OHSAS 18001

Everything About
Health & Safety
Management System

Prepared By
Aloke Ganguly

1
 Contents

A Introduction 4
G Implementation and operation 43
A1 Benefits of BS OHSAS 18001 5
A2 BS OHSAS 18001 and correspondence with other G1 Structure and responsibility 43
management syandards 6 G2 Competence, training and awareness 46
A3 Similarities between the three major management
system standards 7
A4 How to use this guide G5 Control of documents 52
9
G6 Operational control 54
G7 Emergency preparedness and response 56
B Terms & Definitions 10

H Checking and corrective action 59

C Principles of BS OHSAS 18001
H1 Performance measurement and monitoring 59
12

AG
2
C1 “A Journey of Continuous Health & Safety
H2 Evaluation of complliance 62
Improvement” 12
H3 Incident investigation, nonconformity,
corrective action and preventative action 63
D OH&S Management System elements 15 H4 Records and record management 66
D1 4.1 General requirements 16 H5 Audit 67
D2 4.2 OH&S Policy 16 H6 Management review 70

I Helpful sources of information 72

E What the law requires 18
E1 Hints for implementation 20

E2 Developing a H&S Policy Statement 21

F Planning 26

F1 Planning for hazard identification, risk

assessment and risk control 26

F2 What the law requires 27

F3 Interpretation – how to assess the
risks in your workplace 29

F4 Interpretation – risk assessment 31

methodologies
F5 Identifying hazards and assessing risks 34
F6 Legal and other requirements 36
F7 Objective programme(s) 38
F8 Management programme(s) 40
F9 Example OH&S management programme 41

AG
A

A Introduction
A1 Benefits of BS OHSAS 18001

A2 BS OHSAS 18001 and correspondence with other management

standards A3Similarities between the three major management system

standards

A4 How to use this guide

 Introduction
A

In a climate of increasing health and safety legislation and Background to health and safety
liabilities, organizations of all sizes and industry sectors are
The history of occupational health and safety in Great
now looking at management systems as a framework for Britain is to a great extent a story of legislative control
improving their health and safety performance. over industry. In fact, until the introduction of the Health
The first guide published to assist directors, managers and Safety at Work etc. Act 1974, legislation consisted of
and health and safety professionals to meet their a series of statutes passed on an ad hoc basis in an
obligations was endeavour to control safety. The first statute to be passed
HS (G) 65 – Successful health and safety management. This was the Health and Morals of Apprentices Act 1802, which,
guide was produced by the Health and Safety Executive in sought to combat the dreadful conditions experienced by
1991 and conveys the simple message that ‘organizations child apprentices within the cotton industry. As well as
need to manage health and safety with the same degree of limiting the number of hours worked, it specified minimum
expertise and to the same standards as other core business standards for lighting, heating and ventilation. Visitors
activities’. It is based upon the quality management concepts appointed to factories by local magistrates regulated
of Plan, Do, Check and Act and promotes Policy, Organising, compliance.
Planning, Measuring Performance and Auditing and Present day factory legislation is contained within the Factories
Reviewing Performance as the key elements as being Act 1961, which consolidated many of the earlier statutes.
contributors to successful health and safety management. The Act, in conjunction with other legislation, is being
Following on from the success of HS (G) 65, BS 8800 – replaced by The Health and Safety at Work etc. Act 1974 and
the Guide to Occupational Health and Safety Management the supporting regulations passed under it.
Systems, was introduced in 1996. This British Standard The Health and Safety at Work etc Act 1974 enabled, for
was intended to encourage organizations to adopt an the first time, broad general duties to be placed upon ALL
occupational health and safety management system, workplaces and allowed for the introduction of more specific
based upon two approaches: codes of practice.
▶ HS(G) 65 The Health and Safety at Work Act also:
▶ BS EN ISO 14001 ▶ Established the Health and Safety Commission (HSC) and
BS 8800 merely translated the key concepts detailed gave it the power to propose health and safety
within HS (G) 65 into specific measurable elements. It regulations and Approved Codes of Practice (ACoPs)
also sought to ▶ Set up the Health and Safety Executive (HSE) as the
encourage organizations that had adopted sound unified executive arm of the HSC with the responsibility
environmental management systems compliant with the for enforcing health and safety laws
requirements of
▶ Gave health and safety inspectors their enforcement
ISO 14001, to implement a formal documented OHS
powers
Management System.
▶ For the first time in history, placed regulatory
However, BS8800 contained only guidance and duties upon the self employed
recommendations, and as such could not be used for
certification purposes. ▶ Made provisions for the appointment of safety
representatives and safety committees.
Following the success of ISO 14001 (Environmental
Management Systems) and ISO 9001 (Quality However, the regulatory pressures placed upon industry
Management Systems), and are on the increase, particularly with added demands being
in response to a demand for a recognisable OHS placed through EU directives. Such directives have been
Management System ‘standard’ against which organizations responsible for most of the recent UK health and safety
could be assessed and certificated, OHSAS (Occupational regulations including the Control of Substances Hazardous
Health and Safety Assessment Series) 18001:1999 and to Health Regulations (COSHH) and the Construction (Design
the accompanying guide OHSAS 18002:2000 were and Management) Regulations to name but two.
published.
Reviewed and revised in 2007, BS OHSAS 18001 is now
fully compatible with ISO 9001 and ISO 14001 in order to
facilitate the integration of quality, environmental and
occupational health and safety management systems by
organizations, should they wish to do so.
 Benefits of BS OHSAS 18001
A1

There are many reasons for organizations to decide to

implement an occupational health and safety management
system, not least the reduced risk of failing to comply with
legislation. A systematic approach to the effective
management of health and safety can bring numerous
benefits such as:

Compliance with legislation

BS OHSAS 18001 provides a framework by which an
organization can identify the health and safety legislation
applicable to its activities, products, services and
identified hazards. Such a framework extends to provide
the means to comply with the regulatory requirements
identified.

Ownership of health and safety issues

BS OHSAS 18001 provides the means by which an
organization can communicate and consult upon its health
and safety issues.

Nominal effort is required

Companies with a formal documented management
system compliant with ISO 9001 (Quality) and/or ISO
14001
(Environmental) can easily extend existing system controls to
encompass the management of health and safety.

Training needs are identified and realised

BS OHSAS 18001 enables health and safety training needs
to be identified, and the adequacy of subsequent training
assessed through measures of competency.

Reduce costs
The cost of an accident extends beyond the compensation
paid to an employee. By implementing health and safety
improvement strategies, through the effective implementation
of a documented OH&S Management System, significant
financial savings can be realised; not forgetting the effect that
accident reduction can have upon the morale of employees.

Opportunity for integration

Compatibility with ISO 9001/14001 provides an
opportunity to integrate your management systems,
thereby reducing bureaucracy and maximising
effectiveness.

Liabilities minimised
As hazards and their associated risks are eliminated or
controlled liabilities are reduced, offering greater stability
to your business.
 BS OHSAS 18001 and
A2 correspondence with other
management standards

Introduction All the requirements of BS OHSAS 18001 are intended to

be incorporated into any OH&S Management System. The
This section includes an overview of BS OHSAS 18001 extent of the application of the specification will depend on
– Occupational Health and Safety Management Systems – factors such as the policy statement, the nature of the
Specification and OHSAS 18002 – Occupational Health and activities of the organization and the risks and complexity
Safety Management Systems – Guidelines for the of its operations. It is intended to address occupational
implementation of health and safety rather than product and services safety.
BS OHSAS 18001 and how they correspond to other
management standards designed to manage quality and OHSAS 18002 is the guidance, providing generic advice
environmental issues. on the application of BS OHSAS 18001. It explains the
underlying
BS OHSAS 18001 is a specification giving requirements principles of BS OHSAS 18001 and describes the intent,
for an Occupational Health and Safety OH&S Management typical inputs, processes and typical outputs, against each
System, to enable an organization to control its OH&S requirement of the standard in order to aid the implementation
risks and improve its performance. It does not lay down process. It does not contain any additional requirements or
specific performance criteria or give detailed specifications prescribe any mandatory approaches to the implementation
for the actual structure or form of the management of BS OHSAS 18001.
system. It is applicable to any organization that wishes to:

▶ Establish an OH&S Management System to Correspondence with other standards

eliminate or minimize risk to employees and other The table on the following page represents the
interested parties who may be exposed to OH&S risks correspondence between BS OHSAS 18001, ISO 14001
associated with its activities
and ISO 9001. As
▶ Implement, maintain and continually improve an OH&S previously discussed BS OHSAS 18001 closely follows
Management System the principles of quality management (Plan, Do, Check
▶ Assure itself of its conformance with its stated OH&S and Act) reflecting the key principles and structure of other
management systems. The link between health and safety
policy
management and environmental management is strong
▶ Demonstrate such conformance to others
and almost all of the
▶ Seek certification/ registration of its OH&S Management BS OHSAS 18001 clauses are similar to ISO 14001 the
System by an external organization potential for integration of these two systems is therefore
very clear.
▶ Make a self-determination and declaration of conformance
with this OHSAS specification.
 Similarities between the
A3 three major management
system standards

Clause BS OHSAS 18001 Clause ISO 14001 Clause ISO 9001

Introduction Introduction 0 Introduction
0.1 General
0.2 Process approach
0.3 Relationship with ISO 9004
0.4 Compatibility with other
management systems
1 Scope 1 Scope 1 Scope
1.1 Genera
1.2 Application

2 Normative references 2 Normative references 2 Normative references

3 Terms and definitions 3 Terms and definitions 3 Terms and definitions
4 OH&S management system 4 Environmental 4 Quality Management
elements management system System
requirements
4.1 General requirements 4.1 General requirements 4.1 General requirements
5.5 Responsibility, authority and
communication
5.5.1 Responsibility and authority
4.2 OH&S Policy 4.2 Environmental Policy 5.1 Management commitment
5.3 Quality policy
8.51 Continual improvement
4.3 Planning 4.3 Planning 5.4 Planning
4.3.1 Hazard identification, risk 4.3.1 Environmental aspects 5.2 Customer focus
assessment and determining 7.2.1 Determination of
controls requirements related to the
7.2.2 product
Review of requirements related
to
the product
4.3.2 Legal & other requirements 4.3.2 Legal & other requirements 5.2 Customer focus
7.2.1 Determination of requirements
related to the product
4.3.3 Objectives and programmes 4.3.3 Objectives, targets and 5.4.1 Quality Objectives
programmes 5.4.2 Quality Management System
Planning
8.5.1 Continual improvement
4.4 Implementation and operation 4.4 Implementation and operation 7 Product realization
4.4.1 Resources, roles, responsibility, 4.4.1 Resources, roles, responsibility 5.1 Management commitment
accountability and authority and authority 5.5.1 Responsibility & authority
5.5.2 Management representative
6.1 Provision of resource
6.3 Infrastructure
4.4.2 Competence, training 4.4.2 Competence, training 6.2.1 (Human resources) General
and awareness and awareness 6.2.2 competence, awareness and
training
4.4.3 Communication, participation 4.4.3 Communication 5.5.3 Internal communication
and consultation 7.2.3 Customer communication
4.4.4 Documentation 4.4.4 EMS Documentation 4.2.1 (Documentation
requirements) General
4.4.5 Control of documents 4.4.5 Control of documents 4.2.3 Control of documents
4.4.6 Operational control 4.4.6 Operational control 7.1 Planning of product realization
7.2 Customer related process
7.2.1 Determination of requirements
related to the product
7.2.2 Review of requirements related
to
the product
7.3.1 Design & development planning
7.3.2 Design & development inputs
7.3.3 Design & development output
7.3.4 Design & development review
7.3.5 Design
8
AG
& development verification

AG
A3 Similarities between the three major management system standards continued

Clause BS OHSAS 18001 Clause ISO 14001 Clause ISO 9001

7.3.6 Design & development validation
7.3.7 Control of design &
development
changes
7.4.1 Purchasing process
7.4.2 Purchasing information
7.4.3 Verification of purchased product
7.5 Product & service provision
7.5.1 Control of production & service
provision
7.5.2 Validation of processes for
production and service
provision
7.5.5 Preservation of product
4.4.7 Emergency preparedness 4.4.7 Emergency preparedness 8.3 Control of non
and response and response conforming product
4.5 Checking 4.5 Checking 8 Measurement, analysis
and improvement
4.5.1 Performance measurement 4.5.1 Monitoring and measurement 7.6 Control of monitoring &
measuring
and monitoring devices
8.1 General
8.2.3 Monitoring & measurement of
processes
8.2.4 Monitoring & measurement
of product
8.4 Analysis of data
4.5.2 Evaluation of compliance 4.5.2 Evaluation of compliance 8.2.3 Monitoring & measurement
of processes
8.2.4 Monitoring & measurement
of product
4.5.3 Incident investigation, - - - -
non-conformity, corrective
action and preventive action
4.5.3. Incident investigation - - - -
1
4.5.3. Nonconformity, corrective and 4.5.3 Nonconformity, corrective and 8.3 Control of nonconforming product
2 preventive action preventive action 8.4 Analysis of data
8.5.2 Corrective action
8.5.3 Preventive action
4.5.4 Control of records 4.5.4 Control of records 4.2.4 Control of records
4.5.5 Internal audit 4.5.5 Internal audit 8.2.2 Internal audit
4.6 Management review 4.6 Management review 5.1 Management commitment
5.6 Management review
5.6.1 General
5.6.2 Review input
5.6.3 Review output
8.51 Continual improvement
 How to use this guide
A4

This guide is primarily focused on those people who are Each clause contains, where appropriate, one or more
about to implement an Occupational Health and Safety self- assessment questions (SAQ’s). These can be used to
Management Systems in their organization. gauge the current position of the organization with respect
to meeting the requirements of the specification or to
This guidance will be helpful to organizations of all sizes
gauge progress during implementation. If you can answer
and structures. This book will also be helpful to other
yes to all of the SAQ’s, you are probably ready for
interested parties who seek a better understanding of
registration to BS OHSAS 18001. If not, work through
Occupational Health and Safety Management Systems in
this book or contact NQA at the address below.
general and BS OHSAS 18001
in particular. NQA
Warwick House Houghton Hall Park Houghton Regis Dunstable
The main section of the guide addresses each clause of LU5 5ZX
BS OHSAS 18001. Broken down into headings, it aims to Tel: +44 08000 522 424
simplify the intentions of each clause and gives practical Fax: +44 (0)1582 539090
guidance on how to implement the clause and meet the E-mail: Website:
requirements of the OHSAS specification.
The guide should be used in conjunction with BS OHSAS
18001 and OHSAS 18002; it provides an interpretation
and guidance to the intention of each clause. It should be
noted that this is an interpretation only and the OHSAS
specification itself should be referred to.
 Terms and definitions
B

OH&S Management System: part of an

Acceptable risk: risk that has been reduced to a level that organization’s management system used
can be tolerated by the organization having regard to its legal to develop and implement its OH&S policy
obligations and its own OH&S policy. and manage its OH&S risks.
Audit systematic: independent and documented process
for obtaining “audit evidence” and evaluating it
objectively to determine the extent to which “audit
criteria” are fulfilled.
NOTE: independent does not necessarily mean external to the
organization.
In many cases, particularly in smaller organizations, independence
can be demonstrated by the freedom from responsibility for the
activity being audited.
NOTE: for further guidance on “audit evidence” and “audit criteria”
see ISO 19011.

Continual improvement: recurring process of enhancing

the OH&S Management System in order to achieve
improvements in overall OH&S performance consistent with
the organization’s OH&S policy.
NOTE: the process need not take place in all areas of activity
simultaneously. NOTE: adapted from ISO 14001:2004.

Corrective action: action to eliminate the cause of a

detected nonconformity or other undesirable situation
NOTE: there can be more than one cause for a nonconformity.
NOTE: corrective action is taken to prevent recurrence whereas
preventive action is taken to prevent occurrence.

Document: information and its supporting medium.

NOTE: the medium can be paper, magnetic, electronic or optical
computer disc, photograph or master sample, or a combination
thereof.

Hazard: source, situation, or act with a potential for harm in

terms of human injury or ill health, or a combination of
these.
Hazard identification: process of recognizing that a hazard
exists and defining its characteristics.
Ill health: identifiable, adverse physical or mental condition
arising from and/or made worse by a work activity and/or
work-related situation.
Incident: work-related event(s) in which an injury or ill
health (regardless of severity) or fatality occurred, or could
have occurred.
NOTE: an accident is an incident which has given rise to injury,
ill health or fatality.
NOTE: an incident where no injury, ill health, or fatality occurs
may also be referred to as a “near-miss”, “near-hit”, “close
call” or “dangerous occurrence”
NOTE: an emergency situation is a particular type of incident.

Interested party: person or group, inside or outside the

workplace, concerned with or affected by the OH&S
performance of an organization.
Nonconformity: non-fulfilment of a requirement.
Occupational Health and Safety (OH&S): conditions and factors
that affect, or could affect the health and safety of
employees
or other workers (including temporary workers and
contractor personnel), visitors, or any other person in
the workplace.
NOTE: organizations can be subject to legal requirements for the health
and safety of persons beyond the immediate workplace, or who are
exposed to the workplace activities
NOTE: a management system is a set of interrelated elements used to establish
policy and objectives and to achieve those objectives.
NOTE: a management system includes organizational structure, planning activities
(including for example, risk assessment and the setting of objectives),
responsibilities, practices, procedures , processes and resources.

OH&S objective: OH&S goal, in terms of OH&S performance, that an

organization sets itself to achieve.
NOTE: objectives should be quantified wherever practicable.
NOTE: 4.3.3 requires that OH&S objectives are consistent with the OH&S policy

OH&S performance: measurable results of an organization’s

management of its OH&S risks.
NOTE: OH&S performance measurement includes measuring the effectiveness of the
organization’s controls
NOTE: in the context of OH&S Management Systems, results can also be measured
against the organization’s OH&S policy, OH&S objectives and other OH&S performance
requirements.

OH&S Policy: overall intentions and direction of an organization related to its

OH&S performance as formally expressed by top management.
NOTE: the OH&S policy provides a framework for action and for the setting of OH&S
objectives

Organization: company, corporation, firm, enterprise, authority or institution, or

part or combination thereof, whether incorporated or not, public or private, that
has its own functions and administration.
NOTE: for organizations with more than one operating unit, a single operating
unit may be defined as an organization.

Preventive action: action to eliminate the cause of a potential nonconformity

or other undesirable potential situation.
NOTE: there can be more than one cause for a potential nonconformity.
NOTE: preventive action is taken to prevent occurrence whereas corrective action is taken
to prevent recurrence.

Procedure: specified way to carry out an activity or a process.

NOTE: procedures can be documented or not.

Record: document stating results achieved or providing evidence of activities

performed.
Risk: combination of the likelihood of an occurrence of a hazardous
event or exposure(s) and the severity of injury or ill health that can be
caused by the event or exposure(s).
Risk assessment: process of evaluating the risk(s) arising from a hazard(s),
taking into account the adequacy of any existing controls, and deciding
whether or not the risk(s) is acceptable.
Workplace: any physical location in which work related activities are
performed under the control of the organization.
NOTE: when giving consideration to what constitutes a workplace, the organization
should take into account the OH&S effects on personnel who are, for example, travelling
or in transit (e.g. driving, flying, on boats or trains), working at the premises of a client
or customer, or working at home.
NOTE: some reference documents use the term “risk assessment” to encompass the
entire process of hazard identification, determination of risk, and the selection of
appropriate risk reduction or risk control measures.
OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process
separately and use the term “risk assessment” to refer to the second of its steps,
namely the determination of risk.
C

C Principles of BS OHSAS 18001

C1 “A Journey of Continuous Health & Safety Improvement”
 Principles of BS OHSAS 18001
C

“A Journey of Continuous
C1 Health & Safety Improvement”

Are you about to embark upon the journey of health and Substances Hazardous to
safety improvement? It is now recognised by many
companies that to embark upon such a journey will
require a reliable and robust vehicle to transport them
to their desired destination.
If BS OHSAS 18001 is to be your chosen vehicle, then
the steps involved in implementing such a system can
be likened to any journey that you would undertake in
everyday life.

Health & Safety Policy

Is the ‘road map’
Your health and safety policy should provide clear ‘direction’
as to where you want to be and the strategies that are to
be deployed to enable you to reach your chosen
destination. It should clarify the vehicle to be used, (in this
case BS OHSAS 18001) and detail who will be responsible
for driving and steering it throughout the whole journey. As
all employees will be required to travel along with you, your
planned journey will have to be communicated to all
employees and a copy of the road map (OH&S policy
statement) explained to everyone, therefore avoiding the
journey becoming a ‘mystery tour’.

Planning for hazard identification, risk assessment

and risk control
‘Route planning’
Before you set off upon your journey, an assessment will
have to be made to identify any actual or potential hazards
that may prevent you from reaching your ultimate destination
(hazard identification and risk assessment) and your route
adjusted to suit (risk control). Consideration will have to be
taken when developing your company specific road map
(policy statement) to the avoidance and elimination of
such hazards.

Legal and other requirements

The ‘one-way streets’
All companies are affected by health and safety
legislation, albeit to varying degrees. Legislation can be
likened to a ‘one- way’ street, you have to drive up it the
right way or you could
ultimately face a fine and/or prosecution. However, like a one-
way street, legislation can be avoided (e.g. by eliminating
the use of hazardous chemicals within your workplace you
can negate the need to comply with the Control of
Health Regulations - COSHH). You will need to identify the ‘one- way’ streets
(legislative obligations) that you will have to travel down upon your journey
and ensure that your road map (policy statement) makes reference to them. To
avoid driving down a ‘new’ one-way street the wrong way you will have to keep up
to date with changes to legislation.

Objectives
The mandatory ‘points of call’
Detail where you need to be, and by when, to arrive at your ultimate destination.
Consideration will have to be taken as to the least hazardous routes (risk
assessment results), the one-way streets that you need to negotiate (legal
compliance) and your overall journey map (policy statement) when identifying
your mandatory points of call.

OH&S management programmes

Your complete travel ‘timetable’
Once you have identified your mandatory points of call (objectives), you can begin
to map out the quickest and safest journey route (management programme).
With start and completion dates being assigned between each point of call, the
time taken to reach the ultimate destination can be calculated, the appropriate
number of ‘driver’s assigned and consideration given to the amounts of fuel
required (£).

Structure & responsibility

‘Drivers’ of the health and safety vehicle
As the road to continuous health and safety improvement is never ending,
responsibility for driving the vehicle (BS OHSAS 18001) will, without doubt,
have to be shared. To leave all of the driving to one individual, can ultimately
lead to ‘tiredness’ and a ‘system crash’. It is often best to appoint a ‘co-driver’
(Management Representative) who will ‘direct’ a number of select drivers
through the one-way streets (legislative obligations) and look out for any
unpredicted hazards that may become apparent. Once a number of suitable
drivers have been nominated, a decision can then be made as to which
particular parts of the journey that they themselves will drive.
C1 “A Journey of Continuous Health & Safety Improvement” continued

Training, awareness and competence

Accidents, incidents, non-conformance and
Driving lessons and test corrective and preventive action
Each selected driver will have to be made aware of the road ‘Accident reporting’
map (policy statement), road hazards (hazards and risk
assessments), one-way streets (legal obligations) and be Provides a systematic means of reporting accidents should
taught the Highway Code (safe systems of they occur along the journey. It makes provisions for the
work/procedures). External ‘driving instructors’ amendment of vehicle (system) faults, should that be found
[consultants] may be used for this purpose. An ‘on the to be the cause of the accident.
road’ test (measure of competence) will have to taken and
passed at the end of the driving lessons (training). Records and records management
The ‘glove compartment’ of BS OHSAS 18001
Consultation and communication Where all obsolete road maps (policies), travel
Making everyone aware of the complete journey timetables (management programmes), etc. are kept for
Including the finalised road map (policy), the one-way reference purposes.
streets (legislation), the key points of call (objectives),
travel timetable (management programme) and Highway Audit
Code (operational procedures). ‘Vehicle servicing’
A periodic check as to the continued road worthiness of
Documentation your vehicle (system). The vehicle manufacturers
Vehicle Operating Manual (management team) usually specify the frequency of a
The Vehicle-Operating Manual (OH&S policy manual) details ‘complete service’, e.g. every 6000 miles (6 months).
how the vehicle (BS OHSAS 18001) is built and Failure to carry out regular servicing of the vehicle (system)
structured. Usually issued to all the ‘drivers’ at the onset can result in an accident.
of the journey, it provides a complete overview of how to
use the vehicle correctly to minimise vehicle (system) Third Party Certification
breakdown.
‘MOT’
Document and data control An independent check, by an accredited garage (certification
Ensuring that journey plans are kept up to date body) to determine the road worthiness of your vehicle
(system). Following a set of pre-determined checks, a
If everyone is to arrive at the ultimate destination at the same certificate or a test sheet detailing the areas requiring
time, all information should be at the same issue status. repair is issued.
ALL drivers will need to be made aware any subsequent
changes to prevent them straying from the convoy. Management review
‘Motorway service stops’
Operational control
The ‘Highway Code’ Whereby all the drivers can get together to review the
journey to date and discuss the effectiveness of, and
The Highway Code (operational procedures), which, if followed, changes to, the
will ensure that accidents do not occur, and that one-way road map (policy), key points of call (objectives), travel
streets (legal obligations) are negotiated correctly. timetable (management programme), one-way streets
(legislation) and the highway code (operational procedures).
Emergency preparedness and response Such a get together is used to assess the adequacy of fuel
‘Breakdown and recovery membership’ levels (£) to complete the journey, and to discuss the
results of police spot checks (Audits) and MOT’s
Contingency plans, should an emergency occur. (Certification).

Performance measurement and monitoring

‘Regular checks to see that the journey is to
plan’
Continual monitoring and measurement of key points
of call (objectives) and the status of the one-way streets
(legal compliance).
D

D OH&S Management System elements

D1 4.1 General

requirements D2 4.2

OH&S Policy
 OH&S Management
AD System elements

As discussed earlier, BS OHSAS 18001 is aligned with ISO 14001, which is based upon the ‘Plan, Do, Check, Act’ structure
pioneered by the American quality expert W. Edwards Deming in the 1950’s. This simple but effective structure is still
used today to ensure that the hazards and risks associated with organizations activities, products and services are
systematically identified and assessed, controlled, monitored and continuously improved.

P D
Plan Do

A C
Act Check

Figure 1: Plan-do-check-act (PDCA) cycle, also known as Deming’s cycle.

 4.1 General requirements
D1

Specification intention
Clause 4.1 – General requirements
The organization shall establish and maintain an
OH&S Management System, the requirements for which are
set out in clause 4. (see above)

4.2 OH&S Policy

D2

Introduction BS OHSAS 18001 requirement

Having decided to develop an OH&S Management System, Top management shall define and authorize the
the next most critical step is to set out what you wish it organizations OH&S policy and ensure that within the
to deliver. The H&S policy statement can simply and defined scope of its management system it:
effectively state these aspirations and communicate such a) is appropriate to the nature and scale of the
commitments to interested organization’s OH&S risks
parties. This is especially important to smaller companies b) includes a commitment to prevention of injury and ill
who are under pressure from major clients to develop an health and continual improvement in OH&S
OHSMS. Sending such an OH&S policy to customers can management and OH&S performance
form part of a marketing strategy and assure clients that you c) include a commitment to at least comply with
applicable legal requirements and with other
have embarked upon the road to BS OHSAS 18001
requirements to which
certification. the organization subscribes that relate to its OH&S
BS OHSAS 18001 policy requirements are based upon hazards;
similar intentions as those enshrined within the Health & d) provides the framework for setting and
Safety at Work etc Act 1974 (HSAWA) as set out on the reviewing OH&S objectives
following page. However, they do not require that the e) is documented, implemented and maintained
‘organizational structure’ and health and safety ‘arrangements’ f) is communicated to all persons working under the
form part of the actual policy document. Instead, under BS control of the organization with the intent that they
are made aware of their individual OH&S obligations
OHSAS 18001 such aspirations are usually documented
and communicated through the development, g)is available to interested parties and
and subsequent issue, of a Health & Safety Policy h)is reviewed periodically to ensure that it remains
relevant and appropriate to the organization.
Manual and supporting operational procedures.
E

E What the law requires

E1 Hints for implementation

E2 Developing a H&S Policy Statement

 What the law requires
E

Although a ‘parent’ statement can be

s2 (3) of the Health & Safety at Work etc Act written in broad terms, because the
1974 states. detailed arrangements are described
elsewhere, it should not be forgotten
“Except in such cases as may be prescribed, it shall be the
that the health and safety
duty of every employer to prepare and as often as may be
appropriate revise a written statement of his general policy
with respect to the health and safety at work of his
employees* and the organization and arrangements for the
time being in force for carrying out that
policy, and to bring the statement and any revision of it to the
notice of all his employees”
The only exception prescribed under s2 (3) is that
contained within the Employers’ Health and Safety Policy
Statements
(Exception) Regulations 1975 which exempt “any employer
who carries on an undertaking in which for the time being
he employs less than five employees”.

Under s2 (3) the written statement must:

▶ State your general policy on health and safety
▶ Describe the organization and arrangements for carrying
out your policy
▶ Be brought to the notice of all your employees
▶ Be revised whenever appropriate, and every revision must
be brought to your employees’ attention.
NOTE: The law only requires safety policy statements to cover the
health and safety of employees. However, you would do well to set
down your strategy for protecting other people who could be put at
risk by your activities such as contractors, customers, and the public. If
other people’s activities (e.g. those of contractors on your site) could
put your own employees at risk, you will in any case need to consider
how these risks are to be avoided and to cover this aspect in your
policy statement.

Under the HSAWA your general policy, organization and

arrangements must all be covered but it’s up to you how
you set out the information. It is therefore acceptable to
structure your health and safety management system as
you wish as long as you can demonstrate that you are
complying with the law. The important thing is to think
carefully about all the possible hazards and the best ways
of dealing with them, and to set out your policy statement
in the way you think will be clearest to your employees, using
everyday language. Remember that to be of any use the
statement must be read, understood and acted upon by all
concerned.
In the case of companies engaged in a number of
different activities or whose activities are geographically
widespread, a single safety policy statement may not be
the best solution. An alternative would be to produce a
general statement at the most senior level, setting out the
main principles, which could then be used as a basis for
more, detailed statements relating to each operational
unit.
Where the structure of an organization is such that a
number of subsidiaries are themselves employers, each
subsidiary would need to issue the ‘parent’ statement under
its own authority as part of its statement.
Arrangements for headquarters’ staff should also be dealt with in detail,
either in the ‘parent’ statement itself or in associated documents.

Interpretation
BS OHSAS 18001 places a number of mandatory requirements upon your
organization with regards to the effective development, issue, maintenance and
communication of an OH&S policy. What does this mean?

Top management authorizing the policy

Once developed, the OH&S policy needs to be authorized and endorsed by top
management to promote top-level commitment to the aspirations and general
objectives contained within it. It is not uncommon for the whole management
team to endorse the policy, by signature (as a collective group) to demonstrate
their support
to ensuring that the policy aspirations are effectively implemented and
delivered, rather than seaming to appear that only one
senior person has made such a commitment. Such commitment demonstrates
credence to the system within the organization.
During the authorization and endorsement processes, consideration should
be given to any corporate health and safety policies and aspirations that may
exist. Compatibility with your statement should be checked, and formal
approval/endorsement of your policy sought from the corporate body.
Dedication to the OHSMS should also be shown in other ways.
As well as authorizing the policy, the management team should support the
system by allocating suitable and sufficient resources. Simple and regular
communications (for example via bulletins) from management on the progress
of the system will demonstrate ongoing support.

The inclusion of overall health and safety objectives supported by a

commitment to improving health and safety performance
Your policy should include your overall health and safety objectives,
i.e. what you are trying to achieve through the introduction of a formal
documented management system, e.g. ‘to actively
identify health & safety hazards with a view to actively eliminating, controlling
or minimising them where practicable’.

Include a commitment to continual improvement

Society’s expectations are increasing the pressure on organizations to reduce the
risk of illness, accidents and incidents in the workplace. In addition to
meeting legal responsibilities, the organization should aim to improve its
OH&S performance, and
its OH&S Management System, effectively and efficiently, to meet changing
business and regulatory needs. A commitment to such is therefore imperative in
the policy statement.
This does not mean that have to improve in all areas at once, but the policy
should drive you overall efforts to continually improve your organization’s
occupational health and safety performance.
 E What the law requires continued

Include a commitment to at least comply with applicable language, you should already have some
legislation and with other requirements to which the means of communication established -
organization subscribes that relate to its OH&S hazards through bilingual workers, safety signs
Organizations are required to be in compliance with written in other languages, etc. You will
‘current’ applicable OH&S legislation and other OH&S need to ensure that these workers are
requirements. The OH&S policy commitment is recognition
by the organization of its duty to comply with such
legislation or other requirements, and states that it
intends doing so.
NOTE: Other requirements may mean, for example, corporate or
group policies, the organizations own internal standards or
specifications, or HSE Approved Codes of Practice and guidance
notes.

Be documented, implemented and maintained

In order for the OH&S policy to be effective, it should be
documented and be periodically reviewed for continuing adequacy,
and subsequently amended or revised as necessary. Reviewing
the statement keeps it alive and relevant to the health and
safety issues it is trying to address. It may need to be
revised in the light of experience, or because of new hazards
or organizational changes. The law requires you to revise the
policy statement as often as may be appropriate.
Planning and adequate preparation are the key to
successful implementation. Often, OH&S policy
statements and OH&S objectives are unrealistic because
there are inadequate or inappropriate resources available
to deliver them. Before making any public declarations the
organization should ensure that any necessary finance,
skills and resources are available, and that all OH&S
objectives are realistically achievable within such a
framework.

Be communicated to all persons working under the

control of the organization with the intent that they
are made aware of their individual OH&S obligations
This requires the organization to clearly communicate its
OH&S policy (and as such general OH&S objectives) to any
person working under the control of the organization, which
could (as well as employees) be contractors,
agency/temporary workers etc., to enable them to have a
framework against which they can measure their own
individual OH&S performance. (See the table on the next page
for ideas on communication).
You may already have suitable means of communicating
changes that affect your employees, e.g. team briefing
sessions, etc., but whatever communicative arrangements
you decide on, similar arrangements should apply for
contractors and agency staff whenever a revision is issued.
Safety representatives are entitled to inspect and take their
own copies under Regulation 7 of the Safety Representatives
and Safety Committees Regulations 1977.
Publicising the statement will stimulate your employees’
interest, especially if the statement and its relevance to
them is explained and discussed. They are more likely to
play their part if they are convinced of the value you
place on their health and safety.

If part of your workforce does not read English as its native

20
acquainted with the safety policy and the parts of any supporting documents
relevant to them.

Include a commitment to prevention of injury and ill health

Any individual or group (either internal or external) concerned with or affected by
the OH&S performance of the organization would be particularly interested in the
OH&S policy statement. Therefore, a process should exist to communicate the
OH&S policy to them. The process should ensure that interested parties
receive the OH&S policy on request but does not necessarily provide for
unsolicited copies.
You do not need to provide health and safety inspectors with a copy of the
statement unless asked to do so. However, if an
inspector visits your premises, he or she may want to check the statement
to ensure that it complies with the law.

Communicating the policy commitments of BS OHSAS 18001

Internally Externally

▶ posting around the ▶ sales and

site on notice boards marketing
and in reception literature
▶ letters, memos ▶ business cards
▶ including it with ▶ newspaper
pay cheques advertisements
▶ training sessions, ▶ annual reports
especially induction
training for new staff and ▶ public library
contractors ▶ local community meetings
▶ staff meeting or briefing and open days

▶ intranet/ e-mail ▶ visitor badges

▶ staff magazines/ bulletins ▶ internet/ e-mail

▶ external site notice
boards

Be reviewed periodically to ensure that it remains relevant and

appropriate to the organization
Legislation evolves, societal expectations increase, and change is inevitable.
Consequently, the organization’s OH&S Policy and Management System will
need to be reviewed regularly to ensure
its continuing suitability and effectiveness. Such a review is usually conducted
as part of the health and safety management review process.
The legal requirement aside, a safety policy statement can bring real benefits.
If it is well thought out, has your backing, commands respect and it is
thoroughly put into practice, it should lead to better standards of health and
safety. Managers and employees will see the importance of the policy and will
be encouraged to co-operate.
The OH&S policy should be viewed, therefore, not as commandments
set in stone, but as a living document, which drives the system but also
grows with it as the system matures.
 Hints for implementation
E1

Consider your legal obligations under the Health and Write your policy in easy to understand language,
Safety at Work etc Act 1974 (as well as BS OHSAS keep it jargon free and to the point. The statement should
18001 requirements) when developing your health and set out clear
safety policy statement, and format and structure your commitments and act as a springboard when setting
policy accordingly. objectives. The policy will be brought to life in your plans
and actions
Consider your obligations under any ‘corporate’ health
and safety policies or objectives and ensure that your Involve people who are exposed to hazards in the workplace in
OH&S policy is compatible with such aspirations. the development of your OH&S policy statement, e.g. shift
managers, operators, health and safety representatives etc. to
Use brainstorming techniques to collate ideas and
gain ownership.
thoughts on the policy content, control and distribution. Try
to involve as many people as possible; input from a wide ‘Communicate’ you policy to all of your employees, don’t
range of people within your organization will increase transmit it. Communication is a two way process whereupon
commitment and ownership. Try the following questions employees can have their say, many company’s merely issue
to get ideas flowing: the policy in wage packets or place it on notice boards and
then fail to understand why their employees do not
▶ What are we trying to achieve through our occupational comprehend its content or buy into the process of continuous
health and safety management system? OH&S improvement.
▶ What hazards and risks do we want to address?

▶ What positive OHS attributes can we promote in the

policy?
▶ Will we do what we say we will?

▶ Shall we develop a stand-alone document or integrate

into other policies?
 Developing a H&S Policy
E2 Statement

Start

Consider the issues requiring

attention,
e.g. any actual or potential hazards
and associated risks, employee Step Why does the company List 1
issues etc want and/or need an
1
OH&S Management System

Consider to whom you will issue a

copy of the policy to ‘proactively’, and Who will (or may) need
‘reactively’ once it is completed. Step List 2
Consideration should be given to
to have access to the
2 policy once it is completed
interested parties both internal and
external to the organization

Having identified those who will or

may have access to the policy, consider How will the OH&S policy List 3
the mechanisms that you would need to Step
be made available once
use to communicate the policy 3
aspirations to them. completed and approved

Write an OH&S policy based BS

When writing your policy ensure that you
have covered all the issues affecting the
OHSA
Step upon the Lists you have S
company as identified in List 1. Examine 4 developed & the 18001
your policy to ensure that you have an
element(s) in it that is relevant to each of the requirements of BS OHSAS
groups identified in List 2. Check your policy 18001
against each requirement of BS OHSAS
18001 – Clause 4.2 OH&S Policy.

Present policy and Lists

End
E2 Developing a H&S Policy Statement continued

List 1

List 2

List 3
E2 Developing a H&S Policy Statement continued

Intentionally left blank for writing the policy statement

E2 Developing a H&S Policy Statement continued

Common non-conformances
Self assessment questions:
Some of the common non-conformances found during
▶ Have you developed a written policy statement?
the certification process include:
▶ Is it appropriate to the nature and scale of the
▶ The policy is not defined by top management organization’s occupational health and safety risks?
▶ The use of a corporate policy where a site ▶ Does it address a commitment to continual improvement and
policy is more appropriate compliance with relevant legislation?
▶ The policy is not relevant to the company’s activity or ▶ Has it been effectively communicated internally and
scope externally?
▶ Commitment to continual improvement is not clearly ▶ Is there a mechanism in place for periodically reviewing
defined or missed out altogether the policy?
▶ No mechanisms are in place for revision of the policy
▶ The system records do not support the policy
commitments
▶ Communication with employees is not carried
out or is inadequate.
F

F Planning
F1 Planning for hazard identification, risk assessment and risk control

F2 What the law requires

F3 Interpretation – how to assess the risks in your workplace

F4 Interpretation - risk assessment methodologies

F5 Identifying hazards and assessing risks

F6 Legal and other requirements

F7 Objective Programme(s)

F8 Management programme(s)

F9 Example OH&S management programme

 Planning
F

Planning for hazard

F1 identification, risk assessment
and risk control

Introduction d) identified hazards originating outside the workplace

capable of adversely affecting the health and safety of
After using the process of hazard identification, risk persons under the control of the organization within
assessment and risk control, your organization should the workplace
have a total understanding of all its significant OH&S e) hazards created in the vicinity of the workplace by work-
hazards. The outputs from the process will be the basis of related activities under the control of the organization
the whole management system. NOTE: it may be more appropriate for such hazards to be
assessed as an environmental aspect.
If your organization does not have a current OH&S
f) infrastructure, equipment and materials at the
Management System, its current position with regard to
workplace, whether provided by the organization
OH&S risks can be established by conducting an ‘initial or others
review’. The aim of this ‘initial review’ is to consider all
g) changes or proposed changes in the organization, its
of the OH&S risks faced by the organization, as a basis activities, or materials
for establishing the management system. The h) modifications to the OH&S Management System,
following issues are often considered as part of including temporary changes, and their impacts on
this initial review: operations, processes, and activities
i) any applicable legal obligations relating to risk
▶ Identification of the OH&S risks
assessment and implementation of necessary
▶ Legislative, regulatory requirements and other controls (see also the NOTE to 3.12)
requirements (e.g. industry codes of practice) j) the design of work areas, processes, installations,
machinery/ equipment, operating procedures and work
▶ A close examination of all existing occupational health organization, including their adaptation to human
and safety management practices, processes and capabilities.
procedures
The organization’s methodology for hazard identification
▶ Collation and evaluation of feedback from the and risk assessment shall:
investigation of previous accidents, incidents and a) be defined with respect to its scope, nature and
emergency situations. timing to ensure it is proactive rather than
reactive and
The initial review can be conducted using a number of
b) provide for the identification, prioritisation and
methods, this often includes:
documentation of risks, and the application of controls,
▶ Using checklists as appropriate.
▶ Conducting interviews For the management of change, the organization shall
identify the OH&S hazards and OH&S risks associated
▶ Inspecting processes directly with changes in the organization, the OH&S Management
System, or its activities, prior to the introduction of such
▶ Measurement and monitoring of historical and current
changes.
OH&S performance
The organization shall ensure that the results of
▶ Results of any previous audits and reviews. these assessments are considered when determining
The formal process of hazard identification, risk controls.
assessment and risk control as required under clause 4.3.1 When determining controls, or considering changes to
of OHSAS can then be carried out. existing controls, consideration shall be given to
reducing the risks according to the following hierarchy:
a) elimination
BS OHSAS 18001 requirement b) substitution
The organization shall establish, implement and c) engineering controls
maintain a procedure(s) for the ongoing hazard d) signage/warnings and/or administrative controls
identification, risk assessment, and determination of
e) personal protective equipment.
necessary controls.
The organization shall document and keep the
The procedure(s) for hazard identification and risk
results of identification of hazards, risk assessments
assessment shall take into account:
and determined controls up-to-date.
a) routine and non-routine activities
The organization shall ensure that the OH&S risks and
b) activities of all persons having access to the
determined controls are taken into account when establishing,
workplace (including contractors and visitors)
c) human behaviour, capabilities and other human factors
 What the law requires
F2

The concept of risk assessment became etched within the Interpretation

Health & Safety Legislative framework when the Management Hazard identification, risk assessment
of Health & Safety at Work Regulations 1992 (SI 2051) and risk control processes should be
came into force in January 1993. suitable and sufficient to allow your
The notion of risk assessment has of course always been organization to identify, evaluate and
‘implied’, if not actually stated, within health and safety control its OH&S risks on an ongoing
legislation. basis.
(e.g. s2 (2) (a) of the Health and Safety at Work Act 1974
requires employers to provide and maintain plant and
systems of work that are, so far a reasonably practicable,
safe and without risks
to health). Clear compliance with such a requirement
would, by implication, necessitate an assessment of
risk.
Revised and re-issued in 1999 to include a
requirement for all companies to use the information
obtained from their risk
assessments to initiate control measures, the
Management of Health & Safety at Work Regulations,
which are the principal regulations with regards risk
assessment, require that
“(1) every employer shall make a suitable and
sufficient assessment of:
(a)The risks to the health and safety of his employees to
which they are exposed whilst they are at work
(b)the risks to the health and safety of persons not in his
employment arising out of or in connection with the conduct by
him of his undertakings.
For the purpose of identifying the measures he needs to
take to comply with the requirements and prohibitions
imposed upon him by or under the relevant statutory
provisions.”
The risk assessment process should therefore consider
employees, visitors, contractors, members of the public, and
be consistent with the health and safety regulations
currently in effect.
Additional requirements for risk assessment are demanded
in a number of supporting regulations, namely:

▶ Manual Handling Operations Regulations 1992

▶ Personal Protective Equipment at Work Regulations
1992
▶ Health and Safety (Display Screen Equipment)
Regulations 1992
▶ Noise at Work Regulations 2005
▶ Control of Substances Hazardous to Health Regulations
2002
▶ Control of Asbestos at Work Regulations 2007
▶ Control of Lead at Work Regulations 2002
▶ Regulatory Reform (Fire Safety) Order 2005
▶ Construction (Design and Management) Regulations
1997 and as such, consideration should be given when
developing hazard identification and risk assessment
methodologies as to what regulatory requirements are
applicable, and methods developed which assess the
hazards and risks associated with them.
The hazard identification, risk assessment and risk control processes and
their outputs should form the basis of the whole OH&S system. It is
important that the links between the hazard identification, risk
assessment and risk control and the other elements of the OH&S
Management System are clearly established and apparent.
The hazard identification, risk assessment and risk control processes
should take into account the cost and time of performing these three
processes, and the availability of reliable data. Information already
developed for regulatory or other purposes may be used in these
processes. You may also take into account the degree of practical control you
may have over the OH&S risks being considered. You should determine
what the OH&S risks are, taking into account the inputs and outputs
associated with your current and relevant past activities, processes, products
and /or services.
The complexity of hazard identification, risk assessment and risk control
processes will greatly depend on factors such as the size of the
organization, the workplace situations within the organization, and the
nature, complexity and significance of the
hazards. It is not the purpose of BS OHSAS 18001:1999, to force small
organizations with very limited hazards to undertake complex hazard
identification, risk assessment and risk control exercises.
In all cases, consideration should be given to:

Routine and non-routine activities

Normal, abnormal and potential emergency conditions and operations will
need to be considered by the organization when identifying hazards and
carrying out subsequent assessments of risk. It is important to remember,
and assess, the activities that occur on an infrequent basis such as window
cleaning, machine maintenance and repair etc. Organizations that operate a
night shift may have to consider other hazards/risks such as violence and
aggression towards their staff from external sources, which could occur
whilst entering the premises in the dark, etc. Other non-routine activities
could include members of staff taking their computers home to do work at the
weekend, where upon a risk assessment may need to be undertaken to
assess the risks associated with the manual handling of the equipment and
its subsequent use.

Activities of all personnel having access to the workplace (including

contractors and visitors)
The Management of Health & Safety at Work Regulations 1999 requires that
employers make suitable and sufficient assessment the H&S risks to
employees and the H&S risks to persons not in his employment arising out of
or in connection with the conduct by him of his undertakings.
It is therefore imperative that you consider who could be harmed whilst
visiting or working at/on behalf of your organization. Such consideration
being given, but not limited, to young workers, trainees, new and expectant
mothers, etc. who may be at particular risk; cleaners, visitors, contractors,
maintenance workers, etc. who may not be in the workplace all the time;
members of the public,
or people you share your workplace with, if there is a chance they
could be hurt by your activities.

28
F2 What the law requires continued

Infrastructure, equipment and materials at the

What is a risk assessment?
workplace, whether provided by the organization
A risk assessment is nothing more than a careful
or others.
examination of what, in your workplace, could cause harm
Most workplaces must conform to the minimal facility to people so that you can weigh up whether you have taken
standards as contained in the Workplace (Health, Safety enough precautions or should do more to prevent harm.
and Welfare) Regulations 1992. These Regulations The aim is to make sure that no one gets hurt or becomes
formerly consolidate and concentrate the requirements of ill. Accidents and ill health can ruin lives, and affect your
the Factories Act 1961 and the Offices, Shops and Railway business if output is lost, machinery is damaged, insurance
Premises Act 1963 into a single piece of legislation costs increase, or you have to go to court.
applicable to virtually all workplaces. The principle
provisions of the Workplace (Health, Safety and Welfare) You are legally required to assess the risks in your workplace.
Regulations 1992, set parameters and requirements The important things you need to decide are whether a
for: hazard is significant, and whether you have it covered by
▶ Regular and systematic maintenance satisfactory
precautions so that the risk is small. You need to check this
▶ Ventilation
when you assess the risks. For instance, electricity can kill
▶ Temperature but the risk of it doing so in an office environment is
▶ Lighting remote, provided that ‘live’ components are insulated and
metal casings properly earthed.
▶ Cleanliness
▶ Absence of overcrowding
▶ Sedentary comfort
▶ Safety underfoot/floors
▶ Freedom from falls and falling objects
▶ Structural integrity and stability
▶ Doors and gates
▶ Windows and window cleaning
▶ Escalators and travelators
▶ Pedestrian traffic routes
▶ Vehicular traffic routes
▶ Sanitary conveniences/washing facilities
▶ Drinking water
▶ Clothing accommodation
▶ Rest/meal facilities.
It is therefore imperative that your risk assessment
considers the factors above.
Equipment will be governed by the Provision and Use
of Work Equipment Regulations (PUWER).
 Interpretation – how to assess
F3 the risks in your workplace

The complexity of hazard identification, risk assessment and

risk control processes greatly depends on factors such as Step 3 - Evaluate the risks and decide whether
the size of the organization, the workplace situations within the existing precautions are adequate or more should
organization and the nature, complexity and significance of the be done
hazards. It is not the purpose of BS OHSAS 18001 to force
Consider how likely it is that each hazard could cause
small organizations with very limited hazards to undertake
harm. This will determine whether or not you need to do
complex hazard identification and risk assessment.
more to reduce the risk. Even after all precautions have
HSE Guidance promotes a 5-step approach to hazard been taken, some risk usually remains. What you have to
identification and risk assessment: decide for each significant hazard is whether this
remaining is risk tolerable or intolerable.
Step 1: Look for the hazards
First, ask yourself whether you have done all the things that
Step 2: Decide who might be harmed and how
the law says you have got to do. For example, there are legal
Step 3: Evaluate the risks and decide whether the requirements on prevention of access to dangerous parts of
existing precautions are adequate or whether machinery. Then ask yourself whether generally accepted
more should be done industry standards are in place. But don’t stop there - think
Step 4: Record your findings for yourself, because the law also says that you must do
what is reasonably practicable to keep your workplace safe.
Step 5: Review your assessment and revise it if necessary.
Your real aim is to make all risks small by adding to your
Don’t be over complicated. In most firms in the precautions as necessary.
commercial, service and light industrial sectors, the
If you find that something needs to be done, draw up an ‘action
hazards are few and simple. Checking them is common
list’ and give priority to any risks that are intolerable and/or
sense, but necessary. You probably already know whether, for
those, which could affect most people.
example, you have machinery that could cause harm, or if
there is an awkward entrance or stair where someone In taking action ask yourself:
could be hurt. If so, check that you have taken what
▶ Can I eliminate the hazard altogether?
reasonable precautions you can to avoid injury.
▶ If not, how can I control the risks so that harm is
If you are a small firm and you are confident you understand
unlikely?
what’s involved, you can do the assessment yourself (you don’t
have to be a health and safety expert!). If you are a larger In controlling risks apply the principles below, if
firm, you could ask a responsible employee, safety possible in the following order:
representative or safety officer to help you. If you are not ▶ Try a less risky option
confident, get help from a competent source, but remember
▶ Prevent access to the hazard (e.g. by guarding)
you are responsible for seeing it is adequately done.
▶ Organize work to reduce exposure to the hazard
Step 1 - Look for the hazards ▶ Issue personal protective equipment
If you are doing the assessment yourself, walk around ▶ Provide welfare facilities (e.g. washing facilities for
your workplace and look afresh at what could reasonably be removal of contamination and first aid).
expected to cause harm. Ignore the trivial and concentrate
Improving health and safety need not cost a lot. For
on significant hazards that could result in serious harm or
instance, placing a mirror on a dangerous blind corner to
affect several people.
help prevent vehicle accidents, or putting some non-slip
Ask your employees or their representatives what they material on slippery steps, are inexpensive precautions
think. They may have noticed things that are not considering the risks? And failure to take simple
immediately obvious. precautions can cost you a lot more if an accident does
Manufacturers’ instructions or data sheets can also help you happen.
spot hazards and put risks in their true perspective. So can
But what if the work you do tends to vary a lot or you
accident and ill-health records.
or your employees move from one site to another? Identify
the hazards you can reasonably expect and assess the
Step 2 - Decide who might be harmed, and how? risks from them.
▶ Young workers, trainees, new and expectant mothers, etc. After that, if you spot any additional hazards when you get
who may be at particular risk to a site, get information from others on site, and take
what action seems necessary.
▶ Cleaners, visitors, contractors, maintenance workers, etc.
who may not be in the workplace all the time But what if you share a work place? Tell the other
▶ Members of the public, or people you share your employers and self-employed people there about any risks
workplace with, if there is a chance they could be hurt your work could cause them, and what precautions you are
by your activities. taking. Also, think about the risks to your own work force
from those who share your workplace.
But what if you have already assessed some of the risks?
If, for example, you use hazardous chemicals and you have already assessed
the risks to health and the precautions you need to take under the Control of
Substances Hazardous to Health Regulations (COSHH), you can consider them
‘checked’ and move on.

30
F3 Interpretation – how to assess the risks in your workplace continued

Step 4 - Record your findings

Step 5 - Review your assessment and revise
If you have fewer than five employees you do not need to it if necessary
write anything down, though it is useful to keep a written
record of what you have done. But if you employ five or Sooner or later you will bring in new machines,
more people you must record the significant findings of substances and procedures which could lead to new
your assessment. This means writing down the significant hazards. If there is any significant change, add to the
hazards and conclusions. Examples might be ‘Electrical assessment to take account of the new hazard. Don’t
installations: insulation and earthing checked and found sound’ amend your assessment for every trivial
or ‘Fume from welding: local exhaust ventilation provided and change, or still more, for each new job, but if a new job
regularly checked’. You must also tell your employees about introduces significant new hazards of its own, you will want
your findings. to consider them in their own right and do whatever you
need to keep the risks down. In any case, it is good
Suitable and sufficient - not perfect! practice to review your assessment from time to time to
make sure that the precautions are still working
Risk assessments must be suitable and sufficient. You
effectively.
need to be able to show that:
▶ A proper check was made
▶ You asked who might be affected
▶ You dealt with all the obvious significant hazards,
taking into account the number of people who could
be involved
▶ Precautions are reasonable, and the remaining risk is
low.
Keep the written record for future reference or use; it can
help you if an inspector asks what precautions you have
taken, or if you become involved in any action for civil
liability. It can also remind you to keep an eye on particular
hazards and precautions. And it helps to show that you
have done what the law requires.
To make things simpler, you can refer to other
documents, such as manuals, the arrangements in your
health and safety policy
statement, company rules, manufacturers’ instructions, your
health and safety procedures and your arrangements for
general fire safety. These may already list hazards and
precautions. You don’t need to repeat all that, and it is up
to you whether you combine all the documents, or keep
them separately.
 Interpretation - risk
F4 assessment methodologies

There is no official guidance on the most appropriate 3 = Three Day Injury (as determined in
methodology for ranking risks. However the methodology RIDDOR)
suggested below 2 = Minor Injury (First Aid Treatment
is used by many businesses and organizations, and found only)
to a suitable means of identifying and prioritising action. It is 1 = Accident/Incident where no injury
important to stress that ALL risk assessments are occurs
subjective, reflecting the ‘opinions’ and ‘judgements’ of
the assessor. When carrying out an assessment you may
wish to carry out the identification of
hazards, risk assessment and risk control processes using a
team approach, whereby consensus can be reached as to the
prevalent and action required.
The 5x5 method measures each identified hazard against
two constituents of risk;
Likelihood - or probability of occurrence; severity - or, the
potential consequence(s) upon human health.

‘5x5’ Assessment Method

Identify hazards - See - Step 1 - previous
guidance. Typical hazards may include, but are not
restricted to:
▶ Electrical
▶ Fire
▶ Handling
▶ Slipping
▶ Tripping
▶ Noise
▶ Vibration
▶ Chemical use and spillage
▶ Ventilation
▶ Radiation
▶ Lifting
▶ Falling objects
▶ Traffic Movement
▶ Lone-working etc.

Evaluate the risks

Once all of the hazards have been identified, they can
be individually risk assessed, to determine whether
on not such hazards are tolerable or intolerable
whereby:

Likelihood (Probability)
5 = Very likely to occur/has Occurred
4 = Probable
3 = Possible
2 = Remote
1 = Improbable
Severity (Consequence)
5 = Fatal Outcome
4 = Major Injury (Reportable under RIDDOR)
Having made a judgement as to the risk levels associated with EACH
hazard, you will need to assess whether suitable precautions exist to control
or reduce the risk. Using the above scenario, if
the above office was inhabited at all times, had adequate smoke detection and
suitable fire fighting equipment, supported by personnel trained in the use
of such equipment it is less likely that the severity would be fatal. The
severity may then become (1) as a subsequent fire would be immediately
identified and suppressed adequately and safely.

