thoughts of two standards together. Users (not registrar auditors) would benefit from one standard with text from both integrated. Think outside the box, not just duplicate previous standards. Under the present scenario, only 18002 has be purchased. Under my scenario, both will be purchased, one for implemtenation and maintenance, the other for registrarion.

⎯ Disagreed


4

15 26 General Firstly, OPG appreciates the OHSA Project Group’s disposition of our comments during the revisions of the OHSAS 18001 standard last year. Overall our major comments were adequately addressed in the final document. The feedback on the proposed revisions to the OHSAS 18002 Guideline document is very positive in that it reflects our understanding of the standard and that it aligns with OHSAS 18001:2007. Our comments, which are attached, provide suggestions for minor improvements to the document. More specifically, there are a number of comments related to the management of contractors where we have requested additional clarification acknowledging that a contractor operates its own OH&S management system (as an employer) which we ensure is operating effectively through our oversight.

Noted

Noted

Specific Comments

16 22 Contents Introduction and foreword are not included in the table of contents

To include foreword and introduction in the table of contents

Agreed

17 8 Introduction 4 9th line, no space between “18001” and “is” Insert space between “18001” and “is” Agreed

18 12 Introduction Figure 1 The scopes of Figure 1 in the Introduction and Figure 2 in 4.3.1.2 are partly the same but the figures are not "aware" of each other. The existence of two such figures in the same standard will be confusing for the readers. Figure 1 covers a wider area than does Figure 2. It is a good idea, as such, to take advantage of the connection which Figure 1 provides with other management standards. However that figure should not be presented as it is done in the draft, where its connection with the contents of the standard is not demonstrated.

Consider to combine Figure 2 in 4.3.1.2 with Figure 1 in the Introduction. Figure 1 could be used as a base. The terms in the original figure should be kept. The terms specific to OHSAS that correspond to the terms in the blocks in Figure 1 (as expressed in Figure 2) could be added. The resulting figure should be shown in one of the places only. See some ideas about combination of the two figures presented after the comments table.

Disagreed


5

19 21 Introduction

Para 4 The use of OSHMS standards supports the OSH management concept of ‘self regulation’ very well

The overall aim of OHSAS 18001is to support and promote good OH&S practices with the spirit of self regulation in balance with socio-economic needs

Agreed in part

20 22 Introduction Figure 1 Note

The place where the note is located may be confusing. Besides, the places where PDCA are applied are not very clear. To place the note after the figure. On the other hand, we suggest to write on Figure 1 the PDCA letters in the relevant place.

P: planning D: implementation and operation C: checking and corrective action A: management review

Disagreed, consistent with ISO 14001 approach

21 10 1 Scope Paragraph 2

(Page 1

Line 5)

Use of the existing description in spite of change of the configuration of OHSAS 18002 It explains the underlying principles of OHSAS 18001 and describes the intent, typical inputs, processes and typical outputs, against each requirement of OHSAS 18001.

Delete Disagreed. Intent maintained, see list of changes in the Foreword

22 16 1 Scope Par 2 The decision was made that we would not use the format previously used for OHSAS 18002 of specifying typical inputs, processes and typical outputs of each element. Therefore, the first sentence is not accurate.

Revise paragraph as follows: It provides additional information helpful to understanding the intent of OHSAS 18001 and for developing and implementing an OHS management system that conforms to OHSAS 18001.

Disagreed. Intent maintained, see list of changes in the Foreword

23 16 2 Reference publications

Support the addition of ISO 19011 as a reference publication for this standard.

Noted

24 16 3 Terms and definitions

Note 2 covers information that should instead be included in the discussion of 4.1 – the general requirements of an OH&S management system.

Delete Note 2 and move text to section 4.1.1. Agreed

25 18 3 Terms and definitions

There should be included a definition of competence Competence- The demonstrated ability to apply knowledge and skills

Disagreed. A dictionary definition is sufficient.

26 25 4.1, 4.5.5, 4.6 4.1 Para 1 4.5.5 4.6

The standard should explain the linkages between clauses 4.1, 4.5.5 and 4.6. The terms suitable, adequate and effective help explain those linkages.

The organization shall ensure that internal audits of the OH&S management system are conducted to a) determine whether the OH&S

Disagreed for 4.1 reviewed for 4.5.5 and 4.6


6

management system: 1) conforms to planned arrangements for OH&S management including the requirements of this OHSAS Standard (4.6 adequate). Planned arrangements may include the manual, documented procedures and work instructions, forms, inspections, specified legal and other requirements, objectives and programs, and undocumented intentions and plans.

The OH&S management system audits should cover all areas and activities within the scope of the OH&S management system (see 4.1), and assess conformity to planned arrangements and OHSAS 18001.

The organization shall ensure that internal audits of the OH&S management system are conducted to a) determine whether the OH&S management system2) has been properly (4.6 suitable). implemented and is maintained

The organization shall ensure that internal audits of the OH&S management system are conducted to a) determine whether the OH&S management system) is effective in meeting the organization’s policy and objectives (4.6 effective); The audit program should define the criteria for meeting the organization's policy, especially the documented commitments,

The organization shall ensure that internal audits of the OH&S management system


7

are conducted to provide information on the results of audits to management. The standard (4.6) specifies input requirements; the audit program should determine which of these inputs the internal audit program can provide.

Audit programme(s) shall be planned, established, implemented and maintained by the organization in order to improve the management system.

The audit program is based on the results of risk assessments (4.3.1) of the organization’s activities. The results of the risk assessments (see 4.3.1) should guide the organization in determining the frequency of audits of particular activities, areas or functions and what parts of the management system should be given attention. Audit criteria should specifically identify the hazards to be evaluated, and provide guidance on the methodology to audit them. Hazards with the most severe risks should be continually evaluated. The audit program is also based on the results of previous audits. Results of previous audits include non-conformities, opportunities for improvement and evidence of conformance. For elements with no continual change, evidence of conformance can be used as audit criteria that do not have to be evaluated in every audit. For example, adequate procedures do not have to be evaluated for


8

conformance with the standard. The audit program should concentrate on conformance to the procedure, not the procedure's conformance to the standard.

Additional audits may need to be performed: 1. as changes occur in the hazards, or risk assessments, 2. if the results of previous audits, 3. the occurrence of incidents, 4. or other circumstances (e.g. due to re-organization), indicate that they are necessary. Audit procedure(s) shall be established, implemented and maintained that address:

a) the responsibilities, competencies, and requirements for planning and conducting audits, reporting results and retaining associated records; and

b) the determination of audit criteria (what), scope (where), frequency (when) and methods (how).

Selection of auditors and conduct of audits shall ensure objectivity and the impartiality of the audit process. delete Audits can be used by an organization to review and evaluate the suitability (4.5.5.a.2), adequacy (4.5.5.a.1) and effectiveness (4.5.5.a.3) of its OH&S management system.

delete An internal OH&S management system audit programme should be established to review the conformity of its OH&S management system to its planned


9

arrangements, including OHSAS 18001. Planned OH&S management system audits should be carried out by personnel from within the organization and/or by external personnel selected by the organization. Internal auditors can gain valuable, usefull information about other departments during an audit. Information learned by internal auditors who are employees stays with the organization. Information learned by non-employees leaves with them. Training employees in auditing who may not become auditors will also improve the overall auditing process.

Individuals selected to conduct the OH&S management system audits should be qualified as competent to determine suitability, adequacy and effectiveness. Auditors selected in a manner to ensure objectivity and impartially in the audit process should still have proven competency in the areas they audit. Expertise and competence proven in other management systems audits, such as quality and environmental audits, are not directly applicable to determine suitability and effectiveness of an OHSMS. NOTE: The general principles and methodology described in ISO 19011 are appropriate to OH&S management system auditing.

27 8 4.1.1 Paragraph two The guidance states that an organisation with no existing OHS management system should determine its current position ….etc by means of an initial review. There is no mention of a company with an existing management system to review the system

Delete the words ‘with no existing OH&S management system”

Agreed in part


10

against OHSAS 18001 requirements. 28 13 4.1.1 Paragraph 3 “…..resources devoted to it are dependent on the

nature ……” Change to “……resources required to be devoted to it are dependent on the …….”

Disagreed

29 16 4.1.1 Par 1 This paragraph does not provide helpful information. What is needed is an explanation of what it means to establish, document, implement, maintain … a management system.

More the information from Section 3 Note 2 to this section. Add the following sentence – For additional information on the documentation required for an OHS management system refer to section 4.4.4 (Documentation).

Agreed in part

30 16 4.1.1 Par 2 Almost every organization believes it already has an existing OHS management system – it just may not conform to OHSAS 18001 requirements.

Modify beginning of first sentence as follows: An organization with no existing OH&S management system seeking to establish an OHS management system that conforms to OHSAS 18001 should determine its current position with regard to its OH&S risks by means of an initial review (4.1.2).

Agreed

31 23 4.1.1 Para 1, sent 3 Replace "in its workplace" with "arising from work activities".

Agreed in part

32 23 4.1.1 Para 2 Delete and replace with: " It is important that all the elements in this guide are incorporated into the OH&S management system, but the manner and extent to which individual elements should be applied will depend on factors such as the size of the organization, the nature of its activities, the hazards and the conditions in which it operates."

Disagreed

33 5 4.1.2 An important input in an initial review is the occupational and medical assessments.

The aim of an initial review should be to consider all OH&S risks faced by the organization, as a basis for establishing the OH&S management system. An organization may wish to consider including, but not limiting itself to, the following items within its initial review: ⎯ legislative and regulatory requirements;

⎯ identification of the OH&S hazards and evaluation of risks faced by the organization;

⎯ occupational and medical assessments;

⎯ an examination of existing OH&S management

Accepted in part


11

practices, processes and procedures;

⎯ an evaluation of feedback from the investigation of previous incidents, work related ill health, accidents and emergencies.

⎯ relevant business management systems and available resources

34 8 4.1.2 Section states that the aim of the initial review is to consider all OHS risks faced by the organisation as a basis for establishing the OHS management system. The guidance is appropriate but does not include a statement about reviewing existing OHS management against OHSAS 18001. This would be a necessary step in meeting the requirements of clause 4.1. There is no statement about the possible benefits to the organisation of conducting the initial review. Including the proposed additional wording provides an organisation with reasons for conducting the review.

Insert the following. The initial review must also compare the organisations current management of OHS against OHSAS 18001 requirements and determine the extent to which these requirements are being met or whether improvements can be made. The initial review will provide information which an organisation can use to identify if there are any existing gaps in the OHS management system and will guide the organisation in formulating plans for implementing and prioritising improvements to the OHS management system.

Agreed

35 8 4.1.2 First paragraph, second sentence.

States that the organisation may wish to consider including, but not limiting itself to …etc. The aim of the initial review is to consider all OHS risks faced by the organisation as a basis for establishing the OHS management system. The use of the word “may” seems inconsistent with the purpose of providing guidance to achieve this aim. It is suggested the guidance give more direction and provide a “minimal set of items” to be considered in the initial review. Substituting the word “should” for the word “may” provides a stronger indication that the suggested items should be considered as a minimum.

Delete “may” and in its place insert “should”. Agreed

36 11 4.1.2 1.st paragraph 2.nd line

If the initial review should be performed, then the basis for the review must be stated more strict.

An organization should to consider including, but not limiting itself……….

Agreed

37 15 4.1.2 Page 6 “relevant business management systems and available Move the bullet point as the second bullet point. Disagreed


12

resources” Needed resources are crucial to get started otherwise a start will be impossible.

38 19 4.1.2 Bullet 1 Further explanation of legislative and regulatory requirements

Insert ‘applicable’ before ‘legislative and regulatory requirements’

Disagreed

39 19 4.1.2 Bullet 2 It would be logical to identify O H & S hazards and risks prior to legal requirements in an initial review

Place ‘identification of the OH & S hazards…’ above ‘legislative and regulatory …’

Disagreed

40 22 4.1.2 Bullet 4 Delete the words "ill health", "accidents" and "emergencies", because they are implicit in the definition of "incident"

- an evaluation of feedback from the investigation of previous incidents.

Disagreed

41 23 4.1.2 Bullet list It is difficult when first starting to work through all the regulations that might apply and the order of the bullets and how the regulations may be identified should be changed as proposed

Delete first bullet. Add following bullets: - applicable legislative and regulatory requirements, bearing in mind:

- industry sector

- activities

- products, processes, facilities, equipment, materials and personnel; and

- location.

Disagreed

42 26 4.1.2 First Paragraph and Bulleted List

In the list of bullets to be considered for the initial review, there should be mention of “other requirements” (e.g. voluntary standards) along with legal and regulatory requirements

Suggest changing first bullet to read: -legislative and regulatory requirements, as well as other requirements that apply to the organization or to which the organization subscribes.

Accept in part

409 28 4.1.2 Initial Review should be seen in conjunction with 4.3.1. The content should be included under 4.3.1.1. and 4.1.2 be removed.

Initial Review should be seen in conjunction with 4.3.1. The content should be included under 4.3.1.1 and 4.1.2 be removed.

Disagreed

43 16 4.1.3 Par 1 An OHS management system focuses in on protecting the health of people.

Modify sentence as follows: The scope of the OH&S management system should define how, where and what to whom the OH&S management system applies to within the organization. The organization should determine whether the OH&S management system applies to individuals

Disagreed


13

such as outside sales personnel, home-based workers, repair personnel, transit drivers, etc.

44 18 4.1.3 There might be confusion as to how the documentation of the Scope could be accomplished

The scope (or that which is to be covered by the OHSMS) must be documented but there is no requirement for where the documentation of the system scope must be located, It can be in the:

• Policy • OHS manual (if there is one) • As a stand alone statement • Description of the

organization

Disagreed, too prescriptive

45 23 4.1.3 New para Add following as 5th paragraph: "For those seeking registration, it is advisable that they seek guidance from the certification body as to the scope of its OH&S scope."

Disagreed, the organization should define its own scope

46 8 4.2 Paragraph one, second sentence

This statement provides guidance on top managements responsibility. Paragraph five, first sentence also provides guidance on top management responsibility. Suggest combine this guidance into one paragraph. It follows that once the o requirement for top management to demonstrate

leadership an commitment has been established [Para 1]

o the link between this and the policy has been stated [new para 2], and

o the purpose of the policy has been explained [new para 3]

The responsibility for producing the OHS policy should be made clear. This guidance is provided in new paragraph 4. Second sentence, existing paragraph 1 therefore becomes second sentence new paragraph 4.

The suggested change is shown below. [See comments 4.2 paragraph five, first sentence].

Accepted in part

47 16 4.2 Par 7 & 8 To improve readability. Modify to read as follows:

Accepted in part


14

In communicating the policy, consideration should be given to how to create and maintain awareness in both new and existing personnel under the control of the organization. The policy can be communicated Communication can be in alternative forms to the policy statement itself, such as through the use of rules, directives and procedures, wallet cards, posters, etc. , and may therefore Such communication may include only the sections of the policy that are pertinent to the a particular individual. In communicating the policy, account should be taken of issues such as diversity in the workplace, literacy levels, language skills etc.

48 16 4.2 Par 9 It is too strong to say others will be interested in the policy – they may be (or may not be).

Replace will with may Both individual and group should be plural.

Accepted in part

49 16 4.2 Par 10 Need to clarify what changes are being discussed, what needs to be communicated and the extent of communication required.

Modify last sentence to read: If changes are introduced made to the policy, these the revised policy should be communicated to appropriate persons as soon as is practicable.

Accepted in part

50 5 4.2 The organization´s policy should also be consistent with the mission.

The organization's OH&S policy should be appropriate to the nature and scale of its identified risks and should guide the setting of objectives. In order to be appropriate, the OH&S policy should: ⎯ be consistent with the vision of the organization’s

future, and its mission;

⎯ be realistic, neither overstating the nature of the risks the organization faces, nor trivializing them.

Disagreed

51 8 4.2 All paragraphs.

The guidance does not appear to “flow” logically. It is proposed that the order of the existing guidance be changed [see adjacent} to provide a logical flow of advice about the OHS policy. In addition to changing the order of the existing guidance paragraphs there have been numerous proposed changes made to the content of these paragraphs. The proposed changes for each of the paragraphs are shown below.

Top management should demonstrate the leadership and commitment necessary for the OH&S management system to be successful and to achieve improved OH&S performance. An organisations OHS policy is a statement which demonstrates this leadership and commitment by top management.

Noted Disagreed. Policy is not a statement.


15

To avoid confusion all proposed changes have been incorporated in the adjacent “proposed change” column.

