Annex A
(informative)
Guidance on the use of this
International Standard
A.1 Scope
This International Standard outlines the requirements of a
robust, credible and reliable OH&S management system. The additional text
given in this Annex is strictly informative and is intended to prevent
misinterpretation of the requirements contained in this International Standard.
While the information in this Annex addresses and is consistent with these
requirements, it is not intended to add to, subtract from, or in any way modify
them. This Annex does not contain explanatory information on Clause 1.
There are no normative references in this International
Standard. Users can refer to the documents listed in the Bibliography for further
information.
A.3 Terms and definitions
In addition to the terms and definitions given in Clause
3, and in order to avoid misunderstanding, clarifications of selected concepts
are provided below:
- 'Continual' indicates duration that occurs over a period of time, but with intervals of interruption (unlike 'continuous' which indicates duration without interruption). 'Continual' is therefore the appropriate word to use in the context of improvement;
- The word 'consider' means it is
necessary to think about but can be rejected, whereas 'take
into account means it is necessary to think about but cannot be rejected; - The words 'appropriate' and 'applicable'
are not interchangeable. 'Appropriate' means
suitable (for, to) and implies some degree of freedom, while 'applicable' means relevant or
possible to apply and implies that if it can be done, it shall be done; - This International Standard uses the
term ' interested par ty\ the term 'stakeholder' is a
synonym as it represents the same concept; - The word 'ensure' means the
responsibility can be delegated, but not the accountability to
make sure that it is performed; - 'Documented information' is used to
include both documents and records. This
International Standard uses the phrase 'retain documented information as evidence of...' to
mean records, and 'shall be available as documented information' to mean documents,
including procedures. The phrase 'to retain documented information as evidence of....' is not
intended to require that the information retained will meet legal evidentiary
requirements. Instead, it is intended to define the type of records that need to be retained.
Organizations can be subject to legal requirements related
to the OH&S management system that mandate the use of certain terms or
their meaning. In such cases, conformity to this International Standard still
requires that its intent be fulfilled even when using such legally prescribed
terms.
A.4 Context of the
organization
A.4.1 Understanding the
context of the organization
The intent of this clause is to provide a high-level
understanding of the issues that can affect, either positively or negatively,
the way the organization manages its responsibilities in relation to the
OH&S management system for persons working under its control.
The issues of interest are those that affect the
organization's ability to achieve the intended outcomes including the
objectives it sets for its OH&S management system, as well as meeting its
OH&S policy commitments. Issues can include conditions, characteristics or
changing circumstances that can affect the OH&S management system, for
example:
a)
external context issues, such as:
1)
the cultural, social, political, legal, financial, technological, economic
and natural surroundings and market competition, whether international, national,
regional or local;
2)
introduction of new competitors, new technologies, new laws and the
emergence of new
occupations;
occupations;
3)
key drivers and trends relevant to the industry or sector having impact on
the objectives of
the organization;
the organization;
4)
relationships with, and perceptions and values of, its external interested
parties;
5)
changes in relation to any of the above.
b)
internal context issues, such as:
1)
governance, organizational structure, roles and accountabilities;
2)
policies, objectives, and the strategies that are in place to achieve
them;
3)
the capabilities, understood in terms of resources and knowledge (e.g.
capital, time, people,
processes, systems and technologies);
processes, systems and technologies);
4)
information systems, information flows and decision-making processes (both
formal and
informal);
informal);
5)
introduction of new products and equipment;
6)
relationships with, and perceptions and values of, internal interested
parties;
the organization's culture;
the organization's culture;
7)
standards, guidelines and models adopted by the organization;
8)
form and extent of contractual relationships;
9)
changes in relation to working time requirements and any of the above.
The results of the context review should be used to assist
the organization in understanding and determining the scope of its OH&S
management system, determining its risks and opportunities, developing or
enhancing its OH&S policy, setting its OH&S objectives and determining
the effectiveness of its approach to maintaining compliance with its applicable
legal and other requirements.
A.4.2 Understanding the
needs and expectations of workers and other interested parties
Workers (and, as applicable, their representatives) and
other interested parties can be either internal or external to the
organization. The organization should seek to ensure that it is aware of all
relevant interested parties that can affect the OH&S management system, or
which perceive themselves to be affected by it, in order to plan how to meet
their needs and expectations, when relevant. Other Interested parties to an
OH&S management system can include:
a)
legal and regulatory authorities (local, regional, state/provincial,
national or international);
b)
parent organizations;
c)
suppliers, contractors and subcontractors, external providers;
d)
owners, shareholders, clients, visitors, local community and neighbours of
the organization;
e)
customers, medical and other community services, media, academia, business
associations,
non-governmental organizations (NGOs);
non-governmental organizations (NGOs);
f)
health and safety organizations and occupational health-care professionals
(including
doctors).
doctors).
Interested party needs and expectations are not
necessarily requirements of the organization. It is important to distinguish
between what these needs and expectations will lead to:
o mandatory requirements: laws,
regulations, corporate requirements, provisions of the
organization's collective agreements that relate to the health and safety of workers where
they are given legal effect;
organization's collective agreements that relate to the health and safety of workers where
they are given legal effect;
o commitment requirements: voluntary
commitments to interested parties to which the
organization voluntarily subscribes. It also includes rules, guides and technical references;
organization voluntarily subscribes. It also includes rules, guides and technical references;
o other requirements to which the
organization voluntarily subscribes that relate to the OH&S
management system.
management system.