Decide who may be harmed

In the above scenario, potential harm may be restricted to employees,
although you will have to consider whether the outbreak of such a fire
could prevent evacuation from another room, e.g. an adjacent meeting
room used for customers, etc.
Once the risks have been assessed and numerically ranked by
multiplying the likelihood and severity values, you will need to prioritise
action based upon what you determine as tolerable or intolerable risks. By
developing a simple matrix you can
ensure that those will the potential to become fatal accidents are addressed
before those deemed as being of lesser probability and consequence.

Basic Risk Matrix

RISK 5 10 15 20 25
4 8 12 16 20
3 6 9 12 15
2 4 6 8 10
1 2 3 4 5
SEVERITY

Action Priority
1 Immediate
2 Urgent - ASAP after immediate
3 Planned
4 For consideration

Details of the assessment should be recorded

Whilst you are only obligated to document you risk assessments if you
employ five or more persons, having taken the time and trouble to identify your
workplace hazards and risks it would be a shame to lose such valuable
information through not recording your findings. Such records needn’t be
complicated and time consuming to complete, but merely serve as written
evidence of what you have done.
 F4 Interpretation - risk assessment methodologies continued

Eliminate, combat or minimise

Interpretation
Wherever practicable, hazards should be eliminated, before
The following criteria should apply to the hazard identification,
control or minimisation options are adopted. Signage, the
risk assessment and risk control processes:
issue of Personal Protective Equipment (PPE) or the issue
of formal instructions should only be adopted as a last ▶ Competency requirements and training needs for
resort. BS OHSAS 18001 was modified in 2007 to ensure performing hazard identification, risk assessment and
that it mirrored the hierarchy of control as contained within risk control should be defined. For some organizations,
Schedule 1 of the Management of Health and Safety at Work depending on the type of process used, it may be
Regulations i.e.: necessary to use external advice/services
▶ Elimination ▶ The roles and authorities of personnel
▶ Substitution responsible for performing hazard identification,
risk assessment and risk control should be
▶ Engineering controls defined
▶ Signage/warnings and/or administrative controls ▶ Information from employee OH&S consultation, review
▶ Personal protective equipment. and improvement activities should be considered (these
activities may be either reactive or proactive in
All hazards identified as having an intolerable risk(s) nature)
associated with them will require some form of action to
eliminate, control or minimise the risk(s) identified. ▶ Feedback to management on the results of hazard
identification, risk assessment and risk control should
You should then consider setting an objective(s) to so. You be provided
may however wish to develop a generic objective to
▶ As well as considering the hazards and risks posed by
‘Eliminate, control or minimise all intolerable health & safety
activities carried out by its own personnel, the
risks as identified by the hazard identification and risk
organization should consider hazards and risks arising
assessment processes’, under which will sit a number of from the activities
supporting sub-objectives or tasks to address each specific of contractors and visitors, and from the use of
hazard graded as intolerable. products or services supplied to it by others
You should keep documentation, data and records concerning ▶ The OH&S hazards posed by materials, plant and
the identification of hazards, the risk assessment and equipment that degrade over time, particularly such
subsequent materials/plant/ equipment that are being stored
control of risks up-to-date in respect of the current activities
▶ Hazard identification, risk assessment and risk control
but also extend them to cover any new or modified activities
that may be take place within your organization before they should take into account the measures implemented for
the control of risks that are effective at the time of
are introduced.
the assessment; if
The documentation should include the identification of hazards. consideration of the resulting risk leads to amendments
It should also include the evaluation of the risks with to these measures, then further hazard identification and
existing or any proposed control measures in place but also risk assessment should be conducted to reflect the
take into account exposure to specific hazards, the amendments and to estimate the residual risk
likelihood of failure of the control measures, and the ▶ There should be clear evidence that actions identified
potential severity of consequences of injury or damage.
from hazard identification, risk assessment and risk control
Other elements that should be included are the evaluation of processes are monitored for their timely completion
the tolerability of residual risk, the identification of any
additional risk control measures needed and the evaluation ▶ Hazard identification, risk assessment and risk control
of whether the risk control measures are sufficient to reduce should be carried out as a proactive measure, rather than a
reactive one,
the risk to a tolerable level.
i.e. they should precede the introduction of new or
BS OHSAS 18001 clause 4.3.1 states that: revised activities or procedures, and risk reduction and
control measures identified via the process should be in
The organizations methodology for hazard identification
place before the change takes place
and risk assessment shall:
▶ Where appropriate, hazard identification, risk assessment
▶ Be defined with respect to its scope, nature and timing to and risk control should identify competency/training
ensure it is proactive rather than reactive and requirements for affected personnel
▶ Provide for the identification, prioritisation and documentation ▶ Human error should be considered as an integral part of the
of risks, and the application of controls, as appropriate. hazard identification, risk assessment and risk control
process
For the management of change, the organization shall identify
the OH&S hazards and OH&S risks associated with ▶ The organization should keep its documentation, data
changes in the organization, the OH&S Management System, and records concerning the identification of hazards
or its activities, prior to the introduction of such changes. and the assessment and control of risks up-to-date in
respect of ongoing activities, and extend them to cover new
developments and new or modified activities, before these

3
2
are implemented. The results should show the level of risk associated with a
particular hazard and may, therefore, affect the organization’s OH&S
objectives.
If this occurs, the organization should review its OH&S objectives
accordingly.

33
F4 Interpretation - risk assessment methodologies continued

Hints for implementation:

▶ Consider ALL of your legal obligations when carrying
out your hazard identification and risk assessment
processes
▶ Use the HSE’s five-step approach to risk assessment
as a basis for your methodologies
▶ Ensure that those responsible for carrying out your
assessments are trained and competent
▶ Review you assessments in light of significant
changes to workplace layout, equipment, processes etc.
or any accidents that may occur
▶ Assess any improvement actions, to make sure that
your suggested improvements do not create new hazards
and risks
▶ Utilise your health and safety audits to continually
review the adequacy of your assessments.

▶ Keep it simple!
 Identifying hazards and
F5 assessing risks

Identify the hazards/assess the risks associated with the organization’s activities, products and services.
Consider who may be harmed and what could be done to eliminate or control the hazards identified.

Start

Look for the Step

hazards associated with the company’s activities, products and services When identifying ‘hazards’
ask yourself “what could cause harm” and ignore the trivial
1

Think about people who only vacate the workplace periodically, as well as those regularly/ perm
Decide who may be harmed and how
Step
2

Evaluate the levels of risk associated with the hazards identified and consider existing precautions
Decide what could occur (likelihood) and the actual harm that could be caused (severity) using the 5x5 r
Step
3

Following the
Suggest ways of eliminating or controlling thehierarchy
hazards of hazard control, suggest ways of eliminating, controlling or minimising the hazards (and
identified
Step
4

Present information in Health & Safety

Risk Assessment Sheets

End

34 424 | E: [email protected] | www.nqa.com

F5 Identifying hazards and assessing risks continued

Common non-conformances:
▶ Lack of comprehensive, documented procedures for
identifying hazards
▶ Incomplete coverage for past, current and planned activities
▶ Incomplete coverage of all activities, products or services
▶ Hazard identification under routine and non-routine
not adequately covered
▶ Risk assessment of activities of all personnel having
access to the workplace, including subcontractors
and visitors
not considered
▶ Hazard identification and risk assessment does not
include facilities in the workplace provided by
others
▶ Poor provision for keeping the information up to date

Self assessment questions:

▶ Have you established a procedure for identifying and
assessing the risk of hazards and the implementation
of necessary
control measures?
▶ Have you considered the results of these assessments
and the effects of the control to feed into you
objectives?
▶ Are you keeping this information up to date?
 Legal and other requirements
F6

Introduction Typical inputs:

Any organization needs to be aware of and understand how ▶ Details of the organization’s production or
its activities are, or will be, affected by applicable legislation service realization processes
and other requirements such as Approved Codes of Practices ▶ Hazard identification, risk assessment and risk control
(ACoPs). results
This information needs to be communicated to all relevant
▶ Best practices (e.g. codes, industry association
personnel and to other interested parties such as
contractors. The organization also needs to keep abreast guidelines)
of the changes to legislation and to the introduction of ▶ Legal requirements/governmental regulations
new legislation. This will help to ensure compliance with the ▶ Listing of information sources
legislation and avoid enforcement action by the regulatory
▶ National, foreign, regional or international standards
bodies.
▶ Internal organizational requirements
BS OHSAS 18001 requirements ▶ Requirements of interested parties.
The organization shall establish, implement and
maintain a procedure(s) for identifying and accessing Process:
the legal and other OH&S requirements that are ▶ Relevant legislation and other requirements should be
applicable to it.
identified (Other requirements may include, but are not
The organization shall ensure that these applicable necessarily restricted to HSE Approved Codes of Practice
legal requirements and other requirements to which the and Guidelines)
organization subscribes are taken into account in
establishing, implementing and maintaining its OH&S ▶ Organizations should seek out the most appropriate
Management System. means for accessing the information. It is important to
The organization shall keep this information up-to-date. recognise that access will be required to the actual
The organization shall communicate relevant information on legal
regulations and to any changes made to them. Access to
and other requirements to persons working under the control the actual regulations may be afforded through the
of the organization, and other relevant interested parties. Internet, public library access, etc.
Whilst you may consider keeping up to date with
Interpretation
legislative changes and developments through health and
This requirement of 4.3.2 from BS OHSAS safety journals, legislative update services etc.
18001:2007 is intended to promote an awareness and
understanding of legal ▶ The organization should also evaluate which
responsibilities, not to require the organization to establish requirements apply, and where they apply, and who
libraries of legal or other documents that will rarely be needs to receive which kind of information.
referenced or used.
Typical outputs:
One of the commitments of your OH&S policy is to comply
▶ Procedures for identifying and accessing legislative
with current applicable OH&S legislation and with other
information
requirements to which the organization subscribes. Your OHS
Management System will help you to: ▶ Identification of which requirements apply and where
▶ Identify and evaluate applicable current and future legal [this may take the form of a register(s) of health and
safety and other requirements]
and other requirements such as ACoPs and Guidance
Notes published by the Health and Safety ▶ Not only will this register provide evidence that you
Executive (HSE) have identified your legislative obligations but will also
▶ Ensure that any relevant requirements are integrated into provide you with an excellent tool for training staff in
the operational and management controls of your legislative awareness
system.
▶ Requirements (actual text, summary or analysis,
where appropriate), available in locations which are to be
decided by the organization

▶ Procedures for monitoring the implementation of controls

consequent to new OH&S legislation

▶ Objectives and targets to comply with

your legislative obligations.
F6 Legal and other requirements continued

Hints for implementation

Common non-conformances
Considering the large volume of legislation now
On the whole, certification to BS OHSAS 18001 can be
applicable to businesses, this element of BS OHSAS
withheld if a legislative breach is identified. Only in
18001 may seem like a particularly daunting task.
circumstances where a documented agreement has been
Nevertheless there are several ways in which your
reached with regulator may certification be
organization can obtain information about applicable laws or
recommended.
regulations, without resorting to expensive legal advice.
These include: Other potential non-conformances include:
▶ Health and safety business ▶ Procedures not established or maintained
journals/newsletters/magazines
▶ Identification of legal requirements not sufficiently
▶ Health and safety guidance notes and ACoPs comprehensive
▶ Advice from regulatory agencies (e.g. the Health and ▶ Little or no reference to other requirements
Safety Executive, or local authorities)
▶ Failure to recognise how laws, regulations or other
▶ Trade associations requirements are relevant to the organization
▶ Business clubs/networks ▶ Access to legal and other requirements cannot
be demonstrated
▶ Public libraries

▶ The internet (e.g. OPSI web page) ▶ Evidence of legal compliance cannot be demonstrated.

▶ Customers, suppliers and other companies. Self assessment questions:

In the same way as ISO14001, BS OHSAS 18001 does not ▶ Have you identified applicable rules, requirements,
require the development of a register of legislation. It does legislation and other requirements relevant to your
however require your company to establish a procedure for organization?
identifying and having access to legal and other
requirements. The certification body ▶ Have you established and documented a procedure
will also want to see evidence that your company has for assessing legal and other requirements and
evaluated compliance and that the OH&S system is keeping them up-to-date?
designed to deliver compliance. Where non-compliance is ▶ Have legislative requirements been factored into the controls
identified appropriate actions should be taken to rectify the of your management system?
situation. It would therefore, be good practice to establish
some sort of Manual/Register showing that you have ▶ Is there a procedure in place to deal with any
identified the relevant legislation and documented current areas of non-compliance?
controls for compliance. This Manual/Register should be
reviewed and updated as circumstances within the
company change and legislation evolves.

A pro-forma for this register could include the following

headings:

▶ Précis of legislation

▶ Purpose of legislation

▶ Coverage/scope of legislation

▶ Compliance requirements

▶ Current compliance status

▶ Responsibility for compliance

▶ Review frequency.
Not only will this register provide evidence that you have
identified and have access to legislation but it will also
provide an excellent tool for training staff in legislative
awareness.
 Objective programme(s)
F7

resources may not allow this, but you

should
at least set objectives to ensure that the
BS OHSAS 18001 requirements associated risks are
The organization shall establish, implement and effectively managed and controlled.
maintain documented OH&S objectives, at relevant
functions and levels within the organization.
The objectives shall be measurable, where practicable,
and consistent with the OH&S policy, including the
commitments to the prevention of injury and ill health,
to compliance with applicable legal requirements and with
other requirements to
which the organization subscribes, and to continual
improvement.
When establishing and reviewing its objectives, an
organization shall take into account the legal
requirements and other requirements to which the
organization subscribes, and its OH&S risks. It shall also
consider its technological options, its financial,
operational and business requirements, and the views of
relevant interested parties.
The organization shall establish, implement and
maintain a programme(s) for achieving its objectives.
Programme(s) shall include as a minimum:
a) designation of responsibility and authority for
achieving objectives at relevant functions and levels of
the organization
b) the means and time-frame by which the objectives are
to be achieved.
The programme(s) shall be reviewed at regular and
planned intervals, and adjusted as necessary, to ensure that
Introduction
Objectives
It is necessary to ensure that, throughout the
organization, measurable OH&S objectives are established to
enable the OH&S policy to be achieved.
Following your OH&S hazard identification assessment,
you will have created a list of several issues, some of
which may be
classed as significant. In addition, your review of relevant
legislation may have highlighted areas of compliance
obligations requiring tighter control. These issues will need
to be incorporated within your OH&S system. To enable
this, your company must take the next step of setting
objectives and targets.
Moreover, your OH&S policy contains a commitment to
continual improvement so it is critical that your
objectives reflect any aspirations outlined in the statement.
The ongoing achievement of objectives will also provide clear
evidence to the certification body that the OH&S system is
effective in delivering continual health & safety
improvement.

Interpretation
Now that your company has identified its significant OH&S
hazards and understood what its legal duties are, the
standard now asks you to factor these into the OH&S
system. This does not mean that you must set improvement
objectives for every significant hazard identified. Financial

3
8
When setting objectives, consider your OH&S policy, including its three
core commitments. You should also consider the views of interested parties,
your technological options, and financial, operational, and other business
requirements.
It is critical that your objectives and targets are appropriate to your organization.
They can be set for the entire company or applied specifically to individual
departments, activities, and services.

Typical inputs:
▶ Policy and objectives relevant to the organization’s business as a
whole
▶ OH&S policy, including the commitment to continual
improvement
▶ Results of hazard identification, risk assessment and risk control
▶ Legal and other requirements
▶ Technological options
▶ Financial, operational and business requirements
▶ Views of employees and interested parties
▶ Information from employee OH&S consultation, reviews and improvement
activities in the workplace (these activities may be either reactive or
proactive in nature)
▶ Analysis of performance against previously established OH&S
objectives;
▶ Past records of OH&S non-conformance, accidents, incidents, and property
damage
▶ Results of the management review.

Process
Using information or data from the ‘Typical inputs’ described above,
appropriate levels of management should identify, establish and prioritise
OH&S objectives.
During the establishment of OH&S objectives, particular regard should be
given to information or data from those most likely to be affected by
individual OH&S objectives, as this will assist in
ensuring that they are reasonable and more widely accepted. It will also be useful
to consider information or data from sources external to the organization, e.g.
from contractors or other interested parties.
Meetings by the appropriate levels of management for the establishment,
and progression, of OH&S objectives should be held regularly.
For some organizations, there may be a need to document the process of
establishing the OH&S objectives in the form of a procedure; however this
is not a specific requirement.
F7 Objective programme(s) continued

Interpretation
The OH&S objectives should address both broad corporate
OH&S issues and OH&S issues that are specific to
individual functions and levels within the organization.
Suitable indicators should be defined for each OH&S
objective. These indicators should allow for the
monitoring of the implementation of the OH&S
objectives.
OH&S objectives should be reasonable and achievable, in
that the organization should have the ability to reach them
and monitor progress. A reasonable and achievable time
scale should be defined for the realization of each OH&S
objective.
OH&S objectives may be broken down into separate
goals, depending on the size of the organization, the
complexity of the OH&S objective and its time-scale.
There should be clear links between the various levels
of goals and OH&S objectives.

Examples of types of OH&S objectives include:

▶ Reduction of risk levels

▶ The introduction of additional features into the

OH&S management system

▶ The steps taken to improve existing features, or the

consistency of their application

▶ The elimination or the reduction in frequency of

particular undesired incident(s).
The OH&S objectives should be communicated (e.g. via
training or group briefing sessions) to relevant persons
working under the control of the organization, and be
deployed through the OH&S management programme(s).

Typical outputs
Documented, measurable, OH&S objectives for each function
in the organization.
 Management programme(s)
F8

Introduction Typical outputs

Defined, documented OH&S management
OH&S Management programme(s)
The organization should seek to achieve its OH&S policy programme(s). Objectives and targets should be S M
and OH&S objectives by establishing an OH&S ART
management programme(s). This will require the
development of strategies and plans of action to be taken, Simple
which should be documented and communicated. Progress Measurable
against meeting the OH&S objectives should be monitored,
Achievable
reviewed and recorded, and the strategies and plans should
be updated or amended accordingly. Relevant
Time-bound
Interpretation
You needn’t set up new management programmes to ensure
Typical inputs: that OH&S objectives are achieved utilise what you already
▶ OH&S policy and OH&S objectives have in place. Some companies use their business plan, to
good effect, to document how such objectives will be
▶ Reviews of legal and other requirements achieved.
▶ Results of hazard identification, risk assessment and risk Consider other objectives that you have committed to,
control i.e. productivity, quality, environmental, etc. when setting
time- scales for improvement. Otherwise you may end up
▶ Details of the organization’s production or
service realization processes continually re-scheduling your management programme.

▶ Information from employee OH&S consultancy, review

and improvement activities in the workplace (these Examples of objectives and targets
activities may be either reactive or proactive in nature)

▶ Reviews of opportunities available from new, or different,

technological options

▶ Continual improvement activities

▶ Availability of resources needed to achieve the

organization’s OH&S objectives.