An OH&S policy establishes an overall sense of direction and sets the principles and objectives of action for an organization. It broadly sets the level of OH&S responsibility and performance required throughout the organization, against which all subsequent actions will be evaluated. The responsibility for defining and authorizing the OH&S policy rests with the organization's top management. The ongoing, proactive, involvement of top management in developing and implementing an OH&S policy is crucial. The organization's OH&S policy should be appropriate to the nature and scale of its identified risks and should guide the setting of objectives. In order to be appropriate, the OH&S policy should: - be consistent with a vision of the organization’s future, and - be realistic, neither overstating the nature of the risks the org organization faces, nor trivializing them. In developing its OH&S policy, an organisation should consider: its mission, vision, core values and beliefs the organization's overall business policies co-ordination with other policies the needs of persons working under the control of the organisation the OH&S hazards of the organization; legal and other requirements to which the organisation subscribes that relate to its OH&S hazards; historical and current OH&S performance by the organization; opportunities and needs for continual improvement and the prevention of injury and ill health; the views of interested parties. what is needed to establish realistic and achievable objectives The policy is, as a minimum, required to include statements about the key principles and objectives the organisation is committed to : ie the prevention of injury and ill health

"Broadly" does not add value Accepted in part Unchanged Accepted Accepted in part


16

continual improvement in OH&S management continual improvement in OH&S performance compliance with applicable legal requirements and compliance with other requirements to which the organization subscribes The OH&S policy should be communicated to all persons working under the control of the organization in order to assist them to understand: what management is committed to what they are individually required to do, by: demonstrating the commitment of top management and the organization to OH&S increasing awareness of the commitments made in the policy statement explaining why the OH&S system is established and is maintained guiding individuals in understanding their OH&S accountabilities and responsibilities (see 4.4.2) In communicating the policy, consideration should be given as to how to create and maintain awareness in new and existing personnel under the control of the organization. Communication can be in alternative forms to the policy statement itself, such as rules, directives and procedures, and may therefore only include sections of the policy, pertinent to the individual. Account should be taken of diversity in the workplace, literacy levels, language skills etc. Any individual or group (either internal or external) concerned with or affected by the OH&S performance of the organization will be interested in the OH&S policy. It is for the organization to determine how it wishes to make the policy available to such interested parties, e.g. through publication on a web site, or by providing printed copies on request. The OH&S policy should be reviewed periodically (see 4.6) to ensure that it remains relevant and appropriate to the organization. Change is inevitable, legislation and societal expectations evolve; consequently, the organization’s OH&S policy and OH&S management

Unchanged Unchanged Unchanged Unchanged Unchanged


17

system need to be reviewed regularly to ensure their continuing suitability and effectiveness. If changes are introduced, these should be communicated as soon as is practicable. The OH&S policy can be linked with other policy documents of the organization and should be consistent with the organization's overall business policies and with its policies for other management disciplines e.g. quality management or environmental management.

Move to end of clause disagreed

52 8 4.2 Paragraph one, first sentence

This sentence on its own, while appropriate, does not provide guidance on how it relates to OHS Policy. Inserting a new paragraph two [as shown] is therefore suggested. This provides link between the guidance in the first sentence and the OHS policy.

Paragraph one Top management should demonstrate the leadership and commitment necessary for the OH&S management system to be successful and to achieve improved OH&S performance. Paragraph two An organisations OHS policy is a statement which demonstrates this leadership and commitment by top management.

Disagreed

53 8 4.2 Paragraph Two, first sentence

Suggest insert the words “and objectives” after the word “principles”. 3.14 defines OH&S objective. Note 2 states that 2.4.3.3 requires that OH&S objectives are consistent with the OH&S Policy. 3.16 Note 1 – states that “The OH&S Policy provides a framework for action and the setting of OH&S objectives”. OHSAS 18001, Clause 4.3.3 states [second paragraph] that “The objectives shall be measurable, where practicable, and consistent with the OHS policy…” Inserting the suggested words “and objectives” provides a link and consistency between the requirements of 4.2 and 3.14, 3.16 and 4.3.3. The suggested change becomes the first sentence of new paragraph three

Paragraph Three a An OH&S policy establishes an overall sense of direction and sets the principles and objectives of action for an organization.

Disagreed

54 8 4.2 Paragraph Two, second sentence

The fist sentence provides guidance about the general purpose of a policy ie to provide an overall sense of direction, to set the principles of actions etc. The sentence appears at odds with this guidance

Paragraph Three b It broadly sets the level of OH&S responsibility and performance required throughout the organization, against which all subsequent actions will be evaluated.

Disagreed


18

because it refers to “OHS responsibility.” The second sentence could be misinterpreted that detailed responsibilities should be included in the policy. Suggest that the word “broadly” be inserted as proposed to avoid any possible confusion and is consistent with the purpose of the policy. This becomes the new second sentence of paragraph three.

55 8 4.2 Paragraph three

It follows that once guidance about responsibility for producing the OHS policy has been provided [new para 4] guidance about the content of the OHS policy should be stated. No change to content but change to the position of paragraph in 4.2 is proposed. Insert as new paragraph 5.

Paragraph Five The organization's OH&S policy should be appropriate to the nature and scale of its identified risks and should guide the setting of objectives. In order to be appropriate, the OH&S policy should: - be consistent with a vision of the organization’s future, and - be realistic, neither overstating the nature of the risks the org organization faces, nor trivializing them.

Disagreed

56 8 4.2 Paragraph Four

Paragraph four contains appropriate guidance but could be misinterpreted that the statements in the policy be limited to those shown. Suggest amend paragraph as shown to clarify that these are the minimum statements to be included. An organisation should be free to include additional statements in its OHS Policy depending on the needs of the organisation. The paragraph is further clarified that the statements relate to the “key principles and objectives” the organisation is committed to. Including these words is consistent with and reinforces the guidance provided in paragraph 4.2 Policy and 4.3.3 Objectives. The guidance in existing paragraph four provides guidance on developing the OHS policy. Guidance on things to consider when developing the OHS Policy is also provided in existing paragraph ten [see below for comments]. Comments on existing paragraph ten propose that the paragraph become new paragraph six. Guidance in existing paragraph four follows logically from new paragraph six and therefore proposal is that

Paragraph Seven The policy is, as a minimum, required to include statements about the key principles and objectives the organisation is committed to : ie the prevention of injury and ill health continual improvement in OH&S management continual improvement in OH&S performance compliance with applicable legal requirements and compliance with other requirements to which the organization subscribes

Accepted in part


19

this becomes new paragraph seven.

57 8 4.2 Paragraph Five, first sentence

It follows that once the o requirement for top management to demonstrate

leadership an commitment has been established o the link between this and the policy has been

stated, and o the purpose of the policy has been explained [see paragraphs 1-3, proposed change] The responsibility for producing the OHS policy should be made clear. This guidance is provided in existing paragraph five. It is therefore suggested this sentence becomes first sentence of new paragraph four. See comments Paragraph one, second sentence for reasons for inclusion of the second sentence of new paragraph four.

Paragraph Four The responsibility for defining and authorizing the OH&S policy rests with the organization's top management. The ongoing, proactive, involvement of top management in developing and implementing an OH&S policy is crucial.

Accepted

58 8 4.2

Paragraph Five, second sentence

This sentence deals with linking the OHS policy with other policy documents. This is a separate issue to that being dealt with in the first sentence of paragraph five ie responsibility for producing the OHS policy. It seems more logical to include guidance on linking the OHS Policy with other policy documents after all guidance associated with the content, communication and review of the policy are provided. Suggest this sentence be removed from existing paragraph five and that it becomes a new paragraph thirteen.

Paragraph thirteen The OH&S policy can be linked with other policy documents of the organization and should be consistent with the organization's overall business policies and with its policies for other management disciplines e.g. quality management or environmental management.

Disagreed

59 8 4.2 Paragraph Six to nine

There are no proposed changes to the content of the existing paragraphs. The guidance however follows more logically after guidance on developing and the content of the OHS Policy is provided. It is therefore proposed that the position of the paragraphs be changed. Propose to insert existing paragraphs as new paragraphs eight to eleven.

Paragraph Eight The OH&S policy should be communicated to all persons working under the control of the organization in order to assist them to understand: what management is committed to what they are individually required to do, by: demonstrating the commitment of top management and the organization to OH&S increasing awareness of the commitments made in the policy statement explaining why the OH&S system is established and is maintained

Unchanged


20

guiding individuals in understanding their OH&S accountabilities and responsibilities (see 4.4.2) Paragraph nine In communicating the policy, consideration should be given as to how to create and maintain awareness in new and existing personnel under the control of the organization. Communication can be in alternative forms to the policy statement itself, such as rules, directives and procedures, and may therefore only include sections of the policy, pertinent to the individual. Paragraph Ten Account should be taken of diversity in the workplace, literacy levels, language skills etc. Paragraph Eleven Any individual or group (either internal or external) concerned with or affected by the OH&S performance of the organization will be interested in the OH&S policy. It is for the organization to determine how it wishes to make the policy available to such interested parties, e.g. through publication on a web site, or by providing printed copies on request.

60 8 4.2 Paragraph Para ten

This paragraph provides guidance on the content of OHS Policy. In developing the OHS policy an organisation should [in addition to existing guidance] also consider the organisations overall business policies. It is therefore suggest to include the words “the organization's overall business policies” in the guidance. This guidance also provide a link with the guidance provided in section 4.3.3.2 Objectives. The guidance in existing paragraph ten flows more logically from guidance in new paragraph 5. It is proposed that the position of the guidance be changed to new paragraph 6.

Paragraph six In developing its OH&S policy, an organisation should consider: its mission, vision, core values and beliefs the organization's overall business policies co-ordination with other policies the needs of persons working under the control of the organisation the OH&S hazards of the organization; legal and other requirements to which the organisation subscribes that relate to its OH&S hazards; historical and current OH&S performance by the organization; opportunities and needs for continual improvement and the prevention of injury and ill health; the views of interested parties. what is needed to establish realistic and achievable objectives

Disagreed

61 8 4.2 Paragraph eleven

This guidance deals with reviewing the OHS Policy and flows more logically from new paragraph eleven. Insert as new paragraph twelve.

Paragraph twelve The OH&S policy should be reviewed periodically (see 4.6) to ensure that it remains relevant and appropriate to

Unchanged


21

the organization. Change is inevitable, legislation and societal expectations evolve; consequently, the organization’s OH&S policy and OH&S management system need to be reviewed regularly to ensure their continuing suitability and effectiveness. If changes are introduced, these should be communicated as soon as is practicable.

62 11 4.2 1.st paragraph 2.nd line

It is critical that the top management shows “the way” for the employees. Therefore the tom Management needs to be visible in its involvement in the system and especially in the policy

The ongoing, proactive and visible involvement……….

Disageed. 1st sentence already requires "demonstrate leadership"

63 11 4.2 Bullet 8 The bullet should be constituent with the text in the paragraph

- what top management is committed to Agreed

64 11 4.2 Page 8, 1.st paragraph.

To my understanding the policy should be presented as a whole , and not divided into separate sections risking different understandings of the policy. If the sentence “and may therefore only include sections of the policy, pertinent to the individual.” are to stand it must be explained more deeply.

The sentence should go. Agreed

65 15 4.2 Page 7 With reference to the revision directions the language used

should be as explanatory as possible (small organisations should also be the target group) Take out “appropriate to the nature and scale” and explain better.

The org…. should be relevant to the identified risks and should guide the setting of objectives. The policy should reflect the possible degree of impacts on the organisation depending on the business art of the operation. The policy should express possible needs to allocate more resources to the OH&S work due to the hazards including social and psychological impacts.

Disagreed

66 16 4.2 Par 2, Par 6 bullet 6

Disagree that an organization’s OH&S policy sets levels of OH&S responsibility and performance requirements throughout the organization – this level of detail is not set in the OH&S policy. This is the subject matter of section 4.4.1.

Delete second sentence of paragraph and bullet 6. Agreed

67 16 4.2 Par 6 This paragraph (Starting with The OH&S policy should be communicated…) is confusing in format and the content is repetitive or inappropriate (see above comment).

Replace paragraph with following sentence: The OH&S policy should be communicated to persons working under the control of the organization to assist them in understanding both the organization’s OH&S commitments and their individual responsibilities for achieving those commitments (e.g. what the OH&S policy means to them).

Accepted in part


22

68 21 4.2 Spell out coordination with other policies ⎯ co-ordination with other policies (such as quality or

environmental policy of the Group and/or Division) Accept in part

69 23 4.2 Para 3, bullet 2 Replace "overstating" with "trivializing" and "trivializing" with "overstating".

Disagreed

70 23 4.2 Para 4, bullet 2 Add "and overall OH&S performance" to end of bullet Disagreed

71 23 4.2 Para 4, bullet 3 Delete. Disagreed

72 23 4.2 Para 4, bullet 5 Delete "compliance with". Disagreed

73 23 4.2 Para 5 Insert "effectively" before "communicated" and delete "assist them to understand".

Disagreed

74 23 4.2 Para 5, bullet 1 Replace with "demonstrate the commitment of top management and the organization to OH&S; and"

Disagreed

75 23 4.2 Para 5, bullet 2 Replace with: ⎯ ensure:

• visible participation of top and line management in ensuring good practices are in operation on a day to day basis

• ensuring its understanding, implementation and maintenance at all levels in the organization;

• ensuring employee involvement, participation and consultation to gain commitment to the policy and its implementation;

• ensuring that employees at all levels receive appropriate training and are competent to carry out their duties and responsibilities;

Disagreed, addressed elsewhere in the standard

76 23 4.2 Para 5 Delete first bullet after "by:" Disagreed

77 23 4.2 Para 6, sent 1 Repetition Delete. Disagreed

78 15 4.3 Page 8 "In developing… achievable objectives.” This is misplaced;

it is guidance to write the policy, not to communicate the policy.

These bullet points should be moved to page 7, before “The responsibility for defining….”

Agreed

79 25 4.3.1 p12 human behaviour ⎯ human behaviour (absenteeism, fatigue, injury; these human factors, especially if caused by overtime, reduction in force/layoff , or personal problems outside the

Disagreed


23

workplace should be managed with concern for employee privacy rights and potential worker's compensation/unemployment laws. Resolution may require working closely with human resources in order to protect the privacy and legal rights of employees.)

80 8 4.3.1.1 Paragraph one Second sentence states that the overall purpose of the risk assessment process is to understand the hazards (see 3.6)….etc. The word “understand” appears inconsistent with the definitions in section 3.7 Hazard identification. To understand a hazard is to have knowledge of and to be able to explain the hazard. Explaining hazards eg biological agents, various sources of energy etc requires technical expertise. 3.7 states that hazard identification is the process of recognising that a hazard exists. “Understanding” is part of the risk assessment process and not hazard identification. Risk assessment involves understanding the nature of the risk and the factors that might trigger or accelerate the risk. Decisions on how to control the risk can be made when the level of the risk is understood. The word “recognise” is more appropriate than “understand”.

Delete “understand” and substitute “recognise”. Accept in part

81 8 4.3.1.1 This paragraph provides general guidance on hazard identification, risk assessment and risk control. One key point is however not included which should be stated. This is that workplace hazards and the way they are to be controlled are often defined in regulations, codes of practice, guidance published by regulators, industry guidance documents. It seems logical that this guidance be included before the guidance on utilising the outputs of hazard identification, risk assessment and risk control is provided. [existing fourth paragraph] Suggest an additional sentence [as shown in adjacent column ] be included as a new fourth

Workplace hazards and the way they are to be controlled are often defined in regulations, codes of practice, guidance published by regulators, and industry guidance documents.

Accept in part


24

paragraph. Existing paragraph four becomes paragraph five.

82 8 4.3.1.1 Paragraph four This paragraph is part of 4.3 Planning. The guidance does not mention that the outcome of the initial review [4.1.2] can provide input into planning hazard identification, risk assessment and determining risk control processes by providing a framework for action, setting priorities and allocating resources. Insert as new first sentence to existing paragraph four.

The initial review (4.1.2) can provide input into planning hazard identification, risk assessment and determining risk control processes by providing a framework for action, setting priorities and allocating resources (see also 4.3.3).

Accept in part for 4.1.2

83 8 4.3.1.1 Paragraph four Although this paragraph is part of guidance on “planning” there is no statement on use of the outputs from the hazard identification, risk assessment and determining risk control processes as part of the planning process. This is a key point which has been omitted and should be included in the guidance.

In existing paragraph four after the following words “development of other parts of the OH&S management system such as”…. insert “developing objectives and programme(s) (4.3.3)” before the word “training”.

Disagreed. See revised text.

84 15 4.3.1.1 Page 9 This is achieved….. should be numbered, no pick and

choose, it is a methodology. Change the bullets points to a) b)…. Disagreed

85 19 4.3.1.1 Para 1 For clarity and consistency throughout the document when referring to reducing risks list fatality along with injury and ill health

‘…reduce the risks of injury, ill health and fatality’ Accept in part

86 19 4.3.1.1 Third bullet For clarification and consistency include the word level after risk for the text in brackets

‘…estimation of the risk level).’ Agreed

87 19 4.3.1.1 Para 4 Clarify that outputs from hazard identification, risk assessment and determining controls should be considered throughout implementation and that 4.4.2, 4.4.6 and 4.5.1 are suggestions

Include the phrase ‘but not limited to’ after such as. Accepted in part

88 21 4.3.1.1 4 i) To be clear on the linkages to other OHSAS requirements

ii) To be consistent with OHSAS 18001 Clause 4.5.1

i) such as Objectives and programmes,(4.3.3) training…

ii) Should be Monitoring and measurement, instead of measurement and monitoring

Accepted in part

410 28 4.3.1.1 Include text from 4.1.2 Include text from 4.1.2 Disagreed

89 1 4.3.1.2 Fig 2 Needs more details. Noted


25

90 4 4.3.1.2 Fig 2 Needs more details.

Noted

91 7 4.3.1.2 Fig 2 This figure doesn’t include the risk evaluating. Identifying hazards and evaluating risks are two steps that can have different methodologies. Both should be assessed.

Include a box “Risk evaluating” between the box “Identify hazards” and “Assess”. A control link, similar to the existing with the box “Identify hazards”, must be related to the “Manage” box.

Disagreed

92 8 4.3.1.2 Paragraph one

The existing guidance does not provide the “context” for the subject. Suggest insert paragraphs as shown as new paragraphs one and two.

Uncontrolled hazards have the potential to cause human injury or ill health. Uncontrolled hazards must therefore be identified before the risks associated with these hazards can be assessed and, if existing controls are inadequate, effective controls implemented according to the hierarchy of controls. An organisation should therefore establish how hazards will be identified and what models will be useful when assessing risk[s] [ie to understand the nature of the risk and the factors that might trigger or accelerate the risk].

Accept in part, for 4.3.1.1

93 8 4.3.1.2 Paragraph one, first sentence

The guidance is appropriate but it is suggested it be further clarified. It is stated that there is no single methodology for hazard identification and risk assessment that will suit all organisations. The key point that there is no single methodology which is appropriate to assess risks associated with all hazards is however not made. Including this statement is consistent with the guidance in the remainder of the paragraph which infers this point but does not directly make this point. Suggest that the first sentence be extended to avoid any ambiguity about the guidance being provided. This is also consistent with guidance in the first sentence of 4.3.1.4.3 that different risk assessment methods can be used. In practice an organisation should use the “appropriate” methodology for the hazard being assessed. An organisation therefore may utilise a number of methodologies.

After the words …”will suit all organisations ..add “or is appropriate to assess risks associated with all hazards”.

Accepted in part

94 8 4.3.1.2 Paragraph four Reference is made to 4.3.1.9 which does not exist. Change 4.3.1.9 to 4.3.1.8 Agreed

95 10 4.3.1.2 Paragraph 2 Error of provisions number

Guidance on each of these topics can be found in

Agreed


26

(Page 10

Line 22)

Guidance on each of these topics can be found in sections 4.3.1.4 to 4.3.1.9

sections 4.3.1.3 to 4.3.1.8.

96 11 4.3.1.2 Fig 2 The PDCA circle is almost showing the same methodology, if adjusted just a little bit, why not use what is already well known.

Change the figure to PDCA with small adjustments Accept in part

97 12 4.3.1.2 Figure 2 The scopes of Figure 1 in the Introduction and Figure 2 in 4.3.1.2 are partly the same but the figures are not "aware" of each other. The existence of two such figures in the same standard will be confusing for the readers. Figure 1 covers a wider area than does Figure 2. It is a good idea, as such, to take advantage of the connection which Figure 1 provides with other management standards. However that figure should not be presented as it is done in the draft, where its connection with the contents of the standard is not demonstrated.

Consider to combine Figure 2 in 4.3.1.2 with Figure 1 in the Introduction. Figure 1 could be used as a base. The terms in the original figure should be kept. The terms specific to OHSAS that correspond to the terms in the blocks in Figure 1 (as expressed in Figure 2) could be added. The resulting figure should be shown in one of the places only. See some ideas about combination of the two figures presented after the comments table.

Accept in part

98 14 4.3.1.2 Text extract :”OHSAS 18001 identifies 10 topics that should be taken into account in developing the procedure(s). Guidance on each of these topics can be found in sections 4.3.1.4 to 4.3.1.9.”

Introduction of the use of the work “topic” is confusing . Clarify and insert more appropriate text/word – “section2 etc (linked more clearly to 4.3.1 (a) to (j)

Agreed

99 15 4.3.1.2 Fig 2 Figure can be improved to avoid too many different

interpretations. Move “Manage” and move to the left side, take out the “small arrows for “Manage”, see new proposed Figure 2 in Annex 1.

If accepted the text of 4.3.1.2 needs to be adjusted accordingly.

Disagreed

100 16 4.3.1.2 Fig 2 Text was left out of the figure. Add in omitted text as attached. Accept in part

101 19 4.3.1.2 Simplification of phraseology for clarity and brevity, remove the second hazard identification and risk assessment and further simplify English.

‘There is no single methodology for hazard identification and risk assessment that will suit all organisations, the methodologies will very greatly across…’

‘Individual hazards may require different methods to be used, e.g. an assessment of long term exposure to chemicals may need a different method to that taken for equipment safety or for assessing an office work station.

Accept in part

102 19 4.3.1.2 Fig 2 Repeats bullets in 4.3.1, not adding value to the document in existing form and location

Insert figure in 4.3.1.1 and remove text or leave in current position but refer to in text or add notes

Disagree


27

103 19 4.3.1.2 Para 2 The line regarding ‘to ensure consistency of application, it is recommended’ does not take account of the requirement in the standard that ‘The organisation’s methodology for hazard identification and risk assessment shall b) provide for the identification, prioritization and DOCUMENTATION of risks…

Refer to 18001 regarding documentation. Disagreed

104 21 4.3.1.2 Fig 2 Figure 2 should use common terms so as not to confuse the users

Develop / select methodology – Identify hazards – Assess risks – Determine risk control measure – Implement risk control measure – Review risk control

Accept in part

105 22 4.3.1.2 Paragraph 4 Change the reference 4.3.1.9 to 4.3.1.8, due to in the draft, clause 4.3.1.9 is not mentioned.

OHSAS 18001 identifies 10 topics that should be taken into account in developing the procedure(s). Guidance on each of these topics can be found in sections 4.3.1.4 to 4.3.1.8.

Agreed

106 26 4.3.1.2 End of page 10 Reference to sections 4.3.1.4 to 4.3.1.9 is incorrect. The reference to “guidance on each of these topics” in sections 4.3.1.4 to 4.3.1.9” implies that each of the 10 topics in 18001 is discussed separately in these sections. These sections (actually 4.3.1.3 to 4.3.1.8) provide guidance on the six components of the procedure for hazard identification and risk assessment referred to at the bottom of page 10 (ie. Hazards, risks, controls, management of change, documentation, and on-going review), incorporating information on the 10 topics in OHSAS 18001.

Section numbering referenced should be: 4.3.1.3 to 4.3.1.8 Suggest changing last sentence on page 10 to: Sections 4.3.1.3 to 4.3.1.8 provides guidance on the six components of the procedure(s) which are identified above, incorporating the 10 topics identified in OHSAS 18001.

Accept in part

107 27 4.3.1.2 Fig 2 Needs more details. Noted 411 28 4.3.1.2 Involve the following paragraphs at the end of

chapter:Involve the folowing paragraphs at the end of chapter:

• Involvement of employees is necessary to allow their input as knowledgeable persons (in relation to work and workplace) as well as to make them aware about risks and hazards in the workplace. This should include active involvement of the employees in identification and risk assessment. Involvement should not be restricted to employee representatives.

• Qualifications within OH&S hazards and risks, identification methods (incl. stress etc.) and legislation

See left Too prescriptive. Disagreed


28

should be available during the identification and risk assessment process. The methods and the effort put in analyses should reflect the risks in the organization

412 28 4.3.1.2 Fig 2 Noted

413 28 4.3.1.3 Add text in yellow:

⎯ input from employees and other interested parties (see 4.4.3), e.g. results from people satisfaction surveys

-------------------------------------

⎯ plant cleaning

⎯ process modifications

⎯ maintenance,

⎯ plant start-ups/shut-downs

Hazard identification techniques can include the following: ⎯ benchmarking

⎯ Observation of behaviour

⎯ walkabouts

⎯ interviews and surveys

See left Disagreed

Accept in part

Agreed

108 26 4.3.1.3 Page 12 Human Factors

-absenteeism that is not related to a workplace injury seems out of scope for this standard and is usually the result of non-occupational illness.

Remove reference to absenteeism. Agreed

109 1 4.3.1.3 How to explain “sources”, “situation” or “acts”? What are the “benchmarking” and “workflow and process analysis”? There are many hazard identification and risk assessment methods, such as Event Tree Analysis(ETA), Fault Tree Analysis(FTA), etc, why are not they given? How to explain “defining a hazard’s characteristics“?

“Sources”, “situation” or “acts” should be individually given examples. Hazards originating outside the workplace should be given examples. Every hazard identification technique should be explained and given examples. ETA, FTA and other

Agreed Disagreed


29

methods should be given in this standard. “A hazard’s characteristics“ should be explained and given examples.

110 4 4.3.1.3 How to explain “sources”, “situation” ,or “acts”? What are the “benchmarking” and “workflow and process analysis”? There are many hazard identification and risk assessment methods, such as Event Tree Analysis(ETA), Fault Tree Analysis(FTA), etc, why are not they given?

“Sources”, “situation” ,or “acts” should be individually given examples.

Hazards originating outside the workplace should be given examples.

Every hazard identification technique should be explained and given examples. ETA, FTA and other methods should be given in this standard.

Agreed

Disagreed

111 5 4.3.1.3 A very important part of an initial review is the occupational exposure and health assessment data. I think we should have these as bullets and not under information on the facilities.

The following sources of information or inputs should be considered during the hazard identification process: • information on the facilities, processes and activities

of the organization, including the following:

− workplace design, traffic plans, site plan(s);

− process flowcharts, operations manuals and product plans;

− inventories of hazardous materials (raw materials, chemicals, wastes, products, sub-products);

− equipment specifications

− product specifications, material safety data sheets, toxicology and other OH&S data;

− monitoring data (see 4.5.1);

• occupational exposure and health assessments.

Agreed

112 8 4.3.1.3 Paragraph one, Guidance states that “hazard identification should Suggest a new third sentence be inserted as follows.

“Hazard identification should aim to proactively identify Accept in part


30

second sentence

consider different types of hazards including physical, chemical, biological and psychosocial..” While this is appropriate the main purpose of hazard identification is not directly stated. This is that “.hazard identification should aim to proactively identify all hazards arising from an organisations business activities, processes, products or services which may affect employees and others affected by the organisations business activities”. The guidance in 4.3.1.3 infers the point made in the above. The proposed change is therefore consistent with the guidance provided. Suggest this guidance be included in the first paragraph as a new third sentence.

all hazards arising from an organisations business activities, processes, products or services which may affect employees and others affected by the organisations business activities.”

113 8 4.3.1.3 Paragraph one Guidance states that hazard identification should consider different types of hazards including physical, chemical, biological and psychosocial . Providing a list could cause people to just focus on these types of hazards. Suggest this sentence be qualified that these are “common hazards”. The proposed new third sentence flows logically to indicate that all hazards should be identified.

At the end of the second sentence and before (see annex C……etc) include the words “which are hazard found in many workplaces”.

Agreed

114 10 4.3.1.3 Paragraph 3

(Page 11

Line 19)

What is meaning of traffic plans? Need for clarification. workplace design, traffic plans, site plan(s);

Agreed

115 10 4.3.1.3 Paragraph 10

(Page 12

Line 22)

The environmental management system doesn't address the impact on persons by hazards. These hazards may also be addressed through the organization's environmental management system.

The impact on environment outside the workplace by these hazards may also be addressed through the organization's environmental management system.

Disagreed

116 11 4.3.1.3 Page 12 “Human Factors is the application of technology to make the workplace compatible with human capabilities.” This sentence is very hard to translate with meaning and should be rephrased

Rephrase sentence Agreed

117 11 4.3.1.3 Page 12 middle “For hazards originating outside the workplace…” Rephrase sentence Agreed


31

This sentence addressing 4.3.1 D, is stressing the limitations in regard of evaluating hazards originating from outside the workplace. 18002 should stress possibilities and not limitations in the hazard identification process. Furthermore bullet D is not restricted to the vicinity of the workplace.

118 13 4.3.1.3 Paragraph 3, item (ii)

“…. Products Plans”, Clarify product plan or does it means “production plans”

Accept in part

119 13 4.3.1.3 Paragraph 7 “Human Factors…” Change to “Human factors…” Agreed 120 13 4.3.1.3 Paragraph 8,

item (ii) Are these only environmental conditions considered? What about dust and fumes (air quality)?

Agreed

121 14 4.3.1.3 -their varying behaviour Remove “varying” as it is very difficult to measure Agreed

122 14 4.3.1.3 Replace this sentence “Human Factors is the application of technology to make the workplace compatible with human capabilities.” - to provide clearer information to the user

Insert this proposed text: Human factors refer to environmental, organisational and job factors, and human and individual characteristics which influence behaviour at work in a way which can affect health and safety

Accept in part

123 14 4.3.1.3 Human Behaviour – examples are incorrect. For example “fatigue is a condition brought about by work load

Replace with the following examples: - work load, physical work, work patterns, social issues

Accept in part

124 15 4.3.1.3 Page 11 (incl ill health…) should be taken out. Either the full

definition of “incident” should be explained or the explanation should be taken out.

We suggest taking out the text in parenthesis; refer to 3.9 in Terms and Definitions of OHSAS 18001.

Agreed

125 16 4.3.1.3 Page 11 Bullet List 2

Redundant text Additional example of non-routine activities and situations

Strike the following words “Examples of types of…” Add: utility disruptions as another example

Agreed

126 16 4.3.1.3 Page 12, Bullet list 1

Clarify who is being discussed. Modify bullet points as follows: ⎯ the hazards and risks arising from their workplace

activities

⎯ the hazards arising from the use of products or services supplied to the organization by them

⎯ Individual’s their lack of familiarity with the workplace and

Accept in part


32

⎯ The their varying behaviour and capabilities of individuals.

127 16 4.3.1.3 Page 12 Clarification to paragraph 1, beginning with “For hazards originating outside the workplace…” Hazards may be caused by an incident as opposed to being due to an activity.

Insert the words “or incident” after the words “an activity…”

Agreed

128 19 4.3.1.3 For clarity list in order of clauses Place OH & S policy (4.2) above OH & S legal

requirements (4.3.2) Disagreed

129 19 4.3.1.3 Bullets For brevity combine and reduce repetition ‘information form employee consultation and input from

other interested parties (4.4.3) Disagreed

130 21 4.3.1.3 Para 12 Hazard identification methods should also consider document & records review

Disagreed

131 22 4.3.1.3 Paragraph 1 Reference is made to "psychosocial hazards", and in Annex C.4 reference is made to Psychological hazards. We suggest to unify the term.

To use "Psychosocial hazards" Agreed

132 22 4.3.1.3 Paragraph 3 Bullet 3

To make reference to clause defining incident in 18001, because the scope of "incident" is included there.

- records of incidents (see 3.9.) Agreed


Delete "accident", because incident already covers "accident".

- reports of incidents that have occurred in similar organizations;

Agreed

134 22 4.3.1.3 Paragraph 7 Change "is" to "in" the first sentence. Human Factors in the application of technology to make the workplace compatible with human capabilities.

Disagreed

135 26 4.3.1.3 2nd bulleted list Plant cleaning and maintenance are examples of routine activities, not non-routine activities

Suggest removing plant cleaning and maintenance from this list.

Disagreed, but text clarified

136 26 4.3.1.3 3rd bulleted list Last sentence in section

The 4th bullet indicates that all people have a “lack” of familiarity. The sentence on checklists being specific to work areas,

Suggest replacing “lack” with “level” Suggest removing this sentence

Accepted in part


33

processes, etc is too prescriptive

137 27 4.3.1.3 How to explain “sources”, “situation” or “acts”?

What are the “benchmarking” and “workflow and process analysis”? There are many hazard identification and risk assessment methods, such as Event Tree Analysis(ETA), Fault Tree Analysis(FTA), etc, why are not they given?

How to explain “defining a hazard’s characteristics“?

“Sources”, “situation” or “acts” should be individually given examples.

Hazards originating outside the workplace should be given examples.

