Professional Documents
Culture Documents
1 INTRODUCTION
Pattys Industrial Hygiene, Sixth Edition, Edited by Vernon E. Rose and Barbara Cohrssen
Copyright 2011 John Wiley & Sons, Inc.
2109
2110 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
In 1996, ISO published its 14001 environmental management system (7). This was
one standard within a family of environmental standards that were published largely
in response to issues raised at the Rio Summit on the Environment held in 1992.
The 14000-series built on the global success of ISO 9001 and implemented by
organizations in a wide variety in industries albeit at a slower pace.
The application of the ISO process to environmental management suggested that an
ISO-based OHS standard might quickly follow, however this has not been the case.
Efforts to pursue an ISO OHSMS standard have thus far been narrowly defeated
within ISO. Numerous national and private standards have attempted to fill the void.
Several countries including the United States, Australia, and Canada have published
national standards (810). The most widely used of the current standards is OHSAS
18001:2007 (11). While this standard is not the result of a formal consensus
development process, it was developed by accreditation bodies and has at its core
several consensus documents including BS 8800 (12) and ISO 14001. In the absence of
an ISO standard, OHSAS 18001 has served to provide interested organizations with a
robust management system framework for which certification can be obtained from a
participating registrar.
In the same timeframe as the ISO 14001:1996 environmental management
standard was published, several important OSH management systems were also
published (e.g., BS 8800 and Australias SafetyMap). By the late 1990s, numerous
nation states, along with professional organizations (e.g., the Japan Industrial Safety
and Health Association, the American Industrial Hygiene Association (AIHA), and
the Chemical Manufactures Association) had started to develop OHS management
system standards and guidelines.
In the mid 1990s in the United States, OSHA began to consider rulemaking for a
comprehensive occupational health and safety program standard (13). Activities on
this effort continued through the early 2000s. Over time, the priority of these efforts
diminished and was officially off OSHAs agenda by 2003.
Researchers at the University of Michigan (UM) developed an ISO 9001-based
OHSMS that was published by the AIHA in 1995 (14). The UM/AIHA OHSMS
received significant attention from various stakeholders and standards-making orga-
nizations and a companion universal OHSMS assessment instrument was developed
and published in 1999 (15). As part of the development of the assessment instrument,
it was necessary to develop a generic OHSMS model. This model has since been
used widely throughout the world by private companies and by standards-making
bodies to assist their system development efforts (8, 15, 16).
In 1996, ISO considered the development of an OSH management system
standard for the first time, and elected at that time to not proceed. It was during
those deliberations that standards-making experts put forth the idea and recommen-
dation that the International Labor Office (ILO) would be a more suitable
international organization to develop standards and guidelines in the particular
area of occupational health and safety management systems. With this mandate, in
1997, the ILO began to conduct background research on OHS management systems as
a precursor to forming the tripartite group of experts that developed ILO-OSH
2001 (16). The International Occupational Hygiene Association (IOHA) assisted
2112 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
the ILO with this research endeavor. The IOHA report to the ILO provided a
comprehensive overview of many different management system approaches and
suggested seed language and topics for the development of the ILO OHSMS
document.
While the ILO and IOHA were performing these background efforts, two devel-
opments occurred. First, ISO elected for a second time to not develop an ISO OSHMS.
Second, the British Standards Institute (BSI) published OHSAS 18001:1999 that
generally followed the structure of ISO 14001 (7, 11). This document was published
specifically for use as an auditable standard. In its introduction, OHSAS 18001:1999
stated that the document was developed in response to urgent customer demand for a
recognizable occupational health and safety management system standard against
which their management systems can be assessed and certified.
In 2000, in the United States, the AIHA solicited the American National Standards
Institute (ANSI) to form a committee to develop an ANSI standard for occupational
health and safety management systems. The Z10 committee held its first meeting in
2002 and issued a final standard in 2005 (8).
By 2009, four formal OHS management system standards had emerged as the
primary formats utilized by numerous organizations and are now central to most
OHSMS discussions.
Feedback
FIGURE 44.1 System model with feedback loop.
2114 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
A question that often comes up when talking about an OHS management system is
what is the difference between a system and program? One way to describe this
difference is in terms of an information feedback loop, that is, feedback in a system is
essential and an integral component of the system. Conversely, this is not the case with
programmatic approaches where feedback is not necessarily part of a structural
design. This is depicted in Figure 44.2.
A system can be further characterized as being either open or closed. In the case
of open systems, there are identifiable pathways whereby the system interacts
exchanging information with and gaining energyfrom its external environment.
This phenomenon is readily observed in biological systems. Conversely, closed
systems do not have such pathways, and thus limit their ability to adapt or respond
to changing external conditions.
ISOs guidelines on the development of management system standards defines a
management system as a system to establish policy and objectives and to achieve
those objectives. (20)
This ISO guideline states that
management systems are used by organizations to develop their policies and to put these
into effect via objectives and targets, using:
a set of interrelated elements that establish and/or support occupational health and
safety policy and objectives, and mechanisms to achieve those objectives in order to
continually improve occupational health and safety. (8)
part of an organizations management system used to develop and implement its OH&S
policy and manage its OH&S risks. (17)
INTRODUCTION 2115
This model is arranged into 5 organizing categories and 27 sections (16 major and
11 subsections). Considerable attention was given to the superstructure; that is, the five
organizing categories and the manner in which the 16 primary sections are distributed
among the five categories. The representation of this management system in
Figure 44.5 could be presented in a number of ways. However, in an effort to create
a more robust model, it was important to arrange the sections in such a way as to
facilitate both implementation and evaluation activities. The five organizing catego-
ries are as follows:
1. Initiation (Inputs).
2. Formulation (Process).
2116 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
3. Implementation/Operations (Process).
4. Evaluation (Feedback).
5. Improvement/Integration (Open System Elements).
These categories are partially based on widely used systems model in the policy
science arena and the simplified systems model, as depicted in Figure 44.1.
