199 East Badger Road, Suite 200, Madison, WI 53713
Call Us Today: 608-260-7468


22 Jun
Q&A: The New ISO 45001 Standard

What is ISO 45001?

ISO 45001 is a new international standard created by the International Organization for Standardization (ISO) that specifies requirements for an occupational, health & safety management system (OHSMS). It provides a framework for managing the prevention of death, work-related injury, and work illnesses. The ultimate goal of the standard is to help organizations proactively improve OHS performance and create a safe and healthy workplace.

Note that ISO 45001 provides guidance. It does not state specific criteria for OHS performance, nor is it prescriptive about the OHSMS design. It is a management tool for voluntary use by organizations to minimize OHS risks.

Why Is ISO 45001 necessary?

There are several reasons why the creation of an international standard to manage OHS performance is necessary:

  • First and foremost, organizations are responsible for minimizing the risk of harm to all individuals that may be impacted by their activities. The standard aims to protect human lives by encouraging organizations to create a safer, healthier workplace.
  • According to the International Labour Organization (ILO), there were 2.34 million deaths worldwide in 2013 as a result of worker activities. The greatest majority (2 million) are associated with health issues, as opposed to injuries. The economic burden associated with this number of occupational injuries and illnesses is significant. Organizations must manage all their risks—including OHS—to survive. Poor OHS management can result in loss of key employees, business interruption, claims, higher insurance premiums, regulatory action, reputational damage, loss of investors, and loss of business.
  • Finally, increased globalization creates new OHS challenges. ISO 45001 is an international standard that promotes global conformity.

What are the key aspects of ISO 45001?

Many of the elements of ISO 45001 are the same or similar to those found in OSHAS 18001. However, there are additions and changes in ISO 45001 that differentiate the new standard.ISO 45001 Hierarchy of Controls

ISO 45001 establishes new roles for the organization’s people. First, it emphasizes worker participation in the OHSMS. This includes ensuring that workers are competent and have the appropriate skills to safely perform their tasks. Second, the role of top management is different than in OHSAS 18001. Of note, a designated Management Representative is no longer required; however, those individuals in management roles are expected to take ownership and demonstrate a commitment to OHS through leadership. Top management must demonstrate direct involvement and engagement with the OHSMS by:

  • Ensuring the organization’s OHS policy and objectives are compatible with the overall strategic direction of the organization
  • Integrating OHSMS processes and requirements into business processes
  • Developing and promoting an OHS culture that supports the OHSMS
  • Being accountable for the OHSMS’s effectiveness

In addition to people, ISO 45001 follows a risk-based approach that advocates prevention. This requires identifying activities that could harm those working on behalf of the organization. A large part of this involves understanding the “context” of the organization, another new element of ISO 45001. Organizations must be able to identify all external and internal factors that have the potential to impact OHS management objectives and results.

To address risks and opportunities, there are new clauses related to hazard identification, as well. As with other sections of the standard, hazard identification becomes a process rather than a procedure and, importantly, considers all individuals near the workplace who may be impacted by the organization’s activities. ISO 45001 further outlines a more defined hierarchy for organizations to determine appropriate controls.

How does ISO 45001 fit in with other ISO standards and management system approaches?

ISO 45001 follows the same high-level management system approach being applied to other ISO management system standards (e.g., ISO 14001 and ISO 9001)—Annex SL. Because of this, the ISO 45001 requirements should be consistent with the other standards to allow for relatively easy alignment and integration into the organization’s overall management processes.

In addition, ISO 45001 takes into account other OHS standards, including OHSAS 18001, ILO-OSH Guidelines, various national standards, and the ILO’s international labor standards and conventions.

What is Annex SL?

As mentioned above, Annex SL is the structure for all new and revised ISO standards. It defines the framework for a generic management system—and is then customized for each discipline. This standard structure allows for easier integration between management systems and improved efficiencies. The major clauses for all ISO management system standards are identical under Annex SL and fall into the Play-Do-Check-Act (PDCA) cycle. Organizations who have already implemented ISO 9001:2015 or ISO 14001:2015 will be familiar with the Annex SL structure.

The table below outlines the main clauses in Annex SL, as well as the OHSMS-specific clauses. Highlighted areas indicate those sections that are significant changes/additions to the existing OHSAS 18001 standard.ISO 45001 Table

What does this mean for OHSAS 18001?

As outlined in the table above, ISO 45001 does not conflict with OHSAS 18001. In fact, it expands and enhances the existing standard to improve integration of the OHSMS into the overall business. Once it is finalized, ISO 45001 is intended to replace OHSAS 18001. Much like other management system standards, current users of OHSAS 18001 will need to update their systems according to the requirements of the new standard within a three-year transition period.

When will it be finalized?

The current expected publication date is February 2018. Drafts will be available through local ISO members once they reach the public inquiry (DIS) stage and Final Draft (FDIS) stage.

Once it’s published, who should use ISO 45001?

The short answer is everyone. ISO 45001 is designed to be a flexible management system that can be implemented by any organization, no matter the size, type, or industry. As long as the organization has people who may be affected by its activities, an OHSMS has value in ensuring worker health and safety and fulfilling legal requirements.

Why should I do this? Why are management systems like ISO 45001 beneficial?

A management system is an organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value. There are a number of reasons to implement a management system (see this article: https://kestrelmanagement.com/business-benefits-mgmt-sys/).

What do I do next?

  • Get informed! Start reading up on ISO 45001. While the final standard may not yet be published, current versions can provide a good indication of what is to come.
  • Identify gaps in your existing OHSMS that will need to be addressed to meet any new requirements. If you don’t have an existing OHSMS, review the requirements and determine what pieces you may already have in place.
  • Develop an implementation plan. There is a three-year transition period once the new ISO 45001 standard is published (anticipated February 2018). Plan according to this timeline.
  • Provide training. It is vital to ensure that workers and management are engaged in the OHSMS and that they are competent in any new skills/responsibilities that may be required.
  • Put your plan into action. Update/develop your OHSMS to meet the ISO 45001 requirements and provide verification of its effectiveness to ensure certification.
01 Jun
Don’t Miss Kestrel at the EHS Seminar in Galveston

Join Kestrel at the 30th annual EHS Seminar next week to hear A.W. Armstrong present on Using a Data-Driven Method of Accident Analysis: A Case Study of the Human Performance Reliability (HPR) Process.

EHS Seminar
June 5-8, 2017
Moody Gardens Convention Center
Galveston, Texas
Kestrel Presentation: Thursday, June 8 at 8:30 a.m.
Kestrel Booth: #611

The Role of Human Error in Occupational Incidents

The concept of human error and its contribution to accidents and incidents have received considerable research attention in recent years. When an accident/incident occurs, investigation and analysis of the human error that led to the incident often reveals vulnerabilities in an organization’s management system.

This recent emphasis on human error has resulted in an expansion of knowledge related to human error and the most common factors contributing to incidents. Kestrel’s Human Performance Reliability (HPR) process helps to classify human error—with the additional step of associating the control(s) that failed to prevent the incident from occurring. This process allows organizations to identify how and where to focus resources to drive safety performance improvements.

In this presentation, A.W. describes Kestrel’s method for identifying the most frequent human errors and most problematic controls and presents a case study wherein HPR was applied to a large petroleum refining company.

Catch Up with Kestrel

In addition to the presentation on June 8, Kestrel’s experts will also be available in the exhibit hall (booth #611) to discuss HPR, as well as our holistic approach to the management of process safety.

We welcome the opportunity to meet with you, learn more about your needs, and discuss how Kestrel helps our clients:

  • Improve occupational and process safety performance
  • Manage EHS and quality risks
  • Achieve regulatory compliance assurance

See you at booth #611 in Galveston!

04 Apr
OSHA Releases Three New PSM Publications

OSHA has released three new guidance documents to help employers comply with the agency’s Process Safety Management (PSM) standard. PSM is critically important to facilities that store highly hazardous chemicals. Implementing the required safety programs helps prevent fires, explosions, large chemical spills, toxic gas releases, runaway chemical reactions, and other major incidents. The new documents focus on PSM compliance for Small BusinessesStorage Facilities and Explosives and Pyrotechnics Manufacturing.

01 Dec
Final Rule: Walking-Working Surfaces

OSHA has issued a final rule updating its general industry Walking-Working Surfaces standard to protect workers from slip, trip, and fall hazards. The rule also increases consistency in safety and health standards for people working in both general and construction industries.

The final rule’s most significant update is allowing employers to select the fall protection system that works best for them, choosing from a range of accepted options including personal fall protection systems.

OSHA estimates the final rule will prevent more than 5,800 injuries a year. The rule takes effect Jan. 17, 2017.

Read the full press release.

16 Feb
Managing Human Error to Improve Safety Culture

The concept of human error and its contribution to occupational accidents and incidents have received considerable research attention in recent years. As mechanical systems become safer and more reliable, human error is more frequently being identified as the root cause of or a contributing factor to an incident (Health and Safety Executive, 1999). In order to effectively manage human error, companies must understand not only human error but also the factors contributing to it.

