ISO 45001:2018 Migration Policy, Guidance and UKAS Accreditation

What Is ISO 45001:2018?

  • ISO 45001:2018 is the replacement of OHSAS 18001:2007 and is the first international ISO standard for Occupational Health and Safety Management Systems (OHSMS)
  • As ISO 45001:2018 adopts the Annex SL structure, it makes integration with other management systems you may be operating simpler than ever before — e.g. it will align directly with ISO 9001:2015 & ISO 14001:2015.
  • If you currently have certification to OHSAS 18001:2007, you will need to make appropriate arrangements to migrate to ISO 45001:2018 to maintain the validity of your OHSMS certification.
  • As with ISO 9001 & ISO 14001, there has been a three-year migration period agreed (from the date of publication).
  • 18001 certification will still be recognised until the end of the migration period, however 18001 certificates will not be issued by IMS with a validity past 12thMarch 2021.
  • It is expected that in line with IAF (International Accreditation Forum) guidelines, additional assessment effort will be required in order to assess compliance with ISO 45001:2018.
  • You may migrate at any stage during your certification cycle, either as a reassessment, surveillance or special visit.
  • Migration will not necessarily be ‘instead of’ 18001 certification — that is to say preparation can begin and as long as compliance to 18001 is maintained, your 18001 certificate will remain valid. Only once compliance to 45001 has been approved will 18001 certification be withdrawn. If you cannot demonstrate compliance to ISO 45001:2018, your 18001 certification may remain in place during the migration period as long as compliance is observed.
  • IMS are in the process of applying to UKAS in order to have their Accreditation approved for ISO 45001:2018. We are intending to be in the first tranche of applications and, dependant on UKAS, hope to have approval by Q3 2018. We will keep you up to date of progress.
  • We will continue to provide Accredited 18001 certification for the foreseeable future, including new applications, however please note that these certifications will only be valid until 12thMarch 2021.

Your current Certification to OHSAS 18001:2007 remains valid during the migration period up to 12th March 2021 when this Certification will be withdrawn.

When your next Audit is due, you can choose to either maintain your existing OHSAS 18001:2007 Certification (if you think you need more time to make the necessary adjustments to your management systems), or you can migrate to ISO 45001.

Communicate to your organisation

Inform top management about migration to ISO 45001 is now available and implemented from 2018. Generate employee awareness about the standard, This will ensure buy-in from all parties and make your migration more efficient.

Book an ISO 45001 Gap Analysis prior to upgrading to the new standard

The Gap Analysis is the perfect way to start your migration to ISO 45001. It can help you identify any weaknesses in your system prior to formal assessment. Once you have successfully upgraded to ISO 45001 your dedicated assessor will visit you regularly to make sure you remain compliant and support your continual improvement.

Clients wishing to migrate to ISO 45001 as soon as their next Audit is due can start getting their organisation ready for the new standard by:

  • Obtaining a copy of the new standard and researching the significant changes.
  • Developing a plan for training and awareness to all relevant management levels.
  • Improving your risk management planning.
  • Considering a gap analysis to identify changes required.
  • Involving top management to take accountability for the management system.
  • Thinking about integrating other management system standards in line with ANNEX SL.

A universal definition of the term ‘Risk’ has been made in ISO 45001:2018, as the meaning / interpretation of ‘Risk’ varies in some countries. The term ‘Hazard Identification’ is now covered by the terms ‘risk identification’ and ‘risk control’ to ensure consideration to all potential hazards across all industries and business sectors.

The Worker.
There are differences in the definition of this term and various legal constraints around this term in different countries — in the context of ISO 45001:2018, ‘The Worker’ is defined as the person working under the control of the organisation and includes subcontractors.

The Work Place. 
There are questions amongst organizations regarding what the workplace is. The workplace is a physical location that falls under the organisations control. It is somewhere that employees, contractors or any other ‘worker’ perform work for or on behalf of the organisation.

Hazard Identification: 
At present, OHSAS 18001 is considered very manufacturing and hardware orientated, when more and more of us are working in the service industry. ‘Hazard’ identification, therefore becomes ‘risk’ identification and ‘risk’ control to ensure we consider all potential hazards applicable to all industries and sectors.

Key Changes

Business Context: 
Clause 4.1, external and internal issues, introduces new clauses for determination and monitoring of the business context. It requires that the organisation identify & consider the various conditions & factors that influence their operations & management system.

Workers and other interested parties: 
Clause 4.2 introduces a requirement for an enhanced focus on the needs and expectations of workers and other interested parties and also worker involvement. The organisation will need to identify and understand the factors associated with these parties that need to be considered and managed through the management system.