The sequence of steps shown in Figures 44.344.5, starts with a very basic construct
showing the relationship between OHS management, the organization, and the external
environment in Figure 44.3. Figure 44.4 develops the construct further showing how a
systemsmodel(Fig.44.1)andOHSmanagementarrangement(Fig.44.3)canfittogether.
Finally, Figure 44.5 adds the generic OHSMS sections to the construct (Table 44.1) (22).
Numerous government agencies and private organizations have used it as an
analytical tool guidance document to develop their internal OHSMS (15). The
government of Singapore has used the generic OHSMS as in their efforts to impact
safety and health in the petrochemical industry; construction; and, in small and
medium enterprises.
The organization
Level I is the highest level that contain OHS policies, and in some cases a policy
manual. These documents are general and contain information on the system scope. In
large organizations, these are often referred to as corporate level documents that all
business units must follow.
Level II documents are typically procedures that address specific activities, such as
lock-outtag-out, eye-wash, and respiratory protection requirements. When begin-
ning to implement an OHSMS, organizations find that most of their documents are
level II procedures. It is typically the case that level II documents are also referred to
corporate level documents, however, these can vary between business units.
Level III documents are specific guidelines, work instructions, and standard
operating procedures are typically unique to a plant or business unit. These documents
define how an activity will occur.
Level IV documents are records used to either manage the system or are outputs
from it. These can be, for example, forms/templates, training presentations, or
monitoring records that are generated to provide artifacts of conformance with the
standard.
The confluence of management system ideas in the 1990s and 2000s has resulted in a
core of common elements and themes found in all major OHSMS approaches. Five
major sections are found in most management systems. With slight variation of words
between them, these sections can be described as
2118
Stakeholders
Regulating
Agencies/units
OHS process
Formulation
OHS policy (3)
Goals and objectives (4)
Performance variables (5)
System planning/devel. (6) OHS outputs
Manual and procedures (7) OHS goals and objectives
Initiation (OHS inputs) Illness and injury rates
Mgmt. commitment and resources (1)
Employee participation (2) Workforce health
Implementation/operations Changes in efficiency
Training system (8) Overall organization performance
Hazard control system (9)
Prevent./correct.actions
(10)
Procurement/contractors
(11)
Within each of these sections more detailed issues such as accountability, opera-
tional controls, and auditing are addressed. These general concepts are addressed in
this section, while details about individual management system approaches is
provided in Section 3.
Level I
Policy
Level II
Procedures
Level III
Work Instructions
Level IV
Records & Artifacts
topics slightly differently, however all address them in some fashion. ANSI/AIHA Z10
addresses this most directly with its first section titled Management Leadership.
In Section 3.1.1, Z10 requires top management to establish implement and maintain an
OSHMS is appropriate to the scale and nature of its organization and OHS risks (8). In
the ILO OHSMS, the first section that provides an overview on OSH management
systems in the organization states that strong leadership and a commitment OSH
activities should be demonstrated by an employer (18). OHSAS 18001 (17) does not
address management commitment or leadership as directly as Z10 or the ILO OHSMS.
In 18001, the requirements for an OHS policy does contain requirements to demon-
strate a commitment to the prevention of injury and ill health and the continual
improvement of OHS management and OHS performance in and organization.
Management commitment may be demonstrated in many ways. Allocation of
sufficient resources for the proper functioning of an OHS program or management
system has been identified as a key variable to measure management commitment.
Other variables are the establishment of organizational structures whereby managers
and employees are supported in their OHS duties and the designation of a management
representative who is responsible for overseeing the proper functioning of the
OHSMS.
2.1.3 OHS Policy An important element often associated with managing com-
mitment and leadership is the OHS policy, which represents the foundation from
which OHS goals and objectives, performance measures, and other system compo-
nents are developed. The OHS policy should be short, concise, easily understood, and
known by all employees in the organization. It can be expressed with seeds from the
organizations mission or vision statements. It is a document that expresses the
organizations OHS values.
The OHS policy should demonstrate senior managements commitment to
OHS, employee participation, allocation of necessary resources, and continual
improvement. The policy should be evaluated periodically as part of the manage-
ment review process. In the case of the OHSAS 18001, the policy language
contains eight specific requirements that include a commitment to the prevention
of injury and ill health, continual improvement, and a commitment to comply with
legal requirements (17).
2.2 Planning
The planning-related elements and requirements in management systems address the
identification and prioritization of OHS risks and the establishment of goals and
objectives that offer opportunities for improvement and risk reduction consistent with
the OHS policy. Readers who are familiar with ISO 14001 (25) are familiar with the
term aspects and significant aspects. These two terms essentially address risk. In OHS
management systems there is not a distinction may between risk and significant risk,
rather this is addressed in terms of prioritizing risks in general.
Planning activities including initial or baseline reviews, risk identification and
verification, establishing objectives and targets, identifying legal and other require-
ments, establishing programs to meet objectives, and in the case of ANSI Z10 the
establishment of an implementation plan. This feature of Z10 is unique. Another
unique feature of Z10 is found in its assessment and prior authorization element that
contains requirements to identify underlying causes and other contributing factors
related to system deficiencies that lead to hazards and risks (8). These requirements
provide the framework for forward-looking root cause analysis.
2122 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
2.2.1 Initial and Baseline Review Initial and baseline reviews are conducted
when a management system is implemented for the first time. In this initial effort a gap
analysis is performed against the chosen management systems requirements to
determine which elements may be missing. Subsequently ongoing reviews are
conducted at defined intervals to ensure that information generated from OHSMS
activities, such as audits and corrective actions, are used to assess continuing relevance
in the OHSMS planning process.
Many organizations have general operational management systems and related
tools such as lean and six sigma that can be used in this process. It is important to
include OHS element in whatever ongoing analyses conducted by the organization.
