ISO 45001:2018: Some Early Observations

The history

This standard has been several years in development, and reaching agreement on content hasn’t been easy, but finally, in March 2018, we have our first OHSMS ISO standard. Previous drafts have all been kicked back for a number of reasons. It has proven difficult, given the very significant variation in the level of national OH&S legislation worldwide, to develop an OHSMS standard that is robust and progressive and yet still attainable for organisations that operate in the developing world.

Some early observations

ISO 45001 replaces OHSAS 18001 as the certifiable management system standard of choice within accredited third party certification processes. OHSAS 18001 registered organisations have three years from now (March 2018) to manage their transition to ISO 45001. I was intrigued to see BSI hailing their first set of ISO 45001 certifications this week, literally TWO DAYS after ISO 45001 was issued. Generally it takes certification bodies a few weeks to develop their own systems to certify to a new standard and also upskill their auditors in the new standard, and gain UKAS accreditation, so it was a bit odd. I assume that over the past few weeks a pilot program has been running. My guess is that those certification bodies not part of the pilot will take some time to have their internal verification processes and competences approved by their Accreditation Body, and won’t be offering accredited certification until the summer.

The ISO 45001 standard itself adopts the Annex SL clause structure around which ISO 9001 and ISO 14001 are already based. That means the PDCA sequenced clause 4-10 framework. As OHSAS 18001 was already PDCA sequenced, this is not a major uplift. There are a few issues that organisations will need to look closely at and, for me, at first sight at least, the most significant relates to Top Management involvement in the OHSMS. There is an interesting and significant addition – Worker Participation.

Communication and consultation has always formed part of OHSAS 18001 so, on the face of it, there’s no big change, but the positioning of the requirement within Section 5, and also the addition of some quite specific elements, make it potentially a bit of a game changer (if the certification bodies choose to apply it as written, obviously, which they may not). It is now the specific responsibility of TOP MANAGEMENT to ENABLE worker participation, and that enabling function specifically includes REMOVING BARRIERS TO PARTICIPATION.

Barriers to Participation?

So what are barriers to participation? Well, there are certain structural matters that might make it difficult for workers to participate. They may work remotely for instance, without regular access to the organisation’s communication systems. They may not have high levels of literacy and they may not speak the same language as the one used by the management system. Issues like this will require special measures and processes to enable effective participation. Then there are more tricky cultural issues. The organisation may have an oppressive blame culture for instance. A worker might not see it as a good idea to raise a concern if the first thing that happens is a spotlight being turned on him or her. Blame cultures are unfortunately common, and personally I see it as a very progressive step that an OHSMS standard has chosen to grasp the nettle. It will be very interesting to see how well this gets enforced. It will be a great shame if it gets watered down or ignored.

A word on our training

At the time of writing (16/03/18) our revised Lead Auditor Course is with the IRCA for review. We are hoping to have it approved and running from mid-April. The transition module will be along a couple of months later.

Posted in ISO 45001, Occupational Health & Safety | Tagged | 2 Comments

Collected Wisdoms

Five things I’ve learned

A few days ago somebody asked me for advice on setting up his new business. You can get the basic advice on the mechanics (getting an accountant, bank account, registering at companies house etc) from anywhere, and I am the last person you’d go to for advice on personal admin – but that’s the easy part. The hard part is knowing what will work and what won’t, what will help and what will be a waste of time, how to keep thinking clearly and so on. So, to that end, I have decided to post a collection of my own personal collected wisdoms that are a product of 20 years trial, error and, in some cases, bitter experience. They are in no particular order.

I do this so you don’t have to.

  1. Don’t sound like a snake oil salesman

Be careful with the copy on your website and in your other comms. Try to avoid corny cliches and vague, general boasts about your expertise. Anybody can say things like “our consultants are seasoned industry experts with unrivaled experience” or whatever. ANYBODY can makes those same tedious boasts. That’s why it’s a waste of space on your website. It just gets tuned out by visitors as white noise. Do you think people going to read it and say “Oh, the website says they have years of expertise, they must be good”?  People can say it even if it isn’t true, AND THEY DO. Try to say things that other people can’t say and qualify them with specific examples. Why do you think I write these blogs?

2. Writing in your own voice

People that have met me often say that when they read my blogs, emails and even my training course notes, they can hear the words coming out of my mouth. I’ve somehow learned to write the way that I speak. It’s a way of writing that is consistent with the way I am in person. There are a couple of advantages in doing this. First, it stops your material reading like you’ve copied and pasted it. Second, people like consistency, people trust consistency. I’m not a natural writer and it took me a while to find a style of writing that I could actually apply in a way that worked. I don’t use a lot of adjectives and my writing isn’t stylish or flashy, I’m just not good enough with vocabulary to do that. I write in short sentences and I NEVER write a word I wouldn’t use in everyday speech.