Process
The OH&S management programme should identify the
individuals who are responsible for delivering the OH&S
objectives (at each relevant level). It should also identify
the various tasks, which need to be implemented in order to
meet each OH&S objective.
It should provide for the allocation of appropriate responsibility
and authority for each task and allocate time-scales to each
individual task, in order to meet the overall time-scale of the
related OH&S objective. It should also provide for the
allocation of suitable resources (e.g. financial, human,
equipment, logistics) to each task.
The programme may also relate to specific training
programmes. The training programmes will further provide
for the distribution of information and co-ordinate
supervision.
Where significant alterations or modifications in working
practices, processes, equipment or material are expected, the
programme should provide for new hazard identification
and risk assessment exercises. The OH&S management
programme should provide for consultation of relevant
personnel on expected changes.
Objectives Targets

40
On notice boards and Sales and marketing
Minimise exposure to Reduce recorded OEL levels
hazardous substances. of all solvents by 25% in
2009.
Improvement in the number Submit detailed reduction
of Lost Time Accidents strategy by QTR3 2008
caused by manual handling. with a view to a 50%
reduction for 2010.

Improve employee awareness Hold monthly awareness

of OH&S issues. training courses. Train
all employees by end of
2009.
 Example OH&S management
F9 programme

OH&S Policy requirement

Commitment to continual improvement

Legal and other requirements

Workplace (Health, Safety and Welfare) Regulations 1999
Manual Handling (Operations) Regulations 1992

Significant OH&S hazard

6 Lost Time Accidents occurred in 2003 attributed to manual handling activity

Impacts
6 accidents cost the company approximately £xxx in terms of lost production and covering overtime

Objective
To reduce the number of Lost Time Accidents by 50% for 2004

Targets
Review relevant risk assessments and produce reduction strategy

Reduce the amount of unnecessary manual handling

operations Train all employees on manual handling

techniques

Task items Responsibility Start Finish

Produce reduction strategy MJG 1 January 1 February

Produce new Safe Systems of Work to reduce ABW 1 March 31 July
amount of manual handling activity

Develop training package on good manual ABW 1 August 1 September

handling techniques and present course to all
relevant staff

Common non-conformances:
Self assessment questions:
▶ Objectives and targets do not reflect policy
▶ Do you have documented objectives, targets and
requirements
management programmes at relevant functions and
▶ Objectives and targets do not levels within
demonstrate continual improvement the organization?
▶ They are not linked to the significant hazards ▶ Have you ensured that your objectives, targets and
identified and legislative assessment management programmes are consistent with the
▶ They are not documented and distributed to relevant OH&S policy, including commitments to continual
sections for action improvement, legal compliance and identified OH&S
hazards?
▶ Responsibilities are not adequately defined
▶ Have you considered technological options, financial,
▶ No detailed means of achieving Objectives and
Targets are given operational, business requirements and the views of
other interested parties when setting your objectives
▶ OH&S hazards of new projects, plant or methods of and targets?
work are not considered or identified
▶ Have you established a process for tracking and
▶ Time-scales are not met and / or unrealistic. reporting progress and conformance with objectives
and targets?
▶ Have you established detailed action plans of how
you will achieve your objectives and targets?
▶ Do they include responsibilities, means and time
 frames to which they are to be achieved?
▶ Have you communicated the plans to relevant functions and levels of
your organization?
G

G Implementation and operation

G1 Structure and responsibility

G2 Competence, training and awareness

G3 Communication, participation and consultation

G4 Documentation

G5 Control of documents

G6 Operational control

G7 Emergency preparedness and response

 Implementation and operation
G

Structure and responsibility

G1

BS OHSAS 18001 requirements When establishing your OH&S Management System it is

critical to consider this human dimension. You should
Top management shall take ultimate responsibility for encourage participation at all levels within the company
OH&S and the OH&S Management System. including top management, middle management and
Top management shall demonstrate its commitment by: operational staff. For your system to be effective you must
a) ensuring the availability of resources essential to also clearly define and communicate each person’s role
establish, implement, maintain and improve the OH&S within the system. Whether it is the Managing Director or
management system the staff trained to give First Aid.
NOTE: Resources include human resources and specialized
skills, organizational infrastructure, technology and financial Typical inputs:
resources. ▶ Organizational structure/organogram
b) defining roles, allocating responsibilities and ▶ Hazard identification, risk assessment and risk control
accountabilities, and delegating authorities, to
facilitate effective OH&S management; roles, results
responsibilities, accountabilities, ▶ OH&S objectives
and authorities shall be documented and communicated.
▶ Legal and other requirements
The organization shall appoint a member(s) of top
management with specific responsibility for OH&S, irrespective ▶ Job descriptions
of other responsibilities, and with defined roles and ▶ Listings of qualified personnel
authority for:
a) ensuring that the OH&S Management System is Process:
established, implemented and maintained in 1) Overview
accordance with this OHSAS Standard
The responsibilities and authority of all persons who
b) ensuring that reports on the performance of the
OH&S management system are presented to top perform duties that are part of the OH&S Management System
management for review and used as a basis for should be defined, including clear definitions of
improvement of the OH&S Management System. responsibilities at the interfaces between different
NOTE: The top management appointee (e.g. in a large functions.
organization, a Board or executive committee member) may Such definitions may, among others, be required for:
delegate some of their duties to a subordinate management
representative(s) while still retaining accountability. ▶ Top management
The identity of the top management appointee shall be ▶ Line management at all levels in the organization
made available to all persons working under the
control of the organization. ▶ Process operators and the general workforce
All those with management responsibility shall demonstrate ▶ Those managing the OH&S of contractors
their commitment to the continual improvement of OH&S
performance. ▶ Those responsible for OH&S training

The organization shall ensure that persons in the workplace ▶ Those responsible for equipment that is critical for
take responsibility for aspects of OH&S over which they OH&S;
have control, including adherence to the organization’s
▶ Employees with OH&S qualifications, or other OH&S
specialists, within the organization
Introduction
▶ Employee OH&S representatives on consultative forums.
Despite playing a fundamental role, organizational and
human aspects of OH&S management are often overlooked in However, the organization should communicate and promote
comparison to the more technical aspects of regulatory the idea that OH&S is the responsibility of everyone in the
compliance. As a result many systems are poorly understood organization, not just the responsibility of those with defined
and attract little or no support from staff. OH&S Management System duties.
G1 Structure and responsibility continued

2) Defining top management responsibilities

OH&S responsibilities and authorities need to be effectively
The responsibility of top management should include communicated to all those whom they affect at all levels
defining the organization’s OH&S policy, and ensuring within the organization. This should ensure that individuals
that the OH&S understand the scope and the interfaces between the various
Management System is implemented. As part of this functions, and the channels to be used to initiate action.
commitment, top management should designate a specific
7)Resources
management appointee with defined responsibilities and
authority for implementing the OH&S Management System. Management should ensure that adequate resources are
(In large or complex organizations there may be more than one available for the maintenance of a safe workplace, including
designated appointee.) equipment, human resources, expertise and training.

3)Defining management appointee responsibilities Resources can be considered adequate if they are sufficient
to carry out OH&S programmes and activities, including
The OH&S management appointee should be a member of
performance measurement and monitoring.
top management. Other personnel who have delegated
responsibilities for monitoring the overall operation of the For organizations with established OH&S Management
OH&S function may support the OH&S management Systems, the adequacy of resources can be at least partially
appointee. However, there evaluated by comparing the planned achievement of OH&S
should be evidence that the management appointee is objectives with actual results.
regularly informed of the performance of the system, and
8)Management commitment
retains active involvement in periodic reviews and the setting
of OH&S objectives. The organization should ensure that any Managers should provide visible demonstration of their
other duties or functions assigned to these personnel do not commitment to OH&S. Means of demonstration may
conflict with fulfilment of their OH&S responsibilities. include visiting and inspecting sites, participating in accident
investigation, and providing resources in the context of
4)Defining line management responsibilities
corrective action, attendance at OH&S meetings, and
Line management responsibility should include ensuring issuing messages of support.
that OH&S is managed within their area of operations.
Where prime responsibility for OH&S matters rests with line Typical outputs:
management, the role and responsibilities of any specialist ▶ Definitions of OH&S responsibilities and authorities
OH&S function within the organization should be for all relevant personnel
appropriately defined to avoid ambiguity with respect to
responsibilities and authorities. This should include ▶ Documentation of roles/responsibilities in
manuals/procedures/ training packages
arrangements to resolve any conflict between OH&S issues
and productivity considerations by escalation to a higher ▶ Process for communicating roles and responsibilities
level of management. to all employees and other relevant parties

5)Documentation of roles and responsibilities ▶ Active management participation and support for
OH&S, at all levels.
OH&S responsibilities and authorities should be documented
in a form appropriate to the organization. This may take one
or more of the following forms, or an alternative of the
organization’s choosing:

▶ OH&S Management System manuals

▶ Working procedures and task descriptions
▶ Job descriptions
▶ Induction training package.
If the organization chooses to issue written job
descriptions covering other aspects of employees’ roles
and responsibilities, then OH&S responsibilities should be
incorporated into those job descriptions.
6)Communication of roles and responsibilities
G1 Structure and responsibility continued

Hints for implementation

Common non-conformances
For smaller organizations defining additional resources
In most companies responsibilities are clearly defined
and responsibilities may not be an easy process. Where
on organizational charts, but changes may need to be
possible, try to make the best use of limited resources
made to incorporate OH&S responsibilities. Potential non-
by using existing
conformances include:
management frameworks and keeping the structure as simple
as possible. Considering the following issues may help you ▶ Management representative responsibilities are not
to set the right organizational structure for your OH&S clearly defined
system.
▶ Failure to identify OH&S responsibilities and
Consider the results of previous quality or environmental authorities of other personnel
audits. What does this information tell you about the ▶ Meaningful changes to job descriptions are often overlooked
effectiveness of existing structure and how they could be
improved? ▶ Responsibilities often not communicated to relevant
personnel.
Identified OH&S hazards
Your OH&S system should be focused towards controlling
Self assessment questions:
and managing your significant hazards so it is important ▶ Have your senior management team provided
to consider which operations these relate to. Then adequate resources to implement and manage
determine who already manages these operations. Could the OH&S management system?
they be used to manage the identified controls?
▶ Have you defined documented roles and responsibilities
for the OH&S Management System?
Objectives and targets
Consider whom you have assigned to implement the ▶ Have these roles been communicated to all relevant
objectives and targets and relevant management staff?
programmes. ▶ Do you have an appointed OH&S management
representative?
Existing roles and responsibilities ▶ Have you documented their specific roles in
Established roles and responsibilities for health and establishing, implementing, maintaining and reporting on
safety management may be useful in the operation of the the effectiveness of the OH&S Management System?
management system. However, it does not necessarily
follow that their specific health and safety knowledge will
be an advantage in the implementation of a management
system. Help in an advisory
capacity may prove to be a much more effective use of their
skills.
 Competence, training and
G2 awareness

What the law requires

BS OHSAS 18001 requirements Section 2 of the Health and Safety at Work etc Act 1974
The organization shall ensure that any person(s) under its imposes a general duty on all employers to provide suitable
control performing tasks that can impact on OH&S is (are) and sufficient training to their employees, including the setting
competent on the basis of appropriate education, training or out of the training provisions in their safety policy
experience, and shall retain associated records. statement.
The organization shall identify training needs associated with Complementary regulations to the 1974 Act provide more
its OH&S risks and its OH&S Management System. It shall
explicit details of training requirements, e.g. The
provide training or take other action to meet these needs,
evaluate the effectiveness of the training or action taken, Management of Health and Safety at Work Regulations;
and retain associated records. The Provision and Use of Work Equipment Regulations,
etc.
The organization shall establish, implement and maintain
a procedure(s) to make persons working under its control Commonly, health and safety legislation requires certain
aware of: duties, normally involving a high degree of expertise, to be
a) the OH&S consequences, actual or potential, of their carried out by ‘competent’ persons. Examples of which
work activities, their behaviour, and the OH&S benefits extend, but are not limited, to;
of improved personal performance
Management of Health and Safety at Work regulations – all
b) their roles and responsibilities and importance in
employees to appoint a ‘competent’ person to assist with
achieving conformity to the OH&S policy and
procedures and to the requirements of the OH&S health and safety compliance.
Management System, including emergency
Ionising radiation regulations – appointment of
preparedness and response requirements (see
4.4.7) radiation protection supervisors.

c) the potential consequences of departure Abrasive wheels regulations – mounting of abrasive wheels.
from specified procedures.
Training procedures shall take into account differing levels
of:
a) responsibility, ability, language skills and literacy; and
b) risk.
G2 Competence, training and awareness continued

Introduction for employees with specific roles in the

OH&S system, including employee
Organizations should have effective procedures for ensuring OH&S representatives
the competence of personnel to carry out their designated
functions.

Typical inputs:
▶ Definitions of roles and responsibilities
▶ Job descriptions (including details of hazardous
tasks to be performed)
▶ Employee performance appraisals
▶ Hazard identification, risk assessment and risk control
results
▶ Procedures and operating instructions
▶ OH&S policy and OH&S objectives
▶ OH&S programmes
▶ Skills matrix.

Process
The following elements should be included in the
process:

▶ A systematic identification of the OH&S

awareness and competencies required at each level
and function within the organization
▶ Arrangements to identify and remedy any shortfalls between
the required OH&S awareness and competency, and the
level currently possessed by the individual
▶ Provision of any training identified as being
necessary, in a timely and systematic manner
▶ Assessment of individuals to ensure that they have
acquired, and that they maintain the knowledge and
competency required
▶ Maintenance of appropriate records of an individual’s
training and competency.
An OH&S awareness and training programme should
be established and maintained to address the following
areas:

▶ An understanding of the organization’s OH&S

arrangements and individuals’ specific roles and
responsibilities for them
▶ A systematic programme of induction and ongoing training
for employees and those who transfer between
divisions
▶ Sites, departments, areas, jobs or tasks within the
organization
▶ Training in local OH&S arrangements and hazards,
risks, precautions to be taken and procedures to be
followed, this training being provided before work
commences
▶ Training for performing hazard identification, risk
assessment and risk control
▶ Specific in-house or external training which may be
required
▶ Training for all individuals who manage employees, contractors and others
(e.g. temporary workers), in their OH&S responsibilities. This is to
ensure that both they and those under their control understand the
hazards and risks of the operations for which they are responsible,
wherever they may take
place. Additionally, this is to ensure that personnel have the
competencies necessary to carry out the activities safely, by following
OH&S procedures
▶ The roles and responsibilities (including corporate and individual legal
responsibilities) of top management for ensuring that the OH&S
Management System functions to control risks and minimise illness,
injury and other losses to the organization
▶ Training and awareness programmes for contractors, temporary workers and
visitors, according to the level of risk to which they are exposed.

Typical outputs:
▶ Competency requirements for individual roles
▶ Analysis of training needs
▶ Training programmes/plans for individual employees
▶ Range of training courses/products available for use within the
organization
▶ Training records, and records of evaluation of effectiveness of training.
G2 Competence, training and awareness continued

Defining training needs for H&S management

Common non-conformances
Because of the time involved in conducting training needs
This area of BS OHSAS 18001 is commonly cited as an area
analysis and training programmes, this is one area of OH&S
where most non-conformances can arise. Possible non-
where it is best not to start from scratch. For example, you
conformances with an OH&S system include:
probably already have a training programme for quality or
environmental purposes. You may wish to consider using ▶ Training needs analysis not completed for all personnel
such opportunities to incorporate OH&S training. at each function and level
Also look at current staff experience and qualifications and ▶ Appropriate training not delivered especially where the
build upon it. Your existing quality auditing team could be training need assessment has been identified
used for OH&S audits if they are given appropriate potential hazards associated with particular
instruction on the issues to look out for. responsibilities

If taking staff away from the organization is a problem ▶ Training found to be inadequate or incomplete, particularly
consider scheduling training opportunities to coincide with for emergency preparedness and response (including
contractors)
other meetings. For instance, safety meetings, staff
meetings, and quality circle briefings. ▶ Failure to keep training records up to date or to
undertake evaluation process to check
When developing your training plan, do not forget competence.
contractors, suppliers and new employees. You may wish
to develop an induction pack containing guidance notes, the
Self assessment questions:
OH&S policy and relevant procedures. Also consider OH&S
skills requirements into your recruitment and tendering ▶ Has an analysis of training needs been undertaken?
processes. This will help to reduce the costs of your ▶ Has a training plan been developed?
training. It will also go some way to ensure that staff and
contractors are competent to perform tasks. ▶ Has appropriate training been delivered at all levels and
within all functions?
Another way to ensure competency is to question employees
▶ Are records kept of training that has been provided?
(in critical functions) on how they perform various aspects
of their jobs and get them to demonstrate it. This could
form part of your auditing process. Use responses to
determine whether they have the requisite skills and
understanding to do the job correctly. This will help you
gauge whether additional training may be needed.
For the sake of simplicity, you may wish to break
training requirements down into different groupings, e.g.,
legislative requirement and management system
requirement. This may help the team implementing your
management system identify areas of weakness much more
quickly and also generate a priority list of training
requirements based on differing demands.
Consideration should be given to providing an awareness
course for all employees, where the policy, objectives and
targets and a brief introduction to BS OHSAS 18001 and its
requirements are communicated. This can also help with the
future development of the system and its acceptance by
the workforce.
 Communication, participation
G3 and consultation

Interpretation
BS OHSAS 18001 requirements
Typical inputs:
4.4.3.1 Communication ▶ OH&S policy and OH&S objectives
With regard to its OH&S hazards and OH&S Management ▶ Relevant OH&S Management System documentation
System, the organization shall establish, implement and
maintain a procedure(s) for: ▶ Hazard identification, risk assessment and
risk control procedures
a) internal communication among the various levels and
functions of the organization ▶ Definitions of OH&S roles and responsibilities
b) communication with contractors and other ▶ Results of formal employee OH&S
visitors to the workplace consultations with management
c) receiving, documenting and responding to
▶ Information from employee OH&S consultation, review
relevant communications from external
interested parties. and improvement activities in the workplace (these
activities may be either reactive or proactive in nature)
4.4.3.2 Participation and consultation
▶ Training programme details.
The organization shall establish, implement and
maintain a procedure(s) for:
Hints for implementation
a) the participation of workers by their:
– appropriate involvement in hazard identification, risk The first step in designing a communications procedure is
assessments and determination of controls to determine who your audience is. Make a list of internal and
external audiences. Next, decide how you can best reach them.
– appropriate involvement in incident investigation
Appropriate communication methods might vary from audience
– involvement in the development and review of OH&S to audience.
policies and objectives
Start by looking at your existing methods for communicating,
– consultation where there are any changes that both internally and externally. For instance, if you have a QMS
affect their OH&S consider using the complaint procedure to deal with health
– representation on OH&S matters. and safety related complaints.

Workers shall be informed about their participation Remember communication is an on-going process. Any
arrangements, including who is their representative(s) on communication strategy that focuses on one–off or short-
OH&S matters. term goals is unlikely to yield significant benefits and
b) consultation with contractors where there are changes could be counter productive.
that affect their OH&S.
Determine how proactive your external communications
The organization shall ensure that, when appropriate, strategy will be. Select an approach that fits your
relevant external interested parties are consulted
organization’s culture and strategy. If you are part of a larger
about pertinent OH&S matters.
organization there may be a corporate policy regarding
release of health and safety information.
What the law requires
Following the introduction of the Health and Safety Process
(Consultation with Employees) Regulations in 1996 every The organization should document and promote the
employee is entitled to be provided with information and arrangements by which it consults on and communicates
consulted upon matters affecting them in terms of Health pertinent OH&S information to and from its employees and
and Safety. other interested parties (e.g. contractors, visitors).