Every hazard identification technique should be explained and given examples. ETA, FTA and other methods should be given in this standard.

“A hazard’s characteristics“ should be explained and given examples.

Agreed

Disagreed

138 13 4.3.1.4 Paragraph 1, 2 and 3

They are repetition of clauses 3.2.1, 3.2.2 & 3.1 Delete paragraphs Useful as an introduction. Disagreed

139 8 4.3.1.4.1 Paragraph one There is a “typo” in this sentence. Second line shows “heath” instead of “health”.

Correct “typo”. Agreed

140 8 4.3.1.4.1 Paragraph two This is not an exact replication of definition 3.22 because it introduces concept of “the level of risk”. The words “or not” are also not included which are part of the 3.22 definition.

Amend sentence to ensure it is consistent with the definition in 3.22.

Agreed

141 8 4.3.1.4.1 Paragraph three

The previous two paragraphs restate the definitions of risk and risk assessment. Paragraph three is inconsistent with this because it includes the words “and its OH&S objectives” which are not in definition 3.1. Paragraph three also does not include “(see 3.1)”. Considering OHS objectives when determining if a risk is acceptable is however appropriate guidance. Proposed to include an additional sentence which provides this guidance.

Delete the words “and its OH&S objectives”. Insert (see 3.1) at the end of paragraph three. Add additional sentence. “An organisation should also consider its OHS objectives when considering if a risk is acceptable”.

Disagreed

142 8 4.3.1.4.1 This section restates the definitions of risk, risk assessment and acceptable risk. General guidance on the main aim of risk assessment is however not provided. The main aim of risk assessment is to identify the most appropriate ways of controlling risks. Sometimes risk controls are mandated in legislation or there is already a great deal of information available on risk control

The main aim of risk assessment is to identify the most appropriate ways of controlling risks. Sometimes specific provisions in legislation prescribe what must be done to control risks. There may also be a large body of current and authoritative information available about how to eliminate or reduce risks associated with hazards. In circumstances where legislation prescribes risk control measures or where authoritative and current information

Disagreed Disagreed. Already covered, see 4.3.1.2 last bullet Disagreed


34

measures. It may therefore not always be necessary to conduct risk assessments. This a key point and it would be useful to provide this guidance. Propose to include three additional paragraphs after existing guidance in 4.3.1.4.1.

on how to control risks are available it may not be necessary to conduct risk assessments.

143 21 4.3.1.4.1 Para 1 Sometimes risks is regarded as likelihood of injuries rather than likelihood of hazardous event

To differentiate this two Disagreed

144 13 4.3.1.4..2 Paragraph 1, item (iv)

“…..(e.g. cleaners, visitors, contractors, the public) Delete cleaners, cleaners are either employees or contractors to an organization.

Disagreed. Cleaners are too often overlooked

145 13 4.3.1.4..2 Paragraph 1, item (vii)

“…..details of any existing written systems of work and/or…..”

Change to “…..details of any work instruction and/or…..”

Accept in part

146 11 4.3.1.4.2 Bullet 11 Environmental conditions within the workplace Isn’t that HSE ?? Accept in part

147 20 4.3.1.4.2 We propose to give the following two items in the changed redaction:

the availability and use of control measures (e.g. for ventilation, guarding, personal protective equipment, etc);

details of access to, and adequacy/condition of emergency procedures, emergency equipment, emergency escape routes, emergency communication facilities, and external emergency support etc.;

(justification – ISO 23601, ISO 16069)

the availability and use of control measures (e.g. for ventilation, guarding, personal protective equipment, collective protective means (equipment), etc);

details of access to, and adequacy/condition of emergency procedures, emergency equipment, emergency escape routes, emergency escape plans, safety way guidance systems (SWGS), emergency communication facilities, and external emergency support etc.;

Disagreed

Disagreed

148 22 4.3.1.4.2 Bullet 14 Delete the terms "accident" and "ill-health", because "incident" already covers them.

- monitoring data related to incidents experience associated with specific work activities;

Accept in part

414 28 4.3.1.4.2 Add text in yellow: ⎯ the potential for a failure to induce associated

See left See existing bullet 5.


35

failures or disabling of control measures

⎯ the total exposure, constant or temporary, and potential harm of chemical and/or biological hazards

⎯ the duration and frequency at which tasks are carried out;

Disagreed

149 8 4.3.1.4.3 Paragraph one The main aim of risk assessment is to identify the most appropriate ways of controlling risks. It is therefore essential to understand the nature of the risk and the factors that might trigger or accelerate the risk. This is a key point which is inferred but not directly made in the guidance. In addition risk is defined in 3.22 as “combination of the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health that can be caused by the event or exposure(s)”. There is however nothing in the guidance about evaluating the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of the injury or ill health that can be caused by the event or exposure. This guidance should be provided. Proposed additional guidance be inserted after existing paragraph three. The additional guidance aims to provide key information and provides context for guidance in previous three paragraphs.

Whatever risk assessment method is chosen it should be remembered that the main aim of risk assessment is to identify the most appropriate ways of controlling risks. It is therefore essential that the organisation chooses the risk assessment methodology which will assists with understanding the nature of the risk and the factors that might trigger or accelerate the risk. In order to assess risk an organisations should evaluate the likelihood of a hazardous event or exposure(s) occurring and the severity of the injury or ill health that can be caused by the event or exposure. Evaluating “likelihood” involves considering how often the risk situation occurs, how many people may be affected and how long people may be exposed to the risk, how operating conditions may increase the risk and how effective current controls are in reducing the risk. Estimating “consequence” or severity involves considering whether any information is available on the likely consequences of exposure to the risk, considering the factors which will influence the severity of an injury (eg the more force required to push, pull, lift an object, the greater a distance someone may fall, the greater the concentration of a substance being used, etc) increases the consequences of an injury. The risk assessment methodology used should result in an organisation identifying: -risks which are already adequately controlled and which should be monitored over time and, -risks which are required to be controlled. For the risks which are required to be controlled the methodology used should result in an organisation identifying: -the sources of harm that risk controls must address, -the risk factors that accelerate or trigger risk, and -the chain of events that could lead to harm.

Too detailed for 18002.


36

150 8 4.3.1.4.3 Paragraph one, Second sentence

The second sentence includes the following words …..“When seeking to establish the likelihood of harm”. The expression “likelihood of harm” also appears inconsistent with the language used in the guide. This could cause confusion. Proposed that words be changed as shown which is consistent with the definition 3.22 and guidance in the document.

When seeking to establish the likelihood of a hazard resulting in injury or ill health.

Disagreed

151 11 4.3.1.4.3 2nd para. Lead to major release Why major – this should cover any release that might affect individuals

Agreed

152 11 4.3.1.4.3 4th para The risk assessment should involve The risk assessment shall involve (mandatory according to the standard.)

Disagreed

153 13 4.3.1.4.3 Paragraph 3 “…..in many circumstances, OHS risk……” Change to “…..in many circumstances, OH&S risk……”

Agreed

154 8 4.3.1.4.4 Paragraph one, Second sentence

Guidance states that “Such generic assessments can be useful as a starting point for more specific assessments, but need to be customized to be appropriate to the particular situation”. Propose that slightly different words be used [shown in adjacent column] to provide greater clarity to the intent of the guidance.

Such generic assessments can be useful as a starting point for more specific assessments. The generic assessment must be reviewed and customised at the local or site level to ensure the relevant hazards are included in the assessment.

Disagreed

155 10 4.3.1.5 Paragraph 1

(Page 15

Line 7)

Error of provisions number Changes created or introduced by external factors are required to be evaluated through on-going hazard identification and risk assessment (see 4.3.1.9).

Changes created or introduced by external factors are required to be evaluated through on-going hazard identification and risk assessment (see 4.3.1.8).

Agreed, but text now changed

156 13 4.3.1.5 - Clause 4.3.1.9 made reference to not part of this draft document.

Delete 4.3.1.9 in the text and cross reference to the most appropriate clause of the document.


157 16 4.3.1.5 Paragraph 1 Management of change is not included in the Terms and Definitions section and may not be interpreted by all readers as a process, system or set of procedures.

Insert the words “system or procedures” after the words “The management of change…”

Disagreed, but text now changed

158 22 4.3.1.5 Paragraph 1 Delete reference to clause 4.3.1.9, because there is not such a clause in the draft, or develop a clause 4.3.1.9. Is it intended to make reference to clause 4.3.1.8?

The management of change addresses changes that the organization introduces to the organization itself, its OH&S management system, or its activities. Changes created or introduced by external factors are required to be evaluated through on-going hazard identification and



37

risk assessment

159 25 4.3.1.5 end of section MOC is extremely important; and the outputs of the process should be used as much as possible. Linkages among the clauses should be pointed out when applicable. Add proposed change at end of 4.3.1.5

⎯ Outputs from the management of change process include

⎯ - input to hazard identification process

⎯ - input to corrective or preventive action processes

⎯ - input to management review procedure (input 4.6.h and other items if applicable)

Disagreed

160 26 4.3.1.5 1st paragraph Reference to 4.3.1.9 is incorrect Should be 4.3.1.8 Agreed, but text now changed

415 28 4.3.1.5 Add text in yellow: The management of change process should include consideration of the following questions to ensure that any new or changed risks are acceptable: ⎯ Have new hazards been created (see 4.3.1.4)?

⎯ What are the risks associated with the new hazards?

⎯ Have the risks from other hazards changed?

⎯ Could the changes adversely affect existing risk controls?

⎯ Have the most appropriate controls been chosen, bearing in mind usability, acceptability and both the immediate and long-term costs?

⎯ are there any legal requirements ralated to new installations or equipment that needs to be considered?

See left Dealt with by 4.3.2. Disagreed

161 8 4.3.1.6 Paragraph two This paragraph states the following – “If new or improved controls are required, they should be determined in accordance with the principle of the

If new or improved controls are required, they should be determined in accordance with the following commonly used risk control principles or “hierarchy of controls”.

Too detailed. Disagreed


38

elimination of hazards …..etc” The guidance is referring to determining risk controls in accordance with the “hierarchy of controls”. There is however no mention of the “hierarchy of controls”. These words appear to have been omitted between the words ….:in accordance with the principle of the” and “elimination of hazards” Propose that the words “hierarchy of controls” be included in the guidance. In addition the remainder of the guidance attempts to set out the “hierarchy of controls” but the guidance is not clear. Determining risk controls according to the “hierarchy of controls” is a fundamental and well established key risk control principle. The guidance must be unambiguous and clearly explain the hierarchy of controls. A new paragraph two is proposed which incorporates the changes proposed above.

- The most effective and reliable risk control is

elimination, where practicable, of hazards or the elimination of the risks associated with the hazards.

- If this is not possible reducing the risk should

be considered (either by reducing the likelihood of occurrence or potential severity of injury or harm) by substituting the risk with a lesser one or introducing engineering controls.

- The least preferred risk control method is to

reduce exposure to the hazard or risk by the adoption of administrative controls such as procedures or work instructions with the use of personal protective equipment (PPE) as a last resort.

162 8 4.3.1.6 a) While example is appropriate it could be more clearly stated. The existing example refers to mechanised instead of manual “packaging” [instead of “packing”]. Proposed that existing words be substituted with those shown in adjacent column which provide a clearer example.

Elimination – modify a design to eliminate the hazard, e.g. Introduce mechanical lifting devices to eliminate the manual handling hazard.

Agreed

163 8 4.3.1.6 d) The existing guidance will create confusion about the “hierarchy of controls because signage and warnings are examples of administrative controls. They are not a step in the hierarchy in themselves. The existing guidance is not consistent with the guidance on the “hierarchy of controls”. Propose that the wording be changed to ensure consistency with the “hierarchy of controls”.

Administrative controls – signage, warnings, install alarms etc…

Disagreed. Consistent with 18001

164 8 4.3.1.6 Paragraph four Refer to “the” instead of “this” hierarchy…etc. This reads better. Write “hierarchy of control” in full instead of just referring to “hierarchy” – this is clearer and improves consistency of the guidance provided in paragraph two. [if it is agreed that the words “hierarchy of controls” are to be included].

In applying the hierarchy of control ….. Agreed


39

165 8 4.3.1.6 Five The guidance states – An organisation should also take into account: - the need for a combination of engineering and administrative controls (combining elements from the above hierarchy); This guidance limits the control options to a combination of engineering and administrative controls. This guidance is not completely accurate, useful or good practice. The wording should be changed to encourage organisations to consider the more effective controls [those from the top of the hierarchy of controls] in preference to introducing controls from lower down the hierarchy of controls . A combination of risk controls may needed to provide the most suitable risk control solution. This is a very important point and warrants introducing a new paragraph five.

An organisation should aim to introduce the most effective risk controls. Selecting risk controls form the top of the hierarchy of controls is preferable to introducing controls from lower down the hierarchy of controls. A combination of risk controls may needed to provide the most suitable risk controls. .

Disagreed

166 9 4.3.1.6 In compliance to ILO OSH 2001 The following provides examples of implementing the

hierarchy of controls, that is, a) to e) are to be implemented in its order of priority; Note: Example a)-e) are same as those in OHSAS 18001 (4.3.1).

Disagreed

167 16 4.3.1.6 Final par before 4.3.1.7

The use of the word “monitoring” may be misconstrued in the sentence starting “the organization should conduct ongoing monitoring…” “Review” is a better word. One concept that appears to have been deleted is the idea of residual risk Although there is a brief notation in section 4.3.1.6, the concept of iterative risk reduction has been eliminated. In reality, an organization may implement a "temporary" control for a long time until a more effective control is technically or financially feasible. Periodic review of the risk and on-going effectiveness of the current control is needed during this time, hence the idea of an iterative process. It is important to emphasize that determining appropriate controls is not a task to be done once. This needs to be returned to on a regular basis to evaluate whether the controls are still effective in reducing risk to an acceptable

Replace the word “monitoring” with “review.” Add the following phrase to the end of the sentence – “and that the controls selected continue to reduce the risk to an acceptable level.” Add the sentence – This is particularly important when interim measures are taken to control hazards on a temporary basis until more effective controls are technically or financially feasible.

Disagreed


40

level. This is part of the concept of iterative risk reduction.


41

168 20 4.3.1.6 d) Devide item d) into two items ( d), e) ) as shown:

d) Signage, warnings, and/or administrative controls – install alarms, safety procedures, equipment inspections, access controls

(justification – ISO 3864, ISO 7010, ISO 23601, ISO 16069 & ISO 15370)

d) Administrative controls – install alarms, safety procedures, equipment inspections, access controls etc.

e) Collective protective means (equipment) – signal colours, safety signs, signal marking, hazardous area marking, safety instructions safety prompt-lists on workplace, spherical safety mirrors, photoluminescent safety guidance systems to ensure safety and rescue etc.

Disagreed. Not consistent with 18001

169 20 4.3.1.6 e) It is necessary, therefore, to rename item e) into f) and give it in new redaction:

e) Personal protective equipment – safety glasses, hearing protection, face shields, safety harnesses and lanyards, respirators and gloves

Add In the following item the use of collective protection means and give it in new redaction:

An organization should also take into account:

-

- using measures that protect everyone (e.g. by selecting engineering controls that protect everyone in the vicinity of a hazard in preference to PPE);

-

f) Personal protective equipment – working wear, working footwear, safety glasses, hearing protection, face shields, safety harnesses and lanyards, respirators and gloves etc.

sing measures that protect all persons in the organisation (e.g. by selecting engineering controls that protect everyone in the vicinity of a hazard such as PPE and collective protective means);

Disagreed

170 14 4.3.1.6. Para 4 An organisation should also take into account – Point 7 Insert the following text (e.g. errors - Skilled based & knowledge based errors and violations – deliberate

Disagreed


42

- typical basic types of human failure (e.g.

deviation which can be routine/situational/exceptional)

171 13 4.3.16 Paragraph 8 “….attaining ALARP (as low……..” Change to “…..attaining as low as reasonably practicable (ALARP)…”

Agreed

172 13 4.3.17 Paragraph 5 What makes certain hazard identification more complex? What is the nature of additional documentation required?

Clarify Paragraph 5 Accept in part

173 16 4.3.1.7 Bullet 3 Disagree that OHSAS 18001 requires that risk levels be documented for each identified hazard. OHSAS 18001 simply requires that the organization “document …the results of identification of hazards and risk assessment.” For organizations that have thousands of identified hazards, documenting level of risk related to each hazard could be a very onerous requirement. This text is likely to be misinterpreted and used to impose a requirement that is not in the standard. It is sufficient to say (as in the bullet above) that organizations should document how they determined the risks associated with the hazards that have been identified. This may be by individual hazard but it may also be by type of hazard or on some other basis that makes sense for that organization. We do not want the risk assessment to simply be a “paperwork” exercise - we want it to make sense for the organization.