Needs and expectations from interested parties become
obligatory requirements for an organization if that organization chooses to
adopt them. Once the organization adopts them, then they become requirements
and should be considered when planning and establishing the OH&S management
system
A.4.3 Scope of the OH&S
management system
The scope of the OH&S management system is intended to
clarify the spatial and organizational boundaries to which the system will
apply, especially if the organization is a part of a larger rganization at a given location. An
organization has the freedom and flexibility to define its boundaries. It may choose
to implement this International Standard with respect to the entire
organization, or to (a) specific part(s) of the organization, as long as the
top management of that part of the organization has authority for establishing
an OH&S management system.
In setting the scope, the credibility of the OH&S
management system will depend upon the choice of organizational boundaries. It
should be noted that 4.3 requires that the organization should take into account
all its activities, products or services that are within its control or
influence that can impact on OH&S performance when defining the scope for
its OH&S management system.
The scope should be factual and representative of the
organization's operations included within its OH&S management system
boundaries so that it does not mislead interested parties.
Once the organization asserts it conforms to this
International Standard, the scope should be documented and where necessary made
available to interested parties.
The scope of activities, products and services can extend
beyond the immediate direct control of the organization (see 8.3 regarding
outsourcing and 8.5 for contractors). Supply and procurement policies should
address hazards and potential OH&S risks to persons in the organization
and, as far as possible, impacts on persons, outsourced or subcontracted,
carrying out activities or producing products or delivering services for the
organization.
A.4.4 OH&S management
system
The organization retains authority, accountability, and
autonomy, to decide how it will fulfil the requirements of this International
Standard, including the level of detail and extent to which it will:
a)
integrate requirements of the OH&S management system into its various
business operations, such as design & development, procurement, human
resources, sales and marketing, etc.;
b)
incorporate issues associated with its context (4.1) and interested party
requirements (4.2) within its OH&S management system.
If this International Standard is implemented for a
specific part(s), of an organization, the policies and processes developed by
other parts of the organization can be used to meet the requirements of this
International Standard, provided that they are applicable to the specific
part(s) that will be subject to them.
A.5 Leadership, worker
participation and consultation
A.5.1 Leadership and
commitment
Commitment, responsiveness, active support and feedback
from the organization's top management are critical for the success of the
OH&S management system and therefore they have specific responsibilities
for which they need to be personally involved or which they need to direct.
Leadership includes communicating not only what needs to be done but why it
should be done. To achieve
improved acceptance and implementation of OH&S
management system processes, communication of requirements should include both
"what" needs to be done and "why" it should be done.
Resources include, but are not limited to, the people,
finances and infrastructure needed by the organization to establish, implement,
maintain and continually improve its OH&S management system and OH&S
performance.
An organization should promote a positive culture that
encourages workers (and, as applicable, their representatives) to actively
participate in the OH&S management system.
An organization's culture is largely determined by top
management and the product of individual and group values, attitudes,
perceptions, competencies and patterns of activities that determine the commitment
to, and the style and proficiency of, its OH&S management system. An
organization with a positive culture is characterized by communications founded
on mutual trust, by shared perceptions of the importance of the OH&S
management system and by confidence in the effectiveness of preventive measures.
The organization should foster a positive culture relative
to its OH&S management system that promotes the elimination of any
reprisals, or fear of reprisal, for worker participation, such as identification
and reporting of hazards, incidents, recommending control measures,
consultation with other members of the organization, and reporting issues
relating to the OH&S management system to responsible authorities as
required.
A.5.2 Policy
The OH&S policy is a set of principles stated as
commitments in which top management outlines the long-term direction of the
organization to support and continually improve its OH&S performance. The
OH&S policy sets the framework for the organization to set its objectives
and take actions to achieve the intended outcomes of the OH&S management
system.
Clause 5.2 specifies three basic commitments for the
OH&S policy: to provide a healthy and safe working environment, to satisfy
applicable legal and other requirements and to continually improve its OH&S
performance. These commitments are then addressed in specific requirements in
other clauses to establish, implement, maintain and continually improve a
robust, credible and reliable OH&S management system.
It is important to understand that the organization needs
to have an appreciation for the relationship between the organization's policy
commitments and the requirements for the other parts of its OH&S management
system.
While all the commitments are important, some interested
parties are especially concerned with the organization's commitment to satisfy
its applicable legal and other requirements. In this respect it is important to
acknowledge that this International Standard specifies a number of
interconnected requirements related to this commitment. This includes the need
to identify the applicable legal and other requirements, to ensure operations
are carried out in accordance with these legal and other requirements and to
evaluate conformity with the applicable legal and other requirements.
A.5.3 Organizational roles,
responsibilities, accountabilities and authorities
The successful implementation of an OH&S management
system calls for a commitment from all persons working under the control or
influence of the organization. This commitment should begin with top
management.
The organization should communicate and promote that it is
the responsibility of all persons working under the organization's control or
influence to prevent injuries and ill-health, not just the responsibility of
those with defined OH&S management system responsibilities. In fulfilling
their responsibilities, all persons in the workplace need to consider not only
their own health and safety but also the health and safety of others.
Accountability means ultimate responsibility and relates
to the person who is held to account if something is not done, does not work,
or fails to achieve its objective.
The organization should define and communicate the
responsibilities, accountability and authorities of all persons whose work
relates to its OH&S management system. OH&S management system
responsibilities should be assigned in appropriate areas of the organization,
such as operational management (e.g. design, maintenance, manufacturing) or
other staff functions (e.g. middle-management and supervisors). The resources
provided by the top management should enable the fulfilment of the
responsibilities assigned. The responsibilities, accountabilities and
authorities should be reviewed when a change in structure of the organization occurs.