Introduction This should include arrangements to involve employees in:

The organization should encourage participation in good ▶ Consultation over the development and review of policies,
OH&S practices, support for its OH&S policy and OH&S the development and review of OH&S objectives, and
objectives, from all those affected by its operations, by a decisions on the implementation of processes and
process of consultation, participation and procedures to manage risks, including the carrying out of
communication. hazard identification, and in reviewing risk assessments
and risk controls relevant to their own activities
▶ Consultation over changes affecting workplace OH&S
such as the introduction of new, or modified, equipment,
materials, chemicals, technologies, processes,
procedures or
work patterns.
Employees should be represented on OH&S matters, and
should be informed as to who are their employee representative, and the
specified management appointee.
G3 Communication, participation and consultation continued

Common non-conformances
Self assessment questions:
Potential non-conformances include: ▶ Have you established a procedure for consultation,
▶ Communication procedures not established nor participation and communication between various levels and
maintained functions within your organization?
▶ Complaints recorded but not properly communicated ▶ Have you established a procedure for receiving,
internally documenting and dealing with communications from
interested parties?
▶ Responses to communications not recorded in accordance
with procedures ▶ Have you considered processes/decisions for external
communication regarding policy, hazards and risks?
▶ Poor communications with stakeholders and other
interested parties such as contractors and suppliers
▶ Internal communication is often neglected
▶ Training programmes, team briefings and recommendations
for improvement, etc not adequately communicated.
 Documentation
G4

One way to think about your OH&S documentation is to

use the figure shown, which also applies to ISO 9001
BS OHSAS 18001 requirements
and ISO14001 documents.
The OH&S Management System documentation shall
include: The top manual acts as a series of explanations or
statements of how core elements of BS OHSAS 18001 apply
a) the OH&S policy and objectives
to your organization. It should also be a permanent
b) a description of the scope of the OH&S Management documented reference describing the system and referencing
System other related procedures and records.
c) description of the main elements of the OH&S
management system and their interaction, and
Try to keep your OH&S documentation short and simple.
reference to Also use a format that currently works well for your company
related documents and cross-refer to other systems, which may meet your OH&S
standard requirements (for instance, procedures for non-
d) documents, including records, required by this
OHSAS Standard and conformance and corrective actions under quality or
environmental systems)
e) documents, including records, determined by the
organization to be necessary to ensure the effective The OH&S documentation does not need to describe every
planning, operation and control of processes that relate detail of your system. Instead, provide cross-references to
to the management of its OH&S risks. relevant documents such as risk assessments.
NOTE: It is important that documentation is proportional to the
level of complexity, hazards and risks concerned and is kept to If you have universal access to computers around your
organization contemplate installing the documentation in an
Interpretation electronic format. This has a number of advantages, such as
To ensure that your OH&S is operating as originally easier updating, access control, and ensuring that all
intended you should establish a series of documents to readers use the most up-to-date version of a document.
describe the core elements of the system and how each
element relates to other systems. OH&S documentation Common non-conformances
will help to ensure consistent Potential non-conformities in this area include:
application of the system by providing clear information to
people carrying out the tasks. In addition, external ▶ Documentation does not describe core elements of the
parties (such as system
the certification body) will need to understand how your ▶ Documentation does not direct the user to
OH&S operates before they can verify that it meets the related documentation of the system
requirements of the standard.
▶ Interfaces with the system are not clearly defined.
In short the standard requires you to look at your system
and define how you wish to run it. This should be a Self assessment questions:
compilation of the best practices and current methods.
▶ Have you established a documented description of
the OH&S system including the policy, key system
Hints for implementation
procedures and relevant forms?
BS OHSAS 18001 requires information, to be kept in
▶ Does this documented system explain the linkages
paper or electronic form, to describe the core elements of
between system elements?
the OH&S system and provide reference to other related
documents. Most companies achieve this through the creation
of a manual. Remember that there is no right or wrong way
to structure an OH&S system.
 Policy
OH&S Manual

Procedures

Work

Instructions

Records
Figure 1: OHS System Hierarchy.
 Control of documents
G5

Interpretation
BS OHSAS 18001 requirements
Typical outputs:
Documents required by the OH&S Management System and
▶ Document control procedure, including assigned
by this OHSAS Standard shall be controlled. Records are
a special type of document and shall be controlled in responsibilities and authorities
accordance with the requirements given in 4.5.4. ▶ Document registers, master lists or indexes
The organization shall establish, implement and ▶ List of controlled documentation and its location
maintain a procedure(s) to:
▶ Archive records (some of which may need to held in
a) approve documents for adequacy prior to issue
accordance with legal or other time requirements)
b) review and update as necessary and re-approve documents
c) ensure that changes and the current revision Hints for implementation
status of documents are identified
The byword for document control is “keep it simple”. Do not
d) ensure that relevant versions of applicable make your procedure more complicated than it needs to
documents are available at points of use
be. Limiting distribution also makes the job easier. For a
e) ensure that documents remain legible and readily small organization it is often better to issue one manual with
identifiable all relevant documentation to the areas needing information.
f) ensure that documents of external origin determined by This means that all documents will be in the same place and
the organization to be necessary for the planning and require the same action to keep them up to date. All
operation of the OH&S Management System are documents issued should be logged and controlled on a
identified and their distribution controlled and master list.
g) prevent the unintended use of obsolete documents
and apply suitable identification to them if they are The types of OH&S documentation that should be
retained for any purpose. controlled include:

▶ The OH&S policy statement

Introduction ▶ The OH&S Manual
All documents and data containing information critical to ▶ All OH&S systems procedures
the operation of the OH&S Management System and the ▶ Any forms or drawings
performance of the organization’s OH&S activities should be
▶ Any working instructions/operational procedures.
identified and controlled.
The following aspects of documentation control can often be
Interpretation found on some of the most effective systems:

Typical inputs: ▶ Issue and revision date

▶ Effective date
▶ Details of the documentation and data systems the
organization develops to support its OH&S Management ▶ Approval signature
System and
▶ Revision number
OH&S activities, and to fulfil the
requirements of BS OHSAS 18001:2007 ▶ Documentation number (or other identifier)

▶ Details of responsibilities and authorities. ▶ Copy number

▶ Cross-references.
Process
It is also a good idea to establish a procedure regarding
Written procedures should define the controls for the
photocopying controlled information. Generally it should be
identification, approval, issue and removal of OH&S
discouraged; however in some circumstances it may be
documentation, together with the control of OH&S data.
needed. One method of ensuring no photocopies are made
These procedures should clearly define the categories of
is to use colour as identifying the authorized copies.
documentation and data to which they apply.
Obsolete documentation needs to be taken out of the
Documentation and data should be available and accessible system to ensure that it is not inadvertently used.
when required, under routine and non-routine conditions,
If all staff that needs access to documents is connected
including
to a computer network, it may be worth consider an
emergencies. For example, this should include ensuring that
electronic system. This can significantly reduce the
up-to- date plant engineering drawings, hazardous material
administrative work involved in document control.
data sheets, procedures and instructions are available to
process operators, and all who may require them in an Prepare a document control index that shows all of your
emergency. OH&S documents and the history of their revision. Put this
index in your manual. Also, if multiple copies of documents
are available at the facility, prepare a distribution list, showing
who has each copy and where the copies are located.
G5 Control of documents continued

Common non-conformances
Self assessment questions:
Some of the most common non-conformities found by
certification bodies include: ▶ Have you prepared a procedure to
control OH&S documentation?
▶ Procedure and responsibilities for creating, modifying
and controlling documentation are not properly ▶ Have you decided who needs access to documents and how
defined many they will need?

▶ A document review process is not established. This may ▶ Have you established responsibilities and authorities
lead to obsolete documents still being in circulation for document preparation, revision, management and
removal?
and current versions of documentation not being
available

▶ Regular audits to establish effective documentation control

are not carried out.
 Operational control
G6

1)Purchase or transfer of goods and services and use of

external resources:
BS OHSAS 18001 requirements
The organization shall determine those operations and ▶ Approval to purchase or transfer hazardous chemicals,
activities that are associated with the identified hazard(s) materials and substances
where the implementation of controls is necessary to ▶ Availability of documentation for the safe handling of
manage the OH&S risk(s). This shall include the
machinery, equipment, materials, or chemicals at time of
management of change (see 4.3.1).
purchase, or the need to obtain such documentation
For those operations and activities, the organization
shall implement and maintain: ▶ Evaluation, and periodic re-evaluation of the OH&S
competence of contractors
a) operational controls, as applicable to the organization
and ▶ Approval of the design of OH&S provisions for new
its activities; the organization shall integrate those plant or equipment.
operational controls into its overall OH&S Management
System; 2)Hazardous tasks:
b) controls related to purchased goods, equipment and ▶ Identification of hazardous tasks
services;
▶ Pre-determination and approval of working methods
c) controls related to contractors and other
visitors to the workplace; ▶ Pre-qualification of personnel for hazardous tasks
d) documented procedures, to cover situations where ▶ Permit-to-work systems and procedures controlling the
their absence could lead to deviations from the entry and exit of personnel to hazardous work sites.
OH&S policy and the objectives;
3)Hazardous materials:
Introduction ▶ Identification of inventories, and storage locations
The organization should establish and maintain ▶ Safe storage provisions and control of access
arrangements to ensure the effective application of control
▶ Provision and access to material safety data and
and counter measures, wherever these are required to
other relevant information.
control operational risks, fulfil the OH&S policy and OH&S
objectives, and comply with legal and other 4)Maintenance of safe plant and equipment:
requirements.
▶ Provision, control and maintenance of the organization’s
plant and equipment
Interpretation
▶ Provision, control and maintenance of PPE
Typical inputs: ▶ Segregation and control of access
▶ OH&S policy and OH&S objectives
▶ Inspection and testing of OH&S related equipment
▶ Hazard identification, risk assessment and risk control and high integrity systems such as:
results – Operator protection systems
▶ Identified legal and other requirements.
– Guarding and physical protection
Process – Shutdown systems
The organization should establish procedures to – Fire detection and suppression equipment
control its identified risks (including those that could be – Handling equipment (cranes, forklifts, hoists and
introduced by contractors or visitors), documenting these
other lifting devices)
in instances where a failure to do so could lead to
incidents, accidents or other deviations from the OH&S – Radiological sources and safeguards
policy and OH&S objectives. The risk – Essential monitoring devices
control procedures should be reviewed on a regular basis for
– Local exhaust ventilation systems
their suitability and effectiveness, and changes that are
identified as being necessary should be implemented. – Medical facilities and provisions.

Account may need to be taken in the procedures of Typical outputs:

situations where the risks extend into client or other
▶ Procedures
external party premises or areas of control; for example, when
employees of the organization are working at a client’s site. ▶ Work instructions.
It can sometimes be necessary to enter into consultation
with the external party on OH&S in such circumstances.
Some examples of areas in which risks typically arise,
and some examples of control measures against them
are given below:

54
G6 Operational control continued

Hints for implementation

Common non-conformances
The most important step in developing operational controls
is to understand the activity. Concentrate on the critical Potential non-conformances include:
points of that activity that need to be managed to ensure ▶ Operational control procedures are not related to
consistent control or improvement of health and safety significant health and safety hazard
performance.
▶ Operational control procedures not prepared or
Start the process by developing draft procedures with implemented to avoid the possibility of contravening the
employees who at a later stage have to implement them. policy, objectives and targets
This will encourage their participation and the procedure is
▶ Operating criteria not stipulated
more likely to succeed.
Also consider existing procedures for quality and ▶ No mechanism in place to identify the significant health
environment. Some of these may be adequate to control and safety hazards of goods and services and weak
significant health and safety hazards. operational control procedures applied to suppliers
and contractors
You may find that some of your significant health and
safety hazards relate to goods purchased from suppliers. ▶ Operating criteria not stipulated or implemented in
the following areas:
In addition, the activities of your contractors may also
affect your health and – The identification and, where necessary,
safety hazards. It is vital therefore, that controls covering implementation of control measures
issues are effectively communicated to them.
– Functions to minimise the potential for adverse health
Try whenever possible to keep procedures short and simple. and safety hazards
Long- winded procedures do not add any greater degree of – Operational controls do not consider abnormal
control.
operating conditions, e.g., maintenance.
As a general rule of thumb the more highly skilled and
trained your employees are, the less critical procedures Self assessment questions:
will be.
▶ Have you identified those operations and activities associated
with the significant health and safety hazards?
▶ Have you established operational controls, including
operating criteria?
▶ Do these controls cover the significant health and
safety hazards relating to goods and services?
▶ Do these controls consider abnormal as well as
normal operating conditions?
▶ Have the relevant controls been communicated to
suppliers and contractors?
 Emergency preparedness
G7 and response

realistic as possible to be effective. This

may require full-scale incident
BS OHSAS 18001 requirements simulations to be conducted.
The organization shall establish, implement and
maintain a procedure(s):
a) to identify the potential for emergency situations;
b) to respond to such emergency situations.
The organization shall respond to actual emergency
situations and prevent or mitigate associated adverse OH&S
consequences.
In planning its emergency response the organization
shall take account of the needs of relevant interested
parties, e.g. emergency services and neighbours.
The organization shall also periodically test its
procedure(s) to respond to emergency situations, where
practicable, involving relevant interested parties as
appropriate.
The organization shall periodically review and, where
necessary, revise its emergency preparedness and
response procedure(s), in particular, after periodical testing
and after the occurrence of emergency situations (see

Introduction
The organization should actively assess potential
accident and emergency response needs, plan to meet
them, develop procedures and processes to cope with
them, test its planned responses, and seeking to improve
the effectiveness of its responses.

Interpretation
Typical inputs:
▶ Hazard identification, risk assessment and risk control
results
▶ Availability of local emergency services, and details of
any emergency response or consultation arrangements
that have been agreed
▶ Legal or other requirements
▶ Experiences of previous accidents, incidents
and emergency situations
▶ Similar organizations’ experiences from previous
accidents, incidents and emergency situations
(lessons learned,
best practices)
▶ Reviews of emergency and practice drills performed and
the results of subsequent actions.

Process
The organization should develop an emergency plan(s),
identify and provide appropriate emergency equipment, and
regularly test its response capability through practice
drills.
Emergency practice drills should aim to test the
effectiveness of the most critical parts of the emergency
plan(s) and to test the completeness of the emergency
planning process. While desktop exercises may be useful
during the planning process, practice drills should be as
The results of emergency and practice drills should be evaluated, and changes
that are identified as being necessary should be implemented.
1)Emergency plan
The emergency plan(s) should outline the actions to be taken when specified
emergency situations arise, and should include:

▶ Identification of potential accidents and emergencies

▶ Identification of the person who will take charge during the
emergency
▶ Details of actions to be taken by personnel during an emergency,
including those actions to be taken by external personnel who are on the
site of the emergency, such
as contractors or visitors (who may be required, for example, to move to
specified assembly points)
▶ Responsibility, authority and duties of personnel with specific roles
during the emergency (e.g. fire-wardens, first-aid staff, nuclear leak/toxic
spillage specialists, etc.)
▶ Evacuation procedures
▶ Identification and location of hazardous materials, and emergency
action required
▶ Interface with external emergency services
▶ Communication with statutory bodies
▶ Communication with neighbours and the public
▶ Protection of vital records and equipment
▶ Availability of necessary information during the emergency, e.g. plant layout
drawings, hazardous material data, procedures, work instructions and
contact telephone numbers.
The involvement of external agencies in emergency planning and response
should be clearly documented. These agencies should be advised as to the
possible circumstances of their involvement and provided with such
information as they require to facilitate their involvement in response
activities.
2)Emergency equipment
Emergency equipment needs should be identified, and equipment should be
provided in adequate quantity. This should be tested at specified intervals for
continuing operability.
Examples include:

▶ Alarm systems
▶ Emergency lighting and power
▶ Means of escape
▶ Safe refuges
▶ Critical isolation valves, switches and cut-outs
▶ Fire-fighting equipment
▶ First aid equipment (including emergency showers, eye wash stations,
etc.)
▶ Communication facilities.
G7 Emergency preparedness and response continued

3)Practice drills
Checklist for emergency preparedness and
Emergency practice drills should be carried out according to response plan
a pre-determined schedule.
Where appropriate and practicable, the participation of
Does your plan describe the following?
external emergency services in practice drills should be ▶ Key organizational responsibilities
encouraged.
▶ Potential emergency situations (such as accidents,
spills, fires, explosions, and natural disasters)
Typical outputs:
▶ Emergency response procedures, including
▶ Documented emergency plans and procedures
emergency communication procedures
▶ Emergency equipment list
▶ Arrangements with local emergency services and
▶ Test records for emergency equipment regulators
▶ Records of ▶ The location and volume of hazardous raw materials of
▶ Practice drills wastes
▶ The locations and types of emergency response
▶ Reviews of practice drills
equipment
▶ Recommended actions arising from the reviews.
▶ Maintenance of emergency response equipment

Hints for implementation ▶ Training / testing of personnel, including the on-site emergency
response team
This area of your OH&S systems will have direct links
with requirements under health and safety legislation and in ▶ Testing of alarm / public address systems
particular the Control of Major Accident Hazard Regulations. It ▶ Evacuation routes and exits (map), and assembly points.
is important, therefore, that you closely examine existing
controls. Common non-conformances
One of the first steps in preparing such a plan is to
Common non-conformance identified by certification
define an Emergency Response Team. This team should
bodies include:
be made up of individuals who have sound understanding
of the site process, local conditions and settings and the ▶ Emergency response plans not developed or tested
requirements of relevant environmental and health & ▶ Emergency plans not reviewed after the events and no
safety legislation. records to show this has occurred
Using the principles of risk assessment the team should ▶ Training programmes not extended to
identify the potential for accidents and emergencies of all include emergency preparedness
process and activities. In addition to normal operations, the
▶ Contractors not informed of procedures.
team should also consider abnormal operating conditions
(such as start-up and shutdown)
Self assessment questions:
Once this is assessment is complete, the team should
ask itself who will need access the appropriate controls or ▶ Have you established procedures to identify potential
plan. As a rule of thumb copies should be given to each of emergency situations?
the key managers and everybody should have access to it. ▶ Do these procedures cover criteria for responding to
In addition, other copies can be placed at your reception desk and for preventing and mitigating the health and safety
and in each of the main buildings on site. Also consider hazards and risks that are foreseeable during
contractors or visitors when distributing the plan. emergency situations?
Also communicate with local emergency services and ▶ Have you developed procedures to review and revise
regulators (Such as HSE, Fire Brigade and the Environment the procedures after and accident or emergency
Agency) when developing the plan. They will be able to situation?
advise you on its structure and content. They may want to
keep a copy of the plan for their purposes. ▶ Do you periodically test the procedures?

Time is of the essence in emergency and accident

situations, so clearly outline key roles and responsibility
and reporting procedures.
Conduct regular mock drills to train staff and get feedback on
the effectiveness of your plans/procedures.
H

H Checking and corrective action

H1 Performance measurement and monitoring

H2 Evaluation of compliance

H3 Incident investigation, nonconformity, corrective action and preventive action

H4 Records and Record management

H5 Audit

H6 Management review
 Checking and corrective
H action

Performance measurement and

H1 monitoring

▶ OH&S policy and OH&S objectives

BS OHSAS 18001 requirements
▶ Procedure for dealing with non-
The organization shall establish, implement and conformance’s
maintain a procedure(s) to monitor and measure OH&S
performance on a regular basis. This procedure(s) shall
provide for:
a) both qualitative and quantitative measures, appropriate to
the needs of the organization
b) monitoring of the extent to which the organization’s
OH&S objectives are met
c) monitoring the effectiveness of controls (for health as
well as for safety)
d) proactive measures of performance that monitor
conformance with the OH&S programme(s), controls and
operational criteria
e) reactive measures of performance that monitor ill
health, incidents (including accidents, near-misses,
etc.), and other historical evidence of deficient OH&S
performance
f) recording of data and results of monitoring and
measurement sufficient to facilitate subsequent
corrective action and preventive action analysis.
If equipment is required to monitor or measure
performance, the organization shall establish and maintain
procedures for the calibration and maintenance of such
equipment, as appropriate.
Records of calibration and maintenance activities and results
Introduction
The organization should identify key performance parameters
for its OH&S performance across the whole organization.
These should include, but not be limited to, parameters that
determine whether:

▶ OH&S policy and OH&S objectives are being achieved

▶ Risk controls have been implemented and are effective
▶ Lessons are being learnt from OH&S Management
System failures, including hazardous events (accidents,
near misses and illness cases)
▶ Awareness, training, communication and consultation
programmes for employees and interested parties are
effective
▶ Information that can be used to review and/or improve
aspects of the OH&S Management System is being
produced and being used.

Typical inputs:
▶ Hazard identification, risk assessment and risk control
results
▶ Legislation requirements, regulations, best practices (if
any)

60
▶ Equipment test and calibration records (including those belonging to
contractors)
▶ Training records (including those belonging to contractors)
▶ Management reports.

Process
1)Proactive and reactive monitoring
An organization’s OH&S Management System should incorporate both proactive
and reactive monitoring as follows:

▶ Proactive monitoring should be used to check compliance with the

organization’s OH&S activities, for example by monitoring the frequency and
effectiveness of OH&S inspections
▶ Reactive monitoring should be used to investigate, analyse and record OH&S
Management System failures — including accidents, incidents
(including near misses), ill health and property damage cases.
2)Measurement techniques
The following are examples of methods that can be used to measure OH&S
performance:

▶ Results of hazard identification, risk assessment and risk control

processes
▶ Systematic workplace inspections using checklists
▶ OH&S inspections: for example, on a “walk through” basis
▶ Prior evaluations of new plant, equipment, materials, chemicals, technologies,
processes, procedures or work patterns
▶ Inspections of specific machinery and plant to check that safety related parts
are fitted and in good condition
▶ Safety sampling: examining specific aspects of OH&S
▶ Environmental sampling: measuring exposure to chemical, biological or physical
agents (e.g. noise, volatile organic compounds, legionella) and comparing
with
recognised standards
▶ Availability and effectiveness of use of personnel with recognised
OH&S experience or formal qualifications
▶ Behaviour sampling: assessing workers’ behaviour to identify unsafe
work practices that might require correction
▶ Analysis of documentation and records
▶ Benchmarking against good OH&S practices in other
organizations
▶ Surveys to determine employee attitudes on the OH&S
management system, OH&S practices, and employee consultation
processes.

424 | E: [email protected] | www.nqa.com 59

H1 Performance measurement and monitoring continued

Organizations need to decide what to monitor and how

When required, a calibration scheme should be documented
often monitoring should take place based on the level of
for the measuring equipment. This scheme should include:
risk. The frequency of plant or machinery inspections may be
defined by law (e.g. for air receivers, steam plant, lifting ▶ The frequency of calibration
equipment). An inspection schedule based on hazard
▶ Reference to test methods, where applicable
identification and risk assessment results, legislation, and
regulations should be prepared as part of the OH&S ▶ Identity of the equipment to be used for the calibration
Management System. ▶ Action to be taken when the specified measuring equipment
Routine OH&S monitoring of processes, workplaces and is found to be out of calibration.
practices should be carried out according to a documented Calibration should be carried out under appropriate conditions.
monitoring scheme by front-line or middle managers. All Procedures should be prepared for critical or difficult
front-line supervisory personnel should undertake spot calibrations.
checks of critical tasks in order to assure compliance with
OH&S procedures and codes of practice. Equipment used for calibration should be in accordance
with national standards where such standards exist. If
3)Inspections no such standards exist, the basis for the levels used
Equipment: An inventory (using unique identification of all should be documented.
items) should be drawn up of all equipment subject to Records should be kept of all calibrations, maintenance
statutory or technical examination by relevant personnel. activities and results. Records should give details of the
Such equipment should be inspected as required, and measurements before and after adjustment.
should be included in the inspection schemes.
The calibration status of measuring equipment should be
Work conditions: Criteria that specify acceptable clearly identified to the users.
workplace conditions should be established and
documented. At specified intervals, managers should OH&S measuring equipment whose calibration status is
perform inspections against these criteria. A checklist unknown, or which is known to be out of calibration,
giving details of the criteria and all items to be inspected should not be used.
may be used for this purpose. Additionally, it should be removed from use, and be clearly
labelled, tagged, or otherwise marked, to prevent misuse.
Verification inspections: Verification inspections should be Such marking should be in accordance with written
carried out, but these should not absolve front-line managers procedures. The procedures should include the identification
from carrying out regular inspections, or from identifying of the calibration status of the product. A non-conformance
hazards. should be issued to document the actions taken. The
Inspection records: A record should be kept of every procedures should include an action plan if out- of-calibration
OH&S inspection carried out. The records should indicate equipment is discovered.
whether or not documented OH&S procedures were being 5)Supplier (contractor) equipment
complied with. Records of OH&S inspections, tours,
surveys, and OH&S Management System audits should be Measuring equipment used by contractors should be subject
sampled to identify underlying causes of non-compliance and to the same controls as in-house equipment. Contractors
repetitive hazards. Any necessary preventive action should be should be required to give assurances that their equipment
taken. Substandard conditions and unsafe situations and conforms to
items identified during the inspections should be these requirements. Prior to initiating the work, the
documented as non-conformance’s, assessed as to risk supplier should provide a copy of its equipment test
and corrected in accordance with the non-conformance records for any identified critical equipment that requires
procedure. such records. If any tasks require special training, the
corresponding training records should be provided to the
4)Measuring equipment customer for review.
Measuring equipment that is used to assess OH&S 6)Statistical or other theoretical analytical techniques
conditions (e.g. sound level meters, light meters, air
samplers) should be listed, identified uniquely, and Any statistical or other theoretical analytical technique used
controlled. The accuracy of this equipment should be known. to assess an OH&S situation, to investigate an OH&S
Where necessary, written procedures should be available incident or failure, or to assist in decision making in
describing how OH&S measurements are performed. relation to OH&S should be based on sound scientific
Equipment used for OH&S measurement should be principles. The management appointee should ensure
maintained and stored in a proper manner, and should be that the need for such techniques is identified. Where
capable of giving measurements of the accuracy required. appropriate, guidelines for their use should be documented,
along with the circumstances in which they are
appropriate.
H1 Performance measurement and monitoring continued

Typical outputs:
Common non-conformances:
▶ Procedure(s) for monitoring and measuring
▶ Significant impacts are not monitored to track
▶ Inspection schedules and checklists
performance
▶ “Critical” equipment lists
▶ Objectives and targets are not tracked
▶ Equipment inspection checklists
▶ Procedures are not established to track legislative
▶ Workplace conditions standards and inspection compliance
checklists
▶ New legislation is not identified
▶ Measuring equipment lists
▶ Measurement procedures ▶ Procedures dealing with calibration of equipment
are not established.
▶ Calibration scheme, and calibration records
▶ Maintenance activities and results Self assessment questions:
▶ Completed checklists, inspection reports (OH&S ▶ Have you established procedures to monitor and measure
management system audit outputs) the characteristics of operations and activities with
▶ Non-conformance reports significant health and safety hazards and risks?
▶ Evidence of the results of implementing such ▶ Do these procedures cover performance against
procedure(s). objectives and targets?
▶ Have you established procedures to maintain and
Hints for implementation calibrate critical monitoring equipment?
Monitoring and measurement may at first seem like a ▶ Do you have a documented procedure to regularly
time consuming process, but you should make it relevant to evaluate compliance with relevant laws and
your needs. Start with a relatively simple monitoring and legislation?
measurement system and build upon it as your system
grows. Look to the factors of your significant hazards and
risks that will give you the most valuable information on
how that risk is controlled. Try to resist monitoring just
because you can measure it.
When monitoring a particular indicator try to relate it to a
factor that you have control over, for instance production or
the volume of materials used etc.

Examples of Health and Safety Performance Indicators:

▶ Lost time injuries per 10,000 hours worked

▶ Number of accidents, incidents or near misses per
machine or per process
▶ COSHH monitoring results for respirable dust or vapour
▶ Reduction of residual risk through the implementation
of work method statements.

Examples of Management Performance Indicators:

▶ Percentage of employees trained on health and safety

matters
▶ Number of health and safety suggestions submitted
▶ Time taken to resolve non-conformances
▶ Time taken to deal with complaints.
To ensure that the information you are gathering is
accurate you should also establish procedures for equipment
calibration. Once again this requirement can be integrated
within existing quality assurance controls.
 Evaluation of compliance
H2

A compliance evaluation programme can be integrated with

other assessment activities. These can include
BS OHSAS 18001 requirements management system audits, environmental audits or
quality assurance checks.
4.5.2.1 Consistent with its commitment to compliance
[see 4.2c)], the organization shall establish, implement The results of the periodic evaluations of legal or
and maintain a procedure(s) for periodically evaluating other requirements should be recorded.
compliance with applicable legal requirements (see
4.3.2).
Hints for implementation:
The organization shall keep records of the results of the
periodic evaluations. ▶ Base your evaluation frequencies upon risk i.e. you will
NOTE: The frequency of periodic evaluation may vary for differing need
legal requirements. to monitor compliance with the Work at Height Regulation
more frequently than say the Display Screen Equipment
4.5.2.2 The organization shall evaluate compliance with
other requirements to which it subscribes (see 4.3.2). The Regulations as the consequences of failure are far
organization may wish to combine this evaluation with the greater. You may also wish to initiate additional
evaluation of legal compliance referred to in 4.5.2.1 or to compliance audits in the event of accidents and
establish a separate procedure(s). incidents
The organization shall keep records of the results of the
▶ Utilise your management system audits to identify actual/
periodic evaluations.
potential breaches
NOTE: The frequency of periodic evaluation may vary for differing
other requirements to which the organization subscribes. ▶ Use workplace inspections to support the auditing
process.
Introduction
Common non-conformances:
To enable BS OHSAS 18001 requirements to be met you
will have to establish, implement and maintain a procedure ▶ Evaluations are not carried out by ‘competent’ persons
for periodically evaluating compliance with the legal or other with knowledge of the Regulatory requirements
requirements that are applicable to your OH&S risks, as part ▶ Compliance against new/amended Regulations
of your commitment to compliance (as documented within have been missed
your Health and Safety Policy). You should record the
results of this evaluation. ▶ Procedures are not established to evaluate
legislative compliance.
A variety of inputs can be used to assess
compliance, including: Self assessment questions:
▶ audits ▶ Have you identified the legal (and other) health and
▶ the results of regulatory inspections safety requirements that are applicable to your
organization?
▶ analysis of legal and other requirements
▶ Can you demonstrate that you have evaluated
▶ reviews of documents and /or records of compliance against them?
incidents and risk assessments
▶ Do you have a documented procedure to regularly
▶ facility inspections evaluate compliance with relevant laws and
legislation?
▶ interviews
▶ project or work reviews
▶ analysis of test results from monitoring and testing
▶ facility tours and / or direct observations.
You should establish a methodology for the evaluation of
compliance that suits your size, type and complexity. A
compliance evaluation can encompass multiple legal
requirements or a single requirement. The frequency of
evaluations can be affected by factors such as past
compliance performance or specific legal requirements.
While all legal requirements have to be evaluated, you may
need to evaluate individual requirements at different times or
at different frequencies, or as appropriate.
 Incident investigation,
H3 nonconformity, corrective action
and preventive action

Process
BS OHSAS 18001 requirements The organization is required to prepare documented
procedures to ensure that accidents, incidents and non-
The organization shall establish, implement and
maintain a procedure(s) to record, investigate and conformance’s are investigated, and corrective and/or
analyse incidents in order to: preventive actions initiated. Progress in the completion of
corrective and preventive actions should be monitored, and
a) determine underlying OH&S deficiencies and other factors
the effectiveness of such actions reviewed.
that might be causing or contributing to the occurrence of
incidents 1)Procedure
b) identify the need for corrective action
The procedures should include consideration of the
c) identify opportunities for preventive action following:
d) identify opportunities for continual improvement
General:
e) communicate the results of such investigations.
▶ Define the responsibilities and authority of the persons
The investigations shall be performed in a timely manner.
involved in implementing, reporting, investigating,
Any identified need for corrective action or follow-up and monitoring of corrective and preventive
opportunities for preventive action shall be dealt with in actions
accordance with the relevant parts of 4.5.3.2.
▶ Require that all non-conformance’s, accidents, incidents
The results of incident investigations shall be documented
and hazards be reported
and maintained.
▶ Apply to all personnel (i.e. employees, temporary
workers, contractor personnel, visitors and any
What the law requires other person in
The Reporting of Injuries, Diseases and Dangerous the workplace)
Occurrences Regulations 1995 (RIDDOR) cover all places ▶ Take into account property damage
of work and place duties on employers, the self employed
▶ Ensure that no employee suffers any hardship as a
and those in control
result of reporting a non-conformance, accident or
of work premises to report injuries (following three incident;
days or more absence from work), diseases and specified
dangerous occurrences (incidents). ▶ Clearly define the course of action to be taken following
non- conformances identified in the OH&S Management
Under RIDDOR a ‘responsible person’ has the duty to report System.
to the relevant enforcing authority any of the above scenarios,
including deaths. Immediate action
Immediate action to be taken upon observation of non-
Introduction conformance’s, accidents, incidents or hazards should be know
Organizations should have effective procedures for to all parties. The procedures should:
reporting and evaluating/investigating accidents, ▶ Define the process for notification
incidents and non- conformance’s. The prime purpose
▶ Where appropriate, include co-ordination with emergency
of the procedure(s) is to prevent further occurrence of plans and procedures
the situation by identifying and
dealing with the root cause(s). Furthermore, the procedures ▶ Define the scale of investigative effort in relation to the
should allow detection, analysis and elimination of potential potential or actual harm (e.g. include management in the
causes of investigation for serious accidents).
non-conformities.
Recording
Interpretation Appropriate means should be used to record the factual
information and the results of the immediate investigation and
Typical inputs: the subsequent detailed investigation. The organization should
ensure that the procedures are followed for:
▶ Procedures (in general)
▶ Emergency plan ▶ Recording the details of the non-conformance,
accident or hazard
▶ Hazard identification, risk assessment and risk control
▶ Defining where the records are to be stored, and
reports
responsibility for the storage.
▶ OH&S Management System audit reports, including
non- conformance reports Investigation
▶ Accident, incident and/or hazard reports The procedures should define how the investigation process
▶ Maintenance and service reports. should be handled. The procedures should identify:
▶ The type of events to be investigated (e.g. incidents that could have led
to serious harm)
H3 Incident investigation, nonconformity, corrective action and preventive action continued

▶ The purpose of investigations and effective as practicable. Checks should

be made on the effectiveness of
▶ Who is to investigate, the authority of the investigators,
corrective/preventive action taken. Outstanding/
required qualifications (including line management when
appropriate) overdue actions should be reported to top
management at the earliest opportunity.
▶ Identification of the root cause of non-conformance
▶ Arrangements for witness interviews
▶ Practical issues such as availability of cameras and
storage of evidence
▶ Investigation reporting arrangements including statutory
reporting requirements.
Investigatory personnel should begin their preliminary
analysis of the facts while further information is collected.
Data collection and analysis should continue until an
adequate and sufficiently comprehensive explanation is
obtained.

Corrective action
Corrective actions are actions taken to eliminate the root
cause(s) of identified non-conformance’s, accidents or
incidents, in order to prevent recurrence. Examples of
elements to be considered in
establishing and maintaining corrective action procedures
include:

▶ Identification and implementation of corrective and

preventive measures both for the short-term as well as
long-term (this may also include the use of appropriate
sources of information, such as advice from employees
with OH&S expertise)
▶ Evaluation of any impact on hazard identification and
risk assessment results (and any need to update
hazard identification, risk assessment and risk
control report(s))
▶ Recording any required changes in procedures
resulting from the corrective action or hazard
identification, risk assessment and risk control
▶ Application of risk controls, or modification of
existing risk controls, to ensure that corrective actions
are taken and that they are effective.

Preventive action
Examples of elements to be considered in establishing and
maintaining preventive action procedures include:

▶ Use of appropriate sources of information (trends in “no

loss incidents”, OH&S Management System audit reports,
records, updating of risk analyses, new information on
hazardous materials, safety “walk-throughs”, advice from
employees with OH&S expertise, etc.)
▶ Identify any problems requiring preventive action
▶ Initiate and implementing preventive action and
application of controls to ensure that it is effective
▶ Record any changes in procedures resulting from the
preventive action and submit for approval.

Follow-up
Corrective or preventive action taken should be as permanent
2)Non-conformance, accident and incident analysis
Identified causes of non-conformance’s, accidents and incidents should be
classified, and analysed on a regular basis. Accident frequency and severity
ratings should be calculated in accordance with accepted industrial practice
for comparison purposes.

Classification and analysis should be carried out of:

▶ Reportable or lost-time injury/illness frequency or severity rates

▶ Location, injury type, body part, activity involved, agency involved, day,
time of day (whichever is appropriate)

▶ Type and amount of property damage

▶ Direct, and root causes.

Due attention should be given to accidents involving property damage.
Records relating to repair of property could be an indicator of damage caused
by an unreported accident/incident.
Accident and illness data/information is vital, as it can be a direct indicator of
OH&S performance. However, caution in their use should be exercised,
for example:

▶ Most organizations have too few injury accidents or cases of work

related illness to distinguish real trends from
random effects

▶ If more work is done by the same number of people in the same time,
increased workload alone may account for an increase in accident rates
▶ The length of absence from work attributed through injury or work-
related illness may be influenced by factors other than the severity of
injury or occupational illness, such as poor morale, monotonous work and
poor management/employee relations

▶ Accidents are often under-reported (and occasionally over- reported). Levels

of reporting can change. They can improve as a result of increased workforce
awareness and better reporting and recording systems

▶ A time delay will occur between OH&S Management System failures and
harmful effects. Moreover, many occupational diseases have long latent
periods. It is not desirable to wait for harm to occur before judging
whether OH&S management systems are working.
Valid conclusions should be drawn and corrective action taken. At least
annually, this analysis should be circulated to top management and
included in the management review.

6
4
H3 Incident investigation, nonconformity, corrective action and preventive action continued

3)Monitoring and communicating results

Hints for Implementation
The effectiveness of OH&S investigations and reporting
Again this is one section of BS OHSAS 18001, which
should be assessed. The assessment should be objective,
has clear links to ISO 9001 and ISO 14001. If you
and should yield a quantitative result if possible.
have a quality and/or environmental management
The organization, having learnt from the system you should already have a corrective/preventive
investigation, should: action process. You could use this as a
framework for health and safety non-conformances, or if
▶ Identify the root causes of deficiencies in the possible totally integrate the systems.
OH&S Management System and general
management of the organization, where At first, your OH&S audit team will raise most of the
applicable non- conformances. However, in the long run, it is
worthwhile encouraging all staff to play an active role in
▶ Communicate findings and recommendations to
management and relevant interested parties reporting non- conformance or observations. This is
particular important for near miss incidents which often go
▶ Include relevant findings and recommendations unreported. Understanding such events will allow you to
from investigations in the continuing OH&S put in place controls measure so that the problem is
review process avoided. Remember prevention is always better than a cure.
▶ Monitor the timely implementation of remedial controls, and
their subsequent effectiveness over time Common non-conformances
▶ Apply the lessons learnt from the investigation of non- Common non-conformances brought up in the
conformance’s across its whole organization, focussing pre-certification and certification audits include:
on the broad principles involved, rather than being
restricted to specific action designed to avoid repetition of a ▶ Procedures and responsibilities inadequately defined to
precisely similar event in the same area of the ensure that non-conformities, corrective and
preventative actions
organization.
are taken
4)Record keeping ▶ No record of investigation of the cause of the non-
This can be accomplished rapidly and with a minimum of conformance only of the action taken
formal planning or it can be a more complex and long-term ▶ Failure to take appropriate corrective action
activity. The associated documentation should be
appropriate to the level of corrective action. ▶ Preventative action not demonstrated to ensure that the
same problem does not arise again.
Reports and suggestions should be sent to the
management appointee, and, where appropriate, the Self assessment questions:
employee OH&S representative, for analysis and
filing. ▶ Have you developed procedures for investigating,
correcting, and preventing system deficiencies?
The organization should maintain a register of all
accidents. Incidents that had the potential for ▶ Have responsibilities been assigned for taking and
tracking the completion of corrective actions?
significant OH&S consequences, should also be included.
Such a register is often required by legislation. ▶ Have you established a process to revise procedures or
other OH&S documents based on corrective/preventive
Typical output: actions?
▶ Accident and non-conformance procedure
▶ Non-conformance reports
▶ Non-conformance register
▶ Investigation reports
▶ Updated hazard identification, risk assessment
and risk control reports
▶ Management review input
▶ Evidence of evaluations of the effectiveness of corrective
and preventive actions taken.
 Records and record
H4 management

Typical outputs:
BS OHSAS 18001 requirements ▶ Procedure (for the identification, maintenance and
disposition of OH&S records)
The organization shall establish and maintain records as
necessary to demonstrate conformity to the requirements ▶ Adequately stored and readily retrievable OH&S records.
of its OH&S Management System and of this OHSAS
Standard, and the results achieved.
Hints for implementation
The organization shall establish, implement and maintain a
procedure(s) for the identification, storage, protection, retrieval, Record management is in essence very simple, so try not to
retention and disposal of records. over complicate it with complex procedures. Firstly decide
what records you will keep, how you will keep them and for
Records shall be and remain legible, identifiable and
traceable. how long. You should also consider how to dispose of
records once you no longer need them. If your organization
has ISO 9001, you should already have
Introduction a system for managing quality records. You may wish to
Records should be kept to demonstrate that the OH&S consider integrating the requirements of both systems.
Management System operates effectively, and processes
The evaluation of compliance against your legal obligations
have been carried out under safe conditions. OH&S
will identify the records that you are legally bound to retain
records that document the management system and
and will specify the mandatory retention periods e.g. health
conformance to the requirements should be prepared,
surveillance records under Control of Substances
maintained, legible, and adequately identified.
Hazardous to Health Regulations (COSHH) need to be
Typical inputs retained for 40 years.

Records (used to demonstrate conformance to the

requirements) that should be kept include:
Common non-conformances
Some of the most common non-conformities linked to
▶ Training records
records include:
▶ OH&S inspection reports
▶ The records do not support conformance
▶ OH&S Management System audit reports with the policy commitments
▶ Consultations ▶ Breaches of legislative compliance are not recorded
▶ Accident/incident reports ▶ Procedures and responsibilities are inadequately defined
▶ Accident/incident follow-up reports to ensure that suitable records are made and retained to
support the system
▶ OH&S meeting minutes
▶ Poor identification, traceability and retrievability of
▶ Medical tests
records
▶ Health surveillance
▶ Insufficient detail to demonstrate conformance with
▶ PPE issues and PPE maintenance records the requirements of BS OHSAS 18001.
▶ Emergency response drills
Self assessment questions:
▶ Management reviews
▶ Have you established a procedure for managing health
▶ Hazard identification, risk assessment and risk control
and safety records?
records.
▶ Does this procedure cover the identification, maintenance
Process and disposal of records?
The requirement in BS OHSAS 18001 is largely self- ▶ Have you considered any statutory or good practise
explanatory. However, notice should also be given to: requirements regarding retention times?
▶ The authority for disposal of OH&S records ▶ Do you have effective storage and retrieval systems to
▶ The confidentiality of the OH&S records protect against loss and/or damage of records?
▶ Legal and other requirements on the retention of OH&S
records
▶ Issues surrounding the use of electronic records.
OH&S records should be complete, legible, and
adequately identified. Retention times for OH&S records
should be defined. Records should be stored in a safe place,
readily retrievable and protected from deterioration. Critical
OH&S records should be protected from possible fire and
other damage as appropriate, or as required by law.

6
6
 Audit
H5

Typical inputs:
BS OHSAS 18001 requirements ▶ OH&S policy statement
The organization shall ensure that internal audits of the ▶ OH&S objectives
OH&S Management System are conducted at planned
▶ OH&S procedures and work instructions
intervals to:
a) determine whether the OH&S Management System: ▶ Hazard identification, risk assessment and risk control
results
1) conforms to planned arrangements for OH&S
management including the requirements of this OHSAS ▶ Legislation and best practices (if applicable)
Standard and ▶ Non-conformance reports
2) has been properly implemented and is ▶ OH&S Management System audit procedures
maintained and 3)is effective in meeting the ▶ Competent, independent, internal/external auditor(s)
organization’s policy ▶ Non-conformance procedure
and objectives
b) provide information on the results of audits to Process
management.
1)Audits
Audit programme(s) shall be planned, established,
implemented and maintained by the organization, based OH&S Management System audits provide a comprehensive
on the results of risk assessments of the organization’s and formal assessment of the organization’s compliance
activities, and the results of previous audits. with OH&S procedures and practices.
Audit procedure(s) shall be established, implemented OH&S Management System audits should be conducted
and maintained that address:
according to planned arrangements. Additional audits may
a) the responsibilities, competencies, and requirements need to be performed as circumstances require.
for planning and conducting audits, reporting results and
retaining associated records and Only competent, independent, personnel should carry out
b) the determination of audit criteria, scope, OH&S Management System audits.
frequency and methods. The output of an OH&S Management System audit should
include detailed assessments of the effectiveness of OH&S
Introduction procedures, the level of compliance with procedures and
OH&S Management System auditing is a process practices, and should, where necessary, identify corrective
whereby organizations can review and continuously actions. The results
evaluate the effectiveness of their OH&S Management of the OH&S Management System audits should be recorded
System. In general, OH&S Management System audits and reported to management, in a timely manner.
need to consider OH&S policy and procedures, and the
A review of the results should be carried out by management
conditions and practices in the workplace.
and effective corrective action taken (where necessary).
An internal OH&S Management System audit programme NOTE: The general principles and methodology described in ISO
should be established to allow the organization to review its 19011 or BS 8800:1996, annex F, are appropriate for OH&S
own compliance of its OH&S Management System to Management System auditing.
BS OHSAS 18001. Planned OH&S Management System
2)Scheduling
audits should be carried out by personnel, from within the
organization and/or by external personnel selected by the An annual plan should be prepared for carrying out internal
organization, to establish the degree of compliance with the OH&S Management System audits. The OH&S Management
documented OH&S procedures, System audits should cover the entire operation, which is
and whether the system is effective in meeting the OH&S subject to the OH&S Management System, and assess
objectives of the organization. In either case, the personnel compliance with
conducting the OH&S Management System audits should be BS OHSAS 18001.
in a position to do so impartially and objectively.
The frequency and coverage of OH&S Management System
NOTE: Internal OH&S Management System audits focus on the audits should be related to the risks associated with the
performance of the OH&S Management System. They should not be
confused with OH&S or other safety inspections.
failure of the various elements of the OH&S Management
System. Available data on the performance of the OH&S
Management System, the output from management reviews,
and the extent to which the OH&S Management System or
the environment in which it operates should be considered
during the scheduling process.
Additional, unplanned, OH&S Management System audits
may need to be conducted, if situations occur which warrant
them,
e.g. after an accident.
H5 Audit continued

3)Management support ▶ Non-conformance reports.

For OH&S Management System auditing to be of value,
top management should be fully committed to the concept
of OH&S Management System auditing and its effective
implementation within the organization. This includes a
commitment to consider OH&S Management System audit
findings and recommendations and to take appropriate action
as necessary, within an appropriate time. Once it has been
agreed that an OH&S Management System audit should be
carried out it should be completed in an impartial way. All
relevant personnel should be informed of the purposes of
OH&S Management System auditing and the benefits. Staff
should be encouraged to co-operate fully with the auditors and
to respond to their questions honestly.
4)Auditors
One or more persons may undertake OH&S Management
System audits. A team approach may widen involvement and
improve
co-operation. A team approach may also allow a wider
range of specialist skills to be utilised.
Auditors should be independent of the part of the
organization or the activity that is to be audited.
Auditors need to understand their task and be competent to
carry it out. They need to have the experience and
knowledge of the relevant standards and systems they are
auditing to enable them to evaluate performance and identify
deficiencies. Auditors should be familiar with the requirements
set out in any relevant legislation. In addition, auditors should
be aware of, and have access to, standards and authoritative
guidance relevant to the work they are engaged in.
5)Data collection and interpretation
The techniques and aids used in the collection of the
information will depend on the nature of the OH&S
Management System audit being undertaken. The OH&S
Management System audit should ensure that
representative samples of essential activities are audited
and that relevant personnel (including employee OH&S
representatives, where appropriate) are interviewed. Relevant
documentation should be examined. This may include:

▶ OH&S Management System documentation

▶ OH&S policy statement
▶ OH&S objectives
▶ OH&S and emergency procedures
▶ Permit to work systems and procedures
▶ Minutes of OH&S meetings
▶ Accident/incident reports and records
▶ Any reports or communication from the OH&S enforcement
or other regulatory bodies (verbal, letters, notices,
etc.)
▶ Statutory registers and certificates
▶ Training records
▶ Previous OH&S Management System audit reports
▶ Corrective action requests
Wherever possible checks should be built into the OH&S Management
System audit procedures to help to avoid misinterpretation or misapplication
of collected data, information or other records.
6)Audit results
The content of the final OH&S Management System audit report should be
clear, precise and complete. It should be dated and signed by the auditor. It
should, depending on the case, contain the following elements:

▶ The OH&S Management System audit objectives and scope

▶ The particulars of the OH&S Management System audit plan,
identification of the members of the auditing team and the audited
representatives, dates of audit and identification of the areas subject to
audit
▶ The identification of reference documents used to conduct the OH&S
Management System audit (e.g. BS OHSAS 18001, OH&S
management handbook)
▶ Details of identified non-conformance’s
▶ The auditor’s assessment of the degree of conformity with BS OHSAS
18001
▶ The ability of the OH&S Management System to achieve the stated
OH&S management objectives
▶ The distribution of the final OH&S Management System audit
report.
The results of OH&S Management System audits should be fed back to all
relevant parties as soon as possible, to allow corrective actions to be taken.
An action plan of agreed remedial measures should be drawn up together with
identification of responsible persons, completion dates and reporting
requirements. Follow- up monitoring arrangements should be established to
ensure satisfactory implementation of the recommendations.
Confidentiality should be considered when communicating the information
contained within the OH&S Management System audit reports.

Typical outputs:
▶ OH&S Management System audit plan/program

▶ OH&S Management System audit procedures

▶ OH&S Management System audit reports, including non-

conformance reports, recommendations and corrective action
requests
▶ Signed-off/closed-out non-conformance reports

▶ Evidence of the reporting of the results of OH&S Management System

audits to management.

6
8
H5 Audit continued

Hints for implementation

Self assessment questions:
Your OH&S audits should focus on objective evidence of
▶ Have you an audit procedure and programme?
conformance. During the actual audit, try to resist evaluating
why a procedure was not followed. This step will come ▶ Do you undertake periodic OH&S audits?
later in the corrective and preventive actions. ▶ Does your audit programme determine audit frequency?
During the audit, discuss identified deficiencies with the ▶ Have you selected and trained an OH&S audit team?
people who work in the area. This will help the auditors
verify that their understanding is correct. It can also serve ▶ Have you established a process to keep
records of audit reports?
as refresher training (on OH&S requirements) for
employees.
Before you start an audit, be sure to communicate the audit
scope, schedule, and other pertinent information with the
people in the affected area(s). This will help avoid confusion
and will facilitate the audit process.

Common non-conformances
Potential non-conformances include:
▶ Auditors are not sufficiently independent of the activity
audited
▶ Responsibilities for performing audits are not clearly
defined
▶ Audit programme is not sufficiently comprehensive to cover
all areas of the OH&S or activities which hazards can
arise
▶ Audit frequencies are not based upon the levels
of risk associated with the activity
▶ Audit format or activity not consistent with previous
audits
▶ Audit reports are not completed within the original scope
of the audit
 Management review
H6

▶ Reports of emergencies (actual or

exercises)

Introduction
Top management should review the operation of the
OH&S Management System to assess whether it is
being fully implemented and remains suitable for
achieving the company’s stated OH&S policy and OH&S
objectives.
The review should also consider whether the OH&S policy
continues to be appropriate. It should establish new or
updated OH&S objectives for continual improvement,
appropriate to the coming period, and consider whether
changes are needed to any elements of the OH&S
Management System.

Typical inputs:
▶ Accident statistics
▶ Results of internal and external OH&S
management system audits
▶ Corrective actions carried out to the system
since the previous review

7
0
▶ Report from the management appointee on the overall
performance of the
BS system
OHSAS 18001 requirements
▶ Reports from individual line managers
Top management shallonreview
the effectiveness of the OH&S
the organization’s
system locally Management System, at planned intervals, to ensure its
▶ Reports of hazardcontinuing suitability,
identification, adequacy and
risk assessment andeffectiveness.
risk control Reviews
processes. shall include assessing opportunities for improvement and
the need for changes to the OH&S Management System,
including the OH&S policy and OH&S objectives. Records of
Process
the management reviews shall be retained.
Reviews should be carried out by top management on a regular basis (e.g.
annually). Input to management reviews shall include:
a) results of internal audits and evaluations of compliance
NOTE: the frequency of such reviews should be commensurate with the age and
development of the system, withi.e.
applicable legal
a relatively newrequirements and
and untested with other
system may be reviewed
requirements
quarterly, whilst a tried and tested system to which
whichthe
has organization
demonstrated subscribes
its effectiveness
may only need to be reviewed annually.
b) the results of participation and consultation (see 4.4.3)
c) relevant
The review should focus communication(s)
on the from external
overall performance of the interested
OH&S
Management System parties,
and notincluding complaints
on specific details, since these should be
handled by the normal means
d) the OH&Swithin the OH&S
performance of Management System.
the organization
e) the extent to which objectives have been met
Interpretation
f) status of incident investigations, corrective actions
In planning for a management review, consideration
and preventive actions should be given to
the following: g) follow-up actions from previous management reviews
▶ The topics to be h)
addressed
changing circumstances, including developments in legal
and other requirements
▶ Who should attend (managers, related
OH&S specialist to OH&S
advisors, and
other
personnel) i) recommendations for improvement.
▶ Responsibilities ofThe outputsparticipants
individual from management reviews
in respect of theshall be
review consistent with the organization’s commitment to continual
improvement and shall include any decisions and actions
▶ Information to berelated
broughttoto the review
possible The to:
changes
review should address:
a) OH&S performance
▶ Suitability of current OH&S
b) OH&S policy
policy and objectives
▶ Setting or updating of OH&S objectives
c) resources and for continual
improvement in the forthcoming period
d) other elements of the OH&S Management System.
▶ Adequacy of current hazardoutputs
Relevant identification, risk assessment
from management reviewand
shallrisk
be made
control processesavailable for communication and consultation (see 4.4.3).
▶ Current levels of risk and the effectiveness of existing control
measures
▶ Adequacy of resources (financial, personnel, material)
▶ The effectiveness of the OH&S inspection process
▶ The effectiveness of the hazard reporting process
▶ Data relating to accidents and incidents that have occurred
▶ Recorded instances of procedures not being effective
▶ Results of internal and external OH&S Management System audits
carried out since the previous review and their effectiveness
▶ The state of preparedness for emergency
▶ Improvements to the OH&S Management System (e.g. new initiatives
to be introduced or expansion of existing initiatives)
▶ Output of any investigations into accidents and incidents
▶ An assessment of the effects of foreseeable changes to
legislation or technology.
H6 Management review continued

The management appointee should report to the meeting on

the overall performance of the OH&S Management Common non-conformances
System. Potential non-conformances include:
Partial reviews of the OH&S Management System ▶ The frequency of management reviews is not clearly
performance should be held at intervals that are more stipulated in the procedure
frequent, if required. ▶ The agenda of the management review does not include
an examination of the effectiveness of the OH&S
Typical outputs:
system in delivering the policy
▶ Minutes of the review
▶ Information gathered to review the OH&S system is
▶ Revisions to the OH&S policy and OH&S objectives insufficient
▶ Specific corrective actions for individual managers, with ▶ Failure to document and follow up actions agreed action of
target dates for completion the management review
▶ Specific improvement actions, with assigned responsibilities
and target dates for completion Self assessment questions:
▶ Date for review of corrective action ▶ Does your management team review the adequacy of
your OH&S system at regular intervals?
▶ Areas of emphasis to be reflected in the planning of
future internal OH&S Management System audits. ▶ Do your procedures ensure that adequate information is
provided for management review purposes?
Hints for implementation
▶ Are the conclusions and actions required by the
The term Management Review often gives people the management review properly documented in the form
impression of a very senior and formalised board room or of minutes?
committee meeting. However, it is none of these things; it
is simply a mechanism to ensure that the OH&S system
is kept in good working order.
There are generally two types of people who should be
involved in the management review process. Firstly, people
who have the right information about the OH&S system (for
example the Management Representative) and secondly,
people who can make decisions (such as the Managing
Director).
When deciding the frequency of management reviews,
consider what currently works for company. It is however
worthy of note that Health and Safety Legislation is released
twice a year, in April and October, as such you may wish to
co-ordinate you management review meetings to coincide
with such changes.
Regardless of the approach you take, make sure that
someone takes notes on what issues were discussed,
what decisions were arrived at, and what action items were
selected with time-scales. Management reviews should be
documented and the records stored accordingly.
The management review should assess how changing
circumstances might influence the suitability,
effectiveness or adequacy of your OH&S system. Changing
circumstances may be internal to your organization (e.g.,
new materials or changes in products or services) or may
be external factors (such as new regulations or new
customers).
Once you have documented the action items arising from your
management review, be sure that someone follows-up.
Progress on these items should be tracked.