John Nolan The DIS (Draft International Standard) of ISO 45001:2015 is the first step in the process to replace the existing OHSAS 18001 system with a standard similar in format to ISO 9001 (Quality Management Systems) and 14001 (Environmental Management Systems). Among the significant changes brought by the new ISO 45001 standard are adjustments to advice and requirements on operational control within an organization’s OH&S (occupational health & safety) system, and we are going to look specifically at the changes presented in the new clause 8.3/4/5, which deals with “outsourcing, procurement and contractors.” So, what do we need to know about the changes in the DIS, how do they differ from the equivalent section on operational control in the OHSAS 18001 standard, and vitally, what do we have to do to ensure our organization is both as safe as possible and compliant for purposes of any certification audit?
Operational control: Old versus new
Operational control was the subject of clause 4.4.6 of the OHSAS 18001 standard, and in hindsight was basic in its requirements, the contents relating to our topic broadly being:
- There shall be controls related to purchased goods, equipment, and services.
- Workplace visitors and contractors shall be governed by controls.
Now the 45001 DIS clearly defines what each category (outsourcing, procurement, contractors) means, and how it relates to your organization, and makes suggestions on potential areas of risk that may exist, while briefly outlining how these areas may sit within your OH&S objectives. It is highly recommended that you obtain the 45001 DIS and make every effort to learn exactly what these changes mean to your organization, but let’s look briefly at what clauses 8.3/4/5 state:
8.3 Outsourcing: The 45001 DIS defines an outsourced process as one that is integral to, within the scope of, liable in terms of conforming to requirements of, and central to the OH&S system achieving its objectives. The outsourced process will also be such that a neutral viewer would assume that the process or service delivery is carried out by and is the responsibility of the organization itself.
8.4 Procurement: Considerations and controls should be made for the organization’s procurement process, which include: risks and hazardous materials, considerations over both raw materials and services, and control over how all services and goods procured affect the objectives and integrity of your organization’s OH&S objectives. That standard also makes specific mention of installation and delivery of equipment your organization may source, in that: specifications are met and safety testing is undertaken before use, installations and materials meet specifications, and all requirements and communications for safe use are made correctly.
8.5 Contractors: The DIS provides examples of what would be considered as “contractors,” but stresses that responsibility for performance always ends with the organization. Delegation of responsibility and controls must be put in place to manage contractors, and while a contractor may or may not have its own OH&S system, correct stipulations of the organization’s objectives, rules, and regulations must be communicated to ensure compliance and good practice. While recognizing that OH&S systems of suppliers will vary according to the nature of their business, it should be noted that the contractor’s OH&S capability, records, experience for the intended task, resources, and training record should be reviewed and considered before engagement.
So, given the vast and quite specific differences between the recommendations of the old and new standards, what do we have to do now?
Outsourcing, Procurement, Contractors – The compliance angle
Managing these three entities within your OH&S system can be done separately or together. In fact, if you think of ISO 9001’s and 14001’s reliance on the Plan, Do, Check, Act cycle, then the similarities become clear. Let’s look at the key aspects your organization should define for this process:
- Delegate responsibility for the tasks planned to “pre-qualify” your contractors and procurement partners. This is critical to ensure the process works efficiently.
- Plan correctly and efficiently. Decide on what criteria, checking process, and format of communication are needed to manage external sources of labor, materials, or services.
- Share your knowledge with your partners. If you have contractors onsite, ensure there is a process to educate them on your OH&S standards, rules, and procedures. Offer your documented information to partners, and create a culture of openness, education, and willingness to foster a work environment that is both safe and “risk aware.”
- Design a process for incoming goods and services. Ensure you have a workplace where “specified versus actual” is always a consideration before use, whether machinery, substances, or services.
- Build OH&S considerations into your approved supplier list. Does a supplier have an OH&S policy, or accreditation?
- Use internal audit and supplier audit opportunities diligently. This is key to your process of “check” and your improvement process.
- Continually reevaluate, review, and improve. If you have a monthly forum or team meeting, this is a good place to do this. It also pays to remember that employees are generally close to the operation and can help you identify and mitigate risk before it becomes an incident. Involve them.
As with all matters related to health and safety, prevention is better than cure. Why not try some forward thinking and promote the culture within your company? Hold an OH&S day for your suppliers and contractors, present them with information on your workplace, OH&S record, and objectives, and ask them to share in that culture by complying, suggesting improvement, and sharing any methods, tricks, or tips they may have. Education, employee input, established processes, and early identification of risk with continual improvement are the cornerstones of good health and safety, so why not work together for everyone’s benefit?
Why not use our free Gap Analysis Tool to compare your OH&S system with the OHSAS 18001 standard.