Kestrel has found that a multi-pronged improvement plan can help companies reduce the risks associated with employee and contractor behavior and, as a result, improve the safety performance of the organization. The three primary components of this approach include the following:

  1. Incident investigation and analysis – adapted from the Human Factors Analysis and Classification System (HFACS)
  2. Human Reliability Analysis (HRA) – based on the Cognitive Reliability and Error Analysis Method (CREAM)
  3. Comprehensive safety culture assessment and improvement initiative

Incident Investigation

Incident investigation and analysis is based on the premise that employee and contractor performance is a significant source of risk within any organization. The majority of accidents and other unintended events are, at least in part, the result of human error. Companies manage risks associated with employee and contractor behavior through a variety of controls (i.e., policies, standards, procedures) that address employee selection, training, supervision, operating practices, corrective and preventive actions, etc. Accidents occur when there is a failure in one or more of these controls.

The Human Factors Analysis and Classification System (HFACS; Wiegmann & Shappell, 2003) is very helpful for identifying human errors that contribute to a single incident and for helping to guide the appropriate corrective action. However, it doesn’t help companies identify the controls (e.g., engineered, administrative, PPE) that are most often failing to prevent incidents. Additionally, it is not designed for the aggregation of multiple incident analyses for the purposes of analyzing trends, similarities, and the statistical significance of the results.

So while the HFACS framework can be used to identify and classify human error(s) that contributed to the incident in question, the next steps are to 1.) identify and document the control(s) that failed to prevent each human error and 2.) describe the unique circumstances of the incident that were classified into that HFACS category. When aggregated, an incident analysis results in:

  • A list of the most frequently occurring human factors, which are ranked according to their statistical significance
  • Identification of the controls that are most frequently identified as failing to prevent the incidents in question
  • A list of the specific circumstances associated with each error identification, to look for commonalities when planning systemic, rather than local, corrective action

This provides the company with the ability to identify where to focus corrective resources and how to best deploy those resources.

Human Reliability Analysis (HRA) and CREAM

There may be times when it is still difficult to create action plans to address the problematic controls; subsequently, a deeper analysis of the control is necessary in order to improve it. When this happens, Human Reliability Analysis (HRA) methods, specifically CREAM, help to further analyze the control.

HRA methods provide a detailed analysis of the potential for human error within a given process by observing the process step-by-step and evaluating the type(s) and the likelihood of error(s) that could occur at each step. The CREAM methodology, developed by Erik Hollnagel, focuses on the importance of cognition when attempting to identify, evaluate, and interpret potential human error.

Specifically, the CREAM method provides a framework for:

  1. Identifying the potential for human error in a process
  2. Describing the likelihood and nature of that error
  3. Evaluating if the potential for error requires action or if the existing risk is at an acceptable level

When the analysis is complete, it becomes possible to discuss viable options for deploying corrective action to improve the process (if necessary). These corrective actions can focus on the person, the operating environment, and/or the equipment involved in the process.

Safety Culture

Effective incident investigation and analysis and HRA function most effectively when a company exhibits an excellent safety culture. As discussed in a previous Kestrel article, a strong safety culture has a number of characteristics in common. Kestrel’s research into the topic of safety culture has identified two traits that are particularly important to an effective safety culture: leadership and employee engagement. Best-in-class safety cultures have robust systems in place to ensure that each of these traits, among others, is mature, well-functioning, and fully ingrained into the standard practices of the organization.

Assessing safety culture can be done by administering a safety culture survey, conducting interviews of key leadership and safety personnel, and leading focus groups with front-line employees and supervisors. The mix of quantitative data (survey) and qualitative information (interviews and focus groups) provides data that can then be statistically analyzed, as well as a rich context for the results of the statistical analysis.

Performing a safety culture survey also provides an “as-is” benchmark for comparing future survey results to determine if improvement efforts have been effective and have fully permeated into all levels and units across the organization.

Realizing the Richest Benefit

While the individual components discussed above can be very helpful to a company, deploying them in tandem provides the richest and most comprehensive benefit to company safety performance.HPR Cycle

That is because the three components are inherently complementary. Each improves the effectiveness of the others. For example, safety culture improvements, specifically, improvements in mutual trust and respect between levels of the organization, lead to better incident investigation data. This is because employees feel free to provide honest and complete narratives of the incident since they know they will not be unfairly disciplined for what happened. As a result, incident investigation and analysis is better able to identify the human errors and, most importantly, the controls that are most often involved in incidents.

All of this then allows the company to identify the processes and procedures that may be appropriate candidates for HRA. Subsequently, corrective actions that result from both incident investigation/analysis and HRA demonstrate to employees that management is committed to continuous safety improvement, which further improves safety culture.