The persons assigned these roles should be competent and
have sufficient access to, and encouragement from, top management authority and
resources in order to keep top management informed of the status and
performance of the OH&S management system and whether the OH&S
management system conforms with the requirements of this International
Standard. The persons assigned these roles should be entitled to report to
supervisors or other managers about dangerous situations so that corrective and
preventive action can be taken. They should be able to report concerns to
responsible authorities as required without the threat of dismissal, discipline
or other such reprisals. Such roles can be assigned to an individual, sometimes
referred to as the 'management representative', shared by several individuals,
or assigned to a member of top management. Workers should have sufficient
competency and authority to remove themselves from hazardous situations as
necessary.
A.5.4 Participation,
consultation and representation
The participation of workers (and, as applicable, their
representatives) is a key factor of success for an OH&S management system.
The top management of the organization should encourage
the participation of workers (and, as applicable, their representatives) in the
development, implementation and maintenance of the OH&S management system,
including suggestions for the improvement of the system which would lead to
improvements in the organizations OH&S performance, such that they should feel
safe from the threat of dismissal, discipline, or other such reprisals.
Consultation is a two-way communication process. For
example, workers nearest to OH&S risks (and, as applicable, their
representatives) can be asked about decisions to be taken to control those
OH&S risks so they can give their opinions about them.
Participation of workers is a process of cooperation which
includes consultation between managers and non -managers (and, as applicable,
their representatives) in order to contribute to decision-making processes on
OH&S performance measures and proposed changes. This cooperation includes
workers (and, as applicable, their representatives) being given adequate
information, protection from dismissal and other prejudicial measures that
would prevent them from exercising their functions in the OH&S management
system, and access to workers during working hours for the purpose of
communicating about health and safety issues.
Means of encouraging worker participation in the OH&S
management system and avoiding barriers can include:
a)
the provision of information and communication regarding the scope and
objectives of the
OH&S management system;
OH&S management system;
b)
the provision of operational information and training, including knowledge
of identified
hazards, hazard elimination and control strategies, and residual risks assessments;
hazards, hazard elimination and control strategies, and residual risks assessments;
c)
creating awareness of hazards and OH&S risks;
d)
improving competency;
e)
the provision of adequate time and resources to accomplish the items from
bullets a) to c);
f)
the provision of mechanisms to foster, promote and enable effective
cooperation between
managers and non-managers e.g. workers' safety delegates, workers' health and safety
committees, or joint health and safety committees as well as provision for the selection of
representatives (through worker or union organizations) in accordance with applicable legal
and other requirements;
managers and non-managers e.g. workers' safety delegates, workers' health and safety
committees, or joint health and safety committees as well as provision for the selection of
representatives (through worker or union organizations) in accordance with applicable legal
and other requirements;
g)
providing protection from reprisals, including disciplinary or other
adverse measures, for
reporting, or removing themselves from situations of serious danger of imminent harm;
reporting, or removing themselves from situations of serious danger of imminent harm;
h)
creating and maintaining a positive culture for the OH&S management
system.
Removing barriers to participation, or reducing them to a
minimum when removal is not possible, is essential if the OH&S management
system is to be effective.
Feedback in the OH&S management system is dependent
upon worker participation. The organization should make sure workers at all
levels are encouraged to report hazardous situations, so that corrective and
preventive action can be taken, and to report concerns to the responsible
authorities. The threat of dismissal, discipline or other such reprisals can
undermine this feedback process.
A.6 Planning
A.6.1 Actions to address
risks and opportunities
A.6.1.1 General
The purpose of planning in the OH&S management system
is to prevent undesired effects such as injury or ill-health by anticipating
hazardous events and their likelihood and consequences, in order to achieve the
intended outcomes of the OH&S management system. It also identifies
opportunities that can offer a potential advantage or beneficial outcome such
as improved OH&S performance.
Planning is not a single event but an on-going process,
anticipating changing circumstances and continually identifying risks and
opportunities. When planning the organization's OH&S management system, the
context (4.1)
in which it will operate, the views of its workers and
other interested parties (4.2) and its scope (4.3) are considered to ensure the
system can identify its risks and opportunities. An initial review or gap analysis
may be conducted when planning for the OH&S management system. The output
from this review can be used in the planning process. This International
Standard requires the organization to identify hazards and assess its OH&S
risks (6.1.2), determine its applicable legal and other requirements (6.1.3),
and to assess other risks and opportunities to the OH&S management system
(6.1.4). This information is then used to determine how the risks and
opportunities should be managed (6.1.5). Planning also includes determining how
to incorporate the actions deemed necessary or beneficial into the OH&S
management system through objective setting (6.2), operational control (8.1) or
other parts of the OH&S management system, for example, resource provisions
(7.1) and competence (7.2). The mechanism for evaluating the effectiveness of
the preventive and protective measures is also planned and can include
monitoring and measurement techniques (9.1), internal audit (9.2) or management
review (9.3). Changes can present both risks to workers, and opportunities to
improve the performance of the OH&S management system, and need
to be carefully planned before being implemented.
A.6.1.2 Hazard
identification and assessment of OH&S risks
A.6.1.2.1 Hazard
identification
A.6.1.2.1.1
The process for hazard identification should be on-going
to reflect current, changing and future activities. This can include inputs
from the review of data and reports of past incidents and ill-health, and
complaints from both inside and outside the organization. The hazard
identification process helps the organization recognize and understand the
hazards to workers and in the workplace, in order to assess, prioritize and
eliminate or reduce the related risks to levels as low as reasonably practicable.
