Safety & Health according to OHSAS Context. Styliadis Theodore Department of Maritime Studies University of Piraeus

Safety & Health according to OHSAS 18001 Context Styliadis Theodore Department of Maritime Studies University of Piraeus

Today s agenda Introduction Towards the development of OHSMS & standards- OHSAS 18000 Series OHSAS 18001 management system requirements OHSAS 18001 Implementation & operation requirements OHSAS 18001 corrective actions requirements Conclusions

Definitions Hazard: source or situation with a potential to cause harm in terms of injury or ill health, damage to property, damage to the workplace environment or a combination of these Hazard identification: the process of recognizing that a hazard exists and defining its characteristics Risk: combination of the likelihood and consequences/severity of a specified hazardous event occurring. Risk assessment: overall process of estimating the magnitude of risk and deciding whether or not the risk is tolerable Risk control: measures that eliminate or reduce the risk associated with hazards Accident: undesired event giving rise to death, ill health, injury, damage or other loss Incident: event that gave rise to an accident or had the potential to lead to an accident Safety: freedom from unacceptable risk of harm Occupational health & safety: conditions and factors that effect the well being of employees, temporary workers and other persons in the workplace Audit: systematic examination to determine whether activities and related results conform the planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving the organization s policy objectives Non conformance: any deviation from working standards, practices, procedures, regulations, management system performance etc, that could either directly or indirectly lead to injury or illness, property damage, damage to workplace environment or combination of these Continual improvement: recurring process of enhancing the OH&S Management system in order to achieve improvements in overall OH&S performance consistent with organization s OH&S policy Corrective action: action to eliminate the cause of a detected non conformity or other undesirable situation OH&S Management System: part of an organization s management system used to develop and implement its OH&S policy and manage its OH&S risks. OH&S policy OH&S performance: measurable results of an organization s management of its OH&S risks 3

Introduction Globalization of the economy has intensified over the recent years and, together with the development of enhanced information and telecommunications technology, it is bringing about radical changes in society, comparable to those produced during the industrial revolution. One of the most important impacts that economic integration and the liberalization of international trade have had on occupational health and safety, is undoubtedly that of the harmonization of standards. A standard is a guideline document that reflects agreements on products, practices or operations, by recognized government, industry or professional bodies or trade associations. A standard provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. Occupational safety and health cannot ignore those changes. And, in this context, the greatest challenge for the countries is the transformation of the difficulties involved in adapting and transforming the new situations into opportunities for the future development of occupational safety and health. Organizations of all kinds as well as shipping & logistics companies are increasingly concerned with achieving and demonstrating sound occupational health and safety (OH&S) performance by controlling their OH&S risks, consistent with their OH&S policy and objectives. They do so in the context of increasingly stringent legislation, the development of economic policies and other measures that foster good OH&S practices, and of increased concern expressed by interested parties about OH&S issues. Many organizations have undertaken OH&S reviews or audits to assess their OH&S performance. On their own, however, these reviews and audits may not be sufficient to provide an organization with the assurance that its performance not only meets, but will continue to meet, its legal and policy requirements. To be effective, they need to be conducted within a structured management system that is integrated within the organization. 4

Definition of OHSM Systems The boundary of OHSMS is wide and there is no specific or precise definition of it. According to Robson et al. (2007), OHSMS have properties like proactive, internally integrated, elements of evaluation and continuous improvement. According to ILO-OSH (2001) is A set of interrelated or interacting elements to establish OSH policy and objectives and to achieve those objectives. While OHSAS Series (2007) define OHSMS as, Part of an organization s management system used to develop and implement its OH&S policy and manage its OH&S risks. Some of internationally available standard systems and guidelines for OHSMS are ILO-OSH (2001), BS 8800 (2004) and OHSAS 18001 (2007). Any OHS management system must link business processes in order to effectively manage and continually improve operations. The OHS management system, thus becomes the framework in which program activity is planned, implemented, evaluated, improved, documented and verified to systematically manage health and safety associated risks. Thus, OSH is beginning to be seen by many enterprises not only as a legal requirement but also as a means of improving productivity, managing risks as well as protecting their workforce. 6

Evolution of standards As stated there are numbers of occupational health and safety management systems which can be applied. However when talking about these management systems, we are in fact referring to two distinct types of standards. First, there are the standards concerning labor. They define the general conditions of occupational safety and health in the workplace. The objective in harmonizing this type of standard is to prevent "social dumping"; i.e. prevent the comparative advantages that are derived from lower production costs at the expense of inferior working conditions in the enterprise. By harmonizing these standards, we are also seeking social integration within the process of economic integration and liberalization, in such a way that the economic growth, achieved through economic integration and liberalization, is coupled by social progress. Second are the standards concerning product safety. As tariffs are eliminated or reduced, as is currently occurring with the regional economic integration agreements, and with the signing of multilateral trade agreements in the framework of the World Trade Organization (WTO), non-tariff technical barriers acquire more significance in international trade (Kenneth). Technical standards, particularly those related to product safety, could block international trade as effectively as high tariffs did in the past, and for that reason harmonization of product safety standards has become a prerequisite for economic integration. 7

Towards an OH&SMS specification Currently there are formal international standards for managing quality (ISO 9000) and environmental safety (ISO 14000), however still there is no recognized ISO certificate standard for occupational health and safety management. ISO 9000 series and the ISO 14000 series do not directly deal with or cover OSH issues, however they have a positive impact on their management in the workplace, due to the links that exists between OSH and quality as well as between the work environment and the environment in general. However, the pressure from commercial organizations for the preparation of a specification for the management and control of health and safety at work as well as the demand for guidance on good practice for the establishment of occupational management systems against which, organizations could be audited and could obtain third party certification, led to the development of the Occupational Health and Safety Assessment Series document OHSAS 18001:1999. International certification bodies and national standards bodies in UK, Ireland, South Africa, Spain and Malaysia are using OHSAS 18001 for certification purposes. It is estimated that currently some 32,000 organizations in 82 countries have adopted OHSAS 18001. 8