3. Never underestimate the value in being taught a harsh lesson

You will make mistakes. Sometimes painful, embarrassing and expensive ones. I would never be so patronising as to suggest that whatever doesn’t kill you makes you stronger –  that is patently not true – but there is usually something to salvage from a wreck. Don’t dwell too long on the damage because it’s already done. Try to work out what the lesson is and learn from it. There is usually something you can take away from it.

Fool me once, shame on you, fool me twice, shame on me. Or something like that

4. Do favours freely

There are advantages in being the good guy and it’s a useful reputation to have. Putting some goodwill in the bank is like dealing in the stock market. Some people return the favour, some don’t. Some just don’t get the opportunity to. Don’t use the occasional complete lack of gratitude as a reason to stop doing favours. It is rare to encounter ingratitude, but odd times you get taken advantage of. I just see that as acceptable collateral damage and no reason to stop being kind. Sometimes people will ask a lot of you. Most people will realise when they are asking a lot and will be a bit embarrassed about it, so they’ll only do it as a last resort. Genuine people will tend not to ask then ask and ask again. People that do that are invariably going to take a lot more than they are ever going to give, and don’t care one bit that they are asking a lot of you. So put some limits on your goodwill.

5. You get more work from people you know than from people you don’t

I used to put a lot of time, effort and money into search engine optimisation (SEO). Whilst being high on google rankings is an advantage, it isn’t everything. Remember that customers that use google will usually be relatively uninformed and often price sensitive. There are customers for whom confidence that you can do a good job is more important than price. Think about what you need to do to develop that trust and confidence (see point 1 above).

Happy New Year. If you have any of your own to add, please post them as a comment.

Shaun Sayers

Posted in Uncategorized | 3 Comments

Safety at Christmas

There are greater hazards than mince pies and sherry

It is easy during the festive period to allow our attitudes to Health & Safety to relax, however it is at times like these that we must make a special effort to be more vigilant than ever. Here is a link to a story that I came across on the BBC website that warns us of the health dangers of the “Santa Claus Diet”.

The article, whilst thought provoking from a health perspective, unfortunately overlooks several serious and perhaps more significant process safety weaknesses in Santa Claus’ working arrangements. Whilst there are health risks associated with binge eating and drinking, the fact that Santa has been doing this for several hundred years suggests that any adverse health effects would not necessarily be chronic. It is also unclear whether all mince pies are consumed in one sitting. It is possible, and perhaps more likely, that he collects them and takes them back to the North Pole in a Tupperware container for his elves.

Detailed analysis of his safety arrangements, on the other hand, are less easy to defend.

Working at Height, Confined Space Working and PPE

Santa Claus gains access to properties by a controlled landing on the roof. Whilst his work wear could be considered “hi viz”, the good news ends there. There is no evidence of the use of a hard hat or other appropriate PPE, safety harnasses or scaffolding – an absolute minimum for this type of activity. Furthermore access to the building is often via a “chimney pot” with no apparent application of structured confined space working arrangements, or a site specific fire risk assessment.

The failure to consider the Hierarchy of Controls in risk management demonstrates a flagrant disregard for an effective Safe System of Work. It would seem obvious that both Working at Height and Confined Space Working could be cheaply eliminated by simply parking up safely at ground level and gaining access by a door. Whilst this may not be as quick as landing on the roof and jumping down the chimney, and it may mean that the distribution of presents may need to be spread out over more than one evening or partially sub-contracted, safety must never be compromised in order to speed the job up or save money!

Manual Handling and Young Persons

A couple of years ago, whilst on a Search for Santa break in Lapland, I was able to meet Santa Claus. I took the opportunity to question him on his workplace safety arrangements. I found his attitude to be unhelpful. I noticed a queue of young persons waiting to see him (in fact he repeatedly referred me to the long queue as I attempted to put my questions to him). I accepted his assertion that his status on site was that of a subcontractor, however I was not convinced that he had undergone an appropriate contractor induction, had received manual handling training or that alternative lifting arrangements were in place in the event that a child was too big boned to safely lift using standard manual handling techniques. I could not see any mechanical lifting apparatus anywhere in his vicinity, or any signage indicating a weight limit. His claim that his working methods were safe seemed to be based solely on the fact that he “had been doing it that way for years”.  This demonstrated a very poor understanding of how grandfather rights are applied in law.

In summary I think we need to be very careful when dealing with international gift distribution contractors at this time of year. It is an unregulated industry dominated by a very small number of privately run providers for whom workplace safety appears a very low priority.