Delete third bullet. Accept in part

174 19 4.3.1.7 Para 1 For consistency use the terminology of the clause in OHSAS 18001 as hazard identification not identification of hazards

Remove identification of hazards and substitute hazard identification

Agreed

175 25 4.3.1.7 paragraph excellent comment could be expanded by examples. I have seen lack of correlation among OHSAS requirements, what is a procedure, and what is in the form.

When existing or intended controls are used in determining OH&S risks, these measures should be clearly documented so that the basis of the assessment will be clear when it is reviewed at a later date. Examples include of how used hierarchy of control - in Procedure can include examples of the application of hierarchy of control. Criteria explained in procedures can be included on forms to remind users. There must be excellent correlation between terminology in procedure and on the form.

Too prescriptive. Disagreed


43

176 8 4.3.1.8 Second This paragraph provides guidance on conducting periodic reviews of hazard identification and risk assessment. Improvements may be necessary. There is an opportunity to link the outcomes of reviews with 4.3.3 Objectives and programmes which would reinforce a systematic approach to managing OHS. Include additional wording as suggested at the end of the second sentence.

The results from reviews can provide useful input into the planning process [see 4.3.3].

Disagreed, covered in 4.3.1.1

177 16 4.3.1.8 Second bullet Unclear what “emergence” means. Substitute identification for emergence. Bullet point would read: - the need to respond to the identification of new hazards

Accept in part

178 16 4.3.1.8 3rd Par It is not whether a review can show but that it does show the controls remain valid.

Revise sentence as follows: It is not necessary to perform new risk assessments when a periodic review can shows that the existing or planned risk assessments and selected controls remain valid appropriate for protecting persons in the workplace.

Disagreed

416 28 4.3.1.8 Add text, last paragraph: Commitment and engagement from top management is a pre-requisite to ensure an effective on-going process for hazard identification, risk assessment and in order to implement needed risk mitigating actions.

See left Disagreed

179 16 4.3.2 Par 8 An organization is only required to be able to access the legal requirements that are applicable to it.

Insert “its applicable” after the word access in first sentence.

Disagreed

180 11 4.3.2 1st bullet Codes of practice Codes of practice is not a legal requirement Disagreed. In some countries Codes can be legal requirements.

181 11 4.3.2 Page 18, 2nd list

The list should also mention charters like the ICC charter Accept in part

182 11 4.3.2 Page 19 bullet 1

Its industry sector The organisation might not be an industry. The bullet should go or be revised.

Agreed


44

183 13 4.3.2 The word “Organisation” and “Organization” used interchangeably in text.

Use only for form through out text. Agreed

184 16 4.3.2 Par 6 There is no requirement in OHSAS 18001 that an organization seek out relevant legal requirements.

Modify sentence as follows: Using information about Depending on the nature of its OH&S hazards, operations, equipment, materials etc., an organization should review relevant resources to determine its seek out relevant applicable OH&S legislative or other requirements.

Disagreed

185 16 4.3.2 Par 7 The suggestions in this paragraph go beyond what OHSAS 18001 requires. An organization is not required to identify legal requirements of its industry sector unless they actually apply to the organization itself. An organization is not required to use any particular external resource.

In determining its applicable legal and other requirements, the organization should consider requirements that are pertinent to (bullet list) External resources, such as those previously listed, may be helpful in locating and evaluating these requirements.

Accept in part

186 19 4.3.2 Para 1 For consistency use the terminology of the clause in OHSAS 18001, as compliance with applicable legal and other requirements

Remove OH & S before legal and other Agreed

187 21 4.3.2 Legal & other requirements should include identification of performance standards either internal or external

Organizations should identify legal limits for OSH performance indicators and identify those not defined by the legal requirements

Disagreed

188 23 4.3.2 There is no reference to the importance of ensuring that these commitments are implemented.

Disagreed

189 26 4.3.2 Paragraph before 3rd bulleted list

The last sentence of this paragraph limits achievement to being through one source OR the other. This should be and/or.

Suggest that you replace “or” with “and/or” Agreed

417 28 4.3.2 If possible we should try to list examples of legislation applicable for OH&S and this standard. This because readers may be confused on what is the type of requirments applicable

See left Disagreed

190 9 4.3.3 OH&S risk is compulsory item at the last bullet of 4.3.1 in OHSAS 18001 and legal and other requirements is also compulsory item at 4.3.1 in OHSAS 18001.

Add the following at 3rd paragraph “The process of taking into account the former two items can be traced back.”

Accepted in part


45

191 21 4.3.3 Sometimes the planning for OSH are kept separate from the normal organizational planning

OSH objectives, targets and programs shall be made during the normal organizational planning period


192 26 4.3.3.1 Second section Again, this sentence limits the organization to one OR the other. We would argue that an organization should strive to do both since improving your OH&S management systems should lead to improved OH&S performance. The two are intertwined.

Suggest that you replace “or” with “and/or” Agreed

193 1 4.3.3.2 What is the “reduction of risk level” etc of OHS objectives? The “reduction of risk level” etc of OHS objectives should be given details.

Accepted in part

194 11 4.3.3.2 Note 1 Not all objectives …….. Objectives focused on maintaining current levels of OHS performance should be dealt with In 4.4.6, as these are not objectives but merely controls. In 4.3.3 all objectives need to focus on improvement otherwise we will confuse the reader or even worse give some organisations an excuse for not making any improvement at all. The note should go.

Accepted in part

195 11 4.3.3.2 Page 20 1st para

Examples of types…… It is very important to stress that all objectives need to improve specific HSE aspects. The list has to be much more specific or explaining in each of the suggested types of objectives.

Accepted in part

196 11 4.3.3.2 Note 3 SMART The acronym SMART is not translatable Noted, but mainatined

197 16 4.3.3.2 Par 7/ 8 There is no requirement in OHSAS 18001 that objectives be “endorsed” by top management. This goes well beyond what is required and may not be appropriate for all organizations.

Modify as follows: Specific OH&S objectives can be established by different functions and at different levels within the organization. Certain OH&S objectives, applicable to the organization as a whole, may be established by top management. Other OH&S objectives may be established by or for relevant individual departments or functions. Not all functions and departments need to have specific OH&S objectives.

Agreed

198 19 4.3.3.2 Para 1 Misuse of the term require, the organisation is not required by the standard to give greater emphasis on addressing legal requirements and risks

Remove this paragraph Accepted in part


46

199 19 4.3.3.2 The second list is confusing as some of these are required to be considered i.e. views of relevant interested parties (which would include employees)

18001 requires some issues to be considered (see 18001 text box above) . Issues that you may wish to take into consideration are (refine list)

Accepted in part

200 19 4.3.3.2 notes The inclusion of notes is confusing for the reader Include notes in the body of the text Accepted in part

201 23 4.3.3.2 Sent 1 Insert "its OH&S risks" between "on addressing" and "legal requirements". Insert "and" after "legal requirements". Delete "and its OH&S risks" after "it subscribes".

Accepted in part

202 27 4.3.3.2 What is the “reduction of risk level” etc of OHS objectives? The “reduction of risk level” etc of OHS objectives should be given details.

Accepted in part

418 28 4.3.3.2 Add text: Personnel affected by the objectives, e.g. managers and employee representatives, should be involved or at least consulted in the process of setting objectives to ensure committment

Too prescriptive

203 16 4.3.3.3 Par 2 The second sentence is confusing and overreaching. Modify as follows: Depending on the complexity of the particular programme, the organization should assign responsibility, authority, and time-scales for each individual tasks, to ensure that in order to meet the overall time-scale of the related OH&S objective can be accomplished.

Accept in part

204 21 4.3.3.3 4 To be consistent with OHSAS 18001 Where necessary, programmes need to be adjusted/modified to ensure the objectives can be met.

Accept in part

205 1 4.4.1 What is the difference between “responsibility” and” accountability”.

The difference between “responsibility ”and” accountability” should be explained.

Agreed

206 4 4.4.1 What is the difference between “responsibility ”and” accountability”. the difference between “responsibility ”and”

accountability” should be explained. Agreed

207 10 4.4.1 Paragraph 23

(Page 31

Line 8)

Who is Line management? Need for definition of Line management. Line management responsibility should include ensuring that OH&S is managed within their area of operations. Where prime responsibility for OH&S

Accept in part


47

matters rests with line management, the role and responsibilities of any specialist OH&S function within the organization should be appropriately defined to avoid ambiguity with respect to responsibilities and authorities.

208 12 4.4.1 5 If this is intended to be a "guideline" it should not contain expressions as "have to be" (same meaning as "shall") A corresponding requirement is not stated in the OHSAS 18001 text under 4.4.1.

Replace with "should" or rewrite completely. Disagreed. Required by 18001. Now clarified.

209 12 4.4.1 5, 10th bullet After this long list the meaning of "the organization" is difficult to understand.

Delete "the organization" or rewrite in order to express the intended meaning better.

Accept in part. Should have been part of previous bullet.

210 12 4.4.1 8 This is to a high degree just a repetition of contents of the requirement text.

Shorten. Eliminate duplication. Disagreed

211 15 4.4.1 Page 21, 2nd

para, 2nd bullet The use of “accountable” is misleading. It might imply that the accountability could be foreseen.

End sentence after “responsibility”. Disagreed

212 15 4.4.1 Page 22, 2nd

para, 4th bullet “clarity of responsibilities at the interfaces between different functions”. What are different functions? Internally within the organization or in-between the organization and subcontractors?

Clarify or delete? Accepted in part

213 15 4.4.1 Last sentence

of first para of page 23.

“ It should be ensured that any…” How could this be ensured?

Delete sentence Disagreed

214 15 4.4.1 Second para of

page 23. “This should include arrangement…”

First priority should be to solve the problems at the level of occurrence before escalation to a higher level of management.

Rephrase Accept in part

215 15 4.4.1 Third para of

page 23 What does “visible demonstration” mean? Change to “actively participate”. Disagreed

216 16 4.4.1 Par 2, bullet 2 The word “requires” is not appropriate for OHSAS 18002. OHSAS 18001 does not require that the organization provide all the resources needed to maintain a safe workplace. This bullet point goes well beyond what OHSAS 18001 requires.

Modify as follows: This commitment should begin at the highest levels of management. and requires top management to Top management can show its commitment by doing the following:

Disagreed


48

⎯ Identify and make making available, in a timely and

efficient manner, all the resources needed for the OH&S management system to achieve the commitments made in the OH&S Policy to maintain a safe workplace

217 16 4.4.1 Par 2, bullet point 4

“ensure that there is clarity of responsibilities at the interfaces between different functions” seems vague.

Reword as follows: - Ensure that there is a structured process to assign both accountability and responsibility when more than one function is assigned or involved in a particular task.

Disagreed

218 16 4.4.1 Par 3, bullet point 1

The phrase “specific to its operations” is not needed as a qualifier to provision of resources

Delete “specific to its operations” Disagreed

219 16 4.4.1 Par 5 Today, organizations often accomplish tasks using work teams and committees so responsibilities and authority may be set out in committee or team charters or in individual performance goals and objectives documents.

Add new bullet point as follows: - committee or work team charters

Modify bullet point 4 to read as follows: - job descriptions or performance goals & objectives documents

Accept in part (ref to safety committee/safety teams now included in para 6)

220 16 4.4.1 Par 6 The phrase “The organization is free to choose whatever format best suits its needs.” implies that only one way will be chosen.

Modify to read – The organization is free to choose whatever method or methods best suits it and supports the effective documentation and communication of responsibilities and authorities.

Accept in part

221 16 4.4.1 Par 9 Operations management is more widely understood that line management. In the second sentence, while should be used instead of where.

Replace “line management” with “operations management in the first and second sentence. Replace” Where” with “While” in the second sentence.

Accept in part Disagreed

222 16 4.4.1 Par 10 One of the key functions of management is to promote employee involvement. To encourage participation, employees need to see and hear about results. It is preferable to view management as caring enough to know what these issues are, to be cognizant of their status, and encourage their resolution.

Add “communicating the status of safety activities, issues, non-conformances and objectives.”

Accept in part

223 16 4.4.1 Par 11 OHS is the responsibility of everyone, it is not just an “idea”, it should be an expectation.

Replace the existing paragraph with the following: “The organization should also communicate and promote the expectation that everyone has responsibilities for safety, not just those with OHS management system responsibilities. Demonstration of an individual’s commitment to OH&S should be regularly evaluated

Accepted in part


49

against established goals and objectives. This can be done as part of a regular performance appraisal process.”

224 22 4.4.1 Paragraph 7 Bullet 9 y 10

The two bullets should be joined, since there is not really a bullet number 10.

- employees with OH&S qualifications, or other OH&S specialists, within the organization

Agreed

225 22 4.4.1 Paragraph 10 Change "accident investigation" to "incident investigation", because the latter is the way used in OHSAS 18001:2007.

All managers should provide visible demonstration of their commitment to OH&S. Means of demonstration can include visiting and inspecting sites, participating in incident investigation, and providing resources in the context of corrective action, attendance and active involvement at OH&S meetings, and issuing messages of support

Agreed

226 23 4.4.1 Para 2, bullet 3 Insert "and training" after "the necessary authority". Disagreed

227 23 4.4.1 Para 3, sent 1 Delete "their adequacy. Resources can be considered adequate if". Insert " manage the organization' risks and" after "are sufficient to".

Accept in part

228 23 4.4.1 Para 7, sent 5 Insert "effectively" after "managed". Agreed

229 26 4.4.1 Page 22 Last 2 bullets

Should “organization” be part of the bullet above it, rather than a separate bullet?

Agreed

230 27 4.4.1 What is the difference between “responsibility” and” accountability”.

The difference between “responsibility ”and” accountability” should be explained.

Agreed

231 16 4.4.2 The text in this section was confusing. The first sentence contained a double negative. Not all people are required to be trained or competent. It is the organization (not management) who determines training /competency needs.

Modify as follows: Persons working under the control of the organization need to be able to perform their assigned tasks safely and without negatively impacting OH&S. causing OH&S impacts. The organization should require ensure that these individuals (including temporary and contract employees) s are able to demonstrate that their employees have the requisite competence for performing tasks that may have OH&S impacts. Awareness is needed to ensure that people individuals have an appropriate understanding of the organization's OH&S risks consequences associated with their jobs

Accept in part


50

and the requirements of the OH&S management system related to the tasks they perform. Training is one method that can be used to achieve competency or create awareness. Awareness, knowledge, understanding and competence can also be obtained or improved through training, education or work experience. Competency can also be demonstrated by other means such as certifications or prior work experience performing specific OH&S tasks. Management The organization should determine the level of experience, competence and training necessary to ensure the capability of personnel, especially for those individuals carrying out specialized OH&S activities or activities with significant OH&S risks.

232 14 4.4.2.1 General 3rd Sentence

Training is a method to achieve competency and create awareness Alignment with the title

Should be the 2nd sentence under 4.4.2.1 General Accept in part

233 14 4.4.2.1 General 3rd Sentence

Training is a method to achieve competency and create awareness - training should be treated as a process not a method

Training is a process where by the needs of any person under the control of the organisation are identified to enable them to be competent to perform their assigned task and create awareness

Accept in part

234 15 4.4.2.1 1st and 2nd

para The use of "people" is too vague, not giving much guidance. We guess "people" is referring to "any person(s) under its control performing tasks that can impact on OH&S".

Change "people" to "employees" or "employees and other person(s) under the organizations control"

Accept in part

235 15 4.4.2.1 3rd and 4th

para The two sentences on competence, training and awareness could be merged and better worded as they are now overlapping.

Accepted in part

236 15 4.4.2.1 5th para Need to limit the requirement to OH&S aspects. "…have the requisite OH&S competence and/or

appropriate OH&S training." Disagreed

237 23 4.4.2.1 Sent 1 Delete and replace with "Management should determine the level of competence necessary to ensure that people are able to perform their assigned tasks safely."

Accept in part


51

238 23 4.4.2.1 Sent 2 Delete. Disagreed

239 23 4.4.2.1 Sent 3 Replace "or" with "and". Accept in part

240 23 4.4.2.1 Sent 4 Delete "and/or appropriate training . . .OH&S services" and replace with "to undertake the work safely".

Accept in part

241 26 4.4.2.1 2nd sentence Awareness should be associated with risks that employee is exposed to in their assigned tasks

Suggest changing to: “Awareness is needed to ensure that people have understanding of the organization’s OH&S risks that they are exposed to in their assigned tasks, and the OH&S management system.