What is OHSAS Standard? (I) OHSAS 18000 series (comprised of the parts ): Occupational safety and health Assessments Series, published by the British Standards Institute. The OHSAS Standards are intended to provide organizations with the elements of an effective OH&S management system that can be integrated with other management requirements and help organizations achieve OH&S as well as economic objectives. These standards, like other International Standards, are not intended to be used to create non -tariff trade barriers or to increase or change an organization s legal obligations. 18001: Describes Specifications for OH&S Management Systems: OHSAS 18001 was developed to provide organizations with an internationally accepted system for managing the organization s activities and processes in order to reduce or eliminate OH&S risks to employees Designed to be applicable to: all types and sizes of organizations diverse geographical, cultural and social conditions. However, OHSAS 18001 is not an ISO Standard, but rather a non-accreditation scheme (where Certification bodies can only issue non-accredited certificates). OHSAS 18001 is fully compatible with the ISO 9001 and ISO 14001 series of standards and their underlying principles and processes. This was done to facilitate the integration of quality, environmental and occupational health and safety management systems byorganizations, should they wish to do so. It does not state specific health and safety performance criteria nor does it give detailed specifications for the design of a management system. It just sets a baseline and implements continuous improvement. It is not intended to address product safety, property damage or environmental impacts The success of the system depends on commitment from all levels and functions of the organization, and especially from top management. A system of this kind enables an organization to develop an OH&S policy, establish objectives and processes to achieve the policy commitments, take action as needed to improve its performance, and demonstrate the conformity of the system to the requirements of OHSAS 18001. The overall aim of OHSAS 18001 is to support and promote good OH&S practices, including self regulation, in balance with socio -economic needs. 9

What is OHSAS Standard? (II) 18002: Comprises Guidelines for OH&S Management Systems OH&S management encompasses a full range of issues, including those with strategic and competitive implications. Demonstration of successful implementation of OHSAS 18001 can be used by an organization to assure interested parties that an appropriate OH&S management system is in place. Therefore Guidelines were intended to provide generic assistance to an organization for establishing, implementing or improving an OH&S management system. They describe the intent, typical inputs, processes and typical outputs against each requirements of OHSAS 18001. They do not create additional requirements nor does it prescribe mandatory approaches to the latter s implementation Reflect the developments in OH&S practices and the experience gained from its use. 18003: Describes Criteria for auditors for OH&S Management Systems, document which has been developed to support the auditing aspect of the standard 10

Where OHSAS may be applied? The OHSAS 18001 Standard may be applied within any organization that wishes to: 1. Establish and implement an OH&S management system in order to eliminate or minimize hazards and risks to employees and other parties who may be exposed while working on its behalf. 2. Implement, maintain, and continually improve an OH&S management system and specific performance targets. 3. Provide a mechanism to facilitate OSH compliance while assure itself of its conformance with its stated Policy 4. Demonstrate organization s conformity to an international recognized standard either by: seeking certification/registration of its OH&S management system by an external organization or by, making a self-determination and declaration of conformance with this OHSAS specification All the requirements of the OHSAS Standard are incorporated into any Management System. The extend of the application will depend on such factors as the OH&S policy of the organization, the nature of its activities and the risk and complexity of its operations. 11

Benefits of OHSAS 18001 Now, as to why become OHSAS 18001 registered? OHSAS 18001 certification gives a competitive edge, reducing the cost of tendering and improving financial performance through health and safety improvements, reduced down time and decreased insurance premiums. Other benefits include: A safer workplace, by enabling an organization to identify hazards, assess risks and put the necessary risk control measures in place to prevent accidents. Stakeholder confidence. Provide a positive image and demonstrate commitment by addressing to stakeholders that the organization has met a number of legal and regulatory requirements, providing stakeholder s confidence in the organization. Morale, by proving a clear commitment to the safety of staff, establishing a positive health and safety culture, and contributing to a more motivated, efficient and productive workforce. Reduced costs, as fewer accidents mean less expensive downtime for the organization and improved insurance liability rating. Monitoring the regular assessment process, will enable for continually monitoring and improvement of health and safety performance. Demonstration of innovative forward thinking approach through strong levels of trust & communication (clear roles & responsibilities) 12

OHSAS risk management principles Occupational Health and Safety is based on: Hazard identification Risk assessment Determination of applicable controls by which the risk can be reduced or eliminated Regularly review controls to make sure they remain effective In order to achieve an effective health and safety system it is vital for organizations to handle these with greater significance. The four aspects above provide the ever important foundation for implementing OHSAS 18001 and without them, the overall system would surely fail. Therefore, these aspects should be dealt with, before designing the system as a whole. 13

OSHAS 18001 Management Approach OHSAS 18001 uses a management approach tool called the PDCA cycle. It is an ongoing process that enables an organization to establish, implement and maintain its health and safety policy based on top management leadership and commitment to the safety management system. It consists of the following : Plan to establish the objectives and processes necessary to deliver results in accordance with the organization s OH&S policy Do implement the needed processes of the OHSMS Check monitor and measure performance against OH&S policy, objectives, legal and other requirements, and report results Act take actions to continually improve OH&S performance The standard can be implemented to the whole of the organization or to just a part of it. The best results though come when the whole organization is working on the same system and OH&S policy is integrated into other management systems and into the culture of the organization. 14

OH&S management system requirements (I) General requirements: The organization shall establish, document, implement, maintain and continually improve an OH&S management system in accordance with the requirements of the OHSAS Standard and determine how it will fulfill these requirements. Establish implies a level of permanency and the system should not be considered established until all its elements have been demonstrated and implemented. Maintain implies that, once established, the system continues to operate. This requires active effort on the part of the organization. Many systems start well but deteriorate due to lack of maintenance. Many of the elements of OHSAS 18001 (such as checking and corrective action and management review) are designed to ensure active maintenance of the system. An organization seeking to establish an OH&S management system that conforms to OHSAS 18001 should determine its current position with regard to its OH&S risks by means of an initial review. In determining how it will fulfill the requirements of OHSAS the organization should consider the conditions and factors that affect, or could affect, the health and safety of persons, what policies are needs, and how it will manage its OH&S risks. The level of detail and complexity of the OH&S management system, the extent of documentation and the resources devoted to it are dependent on the nature (size, structure, complexity) of an organization and its activities. 16

OH&S management system requirements (II) General requirements: Initial Review & Scope of the OH&S Management system An initial review should compare the organization s current management of OH&S against the OHSAS requirements in order to determine the extent to which these requirements are being met. The initial review will provide information which an organization can use in formulating plans for implementing and prioritizing improvements to the OH&S management system. The aim of an initial review should be to consider all OH&S risks faced by the organization, as a basis for establishing the OH&S management system. An organization should consider, but not limit itself to, the following items within its initial review: legal and other requirements identification of the OH&S hazards and evaluation of risks faced by the organization; OH&S assessments; an examination of existing systems, practices, processes and procedures; evaluations of OH&S improvement initiatives; an evaluation of feedback from the investigation of previous incidents, work related ill health, accidents and emergencies; relevant management systems and available resources. A suitable approach to the initial review can include the use of: checklists, interviews, direct inspection and measurement; the results of previous management system audits or other reviews, depending on the nature of the organization s activities; the results of consultations with workers, contractors or other relevant external interested parties. Where hazard identification and risk assessment processes already exist, they should be reviewed for adequacy against the requirements of OHSAS. It is emphasized that an initial review is not a substitute for the implementation of the structured systematic approach to hazard identification, risk assessment and determining controls. However an initial review can provide additional inputs into planning these processes. 17

OH&S management system requirements (IV) The policy, as a minimum, is required to include statements about the commitment of an organization to: the prevention of injury and ill health, continual improvement in OH&S management, continual improvement in OH&S performance, compliance with applicable legal requirements, and compliance with other requirements to which the organization subscribes. The OH&S policy can be linked with other policy documents of the organization and should be consistent with the organization s overall business policies and with its policies for other management disciplines, e.g. quality management or environmental management. The communication of the policy should assist in: demonstrating the commitment of top management and the organization to OH&S, increasing awareness of the commitments made in the policy statement, explaining why the OH&S system is established and is maintained, guiding individuals in understanding their OH&S responsibilities and accountabilities In communicating the policy, consideration should be given to how to create and maintain awareness in both new and existing persons under the control of the organization. The policy can be communicated in alternative forms to the policy statement itself, such as through the use of rules, directives and procedures. In communicating the policy, account should be taken of issues such as diversity in the workplace, literacy levels, language skills, etc. Finally the OH&S policy should be reviewed periodically to ensure that it remains relevant and appropriate to the organization. Change is inevitable, as legislation and societal expectations evolve; consequently, the organization s OH&S policy and OH&S management system need to be reviewed regularly to ensure their continuing suitability and effectiveness. If changes are made to the policy, the revised policy should be communicated to all persons working under the control of the organization

OH&S management system requirements (V) OH&S Policy Requirements: Common policy nonconformances The policy is not defined by top management Corporate policy used where site policy more appropriate The policy is not relevant to activity or scope Commitment to continual improvement is not clear No mechanisms for revision exist System records do not support policy commitment Policy is not communicated to employees Policy is not publicly available 19

OH&S management system requirements (VI) Planning for hazard identification, risk assessment and risk control requirements: The organization shall establish, implement and maintain a procedure(s) for the ongoing hazard identification, risk assessment, and determination of necessary controls. The procedure(s) for hazard identification and risk assessment shall take into account: a) routine and non -routine activities; b) activities of all persons having access to the workplace (including contractors and visitors); c) human behavior, capabilities and other human factors; d) identified hazards originating outside the workplace capable of adversely affecting the health and safety of persons under the control of the organization within the workplace; e) hazards created in the vicinity of the workplace by work related activities under the control of the organization; f) infrastructure, equipment and materials at the workplace, whether provided by the organization or others; g) changes or proposed changes in the organization, its activities, or materials; h) modifications to the OH&S management system, including temporary changes, and their impacts on operations, processes, and activities; i) any applicable legal obligations relating to risk assessment and implementation of necessary controls j) the design of work areas, processes, installations, machinery/ equipment, operating procedures and work organization, including their adaptation to human capabilities 20

OH&S management system requirements (VII) Planning for hazard identification, risk assessment and risk control: general Hazards have the potential to cause human injury or ill health and therefore there is a need to be identified before the risks associated with these hazards can occur, so effective controls should be implemented according to the specified requirements. An organization will need to apply the process of hazard identification and risk assessment to determine the controls that are necessary to reduce the risks of incidents. The overall purpose of the risk assessment process is to recognize and understand the hazards that might arise in the course of the organization s activities and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled to a level that is acceptable. This is achieved by: developing a methodology for hazard identification and risk assessment, identifying hazards, estimating the associated risks, taking into account the adequacy of any existing controls (it could be necessary to obtain additional data and perform further analysis in order to achieve a reasonable estimation of the risks), determining whether these risks are acceptable, and determining the appropriate risk controls, where these are found to be necessary (workplace hazards and the way they are to be controlled are often defined in regulations, codes of practice, guidance published by regulators, and industry guidance documents). evaluate whether the risk control measures are sufficient to reduce risks to a tolerable level. The results of risk assessments enable the organization to compare risk reduction options and prioritize resources for effective risk management. The outputs from the hazard identification, risk assessment and determining control processes should also be used throughout the development and implementation of the OH&S management system. 21

OH&S management system requirements (VIII) Planning for hazard identification, risk assessment and risk control: The organization s methodology for hazard identification and risk assessment shall: a) be defined with respect to its scope, nature and timing to ensure it is proactive rather than reactive; and b) provide for the identification, prioritization and documentation of risks, and the application of controls, as appropriate. Hazard identification should aim to determine proactively all sources, situations or acts (or a combination of these), arising from an organization s activities, with a potential for harm in terms of human injury or ill health. This process should: a) consider different types of hazards in the workplace, including physical, chemical, biological and psychosocial b) establish specific hazard identification tools and techniques that are relevant to the scope of its OH&S management system c)consider various sources of information or inputs (OH&S legal and other requirements, OH&S policy, monitoring data, health assessments and records of incidents) d) consider all persons having access to the workplace and their interactions (the hazards and risks arising from their roles & activities, the hazards arising from the use of products or services supplied to the organization by them, their degree of familiarity with the workplace, and their behavior) 22

