The road to ISO 45001

This article was written by Chris Peace and is reproduced here with permission. It was first published in Safeguard magazine(external link), January/February 2018.

Q: Why has ISO 45001 been developed?

It has been estimated that, globally, about 2.3 million people die each year as a result of workplace incidents. The record in New Zealand is worse than in many other OECD countries. The International Standards Organization (ISO) began work on ISO 45001 Occupational health and safety management systems in 2013, partly as a result of so many deaths but mainly because of international support for the project.

Exposure drafts of ISO 45001 were released in 2016 and 2017 and, also in 2017, the final draft was circulated to participating standards bodies to vote on. When the standard is published later in 2018 and adopted in New Zealand in 2019 it will complement other standards on quality and environmental management and aspects of organisational corporate social responsibility.

Goods and services are increasingly delivered via international supply chains so this international standard is welcomed.

Q: What are the key features of the new standard that distinguish it from AS/NZS 4801?

More detail, based on research and experience! That said, it is applicable ‘to any organisation that wishes to establish, implement and maintain an occupational health and safety management system (OHSMS) to improve occupational health and safety … take advantage of occupational health and safety (OHS) opportunities, and address OHSMS nonconformities associated with its activities.’

These last two points bring in issues not dealt with by AS/NZS 4801. Health and safety practitioners often overlook the opportunities arising from H&S and may not link their work with other management systems; ISO45001 will help people make these connections.

ISO 45001 is 50 pages long (whereas AS/NZS 4801 is 35 pages long) and gives more detailed guidance on development of a management system. Its structure enables comparison with the McKinsey 7-S model, a key management system tool covering structure, systems, strategy, skills, style, staff, and shared values.

AS/NZS 4801 has stood the test of time quite well but needs revision, or replacement by ISO 45001, to take account of subsequent experience and research.

Q: How well does ISO 45001 mesh with the Health and Safety at Work (HSW) Act 2015?

ISO 45001 was not developed as a compliance tool, however it says ‘the intended outcomes of an OHSMS include … (b) fulfilment of legal requirements and other requirements’. It gives guidance to organisations in all countries that adopt the standard, some of which have prescriptive OHS legal systems, whereas our HSW Act sets out general duties.

ISO 45001 overcomes this issue by requiring identification of OHS-related legislation and its inclusion in an OHSMS. (Similarly, the new SafePlus launched late in 2017 makes no direct mention of the general duties – see later.)

Perhaps the greatest problem is the absence of the concept of a person having control of a business or undertaking. This is overcome by inclusion of, for example, requirements covering procurement, contractors, and outsourcing.

Q: What is the biggest strength of ISO 45001?

There are three major strengths: it is based on many years of research; it has backing from many other developed countries and international organisations; and it integrates with other management system standards. Engagement with workers is also well documented and ISO 45001 links with other standards on risk management and risk assessment techniques.

Q: What is its biggest weakness?

In common with other management system standards, it appears to have a ‘one size fits all’ approach. However, it can be adapted to suit a business or undertaking when determining the scope of the OHSMS. One weakness (a personal irritation) is that it gives two definitions of risk.

Q: What key benefit would a New Zealand organisation get from using an international standard like ISO 45001?

Many New Zealand organisations have quality, environmental or other management systems based on one or more ISO management system standards. ISO 45001 has the same structure as such standards, making it easier to integrate an OHSMS into the overall management system. This makes the use of technical staff or consultants more efficient and helps reduce bureaucracy.

Demonstrating conformance with ISO 45001 may become the default position as demands for audited corporate social responsibility (including for OHS) increase from trading partners in our international and national supply chains. Those demands may ripple through the economy, eventually affecting most businesses or undertakings. For exporters, early adoption may give a competitive advantage.

Q: The discontinued WSMP (Workplace Safety Management Practices) audit was based on AS/NZS 4801. For organisations that liked WSMP, how well will ISO 45001 serve as a useful replacement?

In many respects the two documents seem similar, but differences include ISO 45001 setting out requirements for governance and leadership (now recognised as critical to successful OHS management), management of change, procurement and evaluation of compliance, and a description of success factors. There are also some differences in the definitions of hazard and risk that need to be understood.

Furthermore, ISO 45001 is founded on the plan-do-check-act model and elaborates on continual improvement in the body of the standard, whereas AS/NZS4801 only refers to continual improvement in the foreword. These differences should be welcome to those who liked the WSMP audit standards or AS/NZS 4801.

The WSMP audit standards and SafePlus both have three levels of conformance whereas AS/NZS 4801 and ISO 45001 have only one. In addition, the WSMP audit standards were document-heavy – that is, they were dominated by requirements for documentary evidence. Demonstrating conformance with ISO 45001 might be partially achieved via documents but audit evidence will need to be verified (for example, by interviews or observations).

Understanding these differences in an organisation oriented to WSMP or AS/NZS 4801 will require a gap analysis: where are we compared with where do we need to be?

Q: The new SafePlus assessment tool, developed in New Zealand, takes quite a different approach. Why would an organisation spend money on a 45001 audit when it could get a SafePlus assessment for a similar amount?

ISO 45001 has been developed by representatives from 69 participating countries (including all our major trading partners and other countries such as Botswana, Egypt, and Zimbabwe), 16 observing countries, and 20 liaison members (e.g. IOSH, ILO, and OHSAS Project Group) – but not New Zealand.

SafePlus was developed by WorkSafe, ACC, and MBIE with guidance from an advisory committee.

A close comparison of SafePlus with ISO 45001 shows their content (but not structure) is similar with a few notable exceptions, including two SafePlus performance requirements that the business ‘proactively accommodates employee incapacity and ill health’ and ‘is responsive in resolving disagreements or issues’. ISO 45001 includes success factors and, as noted, is based on the plan-do-check-act model; SafePlus is not. Otherwise the content of both can be traced back to early work dating from the 1970s on the characteristics of successful safety programmes.

SafePlus uses an innovative approach with guidance spread across performance requirements, evidence, and expectations for developing, performing, or leading organisations. Conversely, ISO4 5001 uses a layout and structure that users of standards will find familiar. In common with other management system standards, ISO 45001 requires an understanding of the business environment and, unlike SafePlus, maps against other ISO standards in common use (such as ISO 9001 and ISO 14001).

The SafePlus Performance Requirements document claims to be ‘different from traditional compliance audit type products’, perhaps referring to AS/NZS 4801 and the ACC WSMP audit standards. ISO 45001 is not such a compliance document (although it will help achieve compliance).

SafePlus is available now. ISO 45001 will be available as the international version later this year. Standards New Zealand will then start the process to adopt it, probably in 2019, at which time AS/NZS 4801 will be withdrawn.

Adoption of both documents is voluntary, but claims of conformance with ISO 45001 can be self-declared or following an audit. Given the similarities in content (but not structure), some organisations might choose to be audited against the SafePlus performance requirements and use the results to aid self-certification against ISO 45001.

However, the decision about SafePlus or ISO 45001 should be a decision for senior management based on a gap analysis and cost benefit analysis. OHSMS only work if they support what senior management wants to happen.

Chris Peace(external link) is a risk management consultant based in Wellington. His comments are based on the final draft of the international standard (FDIS) as at January 2018.

ISO 45001:2018 is due for publication in the next few months and will be adopted as a New Zealand standard, NZS ISO 45001:2018, later this year.