bsi- ohs as 18001 introduction
TRANSCRIPT
Colombian Safety Council, 2 July 2004 1
Occupational Health and Safety Occupational Health and Safety Management Systems and Management Systems and
Integrated Management SystemsIntegrated Management Systems
byCharles Corrie
Secretary of the OHSAS Project Group
Clive StallwoodBSI Representative to the OHSAS Project Group
Colombian Safety Council, 2 July 2004 2
Contents
1. About BSI2. Background to OHSAS 180013. Future developments with 180014. ISO and Integrated management Systems
Colombian Safety Council, 2 July 2004 5
BSI group: 100 years of innovation
• 1901 World’s first national standards body
• 1926 Kitemark launched
the world’s first product certification mark
• 1929 Royal Charter is granted
• 1948 Founder member of ISO
(International Organisation for Standardisation)
• 1998 Founder member of the OHSAS Project Group
Colombian Safety Council, 2 July 2004 6
BSI Group: 100 years of innovation (cont’d)
• 1979 BS 5750 published - now ISO 9000
• 1992 BS 7750 published - now ISO 14001
• 1999 BS 7799 published - now ISO 17799
• 1999 BSI OHSAS 18001 published
Colombian Safety Council, 2 July 2004 11
Key Issues in OHSMS
• CONTROL - is there an adequate structure?• CO-OPERATION - are there adequate
arrangements? • COMMUNICATIONS - are the arrangements
effective?• COMPETENCE - are the systems and
competencies available?
Colombian Safety Council, 2 July 2004 12
PDCA Cycle
Plan
DoCheck
Act
Regulations
Continuous Improvement
Colombian Safety Council, 2 July 2004 13
OHSAS 18001 – PDCA approach
Implementation & operation
PlanningChecking & corrective action
Management Review
OHS Policy
Continual improvement Initial ReviewInitial Review
Colombian Safety Council, 2 July 2004 14
Occupational Health and Safety (OH&S)
1996 ISO OH&S workshop indicated lack of support for OH&S management systems standardization at that time
In 1998 the International Labour Organisation (ILO) proposed joint work to ISO on a guidance document. BSI responded by proposing that ISO jointly with ILO develop BS 8800 into an international document.
In January 1999 the vote was 29 in favour, 20 against, so under ISO’s balloting procedures was not accepted. Those who voted against indicated that they would prefer ILO to develop such a document, not ISO.
Colombian Safety Council, 2 July 2004 15
Occupational Health and Safety (OH&S)
However, ISO/TMB decided that it would be willing to accept a formal new work proposal for OH&S management system standardization in the future, if supported by sufficient ISO member bodies, in accordance with the ISO Directives (USA lodged formal objection)
As a result of the ISO decision, a group of national standards bodies and certification bodies published OHSAS 18001 in April 1999
The increasing use and adoption of OHSAS 18001 as national standards has now led many countries to question why ISO is not yet doing work in this field.
ILO published its guidance document in December 2001
Colombian Safety Council, 2 July 2004 16
Development of 18001• OHSAS 18001 and the accompanying OHSAS 18002,
Guidelines for the implementation of OHSAS 18001, were developed in response to urgent customer demand for a recognizable OHSMS against which their management systems can be assessed and certified.
• OHSAS 18001 has been developed ….. To be compatible with ISO 14001 and 9001.. to facilitate the integration of Q, E, and OHS, should they wish to do so.
• The OHSAS specification will be reviewed or amended when considered appropriate.
• The OHSAS specification will be withdrawn on publication of its contents in, or as, an international standard, or in the UK a British Standard
Colombian Safety Council, 2 July 2004 17
Scope of 18001a) establish an OH&S management system to eliminate or
minimize risk to employees and other interested parties who may be exposed to OH&S risks associated with its activities;
b) implement, maintain and continually improve an OH&S management system;
c) assure itself of its conformance with its stated OH&S policy;d) demonstrate such conformance to others;e) seek certification/registration of its OH&S management
system by an external organization; orf) make a self-determination and declaration of conformance
with this OHSAS specification.
Colombian Safety Council, 2 July 2004 18
Feedback from measuring performance
Audit
Management Review
Planning
Policy
4.2 OH&S Policy
Colombian Safety Council, 2 July 2004 19
Planning
Feedback from measuring performance
Policy
Implementation and operation
Audit
4.3 Planning
Colombian Safety Council, 2 July 2004 20
Planning
Feedback from measuring performance
Policy
Implementation and operation
Audit
4.3 Planning
Colombian Safety Council, 2 July 2004 21
Implementation and Operation
Feedback from measuring performance
Planning
Checking and Corrective Action
Audit
4.4 Implementation and Operation
Colombian Safety Council, 2 July 2004 22
4.5 Checking and corrective action
Checking And
Corrective action
Implementation and operation
Feedback from measuring performance
Management review
Audit
Colombian Safety Council, 2 July 2004 23
4.6 Management Review
Management review
Checking and corrective action
External Factors
Policy
Internal Factors
Colombian Safety Council, 2 July 2004 24
ISO 19011:2002 Guidelines for quality and/or environmental management systems auditing
Authority for audit programme (5.1)
Establishing anaudit programme(5.2,5.3)
Implementing audit programme(5.4,5.5)
Monitoring and reviewing auditProgramme (5.6)
Auditor CompetenceClause 7
Audit activitiesClause 6
Improving auditProgramme(5.6)
PLAN
DO
CHECK
ACT
Colombian Safety Council, 2 July 2004 25
The great debate
• Requirement standards or guidelines?
• Auditing
• Certification-pros and cons
Colombian Safety Council, 2 July 2004 26
Facts and figures
OHSAS Standards and Certificates survey (to October 2003)
• 31 guidance documents• 23 requirement standards• Certification in 70 countries• 8399 certificates in total• 3898 to 18001 or direct equivalent
Colombian Safety Council, 2 July 2004 28
The Future
• Increasing adoption of 18001 as a national standard in different countries
• Development of OHS standards by USA-ANSI , and by Canada
• Development of a CEN Guidance document• ISO ??????
Colombian Safety Council, 2 July 2004 29
Systematic ReviewDuring 2004, a Systematic Review of 18001 and 18002 will be conducted.
This will lead to a decision to either:
-Confirm (unchanged)
- Withdraw
- Amend
- Revise
the standards.
Expected outcome is for an Amendment.
Colombian Safety Council, 2 July 2004 30
Drivers for change
- Ongoing revision to ISO 14001 for EMS, and the need for the standards to remain “compatible”
(Note with ISO 9001:2000 revision, this merely led to revised “Correspondence tables” being included in Annex A)
- The need to reduce identified risks to a situation of being “As low as reasonably practicable” or ALARP.
(Note, this is the only technical comment received against 18001 in 5 years)
Colombian Safety Council, 2 July 2004 31
Other OHSAS Project Group considerations
• 2004 Standards and certificates survey
• An auditing standard (or a supplement to ISO 19011)
• Auditor qualification criteria
• ISO ?????
Colombian Safety Council, 2 July 2004 33
Historic background
Military / Nuclear quality programmes
Conversion to civilian use by the automotive industries
Driven by poor quality supply problems, or safety issues
Military standards in the 1960s
National standards in the 1970s
ISO 9000 in 1987 (although started in 1979)
ISO 14001 in 1996
Colombian Safety Council, 2 July 2004 34
Historic background
1980s saw the rise of the environmental protection movement
1992 ISO established its Strategic Advisory Group on Environment (SAGE)
Led to the establishment of ISO/TC 207 in 1993 for ISO 14001
Other management systems standards started to be developed in the early 1990s, e.g. Dependability management, Project management, Software quality
Colombian Safety Council, 2 July 2004 35
Historic background
With the publication of ISO 14001in 1996, a number of papers were presented to ISO concerning “Integrated”management system standards.