OH&S management system requirements (IX) Risk evaluation within OHSAS: An organization can use different risk assessment methods as part of an overall strategy for addressing different areas or activities. When seeking to establish the likelihood of harm, the adequacy of existing control measures should be taken into account. A risk assessment should be detailed enough to determine appropriate control measures. The organization should consider how likely it is, that each hazard could cause harm. This will determine whether or not it is needed to do more to reduce the risk. Even after all precautions have been taken, some risk usually remains. What it must then be decided for each significant hazard is whether this remaining is risk tolerable or not. If it is found that something needs to be done, an action list should be drawn giving priority to any risks that are intolerable and/or those, which could affect most people. Management of change & determining controls: For the management of change, the organization shall identify the OH&S hazards and OH&S risks associated with changes in the organization, the OH&S management system, or its activities, prior to the introduction of such changes. The organization shall ensure that the results of these assessments are considered when determining controls. When determining controls, or considering changes to existing controls, consideration shall be given to reducing the risks according to the following hierarchy: a)elimination (modify a design to eliminate the hazard, e.g. introduce mechanical lifting devices to eliminate the manual handling hazard); b) Substitution (substitute a less hazardous material or reduce the system energy) c) engineering controls; d) signage/warnings and/or administrative controls (safety signs, hazardous area marking, markings for pedestrian walkways, warning sirens/lights, alarms, safety procedures, equipment inspections, access controls) e) personal protective equipment (safety glasses, hearing protection, face shields and gloves) On-going review: The organization shall document and keep the results of identification of hazards, risk assessments and determined controls up-to-date. The organization shall ensure that the OH&S risks and determined controls are taken into account when establishing, implementing and maintaining its OH&S management system. 23

Legal & other requirements under OHSAS 18001: OH&S management system requirements (XI) Any organization needs to be aware of and understand how its activities are, or will be, affected by applicable legislation (regulation, codes of practice, directives, protocols etc) and other requirements (such as contractual conditions, agreements with employees, parties, health authorities etc) The organization also needs to keep abreast of the changes to legislation and to the introduction of new legislation. This will help to ensure compliance with the legislation and avoid enforcement action by the regulatory bodies. BS OHSAS 18001 requirements include: The organization shall establish, implement and maintain a procedure(s) for identifying and accessing the legal and other OH&S requirements that are applicable to it. The organization shall ensure that these applicable legal requirements and other requirements to which the organization subscribes are taken into account in establishing, implementing and maintaining its OH&S Management System. The organization shall keep this information up-to-date (the organization s procedure should ensure that it can determine any changes that affect the applicability of legal and other requirements relevant to its OH&S hazards) The organization shall communicate relevant information on legal and other requirements to persons working under the control of the organization, and other relevant interested parties. To meet its policy commitments, the organization should have a structured approach to ensure that the legal and other requirements can be identified, evaluated for applicability, accessed, communicated and be kept up -to -date. Depending on the nature of its OH&S hazards, operations, equipment, materials, etc., an organization should seek out relevant applicable OH&S legislative or other requirements. 24

OH&S management system requirements (XII) Legal & other requirements under OHSAS 18001: Common nonconformances: On the whole, certification to OHSAS 18001 can be withheld if a legislative breach is identified. Only in circumstances where a documented agreement has been reached with regulator may certification be recommended. Other potential non-conformances include: Procedures not established or maintained Identification of legal requirements not sufficiently comprehensive Little or no reference to other requirements Failure to recognize how laws, regulations or other requirements are relevant to the organization Access to legal and other requirements cannot be demonstrated Evidence of legal compliance cannot be demonstrated 25

OH&S management system requirements (XIII) Setting Objectives & Programs Under OHSAS 18001: Setting objectives (a) Following the hazard identification assessment, the organization will have created a list of several issues, some of which may be classed as significant. In addition, the review of relevant legislation may have highlighted areas of compliance obligations requiring tighter control. These issues will need to be incorporated within the OH&S system of the organization. To enable this, the company must take the next step of setting objectives and targets. Setting objectives is an integral part of the planning of an OH&S management system. An organization should set objectives to fulfill the commitments established in its OH&S policy, including its commitments to the prevention of injury and ill health. The process of setting and reviewing objectives, and implementing programs to achieve them, provides a mechanism for the organization to continually improve its OH&S management system and to improve its OH&S performance. For this reason the organization under OHSAS 18001 shall establish, implement and maintain documented OH&S objectives and targets, at relevant functions and levels within the organization. This does not mean that the organization must set improvement objectives for every significant hazard identified. Financial resources may not allow this, but they should at least set objectives to ensure that the associated risks are effectively managed and controlled. 26

Setting objectives (b): OH&S management system requirements (XIV) The objectives shall be measurable, where practicable, and consistent with the OH&S policy, including the commitments to the prevention of injury and ill health, to compliance with applicable legal requirements and with other requirements to which the organization subscribes, and to continual improvement. When setting and reviewing its objectives, an organization shall take into account the legal requirements and other requirements to which the organization subscribes, and its OH&S risks. It shall also consider its technological options, its financial, operational and business requirements, and the views of relevant interested parties. During the establishment of OH&S objectives, particular regard should be given to information or data from those people most likely to be affected by individual OH&S objectives, as this can assist in ensuring that the objectives are reasonable and more widely accepted. It is also useful to consider information or data from sources external to the organization, e.g. from contractors or other interested parties. It is critical that objectives and targets are appropriate to the organization s management system. They can be set for the entire company or applied specifically to individual departments, activities, and services. Moreover, OH&S objectives can be broken down into tasks, depending on the size of the organization, the complexity of the OH&S objective and its time-scale. 27

OH&S management system requirements (XV) Objectives & Programs Under OHSAS 18001: programs The organization should seek to achieve its OH&S policy and OH&S objectives by establishing, implementing and maintaining management program(s). This will require the development of strategies and plans of action to be taken, which should be documented and communicated. Progress against meeting the OH&S objectives should be monitored, reviewed and recorded, and the strategies and plans should be updated or amended accordingly. Program(s) shall include as a minimum: a) designation of responsibility and authority for achieving objectives at relevant functions and levels of the organization b) the means and time-frame by which the objectives are to be achieved. The program(s) shall be reviewed at regular and planned intervals, and adjusted as necessary, to ensure that the objectives are achieved. 28

OH&S management system requirements: Implementation & operation (I) Resources, roles, responsibility, accountability and authority under OHSAS 18001 The successful implementation of an OH&S management system calls for a commitment from all persons working under the control of the organization. This commitment should begin at the highest levels of management with top management taking the ultimate responsibility for OH&S and the OH&S management system. Top management shall demonstrate its commitment by: a) ensuring the availability of resources (human resources, specialized skills, organizational infrastructure, technology and financial resources). essential to establish, implement, maintain and improve the OH&S management system; b) defining roles, allocating responsibilities and accountabilities, and delegating authorities, to facilitate effective OH&S management; roles, responsibilities, accountabilities, and authorities shall be documented and communicated. c) identifying who needs to do what with respect to the management of OH&S and making sure they are aware of their responsibilities and what they are accountable for, d) ensuring that those members of the organization s management with OH&S responsibilities have the necessary authority to fulfill their roles as well as the clarity of responsibilities at the interfaces between different functions (e.g. between departments, between different levels of management, between workers, between the organization and contractors, between the organization and its neighbors), 30

OH&S management system requirements: Implementation & operation (II) Resources, roles, responsibility, accountability and authority under OHSAS 18001 The organization shall appoint a member(s) of top management with specific responsibility for OH&S, irrespective of other responsibilities, and with defined roles and authority for: a) ensuring that the OH&S Management System is established, implemented and maintained in accordance with this OHSAS Standard b) ensuring that reports on the performance of the OH&S management system are presented to top management for review and used as a basis for improvement of the OH&S Management System. The identity of the top management appointee shall be made available to all persons working under the control of the organization. All those with management responsibility shall demonstrate their commitment to the continual improvement of OH&S performance. Means of demonstration can include visiting and inspecting sites, participating in incident investigation, and providing resources in the context of corrective action, attendance and active involvement at OH&S meetings, communicating the status of safety activities, and acknowledging good OH&S performance. The organization shall ensure that persons in the workplace take responsibility for aspects of OH&S over which they have control, including adherence to the organization s applicable OH&S requirements. For this reason the organization should communicate and promote that OH&S is the responsibility of everyone in the organization, not just the responsibility of those with defined OH&S management system responsibilities. In taking responsibility for aspects of OH&S over which they have control, all persons in the workplace need to consider not only their own safety but also the safety of others 31

OH&S management system requirements: Implementation & operation (III) Resources, roles, responsibility, accountability and authority under OHSAS 18001: Common non-conformances Potential non-conformances include: In most companies responsibilities are clearly defined on organizational charts, but changes may need to be made to incorporate OH&S responsibilities. Management representative responsibilities are not clearly defined Failure to identify OH&S responsibilities and authorities of other personnel Meaningful changes to job descriptions are often overlooked while employees roles and responsibilities, are not incorporated into those job descriptions. Responsibilities often not communicated to relevant personnel 32

OH&S management system requirements: Implementation & operation (IV) Competence, training and awareness under OHSAS 18001: Competence The organization shall ensure that any person(s) under its control performing tasks that can impact on OH&S is (are) competent on the basis of appropriate education, training or experience,. OH&S competence requirements should be considered prior to recruiting new personnel, and/or the reassignment of those already working under the control of the organization. In order to do that an organization should determine and assess any differences between the competence needed to perform an activity and that possessed by the individual required to perform the activity. These differences should be addressed through training or other actions, e.g. additional education and skills development, etc., taking into account the existing capabilities of the individual. Another way to ensure competency is to question employees (in critical functions) on how they perform various aspects of their jobs and get them to demonstrate it. This could form part of the auditing process. The utilization of responses should determine whether they have the requisite skills and understanding to do the job correctly. This will help the organization gauge whether additional training may be needed. Records used by the organization for ensuring that personnel are competent should be maintained 33

OH&S management system requirements: Implementation & operation (V) Competence, training and awareness under OHSAS 18001: Training The organization should consider the roles, responsibilities and authorities, in relation to its OH&S risks and the OH&S management system, in determining its training or other actions needed for those persons working under its control (including contractors, temporary staff, etc.) The training or other actions should focus on both competency requirements and the need to enhance awareness. Training programs and procedures should take account differing levels of: a) responsibility, individual capabilities, language skills and literacy; and b) risk. And should address the following areas: An understanding of the organization s OH&S arrangements and individuals specific roles and responsibilities for them A systematic program of induction and ongoing training for employees Training in local OH&S arrangements and hazards, risks, precautions to be taken and procedures to be followed, this training being provided before work commences Training for performing hazard identification, risk assessment and risk control The organization should evaluate the effectiveness of the training or actions taken. This can be done in several ways, e.g. by written or oral examination, practical demonstration, observation of behavioral changes over time, or other means that demonstrate competency and awareness while finally, training records should be maintained. 34

OH&S management system requirements: Implementation & operation (VI) Competence, training and awareness under OHSAS 18001: Awareness The organization shall establish, implement and maintain a procedure(s) to make persons working under its control aware of: a) the OH&S consequences, actual or potential, of their work activities, their behavior, and the OH&S benefits of improved personal performance; b) their roles and responsibilities and importance in achieving conformity to the OH&S policy and procedures and to the requirements of the OH&S management system, including emergency preparedness and response requirements; To ensure employees work or act safely, the organization should make persons working under its control sufficiently knowledgeable of: emergency procedures, the consequences of their actions and behavior in relation to OH&S risks, the benefits of improved OH&S performance the potential consequences of departing from procedures, the need to conform to OH&S policies and procedures, any other aspects that might impact on OH&S. training and awareness programs for contractors, temporary workers and visitors, according to the level of risk to which they are exposed. 35

OH&S management system requirements: Implementation & operation (VII) Competence, training and awareness under OHSAS 18001: Common nonconformances This area of BS OHSAS 18001 is commonly cited as an area where most nonconformances can arise. Possible non-conformances with an OH&S system include: Training needs analysis not completed for all personnel at each function and level Appropriate training not delivered especially where the training need assessment has been identified potential hazards associated with particular responsibilities Training found to be inadequate or incomplete, particularly for emergency preparedness and response (including contractors) Failure to keep training records up to date or to undertake evaluation process to check competence 36

