ISO 45001:2018 - Occupational Health and Safety Management Standard

Sorry Blockbuster but the language barrier is problematic (try to express yourself in French to appreciate... ).

Yes it would be nice some others Elsmar colleagues try to answer you as I did myself.

Perhaps you should show us how you documented your OS&H risk assessment methodologies and how the auditor formulated your 6.1.2.2 non-compliance ... so we will better understand your case and we will be able to answer you.

Bye.

I appreciate your time responding, thank you. Honestly, my request in my last post would work better for me if you can oblige?

Cheers

Block

I guess not then!

Hello !

At first, I hope other contributors will tell their practices about your questioning Blockbuster. But to possibly continue it would be necessary that you show us (even partially with some examples) how you proceed OS&H risks assessment, then it would enable us to analyse the remark of your OS&HMS auditor regarding ISO 45001.

If you're still addressing me Blockbuster, I'm not sure where we are in our exchange (and considering my weaknesses in English too !)*. I have been retired for 3 years, but for our auditors we were "compliant" with the PS&HMS normative requirements (ILO-OSH or BS OHSAS 18801) by using relevant evaluation tools adapted to the natures of the different families of risks and without necessarily producing true quantitative results, and we were also compliant with the regulatory requirements of the countries in which we are located (simply because the regulatory criteria for risk assessment of our countries are the first criteria we inject into our process. occupational risk assessment).

Goodbye.

* However it seems, despite all, that my remarks on ISO 45001 or other OS&H subjects are relatively understood by and interesting for some people here. Thanks !

I have done a bit of research on this now, and I think the following blog sets things out nicely with regards to answering my initial question about clause 6.1.2.2.

I have highlighted the relevant text in Bold which points to what I think is what an auditor would/should be looking for in terms of applying methodologies to the carrying out of risk assessments.

In the end, whether we use a 'severity' x 'likelihood' risk scoring matrix or not, if we conclude that a hazard is a high or low risk we still have to have defined a methodology for working this out. Agreed?

Read on....

Cheers
Block

Source: pegasus legal register (pm me for full link)

Clause 6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system

The organization must establish, implement and maintain a process to:

• Assess OH&S risks from the identified hazards, whilst taking into account the effectiveness of existing controls;

• Determine and assess the other risks related to the establishment, implementation and maintenance of the OH&S management system.
An organization needs to apply the process of hazard identification and risk assessment to determine the controls that are necessary to reduce the risks of injury and/or ill health. The purpose of risk assessment is to address the hazards that might arise in the course of the organization’s activities and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled.

This is achieved by:

• Developing a methodology for hazard identification and risk assessment;

• Identifying hazards;

• Estimating the associated risk levels, taking into account the adequacy of existing controls, based on an assessment of the likelihood of the occurrence of a hazardous event or exposure and the severity of injury or ill health that can be caused by the event or exposure;

• Determining whether these risks are acceptable vis a vis the organization’s legal obligations and its OH&S objectives;

• Determining the appropriate risk controls, where these are found to be necessary;

• Documenting the results of the risk assessment;

• Reviewing the hazard identification and risk assessment process on an ongoing basis.

The outputs from the risk assessment process should be used in the implementation and development of other parts of the OH&S management system such as competence, operational planning and control, and monitoring, measurement, analysis and performance evaluation.
There is no single methodology for hazard identification and risk assessment that is suitable for all organizations. Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessments to complex numerical methods with extensive documentation.

Individual hazards might require that different methods be used, e.g. an assessment of long term exposure to hazardous substances might need a different method from that taken for equipment safety or for assessing an office workstation. Each organization should choose the method that is appropriate to its scope, nature and size. The chosen approach should result in a comprehensive methodology for the ongoing evaluation of the organization’s risks.

Where the organization’s risk assessment uses descriptive categories for assessing severity or likelihood of harm, these should be clearly defined, e.g. clear definitions of terms such as “likely” and “unlikely” are needed to ensure that different individuals interpret them consistently.

The organization should consider risks to sensitive populations (e.g. pregnant employees) and vulnerable groups (e.g. young workers) as well as any particular susceptibilities of the individuals involved in performing particular tasks (e.g. the ability of an individual to read instructions).

The risk assessment should involve consultation with, and participation by, workers and take into account legal and other requirements.
Risk assessment should be conducted by personnel with competence in risk assessment methodologies and techniques and appropriate knowledge of the organization’s work activities.

The organization should also consider risks which are not directly related to the health and safety of people, but which affect the OH&S management system itself and can have an impact on its intended outcomes.
Risks to the OH&S management system include:

• Failure to understand the context of the organization;
• Failure to address the needs and expectations of relevant interested parties;
• Inadequate consultation and participation of workers;
• Inadequate planning or allocation of resources;
• An ineffectual audit programme;
• An incomplete management review;
• Poor succession planning for key roles;
• Poor engagement by top management.

According to the 2020 ISO Survey, the top 10 countries, in terms of ISO 45001 certificates are:

Dear all I seek for your help as a beginer on the ISO45001.

I work in a European multinational distribution company, right now we have several offices arround Europe and we have adquired a production facility with ISO 45001.

They have been a gread job mantaining the certification for decades and my first aproach is not to change the way they manage it.

But recently, after an audit, I have seen that they do a lot of paperwork due specific legal requirements of the country and the workload is rapidly increasing due the adquisition.

I would like to ease the workload of the employees since it is risky due the amount of specific legality to deal with.

My question is if it is possible to set the standard of the legality in the EU-OSHA instead on the specific country since EU regulations are in a higher place on the legal system and sets a minimum framework.

In any case my goal is not to decrease the safety of the workers, since the facility safety will stay the same, but I would like to reduce the presure of the burocratic paperwork.


I hope that I could explain myself properly...


Thank you for sharing your feedback

Pau Calvo said:

Dear all I seek for your help as a beginer on the ISO45001.

I work in a European multinational distribution company, right now we have several offices arround Europe and we have adquired a production facility with ISO 45001.

They have been a gread job mantaining the certification for decades and my first aproach is not to change the way they manage it.

But recently, after an audit, I have seen that they do a lot of paperwork due specific legal requirements of the country and the workload is rapidly increasing due the adquisition.

I would like to ease the workload of the employees since it is risky due the amount of specific legality to deal with.

My question is if it is possible to set the standard of the legality in the EU-OSHA instead on the specific country since EU regulations are in a higher place on the legal system and sets a minimum framework.

In any case my goal is not to decrease the safety of the workers, since the facility safety will stay the same, but I would like to reduce the presure of the burocratic paperwork.

I hope that I could explain myself properly...

Thank you for sharing your feedback

Click to expand...

Pau,

Deploying the overarching EU Health and Safety regulations throughout your organization’s management system makes a lot of sense. Monitor these regs for upcoming changes so you can deploy them throughout your organization by leadership, management, supervision, training, monitoring and then audit.

But make sure that your EU member country experts also have the authority and responsibility to monitor their country’s regulations for upcoming changes (above and beyond EU regs) and to update their parts of the management system (with their local procedures) accordingly.

Please let us know what you did and how.

Many thanks,

John

Hello !

Pau, here is another answer to your question :

By way of identification of the OH&S legal requirements in the various countries of the European Union, it is not possible to consider only EU OH&S legal texts. Because in reality these texts have for the most part a legal status of "directives" and not a legal status of "regulation" (it is different regarding EU institution). The EU "directives" are european yes, but do not apply directly in each country of the EU. To be applicable in an European country, a "directive" must be "transposed" into its own national regulations, with possibility of reinforcing their requirements.

Conversely to these "directives", EU also adopts "regulations" which apply directly in each member country of the EU (without "transposition" into their respective national laws). These "EU regulations" are much rarer than the "EU directives". In OH&S there are only two examples: the REACH and CLP "regulations" (concerning hazardous substances, mixing OH&S and Environment concerns).

Due to EU "directives", national legislations of the EU countries are gradually converging, but remain different in certain aspects. Therefore, apart from the particular case of REACH and CLP regulations, in an EU country it is only from the OH&S legislation of this country that companies must identify the legal OHS requirements that apply to them (without worrying about the "directives" since the national legislation adopted them by "transposition").

To summarize I would say that from a legal point of view the EU "directives" are applicable only to EU states (their governments), but not to companies in the EU countries. It is only the legislation of each country that is applicable to the companies located there (its legislation having adopted the directives by "transposition" with somme possibles additions). On the other hand, the few EU "regulations" apply directly to companies from any country in the EU.

We could make a certain parallel with the legal system of the USA which has legislations at the federal level but also at each state level. However the notion of "transposition" of "EU directives" certainly induces more homogeneity between national legislations of EU member states than between USA members states.

The only interest in monitoring the evolution of EU "directives" is to anticipate what the legislation of each EU country will significantly evolve in the years to come.

Conclusion for a group with companies in various EU countries: the identification of the requirements (S&ST or others) contained in some "EU regulations" ("directives") can be managed at a central level, but the bulk work for a company established in an EU country can only be done from the national legislation of this member country...

I believe I have answered your question but I hope I explained myself well despite the translation.

PS : at the end of my previous message "S&ST" = "OH&S"...

Example of "EU regulation" : Regulation (EC) No 1907/2006.
Exemple of "EU directive" : Directive 2006/42/EC