This led to the establishment of an ISO Technical Advisory Group (TAG12) which recommended that ISO 9001 and ISO 14001 should be developed to be “compatible”
Additionally, it led to the establishment of ISO Guide 72 -Guidelines for the justification and development of management system standards
Colombian Safety Council, 2 July 2004 36
Established Management system standards
ISO 9000 – Quality
ISO 14000 – Environment
ISO/IEC 17799 – Information Security
IEC 60300 - Dependability
ISO 15161/(ISO 22000) - Food Safety (and HACCP)
ISO 10006 Project management
ISO/IEC Guide 73 Risk Management Terminology
Colombian Safety Council, 2 July 2004 37
Sectoral documentsTS 16949 – Automotive
ISO/IEC 90003 – Software
ISO/TR 14061 - EMS for Forestry organizations
ISO/IWA 1 - Healthcare
ISO/IWA 2 - Education
Colombian Safety Council, 2 July 2004 38
Outside of ISO /IEC
Malcolm Baldrige quality award, EFQM, Deming Prize
ILO OSH 2001/ BS 8800 / OHSAS 18001 –Occupational Health and Safety
SA 8000 – Social Accountability
AS 9000/EN 9100 – Aerospace quality
FIDIC Guide on quality for Consulting Engineers
International Martine Organization quality documents
Chemical industries – Responsible cares (an IMS programme)
Colombian Safety Council, 2 July 2004 39
Many other fields of management systems are now being standardized at a national level
AS/NZ 4360 or PD 6668 – Risk management
PD 75000 - Knowledge management
BS 7000-5 - Obsolescence
BS 3843 or PAS 55 - Asset management
Personnel (UK Investors in People programme)
Colombian Safety Council, 2 July 2004 40
New fields being considered at ISO
Organizational (Corporate) Social responsibility [OSR]including: - Business Ethics
- Sustainable development- Organizational (Corporate) responsibility- Social Accountability
Food Safety
I.T. Services management
Colombian Safety Council, 2 July 2004 41
Organizational (Corporate) Social Responsibility (OSR)Work proposed to ISO in 2003
Strategic Advisory Group established 2003
Consultants appointed for a worldwide survey of OSR work
Consultants have recommended that ISO develop a guidance document (see www.iso.org/sr)
ISO workshop June 2004
ISO decision on OSR expected 3rd quarter 2004
Note: A key element of OSR is OHS reporting
Colombian Safety Council, 2 July 2004 42
Compatibility - Need for ?Users advised ISO that they wished to minimise the:
-Disruption to business due to: - multiple audits, - high level personnel having to accompany auditors - interruptions to other personnel during audits
- High cost of certification
Led to requests for high degree of compatibility:
- Between the standards
- For the auditing process
Colombian Safety Council, 2 July 2004 43
ISO/TMB/TAG 12Established in January 1997
Constitution included several “User Representatives”
Report presented to, and adopted by, ISO/TMB in January1998
Key recommendations:
•Encourage national standards bodies to be more active in seeking the views of Users, and in considering compatibility
•Seek new ways of encouraging input from a broader base of Users
•Relevant terms and definitions should be identical, and use of terminology should be consistent
Colombian Safety Council, 2 July 2004 44
ISO/TMB/TAG 12Key recommendations -continued:
•Management systems standards should be “compatible”, and as far as possible “aligned”
•Auditing standards should be “integrated”
•There should be active communication and participation between members of ISO/CASCO, associations of accreditation bodies, certification bodies and ISO/TC 176 and ISO/TC 207.
•Levels of national co-ordination to be monitored
•Development of transition plans to link 2000/2001 standards with training needs, field implementation challenges and conformity assessment responsibilities
Colombian Safety Council, 2 July 2004 45
Compatibility - Definition
“Compatibility” means that common elements of the two series of standards can be implemented in a shared manner, in whole or in part, by organizations without unnecessary duplication or the imposition of conflicting requirements.
(Based around ISO/IEC Guide 2:1996, term 2.2)
TAG 12 Note: “Compatibility” does not mean that the text of common elements of the standards needs to be identical, although they should be whenever practicable.
Colombian Safety Council, 2 July 2004 46
CompatibilityDefinition of compatibility only reached after much discussion on the merits of
“Integrated” versus “aligned” standards
Considered that only ‘aligned’ standards would be acceptable at this time for management systems, but that ‘integrated’ auditing standards would be acceptable.
Colombian Safety Council, 2 July 2004 49
1 2 3 4 5
Core X X +Struct +small + large
Subject/
Aspect 2 2 2 2 large 2 small
Concepts diff = = = =
Structure diff = = = =
Terms some
diff = = = =
Integrated /Aligned MSS
Colombian Safety Council, 2 July 2004 50
COMPATIBILITY
INTEGRATED ALIGNED
CONSISTENT
Integrated /Aligned MSS
Colombian Safety Council, 2 July 2004 51
Risk Management
Risk assessment considered a fundamental aspect of all management disciplines
(Assess, prioritise, actively manage and control to minimise risks)
ISO/TMB/WG Risk Management Terminology established June 1998
ISO/IEC Guide 73:2002 Risk management – Vocabulary –Guidelines for use in standards
Colombian Safety Council, 2 July 2004 52
ISO/IEC Guide 73
Not a guide to Risk Management
•Aim of Guide is “ to promote a coherent approach to the description of risk management activities and the use of risk management terminology”
•The Guide is generic, compiled to encompass the general field of risk management, and not to replace established terms in specialist areas of the subject
•Guide 73 contains 38 defined terms
Colombian Safety Council, 2 July 2004 53
Risk Management
June 2004 –proposal to ISO/TMB to adopt AS/NZ 4360 as an ISO standard
Colombian Safety Council, 2 July 2004 54
What do you need to examine in the standards for Integration ?
Across the standards, you need to examine their:
- Basic principles
- Terminology
- General management system requirements
- Technology specific requirements
- Structure
Colombian Safety Council, 2 July 2004 55
Basic principles – ISO 9000 versus EFQM
ISO 9001 EFQM Customer focus Customer focus Leadership Leadership & Constancy of purpose Involvement of people People Development and Involvement Process Approach Management by Processes and Facts Systems approach to management
Continual Improvement Continuous learning, Improvement and Innovation
Factual approach to decision making
Management by processes and Facts
Mutually beneficial supplier arrangements
Partnership Development
Corporate Social Responsibility Results orientation
Colombian Safety Council, 2 July 2004 56
Basic principles – ISO 14000
Principle 1 — Commitment and policy
An organization should define its environmental policy and ensure commitment to its EMS.
Principle 2 — Planning
An organization should formulate a plan to fulfill its environmental policy.
Principle 3 — Implementation
For effective implementation, an organization should develop the capabilities and support mechanisms necessary to achieve its environmental policy, objectives and targets.
Principle 4 — Measurement and evaluation
An organization should measure, monitor and evaluate its environmental performance.
Colombian Safety Council, 2 July 2004 57
Basic principles
Conclusion – the principles are very similar
Colombian Safety Council, 2 July 2004 58
Terminology
Many similar terms are used in the differing standards, however, their definitions appear to vary considerably.
Is this a problem ? Answer = No
Why not ? Because the underlying intent, or concept, of the definitions are generally very similar
Beware the interpretation of definitions by regulators !
Colombian Safety Council, 2 July 2004 59
General management systems elements
Policy
Planning
Implementation and operation
Improvement
Management review
(See ISO Guide 72)
Colombian Safety Council, 2 July 2004 60
Table A.2 — Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:2000
Clause OHSAS 18001 Clause ISO 14001:1996 Clause ISO 9001:2000 — — — Introduction 0
0.1 0.2 0.3 0.4
Introduction General Process approach Relationship with ISO 9004 Compatibility with other management systems
1 Scope 1 Scope 1 1.1 1.2
Scope General Application
2 Reference publications 2 Normative reference 2 Normative reference 3 Definitions 3 Definitions 3 Terms and definitions 4 OH&S management
system elements 4 Environmental management
system requirements 4 Quality management system
4.1 General requirements 4.1 General requirements 4.1 5.5 5.5.1
General requirements Responsibility, authority and communication Responsibility and authority
4.2 OH&S policy 4.2 Environmental policy 5.1 5.3 8.5
Management commitment Quality policy Improvement
OHSAS 18001 – Annex A
Similar tables exist in ISO 9001 and ISO 14001
Colombian Safety Council, 2 July 2004 61
General MSS elements – Conclusion9001, 14001 (and 18001) include all the required general MSS elements detailed in ISO Guide 72, and have a high degree of commonality across their elements.
Colombian Safety Council, 2 July 2004 62
9001 / 14001 key differences
Focus: Customer requirements versus Environmental impacts
14001 – high level requirements9001 – more detailed
Operational requirements: detailed in 9001 clause 7, versus limited detail in 14001 clause 4.4
Procedures versus Processes
Internal audit: examines system effectiveness in 9001, not in 14001 (only permitted in Management Review)
Contingency planning: Emergency preparedness and response in 14001, not directly addressed in 9001
Colombian Safety Council, 2 July 2004 63
ISO 9000 Process Approach structure
Managementresponsibility
Measurement,analysis andimprovement
Resourcemanagement
Product realizationInput Output
Customers
Customers
Requirements
Satisfaction
Product
Continual improvement ofthe quality management system
Colombian Safety Council, 2 July 2004 64
ISO 14001 PDCA type structure
Continual Improvement
Management Review
Checking and Corrective Action
Environmental Policy
Planning
Implementation and Operation
Colombian Safety Council, 2 July 2004 6514
High Level Loops- Product Realization
High Level Loops - Business Management
Local Loops
INPUT PROCESS
PROCESS MANAGEMENT
RESOURCE MANAGEMENT
C
U
S
T
O
M
E
R
C
U
S
T
O
M
E
R
PDC
A
MEASUREMENT, ANALYSIS, IMPROVEMENT
MANAGEMENT RESPONSIBILITY
OUTPUT
9001 Process approach structure embodies PDCA
Colombian Safety Council, 2 July 2004 66
EMS (ISO 1401) PDCA model including process approach
Measurement, analysis &
improvement
Quality policy
management systemprocedures,
resource management
Managementreview
Continualimprovement
customer
Input OutputProcess
Process Management
Customer needs& requirements,objectives and planning
customer
PLANPLAN
DODO CHECKCHECK
ACTACT
requIrements
product
Colombian Safety Council, 2 July 2004 67
Leadership Processes Business Results
People
Policy and strategy
Partnerships & Resources
People results
Customer Results
Society Results
Enablers Results
Innovation and Learning
European Foundation for Quality Management (EFQM) Business Excellence Model
Colombian Safety Council, 2 July 2004 68
CUSTOMER
MISSION VISION
STRATEGY
LEARNING AND
GROWTH
INTERNAL BUISNESS
PROCESSESFINANCIAL
Balanced Scorecard - Strategic Perspectives
Colombian Safety Council, 2 July 2004 69
Products & Services
Values
Customers
ImageResources
The Business Idea of the Firm
Colombian Safety Council, 2 July 2004 70
Corporate culture
Competence & Physical resources
Activities/ Processes
Organization structure
Means of control
Products(Price, Costs, Quality)
Strategy
Market
Competitive Environment
Business Model
Colombian Safety Council, 2 July 2004 71
Customer
Continuous Improvement
Total Participation
Fundamentals
Mutual Learning
Road Map Model
Colombian Safety Council, 2 July 2004 72
PDCA or Process Approach ?
PDCA – set policies and objectives before using “Implementation and Operation” to control processes
Process approach – What are your processes for analysing your external environment, before establishing your policies and objectives ?
Environmental, OHS, etc. Legal and Regulatory requirements can be treated in the same manner as Customer requirements, before being fed into your system of processes
Colombian Safety Council, 2 July 2004 73
Structures – conclusion
Structures themselves are a conceptual way of showing how the various management system elements fit together to form a “system”.
They also attempt to show that individual elements of the “system” cannot be treated in isolation, but have to be taken together. The “system” will fail, if any one of those elements is ignored.
The structures themselves are not a requirement to which compliance has to be achieved.
Each representation has its own merits.
Colombian Safety Council, 2 July 2004 74
Other items for consideration
New sets of stakeholders/interested parties (e.g. people passing by your factory)
Application of ISO 9001 can have the scope limited, ISO 14001 cannot.
