ISO召集了很多职业健康安全(OHS)方面的专家,在共同制定一项新的标准——ISO 45001。该标准能帮助各大组织机构和公司改善其在职业健康安全方面的表现,最终挽救员工的生命。
ISO/ PC283项目委员会负责ISO45001(职业健康和安全)标准的制定,该委员会成员上次会面是在今年六月,初步审查了对ISO45001第二版委员会草案的反馈意见。
而现在,委员会已经确定了他们下次会议的时间,届时他们将要讨论所有对第二版委员会草案的反馈意见;紧接着,ISO45001将步入下一个修订阶段——国际标准草案(DIS)阶段。
ISO45001将取代OHSAS 18001,后者首次发表于1999年,以满足组织在没有国际健康和安全标准下的需求。
目前,该标准是在委员会标准制定过程中的第三阶段,也是协商过程的第一阶段。在这个阶段,委员会草案会一再改版,直到就标准的技术内容达成一致意见。
ISO45001预定于2016年10月发表,ISO/ DIS45001目前预计将在今年十月出版。但是,与所有的ISO标准修订一样,这个时间表随时可能更改。
委员会的下次会议将于2015年9月21-25日在日内瓦举行,地点是国际劳工组织(ILO)办公室。
ISO 45001标准的制修订进程
2013年3月:提案阶
2013年11月:准备阶段
2014年7月:草拟阶段(CD)
2015年3月:目前在第二个草拟阶段(CD)
2015年10月:咨询阶段(DIS)
2016年5月:审核阶段(FDIS)
2016年10月:预计出版
wher has ISO 45001 come from?
ISO 45001 will replac BS OHSAS 18001 as the definitive occupational health and safety management system standard.
OHSAS 18001 was first published in 1999 to fill a gap wher there was no international standard for OH&S. In recent years there has been a rapid increase in the use of OHSAS 18001 and recent surveys report that approximately 90,000 OH&S certifications have been awarded in over 127 countries.
In 2013, ISO approved the creation of a new project committee to transform OHSAS 18001 into an ISO standard, ISO 45001.
What’s the timeline for its development?
Development of all ISO management system standards follows an established process and sequence: working draft (WD), committee draft (CD), draft international standard (DIS), final draft (FDIS) followed by the standard’s publication.
The committee draft of ISO 45001 (ISO/CD 45001) was published in July for comment and ballot. Following feedback from the committee draft, we are expecting the DIS in April 2015. The FDIS should be published in June 2016, followed by the final ISO 45001 standard in October 2016.
These timings are only a rough guide, however. They can change depending on the amount of comments received.
What are the main changes from OHSAS 18001?
The stated purpose of ISO 45001 is “to enable an organisation to proactively improve its OH&S performance in preventing injury and ill-health”, wheras the purpose of OHSAS 18001 is “to enable an organisation to control its OH&S risks and improve its OH&S performance”. Some will argue that this puts more emphasis on seeking continual improvement, not only by addressing OH&S risks but also through other initiatives like health, education and training. Others may argue that this simply clarifies previous intent.
Familiar concepts and requirements in ISO 45001 include application of the Plan-Do-Check-Act model, setting policy, setting objectives, carrying out internal audits and management review. In many cases the current requirements have been carried over from OHSAS 18001.
ISO/CD 45001 does place more emphasis on risk management and ongoing assessment of risks and opportunities to prevent, or reduce, undesired effects. There is also a strengthening of the requirement to demonstrate and understand compliance status at all times.
One of the newer areas that ISO 45001 will focus on is the organisation’s ‘context’ (e.g. the environment in which it operates, including its supply chain and local communities). What evidence will auditors be seeking to establish satisfactory management in this area?
At the highest level there is no change in that the audit evidence assembled must provide objective evidence that the standard’s requirements are being met. It’s when we move into the detail that things get a little more interesting. In ISO 45001, context is defined by clauses 4.1 and 4.2.
Clause 4.1 requires the organisation to determine the external and internal issues that are relevant to its purpose and objectives, and that affect its ability to achieve the intended outcomes of its OH&S management system.
Clause 4.2 requires the organisation to determine the interested parties (stakeholders) that are relevant to its OH&S management system and the relevant interests of these interested parties.
The auditor must confirm that the organisation has determined both its internal and external issues, the relevant interests of interested parties and that it has considered the resultant information when determining the scope of its OH&S management system.
The standard does not prescribe a methodology for determining these things, nor does it specify what the outcome from the exercise should look like. What matters to the auditor is that the organisation can prove it has completed this task.
The auditor then needs to consider whether the result the organisation has arrived at is an appropriate reflection of their context.
This is wher things could get interesting. For example, the auditor might believe that the organisation has not identified its internal and external issues correctly, and in order to challenge the organisation over context, the auditor will need to have a thorough and contemporary understanding of the sector in which the organisation operates, as well as its mode of operation. This means that in future, auditors will require a much higher level of research and planning before conducting audits.
Because the issues an organisation faces and the interests of relevant interested parties change through time, I would expect to see evidence that the organisation is revisiting its context periodically to ensure it remains up to date.
What about leadership?
The challenges around auditing leadership are different. The standard is clear in terms of what top management needs to do to evidence its commitment to the occupational health and safety management system.
Because these requirements are clear the auditor might assume it will be straightforward to assess these. But the challenge going forward is that organisations will have much greater freedom in how they wish to structure their systems and record evidence of compliance.
The OH&S manual, procedures and records have all been replaced by ‘documented information’, which can take almost any form and format that the organisation chooses.
As a result, the auditor is likely to be faced in the future with a wide variety of electronic and paper-based evidence sources which they will then need to interpret in order to determine compliance or otherwise. This may mean certain auditors will need to improve both their IT and analytical skills.
The second challenge for auditors is an interpersonal one. Top management means those at the highest level of the organisation such as the CEO and board – not the OH&S manager. As there are requirements now that cannot be delegated, top management will need to become accustomed to being audited and auditors will need to become accustomed to auditing them.
Not all auditors will feel comfortable with this. Indeed, in some cultures the notion of challenging top management is completely alien. Auditors will need to learn to speak the language of the boardroom, and be able to converse with top management over context, objectives, strategy and risk. IRCA recognises that some may struggle to make this step up, which is why we are mandating transition training for auditors who will be impacted by the release of ISO 45001.
What is IRCA’s involvement with this health and safety standard?
IRCA runs an OH&S certification scheme for individual auditors, and also certifies OH&S auditor training courses run by external training providers.
Our individual auditor scheme is based on OHSAS 18001 and tests individuals’ ability to audit against this standard.
We have seen growing demand for our OH&S auditor training courses, which are based on OHSAS 18001. All of our training providers will need to revise their courses when ISO 45001 is released.
What are IRCA’s plans for updating and testing auditor competence for auditing to the new ISO 45001 standard?
Whenever a standard changes the first step is for IRCA to fully assess the revised requirements. This allows us to make an informed judgement as to whether auditors simply need to acquire new knowledge or whether they must also acquire new skills.
If we conclude that new knowledge alone is sufficient, then we would typically require the auditor to undertake a prescribed amount of continuous professional development (CPD).
In those instances wher the changes are more significant, however, requiring the auditor to also improve their existing skills and expertise, we will mandate transition training. In these instances, registered auditors are required to attend an IRCA-approved transition training course within a prescribed period of time in order to maintain their registrations.
Although we won’t see the final version of ISO 45001:2016 for some time we can already say with certainty that this revision will be significant. It will require auditors to use new evidence sources, to understand and assess organisational context and to be comfortable with challenging top management. It will also require changes to be made to the way audits are planned, conducted and reported.
As a result, we have decided to mandate a 1.5-day transition training course for all IRCA OH&S management system auditors. The details of this will not be finalized until the contents of the FDIS are known – expected in mid-2016.
At FDIS stage, we will also revise our core OH&S auditor training courses, along with our associated examination papers.
What does the new standard mean for organisations and OH&S professionals?
By the time ISO 45001 is published in 2016 the new concepts will, for many organisations and individuals, be tried and tested because they also appear in the updated quality management system (ISO 9001) and environmental management system (ISO 14001) standards due to be released in 2015.
Organisations operating quality, environment and OH&S management systems will have a unique opportunity to align and integrate these three, if they wish.
Organisations and OH&S professionals should be aware that at this committee draft stage, technical changes may still occur. I would therefore recommend that while you can make preparations, significant changes shouldn’t be implemented until the final draft international standard is issued.