Identifying these opportunities should be a part of this initial review.
2.2.2 Risks and Their Prioritization As part of the technical review and man-
agement of any and all OSH hazards within the framework of an OHS management
system, the degree of risks associated with individual activities should be considered
and prioritized. Such a review typically requires some form of prioritized impact
analysis and risk assessment. Many organizations have developed their own risk
assessment matrix that defines the scale of the acceptable risks of the organizations
specific operational environment and assists in the numerical ranking of the organiza-
tions risks. Prioritization helps establish schedules and the allocation of resources. The
assessment of risk as it pertains to occupational and industrial hygiene is summarized
in a White Paper on Risk Assessment and Risk Management published by the
American Industrial Hygiene Association (26).
Such risk assessments should take into consideration the probability of the
exposure event that generally includes consideration of the likelihood and/or fre-
quency of the event. Considered together with the severity or degree of harm that might
be presented by such an exposure event, the risks associated with individual events can
be compared with other possible, likely or frequent events within a likely range of
severity outcomes. Prioritization assures that the most severe events are controlled best
and/or first. After controls are implemented for a range of risks, the remaining residual
risks can be reassessed and additional controls implemented in the spirit of continuous
improvement to further reduce the organizations total OHS risk profile. Such risk
prioritization assures that the organization achieves an acceptable level of risk
reduction.
2.2.3 Legal and Other Requirements OHS management systems require orga-
nizations to identify legal and other requirements that apply to OHS. Examples
include governmental regulations and standards developed by MGOs.
high to low, (1) engineering controls, (2) work practice controls, (3) administrative
controls, and (4) personal protective equipment.
2.3.6 Documents and Records Requirements for document and record control are
found in OHS management systems. This includes the use of a controlled system for
required documents. All management system standards contain language on
OHS MANAGEMENT SYSTEM ELEMENTS 2125
document and record legibility, accessibility, retention periods, and the management
of obsolete documents.
2.4.2 Internal Audit All management system standards address the internal audit
of management system elements. Specific requirements vary between different
management systems, however they generally all require that periodic audits be
conducted to evaluate the functioning of the management system. While regulatory
compliance auditing is not excluded from these activities, the focus is on the actual
management system elements beginning with the policy statement, and moving on to
risk assessment, goals and objectives, operational elements, and the auditing function
itself. Later in this chapter specific activities associated with management system
audits is addressed.
hygiene management where there is value in taking findings in using them to evaluate
policies, procedures, training, and operational controls, etc.
. attendee list
. review of EHS policy
. evaluation of compliance with legal and other requirements
. external communications (external interested parties including complaints)
. results of participation and consultation
. performance against goals
. status of incident investigations, corrective and preventative actions
. status of audits
. changing circumstances and future developments
. follow-up actions from previous management review meetings
. decisions and new action items
annually. They should include representatives for key affected functional areas and
senior leadership of the organization.
Beyond the management review requirements in all OHSMSs, this activity
provides a powerful vehicle to engage senior management in occupational health
and safety. It also is an important feature of the overall integration of OHS activities in
an organization. Management review provides the opportunity for OHS staff and
senior management time to reflect on the larger goals and expectations of occupational
health and safety activities in the organization.
There are over 30 occupational health and safety management systems published
globally. A 1998 study conducted by the ILO identified 31 OHS management systems
in use or development at that time (16). Since then, a few OHS management system
standards have become more prominent than others. With the growing popularity and
use of ISO 14001, the environmental management system standard, the OHSMS that
most directly mirrors it, has become the dominant management system in use
throughout the world. While ISO has not developed an OHSMS as of 2010,
OHSAS 18001:2007 (17) is considered the de facto international OHSMS even
though it is not an ISO standard.
The evolving trend in organizations is the development of an integrated envi-
ronmental health and safety management system (EHSMS) as opposed to a stand-
alone OHSMS. A common approach is the integration ISO 14001, and OHSAS
18001. In the United States and in multinational companies, this integration often
includes ANSI/AIHA Z10 and OSHAs VPP. These four standards, in addition to the
ILO OHSMS are addressed in this section.
Nomenclature. When discussing OHS management systems, it is important to be
clear on the version of the management system under discussion. For instance we can
speak generally about OHSAS 18001, however there have been two versions
published, the most recent in 2007. The correct way of depicting this is OHSAS
18001:2007. In like fashion, there have been several versions of ISO 14001 published
with the most recent being in 2004, thus the correct depiction is ISO 14001:2004.
Section 4.2 addresses OH&S Policy. In the case of ISO 14001, Section 4.2
addresses environmental policy. The OHSAS 18001:2007 policy language states
that (29)
Top management shall define and authorize the organizations OH&S policy and ensure
that within the defined scope of its OH&S management system it
STANDARD OHS MANAGEMENT SYSTEMS 2129
The second way, as done with OHSAS 18001, is to overlay an OHS specific
requirement on the EMS using an OHS system such as BS 8800. Thus, the OHS
specific words are used in the ISO 14001 format. The wording and specifications of BS
8800 are used in place of those of ISO 14001, while retaining the compatible format.
This appears to be a reasonable strategy, although the wording and thus the require-
ments of BS 8800 are much more extensive than those of ISO 14001 despite the same
format being used. However, it should be noted once again that BS 8800 uses the word
should throughout, rather than the stronger shall.
. Policy
. Organizing
. Planning and Implementation
. Evaluation
. Action for Improvement
ILO guidelines
on
OSH-MS
National
OSH-MS
guidelines
in
on OSH-MS
organizations
Tailored
guidelines
on OSH-MS
policy element there are recommendations for both the policy statement and worker
participation (18).