Hazard identification should proactively identify any
source or situation (or combination of these), arising from an organization's
activities, with a potential for injury, ill-health or death. Examples of
hazards include:
a)
sources: powered machinery, toxic substances, radiation, workload and task
control, aggressive behaviour or harassment;
b)
situations: working at heights, working in confined spaces, working alone
or worker fatigue.
Hazards can be categorised in many ways including:
physical, chemical, biological,psychosocial, physiological; or mechanical and
electrical; or based on movement and energy.
In carrying out its identification of hazards the
organization should consider all of the categories detailed in the
requirements. The list provided in the requirements is not exhaustive, however.
It is always the responsibility of the organization to have an on-going process
which identifies different hazards.
A.6.1.2.1.2
Routine activities and situations include day to day
operations such as using a machine. Non-routine activities and situations are
short-term, long-term or occasional activities and reasonably foreseeable
situations such as extended work hours, production pressure, a small oil leak
that affects the machine operator, periodic and breakdown maintenance or repair
or disruption to utility services such as water, gas, electricity or sewage.
Physical conditions which can cause hazards at the work location include
lighting, ambient temperature, humidity and surrounding noise, proximity to other
workers or condition of work surfaces. Human factors refers to such things as
capabilities and limitations, skill levels and competence needs, differing
levels of literacy or language fluency, familiarity with the site or activity,
work overload and other considerations such as ergonomics or individual actual
or potential behaviours. An organization should look at the underlying causes
when considering human behaviours that contribute to risks and hazards, such as
fear of reporting incidents or concerns.
A.6.1.2.1.3
Emergency situations are unplanned or unscheduled
situations that require an immediate response, for example a machine catching
fire in the workplace or a natural disaster in the vicinity of the workplace or
at another location where workers are performing work-related activities. It
also includes situations such as civil unrest at a location at which workers
are performing work-related activities, which requires their urgent evacuation.
A.6.1.2.1.4
The reference to people is intended to direct the
organization to consider all those who can be directly affected by the
organization's activities. For example passers-by, contractors or immediate
neighbours. It also includes mobile workers, those workers who travel to
perform work-related activities at another location (for example service
engineers travelling to and working at a customer's site), home-based workers
or those who work alone.
A.6.1.2.1.5
In relation to its operations and activities the
organization should include consideration of human capabilities, such as
physical stature, pregnancy or physical or mental impairment. Hazards can also
be created though design, for example a machine which cannot be cleaned or
maintained without working at an unsafe height or requiring work in an unsafe
position or in a confined space.
Situations can occur in the vicinity of the workplace that
present hazards, such as within multi-organization worksites where the
activities of any one of the organizations could cause injury or ill-health to
persons doing work for another organization on the worksite.
16. Situations not controlled by the organization and
occurring in the vicinity of the workplace can cause injury or ill-health to
persons in the workplace for example a fire or explosion in an adjacent property
or a nearby public protest which escalates into civil disobedience.
A.6.1.2.1.6
Hazards can arise from changes in an organization. These
include a reduction in the number of workers, an increase of unskilled
trainees, inadequate succession planning, unfamiliar or ageing equipment,
temporary loss of facilities due to routine maintenance or emergency repair.
The organization should also consider hazards created by the introduction of
new materials, technologies or processes.
A.6.1.2.1.7
Previous incidents and their causes, both within the
organization and in other organizations, locations or situations, should be
considered when identifying potential hazards. Examples could include incidents
involving a forklift or a particular hazardous substance.
This International Standard does not address product
safety (that is, safety to end-users of products manufactured by the
organization), however hazards to workers occurring during manufacture,
construction or assembly of products should be considered.
A.6.1.2.2 Assessment of
OH&S risks
An organization can use different methods to assess risks
as part of its overall strategy for addressing different hazards or activities.
Each method should be appropriate to the type of risks being considered. The
complexity of assessment does not depend on the size of the organization but on
the hazards associated with the activities of the organization.
The assessment(s) determines the levels of risks and
enables the organization to identify appropriate controls and actions.
The purpose of the organization's OH&S management
system should be to achieve safe and healthy working conditions with a level of
residual risk which is as low as reasonably practicable. (Residual risk is the
risk remaining after appropriate preventive and protective measures have been
taken.)
A.6.1.2.3 OH&S
opportunities
Examples of OH&S opportunities include moving up the
hierarchy of controls towards eliminating risks; encouraging workers to report
incidents in a timely manner; improving OH&S performance during planned
changes such as facilities relocation, process re-design or replacement of
machinery and plant; using new technologies to improve OH&S performance or
extending OHS competence beyond requirements/Increasing levels of competence.
A.6.1.3 Determination of
applicable legal and other requirements
A.6.1.3.1
The applicable legal and other requirements can include
those based on the hazards and OH&S risks related to its activities.
A.6.1.3.2
Legal requirements can take many forms, such as:
a)
legislation, including statutes, regulations and codes of practice;
b)
decrees and directives;
c)
orders issued by regulators;
d)
permits, licences or other forms of authorization;
e)
judgements of courts or administrative tribunals;
f)
treaties, conventions, protocols, collective bargaining agreements.