OH&S management system requirements: Implementation & operation (VIII) Communication, participation and consultation requirements: The organization, through the processes of communication and consultation, should encourage participation in good OH&S practices and support for its OH&S policy and OH&S objectives from those affected by its activities or interested in its OH&S management system. The organization s communication processes should provide for the flow of information upwards, downwards and across the organization. It should provide for both the gathering and the dissemination of information. It should ensure that OH&S information is provided, received and understood by all relevant persons. Consultation is the process by which management and other persons, or their representatives, jointly consider and discuss issues of mutual concern. It involves seeking acceptable solutions to problems through the general exchange of views and information. The organization should effectively communicate information concerning its OH&S hazards and its OH&S management system to those involved in or affected by the management system, in order for them to actively participate in, or support, the prevention of injury and ill health, as applicable. With regard to its OH&S hazards and OH&S Management System, the organization shall establish, implement and maintain a procedure(s) for: a) internal communication among the various levels and functions of the organization b) communication with contractors and other visitors to the workplace c) receiving, documenting and responding to relevant communications from external interested parties Remember communication is an on-going process. Any communication strategy that focuses on one off or short-term goals is unlikely to yield significant benefits and could be counter productive. Determine how proactive your external communications strategy will be. Select an approach that fits the organization s culture and strategy. 37

OH&S management system requirements: Implementation & operation (IX) Communication, participation and consultation: The organization should document and promote the arrangements by which it consults on and communicates pertinent OH&S information to and from its employees and other interested parties (e.g. contractors, visitors). The organization s procedure(s) should address the need for the active and ongoing participation of workers in the development and review of OH&S practices and, where appropriate, the development of the OH&S management system. The participation arrangements should take account of any legal and other requirements while also... They should include arrangements to involve employees in: Consultation over the development and review of policies, the development and review of OH&S objectives, and decisions on the implementation of processes and procedures to manage risks, including the carrying out of hazard identification, and in reviewing risk assessments and risk controls relevant to their own activities Consultation over changes affecting workplace OH&S such as the introduction of new, or modified, equipment, materials, chemicals, technologies and the reorganization of processes, procedures or work patterns. Workers shall be informed about their participation arrangements, including who is their representative(s) on OH&S matters Finally, when developing its procedure(s) for worker participation, the organization should consider potential incentives and barriers to participation (e.g. language and literacy issues, the fear of reprisal), confidentiality and privacy issues. 38

OH&S management system requirements: Implementation & operation (X) Communication, participation and consultation: Common nonconformances Potential non-conformances include: Communication procedures not established nor maintained Complaints recorded but not properly communicated internally Responses to communications not recorded in accordance with procedures Poor communications with stakeholders and other interested parties such as contractors and suppliers Internal communication is often neglected Training programs, team briefings and recommendations for improvement, etc not adequately communicated. 39

OH&S management system requirements: Implementation & operation (XI) Operational Control Under OHSAS 18001: Once gained an understanding of its OH&S hazards, the organization should determine and implement the operational controls that are necessary to manage the associated risks and comply with applicable OH&S legal and other requirements. The overall objective of OH&S operational controls is to manage the OH&S risks and to fulfill the OH&S policy. For those identified operations and activities, the organization shall implement and maintain: a) operational controls, as applicable to the organization and its activities; the organization shall integrate those operational controls into its overall OH&S Management System; b) controls related to purchased goods, equipment and services; c) controls related to contractors and other visitors to the workplace; d) documented procedures, to cover situations where their absence could lead to deviations from the OH&S policy and the objectives; e) stipulated operating criteria where their absence could lead to deviations from the OH&S policy and objectives When developing operational controls: the most important step is to understand the activity. Concentrate on the critical points of that activity that need to be managed to ensure consistent control or improvement of health and safety performance. priority should be given to control options with higher reliability in preventing injury or ill health, consistent with the hierarchy of controls. 40

OH&S management system requirements: Implementation & operation (XII) Operational Control Under OHSAS 18001: Maintaining operational controls: Operational controls should be reviewed on a periodic basis to evaluate their ongoing suitability and effectiveness. Changes that are determined to be necessary should be implemented. In addition, procedures should be in place to determine circumstances where new controls and/or modifications of existing operational controls are needed. Proposed changes to existing operations should be evaluated for OH&S hazards and risks before they are implemented. When there are changes to operational controls, the organization should consider whether there are new or modified training needs. Potential non-conformances in this area include: Operational control procedures are not related to significant health and safety hazard Operational control procedures not prepared or implemented to avoid the possibility of contravening the policy, objectives and targets Operating criteria not stipulated No mechanism in place to identify the significant health and safety hazards of goods and services and weak operational control procedures applied to suppliers and contractors Operating criteria not stipulated or implemented in areas such as: The identification and, where necessary, implementation of control measures Functions to minimize the potential for adverse health and safety hazards Operational controls do not consider abnormal operating conditions, e.g., maintenance etc. 41

OH&S management system requirements: Implementation & operation (XIII) Emergency preparedness and response Under OHSAS 18001: The organization should actively assess potential accident and emergency response needs, plan to meet them, develop procedures and processes to cope with them, test its planned responses, and seeking to improve the effectiveness of its responses. Therefore the organization shall establish, implement and maintain a procedure(s): a) to identify potential for emergency situations that can be associated with specific activities, equipment or workplaces that could impact OH&S. Examples of possible emergencies can include: incidents leading to serious injuries or ill health, fires and explosions, release of hazardous materials/gases, natural disasters, bad weather, loss of utility supply (e.g. loss of electric power), failure of critical equipment, traffic accidents. Emergency planning should also be reviewed as a part of the ongoing management of change. Changes in operations can introduce new potential emergencies or necessitate that changes be made to emergency response procedures. For example, changes in facility layout can impact emergency evacuation routes. The organization should determine and assess how emergency situations will impact all persons within and/or in the immediate vicinity of workplaces controlled by the organization b) to respond to such emergency situations The emergency plan(s) should outline the actions to be taken when specified emergency situations arise, (next slide) 42