3.1.1. The employer, in consultation with workers and their representatives, should set
out in writing an OSH policy, which should be
(a) specific to the organization and appropriate to its size and the nature of its
activities;
(b) concise, clearly written, dated, and made effective by the signature or
endorsement of the employer or the most senior accountable person in
the organization;
(c) communicated and readily accessible to all persons at their place of work;
(d) reviewed for continuing suitability;
(e) made available to relevant external interested parties, as appropriate.
3.1.2. The OSH policy should include, as a minimum, the following key principles and
objectives to which the organization is committed:
(a) Protecting the safety and health of all members of the organization by
preventing work-related injuries, ill health, diseases and incidents;
(b) Complying with relevant OSH national laws and regulations, voluntary
programs, collective agreements on OSH and other requirements to which
the organization subscribes;
(c) Ensuring that workers and their representatives are consulted and encour-
aged to actively participate in all elements of the OSH management system;
(d) continual improvement in performance of the OSH management system.
3.1.3. The OSH management system should be compatible with or integrated in other
management systems in the organization.
Several key themes contained in the policy statement are carried throughout the
ILO OHSMS include the (1) involvement and consultation of workers and their
representatives and (2) compatibility and ability to integrate the OHSMS with
management systems in the organization (18).
Two key principles in formal management approaches are (1) Management
Leadership and Commitment and (2) Employee/Worker Participation (8, 18). An
analysis of the various formal management system approaches reflects varying
emphasis of these two areas. The ILO OHSMS reflected an evolution from
OHSAS 18001:1996 in strengthening and emphasizing these area. Section 3.2 on
worker participation states (18)
3.2.4. The employer should ensure, as appropriate, the establishment and effi-
cient functioning of a safety and health committee and the recognition of workers
safety and health representatives, in accordance with national laws and practice.
Throughout the ILO OHSMS document, examples are found where strong worker
participation is encouraged or required.
Section 3 of the ILO OHSMS starts with a robust statement regarding the
importance of strong management leadership and commitment to occupational safety
and health, where it states (18)
3.0 Occupational safety and health is the responsibility and duty of the employer,
including compliance with the OSH requirements pursuant to national laws and
regulations. The employer should show strong leadership and commitment to OSH
activities in the organization, and make appropriate arrangements for the estab-
lishment of an OSH management system. The OSH management system should
contain the main elements of policy, organizing, planning and implementation,
evaluation and action for improvement.
The ILO OHSMS Section 3.10.1 titled Prevention and control measures presents
and reinforces the importance of the traditional hierarchy of controls used by industrial
hygienists.
Robust recommendations on the management of change, contracting, and pro-
curement issues are found in the ILO OHSMS. The ILOs recommendations on the
Management of Change are (18) as follows:
3.10.2.1. The impact on OSH of internal changes (such as those in staffing or due to
new processes, working procedures, organizational structures or acquisitions)
and of external changes (e.g., as a result of amendments of national laws and
regulations, organizational mergers and developments in OSH knowledge and
technology) should be evaluated and appropriate preventative steps taken
prior to the introduction of changes.
3.10.2.2. A workplace hazard identification and risk assessment should be carried out
before any modification or introduction of new work methods, materials,
processes, or machinery. Such assessment should be done in consultation with
and involving workers and their representatives and the safety and health
committee, where appropriate.
3.10.2.3. Implementation of a decision to change should ensure that all affected
members of the organization are properly informed and trained.
3.10.5.1. Arrangements should be established and maintained for ensuring that the
organizations safety and health requirements, or at least the equivalent, are
applied to contractors and their workers.
2134 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
A detailed list of the standards content is found in Table 44.4 and depicted in
Figure 44.8. The Z10 standards development did not have an eye toward use in a
certification scheme, nor was its intent to be included in one. However, it is a shall-
based standard that does provide the ability for use in rigorous auditing.
As with the ILO OHSMS, the ANSI/AIHA Z10 standard reinforces of the
importance of strong management leadership and employee participation.
Section 3 highlights this, stating (8)
Continual
Improve improvement Reduce
employee H&S hazards
productivity risks
satisfaction 3.0 Policy management incidents
image leadership and employee comp costs
participation lost time
Plan
Act
7.0 Management
4.0 Planning
review
Check
5.0 Implementation Do
and operation
6.0 Checking and
corrective action
D. integrating the OHSMS into the organizations other business systems and
processes.
Employees shall assume responsibility for aspects of health and safety over which
they have control, including adherence to the organizations health and safety rules
and requirements.
3.2. Employee Participation The organization shall establish and
implement processes to ensure effective participation in the OHSMS by
its employees at all levels of the organization, including those working
closest to the hazard by
A. providing employees and employee representatives, with the mechanisms, time
and resources necessary to participate in, at a minimum, the processes of
. planning (4.0);
. implementation (5.0);
Significant with this standard is the language used regarding employee participation.
Both the Policy (3.1.2.B.) and Employee Participation (3.2) require effective
participation in the organizations OHS management system (8). The employee
participation requirements continue with the requirement for identifying and remov-
ing obstacles or barriers to participation. In these instances, similar language is not
found in OHSAS 18001:2007 or the ILO OHSMS (8,17, 18).
A requirement to perform hazard/risk assessment is a cornerstone of OHS
management system approaches. The ANSI/AIHA Z10 standard states in Section
4.2, titled Assessment and Prioritization, that (8)
The organization shall establish and implement a process to assess and prioritize the
OHSMS issues identified in 4.1.
The process shall
A. assess the impact on health and safety of OHSMS issues and assess the level of
risk for identified hazards;
B. establish priorities based on factors such as the level of risk, potential for system
improvements, standards, regulations, feasibility, and potential business con-
sequences; and
C. identify underlying causes and other contributing factors related to system
deficiencies that lead to hazards and risks.