A.6.1.3.3
Other requirements can include:
a)
company requirements;
b)
contractual conditions;
c)
agreements with employees;
d)
agreements with interested parties;
e)
agreements with health authorities;
f)
non-regulatory standards, consensus standards and guidelines;
g)
voluntary principles, codes of practice, technical specifications,
charters;
h)
public commitments of the organization or its parent organization;
i)
corporate/company requirements.
A.6.1.4 Other risks and
opportunities to the OH&S management system
The organization should give consideration to those risks
and opportunities which are not directly related to the health and safety of
people and address the factors affecting the OH&S management system, its
performance and intended outcomes.
An organization can use different methods to assess risks
as part of its overall strategy. Each method should be appropriate to the type
of risks being considered. The assessment(s) determines the levels of the risks
and enables the organization to identify and prioritize appropriate controls
and actions within the OH&S management system or other business processes.
Examples of these types of risks include:
a)
inappropriate context analysis; outdated analysis;
b)
inadequate consideration of OH&S management system requirements,
change management
and other health and safety issues in strategic planning and other business processes;
and other health and safety issues in strategic planning and other business processes;
c)
the absence of resources for the OH&S management system, whether
financial, human or
other;
other;
d)
an ineffective audit programme;
e)
poor succession planning for key OH&S management system roles;
f)
poor top management engagement in the OH&S management system
activities;
g)
failure to address the needs and expectations of relevant interested
parties;
h) poor OH&S performance leading to reputational risks.
h) poor OH&S performance leading to reputational risks.
Examples of opportunities include:
o improving the visibility of top
management's support for the OH&S management system;
o improving first response to incidents;
o conducting in-depth incident
investigations;
o increasing worker participation;
o exceeding applicable legal and other
requirements;
o benchmarking, including consideration of
both own past performance and that of other
organizations;
organizations;
o collaborating in forums which focus on
topics dealing with health and safety;
o improving the organization's health and
safety culture.
A.6.1.5 Planning to take
action
The actions planned to address the risks and opportunities
identified may be managed through the OH&S management system or through
other processes, such as those for business continuity, risks,
financial or human resource management, or a combination
of these. Equally, the effectiveness of the actions taken may be measured
through the OH&S management system or through other processes. When the
assessment of risks has identified the need for controls, the planning activity
determines how these are implemented in operation (see Clause 8); for example,
determining whether to incorporate these controls into work instructions or
into competency improvement actions. Other controls can take the form of measuring
or monitoring (see Clause 9).
A.6.2 OH&S objectives
and planning to achieve them
A.6.2.1 OH&S objectives
Objectives are established to improve OH&S
performance. This includes reducing risks, improving health, or improving the
OH&S management system's processes. Objectives may also be set to improve
the well-being of workers if this is in scope for the organization's OH&S
management system.
The objectives should be linked to the OH&S risks,
opportunities and performance criteria which the organization has identified as
having the highest priority for the achievement of the intended outcomes of the
OH&S management system. Once a level of performance has been achieved and
no further improvement is practicable, an objective may be set to maintain that
level of performance pending new opportunities. OH&S objectives can be
integrated with other business objectives and should be set at relevant functions and levels. Objectives can be strategic, tactical and
operational, and are set to achieve the intended outcomes of the OH&S
management system:
a)
strategic objectives can be set to improve the overall performance of the
OH&S management
system, for example improving the health and safety culture of the organization;
system, for example improving the health and safety culture of the organization;
b)
tactical objectives can be set at project or process level, for example
noise elimination to
prevent hearing loss;
prevent hearing loss;
c)
operational objectives can be set at the activity level, for example
minimizing chemical
inventory stored in the workplace.
inventory stored in the workplace.
The measurement of OH&S objectives can be qualitative
or quantitative. The organization is not required to establish OH&S
objectives for each of the risks it determines or identifies.
A.6.2.2 Planning to achieve
objectives
The organization can plan to achieve objectives
individually or collectively.
The organization might need to develop more formal project
plans for complex objectives with multiple tasks. In considering the means
necessary for such planning, the organization should examine the resources
required (financial, human, equipment infrastructure) for the tasks to be
performed. The organization should assign responsibility and completion dates
for individual tasks to ensure that the objective can be accomplished within
the overall timeframe.
When practicable, each objective should be associated with
an indicator which can be strategic, tactical and operational (see also
A.9.1.2).
A.7 Support
A.7.1 Resources
Resources include human resources, natural resources,
infrastructure, technology, and financial resources.
Human resources include specialized skills and knowledge.
In considering the need for resources the organization
should determine the need for protective measures (such as personal protective
equipment [PPE]) and the competence needs as part of a job requirement.
Infrastructure includes the organization's buildings,
plant, equipment, utilities, information technology and communications systems,
emergency containment systems, etc.
A.7.2 Competence
All persons working under the control of the organization
need to be competent to take into account hazards and OH&S risks in their
work.
The competence requirements are not limited to those doing
work that have or can be exposed to OH&S risks but also those who manage a
function or undertake a role which is critical to achieving the intended outcomes
of the OH&S management system.
In determining the criteria of the competence for each
role an organization should take into account such things as:
a)
the education, training, qualification and experience necessary to
undertake the role;
b)
the work environment in which they will be working;
c)
the hazards identified and associated OH&S risks;
d)
the preventive and control measures resulting from the risks assessment
process;
e)
requirements applicable to the OH&S management system;
f)
the rights and responsibilities of persons based upon applicable legal and
other requirements;
g)
the importance of compliance with the OH&S policy, applicable
procedures, applicable legal
and other requirements;
and other requirements;
h)
the potential consequences of compliance and noncompliance, including the
impact on
i)
OH&S performance;
j)
the value of their participation in the OH&S management system
(including, as applicable, their representative(s)).