Have a safe and legally compliant Christmas

Shaun Sayers

Posted in Uncategorized | Tagged | Leave a comment

Why Understanding Your Internal & External Issues Is Important

Background to the new ISO 9001:2015 Requirement

Rather than repeat myself by going over the requirement at a general level, here’s a link to an earlier post where I have tried to explain the general principles involved.

ISO 9001:2015 – Internal and External Issues

External Issues – A more detailed examination

Why is it important?

I’m drafting a gap analysis at the moment for what you could best describe as a “traditionally structured” QMS. Like many systems of this type, there is no formal structure for identifying internal and external issues, the associated risks and the necessary contingencies and back up plans. In this situation you often get the impression that the management team simply “know” what these things are and “naturally take them into account”. So why the need for anything more formal?

Well, here’s what can happen when you get things wrong …

Monarch Airlines Collapse – where did it go wrong?

It’s perhaps worthwhile taking time to consider the sequence of events and understanding what went wrong for Monarch because this sorry tale outlines quite well why it might be worthwhile trying to adopt a more formal proactive approach to risk management. Does it guarantee everything will be fine? Of course it doesn’t. But what it might do is provide focus as to the size and scale of risks that the company is running (ie, understanding the worst case scenario) and perhaps helping the company understand if there is a Plan B that can be put in place to mitigate the effects, should the worst come to the worst.

In short, the article suggests that Monarch had too many of its eggs in one or two baskets (holiday flights to Turkey and North African destinations) and when demand for flights to this region reduced considerably, it left the company with no place to go.

I know it’s always much easier to analyse failures from the perspective of hindsight, but this state of affairs catches the sentiment quite well.

Posted in ISO 9001:2015, Risk & Assurance | Tagged , , | Leave a comment

ISO 9001:2015 Non-Applicability

Non-applicable clauses and how to treat them

I’m starting to get asked this a lot just now, so maybe it’s time for an article to explain it, and to point people at. Those people going through ISO 9001 transition now, and whose QMS identifies some clause(s) that ISO 9001:2008 calls “exclusions”, will need to revisit the matter.

In many ways the same rules apply, but there are a couple of differences.

Firstly, whereas in ISO 9001:2008, “exclusions” were limited to Section 7 (Product Realisation), ISO 9001:2015, on the face of it, applies no such constraints so, in theory at least, non-applicability (the new name for exclusions) may be identified within ANY of the new auditable requirements of Sections 4-10. In practice, however, you will find that your realistic non-applicable clauses (that is, clauses that certain types of organisations may justifiably explain are not applicable to its operations) will be limited to parts of ISO 9001:2015 sections 7 and (mostly) 8 (which is, to all intents and purposes, the equivalent of the old Section 7).

It is unlikely that any requirements of Sections 4, 5, 6, 9 or 10 could be justifiably cited as not applicable. I’d be amazed if any were accepted under any circumstances.

So what could be cited as not applicable?

There aren’t that many potentially non-applicable clauses. In Section 7 (Support), in practice you are looking at clause 7.1.5 – this relates to monitoring and measurement resources and measurement traceability. This clause deals with the EQUIPMENT that may be used in monitoring and measurement (not monitoring and measurement activity) and includes the old calibration and equipment care requirements. Not all organisations use equipment in their monitoring and measurement activities, and it will be a fairly common non-applicable clause, especially with service providers. Measurement traceability (note NOT Product Identification & Tracebility – this is different and taken care of within Section 8) is not always a requirement, and in fact the wording of the clause in ISO 9001:2015 actually states “where measurement traceability is a requirement …”. Measurement tracebility will normally, if it applies, be required either by legislation or by the customer contract.

In Section 8 (Operation) there are a few potentially non-applicable requirements, because it contains all the old favourites from ISO 9001:2008. Most notably;

  • 8.3 Design and development
  • 8.5.2 Identification & Tracebility (of product)
  • 8.5.4 Preservation
  • 8.5.5 Post delivery activities

In practice pretty much close to 100% of any other non-applicable claims will be drawn from the above and Clause 7.1.5. Note that in days gone by “Customer Property” used to be a reasonably common exclusion under ISO 9001:2008/ISO 9001:2000, however as this clause (ISO 9001:2015 clause 8.5.3) covers intellectual property and data, it is rarely justifiable these days. Most companies hold some customer data that requires protection –  financial/payment/bank data at the very least.

How to record non-applicable clauses

If you deem that a clause or clauses is/are not applicable to your QMS (for example it simply does not contain a design element, or you have no physical output that can be spoiled or damaged and so requires preservation controls), these must be identified and JUSTIFIED in the statement of SCOPE (see clause 4.3) of your QMS. In justifying the non-applicable clause, you are simply explaining (and making it clear) why this does not apply to any of the contents, controls or customer requirements of your QMS.

Hope this helps.

Posted in ISO 9000, ISO 9001:2015 | Tagged , , , , , | 2 Comments