There are two unique features in how Z10 addresses this issue. The first is the use of
the term OHSMS issues, which are defined as hazards, risks, management system
deficiencies and opportunities for improvement. This approach thus concisely
addresses the importance of looking for system deficiencies and opportunities for
2138 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
. Policy3.1.2
. Objectives4.3
. Implementation Plan4.4.A
. Audits6.3
. Management Reviews7
This process shall include appropriate contractor health and safety performance criteria.
On multi employer work sites, the organization shall implement a process for coordi-
nating the relevant portions of its OHSMS with that of other applicable organizations.
The Z10 standard is unique in its requirement for the coordination of OHSMSs on
multiemployer work sites, and in its requirement, stated in Section 5.2.A. that the
organization shall establish processes to define and assess the OHSMS competence
needed for employees and contractors. (8)
Continuing to reinforce the importance of employee participation and input to OHS
management, Z10 Section 5.3 on communication states that
Significant in this language is the requirement to identify and remove barriers to all
of the above. Language like this is not found in other OHS management system
approaches and reinforces for OHS professionals and organizations a central compo-
nent of successful OHS management.
Possibly the most unique and important section in ANSI/AIHA Z10 is Section 6.5,
titled Feedback to the Planning Process, which states that (8)
The organization shall establish and maintain processes to ensure that the results of
monitoring and measurement, audits, incident investigation and corrective and preven-
tive actions are included in the ongoing planning process (Section 4.1.2), and the
management review (Section 7).
On the surface this requirement may not seem significant, but at its core, it points to
the fundamental difference between a systems-approach versus a traditional program-
matic-approach to OHS management, namely the role of information feedback loops.
With feedback loops there is an opportunity to learn and continually improve an
organizations OHS functions.
In general, OHS management systems do not include requirements on how often a
given activity should take place. Terms such as regular and periodic are used,
and it left to the standard-user to define the actual timing of activities. In ANSI/AIHA
Z10, the frequency is an exception. The Z10 Management Review section states
that (8):
2140 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
The organization shall establish and implement a process for top management to review
the OHSMS at least annually, and to recommend improvements to ensure its continued
suitability, adequacy, and effectiveness.
The site review team balances all available site information, including employee
interviews, to determine if systematic management procedures that address hazard
assessment, prevention and control are being effectively implemented. The site
inspection teams findings are reviewed by OSHA management personnel who,
typically were not involved with the on-site review. This Administrative Review is
last step in the process. Those companies that satisfy the above requirements become
VPP Participants (30).
The firms management receives a letter from the Assistant Secretary of Labor
congratulating them on being awarded VPP status. Furthermore, these companies are
rewarded by receiving immunity from programmed OSHA inspections. OSHA may
still inspect VPP sites in response to employee complaints, fatalities, significant
chemical releases or catastrophes. Most sites are reevaluated every three years to
ensure they are continuing good management practices and following the VPP
requirement.
There is a hierarchy of VPP achievement recognition, with the designations Star,
Merit, and Demonstration. Sites awarded Star status generally have safety and health
programs that are recognized as comprehensive and effective. The Merit designation is
provided to those work sites with the potential to be Star but may have some minor
health and safety program elements to be corrected. For example, OSHA may elect to
give Merit status to a company with an overall good health and safety program but
whose illness and injury rates have yet to drop below national averages. The third
award is the Demonstration designation. Demonstration status may be awarded to
companies that are not construction or general industry oriented, such as maritime or
agriculture businesses. Merit and Demonstration sites receive annual onsite
inspections (6).
The VPP criteria contain a number of best practices that can lead to superior safety
and health performance. Certain elements are strong such as employee involvement.
Other elements that would make it a complete management system are weaker such as
management review and continual improvement aspects. OSHAVPP gets employees
involved in safety and health management unlike traditional OSHA approaches.
3.5.1 British Standard BS 8800 The British have been leaders in the development
of management system standards and approached. British standards 5750 and 7750,
respectively influential to the development of ISO 9001 and 14001. In 1991, the British
HSE published a document titled Successful health and safety management
(HSG 65) to provide OHS management guidance to organizations (32). In 1996,
the BSI published the OHS management system, BS 8800. It was revised in 2004 to
update it with revisions made to ISO 14001:2004 and harmonize it with OHSAS
18001:1999.
At the time BS 8800 was being developed, ISO was in the process of developing ISO
14001. Thus, the BS 8800 contents are arranged in two different ways. One is based on
ISO 14001 Draft International Standard (DIS) and the other is based on the HSG 65.
Both arrangements contain the same language, with the only difference being in the
organization. The ISO/DIS 14001 approach is aimed at organizations already with, or
that is seeking ISO 14001 registration.
One difficulty with BS 8800 is that, because of initial opposition to making it an
auditable, all potentially auditable phrases contain the word should. Should is, in
management system standards, usually reserved for guidance documents. Phrases
containing the word should are usually not auditable. Shall, which is normally
used for auditable phrases, is not to be found in BS 8800.
The annexes of BS 8800 are useful for the development and operation of OHS
management systems. The annexes are (12)
. Annex A. Shows the links between BS 8800:1996 and ISO 9001:1994. This is
provided to assist organizations who are operating or plan to operate the ISO
9001 international quality management systems standard and who want to
integrate OH&S into their existing/planned management system. (This thinking
closely parallels that of the AIHA OHSMS, below.)
. Annex B. Organizing an OHS management system
. Annex C. Planning and implementing an OHS management system
. Annex D. Risk assessment
. Annex E. Measuring performance of OHS management systems
. Annex F. Auditing methods for OHS management systems
The Risk Assessment annex is one of the most useful. In this annex, risks are
qualitatively categorized as going from Trivial to Intolerable, and actionable strategies
are linked to each category. This approach avoids the highly controversial quantitative
risk analysis models in favor of a system that appears to be readily useable as part of an
OHS management system.