OH&S management system requirements: Implementation & operation (XIV) Emergency preparedness and response Under OHSAS 18001: Emergency plans should include amongst others: a) Identification of potential accidents and emergencies b) Identification of the person who will take charge during the emergency c) Details of actions to be taken by personnel during an emergency, including those actions to be taken by external personnel who are on the site of the emergency, such as contractors or visitors d) Responsibility, authority and duties of personnel with specific roles during the emergency (e.g. fire-wardens, first-aid staff, nuclear leak/toxic spillage specialists, etc.) e) Evacuation procedures f) Identification and location of hazardous materials, and emergency action required g) Interface with external emergency services h) Communication with statutory bodies i) Communication with neighbors and the public j) Protection of vital records and equipment k) Availability of necessary information during the emergency, e.g. facility layout drawings, hazardous material data, procedures, work instructions and contact telephone numbers 43

OH&S management system requirements: Implementation & operation (XV) Emergency preparedness and response Under OHSAS 18001: Emergency response equipment requirements Emergency equipment needs should be identified while the organization should determine and review its emergency response equipment and material needs. Emergency response equipment and materials can be needed to perform a variety of functions during an emergency, such as evacuation, leak detection, fire suppression, chemical/biological/radiological monitoring, communication, isolation, containment, shelter, personal protection, decontamination, and medical evaluation and treatment. Examples include: Alarm systems Emergency lighting and power Means of escape Fire-fighting equipment First aid equipment (including emergency showers, eye wash stations, etc.) Therefore emergency response equipment should be available in sufficient quantity and stored in locations where it is readily accessible; it should be stored securely and be protected from being damaged. This equipment should be inspected and/or tested at regular intervals to ensure that it will be operational in an emergency situation. Special attention should be paid to equipment and materials used to protect emergency response personnel while the type, quantity and storage location(s) for emergency equipment and supplies should be evaluated as a part of the review and 44

OH&S management system requirements: Implementation & operation (XVI) Emergency response training & periodic testing of emergency procedures Personnel should be trained in how to initiate the emergency response and evacuation procedures. The organization should determine the training needed for personnel who are assigned emergency response duties and ensure that this training is received. Emergency response personnel should remain competent and capable to carry out their assigned activities. The need for retraining or other communications should be determined when modifications are made that impact on the emergency response. Periodic testing of emergency procedures Periodic testing of emergency procedures should be performed to ensure that the organization and external emergency services can appropriately respond to emergency situations and prevent or mitigate associated OH&S consequences. Emergency drills can be used to evaluate the organization s emergency procedures, equipment and training, as well as increase overall awareness of emergency response protocols. Internal parties (e.g. workers) and external parties (e.g. fire department personnel) can be included in the drills to increase awareness and understanding of emergency response procedures. The organization should maintain records of emergency drills. The type of information that should be recorded includes a description of the situation and scope of the drill, a timeline of events and actions and observations of any significant achievements or problems. This information should be reviewed with the drill planners and participants to share feedback and recommendations for improvement 45

OH&S management system requirements: checking for corrective actions (I) Performance measurement and monitoring under OHSAS 18001: An organization should have a systematic approach for measuring and monitoring its OH&S performance on a regular basis, as an integral part of its overall management system. Monitoring the effectiveness of controls involves collecting information, such as measurements or observations, over time, using equipment or techniques that have been confirmed as being fit-for-purpose. Measurements can be either quantitative or qualitative. Monitoring and measurements can serve many purposes in an OH&S management system, such as: tracking progress on meeting policy commitments, achieving objectives and targets, and continual improvement, monitoring exposures to determine whether applicable legal and other requirements to which the organization subscribes have been met, monitoring incidents, injuries and ill health, Providing data to evaluate the effectiveness of operational controls, or to evaluate the need to modify or introduce new controls providing data to proactively and reactively measure the organization s OH&S performance, providing data to evaluate the performance of the OH&S management system, and for the evaluation of competence. To achieve these purposes, an organization should plan what will be measured, where and when it should be measured, what measurement methods should be used, and the competence requirements for the persons who will perform the measurements. To focus resources on the most important measurements, the organization should determine the characteristics of processes and activities that can be measured and the measurements that provide the most useful information. The organization needs to establish a procedure(s) for performance measurement and monitoring to provide consistency in measurements and enhance the reliability of data produced. 47

OH&S management system requirements: checking for corrective actions (II) Evaluation of compliance under OHSAS 18001: An organization should establish, implement and maintain a procedure for periodically evaluating its compliance with the legal or other requirements that are applicable to its OH&S risks, as part of its commitment to compliance. Evaluation of the organization s compliance should be performed by competent persons, either from within the organization and/or using external resources. A variety of inputs can be used to assess compliance, including: audits, the results of regulatory inspections, analysis of legal and other requirements, reviews of documents and/or records of incidents and risk assessments, interviews, facility, equipment and area inspections, project or work reviews, analysis of test results from monitoring and testing, facility tours and/or direct observations. 48

OH&S management system requirements: checking for corrective actions (III) Incident investigation under OHSAS 18001: Incident investigation is an important tool for preventing reoccurrence of incidents and identifying opportunities for improvements. It can also be used for raising the overall OH&S awareness in the workplace. The organization should have a procedures for reporting, investigating and analyzing incidents in order to: a) determine underlying OH&S deficiencies and other factors that might be causing or contributing to the occurrence of incidents; b) identify the need for corrective action; c) identify opportunities for preventive action; d) identify opportunities for continual improvement e) communicate the results of such investigations. The purpose of the procedures is to provide a structured, proportionate and timely approach for determining and dealing with the underlying (root) causes of the incident. All incidents should be investigated while the organization should seek to prevent the under-reporting of incidents. In determining the nature of the investigation, the resources needed, and the priority to be given to investigation of an incident, account should be taken of: the actual outcome and consequences of the incident, and the frequency of such incidents and their potential consequences. 49

OH&S management system requirements: checking for corrective actions (V) Incident investigation under OHSAS 18001: More particularly the procedures should define how the investigation process should be handled. The procedures should identify: The type of events to be investigated (e.g. incidents that could have led to serious harm) The purpose of investigations Who is to investigate, the authority of the investigators, required qualifications (including line management when appropriate) Identification of the root cause of non-conformance Arrangements for witness interviews Practical issues such as availability of cameras and storage of evidence Investigation reporting arrangements including statutory reporting requirements. Investigatory personnel should begin their preliminary analysis of the facts while further information is collected. Data collection and analysis should continue until an adequate and sufficiently comprehensive explanation is obtained. 50