Disagreed

242 26 4.4.2.1 5th sentence This should be applied as required to staff doing jobs with a particular OH&S risk

Suggest that you add to end of sentence: “as required for tasks with a potential OH&S risk”

Disagreed

243 12 4.4.2.2 2, 2nd bullet "procedures and instructions" If both types are mentioned the differences between them or the significant characteristics of each should be explained. "Instructions" is mentioned in other places in the draft and these occurrences should also be considered. Even "work instructions" in 4.4.4, 5th paragraph. Are they different from "instructions" in general?


244 16 4.4.2.2 In the context of an OHS management system, competence needs to be specifically related to OH&S not a general ability to perform a task. Individuals are not necessarily OH&S competent simply because they have been performing a job for a period of time – they may be doing the job in an unsafe manner. The classic example of this is individuals who can drive motor vehicles but are not competent to do so in a safe manner.

For purposes of an OH&S management system, the competence of a person performing a particular task should be evaluated based on whether that individual has the appropriate education, training and/or experience to minimize OH&S risks and implement necessary controls. OH&S competency requirements should be considered in recruiting and developing the abilities of those working under the control of the organization. The organization may need to seek external advice in defining required OH&S competencies.

Disagreed

245 18 4.4.2.2 Competency in subject matter is a necessity when approving documents relevant to OH&S. A person who is not competent could unknowingly approve a procedure that creates more risk or could place the organization in a state of regulatory non-compliance.

• The organization should give specific consideration to the competency requirements for those who will be:

performing document review and approval (4.4.5)

Disagree. Too specific

246 23 4.4.2.2 Para 3 Delete. Disagreed

247 23 4.4.2.2 Para 4 Insert "all" before "personnel". Insert " including top management and any specialists," after "personnel".

Agreed


52

248 16 4.4.2.3 It is not clear what is meant by the term “other actions” throughout this section. This section should focus on providing guidance on the requirement for identifying training needs.

Eliminate the reference to “other actions” and focus the section on identifying training needs. Modify as follows: 4.4.2.3 Identifying Training Needs or other actions The organization should consider the roles, responsibilities and authorities, in relation to the OH&S management system, in determining its the training or other actions needed for those persons working under its control (including contractors, temporary staff etc.). The Such training or other actions should focus on both competency requirements and the need to enhance awareness developing the appropriate OH&S competencies and/or awareness. Training needs can be meet by providing formal training or taking other actions (e.g. the use of posted job aides, apprentice or buddy programs). The organization should evaluate the effectiveness of the training or other actions taken. This can be done in several ways, e.g. by written or oral examination, practical demonstration or observation, or other means that demonstrate competency and/or awareness. Appropriate training records should be retained maintained (4.5.4). Depending on the organization’s needs, these training records could include information in training databases, copies of training materials, course sign-in sheets, etc. The organization should define what training records it intends to retain to demonstrate conformance with the requirements of this section.

4.4.2.1 now amended to describe "other actions". Disagreed.

249 21 4.4.2.3 1 To be consistent with OHSAS 18001 To include requirements for a system to identify training needs associated with its OH&S risks and its OH&S management system

Agreed

250 23 4.4.2.3 This is a lot of text to explain training. Noted 419 28 4.4.2.3 Add text in yellow

• The organization should give specific See left

Disagreed


53

consideration to the competency requirements for those who will be:

⎯ the top management appointee (see 4.4.1),

⎯ performing risk assessments (4.3.1)

⎯ performing exposure assessments (4.5.1)

⎯ performing audits (4.5.5)

⎯ performing incident investigations (4.5.3)

⎯ performing tasks with potential high OH&S risks (e.g. loading/unloading of hazardous chemicals etc.).

251 19 4.4.2.4 For clarity and brevity combine two final paras Awareness programmes should be provided for

contractors, temporary workers and visitors etc. according to the level of risk to which they are exposed and their individual capabilities (e.g. literacy and language).

Disagreed. Different issues

252 20 4.4.2.4 Evidently it is necessary to specify sense of this item and give it in new redaction:

- emergency procedures

- рossible emergency situations

Disagreed. All emergency situations can be considered "possible"

253 22 4.4.2.4 Paragraph 2 Paragraph 3

Change the term "programs" to "procedures", in order to achieve alignment with the requirements of OHSAS 18001:2007

Awareness procedures should take account of OH&S risks and individual capabilities, e.g. literacy and language skills. Awareness procedures should be provided for contractors, temporary workers and visitors etc., according to the level of risk to which they are exposed.

Accept in part

254 23 4.4.2.4 Sent 1 Delete "The organization . . . knowledge of" and replace with " Awareness training should be provided and people's understanding assessed, on the following issues"

Accept in part

255 23 4.4.2.4 Sent 1, new Insert new bullet at bottom of list: Agreed


54

bullet " any other aspects that might impact on health and safety"

256 26 4.4.2.4 Last paragraph Need to be clear that the contractor’s organization is responsible to ensure that their employees are knowledgeable in the bullets in this section. Since the contractors work for their own organization, awareness of individual performance management and consequence issues such as those listed in this section is more appropriately the responsibility of the contractor organization.

Add a similar statement to that used at the bottom of page 23. Place this statement after the list of bullets in this section i.e. “The organization should require that contractors are able to demonstrate that their employees are knowledgeable in the above areas”

Addressed in 4.4.2.1. Disagreed

257 23 4.4.3.1 Para 1 Replace "Through" with "The organization, through". Insert comma after "and consultation" and delete "the organization" that follows this.

Agreed

258 23 4.4.3.1 New para Inset new 2nd para: " Communication is more than a dissemination process; it is a two-way process to ensure that OH&S information is provided, received and understood across the organization."

Accepted in part

259 19 4.4.3.2.1 For clarity remove the repetitive use of the word communication

The target audience and their information needs Appropriate methods and media Local culture, preferred styles and available technologies Communication of OH&S issues to employees, visitors

and contractors can be communicated via the following means:

Agreed

260 23 4.4.3.2.1 Para 1, sent 1 Remove "external" from before "interested parties". Agreed

261 23 4.4.3.2.1 Para 1, sent 2 Remove "those involved in or affected by the OH&S management system" with "all interested parties".

Disagreed

262 23 4.4.3.2.1 Para 1, sent 4 Remove "Communication of" before "OH&S issues". Agreed

263 26 4.4.3.2.1 Last bulleted list

The existing text gives the impression that these 2 types of communications are all that is expected

Suggest that a note should be added indicating that these are examples, or that it is not an exhaustive list

Agreed

264 11 4.4.3.2.2 Last bullet Information related to operational changes The sentence should be: Information related to management and operational changes

Accept in part

265 12 4.4.3.2.2 1 It can be questioned whether an expression as "It is important to …" shall be stated in a "guideline". It is very close to a "requirement". The same expression appears in 4.4.3.2.3.

Consider rewriting. Disagreed


55

266 12 4.4.3.2.2 2, 1st bullet As before in the draft, see 4.3.3. Apply consistently spelling "programmes". Agreed

267 15 4.4.3.2.2 It is important to evaluate that the system works in a good

way, It is written already in § 4.4.3.2.1 but need to also in this §

Add: - evaluation of the effectiveness of the information Disagreed

268 19 4.4.3.2.2 Remove the repetitive use of the word information This should include information: -related to … -concerning…

Agreed

269 23 4.4.3.2.2 Para 1 Insert "effectively" from between "to" and "communicate".

Agreed

270 23 4.4.3.2.2 Para 2 Add new bullet to end of list: "Communication from those working on behalf of, or visiting, the organization."

Disagreed

271 15 4.4.3.2.3 1.It is important to evaluate that the system works in a good

way, It is written already in § 4.4.3.2.1 but need to also in this § 2. Make emergency response more clear

1.Add “- evaluation of the effectiveness of the communication” This need to be added both at contractors and visitors 2. Move Emergency response to its own - This need to be changed both at contractors and visitors

Disagreed

Agreed

272 19 4.4.3.2.3 Para 1 Incorrect terminology Remove ‘to’ and insert ‘in’ after other visitors Disagreed

273 23 4.4.3.2.3 Para 5 Insert "customers, members of the public," between "service providers," and "etc.".

Agreed

274 23 4.4.3.2.3 Para 5, new bullet

Insert following as 2nd bullet: " specific OH&S requirements for activities carried out on site"

Accept in part

275 26 4.4.3.2.3 Second paragraph Whole Section

In the second sentence there should be reference to appropriateness based on the scale of the organization. There is a need to identify the limits of application of this section in terms of legal working relationships between some contractors and the organization. In some jurisdictions, a regulated division of OH&S responsibilities may exist, where this type of communication is not acceptable. ie: Owner-only contracts in Ontario, Canada

Suggest the following: “The procedure(s) should be appropriate to the scale of the organization and to the OH&S hazards…” Add Note: This communication must be appropriate based on regulatory requirements and/or limitations. In some instances, an organization-contractor relationship may exist that excludes this type of communication related to OH&S.

Disagreed New bullet on legal and regulatory now included. Accept in part.


56

276 12 4.4.3.2.4 1 It can be questioned whether an expression as "The organization needs to have …" shall be stated in a "guideline". It is very close to a "requirement.

Consider rewriting. Disagreed. It is an 18001 requirement, which would be too diluted by using just "should"

277 8 4.4.3.3 The guidance makes no mention of the need to ensure that workers participation procedures meet requirements of legislation. This should be included in the guidance. Suggest ass a third sentence to paragraph two as shown in the adjacent column.

The arrangements should also take into account requirements of legislation.

Accept in part

278 26 4.4.3.3 2nd paragraph Statement says that “all workers” should be involved in the development of the OH&S Systems. This is not practical, with involvement normally accomplished through worker representatives, which is referred to in the 3rd paragraph.

Suggest removing the words “all” in this sentence. Agreed

279 26 4.4.3.3 4th paragraph 3rd bullet

The reference to workers being consulted on “organization changes that affect OH&S”, may be interpreted to mean that workers are consulted on job positions or reporting relationships in the OH&S organization. Based on the examples, we do not think this is the intent, but others could interpret it differently.

Suggest re-wording to say “consultation, concerning production or process changes that affect OH&S…..”

Accept in part

280 1 4.4.3.4 How to produce the workers’ representatives on OHS matters in a organization?

The examples of producing the workers’ representatives on OHS matters in a organization should be given.

Disagreed

281 27 4.4.3.4 How to produce the workers’ representatives on OHS matters in a organization?

The examples of producing the workers’ representatives on OHS matters in a organization should be given.

Disagreed

282 11 4.4.4 Page 29 4th para

If. On the other hand, there are several …….. The need for written procedures are not determined by the numbers of “common sense” methods but on the likelihood of employees to follow the one decided. The sentence should go or be revised.

Accept

283 12 4.4.4 4 The 1st sentence is very close to a "requirement" and such are not appropriate in a "guideline". Consider also the expression "is required" in the last sentence of this paragraph.

Replace "is" in the phrase "the general principle that applies is that" with "should be".

Accepted

284 13 4.4.4 Paragraph 4 Clarify 1st sentence Agreed 285 13 4.4.4 Paragraph 6,

Item (i) “….. and accessibility that can need to be imposed,…..”

Change to “….. and accessibility that need to be imposed,…..”

Agreed

286 13 4.4.4 Paragraph 7, 2nd Sentence

“……records contain the history of actual events and contain the evidence that safe conditions were

Change to “……records contain the history of actual events and also evidence that safe

Agreed


57

achieved at particular time.” conditions were achieved or not at particular time.”287 16 4.4.4 Par 4 The first sentence is too prescriptive and goes well beyond

what OHSAS 18001 requires in the way of documentation. It is not a general principle that a written procedure is required whenever there is any risk associated with performance of a task (or not performing it in a certain way. This is an area where there is a significant difference between quality management systems and OHS management systems. Written procedures are only one way of accomplishing operational control in an OHS management and are only needed if the absence of a documented procedure could lead to deviations from the OH&S policy and objectives. Nor is the need for procedures driven by common sense.

Replace first sentence with the following: In determining the extent of the documentation required for an OH&S management system, documented procedures should be developed where they are necessary to ensure the control of processes for the purposes of appropriately managing OH&S risks. Processes where documented procedures may need to be developed could include activities such as

- entry into dangerous places (e.g. confined spaces, trenches)

- appropriate use and maintenance of personal protective equipment

- purchasing of chemicals or other hazardous materials

- maintenance of dangerous equipment (e.g. power presses, high-voltage electrical equipment)

Accepted in part

288 16 4.4.4 Par 7 Second sentence is incorrect – OH&S documents and records can cover topics other than “safety conditions.”

Delete all but first sentence and reference definition of record (3.20) and record control section (4.5.4)

Review for 4.5.4

289 19 4.4.4 Inconsistent type face Ensure standard font is used throughout the document Agreed

290 23 4.4.4 Sent 1 Delete "document and". Agreed

291 26 4.4.4 At the end There should be a note referencing the detailed section on records that comes later in the document (4.5.4)

Note: Records requirements are discussed in full detail in section 4.5.4.

Accept in part

292 11 4.4.5 1st para All documents and data containing information critical …… Should be revised to: All documents and data containing information required …..

Agreed

293 11 4.4.5 3rd para. Written procedures…… This belongs in 4.4.4 Disagreed

294 13 4.4.5 Paragraph 8, Item (vi)

“- archive records (some of which can need to be held…..)”

Change to “- archive records (some of which may need to be held…..)”

Accept in part

295 16 4.4.5 Par 4 The second sentence overstates the requirement. Process operators are not likely to need plant engineering drawings. Information needed for emergency personnel is covered in 4.4.7.3.

Delete second sentence add reference to 4.4.7.3 to first sentence.

Accept in part

296 16 4.4.5 Par 5 The first and second sentences are incorrect. The organization has no responsibility for making sure external reference materials are kept up-to-date (only that external documents necessary for the planning and operation of the

Replace paragraph with the following: The organization should establish procedures for identifying any documents of external origin required for planning and implementing its OH&S management

Agreed


58

OHS management system are the most up-to-date version). Nor is it necessary to specifically assign this task. This can be done as part of the hazard identification / risk assessment process (see 4.3.15 management of change) and the process of identifying legal and other requirements (4.3.2). The documents of external origin that most likely to need to be identified and controlled as part of an OHS management system are material safety data sheets for hazardous substances used by the organization. There are many ways of accomplishing this task – including the use of external service providers.

system. The distribution of these documents needs to be controlled to ensure that the most current information is used in making decisions impacting OH&S. For example, the organization should establish procedures for managing the material safety data sheets developed for hazardous substances used by the organization.

297 16 4.4.5 Par 6. 1st sentence

Obsolete documents do not present a risk as that term is used in this standard.

Modify sentence as follows: Care should be taken with obsolete documents retained for reference can present a particular risk, and great care should be taken to ensure that they do not return back into circulation.

Disagreed

298 19 4.4.5 Inconsistent type face Ensure standard font is used throughout the document Agreed

420 28 4.4.5 Add text in yellow:

Documents should be reviewed from time to time to ensure that they are still valid and accurate. This can be done as part of an internal audit or as a separate dedicated exercise. It can also be done as part of a review of risk assessment of processes. Pertinent documents should also be reviewed::

After (potentially) major incidents As part of the management of change

procedure and following changes in processes,

installation, workplace layout etc.

See left

299 4.4.6 ????

300 8 4.4.6.1 Three While the first sentence of the paragraph is correct the guidance in the rest of the paragraph does not provide useful information. In the second paragraph the guidance goes from eliminating the hazard [which is the most effective way to reduce the risk] straight to administrative controls [ie signage, procedures, training and then PPE]. The guidance makes no mention of considering the higher order risk control

Delete the second sentence. Insert instead the following sentence: Risk controls should be implemented in accordance with the “hierarchy of controls”, refer to [4.3.1.6]

Accept in part


59

options of substitution or if not possible engineering risk controls prior to considering the lower order administrative controls. There is no mention that often a combination of controls may need to be considered.

301 8 4.4.6.1 Paragraph three incorrectly cross reference to 4.3.1.7. This cross reference should be to 4.3.1.6.

Substitute 4.3.1.7 for 4.3.1.6 Agreed

302 10 4.4.6.1 Paragraph 2

(Page 30

Line 72)

Error of provisions number - management of change processes (see 4.3.1.6)

- management of change processes (see 4.3.1.5)

Agreed

303 10

4.4.6.1 Paragraph 3

(Page 31

Line 36)

Error of provisions number This should start with redesign of equipment or processes to eliminate or reduce hazard(s), improved signage/warnings for hazard avoidance, improved administrative procedures and training to reduce the frequency and duration of worker exposures to inadequately controlled hazards, and lastly the use of personal protective equipment to reduce severity of injury or exposure (see 4.3.1.7).

This should start with redesign of equipment or processes to eliminate or reduce hazard(s), improved signage/warnings for hazard avoidance, improved administrative procedures and training to reduce the frequency and duration of worker exposures to inadequately controlled hazards, and lastly the use of personal protective equipment to reduce severity of injury or exposure (see 4.3.1.6).

