Every employer needs to have a system in place for managing workplace health and safety risks if they are going to comply with the law. In smaller organisations this may be a relatively simple arrangement, based on a safety policy and risk assessment, but many employers follow guidance from the Health and Safety Executive called HSG65. Other employers may have introduced one developed by the British Standards Institute called BS OHSAS 18001, or could use a specialised standard that has been developed for a specific sector. Which system is best will depend on the type and size of the employer and how complex the risks that need to be managed are. If you do not know what system your employer uses make sure to ask them.
From March 2016 there is a new health and safety management system standard called ISO45001 which some employers may wish to adopt. This advice is intended for health and safety representatives in workplaces where the employer seeks to follow ISO 45001. There is a more detailed TUC guide for help to those union officers or representatives during the process of introducing the standard.
ISO 45001 is an international standard for occupational health and safety management systems and is structured to be consistent with existing ISO standards, such as quality management (ISO 9001) and environmental management (ISO14001). If your employer already has BS OHSAS 18001, the new standard will replace it.
ISO 45001 is a standard – not a management system that can be just taken down and applied directly in the workplace. It is based on what is called the “Plan-Do-Check-Act” cycle which is common to a lot of management systems and treats health and safety management as an integral part of good management generally, rather than a stand-alone system.
To gain ISO 45001 certification an employer must ensure that the processes they have in place to manage health and safety risks meet all the requirements in the standard.
ISO 45001 has no legal status at all. It does not guarantee that the employer is complying with health and safety, or any other legal requirements and an employer cannot rely on achieving ISO 45001 certification as a way of ensuring that they are fulfilling their legal obligations. As an example of this, new standard has a detailed section on consultation and participation of workers but the Safety Representatives and Safety Committee Regulations often go beyond what is in the standard. Even if they are following what is in ISO 45001, employers must ensure that they met all the requirements of the Health and Safety at Work Act and the regulations made under it. ISO45001 is an “add-on” which an employer may use to try to raise standards.
Nor should enforcing authorities use an organisation being ISO 45001 certified as a guarantee of anything beyond they have done what they need to implement the management system that is laid down.
Effectively managing health and safety is not just about having a safety management system. The success of whatever system is in place depends on what the employer does in practice and that of course is the process of risk assessment and risk elimination and reduction, along with promoting a positive safety culture.
The TUC believes that having a health and safety management system is important, but it must not be about pointless paperwork. What makes a workplace safer is removing hazards, controlling risks and ensuring good worker involvement. As the HSE states “Focusing too much on the formal documentation of a health and safety management system will distract you from addressing the human elements of its implementation - the focus becomes the process of the system itself rather than actually controlling risks.”
However, it is likely that, over time, ISO 45001 could be required for gaining contracts in some sectors, in particular infrastructure and other construction work. It may also be required for the UK branches of multi-national companies who want to standardise their health and safety management systems.
Getting ISO 45001 certification is not an easy process and, for many employers, there are much simpler ways of ensuing a good health and safety system, but for those that do go down this route, developing and implementing a compliant management system needs to be an organisation-wide target led by top management. There also must be full union involvement as well as oversight of the process by the joint health and safety committee. Management needs to ensure that they have a responsible member of staff who is competent and has the time. Larger organisations will need a dedicated team. Management should also ensure that union health and safety representatives are trained in the ISO 45001 standard and the implementation and certification process.
The BSI have published an approved guide to the standard (BS45002) that will help employers, but it is still quite a lot of effort to get a health and safety management system in place and then provide the evidence that it meets the requirements of ISO45001. Many employers may decide to use a consultant. If they intend to do so, they must consult with the health and safety representatives first to ensure that the consultant is competent, and also that they intend to involve the workforce at every stage.
The Management System is formed of processes for meeting its requirements, including risk management, provision of resources, performance measurement, and measurement, analysis and continual improvement. Once all the processes are in place the employer can seek certification. This starts with what’s known as a ‘Stage 1 Audit’ when an auditor reviews all existing systems and produces a gap analysis report which will identify the actions needed to meet the standard. Once the employer believes that they have implemented the action plan and filled all the gaps highlighted in the Stage 1 report, an auditor carries out a ‘Stage 2 Audit’. This is intended to ensure that the health and safety management system is effective and meets all the requirements of ISO 45001. If the system is fully compliant, the employer will be recommended for certification.
Organizations which already have achieved certification to OHSAS 18001:2007 will have up to three years from formal publication of ISO 45001:2018 to migrate to this new standard. Based on the current schedule, this transition period will end in March 2021.
Trade unions are concerned that ISO 45001 could lead to employers concentrating on systems that have the primary aim of achieving certification to ISO 45001, rather than to control risks. Gaining certification should never be the goal of a health and safety management system and just meeting the requirements of ISO 45001 should never be used as an indication of the effectiveness of an organisation in reducing and managing risk.
Trade unions have previously warned that the private standards approach could lead to a move away from an emphasis on prevention based on risk management developed through union consultation, towards a more bureaucratic, process-driven approach aimed at achieving and maintaining accreditation. However, if an employer decides to use the standard, trade unions should seek to be fully involved to ensure that it is done in a way that ensures that the top priority is protecting workers – not achieving a certificate.
The TUC believes that unions should always feed into the way that the standard is introduced as well as the certification process and any consultants and auditors should meet with them regularly. Recognised health and safety representatives have a legal right to ask for all relevant documentation under the Safety Representatives and Safety Committee regulations and under ISO 45001 the employer is required to ensure that relevant audit results are reported to workers and, where they exist, their representatives.
If your employer intends to seek ISO 45001 certification, then please read the detailed TUC guide to the standard. In addition, this checklist may be useful.
To access the admin area, you will need to setup two-factor authentication (TFA).