You are on page 1of 32

Systems

in focus
Guidance on occupational safety
and health management systems

direction

09.1
IOSH publishes a two-tier range of free
technical guidance. Our guidance literature
is designed to support and inform members
and motivate and influence health and
safety stakeholders.
Direct info
Brief, focused information on health and safety topics, typically operation or sector-specific.

Direction
Strategic corporate guidance on health and safety issues.

Systems in focus
Guidance on occupational safety and health management systems

The aim of this guide is to provide occupational safety and health (OSH) practitioners,
managers, educators and others with a basic understanding of the role and development of
OSH management systems. Starting with a brief introduction to the subject, the guide
contains:

• general structure – main components, history, links with international regulatory regimes
and integrated systems
• detailed structure – key elements of effective systems
• discussion – advantages and disadvantages, certification and getting started.

The guide also has reference and further reading sections.

Systems in focus can be downloaded from www.iosh.co.uk/techguide. If you have any


comments, please contact Richard Jones, IOSH Policy and Technical Director, at
richard.jones@iosh.co.uk.

IOSH Technical Committee


April 2009
01

> Contents
1 Introduction 2
2 The main components of OSH management systems 3
3 Typical systems – an overview 5
4 Regulatory and industry standards – some global perspectives 8
5 Should management systems be integrated? 9
6 The key features of an effective OSHMS 10
7 Advantages and disadvantages of OSHMSs 18
8 OSHMS certification 21
9 How to get started 22
References 24
Further reading 25
Appendix: List of abbreviations 27
Acknowledgments 28

> List of figures


Figure 1: Plan–Do–Check–Act diagram 3
Figure 2: Flowchart based on HSG65 5
Figure 3: Flowchart based on OHSAS 18001 6
Figure 4: Flowchart based on ILO guidelines 7
Figure 5: OSHMS stakeholders 13
Figure 6: Process for developing an OSHMS 23

> List of tables


Table 1: Typical changes faced by an organisation 10
Table 2: Advantages and disadvantages of internal audit 16
Table 3: Advantages and disadvantages of external audit 16
Table 4: OSHMS comparison table 22
02

1 Introduction

Guidance context they do to other core business European Union (EU) Framework
activities. We believe that the formal Directive,1 while others were created
Changes in work OSHMSs mentioned in this guidance, in response to industrial sector needs
Developed countries are experiencing and others based on similar (eg Responsible care2 in the chemical
a shift of balance from principles, provide a useful approach industry). With the publication of
manufacturing to service industries, to achieving these goals. International Labour Organization
new technologies, globalisation, (ILO) guidelines3 in 2001, the
flexible work practices and an ageing Guidance international dimension came fully
workforce. Meanwhile, many This document helps professional into focus. Today, the leading
developing countries are shifting from health and safety advisers to explore international standard is OHSAS
rural to industrial and service what OSHMSs can offer their own 18001.4
activities. Both scenarios present organisations and those that they
changing work patterns and advise. It has three specific aims: This guidance is divided into three
associated hazards. The multitude of • to support improvements in broad parts. Sections 2–5 cover the
work-related risks requires a effective health and safety general structure of OSHMSs,
systematic approach to occupational management including their history, links with
safety and health (OSH) • to help organisations that want to international regulatory regimes and
management, and some of the introduce formal OSHMSs the issues involved in integrating
principal management tools are • to encourage IOSH members to them with other management
occupational safety and health play a full part in these systems and with business risk
management systems (OSHMSs). developments and in continually management. The detailed structure
improving existing systems. of an OSHMS and the key issues
Management system involved in implementing it are
developments Structure of guidance covered in section 6. Sections 7–9
Organisations are being encouraged Adopting and implementing an provide information on the
to adopt formal management systems OSHMS, and integrating it with other advantages and disadvantages of
through their supply chains, and to a management systems, requires OSHMSs, the issue of third-party
lesser extent through legal pressures. careful planning and management. certification, and how to get started.
Current systems include both generic This guidance outlines the basis of The appendix contains a list of the
approaches and sector-specific these systems, discusses some of their main abbreviations used in this
arrangements developed by trade benefits and pitfalls, offers practical guidance.
bodies. The continued development suggestions and explains how to
and wider use of formal systems implement and develop an effective
seems to be inevitable, particularly OSHMS.
where corporate governance issues
have a high priority.
OSHMSs – an overview
Common features
Formal systems have at their core the The main components of an OSHMS
elements of plan, do, check and act include both policy – a ‘mission
(PDCA) – embodying the principle of statement’ for health and safety that
continual improvement. Although provides a mechanism for
there are potential disadvantages to management control and
formal systems, such as increased accountability – and arrangements for
paperwork, the benefits of implementation, monitoring
developing arrangements that fully (including audit) and continual
meet your organisation’s needs make improvement. Formalising these
them worthwhile when they’re arrangements removes the potential
properly implemented. arbitrariness of processes developed
by a few individuals and helps to
IOSH’s position support a management culture that
IOSH recognises that work-related can involve the whole workforce.
accidents and ill health can be
prevented and wellbeing at work can OSHMSs have developed through
be improved if organisations manage national and international co-
health and safety competently and operation. Some were boosted by
apply the same or better standards as legal developments such as the
03

2 The main components of OSH management systems

Whatever management model you responding to emergencies, as (eg regulators, trade unions and
use, it’s likely to be based on the well as identifying legal and other neighbours). Involving all these
principle of plan, do, check and act standards that apply. The groups will also help you to shape
(PDCA – also known as the ‘Deming organisation should set long term your risk management
cycle’). OSH objectives and plan targets programme.
and actions to achieve them. • Implementing and operating –
Numerous types of management • Organising – a definition of the putting management processes
system are based upon this principle, organisational structure, allocation and plans in place and carrying out
notably health and safety (OHSAS of OSH responsibilities to the activities from risk assessment
18001), quality management (the ISO employees linked to operational to audit – in other words, putting
9000 series) and environmental controls, and ways of ensuring the OSHMS into practice.
management (the ISO 14000 series). competence, training and • Measuring performance – from
You can gain significant benefits by consultation. reactive data on the rates of
integrating your organisation’s • Workers’ representatives* – a work-related injuries, ill health,
approach to these areas – in other crucial resource that can make a near misses (sometimes referred to
words, by adopting a holistic valuable contribution to the as ‘near hits’) and other incidents,
approach (see page 09). organisation’s overall response to to active data on routine
risk and opportunities. inspections, health and safety
Effective OSHMSs include the • Communicating – from basic committee activities, training, risk
following elements: information and work procedures assessments and so on (see IOSH’s
• Policy – a statement of to the details of the system itself, guidance on reporting
commitment and vision by the from managers to workers and performance5). Formal audits
organisation, which creates a vice versa. should evaluate the overall
framework for accountability that • Consulting – whatever the flow performance of the system.
is adopted and led by senior of information, you need an • Corrective and preventive
management. effective way of tapping into the actions – a fundamental OSHMS
• Planning – a plan for identifying fund of knowledge and expertise component is a systematic
hazards, assessing and controlling held by your workforce, clients, approach to identifying
risks, and preparing for and suppliers and other stakeholders opportunities for preventing

> Policy
Plan > Planning
> Hazard identification and risk assessment

Do > Implementation and operation

> Performance assessment


Check > (active and reactive)

Act > Review and continual improvement

Figure 1: Plan–Do–Check–Act diagram

* We’ve used ‘workers’ representatives’ in this guidance to mean any workers’ safety representatives, regardless of whether they’re
appointed by a trade union or chosen in some other way.
04

accidents and ill health, including includes making sure that


those that stem from investigating compliance with relevant legal
work-related injuries, ill health and and other requirements is
incidents. Various techniques are periodically checked.
used to identify and correct • Continual improvement – at the
weaknesses in the system and to heart of the system is a
find ways of preventing failures fundamental commitment to
and harm. manage health and safety risks
• Management review – an proactively, so that accidents and
evaluation of how appropriate the ill health are reduced
overall design and resourcing of (effectiveness) and/or the system
the system are, as well as its achieves the desired aims by using
objectives in the light of the fewer resources (efficiency).
performance achieved. This
05

3 Typical systems – an overview

Many OSHMSs have been published It’s based on the traditional PDCA contains information on managing
over the past 25 years. Some reflect principle, where the organisation’s plans change and more advice on
the interests of the sponsoring reflect the policy document and the consultation, communication and
bodies. For example, the American implementation phase is dominated by continual improvement. HSG65
Industrial Hygiene Association system risk assessment and application of retains the special status of a
places the industrial (occupational) controls. Checking includes a mixture management system developed by a
hygienist at centre stage as the of performance monitoring, auditing regulatory agency, and it’s familiar to
crucial competent person. Others, and corrective action. many UK-based managers and OSH
such as the International Safety practitioners, particularly in larger
Rating System, were developed so The guidance intentionally reflected organisations.
that commercial organisations could contemporary management processes
offer third party certification. Three and encouraged readers to harness OHSAS 18001
generic OSHMSs reflect this history them for health and safety OHSAS 180014 grew from a desire to
and illustrate the different emphases programmes. However, at that time, create a system capable of
of current systems. the HSE was under pressure to restrict assessment and certification, as a
its activities to supporting and follow-on from BS 8800 (now revised
HSG65 enforcing legal compliance. This led and reissued as BS 18004:20087).
The UK Health and Safety Executive to a system in which legal compliance
(HSE) published Successful health and became embedded in organisational HS(G)65 covered the implementation
safety management (HS(G)65) in policy and, once achieved, the aim of an OSH policy, and implied that
1991. This was characterised by five was largely to maintain the status this would be quite straightforward
key elements: quo. This compared unfavourably once the policy had been adopted.
• policy with systems that unambiguously OHSAS 18001, on the other hand,
• organising focus on continual improvement, a more fully reflects the problems of
• planning and implementation fundamental weakness that was changing an organisation. Building
• measuring performance addressed in the second and current on established environmental
• audit and review. edition of HSG65.6 This edition management systems in particular,

Policy Control link


Information link

Organising

Planning and
implementation

Measuring
performance

Auditing Reviewing
performance

Figure 2: Flowchart based on HSG65


06

OHSAS 18001 recognises the 2001 Guidelines on occupational


importance of planning and safety and health management
managing the changes that are likely systems3 established an international
to be needed as an OSHMS is model, following a detailed review of
introduced. over 20 management systems
worldwide. It reflects the
ILO OSHMS guidelines globalisation of organisations and the
The ILO is a tripartite United Nations increase in outsourcing and
agency that influences the partnering – these changes
development of labour laws across demonstrate how systems need to
the globe. Its publications and evolve continually to reflect new
guidance are authoritative and its business practices.

Policy
Continual
review
Planning

Implementation
and operation

Checking and
corrective action

Management
review

Figure 3: Flowchart based on OHSAS 18001


07

Policy Continual
improvement
Organising

Planning and
implementation

Audit
Evaluation

Action for
improvement

Figure 4: Flowchart based on ILO guidelines


08

4 Regulatory and industry standards –


some global perspectives
A key factor in implementing a prescriptive regulations – which have Some management systems have
formal OSHMS is consideration of the the advantage that employers are been developed to meet the needs of
legal framework that creates the told explicitly what they have to do – specific sectors. For example:
operational context. In the EU, to process requirements, with risk • the chemical industry has
Australia and offshore regimes assessment as the key process developed Responsible care
generally, regulation of major hazard (although many would argue that in • the shipping industry uses the
industries via a ‘safety case’ approach the EU there’s still a strong drive IMO’s ISM Code
is accompanied by an emphasis on towards embedding detailed • oil and gas producers have
effective management systems to prescriptive requirements in published comprehensive, global
complement and reinforce required Directives). Developing management guidelines for a health, safety and
high standards of technical safety. systems is another step along the environmental system for
Also, the International Maritime same road. The structure of a lot of exploration and production
Organization (IMO) now requires national legislation reflects this. In the activities.11
most categories of international UK, for example, the Management of
shipping to use the International Health and Safety at Work Looking ahead
Safety Management (ISM) Code,8 an Regulations 19999 require There is increasing international
OSHMS for marine operations. demonstrable management of OSH. certification to OHSAS 18001 and an
In Canada, ‘due diligence’ defences increasing trend towards integrating
Some countries, particularly in the have been successfully used by PDCA management systems. The
Pacific Rim, require organisations to defendants with a formal OSHMS. In OHSAS Project Group surveys have
adopt OSHMSs with third-party Norway since 1991, it’s been found that between 2003 and 2007,
auditing by government-approved mandatory for organisations to the number of countries where
auditors. In others, there have been establish internal control systems to OSHMS certification occurs has
moves to link internal OSHMS status make sure that health and safety grown from 70 to 102 and the
with the enforcement inspection activities, including internal and number of reported OHSAS 18001
regime. For example, under the external audit, are legally compliant, (or equivalent) certificates from 3,898
Voluntary Protection Program in the and to document them. Similarly, to 31,512. These trends are driven by
United States, organisations with Swedish law requires systematic factors such as the increasingly
systems approved through an internal control of OSH. In India, international nature of business and
extensive audit may be exempted following the Bhopal disaster, supply chain requirements in general,
from ‘normal’ Occupational Safety legislation in 1988 prescribed supported by increasing recognition
and Health Administration (OSHA) systematic management to prevent by enforcers that management
inspections. Proponents of this system such events. The Chinese government systems – when run properly – can
claim that it allows employers to has adopted the ILO’s OSHMS help to deliver improved legal
concentrate on systems of work guidelines and has used them to compliance and OSH performance. In
rather than individual deficiencies develop a certification framework. addition, the designers of
(hazards and risks), but there’s Australia and New Zealand have a management systems themselves are
considerable debate over the merits well-developed national OSHMS paying increasing attention to supply
or shortcomings of this approach. standard,10 but no plans to make its chains and dealing with OSH issues
adoption mandatory. These are all associated with products, not just
There’s also been a general examples of the extension of self- with operations.
worldwide movement away from regulation.
09

5 Should management systems be integrated?

IOSH’s guidance, Joined-up working – Co-operation and Development and their systems successfully will already
an introduction to integrated in the so-called ‘Turnbull Report’,14 use multiple channels of
management systems12 covers: which requires companies listed on communication founded on trust,
• the case in favour of integrating the UK stock market to identify, respect for the expertise of co-
management systems assess, record and manage their workers, and experience of and
• arguments for retaining largely significant risks in a suitable manner. confidence in managing change.
independent systems There must be systems for regularly
• organisational prerequisites for reviewing these risks and adjusting However, while many of the generic
integration their controls, together with elements of an IMS can be set up by
• factors that should be considered statements in company annual non-specialists, it’s vital that risk
when introducing an integrated reports that confirm the effectiveness assessment processes are supported by
management system (IMS) of these systems. people who are fully competent in the
• maintaining and developing an specific areas covered by the
IMS. Hence, the management of OSH, integrated system (quality,
environmental or quality risks should environment, health and safety, and so
IOSH’s view is that “an effective IMS not be treated in isolation, because of on). This is necessary both to avoid
should be the preferred option for the impact that poor risk overlooking hazards and to make sure
many, but not all”. A well-planned management can have on brand, that controls intended to minimise
IMS should be more efficient and reputation, business continuity and risks reflect current good practice.
capable of taking the best decisions financial wellbeing. This is the
in the face of various factors and fundamental reason why most An IMS encompassing OSH,
uncertainties. organisations integrate their OSHMS environmental and quality risks can
with the systems used to manage be a major step in the direction of
An integrated approach is also environmental and/or quality risks. continual improvement. This drive for
expected in business risk Integration allows risks to be continual improvement in all areas of
management (BRM), which is defined prioritised overall, so that resources BRM – including OSHMSs – can be
in IOSH guidance13 as “the can be allocated to achieve maximum further enhanced by setting targets,
eradication or minimisation of the risk reduction and benefit. In non- establishing proactive key
adverse effects of pure and integrated systems, on the other performance indicators and using
speculative risks to which an hand, resources are allocated to each performance appraisals to formalise
organisation is exposed”. Such risk risk area in isolation, and the responsibilities for all directors,
includes health and safety, resources allocated to each may not managers and supervisors who
environmental and quality failures. reflect that risk area’s overall contribute to the achievement of the
significance. organisation’s goals, vision and
The requirement for corporate mission. An effective IMS greatly
accountability based on a BRM The process of integration presents enhances OSH management and
approach is highlighted both globally distinct challenges to organisations. leads to continual improvement in
by the Organisation for Economic Those that are most likely to integrate the level of performance.
10

6 The key features of an effective OSHMS

This section covers four essential particularly true for organisations state of effectiveness and
elements of an OSHMS: operating in an environment that’s efficiency, often described as
• continual improvement (and how continually changing (see the typical ‘breakthrough performance’
to achieve it) examples of change in Table 1). It • improvements in the system itself,
• system activities (high-level also explains why discussion about so that it’s more comprehensive,
objectives and detailed OSHMS the need for an OSHMS often starts easier to understand, or in other
activities) from the continual pressure to reduce respects better than before.
• stakeholder involvement (internal accidents, incidents and ill health.
and external)
• auditing and verification (good With continual improvement built Reporting up?
practices in OSH auditing and into an OSHMS, opportunities to When launching a more systematic
auditor competence). improve effectiveness and efficiency approach to health and safety, one
are systematically identified and improvement will be in reporting
action is taken. Often this can be rates, ie staff and managers will
A good system? done at low cost as part of the declare a higher proportion of
If you want a simple diagnostic for preparation for, or response to, other accidents and incidents. This leads
‘is our OSHMS good?’, then required changes. to an apparently rising rate – which
evaluate how effective it is at can look like failure. Prepare
driving improvements in However, ‘improvement’ need not colleagues for this before you
performance, rather than simply imply greater complexity. If the begin.
disciplining people to follow set OSHMS is simplified, it may become
procedures. easier to understand and apply,
yielding better overall results. How to achieve continual
Improvement may also be possible by improvement
Continual improvement broadening the scope of the system, Traditionally, the audit stages of the
for example by applying it to OSHMS are seen as the fount of all
Quality systems standards did not outsourced services, value chain improvement wisdom, but this
initially include continual interactions and new technical areas viewpoint unnecessarily restricts
improvement. This omission was such as occupational road risk. thinking about improvements in
corrected in ISO 9001:2000,15 but managing the workplace. There are
may be one reason for a widespread Continual improvement in an OSHMS other important sources of data,
view that the primary output from can have four aspects: including statistics, benchmarking
quality management systems is • results that are better year on and industry or sector guidelines, as
paperwork, rather than real year, as measured by falling rates well as the people in the
improvement in work processes and of injuries, ill health and damage organisation.
products. In fact, continual • steady or improved results that are
improvement is vital if management achieved with fewer resources People who operate systems are
systems are to be effective (in the because the OSHMS itself often a fertile source of improvement
sense that the results achieved are improves and effort is better ideas – if they’re encouraged to
what’s required) and efficient (in the targeted express them. Managers, team
sense that the resources used are • results that move the culture of leaders, workers and their
sustainable in the long term). This is the whole organisation to a new representatives – if they truly feel

External changes Internal changes


• New guidance, industry or national standards • New products, services or workplaces
• National targets, such as Revitalising health and safety • New working arrangements, such as a union
(launched in 2000 in the UK)16 agreement or home working
• New hazards, or new emphasis on old hazards, such as • Business reorganisation, such as outsourcing
stress and asbestos • Business growth and change
• Campaigns by regulators, trade unions, non- • New work equipment, or changed contractors or
governmental organisations (NGOs), media suppliers
• New or revised legislation • New employees, or experienced employees leaving the
• Supply chain (client) pressures organisation
• Merger or takeover

Table 1 Typical changes faced by an organisation


11

they ‘own’ the work processes and System activities ‘Step change’ or ‘continual’?
are actively monitoring them – usually
A ‘step change’ is often suggested,
have many ideas for improvement, to Documenting your organisation’s
perhaps in response to external
make processes both easier to activities, whether on paper or
pressures for improvement. But the
operate (efficient) and more likely to electronically, is important and should
ability to achieve a step change in
produce the desired results (effective). be the basis for:
most organisations is limited – even
Involving the workforce, particularly • training people with OSHMS
when there are true step changes
through worker representatives, is responsibilities
in inputs to a complex system,
crucial to achieving OSH • the OSHMS trainees’ reference
outputs alter much more slowly.
improvements. One method that is manual
Step changes in organisations often
effective is the creation of ‘diagonal • the audit standard.
have unplanned and undesired
slice’ groups – such as worker, team
effects. Even where a real step
leader, engineer and manager – High-level objectives
change is needed, an effective
working as an improvement team. To The OSHMS will incorporate detailed
project to make it happen will
achieve good OSH results, it’s also activities designed to achieve or
consist of many small changes,
essential that directors, managers, support the following high-level
each contributing to the overall
team leaders and the whole objectives:
plan and aligned with the overall
workforce see health and safety • clear policy-making with written
objectives. Thus, a ‘continual
issues as their responsibility, not just commitment to good standards at
improvement’ model is a good way
the concern of the OSH professionals. the highest level in the
to manage all types of change. This
organisation, supported by visible
was recognised by Rolls-Royce plc
A process is needed to make sure leadership, adequate resources,
when it initiated the ‘One small
that improvement ideas are gathered personal involvement, and regular
step’ programme for organisational
and evaluated (with feedback given monitoring and reviews of
transformation. It was summarised
to the originators), and that those performance (which, for example,
well by the Japanese industrialist,
that add value are suitably resourced, require the chief executive officer
Soichiro Honda, who once said: “It
implemented and monitored. It’s or managing director to ask
is more benefit to the success of
important that improvement probing questions during
the business that 1,000 people
suggestions support long term meetings and site visits, and all
take one step forward rather than
strategic goals. If they do, and they’re directors to participate in risk
one person taking 1,000 steps
swiftly implemented, the net effect of inspections or reviews)
forward.”
many small improvements can be • employment of competent staff,
dramatic. The process of creating with adequate resources and time
improvement ideas can also be to train and develop them
subject to formal management • effective arrangements for
What is the system?
processes. For example: involving and consulting key
A description of a management
• issues can be managed using stakeholders such as employees
system is not the system itself.
‘SMARTT’ improvement plans, ie (including developing partnership
Sometimes a manual is handed
specific, measurable, agreed, agreements with trade unions),
over with the comment ‘this is our
realistic, timetabled and tracked customers, regulators and other
management system’, when what
actions that are reported back to statutory consultees, contractors,
should be said is ‘this document
the ‘owner’ (accountable person partners and neighbours, and also
describes and summarises what we
or group) – which may be the for sharing lessons across the
do in practice – our management
safety committee, the local line organisation and more widely as
system’.
manager or a director appropriate
• a task group can be set up to • making sure that materials,
review a particular issue, such as equipment and services bought
workplace transport, with a brief outside the organisation are
to report back with chosen according to appropriate
recommendations for OSH criteria as well as price.
improvement to the owner of the • making sure that technical and
issue. operational records are available,
12

updated and retained as necessary Each of the OSHMS activities should expected outcome is. The monitoring
to meet business needs and be in the form of an auditable and audit steps are used to check
regulatory requirements standard – in other words, a ‘system’ whether such supporting processes
• regular monitoring of all parts of or ‘process’ that uses defined inputs are available where needed, and
the OSHMS by those responsible to achieve defined output goals. Here whether they’re effective, and to
for business processes, work are some examples: identify possible improvements.
groups and work sites, to • A current health and safety policy
compare actual performance with statement, signed by the It’s increasingly apparent that
expected results and goals responsible director, is readily effective OSHMSs cover human
• a system for planned audits to available and used during the factors and don’t assume a
verify how effective the OSHMS is induction process for all mechanistic approach to
in practice (see page 16) employees and contractors. organisational and individual
• systems for identifying and • A register of relevant hazards is behaviour. For example, leadership
reporting instances where the held by each work section, and the effects of human reliability
required standards aren’t met, including summaries of key on the effectiveness of hazard
including external reporting where controls and any current controls are important issues to
required improvement plans (risk consider and monitor.
• investigation of the root causes of assessments). This includes the
these non-conformances, with likely consequences if control
corrective actions applied to systems fail, such as single or Tailor the system
improve the OSHMS and prevent multiple fatalities, small or large It is vital to adapt the ‘standard’
recurrences scale damage and short or long OSHMS to the particular
• emergency systems, including term ill health. organisation. An OSHMS used by
plans and competent people to • All reported accidents are a large multinational organisation
implement and respond to them, categorised by potential (not just can have more than 200
for containing and controlling actual) outcome and prioritised for ‘activities’ – all of which are
serious system or business failures investigation into root causes on needed somewhere – although
and minimising adverse effects. the basis of this potential each small part of the
outcome. Suitable organisation will implement only
Detailed OSHMS activities recommendations are made to the subset relevant to its part of
The OSHMS model you use (see page prevent recurrence and are the organisation. A smaller single-
22 for information on choosing the monitored to verify that they’ve site organisation might need
right one) should be adapted to meet been followed through. substantially fewer activities to
the needs of your organisation. How • Contracts are awarded and cover everything significant.
the high-level requirements managed with OSH performance
summarised above are broken down among the key performance
into activities and described in criteria. Stakeholder involvement
practice can depend on:
• the type of hazards managed by Each of these describes goals to be A range of individuals and groups are
the system – are they well achieved, but doesn’t detail what ‘stakeholders’ in the OSHMS – in other
understood or new? Are external actually happens in the workplace. words, they may be affected by its
and/or internal stakeholders at The OSHMS activity description is results and therefore potentially
risk? Do they have short or long ‘goal-setting’, minimising the need interested in its content and
term effects? for revision whenever the effectiveness. They include people both
• the type of organisation – does it organisation and its work processes inside and outside the organisation
cover a single site or many? Is change. Prescriptive detailed itself, as shown in Figure 5.
there much outsourcing or not? procedures, responsibilities,
How many products and documents, training modules and so Internal stakeholders
customers are involved? on are needed, but these operational-
• the range of technologies – how level documents don’t usually form Directors or trustees
many technical disciplines and part of the OSHMS description. Directors (including charity trustees and
standards are there? Operational-level procedures need to senior officers of public bodies, as
• legislative and other applicable include the key element of specified in their policies and
standards – are they based on accountability and must be sample arrangements) are legally responsible
prescriptive laws and external audited to make sure that they define for organisational performance.
operating standards or goal- who’s responsible for what and when Traditionally, financial performance
setting? (or how often), and what the indicators are the only ones included in
13

directors’ annual reports, but measures consistently demonstrate that health


Reality check
of performance in other key areas, and safety results are as important as
Make sure that senior managers
notably corporate social responsibility other key business goals. This should
and directors visit accident sites
(CSR) – which includes health and be reflected in annual business
and those affected by accidents,
safety, environmental and other issues targets. Similarly, OSH performance
such as people who are
– are increasingly used. UK accounting should form part of business
hospitalised following an accident.
standards for organisations quoted on agendas, formal and informal
This will help to make sure that
the London Stock Exchange (Turnbull14) discussions with employees and so
senior staff don’t become isolated
and for registered charities (SORP17) on.
from the realities of daily
require directors, trustees and senior
workplace hazards and the
officers to provide assurances that all If leaders display behaviour that
damaging effects to individuals of
significant risks, including health and demonstrates the high value they
failures in the OSHMS.
safety risks, have been identified and place on the health and safety of
Conversations with workers’
that appropriate controls are in place. each person for whom they’re
representatives can also act as a
IOSH has published guidance for responsible, and also accept personal
helpful ‘reality check’ for senior
people responsible for reporting responsibility for organisational
staff.
organisational health and safety performance, they’ll be able to make
performance, outlining how to include a huge difference to the commitment
these data in annual reports.5 to continual improvement. In the UK,
the Institute of Directors and the HSE
A prerequisite of good performance is have produced a guide for directors
that leaders of organisations and their equivalents.18

Internal stakeholders
> directors and trustees,
or equivalents
> workforce, including
trade unions, worker
representatives and
on-site contractors
> OSH professionals

External stakeholders
> regulators
> neighbours
> clients and supply chain
> insurers
> shareholders/investors
> corporate social responsibility
lobby/consumers
> global bodies

Figure 5: OSHMS stakeholders


14

The workforce Representatives contribute to the hygiene consultants (who may, for
The workforce is a key stakeholder effectiveness of the OSHMS with example, monitor exposure to
for a number of reasons: their detailed knowledge of what hazardous substances) and
• If OSH management is deficient, happens at the ‘sharp end’. They can: engineering inspectors (who may
the workforce is usually the group • identify opportunities for examine and test local exhaust
most at risk from injury and ill improvement ventilation and so on).
health. This is a major focus for • make sure that workplace
trade unions, both at individual inspections and monitoring are It’s likely that an OSH professional will
workplaces and through national thorough be appointed custodian of the
and international campaigning. • check that planned improvements OSHMS on behalf of the
• Employees have first-hand and changes are realistic organisation, with a key role in its
experience of many workplace • help with root-cause investigations effective implementation and regular
hazards and of how efficient and of failures review. OSH professionals should also
effective current controls are in • act as a focus for employees’ be able to make key contributions to
practice. Employees are a prime questions and concerns audit processes and investigations of
source of ideas for continual • give access to external information serious incidents such as injury, ill
improvement. But some hazards about best practices via trade health or damage.
aren’t easily identified, as their unions
effects are long term or are • provide a valuable ‘reality check’ for External stakeholders
realised so rarely that there’s no senior managers and regulators, as
workforce ‘memory’. This means representatives are typically Regulators
that it’s essential to train relevant confident in stating their views. Regulators’ actions reflect society’s
staff so that they’re competent in growing intolerance of organisations
practical hazard identification. Workers’ representatives need whose profits appear to be earned
• Trade unions and workers’ training to be effective; team leaders without due care for the health and
representatives generally have a and supervisors also need training on safety of workers, customers or the
wide knowledge of and strong how to work with representatives. public. Outside the UK and
commitment to health and safety, particularly in the Pacific Rim, it’s
so are a significant resource for OSH professionals becoming increasingly common for
the OSHMS to incorporate and OSH professionals form the main national legislation to require
benefit from. group of people who advocate the certification to a recognised national
• Whatever formal systems and benefits of OSH systems. UK-based or international OSHMS standard,
controls are used, the individual or organisations have a legal particularly for higher hazard
small team performing a task has requirement to “appoint one or more industries such as construction. In the
great influence over its outcomes. competent persons” to help them UK, areas regulated by safety cases
Legally and morally, each person comply with relevant OSH legislation. (eg nuclear, onshore major hazards,
has a duty of care to him or Where more than one person is pipelines, offshore, railways, gas
herself and to others who may be appointed, team work is important to supply) all require a summary of the
affected by acts or omissions. You make sure that the OSHMS is OSHMS to be included in the safety
can change the behaviour of comprehensive, efficient and case submitted by the operator to the
individuals and groups by making effective. regulator. In addition, some industries
sure that they understand the have adopted voluntary codes and
hazards identified by the local OSH professionals have a key role in standards that include a systematic
OSHMS, the controls in place and advising others with responsibilities approach to OSH management (see
why these are judged to be under the OSHMS, especially in the examples on page 08).
sufficient. knowing about hazards, their likely
effects and current good practice for Investors and insurers
Workers’ representatives avoiding, minimising, controlling and Both investors and insurers are
Setting up a system of employee OSH mitigating them. For OSH concerned about risk, particularly risk
representatives can act alongside professionals to be able to give that isn’t managed effectively.
promoting personal motivation to advice, they must understand relevant Whereas the Turnbull requirements
add value to the OSHMS. Such a legislation, standards, best practice, (see page 09) are targeted at
system is often developed as part of practical risk assessment methods, avoiding major losses, investors are
the formal election of workers’ cost-effective controls and training increasingly requiring more positive
representatives. In the EU and some provision. The OSH professional is reassurance that a business is well
other regulatory regimes, employee also likely to liaise with external managed, and may take health and
consultation is a legal requirement. professionals, such as occupational safety as a marker for performance in
15

general. Insurers may decline certain Health Organization (WHO) and the Typical audits cover three types of
types of risk unless they’re convinced IMO, set standards, as does the GRI, evidence:
that the issues are well managed. based for example on the Universal • documentation – is it adequate?
Evidence of a comprehensive and Declaration of Human Rights. With Does it reflect all OSH hazards of
effective OSHMS can help directors globalisation, such standards assume the organisation?
respond to questions and concerns higher profiles and responsible • interviews – to confirm that
raised by both investors and insurers. organisations must pay more awareness, competence and
attention to ensuring compliance. resources are appropriate
CSR lobby There is special focus on the • observation – to check that
In developed countries, there’s now protection of ‘vulnerable groups’ such arrangements and standards
significant demand for CSR, including as children, migrant workers and described in the OSHMS are
public corporate reporting. Both the female workers. The ILO has actually present in the workplace.
Dow Jones and the FTSE operate published numerous codes on a wide
investor listings linked to CSR results variety of health and safety issues, Audits have several key features:
that include health and safety. seeking to set minimum standards of • Auditors’ independence gives
practice around the world. credibility to the audit findings.
In addition, non-governmental Auditors should not have any
organisations, investors and Compliance with relevant ILO, IMO personal accountability, or direct
consumers19 ask questions about OSH and WHO codes for workplace health reporting relationships, in the
results, particularly of global and safety is often a requirement for group or area they’re auditing.
organisations, if they suspect that operating in developing economies, • Auditors need a strong analytical
activities are being ‘exported’ to in particular for projects funded by ability but also well-developed
locations where workplace OSH the World Bank or the International ‘people skills’, so that they can
standards are lower than in the Monetary Fund. It can be expected collect reliable evidence quickly.
organisation’s home country, thereby that compliance with GRI guidelines The skills of a good accident
increasing profits at the expense of will move, in due course, from investigator have a lot in common
the workforce’s health and safety. The voluntary towards mandatory status. with those of a good auditor, and
ASSE and IOSH guidelines, Global Third-party verification of such vice versa.
best practices in contractor safety,20 compliance may also be expected, • Company procedures and local
cover some of these issues and hence the link to OSHMSs. documents are sampled and
identify more than 60 aspects of evidence is collected to check that
good practice for both clients and operational practice is consistent
contractors – these are applicable to Auditing and verification with documented practice. In
workplace health as well as safety. other words, say what you do; do
Compliance with a recognised Good practices in OSH auditing what you say you do; and prove it.
OSHMS standard is one of the Auditing is the sampling of a process • Evidence is collected from
recommended good practices. by a competent person who’s corporate and local documents,
independent of the process. Auditors interviews and inspections of
Voluntary codes, such as the Global report on the effectiveness of the workplaces. Auditors should
Reporting Initiative (GRI)21 and Social process, focusing on inputs, outputs choose some samples themselves,
Accountability 8000,22 bring together and testing internal controls. not just accept what is put before
the expectations of various ‘Verification’ has a similar meaning to them.
stakeholders in this area, including ‘audit’, but where verification involves • Because an audit is a sample,
the need for appropriate confirming conformity to an external, however well judged, it can never
management systems and recognised standard and results in the result in a ‘perfect’ view of the
verification. In addition, there’s a issue of a compliance certificate, it is facts. Also, findings are valid only
growing consensus that effective risk generally called ‘certification’. ISO up to the time of the audit. When
management needs to extend 1901123 is a useful overall guide on planning improvements, audit
throughout an organisation’s supply how to set up and run a successful evidence, though very powerful,
chain, to ensure security and thus audit programme. It can be applied should be reviewed alongside other
sustainability (a development to virtually any PDCA management data on system performance.
reflected in the ILO OSHMS system; though it only covers
guidelines). environmental and quality systems, it Some small and medium-sized
can easily be adapted to apply to enterprises may not have a fully
Global bodies health and safety auditing and is in documented OSHMS, but will be able
The United Nations and its subsidiary the process of being amended to to demonstrate a clear understanding
bodies, such as the ILO, the World incorporate this. of hazards and effective controls.
16

• including positive as well as benchmarks for improvement.


Avoid paper mountains
negative findings in the final • In the UK, the HSE’s guidance,
In audits, don’t overemphasise the
report Measuring health and safety
need for comprehensive
• discussing potential negative performance,24 can be used both
documentation – if evidence from
findings as the audit as an input to OSH audit
interviews and work sites shows
progresses, to give people the methodology and as a source of
the system produces high quality
chance to produce additional ideas on quantifying audit results.
results, would more or better
evidence if provisional findings • As audit processes mature, include
paperwork add value?
are incorrect. auditors from clients, contractors,
• For large organisations, an overall trade unions or other partners to
audit plan is required so that all aid both transparency and the
Examples of good auditing areas are covered in an agreed sharing of good practice. Consider
practice timescale. The initial plan may be the value of external certification
• Techniques to avoid conflict hazard-based (areas with the as an additional source of
between the aims of the auditor highest potential for harm are improvement ideas.
and the perceptions of the auditee audited first), later becoming risk-
include: based (areas with least effective
• using a transparent controls are checked more than Positive and practical?
performance standard as an those with proven effective A really effective audit system is
agreed basis for audit (eg the controls). one in which those being audited
organisation’s own OSHMS • Any audit scoring system should look forward to the process,
activity descriptions or a encourage future improvements in expecting new and useful ideas
published standard) preference to highlighting past for practical improvements. If they
• making sure that audit reports successes. Discourage face audits with dread, the audit
aren’t seen as the only source overemphasis on numerical scores system needs to improve, not
for continual improvement and inter-group competition based those being audited!
ideas on them; scores should be used as

Advantages Disadvantages
• Internal auditors know the organisation and where to • External stakeholders may have suspicions about the
look for evidence independence of internal auditors
• Internal auditors’ reports have high internal credibility • Internal auditing takes resources away from normal
• Because internal auditors audit their peers, their work – for both training and planned audits
findings are more likely to be seen as realistic by • Internal auditors can have a limited vision of
auditees improvement opportunities because of a lack of
• Auditing is an excellent developmental experience external benchmarks
because employees learn in detail about other parts of
the organisation
• Using internal auditors helps the transfer of good
practices across the organisation because they identify
opportunities for sharing

Table 2 Advantages and disadvantages of internal audit

Advantages Disadvantages
• External auditors have high credibility with external • External auditors must earn respect for their findings
stakeholders within the organisation – initially, they are often viewed
• External auditors provide strong benchmarking negatively
knowledge and can give access to external verification • External auditors don’t know the organistion, so may
bodies and recognised certification where this adds ask for a lot of pre-audit documentation and take
value longer than internal auditors to complete their work
• External audits can be expensive

Table 3 Advantages and disadvantages of external audit


17

Auditor competence standards in OSH, such as those


Auditors’ experience
Competence of auditors is a critical required of Chartered Members of
Whatever their understanding of
factor. Competence requires IOSH. Their Continuing Professional
OSHMS models and theory, if an
knowledge, skill, practical experience Development (CPD) should also
OSHMS auditor lacks current
and suitable personal qualities, and ensure that their auditing skills are
experience in practical OSH hazard
must cover two areas: auditing current. However, where certification
identification, assessment and
methods and the processes being is not involved, and particularly where
implementation of suitable
audited. It’s often easier to supply the specialist areas are being audited, it
controls in the type of
necessary breadth and depth of may be enough for the leader to
organisation they’re auditing, their
competence in a small audit team meet these standards, while other
report is unlikely to add much
than in a single individual. A team team members have an appropriate
value.
approach also allows new or mix of OSH and audit competences.
inexperienced auditors to be OSH professionals providing internal
introduced to processes and OSHMS audit services should meet
organisations. When planning audits, similar standards to those of external
you must decide whether to use auditors.
auditors who are external to the
organisation, or to use internal While part-time internal OSHMS
auditors who are independent of the auditors are unlikely to benefit from
areas to be audited. formal qualifications and CPD to the
same extent, they should have basic
Where formal certification is offered training in both OSH and audit skills,
as a result of an audit, all auditors which can be given through internal
should meet recognised competence courses and experience.
18

7 Advantages and disadvantages of OSHMSs

Advantages Legal compliance is easier to Increasing the effectiveness of


attain and prove initiatives
A system meeting your risk needs The development and extension of The longevity of management and
An OSHMS can prioritise the planning, health and safety law, notably other health and safety-related
organising, control, monitoring and through ‘new approach’ Directives to initiatives in organisations varies.
review of measures to protect people help create a single European market, Many organisations use campaigns
from work risks. It’ll help you allocate have led to additional legal and awareness-raising programmes to
the correct resources, achieving requirements. Organisations can have improve knowledge and encourage
effectiveness and efficiency. difficulty keeping up to date with the participation in health and safety
requirements relevant to their sectors. issues. An OSHMS requires continual
Occupational health focus An OSHMS helps identify relevant improvement and this can increase
Significant occupational health risks statutory provisions and creates a the duration and effectiveness of
can be assigned the correct level of framework of procedures to make management initiatives, allowing
importance and be properly sure that the organisation consistently them to adapt and develop in line
resourced. This isn’t always the case complies with the law. with policy commitments.
with ad hoc OSH processes, which
depend largely on the experience of Proving ‘reasonably practicable’ Visible commitment of ‘top
available OSH practitioners (including In the UK and some other countries, managers’
occupational hygienists) and the you may have to prove that you’ve OSHMSs, like other management
internal structures of the met ‘practicable’ and ‘reasonably systems, formally require ‘top
organisation. Also, employees practicable’ requirements in order to management’ to be involved in and
generally have a greater demonstrate legal compliance. When committed to the system. This is
understanding of safety risks than a balanced management system is carefully documented through setting
health risks. When implemented implemented and risk management is policies and objectives and through
correctly, an OSHMS should address systematically applied – based upon regular reviews to check the results
these issues and strike the right the proportionality of risk – it should achieved. Once the objectives are set,
balance in controlling all risks. be easier to prove compliance. For senior managers must visibly
example, quality management demonstrate their commitment to
OSH is as important as other systems (QMSs) have been used to achieving them. It’s consistently
business objectives prove due diligence for compliance argued that such commitment is
Many organisations struggle to give with food safety law and to ensure essential for ‘world-class’ OSH results
OSH objectives the same importance product safety. – an OSHMS demands it.
as other business objectives. At times,
this failure threatens the survival of Helping system integration Regular audits
an organisation; at others, it can lead Many organisations started with a Audits present an opportunity for
to prosecutions and other penalties. QMS, then adopted an environmental benchmarking (eg through creating
A correctly implemented OSHMS will management system and are now audit teams with members from
make sure that appropriate OSH considering an OSHMS. The different departments or from outside
objectives are set by focusing on structures are similar, and adopting the organisation) and identifying
policy and the process of setting an OSHMS will mean that if, at a opportunities for improvement.
objectives and their delivery through later date, you decide you need a External certification and assurance
the management programme. holistic business risk management bodies – which audit against
approach, integration should be applicable standards – can help to
OSH in relation to quality straightforward. identify non-compliances and
British and international standards necessary improvements.
support the drive towards ‘customer Continual improvement
first’ services, and as a result quality is This process aims to improve some Part of corporate governance
high on the agenda. Quality isn’t part of the OSHMS at any one time, There’s an ever-increasing
usually a legal requirement, but rather than trying to improve all the requirement for directors to follow
health, safety and (often) elements in the system codes of practice and meet the
environmental performance are. The simultaneously. This structured and standards expected in public life.
development of formal OSHMSs very practical approach allows the Demonstrating that OSH controls are
should make sure that sufficient organisation to improve areas that adequate is an important part of
importance is given to OSH aren’t operating effectively or meeting this responsibility, and
performance, which typically has efficiently, using reviews and audits to independent audit to externally set
more impact on employees than on identify systematically the standards is an impartial way of
customers. opportunities for improvement. achieving this. Regular management
19

review of audit reports and OSHMS they can take or sanction continually Heavy demand on resources
results meets governance reminds them of their critical health A lot of resources are required to set
requirements for OSH risks. and safety role. up an OSHMS. Although this can be
offset by the inclusion and
Reassuring the enforcement Systematic risk management involvement of employees, key
authorities Perhaps the biggest challenge is to managers and safety representatives,
Enforcement authorities require comply with the legislative need to a realistic appraisal will still identify
organisations to comply with plan, organise, control, monitor and the need for significant management
applicable health and safety review the preventive measures in time, and implementing an OSHMS is
legislation. The formality and place to control significant risks. An likely to dominate the work of the
systematic approach to compliance OSHMS creates a structured system OSH professionals involved. If some
required by an OSHMS encourages for compliance with the requirements of the work is contracted out, take
confidence in the organisation’s of both applicable legislative codes care to check that the results match
internal approach. In the UK, for and industrial sector best practice. the organisation’s needs.
example, the HSE’s HSG65 states: “If
you do follow the guidance you will Human behaviour may not be
normally be doing enough to comply Disadvantages fully addressed
with the law.” Recent developments in determining
Bureaucracy (paperwork or reasons for health and safety errors
A focus on OSH resources electronic documents) place greater emphasis on the
An OSHMS requires resources to be The need for a simple, effective behaviour of workers and managers.
allocated in all functions and at all system won’t be met if the system This focus on the human factor can
levels throughout the organisation. A generates excessive paperwork. You be lost if there’s too much emphasis
risk-based approach which ensures need to minimise the number of on the paperwork requirements of a
that the scale of a management documents and records (in other formal OSHMS. For example, it’s easy
system is proportionate to the risks words, streamline document control), to overlook the need to monitor
and necessary control measures but be careful in doing this. workplace behaviour and talk with
makes such resource allocation and involve people. However, with
intrinsic to the whole organisation. Integration attention to continual improvement,
This is, in part, what the Turnbull Usually discussed as an advantage, any issue – including human factors –
Report requires of London Stock integration depends on many factors, can be addressed.
Exchange-listed companies. including internal politics. There’s a
risk of diluting health and safety Certification and assurance bodies
Emergency preparedness effort or creating inequality between are still learning
OSHMSs should make sure that management of quality, health and There can be conflict when auditors’
suitable resources are made available safety, and environment. For example, interpretations of health and safety
to respond to foreseeable an organisation in a high hazard are different from those of the sector
emergencies. This may include industry may not benefit from system or organisation being audited.
provision for contacting outside integration if it doesn’t allow a focus Differences can often be resolved by
agencies, including emergency on managing significant risks. referring to relevant guidance notes
services, and developing and Similarly, if existing management and authoritative information. This
communicating on- and offsite systems are inefficient, then adding type of conflict can reflect the relative
emergency plans. An OSHMS places health and safety to the mix will be inexperience of external auditors in
such planning in a proper counterproductive. this work.
management context.
Time to implement True independence?
Managers have a ‘finger on the Designing and implementing an OSHMS certification is relatively
pulse’ OSHMS can be very time-consuming. immature and underdeveloped. If
The OSHMS includes defect (‘non- This may be exacerbated by external auditors are to be truly
conformance’) reporting, which overstating system requirements and independent, they shouldn’t have
directs managers’ attention to documentation, by not matching the played any part in advising the
opportunities for correcting system to the organisation’s health organisation on how best to
problems and making improvements. and safety risks, or by not implement an OSHMS in the first
Managers need to address health incorporating existing OSH place. Also, as has been learned with
and safety issues effectively, no management processes but starting financial audits, it may be difficult to
matter how busy they are. Alerting again from scratch. provide genuinely independent
managers to problems and actions auditing if there’s an existing
20

relationship with the auditors or if Numerous audits code. All systems need to be adapted
service costs are a prime issue. These days, stress is recognised as a to the specific needs and culture of
workplace hazard that needs to be the organisation or they won’t be
Barriers to change managed within the framework of sustainable.
Barriers to change are invariably the OSHMS. It should also be
erected in the way of new systems. recognised that pressure to achieve Is the written procedure safe and
Often there’s a suspicion, at times certification for a new OSHMS can healthy?
well founded, that change is being create its own stress on managers In some countries there’s a tendency
made for its own sake and without and employees alike. Don’t overlook to write down what’s currently done
business justification. Some the need to provide support before and adopt that as the OSHMS. This
organisations may be able to manage and during audits. can create a significant liability risk if
health and safety successfully by the procedures haven’t been checked
consistent and good management, Which OSHMS model? to make sure they are in fact
without the need for a formal system. Deciding which OSHMS to use can be comprehensive (that they cover all
confusing. The aim should be a hazards) and adequate (that the
Managers don’t understand the system that is consistent with your controls are effective in reducing risk).
systems organisation’s needs and its The liability exists in any event, but
Typically, managers are not management approach. While the OSHMS documentation then
committed to the introduction of OHSAS 18001 aligns extremely well appears to validate it. A properly
new systems. Managers require time, with ISO 1400125 and other functioning OSHMS should make sure
training and motivation to make sure international PDCA standards, and is that these problems are identified
they become advocates of the system therefore useful for integration, the and corrected.
and not enemies within. It’s a mistake organisation, clients, enforcement
to think that OSHMSs are self- authorities or government may better
evidently ‘a good thing’; they require understand other systems based on
effective communication to win standards or guidelines such as BS
people over. 8800, HSG65, ILO or an industry
21

8 OSHMS certification

The desire to gain certification of an a developed OSHMS, validating its • Make sure that an external
OSHMS may come from internal effectiveness, or encouraging certification audit isn’t viewed
stakeholders who need assurance further improvements to meet the solely as a pass/fail exercise, but as
that their organisation meets a external standard. An OSHMS that is one step within an overall OSH
verifiable standard, or who judge that seen as just a tool for obtaining the continual improvement plan.
certification will add value with required certification will be • Where external certification isn’t a
clients or customers. However, it’s ineffective in its true purpose of pressing business need, develop
more likely that pressures will come continually reducing work-related internal audit processes first.
from external stakeholders, in accidents and ill health. • Where possible, base external
particular prospective or existing IOSH recognises OSHMS standards and audits primarily on evidence from
clients, or regulators as part of certification processes as relatively new internal audits. Consider adding
national policy. In this case, and still developing, and we suggest external auditors to internal teams
certification is likely to move rapidly the following as ‘good practices’ in in preference to increasing the
from being a ‘preferred option’ to relation to OSHMS certification: number of audits.
become an ‘entry condition’, without • Don’t allow a business need for • Make sure that internal and
which existing or potential business is external certification of OSH external OSHMS auditors meet the
lost. standards and practices to get in IOSH competence standards (see
the way of developing strong page 17).
This poses few problems provided internal continual improvement
the certification process is applied to processes, including internal audit.
22

9 How to get started

The way forward for organisations system will enhance your However, reporting the status review
developing their first formal OSHMS compatibility). to senior managers or directors, and
is to choose the system they wish to communicating the results to the
use as a basis, establish which Initial status review (gap analysis) workforce, can get this process under
arrangements are already in place, The gap analysis approach ensures way at this early stage.
and then identify gaps between that you don’t waste effort on
those and the requirements of the developing new systems when Making it happen
OSHMS. existing internal arrangements are Most of the OSHMSs referred to in
working well. Even organisations this document include extensive
Choosing a system which believe that they have nothing practical guidance in support of the
One way of choosing a system is to in place often find that there are main code or standard, usually in
create a comparison table and score long-established working practices subsidiary publications (see further
the systems you wish to consider to that have never been formally reading on IOSH’s website at
see which most closely meets your recognised or documented. www.iosh.co.uk/techguide). However,
preferred specification – the more there’s no doubt that adapting a
relevant features you tick, the better. A simple way of carrying out the standard system for use in a
The example in Table 4 includes initial status review is as a desktop particular organisation requires
comparisons between some of the exercise, with the draft safety significant time and resources.
main management systems management plan drawn as a flow
mentioned in this guidance. However, diagram or matrix on a flipchart. It’s Organisations with experience of
if there’s a preferred system for your important to consult and involve all managing significant internal process
particular industry, you may also want parties in the organisation, including or organisational change should find
to include an industry-specific workers’ representatives – ownership it relatively easy to introduce an
column. For instance, if your and success of the OSHMS is likely to OSHMS by using similar methods.
organisation is a contractor to the be greater because of the interest Organisations without such
chemical industry, you could include developed in this way. experience may need to employ
Responsible care in this column. In external change management
addition to those features listed, Remember – the most successful advisers to help effective consultation
there may be in-house and other management systems aren’t created and to ensure the involvement and
factors to be considered, in which at initial status review, but are commitment of all necessary parties.
case you can add them to the table developed through effective
(for example, if your customers use a performance measurement, review Techniques to support effective
particular system, adopting the same and continual improvement. implementation include:

Management systems
Features Industry-specific
HSG65 BS 18004 OHSAS 18001 ILO (eg Responsible
care)
Certifiable 7 7 3 7 3
7
International 7 7 3 3
(see note below)
7
Regulator support 3 3 3 3
(some non-UK)
Tested (> 2 years old) 3 3 3 7 3

3 3 3 3 3
Stakeholder
recognition
In-house factors (eg
your customer uses 7 7 7 7 3
this system)
Note: Responsible care isn’t classed here as ‘international’ because, while some countries do adopt a management systems approach to it,
many don’t.

Table 4 OSHMS comparison table for a UK-based contractor to the chemical industry
23

• clear support and personal organisation, and linking it to


Getting started
commitment from leaders in the internal consultation processes
One large catering organisation
organisation, including modelling • developing benchmarking
appointed a mixed team of
of desired behaviour contacts with similar organisations
managers and workers to
• incorporating both OSHMS that have experience of
undertake an initial status review.
implementation and results in implementing similar systems
The team undertook this exercise
declared high-level business • trials in one or more selected
by identifying key elements of the
targets (eg ‘x per cent of sites are areas before the OSHMS is
existing processes, completing a
expected to complete their gap launched more widely
brainstorming exercise to identify
analysis by y and their initial roll- • not taking too long trying to
gaps within the system and then
out by z’; ‘priority improvements develop a ‘perfect’ system, but
mapping this out in the form of a
over the next year are to be areas rather implementing something
flow diagram.
a, b, c’) reasonable and learning how to
• seconding staff from across the do better via the internal audit,
organisation full-time to the management review and continual
development and implementation improvement processes
team • recognising and celebrating small
• customising the model system to successes on the route to a fully
suit the needs and culture of the sustainable OSHMS.

Typical inputs Typical outputs

Any information relating


to hazard identification
and risk assessment

Review of OSH
performance, including
incidents and accidents Draft an OSH management
paln, including:
Identification and review of Initial status review > an OSH policy statement
existing OSH management (gap analysis) > hazard identification and
arrangements or processes Undertaken by a mixed safety risk assessments
management team that > OSH management
includes worker arrangements
Competence and training representatives and a > competence and training
requirements competent practitioner needs
> OSH management
Workforce involvement Where are we now?
programme

OSH legal and other The objective is to ensure


standards and best effective OSH management
practice within the sector, and a process of continual
eg a ‘compiance register’ improvement

Figure 6: Process for developing an OSHMS


24

> References

1. Council Directive 89/391/EEC of 1999, SI 1999/3242. London: gov.uk/Library/publications/


12 June 1989 on the The Stationery Office. pdfs/sorp05textcolour.pdf.
introduction of measures to 10. Occupational health and safety 18. Leading health and safety at
encourage improvements in the management systems – general work – leadership actions for
safety and health of workers at guidelines on principles, systems directors and board members,
work. Official Journal of the and supporting techniques, INDG417. Sudbury: HSE Books,
European Communities, 29 June AS/NZS4804:2001. Sydney: 2007. See www.iod.com/
1989, L183, Brussels. Standards Australia International hsguide and www.hse.gov.uk/
2. Responsible Care management Ltd, 2001. leadership.
systems guidance, RC127 (fourth 11. Guidelines for the development 19. The first ever European survey of
edition), and Links between the and application of health, safety consumers’ attitudes towards
Responsible Care management and environmental management corporate social responsibility
systems guidance and self systems, Report no. 6.36/210. and country profiles. Brussels:
assessment and the business London: OGP, 1994. CSR Europe (MORI poll), 2000.
excellence model, RC129 12. Joined-up working – an 20. Global best practices in
(second edition). London: introduction to integrated contractor safety. Wigston:
Chemical Industries Association, management systems. Wigston: IOSH, 2001. See www.iosh.co.
London, 2003. IOSH, 2006. See www.iosh.co. uk/techguide.
3. Guidelines on occupational uk/techguide. 21. Sustainability reporting
safety and health management 13. Business risk management – guidelines on economic,
systems, ILO-OSH 2001. Geneva: getting health and safety firmly environmental and social
International Labour Office, on the agenda. Wigston: IOSH, performance, version 3.0.
2001. 2008. See www.iosh.co.uk/ Netherlands: Global Reporting
4. Occupational health and safety techguide. Initiative, 2006. See www.
management systems – 14. Internal control: revised globalreporting.org/
requirements, OHSAS 18001: guidance for directors on the ReportingFramework/
2007. London: BSI, 2007. Combined Code. London: G3Guidelines.
5. Reporting performance – Financial Reporting Council, 22. Social Accountability 8000, SA
guidance on including health 2005. See www.frc.org.uk/ 8000:2008, New York: Social
and safety performance in corporate/internalcontrol.cfm. Accountability International, 2008.
annual reports. Wigston: IOSH, 15. Quality management systems: 23. Guidelines for quality and/or
2008. See www.iosh.co.uk/ requirements, BS EN ISO environmental management
techguide. 9001:2000. London: BSI, 2000. systems auditing, BS EN ISO
6. Successful health and safety 16. Revitalising health and safety 19011: 2002. London: BSI,
management, HSG65 (second strategy statement, OSCSG0390. 2002. Currently being revised to
edition). Sudbury: HSE Books, Wetherby: Department for the include OSH.
1997. Environment, Transport and the 24. Measuring health and safety
7. Guide to achieving effective Regions, 2000. See performance, HSE, 2001. See
occupational health and safety www.hse.gov.uk/revitalising/ www.hse.gov.uk/opsunit/
performance, BS 18004: 2008. strategy/pdf. perfmeas.htm.
London: BSI, 2008. 17. Accounting and reporting by 25. Environmental management
8. International safety management charities: statement of systems. Requirements with
(ISM) code. London: IMO, 2002. recommended practice. London: guidance for use, BS EN ISO
See www.imo.org/home.asp. Charity Commission for England 14001:2004. London: BSI, 2004.
9. Management of Health and and Wales, 2005. See
Safety at Work Regulations www.charity-commission.
25

> Further reading

Auditing a safety and health This report describes a project to Managing health and safety – five
management system: a safety and develop a working model linking steps to success, INDG275. Sudbury:
health audit tool for the healthcare human factors, safety management HSE Books, 1998 (reprinted 2008).
sector. Health and Safety Authority, systems and organisational issues in Available from www.hse.gov.uk/
2006. Available from the context of safety. While the focus pubns/indg275.pdf
http://publications.hsa.ie/index.asp is on chemical major hazards in
?locID=12&docID=201 particular, it is also intended to apply Aimed mainly at directors and
to health and safety in general. managers, this short booklet
The Health and Safety Authority summarises the key messages of
(HSA) in the Republic of Ireland has Guidance for health and safety HSG65, outlining good practice and
produced this audit tool to assist in management systems interfacing. the costs of getting it wrong. It
the continuous development and Step Change in Safety, 1999. describes five key steps: set policy;
implementation of health and safety Available from http://step.steel-sci. organise staff; plan and set standards;
management systems for the org measure performance; and learn from
healthcare sector. Eighteen different experience (audit and review). There
criteria for audit are described and This guidance addresses the issue of are questions following the
followed by guidance. This tool is to meshing OSHMSs used by separate descriptions to help readers assess
be used in conjunction with the 2006 organisations when they decide to how well their organisations are
HSA guidance document for the work together – perhaps in a formal doing in each area.
healthcare sector, How to develop partnership, but more often as client
and implement a safety and health and contractor or contractor and sub- Managing safety the systems way: BS
management system, available at contractor working at a particular 8800 to OHSAS 18001, HB
http://publications.hsa.ie/index.asp location or on a project. The 10180:2000. London: BSI, 2000
?locID=12&docID=202. document includes two checklists,
based on the HSG65 model but This A4 loose-leaf manual explains
Code of practice for risk adaptable to others, which can be how to use BS 8800 and OHSAS
management, BS 31100:2008. used to identify which interfaces have 18002 to deliver OHSAS 18001. It
London: BSI, 2008. to be managed and whether there’s includes information on OHSAS
clear understanding about who does 18001 checklists and helps readers
This standard for risk management what at each interface. identify how well their organisations
helps organisations to understand compare. There are ‘in detail’ sections
how to develop, implement and IMS: The framework – integrated which give additional information on
maintain effective risk management, management systems series, HB the requirements of BS 8800 and
thereby helping them achieve their 10190:2001. London: BSI, 2001 OHSAS 18001 and 18002, and ‘in
objectives. It treats risk management practice’ sections illustrating how
as being as much about exploiting This outlines a framework for systems can be implemented in
potential opportunities as preventing managing the operational risks any practical situations, using five
potential problems, and sees it as an organisation faces in its day-to-day imaginary organisations operating in
essential part of good management. business. The aim is to provide a engineering, retail, office, online and
The standard establishes the structure by which an organisation construction environments.
principles and terminology and can efficiently and effectively manage
provides recommendations for the its operation through one system. Occupational health and safety
model, framework, process and management systems – Guidelines for
implementation of risk management. IMS: Implementing and operating – the implementation of OHSAS 18001:
integrated management systems 2007, OHSAS 18002:2008. London:
Development of working model of series, HB 10191:2002. London: BSI, BSI, 2008
how human factors, safety 2002
management systems and wider This Occupational Health and Safety
organisational issues fit together. This gives an approach for integrating Assessment Series (OHSAS) guideline
Research report RR 543:2007 the management of quality, OSH and provides generic advice on
prepared by White Queen Safety environmental aspects within one implementing OHSAS 18001 (a
Strategies and Environmental management system. This ‘how to do specification for an occupational
Resources Management for HSE it’ manual includes flowcharts, safety and health management
London. Available from questionnaires and examples, and system), explaining its principles,
www.hse.gov.uk/research/rrpdf/ takes readers through the model intent, typical inputs and outputs,
rr543.pdf outlined in IMS: The framework. and processes. It includes a
‘correspondence’ table between
26

OHSAS 18001:2007, ISO 14001:2004 This report promotes safe behaviour improvement and integration (open
and ISO 9001:2008. It also features a at work as a critical part of the system elements). It then looks at
table showing the correspondence management of health and safety, eleven companies across the EU that
between the clauses of the OHSAS because behaviour is important in have introduced or improved their
documents and the clauses of the transforming systems and procedures OSHMSs, indicating which of the key
2001 ILO-OSH guidelines. into reality. Good systems on their elements each particular case study
own are not enough to ensure highlights.
Specification of common successful health and safety
management system requirements as management; the key is how The report also comments on the
a framework for integration, PAS organisations ‘live’ their systems. This strengths and weaknesses of the case
99:2006. London: BSI, 2006 report covers: study systems, noting that they tend
• the theory underpinning strategies to concentrate mainly on work-
This Publicly Available Specification to promote safe behaviour related accidents, but give less
(PAS) was produced in response to the • the key elements of programmes attention to work-related ill health. It
increased interest in an integrated in use to promote safe behaviour also notes that some organisations
approach to management systems and • how to use behavioural strategies attach a greater level of importance
corporate governance. It contains a to promote critical health and to health and safety than others and
framework for implementing common safety behaviours that there are weaknesses wherever
requirements of management system • how to integrate behavioural communication or competence are
standards or specifications in an strategies into a health and safety inadequate.
integrated way. Adopting this PAS will management system.
simplify the implementation of Regarding strengths, as well as
multiple system standards and any The use of occupational safety and reducing accidents and lost-time in
associated conformity assessment. The health management systems in the the larger organisations, it was felt
reduction in duplication by combining member states of the European that OSHMSs increased employee
two or more systems in this way has Union: experiences at company level. motivation and identification with
the potential to significantly reduce European Agency for Safety and their employers and also helped
the overall size of the management Health at Work, 2002. Available from develop their competence.
system and improve system efficiency http://osha.europa.eu/en/
and effectiveness. It can apply to all publications/reports/?b_start:int= In the UK, priced printed copies are
sizes and types of organisation. PAS 30&-C available from The Stationery Office,
99:2006 will be withdrawn when its Customer Services, PO Box 29,
content is published in, or as, a British The European Agency for Safety and Norwich NR3 1GN.
Standard. Health at Work has published this Tel: 0870 60 05 522
report covering OSHMSs in the e-mail: book.orders@theso.co.uk
Strategies to promote safe behaviour member states of the EU and the
as part of a health and safety best approach to take. It identifies
management system. Prepared by the five key elements of effective
Keil Centre for HSE: Contract OSHMSs: initiation (OSH input);
research report 430: 2002. Available formulation and implementation
from: www.hse.gov.uk/research/ (OSH process); effects (OSH output);
crr_pdf/2002/crr02430.pdf evaluation (OSH feedback); and
27

> Appendix: Main abbreviations used in this guidance

CPD ILO NGO


Continuing professional development International Labour Organization – a Non-governmental organisation (eg
– a means to ensure ongoing United Nations agency, based in voluntary, campaigning or
competence in a changing world Geneva professional body)

CSR IMO OSH


Corporate social responsibility – a International Maritime Organization – Occupational safety and health
system whereby organisations a United Nations agency, based in
integrate social and environmental London OSHMS
concerns into their business Occupational safety and health
operations and interactions with IOSH management system
stakeholders Institution of Occupational Safety and
Health SMARTT
GRI Specific, measurable, agreed, realistic,
Global Reporting Initiative – an ISM timetabled and tracked action – a
international sustainability reporting International Safety Management – a method for managing action plans
institution that has developed formal code requirement of the IMO
guidelines for voluntary reporting on that applies to most classes of large WHO
the economic, environmental and ship World Health Organization – a United
social performance of organisations Nations agency, based in Geneva
ISO
HSE International Organization for
Health and Safety Executive – the UK Standardization
OSH regulator
28

> Acknowledgments

The Technical Committee would like to thank the working party who produced the original version of this guide and
also Paul Reeve CFIOSH CEnv FIEMA for updating it:

Lawrence Waterman CFIOSH (Chairman), Managing Director, Sypol


Martin Allan CFIOSH, Managing Director, Martin Allan Partnerships Ltd
Lawrence Bamber CFIOSH, Managing Director, Risk Solutions International
Martyn Hopkinson CMIOSH, Company Health and Safety Manager, British Sugar plc
Arran Linton-Smith CFIOSH, Health and Safety Consultant, MacGregor Associates
Ian Waldram CFIOSH, Safety, Health and Environment Consultant
Richard Jones CFIOSH (Administrator), Policy and Technical Director, IOSH

We would also like to thank the original consultees, who were:

Dr Janet Asherson CMIOSH, Head of Environment, Health and Safety, CBI


Dr Tony Boyle CFIOSH, Consultant, HASTAM
David Eves CB, IOSH Honorary Vice-president and former Deputy Director-General, HSE
Stephen Fulwell CFIOSH, Independent Safety, Health and Environment Consultant
Liam Howe CFIOSH, Safety and Training Manager, Coillte Teoranta
Jay Joshi CMIOSH, Chief Information Officer, British Safety Council
Brian Kazer CFIOSH, Chief Executive, BOHRF
Paul Reeve CFIOSH, Head of HS&E, Electrical Contractors’ Association
Owen Tudor, Senior Health and Safety Policy Officer, TUC

Finally, IOSH would like to thank the following organisations for their valued support
of this document:

www.cbi.org.uk www.tuc.org.uk
29
IOSH IOSH is the Chartered body for health and safety
The Grange professionals. With more than 35,000 members
Highfield Drive in 85 countries, we’re the world’s biggest
Wigston professional health and safety organisation.
Leicestershire

AC/9000/RJ/240309/P
LE18 1NN We set standards, and support, develop and
UK connect our members with resources, guidance,
events and training. We’re the voice of the
t +44 (0)116 257 3100 profession, and campaign on issues that affect
f +44 (0)116 257 3101 millions of working people.
www.iosh.co.uk
IOSH was founded in 1945 and is a registered
charity with international NGO status.

© Robert J Prowse

Institution of Occupational Safety and Health


Founded 1945
image:

Incorporated by Royal Charter 2003


Registered charity 1096790

You might also like