Which criteria to apply when deciding about ISO 45001 documentation

The ISO 45001:2018 standard requires very few pieces of information in the occupational health and safety management system that need to be documented, and few of these are required documented procedures. There are a couple of documents like policies, plans, and records that need to be written, but many written procedures are not explicitly mandated by the standard. So, how do you decide which of the procedures in the ISO 45001 standard should be documented in your occupational health and safety management system?

First – there were mandatory requirements

The easiest part is to identify and create the documents explicitly required by ISO 45001. These are records that should provide evidence that your business is compliant with the legislation, and that you performed hazard identification, evaluation, and trainings, as well as records of nonconformance, corrective and preventive action, internal audit, and management review.

On the other side, in requirement 7.5 the ISO 45001 standard specifies the need for “documented information determined by the organization as begin necessary for the effectiveness of the OH&S management system.” What does this mean?

The intent of this requirement is for the organization to assess which of its workplaces have significant occupational health and safety hazards, and to have a documented method of controlling these work activities. Once the organization identifies those documents as necessary, they become a part of the system and therefore mandatory. So, instead of trying to document all activities within workplaces, the procedures or work instructions should focus on providing information on safely performing activities. Of course, if there is a legal requirement to document an instruction this takes precedence over your decision.


What criteria to apply?

When deciding what to document and what to exclude from documentation, it is best to be pragmatic and practical. One of the main criteria is the skill and experience of your employees. If they are familiar with work safety practices and have awareness of personal and other employee’s safety, then you wouldn’t have to document every work safety instruction.

The next important thing is to identify activities in processes that can go wrong, or any habits of your employees that can lead to injuries (e.g., not wearing a helmet or safety glows because of hot weather) and focus your documentation on these.

Every work instruction and procedure regarding occupational health and safety should be clear and as short as possible. This way, all employees who are involved in those workplaces can have a common understanding of what is needed to ensure that occupational health and safety hazards are avoided. It is important to note that this is only applicable for workplaces with significant OH&S risks; if you do not have workplaces with significant OH&S risks, then it is not required to have a procedure for all operational controls.

For instance, if you have a workplace that requires working on heights, you will need a SOP for Working on Heights; if you have a workplace that includes working with hazardous chemicals, you might need a SOP for Chemical Hazards. If you do not use hazardous chemical in your activities, then you don’t need a SOP for Chemical Hazards. Each company must identify its workplaces with significant OH&S risks and write an appropriate procedure accordingly.

Some tips for documenting the OH&SMS

A very good rule of thumb is to document a procedure when there is a high chance that there will be mistakes when it is not documented. This is particularly applicable to procedures used for planning the response during an emergency. These procedures can be critical to ensuring that everyone knows who can respond, what training is required and maintained for the responders, and what other people should do when the emergency occurs, even if this is just staying out of the way of the emergency responders.

Another time to consider documenting a procedure is when you want to ensure that the review criteria and the assessed output are consistent across the organization. For example, you don’t need to have a procedure on how you identify and evaluate the OH&S hazards (this can be done by an authorized external organization), but you must have that evaluation documented, as well as the list of workplaces with significant OH&S risks, and this is a legal requirement in most countries.

More processes of an OHSMS that are very commonly documented include:

  • How the documents and records of the OHSMS are controlled
  • How the activities related to significant OH&S hazards are carried out
  • Emergency plans and how they will be executed should an identified emergency occur
  • How nonconformity, corrective action, and preventive action are carried out
  • How an internal audit is conducted
  • How a management review is performed

Voluminous doesn’t mean effective

By documenting only the procedures that you will need for your OHSMS to properly function and improve, you can avoid the trap of having a lot of wordy documents that are difficult to read and maintain. In this standard, more than any other, it is crucial that users of the documents really read and follow procedures and instructions, because sometimes it can be a thin line between an ordinary day at work and a crippling accident. If your procedures contain the information that is needed, without a lot of extra information that is not used, you will also increase the chances that your documentation will remain relevant and be used by the employees who need to know what is written. In this way you can keep your OHSMS implementation lean, useful, and relevant, and – most importantly – your employees safe.

For more information on what documentation is mandatory in the environmental management system, see this free whitepaper:  Checklist of ISO 45001 Mandatory Documents.

Advisera Strahinja Stojanovic
Author
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.