OH&S management system requirements: checking for corrective actions (VI) Incident investigation under OHSAS 18001: The effectiveness of OH&S investigations and reporting should be assessed. The assessment should be objective, and should yield a quantitative result if possible. The organization, having learnt from the investigation, should: Identify the root causes of deficiencies in the OH&S Management System and general management of the organization, where applicable Communicate findings and recommendations to management and relevant interested parties Include relevant findings and recommendations from investigations in the continuing OH&S review process Monitor the timely implementation of remedial controls, and their subsequent effectiveness over time Apply the lessons learnt from the investigation of nonconformance s across its whole organization, focusing on the broad principles involved, rather than being restricted to specific action designed to avoid repetition of a precisely similar event in the same area of the organization. 51

OH&S management system requirements: checking for corrective actions (VII) Nonconformity, corrective action and preventive action under OHSAS 18001: For an OH&S management system to be effective on an ongoing basis, an organization should have procedures for identifying actual and potential nonconformity, making corrections and taking corrective and preventive action, preferably preventing problems before they occur. The organization can establish individual procedures to address corrective and preventive action, or a single procedure to address both. Nonconformity is a non- fulfillment of a requirement. A requirement can be stated in relation to the OHSAS 18001 management system or in terms of OH&S performance. The procedure(s) shall define requirements for: a) identifying and correcting nonconformity and taking action to mitigate their OH&S consequences; b) investigating nonconformity, determining their cause(s) and taking actions in order to avoid their recurrence; c) evaluating the need for action(s) to prevent nonconformity and implementing appropriate actions designed to avoid their occurrence; d) recording and communicating the results of corrective action(s) and preventive action(s) taken; e) reviewing the effectiveness of corrective action(s) and preventive action(s) taken. 52

OH&S management system requirements: checking for corrective actions (VIII) Nonconformity, corrective action and preventive action under OHSAS 18001: Where the corrective and preventive action identifies new or changed hazards or the need for new or changed controls, the procedure shall require that the proposed actions shall be taken through a risk assessment prior to implementation. Any corrective action or preventive action taken to eliminate the causes of actual and potential nonconformity shall be appropriate to the magnitude of problems and commensurate with the OH&S risks encountered. For this reason the organization shall ensure that any necessary changes arising from corrective action and preventive action are made to the OH&S management system documentation. When a potential problem is identified but no actual nonconformity exists, preventive action should be taken using a similar approach as for corrective action. Potential problems can be identified using methods such as extrapolating corrective action of actual nonconformities to other applicable areas where similar activities occur, or hazard analysis Common non-conformances brought upin this area include: Procedures and responsibilities inadequately defined to ensure that non-conformities, corrective and preventative actions are taken No record of investigation of the cause of the non-conformance only of the action taken Failure to take appropriate corrective action Preventative action not demonstrated to ensure that the same problem does not arise again. 53

OH&S management system requirements: checking for corrective actions (IX) Records and record management under OHSAS 18001: Records should be kept to demonstrate that the OH&S Management System operates effectively, and processes have been carried out under safe conditions. OH&S records that document the management system and conformance to the requirements should be prepared, maintained, legible, and adequately identified. The organization, therefore shall establish, implement and maintain a procedure(s) for the identification, storage, protection, retrieval, retention and disposal ofrecords. The integrity of records and data should be maintained to facilitate their subsequent use, e.g. for monitoring and review activities, for the identification of trends for preventive action, etc. In determining the appropriate controls for records, the organization should take into account any applicable legal requirements, confidentiality issues (particularly those relating to personnel), storage/ access/disposal/back-up requirements, and the use of electronic records. For electronic records the use of antivirus systems and off-site backup storage should be considered. Some of the most common non-conformities linked to records include: The records do not support conformance with the policy commitments Breaches of legislative compliance are not recorded Procedures and responsibilities are inadequately defined to ensure that suitable records are made and retained to support the system Poor identification, traceability and retrievability of records Insufficient detail to demonstrate conformance with the requirements of OHSAS 18001. 54

OH&S management system requirements: checking for corrective actions (X) Management Review under OHSAS 18001: Top management shall review the organization s OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. Reviews shall include assessing opportunities for improvement and the need for changes to the OH&S management system, including the OH&S policy and OH&S objectives. Input to management reviews shall include: a) results of internal audits and evaluations of compliance with applicable legal requirements and with other requirements to which the organization subscribes; b) the results of participation and consultation c) relevant communication(s) from external interested parties, including complaints; d) the OH&S performance of the organization; e) the extent to which objectives have been met; f) status of incident investigations, corrective actions and preventive actions; g) follow -up actions from previous management reviews; h) changing circumstances, including developments in legal and other requirements related to OH&S; i) recommendations for improvement. The management review should also assess how changing circumstances might influence the suitability, effectiveness or adequacy of your OH&S system. In other words top managements has to consider whether the OH&S policy continues to be appropriate. It should measure OH&S performance, establish new or updated OH&S policy and objectives for continual improvement, appropriate to the coming period, and consider whether changes are needed to any elements of the OH&S Management System. 55

OH&S management system requirements: checking for corrective actions (XI) Management Review under OHSAS 18001: In planning for a management review, consideration should be given to the following: Adequacy of current hazard identification, risk assessment and risk control processes Current levels of risk and the effectiveness of existing control measures Adequacy of resources (financial, personnel, material) The effectiveness of the OH&S inspection process and of the hazard reporting process Data relating to accidents and incidents that have occurred Recorded instances of procedures not being effective Results of internal and external OH&S Management System audits carried out since the previous review and their effectiveness The state of preparedness for emergency Improvements to the OH&S Management System Depending on the decisions and actions agreed at a review, the nature and types of communication of the results of the review, and to whom they will be communicated, should also be considered. Depending on the decisions and actions agreed at a review, the nature and types of communication of the results of the review, and to whom they will be communicated, should also be considered. Potential non-conformances include: The frequency of management reviews is not clearly stipulated in the procedure The agenda of the management review does not include an examination of the effectiveness of the OH&S system in delivering the policy Information gathered to review the OH&S system is insufficient Failure to document and follow up actions agreed action of the management review 56

After OHSAS results 57