Workers should be evaluated to ensure that they meet the
necessary competence criteria for their roles and, where appropriate, gaps in
their competence should be filled by providing additional education, training,
and experiences.
Workers should be evaluated periodically to ensure that
they have the required competence for their roles. An evaluation of their
competence should also be carried out whenever there have been changes that can
impact upon the activities undertaken in their roles.
Representatives for OH&S management systems should be
competent to carry out their representative functions effectively.
A.7.3 Awareness
To ensure they work or act safely, the organization should
make persons working under its control sufficiently knowledgeable of:
a)
emergency processes;
b)
the consequences of their actions and behaviour in relation to OH&S
risks;
c)
the benefits of improved OH&S performance;
d)
the potential consequences of departing from requirements of the OH&S
management
system;
system;
e)
the need to conform to OH&S policies and good working practices;
f)
any other issues that might impact on OH&S performance.
Awareness programmes should be provided for contractors,
temporary workers and visitors, etc., according to the OH&S risks to which
they are exposed.
A.7.4 Information and
communication
The communication processes established by the
organization should provide for the flow of information upwards, downwards and
across the organization. It should provide for both the gathering and the
dissemination of information. It should ensure that pertinent information is
provided, received and understood by all relevant workers and interested parties.
When determining the need for communication with external interested parties
the organization should consider both its normal operations and potential
emergency situations; often external communication processes include the
identification of designated contact individuals and contact numbers. This
allows for appropriate information to be communicated in a consistent manner
and can be especially important in emergency situations where regular updates
are requested and a wide range of questions need to be answered.
A.7.5 Documented information
It is important to keep the level of complexity of the
documented information at the minimum level possible to ensure effectiveness,
efficiency and simplicity at the same time.
This should include documented information on action/means
by the organization to achieve compliance with applicable legal and other
requirements.
The provisions given in 7.5.3 include the prevention of
unintended use of obsolete documents.
The control of documented information should not have the
effect of, nor be for the purpose of, preventing workers from obtaining a full
and complete picture of the hazards and risks of their work.
The confidentiality of personal information of individuals
should be respected.
A.8 Operation
A.8.1 Operational planning
and controls
A.8.1.1 General
Operational planning and controls should be established
and implemented as necessary to eliminate hazards or, if impossible, to manage
the OH&S risks to an acceptable level, for operational areas and activities.
When planning and developing operational controls,
priority should be given to control options with higher reliability in
preventing injury or ill-health, consistent with the hierarchy of controls (see
8.1.2).
Operational controls can use a variety of different
methods, for example:
a)
the introduction of procedures and systems of work;
b)
ensuring the competency of operators;
c)
establishing preventive / predictive maintenance and inspection
programmes;
d)
specifications for the procurement of good and services;
e)
compliance to preventive regulations and manufacturer's instructions for
equipment;
f)
engineering controls (physical devices such as barriers) followed by
administrative controls
(warnings, pictograms, alarms and signals, or access control procedures and other work
instructions).
(warnings, pictograms, alarms and signals, or access control procedures and other work
instructions).
A.8.1.2 Hierarchy
The hierarchy provides a systematic way to determine the
most effective and feasible method to eliminate hazards, control risks at
source, adapt work to workers (e.g. by designing the phases of any project), or
to reduce the OH&S risks associated with a hazard.
Controls include oversight/supervision, training,
competence assessment, job planning, rotating and scheduling to minimize
worker's exposure, changes to work procedures, implementation of work area protection
and similar measures.
A.8.2 Management of change
Depending on the nature of an expected change, the
organization should use an appropriate methodology(ies) for assessing the
OH&S risks of the change. The objective of a management of change process
is to minimize introduction of new hazards and risks into the work environment
as changes occur, such as in technology, equipment, facilities, work practices
and procedures, design specifications, raw materials, organizational staffing
changes, and standards or regulations. Managing change in this clause can be an
outcome of the plans developed in clause 6.1.5 (Planning for changes) The
organization should plan how to implement the change in a manner that does not
increase the risks or introduce new (unforeseen) hazards (see 6.1.5).
The organization should specify and assign adequate
resources for the implementation of the change. As part of the change
management process, the organization should review potential changes to hazards
and risks (see 6.1). The implementation of a decision to change should ensure
that all affected workers are properly informed and are competent to cope with
the change.
A.8.3 Outsourcing
An outsourced process is one for which:
a)
the function or process is integral to the organization's functioning;
b)
the function or process is needed for the OH&S management system to
achieve its intended
outcome;
outcome;
c)
liability for the function or process conforming to requirements is
retained by the
organization;
organization;
d)
the organization and the external provider have an integral relationship,
e.g. one where the
process is perceived by interested parties as being carried out by the organization.
process is perceived by interested parties as being carried out by the organization.
A.8.4 Procurement
Prior to procuring goods and services, the organization
should identify appropriate procurement controls that take into account
applicable legal and other requirements as well as any additional requirements
the organization has established within the OH&S management system.
Procurement controls should be used to identify and evaluate potential OH&S
risks associated with purchased products, raw materials, and other goods and
related services before their introduction into the work environment.
Considerations could include requirements for supplies, equipment, raw
materials, and other goods and related services purchased by the organization
to conform to the organization's OH&S objectives and its need for
information, participation and communication (see 7.4). The organization should
verify that equipment, installations and materials are adequate before being
released for use by its workers, e. g. that:
a)
equipment is delivered according to specification and is tested to ensure
it works as intended;
b)
installations are commissioned to ensure they function as designed,;
c)
materials are delivered according to their specifications;
d)
any usage requirements, precautions or other protective measures are
communicated and
made available.
made available.
A.8.5 Contractors
The organization may delegate authority to those best
capable of identifying, evaluating, and controlling health and safety risks,
including to contractors. This recognizes that some contractors possess
specialized knowledge, skills, methods, and means. However, this delegation
does not eliminate the organization's responsibility for the health and safety
of its workers.
Contractors can be specialists in maintenance,
construction, operations, security, landscaping, facility upkeep, janitorial,
sanitation or clean-up of production processes, and a number of other
functions. Contractors can also include consultants or specialists in
administrative, accounting, and other functions.
An organization can achieve coordination of its
contractors' activities through the use of contracts that clearly define the
responsibilities of the parties involved. An organization can use a variety of
tools for managing contractors' health and safety performance, including
contract award mechanisms or pre-qualification criteria which consider past
health and safety performance, safety training, or health and safety
capabilities, as well as direct contract requirements.
The relationships between an organization and its
contractors can be both diverse and complex, and involve very different types
and levels of risks. How an organization manages these relationships can vary,
depending on the nature of the services provided and the risks identified. The
degree of coordination should depend on factors such as the terms of the
contract, the nature of the hazards and risks, the type and size of the
operations, and the duration of the work on the site. When defining how it will
coordinate, the organization should give consideration to the reporting of
hazards between itself and its contractors, controlling worker access to
hazardous areas, and procedures to follow in emergencies.
If a contractor does not have an OH&S management
system, then the organization should specify how the contractor will coordinate
its activities with the organization's own OH&S management system
processes, such as those used for confined space entry, lockout/tagout, exposure
assessment, and process safety management.
The organization should verify that contractors are
capable of performing their tasks before being allowed to proceed with their
work, e.g. by verifying that:
a)
OH&S performance records are satisfactory;
b)
qualification, experience and competence criteria for workers are
specified;
c)
training and other worker requirements were undertaken;
d)
resources, equipment and work preparations are adequate and ready for the
work to proceed.
A.8.6 Emergency preparedness
and response
The organization should identify foreseeable emergencies
applicable to its operations and plan its response; such emergencies can occur
both during and beyond normal working hours, and can arise due to both natural
and man-made causes. Identified emergencies should be assessed based on their
OH&S risks. The organization should focus on proactive control measures
(e.g. the reduction of ignition sources) not only on reactive risk controls,
such as fire-fighting equipment and evacuation.
A.9 Performance evaluation
A.9.1 Monitoring,
measurement, analysis and evaluation
A.9.1.1 General
A.9.1.1.1
Examples of what could be monitored and measured to meet:
a)
the requirements of this International Standard are:
1)
tracking progress on meeting policy commitments, achieving objectives, and
continual
improvement;
improvement;
2)
monitoring exposures to determine whether applicable legal and other
requirements have
been met; including the health surveillance of workers;
been met; including the health surveillance of workers;
3)
monitoring incidents, injuries, ill-health, and complaints, including status
and trends;
4)
providing data to evaluate the effectiveness of operational controls and
emergency
exercises, or to evaluate the need to modify or introduce new controls (see 8.1);
exercises, or to evaluate the need to modify or introduce new controls (see 8.1);
5)
providing data to proactively and reactively measure the organization's OH&S
performance;
6)
providing data to evaluate the performance of the OH&S management
system;
7)
providing data for the evaluation of competence (7.2).
b)
legal requirements are:
1)
an up-to-date list of legal requirements;
2)
a listing of identified gaps in compliance.
c)
other requirements can include, but are not limited to:
1)
union-employer agreements;
2)
standards and codes;
3)
corporate and other policies, rules and regulations;insurance
requirements.
A.9.1.1.2
Criteria are what the organization should compare its
performance against. Examples are benchmarks against:
a)
other organizations;
b)
standards and codes;
c)
the organization's own codes and objectives.
The organization should use the criteria to set its
internal objectives for monitoring and measurement.
A.9.1.1.3
The frequency of monitoring and measurement should be
appropriate to the size and nature of the organization and its OH&S
performance, and to changes in OH&S risk factors.
A.9.1.1.4
Methods:
a)
Monitoring can involve continual checking, supervising, critically observing
or determining
the status in order to identify change from the performance level required or expected.
Monitoring can be applied to the OH&S management system, to processes or to controls.
Examples include the use of interviews, reviews of documented information and
observations of work being performed;
the status in order to identify change from the performance level required or expected.
Monitoring can be applied to the OH&S management system, to processes or to controls.
Examples include the use of interviews, reviews of documented information and
observations of work being performed;
b)
Measurement generally involves the assignment of numbers to objects or
events. It is the
basis for quantitative data and is generally associated with the evaluation of safety
programmes and health surveillance. Examples include the use of calibrated or verified
equipment to measure exposure to a hazardous substance or the counting of the required safe
distance from a hazard;
basis for quantitative data and is generally associated with the evaluation of safety
programmes and health surveillance. Examples include the use of calibrated or verified
equipment to measure exposure to a hazardous substance or the counting of the required safe
distance from a hazard;
c)
Analysis is the process of examining data to reveal relationships,
patterns and trends. This
can mean the use of statistical operations, including information from other similar
organizations, to help draw conclusions from the data. This process is most often associated
with measurement activities;
can mean the use of statistical operations, including information from other similar
organizations, to help draw conclusions from the data. This process is most often associated
with measurement activities;
d)
Evaluation is an activity undertaken to determine the suitability,
adequacy and effectiveness
of the subject matter to achieve the established objectives of the OH&S management system.
