ISO 45001: Your Questions Answered
The ISO 45001 team at LRQA has compiled some frequently asked questions and answers to help guide you through your certification journey.
Preparing for ISO 45001Q: What advice would you give to a company seeking to certify to ISO 45001?
A: There are two main things to consider. Firstly, you need to understand what is required to achieve compliance with the standard and the best route towards it. The most efficient way to do that is to acquire a copy of the standard so it can be reviewed via support reading or training, which enables the full intent and context to be understood.
ISO 45001 is written so no individual clause should be considered in isolation. Everything is connected and co-dependent so a robust system framework can be created. Secondly, consider your OH&S objectives and how the management system can be structured to support and meet them.
Q: For an organization new to ISO would you recommend using an outside consultant to review where my organization currently stands and what needs to be done to meet the standard?
A: To aid with the development and implementation of the management system, hiring an independent consultant can help understand some of the jargon and the intent of the language used in the standard, which can be confusing to beginners. Once the system is designed it could also help to have a gap analysis audit. This is a review of what has been done and what needs to be done next, which will produce an action plan to address any gaps.
We would always advise the organization to acquire a copy of ISO 45001. ISO also publish a series of documents aimed at helping organizations implement the standard.
External training is an ideal way to acquire the necessary knowledge and skills to design and implement the standard. The organization could acquire knowledge of the standard and how to implement it by attending online or virtual courses. LR has designed specific courses on this topic which you can find out more about here.
Understanding the standardQ: Does ISO 45001 address the disproportionate number of deaths and ill health caused as a result of exposure to health risks, which is substantially higher than safety risks that lead to workplace accidents?
A: Many previous OH&S management systems perhaps did not address occupational health sufficiently, but that is changing, with the financial and human costs now more recognized. Historically, there has been a bias towards safety rather than health, and now we need to go further when speaking about health to encourage users to rebalance their approach.
Q: How can we document management changes for companies concerned about the best methods to use?
A: Documenting management of change is a fundamental part of ISO 45001, enabling you to take a step back to assess, review and demonstrate how you have managed these changes and their impacts on the organization. It works as a blueprint for all stakeholders to work from, while offering concise guidelines on how to implement the required changes. Using established databases, spread registers and risk evaluations are a few methods that can be used.
Understanding the terminologyQ: Is there a difference between ISO 9001’s “risk-based thinking” and ISO 45001’s “risk”?
A: In terms of what they are addressing within the business, there is not a great deal of difference. Risks associated with ISO 45001 are not only limited to OH&S hazards, but also other factors that indirectly affect OH&S performance. This could include things such as poor succession planning for essential roles, or a lack of competence in its internal audit, for example.
Integrating management systemsQ: Can ISO 45001 form part of an integrated management system (IMS), or should it be separated from the likes of ISO 14001, ISO 9001 and ISO 50001
A: System integration should be encouraged as integration offers several benefits, and ISO 45001 can form a key part of a more holistic structure. An IMS creates a leaner, more centralized system that works more efficiently and benefits staff at all levels of the company. This results in fewer audits across the year and lower costs and disruptions to the business. With an IMS in place less duplication occurs, which removes bureaucracy and makes the most of the resources available. Communication is also bolstered both internally and externally as the information is uniform and coming from an individual source.
Addressing health and safety during a pandemicQ: Even before COVID-19 arrived and increased the number of remote workers, there were around 4 million off-site workers who already had little contact with their employers. How does ISO 45001 cater for this large workforce?
A: ISO 45001 can be applied to any type of organization, including those whose workforce operate away from their premises. It places responsibility onto organizations to consider the health and safety of everyone working there, including employees of other companies. So regardless of their location, they are still fully covered by the ISO and the employer remains legally responsible in terms of OH&S. Ultimately, it comes down to the organization’s level of commitment to ensuring the highest levels of health and safety for its staff.
Mental health and well beingQ: Most of the mental health agenda manages to separate symptoms from their causes – is ISO 45001 able to achieve the same?
A: ISO 45003 is being written to provide specific guidance on psychological health, safety and wellbeing in the workplace. Organizations can use it individually, or in support of ISO 45001. It focuses more on root causes rather than symptoms, discussing psychological hazards in three broad categories:
- aspects of how work is organized;
- social factors at work, and
- work environment, equipment
- and hazardous tasks.
About the Author
Martin Cottam is the Group Technical Assurance & Quality Director at Lloyd’s Register. He has worked in the EHS field at LRQA for more than 30 years.
Suzanne is the Management Systems Auditor at LRQA, with nearly 20 years of experience in EHS management.