3.5.2 AIHA OHS Management System The AIHA published an OHS manage-
ment system in 1995 that was based on ISO 9001:1994 (15). The core of this document
was developed by researchers at the University of Michigan (23, 3941). With the
development of ANSI/AIHA Z10, the decision was made to not update the AIHA
CONFORMITY ASSESSMENT 2143
OHSMS when ISO 9001 was revised in 2000. Thus, while important in the context of
the historical development of OHS management systems standards, the AIHA
OHSMS is arcane and generally not used in organizations.
3.5.3 ISRS and NOSA The ISRS and the similar NOSA five star safety and health
management system were pioneers and early leaders in the development and imple-
mentation of safety management systems (3). The first system broadly applied to
safety management was the ISRS as developed by Frank E. Bird, Jr. in 1976. It was
marketed jointly by his International Loss Control Institute and the Industrial Accident
Prevention Association (3, 33). The roots of the ISRS was a study conducted earlier by
Frank E. Bird, Jr. and George I. Germain of accidents in the steel industry while
employed by the Insurance Company of North America (INA). The system was best
known for its loss causation model, and served as an early audit-based system
documentation process that focused on compliance assurance with specified stan-
dards. This system is now in Version 7 as the proprietary product of Det Norske Veritas
(DNV) who purchased ILCI in 1991.
The NOSA organization in South Africa published the NOSA Five Star Safety and
Health Management System based on 150,000 safety surveys of mines and other
industries (34). The original NOSA system was quite similar to Frank Birds ISRS. In
1984, NOSA revised its system to include a continual improvement element for
environmental affairs and now includes a section on ISO 14001:1996 (16). NOSA
continues to serve as an important third-party auditor organization primarily to assure
core safety requirements among South African mining companies.
4 CONFORMITY ASSESSMENT
. Primary LevelAssessment
. Secondary LevelAccreditation
. Tertiary LevelRecognition
The primary level represents measurement and auditing activities. Workplace air
sampling or safety surveys are examples of assessment activities, as are management
system audits. The secondary level, addresses the formal qualifications of the entities
performing primary level activities and the bodies that provide confirmation of the
qualifications. An example is with Certified Safety Professionals (CSP) or Certified
Industrial Hygienists (CIH) who perform workplace assessments. The CSP and CIH
designations are given respectively by the Board of Certified Safety Professionals
(BCSP) and the American Board of Industrial Hygiene (ABIH). The certification
function performed by the BCSP and ABIH represent secondary level activities.
With management system certification, registrars perform audits, a primary
level activity, and accreditation agencies, accredit the registrars to perform the
registration audits. Finally, an example of tertiary level recognition is found in
OSHA regulations that require certain activities be performed by CSPs or
CIHs (36). With management systems, recognition is given by regulatory agencies
who might give organizations with a certified OHSMS some sort of regulatory relief,
as with the OSHA VPP.
5.1.1 First PartyInternal Audits First-party audits refer to audits that are
conducted internally within an organization by members of the organization.
Many companies have robust internal audit programs that assess both regulatory
compliance and conformance with nongovernmental standards or management
systems.
Internal audits should be conducted by personnel who are technically competent,
have audit training, and are capable of making unbiased and independent assessments.
Internal auditors should not have direct responsibility for activities at the site being
audited. This is essential in order to maintain audit integrity and independence. An
internal audit will generally assemble several individuals who are experienced within
their respective disciplines and who may even know the facility and its operations. The
audit team should be sufficiently large and broad to adequately address all the
anticipated issues. When working with teams drawn from internal sources only,
this can sometimes be difficult to achieve. Every audit also requires deft team
leadership and communication, skills that may be difficult for an internal person
2146 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
to obtain or keep current if they do not audit on a regular basis. Lead auditors should
have training in leading audits. Governmental bodies and for-profit organizations are a
source for compliance and management system auditing training.
There are distinct advantages to the organization for using an internal audit team.
The out-of-pocket costs associated with an internal program can be lower than an
external program, though the time commitment internal auditors must make to the
program does have a significant impact for the organization. Participating on audits
provides an excellent way to upgrade regulatory knowledge, and technical and
leadership skills. Robust audit programs allow for the development and sharing of
best practices within the organization. Once auditors have completed their work,
they return to their respective sites and, hopefully, implement best practices or
program improvements they have recently seen on an audit. On the other hand,
unless the organization empowers the internal auditing function with the authority
to clearly identify all issues, and sets the expectation that senior management will
respond to these issues, some internal programs may lack the impact of an externally
run program.
5.1.2 Second- and Third-Party External Audits These audits are conducted by
personnel who are not members of the organization that is being audited. In the case of
second-party audits, within a supply chain, a customer performs an audit of a
supplier. Second-party audits are common in the quality management circles
(e.g., ISO 9001), but are not as common in the OHS area. Third-party audits refer
to audits performed by people independent of the organization being audited. These
are typically performed by consultants, and in the management system arena, by what
are called, third-party-registrars. Third-party audits are common in the management
system arena.
There are several advantages to using external auditors. First, it should provide
access to highly qualified individuals best suited to evaluate the site and its unique
operations. Second, there should be fewer time and resource issues that plague internal
audit programs because auditors are not being pulled off an already full work schedule.
Finally, a report from an unbiased outside firm has the advantage of being perceived as
presenting the true picture as it lacks local biases.
Organized labor concerns about external auditors, if any, need to be addressed. A
concern that can surface is the potential bias that external auditors may not report bad
findings for fear of losing future work with the organization. This concern can be
addressed by using credible third-party auditors who hold themselves to a high level of
ethical conduct.
5.1.3 Hybrid Approaches Audit programs in some organizations use hybrid audit
teams that include both internal-company representatives and external consultants.
This approach yields benefits with deep organizational understanding from the
internal team members and auditing and external expertise from the consultant.
An increasing trend has also been to combine compliance and management system
audit functions, thus auditing both at the same time. Caution should be taken to ensure
that neither is diluted when combined.
