ISO 45001 was created for one purpose: to make workplaces safer. Released just this past March after years of revision and feedback from the global occupational health and safety community, ISO 45001, a global set of guidelines for implementing an occupational health and safety management system (OHSMS) and sets new standards for assessing risks in workplaces around the world.
ISO 45001 places a strong emphasis on effective assessment of risk—proactive and preventative risk management as a major feature of an effective OHSMS and a safe workplace. Organizations that desire to be in alignment with its guidance or become ISO certified need to know that whether they are a small non-profit or a large multi-national corporation, preemptively managing risk throughout their whole organization is now an expectation, not a suggestion.
A New Approach to Risk Assessments
ISO 45001 includes directives that set new expectations for companies to identify risks relevant to their workplace and business and measure the effectiveness of existing risk controls.
This is a big leap for many companies who have never done a risk assessment, or have only done one-off projects, but the consequences of poorly managed risks are dire—increased injuries and illnesses, business interruption, increasing insurance premiums, and reputational damage, to name a few. ISO 45001’s new approach to risk assessment aims to avoid these issues by encouraging businesses to assess all aspects of risk that are applicable to them on an on-going, preventative basis.
The Big Leap: Shifting to a Proactive Risk Management Style
In the United States, many companies have not taken a formal proactive approach to assessing risks in their business. However, governments and regulatory bodies around the world—like the European Union—have laws and regulations in place that mandate specific risk assessment practices for all areas of an organization, not just its operations. The risk assessment process has been a common and culturally accepted method for some time, and because of ISO 45001, it is becoming the globally accepted norm.
ISO 45001 is not only applicable to every organization on every continent, it was created by occupational health and safety (OHS) professionals from across the world—meaning that its contents are globally aware and influenced by countries with a variety of health and safety practices. It asks all of us, even those without legal requirements for risk assessments, to start managing risk in a more proactive way to keep our employees safer. David Smith, Chair of ISO/PC 283, the committee that developed ISO 45001, puts it simply, "Businesses need to ensure they manage all their risks to survive and thrive. OHS is a key aspect, which every business has to manage proactively."
For those hoping for a clear blueprint for how to implement these new OHSMS ideas, you won't find one in ISO 45001. The standard provides the requirements but leaves it up to the individual company to determine which risks matter to their business, how often to assess risk, and other practical management details. On the bright side, this leaves lots of room for flexibility. After all, we know that different companies and industries—from tech to railroad, oil and gas to manufacturing—all have different risks and business imperatives to keep in mind.
Making the Change: What You Need to Know
For those who are OSHAS 18001 certified and are looking to move to ISO 45001, here are some of the top changes and additions in the new standard to keep an eye on:
- Planning elements – The new framework includes added detail on how to address risk, including documentation requirements as well as an outline of how worker participation impacts OHS planning.
- Identifying risks and opportunities – Companies need to determine relevant internal and external issues that may impact the ability to achieve desired OHS outcomes, including contractor considerations and anything that can impact OHS in any capacity, including opportunities to improve the management system.
- Widened risk scope – Going beyond addressing only physical safety, the new standard acknowledges the importance of addressing and managing psychological wellbeing, harassment, bullying, and stress-related illnesses.
- Competency of workers – New specifications say that companies need to determine the competence of workers (their knowledge of OHS), follow through and ensure workers are educated on the relevant risks and procedures, and take action if their competency isn't acceptable. (Note that a worker is defined as any person performing work or work-related activities that are “under the control of the organization”).
A tip for organizations with offices in Europe—look to your international colleagues to find out what processes they use. Because of stringent risk assessment regulations in Europe, like the structured procedure for all work-related tasks in Italy and France, your European counterparts should be able to provide you with the methods and processes they use to get a handle on occupational risks of all kinds, putting you on the fast-track to being ISO 45001 certified.
Because ISO 45001 requires a more comprehensive and diligent review of overall risk, it's important to dive into the details that you might have not scrutinized before. Checking manufacturers' instructions, reviewing accident and illness records, and accounting for non-routine tasks are all ways to identify hazards that might have otherwise flown under the radar, which gives you a more complete view of workplace health and safety.
A New Frontier
Being preemptive, proactive, and treating assessment as an on-going aspect of risk management is the next step in keeping workers all over the world safe. The new guidelines on risk assessments presented in ISO 45001 are inspiring organizations everywhere to look at risk management as important, good for business, and imperative for worker safety, and that's something we can all get behind.