This activity is most often associated with monitoring activities.
of the subject matter to achieve the established objectives of the OH&S management system.
This activity is most often associated with monitoring activities.
Health related worker complaints, health surveillance of
workers and work environment monitoring are important elements to be looked at,
where appropriate, by suitable medical monitoring or follow-up of workers for
early detection of signs and symptoms of harm to health in order to determine the
effectiveness of prevention and control measures.
An organization may use one or a combination of the
methods above depending on the nature of the hazards inherent to the
organization and the scope of its OH&S management system.
A.9.1.1.5
When monitoring and measuring is performed, it should be
appropriate to the size and nature of the organization and to its OH&S
performance.
The organization should ensure that frequencies of
monitoring and measurement are in alignment with analysis and evaluation of its
OH&S risks and risks and opportunities.
A.9.1.2 Evaluation of compliance
The organization should prioritize its actions based on
the identified compliance gaps.
A.9.2 Internal audit
A.9.2.1 Internal audit
objectives
An organization's own requirements for its OH&S
management system audits can include its own policies, objectives,
requirements, standards, risk assessment outcomes and the results of previous
audits or of corrective actions.
A.9.2.2 Internal audit
process
Small and medium enterprises (SMEs) can establish
objectivity and independence for the internal auditor by creating processes
that separate their role as an internal auditor from their normal assigned
duties. When planning its internal audits the organization should take into consideration
the importance of the processes concerned to the OH&S management system.
This can include items such as the impact the processes have on risk assessment
outcomes.
The extent of the audit programme should be based on the
size and nature of the organization, as well as the complexity and level of
maturity of the OH&S management system.
A.9.3 Management review
Clarifying the terms used in relation to management
review:
a)
Suitability: The extent to which the management system fits and is right
for the organization's purpose, operations, culture and business systems;
b)
Adequacy: The extent to which the management system is sufficient in
meeting the applicable requirements;
c)
Effectiveness: The extent to which planned activities are realised and
planned results achieved.
The management review topics listed in 9.3 a) to f) need
not be addressed all at once. The organization should determine when and how
the management review topics are addressed. Management reviews are a critical
part of the continual improvement of the management system. The purpose of
these reviews is for top management to do a strategic and critical evaluation
of the performance of the management system, and to recommend improvements.
This review should not be just a presentation of information, but should focus
on assessing OH&S performance and identifying opportunities for continual
improvement. It is up to the organization to determine appropriate measures for
the effectiveness of the management system.
Management reviews should include an evaluation of how
well the OH&S management system is integrated with other business processes
and the strategic direction of the organization. Management reviews can include
information about areas outside of the traditional health and safety arena, such
as vendor and internal organizational changes and security issues. Reviews can
present information in a manner (for example a scorecard) that focuses on the
management system elements most in need of the attention of top management.
Reviews may be conducted more frequently, to coincide with other management
reviews, or to meet other business or management system needs.
A.10 Improvement
A.10.1 Incident,
nonconformity and corrective action
Separate processes may exist for incident investigations
and non-conformities depending on the organization's requirements.
Examples of incidents, nonconformities and corrective
actions include but are not limited to:
a)
Incidents: occupational related near-miss events, injuries, ill-health,
exposures to health hazards, vehicle accidents, property and equipment damage
where it can lead to OH&S risks;
b)
Non-conformities: protective equipment not functioning properly,
non-compliance to legal requirements or prescribed procedures not being
followed;
c)
Corrective actions: (as indicated by the hierarchy of controls; see 8.1.2)
elimination of hazards, substitution to safe materials, design or modification
to equipment or tools, development of procedures, improving the competence of
affected workers, changes in frequency of use, or use of personal protective
equipment.
Root cause analysis refers to the practice of exploring
all the possible factors associated with an incident by asking what happened
and why it happened, to provide the input for what can be done to prevent it from
happening again.
When determining the cause of an incident or
nonconformity, the organization should use methods or approaches appropriate to
the nature of the incident or nonconformity being analyzed. This analysis can identify
multiple system failures including factors related to communication,
competence, fatigue, equipment or procedures.
All approaches are focused on prevention and not blame or
punishment.
The scope of the root cause analysis should be appropriate
to the nature of the incident or the nonconformity being analysed.
Effectiveness is the extent to which the implemented
corrective actions adequately control the cause(s).
Timeliness of actions should be based on the nature of the
incident or nonconformity.
Corrective actions should be appropriate to the nature of
the incident or nonconformity.
Comments
A.10.2 Continual improvement
Continual improvement is meant to be a step by step
approach over time and is focused on future OH&S performance.
Examples of issues to be reviewed to identify opportunities
include, but are not limited to:
a)
new technology;
b)
good practices of other organizations;
c)
suggestions from interested parties;
d)
knowledge and understanding of health and safety related issues;
e)
new or improved materials;
f)
changes in workforce capabilities or competence.
Bibliography
ISO 9001, Quality management systems — Requirements
ISO 14001, Environmental management systems — Requirements
with guidance for use
ISO 19011, Guidelines for auditing management systems
ISO 31000, Risk management — Principles and guidelines
ISO 37500, Guidance on outsourcing
ISO Guide 73, Risk management — Vocabulary
Thanks for sharing this post. ISO 14001 Certification in Saudi Arabia
ReplyDelete