MANAGEMENT SYSTEM AUDITING 2147
When the audit process is initiated, the lead auditor should have a meeting or phone
call with the site representative who is the lead coordinator for the site. In addition to
overall audit logistics, such as audit dates, the lead auditor can begin to understand the
2148 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
above site-specific issues. This information will also help the lead auditor understand
the expertise he or she will need on the audit team. At this time, the lead auditor should
make sure that there is a mutual understanding about the audit scope. Any discre-
pancies in understanding of the scope need to be resolved before proceeding any
further.
The part of preaudit activities involved with reviewing site policies and procedures
before the official site visit is called the desk review. This is where documents
relevant to the audit scope are reviewed by the lead auditor and team members to
determine initial compliance or conformance with regulations or standards against
which the site is being audited. In management systems audits, when nonconfor-
mances are found during the desk review, it is common for the lead auditor to suggest
that the site bring these areas into conformance before making the official site visit.
Avaluable component of preaudit preparation is the use of a preaudit questionnaire
to be completed by the site in advance of the site visit. The purpose of the questionnaire
is to provide the lead auditor with necessary background information that will help her
or him plan the audit in the most effective manner. Preaudit questionnaires help lower
costs by decreasing the time that the audit team must spend on-site gathering
background information. It is effective to identify an on-site coordinator who will
act as the key liaison between the facility and the audit team and can facilitate
scheduling and logistics for the team.
The preaudit questionnaire also serves an important internal function. The act of
collecting data, gathering policies and procedures, and completing preaudit forms is
an educational process for both the on-site coordinator and the individuals gathering
the documents. Even before the audit team arrives on site, the coordinator will usually
have a good estimate of the facilitys overall compliance or conformance with the areas
or issues within the audit scope, from examining the general pattern of responses to
items on the questionnaire, there is value in seeing this at the early stages of the audit.
The preaudit questionnaire also provides the opportunity for senior management to see
what may be ultimately included in the final report. Finally, for issues with significant
risks, this provides an opportunity to take immediate action.
A memo from senior management to the key site personnel prior to the audit
emphasizing their need to cooperate and participate can help make the on-site
activities proceed smoothly.
During preaudit activities, the lead auditor should ask the site contact to ensure that
sufficient on-site working space and resources are provided for the audit team. This
includes a conference room or office of sufficient size, telephone, internet access,
photocopying support, and document access. For remote locations, consideration of
bringing in food for lunch should be considered to increase efficiencies.
The method(s) of information and data collection during the audit should be
determined before the site visit. This typically includes the preparation of forms and
even audit notebooks that contain the forms. The forms should be designed to capture
information from interviews, document reviews, visual observations. With manage-
ment system audits, a typical form is called a nonconformance or corrective action
form. These are used to capture the various types of objective evidence upon which an
audit finding is based.
MANAGEMENT SYSTEM AUDITING 2149
5.4.2 During the Audit The remainder of the on-site activities of the audit
involves interviewing site personnel, reviewing documentation and records, and
revisiting site areas to verify what the audit team is learning. Many audit teams chose
to conduct daily briefings to update site personnel of their observations and provide a
forum to resolve any misinterpretations immediately. These daily gatherings help to
make the official close-out meeting run smoothly.
During the audit, auditors should immediately bring to the attention of the site
coordinator any observed life-threatening or high risk issues.
An important component of an audit is conducting interviews with site
personnel. Auditors should have training in how to conduct effective interviews.
Interviews should be structured so that the interviewee can be open and honest without
concern about potential retribution. The audit team should be involved with the
selection of who will be interviewed to make sure that there is no potential bias.
Beyond key managers and persons with OHS accountabilities, selection of inter-
viewees should be done randomly. Interviews are typically conducted alone between
the auditor and interviewee, management representative participation should be
discouraged.
At the conclusion of each day, the audit team should meet to discuss findings and the
observations of each team member. Collaboration of objective evidence happens at
this point. Each day, the lead auditor should assemble the audit finding from that day.
This will help avoid a rush of work on the last day on site, and allows for discussion
with site personnel about findings as they come up. As issues come up that maybe out
2150 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
of a team members area of expertise, the issue should be reexamined the next day by a
qualified team member.
6 IMPLEMENTATION
A detailed discussion on OHSMS implementation could be the focus of its own chapter
or book. Several key concepts and issues are addressed here to assist industrial
hygienists begin the implementation process.
Numerous implementation steps can be identified. Initial steps include the consid-
eration of organizational goals and the means by which the goals will be fulfilled. Six
implementation steps are identified here.
These six steps follow the general structure of the generic OHSMS presented in
Table 44.1 and Figure 44.5 (21). Management commitment, resource considerations
and employee participation are necessary steps to consider prior to embarking on the
development, and implementation of an OHSMS. Without management commitment,
resources, and employee participation, the probability is low that the OHSMS can be
successfully implemented and maintained.
. Training programs
. Hazard controls following the hierarchy of control
. Preventive and corrective action processes
. Procurement and contracting systems
. Communication mechanisms
. Checking/evaluation actions (auditing, incident investigation, etc.)
Meet with the Senior Most Executives. Briefly review the OHSMS elements.
Emphasize the following sections: management leadership and commitment;
OHS policy; employee participation; responsibility and accountability; and
2156 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS
management review. It is critical that executives understand the need for their
initial and ongoing documented commitment to the management system.
Meet with Workers and Their Representatives. The manner in which this is done is
a function of the organizations size. In small organizations, such meetings can
be informal. In larger organizations or at those with union representation, meet
with union representatives and/or other worker representatives first. Review the
systems elements. Discuss how worker participation will be accomplished.
Meet with Middle Managers, Supervisors, and Line Managers. Review the
systems elements. Discuss their anticipated role in the development, imple-
mentation and ongoing improvement of the management system.