Scope: Clause 4.3.
Can only be defined when 4.1 & 4.2 have been considered. It should consider both direct control & influence.

Leadership & Commitment: 
Clause 5.1. As with 9001 & 14001, there is an enhanced emphasis on the accountability of top management in the role of ensuring consultation & participation with workers as well as promoting the performance, monitoring & effectiveness of the OHSMS.

OH&S Policy: 
Clause 5.2. Enhanced requirement towards communication & participation and to provide safe & healthy working conditions.

Organisational Roles, Responsibilities & Authorities: 
Clause 5.3. Must be documented & accountability by top management cannot be delegated.

Participation & Consultation: 
Clause 5.4. A much-enhanced clause, that requires documented information to support the roles & responsibilities associated with and to promote worker participation, engagement & communication. It applies to all workers at all levels within the organisation. The clause also promotes the participation of non-managerial roles within the OHSMS. The International Labour Organization wanted a lot more requirements on this issue. Many companies do not have any representatives what so ever. If there are no representatives within an organization, the standard will not force this requirement upon them as it is not a legal obligation either. While top management will be responsible for setting organizational health & safety policy, they should be in consultation with union representatives and health & safety personnel.

Risk and Opportunity Management:
Clauses 6.1.1, & 6.1.4, organisations are to determine, consider and, where necessary, take action to address any risks or opportunities (associated with the factors identified in clauses 4.1 & 4.2) that may impact (either positively or negatively) the ability of the management system to deliver its intended results, including enhanced health and safety performance at the workplace.

Objectives and Performance: 
Clause 6.2. Strengthened focus on objectives as drivers for improvements (clauses 6.2.1,6.2.2) and performance evaluation (clause 9.1.1). The objectives should support the policy requirements and consider the strategic direction & context of the organisation.

Clauses 7.1–7.5. Whilst documented procedures are no longer mandated, the clauses are more prescriptive in respect of the ‘mechanics’ of communication, including determination of what, when and how to communicate (ref. clauses 5,6,8,9,10). Actions associated with communication shall be reviewed for their effectiveness. Awareness shall involve the policy, hazards & risks as well as their role within OHSMS performance as well as being made aware of the ability to remove themselves from what they may consider ‘imminent danger’. The term ‘documented information’ has been introduced (as with 9001 & 14001) and covers how an organisation chooses to create, maintain & retain information deemed as necessary for the OHSMS. The organisation will need to determine what documented information (internal & external) is required and shall control this as per their current OHSAS requirements. This includes the requirement for documented procedures.

Clauses 8.1–8.2. ‘Planning’ has been introduced which, in practice, means that hazard & risk controls need to be planned into the operational controls of the activities / functions of the organisation. Hazards & risks — the standard now specifies the hierarchy of controls that are to be applied. Management of change is now detailed within clause 8.1.3 — it outlines the requirements and potential sources associated with changes of the operation (for example equipment, conditions, workers, legal / compliance obligations). Procurement now needs to consider that goods and services conform to the OHSMS requirements. There is an enhanced requirement over contractors and the controls over and communication with same, as well as a requirement to give consideration to the competence and other requirements related to contractor workers. A specifically enhanced clause and requirements are now in place regarding outsourcing ( What would be the damage to your business reputation if one of your outsourced suppliers or contractors created a significant OHS incident? ISO 45001 looks to define the answer in a way that can apply to all sectors and industries.

Performance Evaluation: 
Clause 9. Overall, the requirements have been enhanced & expanded. Compliance evaluation has been expanded to include the frequency & method of evaluation as well as maintaining knowledge and understanding of the organisations compliance status. Internal audit results shall be communicated with workers. Management review clause has enhanced previous requirements & inputs, to consider improvement, communication, risks & opportunities, overall system effectiveness, interested parties & performance analysis.

Clause 10. The reference to ‘preventive’ action has been removed, as it should be considered that the OHSMS should in itself be a preventive system. Direct action shall be taken to control/address the incident/nonconformity. The organisation can consider further action once the direct action has been implemented (further action to prevent reoccurrence). The organisation will need to demonstrate that it has applied the principles of risk assessment & continual improvement, through cause investigation & analysis — and amend risk assessments and or operations as necessary. The organisation shall be able to demonstrate that they are utilising the outputs from processes of performance analysis & evaluation to identify & address areas of underperformance and opportunities.

One of the significant changes to the standard is the ability to integrate with other ISO standards such as ISO 9001 and ISO 14001. ANNEX SL provides a common structure for smoother and quicker integration.

Risk management is another area enhanced under the new structure to improve the health and safety of your workforce by establishing a culture of risk-based thinking throughout the organisation.

If you have any questions please do not hesitate to contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *