Strahinja Stojanovic
May 23, 2018
The long-awaited new version of ISO 45001 has finally been released, and many people are wondering about the next steps, and how to become compliant with the new version.
ISO 45001:2018 brings some significant changes in concept and approach compared to OHSAS 18001, but nothing that your company can’t handle. With a systematic approach to the transition project and the commitment from management, success is guaranteed.
The ISO organization stated that the transition period will take three years, so organizations may get their OHSAS 18001 certificates or have surveillance audits according to the old standard until March 12, 2021. Although this is a very decent timeframe, many organizations will try to catch up with the changes much sooner to demonstrate that they are keeping up with the world.
If you got certified before March 12, 2018, you will have your surveillance audits according to the old standard, but your recertification audit will be conducted according to ISO 45001. If you get your certificate according to OHSAS 18001 after that date, you will have three years to transition to the new version.
These are the suggested steps in the transition and their order, for a successful transition to the new standard:
1) Define context of the organization. This is a new requirement and requires special attention, because it provides the basis for your new Occupational Health and Safety Management System (OH&SMS). Many other standards also require the context to be defined, but every standard has its own scope and the information on the context can be different; for example, ISO 9001 will cover the issues related to the product quality and customer satisfaction. Although the standards have different scopes, the same process for the context definition can be used – only the different issues will be analyzed.
2) List all interested parties. Although it belongs to the same clause as Context of the organization, it is something new and should be considered carefully. Having all interested parties and their expectations identified will help the organization to adjust its strategic direction. To learn more about who can qualify as an interested party and how you should address them, check out this article: Determining interested parties according to ISO 45001.
3) Review the scope of the OH&SMS. The transition is a good moment to consider your existing scope of the OH&SMS, since the credibility of your Occupational Health and Safety Management System depends on it.
4) Demonstrate leadership. The requirements are similar to those for management commitment in the previous version, and the new version puts even greater emphasis on the leadership. Demonstrate leadership through taking accountability for the OH&SMS, providing resources, and establishing an OH&S Policy and the objectives.
5) Align OH&S objectives with the company’s strategy. Your OH&SMS must be compatible with the strategic direction of the company, and the objectives must aim in the same direction as other activities in the company. Also, one of the requirements in ISO 45001 is to create the plans for achieving the objectives.
6) Assess risks and opportunities. According to the new standard, the risks and opportunities must be addressed. They focus on the ability of organization to achieve intended results, but also on other parts of the system, such as context of the organization, compliance obligations, and occupational health and safety hazards. Once the risks and opportunities are identified, the organization needs to develop plans for addressing them. Check out the article What are the new requirements for risks and opportunities according to ISO 45001? to find out more.
7) Identify and evaluate OH&S hazards. The transition is a great chance to reevaluate your occupational health and safety hazards. The new standard doesn’t bring too many changes to this, but it is a good opportunity to review the effectiveness of the existing controls and make necessary improvements.
8) Determine the compliance obligations. A requirement for complying with statutory and regulatory requirements existed in OHSAS 18001. In addition to these requirements for compliance, the new standard also includes interested parties and their needs and expectations to be observed as compliance obligations.
9) Control documented information. This new term refers to both procedures and records. Besides aligning your old procedures to the new clause numbers, the transition process should be used for improving your existing documentation. Organizations now have more liberty in deciding how to document and manage their documented information; one of the alternatives is to use e-documentation and avoid the paper form as much as possible. For more information, see: New approach to ISO 45001 documentation.
10) Operational control. The new version requires better control of the processes, including operating criteria and implementing controls of processes according to the criteria. The new standard brings additional requirements for operational controls in regard to management of changes, outsourcing, procurement, and contractors.
11) Performance evaluation. This means that you need to determine what you need to monitor, how, and how often. The purpose is to evaluate the performance and effectiveness of your OH&SMS. If you are familiar with key performance indicators, this change will be easy.
12) Measurement and reporting. The new standard strongly emphasizes the importance of measurement and reporting, especially regarding the above-mentioned performance evaluation. In addition, internal audit and management review processes are very useful tools for determining condition and performance of the OH&SMS, and they also need to be aligned with the new standard. Although the techniques for conducting the internal audit and the management review have remained the same, there are changes in the input elements of the management review and requirements to be audited during the internal audit.
The changes and the transition process itself can seem overwhelming at first, but my guess is that within the one-year period this won’t take more than a couple of hours per month to achieve. The additional motive for the transition are the improvements brought by the new standard. This is a great opportunity for even greater integration of the OH&SMS with other business activities and to get ahead of your competition.
To learn more details about how to perform each of these 12 steps, this free webinar can help you: How to make the transition from OHSAS 18001 to ISO 45001.