Meet with Human Resources. The human resource function in the organization
will be an important participant on the implementation team. Meet with a
representative early to discuss the evolving implementation plan. Specifically
discuss sections on responsibility and accountability, and competence and
training.
Other Stakeholder Meetings. Depending upon organizational structures, consider
meeting with personnel from
. engineering or facility maintenance;
. environmental management department, if integration with an existing
environmental management system is to be done;
. external stakeholders such as medical clinics and/or emergency responders.
6.7.3 Support Team The size of the organization will dictate the size of the
implementation team needed. Safety and health staff team members will need
assistance from human resources. A senior manager sponsor is a positive addition
to the team. A representative from each facility in the organization will need to be
identified. The implementation of a management system requires skills beyond
traditional safety and health expertise. Consider the involvement of people from
diverse functions in the organization.
6.7.4 Managing Information The project will require traditional project man-
agement skills such as documentation to track the implementation success. However,
consider early in the process that information systems may need to be revised in order
to produce ongoing management reports needed by the stakeholders. Such efforts
generally require significant lead times and plans need to be made early so as to deliver
the capabilities to the organization at the proper time so as to avoid false starts in
moving from implementation to ongoing management.
committee members and others in the organization. Consider both outcomes (leading
indicators) and output measures (trailing indicators).
6.7.7 Maintaining Support and Focus Consideration should be given to the way
that support and focus will be maintained throughout the implementation process. Full
implementation in a large organization may take well over a year. Well-defined
communication mechanisms and intervals will assist in maintaining focus. Consider
informal ways that support can be maintained. An example maybe through occasional
informal discussions with senior managers, or lunch debriefs.
7 FUTURE DIRECTION
The application of management systems and their concepts to IH, OHS, and
EHS management is now well established and will continue to be a central manage-
ment approach. In the 2010s, industrial hygienists are sure to see an increasing
integration of their activities with operational activities; an expanding context for risk
management and corporate responsibility; increased proliferation of international
standards; and, supply chain OHS and EHS issues increase in importance. Beyond the
value and issues addressed in this chapter, general management system concepts and
approaches will be a valuable tool for industrial hygienists to use in meeting these
future challenges.
developing an EHSMS, a key one is conducting an EHS risk assessment that captures
both the environmental aspects and impacts, as required in ISO 14001, and the OHS
risks as required in OHSMSs. With integrated systems, tasks that were once im-
plemented by single individual contributors may be divided among a number of
different professional, technician and nontechnical service facilitators. The industrial
hygienist must remain vigilant to ensure that OHS risks are identified and associated
controls are implemented.
BIBLIOGRAPHY
21. C. Redinger and S. Levine, Occupational Health and Safety Management System
Performance Measurement: A Universal Assessment Instrument, AIHA Press, Fairfax,
VA, 1999.
22. C. Redinger and S. Levine, Development and Evaluation of the Michigan Occupational
Health and Safety Management System Assessment Instrument: A Universal OHSMS
Performance Measurement Tool, Am. Ind. Hyg. J. 59, 572581 (1998).
23. Redinger C, Levine S, Blotzer M, and Majewski, M (2002). Evaluation of an
Occupational Health and Safety Management System Performance Measurement
ToolII: Scoring Methods and Field Study Sites. Am. Ind. Hyg. J., 63: 3440.
24. Redinger C, Levine S, Blotzer M, and Majewski, M (2002). Evaluation of an
Occupational Health and Safety Management System Performance Measurement
ToolIII: Measurement of Initiation Elements. Am. Ind. Hyg. J., 63: 4146.
25. International Organization for Standardization, Environmental Management Systems
Specifications with Guidance for Use, International Standard ISO 14001:2004(E), Geneva,
Switzerland, 2004.
26. American Industrial Hygiene Association, AIHA White Paper on Risk Assessment and
Risk Management, Fairfax, VA, 2002.
27. International Labour Office, Report of the Meeting of Experts on Guidelines on
Occupational Safety and Health Management Systems, Document GB.281/4, Geneva,
2001.
28. U.S. Department of Labor, Occupational Safety and Health Administration, Safety and
Health Achievement Recognition Program (SHARP) by the Office of Cooperative
Programs (OSHA Instruction TED 3.5A, and Form 33), Washington, DC, 1995.
29. U.S. Department of Labor, Occupational Safety and Health Administration, The Program
Evaluation Profile (PEP) by the Directorate of Compliance Programs (OSHA Notice
CPL 2), Washington, DC, 1996.
30. Voluntary Protection Program Participants Association, Benefits of VPP Participation:
Data from VPP Sites, Falls Church, VA, 1996.
31. National Occupational Safety Association, NOSA 5 Star Safety & Health Management
System, Reg. No. 51/00010/08: HB 0.00.50E, Arcadia, Republic of South Africa, 1992.
32. Health Safety Executive, Successful Health and Safety Management, HSG 65, Her
Majestys Stationary Office, Norwich, United Kingdom, 1991.
33. F. Bird and G. Germain, Practical Loss Control Leadership, Institute Publishing/ILCI,
Logan, GA. 1985.
34. R. McKinnon, Cause, Effect, and Control of Accidental Loss With Accident Investigation
Kit, CRC Press, Baca Raton, FL, 2000.
35. National Research Council, Standards, Conformity Assessment, and Trade: Into the 21st
Century, National Academy Press, Washington, DC, 1995.
36. Redinger C and Levine S (1998). Analysis of Third-Party Certification Approaches
Using an Occupational Health and Safety Conformity-Assessment Model, Am. Ind. Hyg.
J., 59: 802.
37. International Organization for Standardization, Guidelines for Quality and/or
Environmental Management System Auditing, ISO 19001:2002, Geneva, 2002.
38. International Organization for Standardization, Risk ManagementPrinciples and
Guidelines, ISO 31000:2009, Geneva, 2009.
2162 OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS