August 21, 2017 - Kestrel Food Safety
On August 14, the U.S. Food and Drug Administration issued guidance to clarify that a waiver to the Food Safety Modernization Act (FSMA) Sanitary Transportation of Human and Animal Food final rule (Sanitary Transportation rule) covers retail food establishments that sell food for humans, including those that sell both human and animal food, but does not apply to establishments that only sell food for animals.
Submitted by: Bill Bremer
August 15, 2017 - Kestrel Management
In recent years, companies have been generating vast and ever-increasing amounts of data associated with business operations. This trend has led to renewed interest in predictive analytics, a field which focuses on analyzing large data sets to identify patterns and predict outcomes to help guide decision-making. While many leading companies use predictive analytics to identify marketing and sales opportunities, similar data analysis strategies are less common in occupational and process safety. Although the use of predictive analytics is less common in the field of safety, the potential benefits of analyzing safety data are considerable.
Just as companies are currently using customer data to predict customer behavior, safety and incident data can be used to predict when and where incidents are likely to occur. Appropriate data analysis strategies can also identify the key factors that contribute to incident risk, thereby allowing companies to proactively address those factors to avoid future incidents.
Predictive Analytics: In Theory
Let’s take a step back and look at what predictive analytics is and what it does. Predictive analytics is a broad field encompassing aspects of various disciplines, including machine learning, artificial intelligence, statistics, and data mining. Predictive analytics uncovers patterns and trends in large data sets for the purpose of predicting outcomes before they occur. One branch of predictive analytics, classification algorithms, could be particularly beneficial to industry, especially when it comes to avoiding incidents.
Classification algorithms can be categorized as supervised machine learning. With supervised learning, the user has a set of data that includes predictive variable measurements that can be tied to known outcomes. The algorithms identify the relationships between various factors and those outcomes to create predictive rules (i.e., a model). Once created, the model can be given a dataset with predictive variable measurements and unknown outcomes, and will then predict the outcome based on the model rules.
Predictive Analytics: In Practice
Like many in the transportation industry, this railroad had experienced a number of derailments caused by broken rails. Broken rail derailments can have particularly severe consequences, since they typically occur on mainline tracks, at full speed, and with no warning of the impending broken rail. Kestrel was asked to create a predictive model of track-caused derailments on a mile-by-mile basis to identify areas of high broken rail risk so the railroad could target those areas for maintenance, increased inspections, and capital improvement projects.
Penalized Likelihood Logistic Regression
As described above, classification models learn predictive rules in an original data set that includes known outcomes, then apply the learned rules to a new data set to predict outcomes and probabilities. In this case study, Kestrel used a logistic regression modified by Firth’s penalized likelihood method to:
- Fit the model
- Identify eleven significant predictive variables (based largely on past incidents)
- Calculate broken rail probabilities for each mile of mainline track based on track characteristics
The final model calculates a predicted probability of a broken rail occurring on each mile of track over a two-year period. The results suggest that the final model effectively predicted broken rail risk, with 33% of broken rails occurring on the riskiest 5% of track miles and 70% occurring on the riskiest 20%. Further, the model shows that the greatest risk reduction for the investment may be obtained by focusing on the 2.5% of track miles with the highest probability of a broken rail. This ability to predict where broken rails are likely to occur will allow the company to more effectively manage broken rail derailment risk through targeted track inspections, maintenance, and capital improvement programs.
Implications for Other Industries
The same general approach described in the above case study can also be applied to other industries—using KPIs to determine predictive variables and incidents as the outcome. The process is as follows:
- Measurements for defined variables would be taken regularly at each facility or unit. Precision increases as the measurements become more frequent and the observed area (facility/unit) becomes smaller.
- Once a sufficient number of measurements has been taken, they would then be combined with incident data to provide both the predictive variable measurements and the outcome data needed for training a model. This data set would be fed into a logistic regression or other classification algorithm to create a model.
- Once the model has been created, it can be applied to new measurements to predict the probability of an incident occurring at that location during the applicable timeframe.
Once predicted incident probabilities have been found, management would be able to focus improvement resources on those locations that have the highest probabilities of experiencing an incident. The classification algorithms also identify which factors have predictive validity, so management will know how improving those factors will affect the predicted probability of incidents occurring. In other words, they will know which factors have the strongest relationship with incidents, and can focus on improving those first.
Industrial companies are generating and recording unprecedented amounts of data associated with operations. Those that strive to be best-in-class need to use that data intelligently to guide future business decision-making.
The versatility of predictive analytics, including the method described in this case study, can be applied to help companies analyze a wide variety of problems. In this way, companies can:
- Explore and investigate past performance
- Gain the insights needed to turn vast amounts of data into relevant and actionable information
- Create statistically valid models to facilitate data-driven decisions
Submitted by: Will Brokaw
August 15, 2017 - Kestrel Food Safety
Designing and implementing a compliant Food Safety Management System (FSMS) can help organizations improve in many areas beyond the system’s defined tasks. It is critical for management to align the food safety objectives with the business needs for a successful and meaningful program implementation. Here are some of the top reasons why companies that work in the food industry may want to pursue developing and implementing an FSMS:
10. Identify and categorize the organization’s food safety risks.
Once this information is known, management can prioritize and decide how to eliminate or reduce business risks and liabilities to acceptable levels. These risks are often better controlled through strict management accounting. As a bonus, employees will become more attuned to thinking about risks and helping management improve overall operations.
9. Develop work instructions and/or procedures to guide employees’ actions and to ensure that each food safety task is completed in a disciplined manner and approved by management.
This will reduce the risk to an organization of an employee accidentally making a food safety mistake that causes the employee or others to be harmed (or worse). It also reduces the company’s risk of government inspections, fines, poor public perception, and loss of business due to a possible recall.
8. Assure management that they, in fact, know and understand the regulatory food safety requirements that must be met daily.
These requirements can be a driver of continual improvement by ensuring that the company has up-to-date procedures and work instructions for employees to follow every day.
7. Develop meaningful goals and objectives that drive food safety performance improvements and possibly reduce additional costs.
Each business will have different goals and these goals will likely change each year. Goals assure continuous improvement in food safety performance for the business over time.
6. Create a strong training and educational program that stems from well-written procedures and work instructions and that clearly defines the company’s requirements.
A well-trained workforce is a motivated and happy workforce. Turnover is reduced, accidents and incidents decrease, and production efficiencies increase. Employees are very aware when an organization takes time to ensure that each job requested is completed in the safest manner possible.
5. Develop appropriate monitoring and measurement practices.
Once all food safety requirements (e.g., FSMA, USDA, GFSI) are known and understood, the organization will be able to gauge food safety performance based on scientific data and regulations, and then guide the organization’s actions in a direction of continuous improvement and compliance.
4. Verify the FSMS is functioning as designed and implemented.
By continuously auditing each food safety program and function, the organization will discover issues of concern and non-conformances prior to an incident or agency/certifying body finding. Routine, non-biased audits allow the company to choose a timeframe that will help improve the situation without undue influence by outsiders.
3. Monitor and trend issues of concern and/or non-conformance and the actions used to rectify them through a fully functioning corrective/preventive action program.
As employees watch management fix problems, they will learn that management is concerned about continuous improvement. This will prompt employees to start making their own improvement suggestions. These suggestions will further drive improvement in areas outside the original FSMS.
2. Evaluate the business model and the FSMS in a holistic fashion.
By using this self-reflection and identifying improvement opportunities, management can direct responsibilities for improvement actions across many departments of the company. Each of these improvement opportunities has the potential to help the bottom line and reduce the possibility of a food safety liability now or in the future.
1. Know that the company has done everything to maintain the business in a manner that meets all food safety rules and regulations.
The last and most important benefit for an organization that goes through the process of designing and implementing a compliant FSMS is knowing that the organization has done everything possible to maintain its business in a manner that meets all food safety laws, regulations, and statutes every day the doors are open for business. To a business owner, that knowledge is priceless. This is how brands are built and how they maintain the promise of food safety to consumers.
Submitted by: Roberto Bellavia
August 15, 2017 - Kestrel Management • Kestrel Food Safety
Kestrel is pleased to be growing our resources to the food industry with the addition of Senior Consultant Melody Ge.
Melody brings a diverse background to the Kestrel team. She started her career in product development, including production and quality control of a vegan “chicken meat” product. She then transitioned to a Compliance Specialist at SQF Institute, where she established and developed the SQFI Compliance Program and maintained the integrity of the SQF certification; and developing the SQF Code.
Immediately prior to joining Kestrel, Melody served in a number of quality management and business development roles at Lidl, an international grocery chain. As the Deputy Quality Assurance Director, she oversaw suppliers, food safety control, and product quality monitoring and management to maintain quality and safety of product routine tasks.
At Kestrel, Melody will be serving as project manager for food safety-related projects. She will be supporting clients in developing and implementing GFSI schemes and supplier approval programs, and sharing her expertise in GFSI, FSMA, FSVP, HACCP, GMP, SQF, IFS, FSSC 22000, and ISO.
Melody holds a Master’s Degree in Food Science from the University of Maryland, College Park, and a Bachelor’s Degree in Food Science and Technology from Shanghai Ocean University, and is fluent in English, Mandarin/Cantonese Chinese, French, and German. She is a member of the Institute of Food Technology (IFT) and holds certificates in HACCP, Extrusion Processing and Technology and Commercialization, and Commercially Sterile Packaged Foods.
Submitted by: Bill Bremer
August 15, 2017 - dynaQ
Companies grasp the importance of using technology to create business efficiencies. Integrating technology into traditional processes allows companies to stretch and empower limited resources. It offers ways to provide more value to company operations and management systems.
When it comes to technology integration, however, companies traditionally look for an isolated solution to a single problem—a find-it, fix-it approach. A simple example of this would be creating an Excel spreadsheet to manage data from multiple sources. While this creates an improvement beyond the traditional hard copy binder, it is a linear, isolated solution to one issue that offers minimal additional business value.
Consider the data on that spreadsheet and consider how business systems work. Does the data stand alone or does it impact other parts of the business? Does the business system operate in a silo or are there common elements with other business systems? In most cases, there is overlap between data, information, systems, platforms, etc. As a result, building a patchwork of technology solutions to address individual problems is only a short-term fix.
Truly valuable technology solutions take a relational approach that considers the immediate issue within the context of the overall business need, and then integrates multiple platforms/systems, as required, into an aligned system.
A forward-thinking, relational technology approach takes a solution perspective that thinks beyond the singular project need to the big picture and then designs backwards. It’s a shift in mindset from “How can I use technology to make this efficient?” to one that asks, “Ultimately, what does the big-picture, desired state look like…and how can technology get us there?”
A relational approach such as this follows these steps:
The following case study provides a real-world example of how a global chemical distributor is following these steps to create a relational technology solution that will improve business efficiencies across the company. Initially, this distributor wanted to pull data from facility reports for 150+ locations into one database—that was the “simple” problem. The old system had facilities entering data into Excel forms. That information was then pulled into Access so the data could be manipulated.
Understanding that the facility data is intertwined with many aspects of the business, Kestrel looked beyond this singular issue at the bigger picture. The forward-thinking solution would be to create a technology platform that would solve this facility data problem and could easily be expanded to other business needs, particularly since facility data is tied to most aspects of the business.
To do this, Kestrel built the facility form into SharePoint as the base application for the company’s overall system. SharePoint houses all data previously input into Excel documents for each facility broken up by 11 regional operating companies with multiple locations under each. The form requires that each facility contact fill out quarterly information on the facility (e.g., permits, fleets, transportation, personnel). Beyond the facility form, the SharePoint system currently has the following modules, which all feed into the facility form:
- Facility images
- Storage tanks
- Facility audits
The SharePoint system is continuing to be expanded to integrate other systems into a single source that will create significant business efficiencies. This approach is creating many benefits across the company:
- Data collection is easier and more accurate. There are no longer multiple, conflicting sources of facility information or requirements for multiple entry.
- The company is able to collect multiple levels of data and then associate that data to the individual facility or provide a composite report (i.e., data required for storage tanks, sustainability efforts, audits conducted).
- The look and feel of the forms in SharePoint are very similar to the original Excel documents, so it is an easy transition and very intuitive system to use. Little training has been required.
- The company can easily track information on all facilities. Management can export data to Excel and create reports. The company has complete ownership of data and deliverables.
- The system can create alerts for overdue items and generate real-time metrics and dashboards. Many additional options can be further customized based on ongoing business needs.
- Additional data from other systems being used across the company (e.g., auditing program) can be integrated and aligned into SharePoint as users become more familiar with the platform.
SharePoint is a dynamic solution tool that can be customized and designed to capture data and provide consolidated reporting to all levels of management. Because of SharePoint’s flexibility, the possibilities of what it can do are virtually endless:
- Creates a single, familiar platform that simplifies access
- Provides functionality for continual adaptation to meet future data management and reporting needs
- Adapts to the needs of the business, rather than the business adapting to the capabilities of the program
- Maximizes efficiency and connectivity between many field and corporate groups
- Allows information to be shared and tracked in multiple ways
- Allows users to easily create complex databases that are both manageable and flexible
- Gives the ability to manage sites/facilities/plants/departments for compliance purposes
- Simplifies the data entry process by providing user-friendly functionality
- Consolidates reporting
- Provides a dynamic solution – updates made to the tool are reflected immediately
- Allows local users to control and build sites to their specifications
- Allows all levels of users to work with it easily due to its intuitive nature
By having so many features and applications on a single platform, it is easy to tie them all together into an aligned system and to create multiple functions/uses for the data being collected from so many sources. With an aligned system, then, achieving the big-picture, desired state (rather than the short-term fix) becomes entirely possible.
August 7, 2017 - Kestrel Food Safety
Kestrel invites you to join us for an upcoming free webinar that we will be presenting in advance of this year’s Process Expo to help you gain a full understanding of the fundamentals of HACCP.
The FDA and leaders across the food safety industry (academics, certifying body leaders, GFSI leaders) fully agree that HACCP hazardous analysis is necessary for establishing FSMA Food Safety Plan preventive controls. This webinar will prepare attendees to meet this requirement by discussing the fundamentals of HACCP and hazardous analysis leading to FSMA.
Kestrel’s Roberto Bellavia will help attendees gain an understanding of the following:
- Requirements for hazard analysis
- Preventive controls required for Qualified Individuals
- FSMA requirements impacting individual responsibilities and companies
This webinar provides an introduction to the 2-day HACCP Certification Training that is being offered at Process Expo September 20-21. Hope to “see” you there!
Submitted by: Bill Bremer
June 28, 2017 - Kestrel Management
To celebrate the one-year anniversary of the Frank R. Lautenberg Chemical Safety for the 21st Century Act, EPA Administrator Scott Pruitt announced on June 22, 2017 that the Agency has met its first-year statutory responsibilities under the law. This includes the following actions:
- Issuing a rule to establish EPA’s process and criteria for identifying high-priority chemicals for risk evaluation and low-priority chemicals not requiring risk evaluation. http://www.epa.gov/assessing-and-managing-chemicals-under-tsca/prioritizing-existing-chemicals-risk-evaluation
- Issuing a rule to establish EPA’s process for evaluating high-priority chemicals to determine whether they present an unreasonable risk to health or the environment. https://www.epa.gov/assessing-and-managing-chemicals-under-tsca/risk-evaluations-chemicals-under-tsca
- Issuing a rule to require industry reporting of chemicals manufactured or processed in the U.S. over the past 10 years. https://www.epa.gov/tsca-inventory/tsca-inventory-notification-active-inactive-rule
- Releasing scope documents for the initial ten chemicals for risk evaluation under the amended law. https://www.epa.gov/assessing-and-managing-chemicals-under-tsca/risk-evaluations-chemicals-under-tsca#ten
- Releasing guidance for external parties interested in submitting draft risk evaluations to the EPA for consideration. https://www.epa.gov/assessing-and-managing-chemicals-under-tsca/guidance-assist-interested-persons-developing-and
Submitted by: Liz Hillgren
June 22, 2017 - Kestrel Food Safety
How has your company interpreted and implemented the requirements of the Foreign Supplier Verification Program (FSVP)?
This year (2017), most U.S. companies that source food from foreign sources will be obligated to adopt and follow the Food Safety Modernization Act (FSMA) Foreign Supplier Verification Program (FSVP) requirements. Under the FSVP, these new imperatives require companies to assess their foreign supply chain of food product and implement new programs to meet and achieve compliance. These programs must be implemented and ready for inspection under FDA FSMA enforcement by the compliance date. For many companies, that date was May 30, 2017.
Effective May 30, 2017, impacted companies are expected to follow the FSMA FSVP legal requirements or face a disruption in supply, business impacts, possible fines, and penalties. In short, this requires that companies ensure that receipt of foreign food includes the necessary information to be adequately inspected and verified.
Key areas to demonstrate FSVP compliance include the following:
- Determine the receipt information under FSVP to verify approval of each shipment of each product by lot identity.
- Confirm the existing information that may already be required for each shipment, including COA by product lot and FDA registration number (with expiration date).
- Document the actual site of manufacture of the foreign supplied product, including the location, contact information, operator, and Qualified Individual overseeing the Food Safety Plan.
- Require declarations with each shipment stating that the supplier is in good standing with FDA and their foreign government’s food safety regulations. Provide a list of all programs under FSMA (Food Safety Plan and Section 17 cGMPs) with each shipment under an authorized signature.
- Include any additional information that is required under the FSVP that adequately confirms compliance to the company’s program, product requirements, and FSMA.
- Establish and maintain receipt records on all information that can be accessed and inspected at the request of inspection authorities for at least two years.
At first glance, the FSVP requirements seem basic—foreign supplied food product is approved by meeting the FDA requirements and the requirements of U.S. companies receiving these products. It looks to be the same as existing supplier qualifications for U.S.-supplied food product.
However, the FSVP rule provides much information on “what” is required of companies but not “how” or how to validate and verify these programs. Many FSMA training programs, including the FDA-funded FSPCA, really do not provide a level of guidance for companies to develop and meet the anticipated inspection process, which could include shipments stopped at a foreign port or at the U.S. port of entry. Concurrently, established importers have programs to communicate import shipments based on the requirements prior to FSMA and the FSVP, but many have expressed confusion in determining the changes now required.
Leading up to the May 30th compliance date, many companies of all sizes and scale began to seek ways to best establish their programs to meet the full regulatory requirement. Much of the focus has been on establishing practices that informally address what is really required under the FSVP, while making a casual determination of compliance. Other companies have developed programs consistent with the procedural requirements of the FSVP rule, as published.
Some companies have taken the requirements to an extreme by determining new supplier requisite information for each shipment to prove compliance. This has resulted in generating a significant amount of information for each shipment by each product. This level of information is not what FSMA intended. Much of the required information for FSVP is already in the established supplier qualification program and must be maintained but is not required in its entirety with each shipment. In fact, there are issues with the approach of requiring all information with each foreign supply shipment, including:
- Sheer volume of information
- Time required to assemble the information
- Inability of inspectors to assess all the information for compliance
All of this leads to the confusing situation that exists in the market today concerning the FSMA FSVP, where compliant practices have not been developed and newly established requirements have not been tested by enforcement. As a result, reports indicate that many foreign suppliers of varying company size, scale and sophistication are not openly willing to respond without clear, simple instructions from their U.S customers.
Establishing Reasonable Plans
Ultimately, many of the FSVP practice requirements will be developed and refined through the regulatory inspection actions of the rule. That being said, industry cannot wait. Companies need to have reasonable plans established for all current shipments being made under the FSVP.
Companies should focus on the more fundamental aspects of the FSVP—those requirements that must be verified, recorded, and evident in the documents supporting all foreign shipments of food product under the rule. This information does not need to include the entire policy manual but select summary information.
An important consideration involves understanding how this law is expected to be inspected. Knowing this provides a basis to develop and implement an effective program. The premise is that the foreign shipments may not be stopped for inspection at the border level, but that inspections will more commonly occur at the receiving party location of the product shipment at delivery to their U.S. locations. Regulators will expect to inspect verified, recorded, and legal receipt of foreign supplied food product.
Areas to focus on to ensure compliance with the FSVP requirements include the following:
Receipt of RSVP Products. Focus on verification of the necessary information for receipt of FSVP products based on the law and the company’s defined program. This does not mean all program information but information that adequately meets the level required for compliance.
Shipment Information for Receiving Records. Establish lists of shipment information for all shipments, which includes all products being received under FSVP, as summary forms with current and validated information. Summary information that can be effectively inspected as part of and aligned with the shipping paperwork will provide the necessary information as part of an FSVP receiving record.
Compliance Actions. Establish procedures and work instructions to ensure that compliant practices are approved, verified, and meet the minimum requirements. This will include modifying some existing documents and forms that are specifically required under the FSVP. This level of approved summary information must reflect the documented policies and procedures developed in the company’s FSMA Food Safety Plan and FSVP.
Internal Programs. Maintain internal programs, with oversight verification conducted diligently. All required information must be accounted for and records must be completed and maintained with a high level of accuracy and integrity. Verification must include oversight and multi-level signed approval.
Submitted by: Bill Bremer
June 22, 2017 - Kestrel Management
What is ISO 45001?
ISO 45001 is a new international standard created by the International Organization for Standardization (ISO) that specifies requirements for an occupational, health & safety management system (OHSMS). It provides a framework for managing the prevention of death, work-related injury, and work illnesses. The ultimate goal of the standard is to help organizations proactively improve OHS performance and create a safe and healthy workplace.
Note that ISO 45001 provides guidance. It does not state specific criteria for OHS performance, nor is it prescriptive about the OHSMS design. It is a management tool for voluntary use by organizations to minimize OHS risks.
Why Is ISO 45001 necessary?
There are several reasons why the creation of an international standard to manage OHS performance is necessary:
- First and foremost, organizations are responsible for minimizing the risk of harm to all individuals that may be impacted by their activities. The standard aims to protect human lives by encouraging organizations to create a safer, healthier workplace.
- According to the International Labour Organization (ILO), there were 2.34 million deaths worldwide in 2013 as a result of worker activities. The greatest majority (2 million) are associated with health issues, as opposed to injuries. The economic burden associated with this number of occupational injuries and illnesses is significant. Organizations must manage all their risks—including OHS—to survive. Poor OHS management can result in loss of key employees, business interruption, claims, higher insurance premiums, regulatory action, reputational damage, loss of investors, and loss of business.
- Finally, increased globalization creates new OHS challenges. ISO 45001 is an international standard that promotes global conformity.
What are the key aspects of ISO 45001?
Many of the elements of ISO 45001 are the same or similar to those found in OSHAS 18001. However, there are additions and changes in ISO 45001 that differentiate the new standard.
ISO 45001 establishes new roles for the organization’s people. First, it emphasizes worker participation in the OHSMS. This includes ensuring that workers are competent and have the appropriate skills to safely perform their tasks. Second, the role of top management is different than in OHSAS 18001. Of note, a designated Management Representative is no longer required; however, those individuals in management roles are expected to take ownership and demonstrate commitment to OHS through leadership. Top management must demonstrate direct involvement and engagement with the OHSMS by:
- Ensuring the organization’s OHS policy and objectives are compatible with the overall strategic direction of the organization
- Integrating OHSMS processes and requirements into business processes
- Developing and promoting an OHS culture that supports the OHSMS
- Being accountable for the OHSMS’s effectiveness
In addition to people, ISO 45001 follows a risk-based approach that advocates prevention. This requires identifying activities that could harm those working on behalf of the organization. A large part of this involves understanding the “context” of the organization, another new element of ISO 45001. Organizations must be able to identify all external and internal factors that have the potential to impact OHS management objectives and results.
To address risks and opportunities, there are new clauses related to hazard identification, as well. As with other sections of the standard, hazard identification becomes a process rather than a procedure and, importantly, considers all individuals near the workplace who may be impacted by the organization’s activities. ISO 45001 further outlines a more defined hierarchy for organizations to determine appropriate controls.
How does ISO 45001 fit in with other ISO standards and management system approaches?
ISO 45001 follows the same high-level management system approach being applied to other ISO management system standards (e.g., ISO 14001 and ISO 9001)—Annex SL. Because of this, the ISO 45001 requirements should be consistent with the other standards to allow for relatively easy alignment and integration into the organization’s overall management processes.
In addition, ISO 45001 takes into account other OHS standards, including OHSAS 18001, ILO-OSH Guidelines, various national standards, and the ILO’s international labour standards and conventions.
What is Annex SL?
As mentioned above, Annex SL is the structure for all new and revised ISO standards. It defines the framework for a generic management system—and is then customized for each discipline. This standard structure allows for easier integration between management systems and improved efficiencies. The major clauses for all ISO management system standards are identical under Annex SL and fall into the Play-Do-Check-Act (PDCA) cycle. Organizations who have already implemented ISO 9001:2015 or ISO 14001:2015 will be familiar with the Annex SL structure.
The table below outlines the main clauses in Annex SL, as well as the OHSMS-specific clauses. Highlighted areas indicate those sections that are significant changes/additions to the existing OHSAS 18001 standard.
What does this mean for OHSAS 18001?
As outlined in the table above, ISO 45001 does not conflict with OHSAS 18001. In fact, it expands and enhances the existing standard to improve integration of the OHSMS into the overall business. Once it is finalized, ISO 45001 is intended to replace OHSAS 18001. Much like other management system standards, current users of OHSAS 18001 will need to update their systems according to the requirements of the new standard within a three-year transition period.
When will it be finalized?
The current expected publication date is February 2018. Drafts will be available through local ISO members once they reach the public enquiry (DIS) stage and Final Draft (FDIS) stage.
Once it’s published, who should use ISO 45001?
The short answer is everyone. ISO 45001 is designed to be a flexible management system that can be implemented by any organization, no matter the size, type, or industry. As long as the organization has people who may be affected by its activities, an OHSMS has value in ensuring worker health and safety and fulfilling legal requirements.
Why should I do this? Why are management systems like ISO 45001 beneficial?
A management system is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value. There are a number of reasons to implement a management system (see this article: http://kestrelmanagement.com/business-benefits-mgmt-sys/).
What do I do next?
- Get informed! Start reading up on ISO 45001. While the final standard may not yet be published, current versions can provide a good indication of what is to come.
- Identify gaps in your existing OHSMS that will need to be addressed to meet any new requirements. If you don’t have an existing OHSMS, review the requirements and determine what pieces you may already have in place.
- Develop an implementation plan. There is a three-year transition period once the new ISO 45001 standard is published (anticipated February 2018). Plan according to this timeline.
- Provide training. It is vital to ensure that workers and management are engaged in the OHSMS and that they are competent in any new skills/responsibilities that may be required.
- Put your plan into action. Update/develop your OHSMS to meet the ISO 45001 requirements and provide verification of its effectiveness to ensure certification.
June 22, 2017 - Kestrel Management
This is the fifth in a series of five articles on developing and maintaining a world-class compliance assurance program.
A well-designed and well-executed compliance assurance program provides an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice on a daily basis.
The following can show evidence of a living, breathing program:
- Comprehensiveness of the program
- Dedicated staff and resources
- Employee knowledge and engagement
- Management commitment and employee perception
- Internal operational inspections, “walk-abouts” by management
- Independent insider, plus third-party audits
- Program tailoring to greatest risks
- Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
- Tracking of timely and adequate corrective/preventive action completion
- Progress and performance monitoring
To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:
Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).
Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.
Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and then expectations set for operating managers to take responsibility for compliance.
Take action on issues and problems. Capture, log, and categorize noncompliance issues, process nonconformances, and near misses. Implement a corrective/preventive action process based on importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.
Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.
Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.
Maintaining Ongoing World-Class Compliance Assurance Program
The compliance assurance program must be a living, breathing program. As risks change, the program must be refreshed, refined, and redeployed. A Management System framework can help ensure operational sustainability. A Management System drives the auditing process and helps companies say what they will do, do what they say and, importantly, verify it.
Together, there is real value at the intersection of a compliance assurance program and Management Systems. Management Systems define the internal controls that are in place to reduce risks, prevent losses, and sustain and improve performance over time through the Plan-Do-Check-Act (PDCA) cycle of continual improvement.
Testing and Monitoring
Testing, monitoring, and measuring are crucial elements of this cycle. Without them, it is difficult to understand what is working and what needs improvement. Robust testing and monitoring programs can serve as early warning systems for identifying potential compliance risks before they become enforcement issues.
Compliance should be tested and monitored throughout each level of the organization. A strong testing program will evaluate the results of the compliance risk assessment and assign compliance risks to the business units and processes where they are most likely to occur, creating clear lines of responsibility and accountability. Key risks and the related controls should be tested periodically using statistically valid sampling methodologies, and monitoring activities should be performed on an ongoing basis. Doing so produces trend data that provides the rationale needed for making changes to underlying business processes, as well as emerging risks.
Ongoing compliance excellence relies on top management, operations managers, EHS personnel, and individual employees throughout the organization working together to build and sustain an organizational culture that places compliance on par with business performance. Senior management must focus on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. While it may be impossible to eliminate all risk exposure, a solid risk framework, assessment methodology, and compliance assurance program can help to prioritize risks for active management, sustained compliance, and positive business impacts.
Read the other articles in this series:
- Part 1: Enterprise and Compliance Risk Management
- Part 2: Management Systems and their Importance to Compliance Assurance
- Part 3: Compliance Risks and Compliance Program Assessment
- Part 4: Audit Program Best Practices
Submitted by: Tom Kunes