Agreed

304 10 4.4.6.1 Paragraph 4

(Page 31

Line 39)

Error of provisions number The identified operational controls need to be implemented, evaluated on an on-going basis (4.3.1.9) to verify their effectiveness, and integrated into the overall OH&S management system.

The identified operational controls need to be implemented, evaluated on an on-going basis (4.3.1.8) to verify their effectiveness, and integrated into the overall OH&S management system.

Agreed

305 12 4.4.6.1 4 It can be questioned whether an expression as "operational controls need to be implemented" shall be stated in a "guideline". It is very close to a "requirement.

Consider rewriting. Accept in part

306 13 4.4.6.1 Paragraph 3, Clause 4.3.1.7 cross referenced in the paragraph not appropriate

Change to clause 4.3.1.6 which is considered more relevant.

Agreed

307 13 4.4.6.1 Paragraph 4 Clause 4.3.1.9 made reference to not part of this draft document.

Delete 4.3.1.9 in the text and cross reference to the most appropriate clause of the document, 4.3.1.8.

Agreed

308 16 4.4.6.1 Examples of information to be considered for operational

In addition to controls put in place to manage risks and comply with applicable legal and other requirements, organizations may develop their own OH&S requirements for internal use. These also need to be considered when

Add another bullet point in the first list (information to be considered when establishing operational controls) as follows: – “internal company / facility specifications that establish

Disagreed


60

controls looking at the need for operational controls. For example, a company may establish a specification that states that no new piece of equipment will be purchased / operated if the noise level exceeds 85 dBA..

requirements for OH&S operational controls.

309 23 4.4.6.1 Para 3, sent 1 Replace "preference" with "priority" and replace "with higher . . .or ill health" with "that provide protection to the maximum number of people by controlling the risks at source"

Accept in part

310 10 4.4.6.2 a)

(Page 32

Line 8)

Need for clarification - Traffic management

Agreed

311 11 4.4.6.2 1st para. Last sentence

e.g procedures, written work instructions…. e.g procedures, written or spoken work instructions…. Accept in part

312 12 4.4.6.2 e) The terms "supplier", "vendor" and "contractor" are used in 4.4.6.2 e) -f) and other places. This may be confusing as the difference between them is not clarified.

If it is necessary to use all these terms, the differences between them or the significant characteristics of each should be explained.

Accept in part

313 16 4.4.6.2 A ) A commonly used operational control method is having procedures / processes in place to ensure that individuals performing tasks can perform them safely (whether or not they are considered hazardous tasks) For example, workers need to be aware of guards that need to be maintained on equipment.

Add an additional example to the list a) General control measures as follows: – “Training requirements and procedures to make employees aware of OH&S hazards and risks”

Accept in part

314 23 4.4.6.2 Para 1, sent 2 Move "physical devices (such as barriers, access controls)" to appear immediately after "e.g." and delete from end of sentence. Insert "and" before "alarms and signage".

Agreed

315 26 4.4.6.2 b) The 5th bullet seems to be more applicable to the general control measures category (a)

Suggest moving this bullet to section (a) Accept in part

316 26 4.4.6.2 d) Sections a) and d) seem to be similar Suggest combining Sections a) and d) Disagreed 421 28 4.4.6.2 d) Add text in yellow:

⎯ Inspection and testing of OH&S equipment such as guarding, fall arrest systems, shutdown systems, rescue equipment for confined spaces, lock-out systems, fire detection and suppression

See left Disagreed, too specific


61

equipment, explosimeters and gas leakage detectors, exposure monitoring devices, ventilation systems and electrical safety systems;

317 26 4.4.6.2 e) 7th bullet

Evaluating the re-evaluating the OH&S performance of vendors and suppliers not performing work in the organization’s workplace seems out of scope to the workplace OH&S management systems. If they are vendors/suppliers performing work in the organization’s workplace, they would be contractors, which is covered in section f)

Suggest removing 7th bullet Accept in part

422 28 4.4.6.2 f) Add text in yellow: ⎯ Evaluation, monitoring and periodic

re-evaluation, of the OH&S performance of contractors;

⎯ Awareness training/site qualification etc. (ref. 4.4.2 and 4.4.3.2.3

Disagreed

318 12 4.4.6.3 1 It can be questioned whether an expression as "Operational criteria need to be" shall be stated in a "guideline". It is very close to a "requirement.

Consider rewriting. Agreed

319 26 4.4.6.3 d) It should be made clear that in situations where a contract relationship exists that prevents this type of communication between the organization and a contractor working on their behalf, that this communication is not to occur. ie: Owner-only contracts in Ontario.

Suggest adding a note: “This communication must be appropriate based on regulatory requirements and/or limitations. In some instances, an organization-contractor relationship may exist that excludes this type of communication related to OH&S.”

"can" now inserted in lead in paragraph. Disagreed.

320 11 4.4.7.2 It should be stated very clearly that OHSAS 18001 deals with emergencies in regard of HSE ,to prevent the use of standard emergency plans from ISO 14001 or other standards.

Accept in part

321 14 4.4.7.2 a) Include other common enterprise –wide emergencies -epidemic/pandemic -workplace violence -terrorism

Accept in part


62

322 21 4.4.7.2 Para 1 Sometimes identification of potential emergency situation is kept separate from HIRARC

Identification of potential emergency situation should be based on and related to the risk assessment methodology defined in 4.3.1 hazard identification

Disagreed

323 23 4.4.7.2 Item a) Insert following as final bullet: " forseeable natural disasters"

Accept in part

324 23 4.4.7.2 Para 4 Insert following as second sentence (i.e. after " The organization should identify . . . workplaces controlled by the organization."): "Special consideration should be given to those with special needs, e.g. people with limited mobility, vision and hearing (see 4.3.2)."

Accept in part

325 24 4.4.7.2 a) Refer to last paragraph of text box for clause 1 Scope, the word "loss of utility service" should be for those utility services that are under scope of OHSAS 18001 only. As OHSAS Standard is intended to address OH&S

Accept in part

326 26 4.4.7.2 b)5th paragraph, 4th and 5th bullet

Remove apostrophes in “organization’s” and “investigation’s”

Agreed

423 28 4.4.7.2 a) Add text in yellow: a) Examples of enterprise-wide emergencies include: ⎯ fires

⎯ explosions

⎯ emissions of hazardous gases

Accept in part

327 12 4.4.7.3 2 It can be questioned whether an expression as "need to be" shall be stated in a "guideline". It is very close to a "requirement.


328 13 4.4.7.3 - “….. consideration should be taken account of the existence and/or capability of the following;”

Change to “….. the existence and/or capability of the following should be taken into consideration;”

Agreed


63

329 20 4.4.7.3

It is necessary to insert additional point, after the following words:

In developing emergency response procedure(s),

...................................................... the following:

(justification – ISO 3864, ISO 16069 and ISO 15370)

- emergency evacuation plan(s) and systems of photoluminescent guidance elements (SWGS) including the orientation in the dark

Disagreed

330 21 4.4.7.3 Para 1 Procedures normally put too much emphasis on other items without defining the most important objectives

The important part of an EPR is to prevent losses to life and property hence the procedure shall focus on rescuing and treating injuries

Accept in part

331 26 4.4.7.3 First bulleted list Text after 1st bulleted list

Typo in the 6th bullet – “fist aid”. 12th bullet should refer to proximity of local emergency services as well as availability. Description of pre-approved (contractual) arrangements says “should” be put in place. This would be better with “could” since these may not always be contractual

Should be “First Aid” Change 12th bullet to: “availability and proximity of local emergency services…” “…, pre-approved (contractual) arrangements could be put in place.”

Agreed Disagreed Disagreed

332 12 4.4.7.4 2 This paragraph only states that certain things "may be needed". Instead it should tell what the organization should do.

Rewrite. Disagreed

333 21 4.4.7.4 Para 2 Many organizations rent facilities To define methods if organization is renting a property rather than owning

Disagreed

334 22 4.4.7.5 Paragraph 2 Besides the competences mentioned for emergency response personnel, their physical and mental health, and fitness conditions shall be taken into account for them to carry out properly their assigned activities.

Emergency response personnel should remain competent (Physical and mental health and fitness conditions) to carry out their assigned activities.

Accept in part

335 12 4.4.7.6 1 It can be questioned whether an expression as "Periodic testing of emergency procedures is necessary" shall be



64

stated in a "guideline". It is very close to a "requirement.

336 19 4.4.7.6 The note should be inserted into the text in order to make the document more reader friendly

Insert contents of note into main body of text Disagreed. The note clarifies the term "where practicable", but is not giving guidance on the 18001 requirement

337 21 4.4.7.6 Para 2 Some users have the idea that drill means a full EPR exercise plus a full evacuation and some EPR is hard to have a drill

Periodic testing of EPR can be done through a desk review or actual drill (either partial or full eg evacuation)

Accept in part

338 23 4.4.7.6 Para 2 Replace "should involve" with "may need to take into account" and delete "to develop an effective working relationship",

Accept in part

339 10 4.4.7.7 Paragraph 1

(Page 38

Line 19)

Error of provisions number - as a result of management of change, corrective

action, or preventive action (see 4.5.2)

- as a result of management of change, corrective

action, or preventive action (see 4.5.3)

Agreed

340 9 4.5.1.1 6th bullet Through the work of revising OHSAS 18001, the phrase “legal” has removed (included in “proactive”). Thus it is necessary to enhance the statement related with legal requirement in the example of “proactive”.

Completion of legally required and other inspections as scheduled, especially those in relation to the legal and other OH&S requirements that are applicable to the organization identified in 4.3.2

Accept in part

341 15 4.5.1.1 2nd bullet To us "exposures" put focus on physical OH&S exposures.

As "exposure" is not defined we propose to clarify that it is including both physical and mental exposure.

Add after "exposures": (physical and mental) Health screening in list a) addresses this. Disagreed

342 15 4.5.1.1 a) 5th bullet We are missing the compliance evaluation. This is one of

the elements clarified in the OHSAS 18001:2007. Add: - the effective use of the results of internal (including compliance evaluation) and external audits

See ne bullet under list a) on legal compliance Accept in part

343 15 4.5.1.1 a) 9th bullet The health screening should include both mental and

physical conditions. Add: - the use of health screening (including both mental and physical conditions)

Health screening in list a) addresses this.


65

Disagreed 424 28 4.5.1.1 a) Add text in yellow:

a) Examples of proactive measures include:

⎯ the effective use of the results of workplace safety tours or inspections

⎯ evaluation of the effectiveness of OH&S training

⎯ use of OH&S behaviour based observation

⎯ monitoring of employee workload (records on use of overtime etc.)

Disagreed. Covered by legal compliance

344 21 4.5.1.1 Last Some OSH performance are not benchmarked against a known level for comparison

OSH performance shall be benchmarked against the legal standards or any other performance standard or internal KPI


345 22 4.5.1.1 b) bullet 3

Change “lost time accident rates” to “lost time ill health rate” , because accident is already included in the definition of incident, and the lost time ill health rate shall be also considered. As reactive measures the following ones shall be included, because they can also happen:

- regulatory agency enforcement action. - comments from interested parties.

- lost time incident rates, lost time ill health rates. - Acciones impositivas de entes reguladores: regulatory agency enforcement action - Observaciones presentadas por partes interesadas - regulatory agency enforcement action. - comments from interested parties.

Accept in part

346 26 4.5.1.1 4th paragraph introduction

While we agree with the emphasis on proactive measures related to the OH&S management system, these must ultimately result in a decrease in injuries, which is measured with reactive measures. We suggest that this introduction be re-worded to provide a better balance between the two.

Suggest changing the intro to: “In addition to reactive measures, the organization’s measuring and monitoring should be focussed on proactive measures of performance to drive performance improvement and injury reduction.

Accept in part

425 28 4.5.1.2 Remove text after “ Verification is a quality process………….” as this is deemed too academic and not so relevant. Instead propose to include:

See suggestions Accepted in part


66

• If external testing laboratories are used, sufficient competence and quality assurance may be ensured by using laboratories holding accreditation for testing of the actual parameter.

347 5 4.5.1.2 • I am not sure that you can “validate” an instrument. What you validate is the sampling and/or analytical method.

• The difference between calibration and verification is not clear in the standard. The majority of industrial hygiene equipment used to measure compliance is verified, not calibrated (according to the definition). What is usually call “calibration” is not calibration according to the VIM. For example a sound level meter is verified that it functions within an established range not calibrated. In order to calibrate you need to correct the measurement; you don´t do this when you measure noise. Only verification is used when evaluating compliance, not calibration.

• Usually organizations do not validate sampling methods, but use standard methods required by law. I recommend we eliminate this part form the clause.

Measurements should be conducted using suitable methods for assuring the validity of results. When necessary to ensure valid results, measuring equipment should be calibrated or verified and adjusted if necessary, against measurement standards traceable to international or national measurement standards. If no such standards exist, the basis used for calibration or verification should be recorded. The equipment should be maintained at specified intervals, or prior to use, The calibration or verification status of the equipment should be available to the user. Measurements should be performed by competent personnel (see 4.4.2), using suitable quality control techniques. Written procedures for conducting measurement and monitoring can help to provide consistency in measurements and enhance the reliability of data produced. Verification is a quality process used to evaluate whether or not an instrument complies with a regulation, specification, or conditions. Verification should be performed according to the manufacturer´s recommendations. (end)

Accepted in part

348 16 4.5.1.2 Par 1 This belongs in the prior section and/or the concept is repeated in next sentence.

Delete Accepted in part

349 16 4.5.1.2 Par 2 OHSAS 18001 does not require verification or validation of measuring and monitoring equipment – it requires calibration and maintenance – as appropriate (i.e. the equipment is working right and giving accurate results). Introduction of the ISO 9000 concepts of verification and validation into OHSAS 18002 is confusing. Those terms have a different meaning to OHS professionals.

Revise paragraph as follows: To assure the validity of results, monitoring equipment used to measure OH&S conditions (e.g. sampling pumps, noise meters, toxic gas detection equipment, etc) should be maintained in good working order and calibrated, as appropriate. This is important to assure that the equipment is functioning properly and providing

Accepted in part


67

accurate results. As appropriate, measurement standards used in calibration should be traceable to international or national measurement standards. If no such standards exist, the basis used for calibration should be recorded. OH&S monitoring equipment should be maintained at specified intervals. If it is used infrequently, it should be checked prior to use and calibrated, as appropriate.

350 16 4.5.1.2 Par 3 There is no requirement that the calibration status be available “to the user.” For OH&S monitoring equipment, there may not be a “user” like there is for quality monitoring equipment (e.g. equipment monitoring general air quality in a particular area).

Delete Accepted in part

351 16 4.5.1.2 Par 5 -7 The information that was added to this section on verification and validation has no place in this standard. The added language does not relate to the requirements in section 4.5.1.2. Neither of these definitions is used in OHSAS 18001 and introduction of these quality definitions does not belong in this standard. In addition, the definitions add more confusion than they do clarity.

Delete these paragraphs. Accepted in part

352 22 4.5.1.2 Paragraphs 5, 6, 7

Delete the three final paragraphs. They are confusing because they mix concepts from metrology and process measurement. Another possibility is to explain how the concepts "verification" and "validation" are applied to measuring equipment.

Accepted in part

353 23 4.5.1.2 Note We don't really understand what the definition of "validation" means and how it differs from the definition of "verification".

Accepted in part

354 26 4.5.1.2 Last 3 paragraphs

These sections do not seem to apply to this section. Either clarify how this is applicable to monitoring and measurement, remove this section, or move to a more suitable section.

Accepted in part

355 16 4.5.2 Par 3 Only compliance with applicable legal requirements needs to be evaluated not compliance with all requirements.

Modify as follows: While compliance with all applicable legal requirements has to be evaluated, the organization may need to evaluate compliance with individual requirements at different times or at different frequencies, or as appropriate.

Accept in part


68

356 16 4.5.2 Par 4 Clarify that flexibility is intended. A compliance evaluation programme can, but does not have to be, integrated with other assessment activities. These can include management system audits (OHS, environment or quality) or environmental compliance assessments audits or quality assurance checks.

Disagreed

357 21 4.5.2 Some organization will have difficulties to do this with the limited number of personnel

Evaluation of compliance shall be done by competent person either internally or using external resource

Accept in part

358 23 4.5.2 Para 1 This seems to be repeating a typical management system requirement rather than giving guidance.

Delete paragraph. Disagreed

359 23 4.5.2 Para 2 Insert " of the OH&S management system" after "compliance".

Disagreed

360 23 4.5.2 Para 3, Sent 1 Delete 1st sentence Accept in part

361 26 4.5.2 Last paragraph The results of the periodic evaluations of legal and other requirements should also be discussed or presented to the management team

“…should be recorded and discussed/presented to the Management Team”

Too prescriptive, not required by 18001. Disagreed.

362 25 4.5.2.2 bullets add additional activities ⎯ facility, equipment and area inspections

⎯ interviews

⎯ behavior-based safety observations

Accept in part

363 25 4.5.2.2 new para insert additional explanatory paragraph between the two compliance paragraphs to encourage using the same auditing practices for compliance

...individual requirements at different times or at different frequencies, or as appropriate. Like internal audits, compliance evaluations can be based on the results of risk assessments and the results of previous audits. If a previous audit provided evidence that a report had been filed or an inspection conducted, and no reports or inspections were required since,



69

it is not necessary to reaudit. If reports or inspections have been required since the last audit, then they should be re-audited.

364 25 4.5.3 4th to last bullet To avoid confusion and not weaken the standard, eliminate the words "where appropriate" We do not want to encourage the avoidance of risk assessments by opening a "where appropriate" door.

The organization should ensure that: - proposed actions are reviewed through risk assessments prior to implementation

Accept in part

365 19 4.5.3.1 Incorrect wording Replace reccurrence with reoccurrence Accept in part

366 23 4.5.3.1 Para 4, bullet 3 The meaning and intention of this text should be clarified. Replace with "defining who identifies which type of incident"?

Accept in part

367 19 4.5.3.2 b) Reduce repetition of the use of the word results ‘Inputs into corrective action and preventive action can

be identified from the results of:- Agreed

368 21 4.5.3.2 To define requirements for incidents and non conformance which happen at clients’ place of work

Organizations shall cooperate with customers in incident or non conformance investigation and identifying corrective and preventive actions


369 23 4.5.3.2 New sent Add following as new sentence at end of subclause: "Significant nonconformities and the effectiveness of preventive or corrective action should be reviewed by top management."


370 26 4.5.3.2 a) No bullet indicating that failure to meet the requirements of the 18001 standard is a non-conformance

Add the following bullet: “-failure to meet any of the minimum requirements of the 18001 standard

Accept in part

371 26 4.5.3.2 b) First 2 bullets do not seem to fit the definition of a non-conformance as they are related to not meeting specified objectives. Reference to not meeting a target seems to belong more in section 4.5.1 Other more relevant bullets could be included.

Suggest removing first two bullets Suggest including : “-document review requirements not met -corrective actions not completed on time”

Accept in part

372 12 4.5.4 2, last bullet Clarity and logic. Write "management review records". Agreed

373 16 4.5.4 Par 1 Records are maintained for purposes of demonstrating conformity not for purposes of operating effectively.

Modify sentence as follows: Records should be maintained to demonstrate that the assist the organization in implementing its OH&S management system and managing its OH&S risks operates effectively.

Disagreed


70

374 23 4.5.5 It would be useful to include here a general note about what an external auditor will be looking for in assessing compliance.

Disagreed

375 25 4.5.5 para ensure that auditors understand that purpose is conformance with planned arrangements

Prior to conducting an audit, the auditors should review appropriate OH&S management system documents and records, and the results of prior audits. This information should be used by the organization in making its plans for an audit. The overall set of audit criteria are the planned arrangements. Not all planned arrangements my be well documented. Documentation of planned arrangements that may be reviewed includes:

Disagreed

426 28 4.5.5 The guidance on Internal audits may be perceived too detailed and exhaustive

See left Noted. Included in the absence of any formal OH&S auditing standard

427 28 4.5.5.1 Planned OH&S management system audits should be carried out by personnel from within the organization and/or by external personnel selected by the organization, to establish assess whether the OH&S management

See left Disagreed

376 12 4.5.5.1 2 It is not clear what the word "its" refers to. Either insert "by the organization" after "established" or replace "its" with "the organization's".

Agreed

377 25 4.5.5.2 para excellent info in the bullets. Number and expand for easier use

The implementation of an internal audit programme should address the following: 1. Communication of the audit programme to relevant parties, especially top management and auditees.

2. Establishing and maintaining a process for the selection of auditors and audit teams so that the team is competent to determine suitability, adequacy and effectiveness within the assigned

Disagreed


71

criteria and scope. Competency for OHS auditors is more important than for auditors of other systems; incompetent OHS auditors may allow conditions that injure or kill people.

3. Providing the resources necessary for the audit programme

4. Planning, coordinating and scheduling audits

5. Ensuring the control of records of audit activities

6. Ensuring audit follow-up and the reporting of audit results

7. Ensuring that audit procedures are established, implemented and maintained that clearly describe all of the above. Documented procedures can be kept to a minimum by the use of forms, schedules, checklists, documented training materials, and annual training that refreshes and expands auditor competency,

Note: The above has been adapted from ISO 19011, clause 5.4

delete, see above The audit programme should be based on the results of risk assessments of the organization's activities and the results of previous audits. The results of the risk assessments (see 4.3.1) should guide the organization in determining the frequency of audits of particular activities, areas or functions and what parts of the management system should be given attention. The frequency and coverage of OH&S


72

management system audits should be related to the risks associated with the success or failure of the various elements of the OH&S management system, available data on the performance of the OH&S management system, the output from management reviews, and the extent to which the OH&S management system or the organizational activities are subject to change.

378 12 4.5.5.2 1, 7th bullet The existing text does not list the events in the natural sequential order.

Change to "Ensuring the reporting of audit results and audit follow-up"

Agreed

379 26 4.5.5.2 3rd bullet Should refer to identifying resources required as well “Identifying and providing the resources necessary…” Disagreed

380 22 4.5.5.3 Paragraph 1 Use a bullet for the sentence "indicate that they are necessary", or delete it, because it is not clear.

- indicate that they are necessary …? Agreed

381 25 4.5.5.3 para add word schedule OH&S management system audits should be conducted according to the audit programme and schedule. Additional audits may need to be performed:

Disagreed

382 26 4.5.5.3 First bulleted list

The sentence just before this list is unclear. Suggest moving the phrase at the end of the bullet up to the introductory sentence. Bullet 1 – should refer to major changes to hazards or risk Suggest minor changes to bullets for better readability.

“Additional audits may need to be performed if any of the following indicate that they are necessary: -major changes to hazards, or risk assessment - results of previous audits - the occurrence of incident, or - if there are other circumstances (e.g. due to re-organization)

Accept in part

428 28 4.5.5.3 Typo: - or other circumstances indicating that they are necessary. (e.g. due to re-organization),

See left Agreed

383 25 4.5.5.4 para number items so the process is more orderly. Select auditors last, after purpose of audit is determined. Do not

The following activities are typically done to initiate an audit:


73

determine purpose of audit based on what available auditors are competent to audit

1. defining the audit objectives, scope and criteria for the audit

2. determining the audit methodology

3. confirming audit arrangements with the auditee and other individuals who will take part in the audit

4. determining applicable workplace OH&S rules. In some cases, auditors may need additional training and/or may be required to conform to additional requirements (e.g. the wearing of specialized personal protective equipment). 5. selection of appropriate auditors and audit team for the audit taking into account the need for objectivity, impartiality, and competency, based on items 1-4 above. In some cases, auditors may need additional training (e.g. to develop competency in the criteria) and/or may be required to conform to additional requirements (e.g. the wearing of specialized personal protective equipment).

Accept Disagreed Disagreed

384 25 4.5.5.5 para number and add corporate requirements 1. information on roles responsibilities and authorities (e.g. an organization chart);

2. OH&S policy statement;

3. OH&S objectives and programme(s);

4. OH&S management system audit procedures;

Disagreed


74

5. OH&S procedures and work instructions;

6. hazard identification, risk assessment and risk control results;

7. applicable legal and other requirements;

8. corporate requirements;

9. incident, nonconformity and corrective action reports

• The amount of documentation to be reviewed and the detail provided in the plans for the audit should reflect the scope and complexity of the audit. The plans for the audit should cover the following:

1. audit objectives, such as continual improvement, providing evidence of conformance, or assigning blame,

2. audit criteria, basically planned arrangements and especially hazards with the most severe risks,

3. audit methodology, such as document review of procedures and records (inspection records, emergency drills, behavior based safety observations), interviews,

4. audit scope and /or location, such as specific departments or areas,

5. audit schedule, such as conducting audits monthly to ensure continuing adequacy,

6. roles and responsibilities of the various audit parties, including the audit planners

Disagreed


75

• The audit planning information may be contained in more than one document. The focus should be on providing adequate information to implement the audit, especially ensuring that each auditor has a clear assignment and the competency for that assignment.

If other parties need to be included in the audit process (e.g. employee representatives), this should be included in the plans for the audit.


Join the bullet 4 to the next sentence, in order to clarify the meaning of the bullet and the one of the next paragraph, and move the phrase "to the auditee in a timely manner”, before the 4 bullets.

- the audit conclusions, to the auditee in a timely manner

•

Accept in part

386 12 4.5.5.7 3, 6th bullet It may not always be practicable that the audit report itself contains "a listing of recipients for the audit report". The report may be produced in an electronic system where it is accessible for different people including those concerned by the audit observations but also for others. Then there are no "recipients" in the conventional meaning of that word.

Delete the bullet. If it is necessary to produce objective evidence that can demonstrate that the report is accessible for those concerned by the audit observations it should be expressed in other words.

Agreed

387 22 4.5.5.7 Paragraph 3 Add the following bullets: - Dificulties found during the audit process. - Positive aspects found during the audit. This, in order to achieve alignnment with quality and environmental audits.

- Dificulties found during the audit process. - Positive aspects found during the audit.

Disagreed. Considered to be already covered.

388 26 4.5.5.7 1st bullet Include methodology as a required element “-the audit objectives, scope, and methodology” Disagreed

389 26 4.5.5.8 Seems to be out of logical order Reverse the second and third paragraphs Disagreed


76

390 21 4.5.5.9 To define differences in internal & external audit as well as the use of external auditors for internal audit

Disagreed

391 26 4.5.5.9 This section seems to be better suited to the beginning of 4.5.5

Move 4.5.5.9 to the beginning of the audit section Disagreed

392 11 4.6 New paragraf Often we see a different set of people handling the Management review, depending on how busy the leadership are. This leads to lack of continuity in the management review.

“The procedure for Management Review should state who, at least, are to participate in the management review.”

Accept in part

393 13 4.6 Paragraph 3 “The management appointee (see 4.4.1) should report to the management reviews……”

Change to “The management appointee (see 4.4.1) should report to the top management during management reviews……”

Accept in part

394 16 4.6 Par 2 Language too prescriptive. Management reviews should be carried out by top management, on a regular basis (quarterly, semiannually, annually, etc). Management reviews can be carried out by meetings or other communication means. Partial management reviews of the performance of the OH&S management system should can be held at more frequent intervals, if required appropriate. Different reviews may address different elements of the overall management review.

Agreed

395 16 4.6 Par 4 & 5 Language too prescriptive – inputs / issues may be considered – not clear why they would need to be

Delete “need to” from both sentences. Agreed

396 19 4.6 Brevity and clarity of text, remove second reference to management review

Management reviews should be carried out by top management on a regular basis (e.g. quarterly or annually) and can be carried out by meetings or other communication means

Agreed

397 25 4.6 para number and correlate to terms suitability, adequacy and effectiveness

The content of the final OH&S management system audit report should be clear, precise and complete. It should be dated and signed by the auditor. It should contain the following elements: 1. the audit, objectives and scope;

2. information about the plans of the audit (identification of the members of the auditing team and the audited representatives, dates of audit and identification of the areas subject to audit);

Disagreed


77

3. the identification of criteria (reference documents used to conduct the audit, e.g. OHSAS 18001, OH&S procedures);

4. details of identified nonconformities;

5. conclusions on conformance to the identified criteria (adequacy);

6. information relating to the ability of the OH&S management system to achieve the stated OH&S policy and objectives (effectiveness);

7. conclusions on proper implementation and maintenance of the system (suitability)

8. a listing of recipients for the audit report.

The results of OH&S management system audits should be communicated to all relevant parties as soon as possible, to ensure improvement in the management system, including corrective actions to be taken. Confidentiality should be considered when communicating the information contained within the OH&S management system audit reports.

398 25 4.6 explain source of information for MR and explain suitabilitiy, adequacy and effectiveness.

Top management shall review the organization's OH&S management system, at planned intervals, to ensure its continuing suitability (4.5.5.a.2, 4.3.1), adequacy (4.5.5.a.1, 4.1) and effectiveness (4.5.5.a.3, 4.3.3) Reviews shall include assessing opportunities for improvement and the need for changes to the OH&S management system, including the OH&S policy and OH&S objectives. Records of the management

Accepted in part


78

reviews shall be retained. Input to management reviews shall include:

a) results of internal audits (4.5.5, 4.1) and evaluations of compliance with applicable legal requirements (4.5.2.1) and with other requirements (4.5.2.2) to which the organization subscribes;

b) the results of participation and consultation (see 4.4.3);

c) relevant communication(s) from external interested parties, including complaints (4.4.3);

d) the OH&S performance of the organization (4.3.1, 4.4.6, 4.3.3, def 3.15);

e) the extent to which objectives have been met (4.4.3) ;

f) status of incident investigations, corrective actions and preventive actions (4.5.3.1, 4.5.3.2);

g) follow-up actions from previous management reviews (4.6) ;

h) changing circumstances (4.3.1, MOC, including developments in legal and other requirements (4.3.2) related to OH&S; and

i) recommendations for improvement (4.4.1).

The outputs from management reviews shall be consistent with the organization's commitment to continual improvement and shall include any decisions and actions related to possible changes to:

a) OH&S performance (def, 4.3.1, 4.3.3,


79

4.4.6);

b) OH&S policy and objectives (4.3.3) ;

c) resources (4.4.1); and

d) other elements of the OH&S management system (4.1).

Relevant outputs from management review shall be made available for communication and consultation (see 4.4.3). Management reviews should be carried out by top management, on a regular basis (e.g. quarterly or annually) to ensure continuing suitability, adequacy and effectiveness (SAE). Top management should determine what criteria are necessary to determine suitability (appropriateness), adequacy (conformance with requirements) and effectiveness (achieving objectives and policy commitments). If the criteria are intended to be met by evidence from the internal audit, these criteria should be defined in element 4.5.5. Clause 4.5.5 has wording that is parallel to the terms suitable and adequate; clause 4.5.5 also provides the only clear explanation of the criteria for effectiveness (meeting the organization’s policy and objectives). Management reviews can be carried out by meetings or other communication means. Partial management reviews of the


80

performance of the OH&S management system should be held at more frequent intervals, if required to ensuring continuing SAE. Different reviews may address different elements of the overall management In addition to the outputs required by OHSAS 18001, details of the following issues may also need to be considered: ⎯ the suitability, adequacy and effectiveness of

current hazard identification, risk assessment and risk control processes;

current levels of risk and the suitability, adequacy and effectiveness of existing control measures;

399 22 Annex C C.1 It is necessary to clarify the criteria for classifying the physical hazards included, due to in many countries hazards such as inadequate work areas, handling and manual lifting of materials, and inadequate positions or repetitive works are not classified as physical hazards, but as ergonomic ones. We propose to establish a special group for ergonomic hazards including the above mentioned examples, or include an introductory paragraph clarifying the criteria taken into account for preparing the checklist included in this Annex.

Accepted in part

400 22 Annex C C.2 The first paragraph shall not have any bullet because this is an explanation of C.2. Besides, it is joined to a bullet which shall be separated

Substances hazardous to health or safety due to:- Inhalation [such as carbon monoxide (CO) – the hazard would be linked to the amount of CO];

Accepted in part


81

401 22 Annex C C.3 The first paragraph shall not have a bullet because this is an explanation of what is covered in C.3.

Biological agents, such as bacteria or viruses that might be:

Accepted in part

402 22 Annex C C.4 Use the term "psychosocial" instead of "psychological", to keep coherence with clase 4.3.1.3, first paragraph.

C.4 Psychosocial hazards Disagreed

403 1 Annex D There are more risk assessment methods than in annex D. Agreed

404 4 Annex D There are more risk assessment methods than in annex D. Should add Agreed

405 27 Annex D There are more risk assessment methods than in annex D. Agreed


82

Comment No. 406 Commentator no. 16 Accept in part Figure 2.

Identify Hazards

Assess Risks

Determine Controls

Implement Controls

Manage Change

Develop Methodology


83

Comment No. 407 Commentator No. 12 Accept in part


84

Comment No. 408 Commentator No. 15 Accept in part Proposal for Annex 1, Figure 2

Original-To: [email protected] X-Originating-IP: … · OHSAS 18002 quotes the specific...

Documents

Transcript of Original-To: [email protected] X-Originating-IP: … · OHSAS 18002 quotes the specific...