Risk management approach (safety risks, environmental impacts, process failure modes)
Regulations management
Improvement programme management
Public awareness/communications management (e.g. Environmental Policy has to be available for public review)
New tools (FMEA, HAZOP/HAZAN)
Colombian Safety Council, 2 July 2004 75
A lot of documentation and a lot of technical requirements !
Full “Integration” is not just limited to QMS, EMS, OHS, but can include a wide range of programmes
So, why should you move towards an integrated system ?
Colombian Safety Council, 2 July 2004 76
1. Question: Why should you move towards an integrated system ?
Answer: Because you already have one !
2. Question: Is it effective ?
Answer: Yes, otherwise you would be out of business, or be in breach of regulations (e.g. for health and safety)
3. Question: Is it efficient ?
Answer: Not as efficient as if you were to use a fully integrated management system
4. Question: Is certification necessary ?
Answer: This will depend on your business strategies and situation
Colombian Safety Council, 2 July 2004 77
Perceived benefits of an IMS:
Gives Top management a unified view of the performance of the organization, instead of a stratified one
Reduces duplication and the costs associated with the administration of separate management systems
Balances conflicting objectives
Improves control of risks
Reduces potential for conflicting responsibilities and relationships
Improves harmonization and optimisation of practices
Colombian Safety Council, 2 July 2004 78
Perceived benefits of an IMS
Can increase operational efficiency
Can improve internal and external communications
May facilitate training and development
Potentially reduces 3rd party audit times and audit frequencies
Establishes a framework that will enable the assimilation of future standards
Colombian Safety Council, 2 July 2004 79
Where do you start ?1. An IMS has to be a strategic business decision
2. Top management support and commitment is needed
3. Decide on an approach to be followed
4. Perform a “gap” analysis of the requirements of the additional standards
5. Follow a similar, or improved, process as you used to implement your QMS, e.g.- appoint a management representative- establish cross-functional teams, provide staff training- hire consultants - review your processes and documentation- implement revised processes and measure their performance- seek certification
Colombian Safety Council, 2 July 2004 80
Which approach should you follow ?
Add other disciplines to an existing system
Merge two or more existing parallel
systems
Re-engineer all business and operational systems into a unified IMS
Colombian Safety Council, 2 July 2004 81
Starting Implementation – use of consultants
This depends in part on your organization’s level of management system knowledge
For initial implementation of a QMS, how dependent were you on the services of consultants ?
Do consultants still play a part in the maintenance of your QMS, e.g. by performing internal audits ?
Or, is your organization sufficiently knowledgeable to be able to face the challenge of new standards without assistance ?
Otherwise, specialist assistance may again be needed
Colombian Safety Council, 2 July 2004 82
Starting implementation - use of consultants
Even where a consultant is not required for assistance with the general management system requirements, specialist external advice or training may be needed on the new specific technologies, e.g.
- determination of environmental aspects and impacts
- hazard analyses and risk assessments in OH&S
- security risks and controls in information security management
Colombian Safety Council, 2 July 2004 83
Initial Status Review (ISR)
An ISR helps the organization determine:
- where they are in managing QMS, EMS, OHS etc. issues
- what needs to be done
- what help and information are available from outside sources
- which of this is relevant to the organization
Colombian Safety Council, 2 July 2004 84
Initial Status review (ISR) activities
Identify all legislative/regulatory requirements
Identify all aspects of activities/products /processes that can create impacts
Collect details of commendations, complaints, fines, accidents and incidents that could form the basis for performance criteria
Evaluate performance against internal criteria, external standards, regulations, codes of practice sets of principles and guidelines
Identify existing management processes, practices and procedures
Colombian Safety Council, 2 July 2004 85
Initial Status Review (ISR) activities
Identify the existing policies and procedures dealing with procurement and contracting activities
Obtain information from investigations of incidents of previous non-compliance
Identify opportunities for competitive advantage
Seek out and analyse the views of stakeholders/ interested parties
Review those functions or activities of other organizational systems that can enable or impede performance
Examine all of the above items against the full range of operating conditions, including start-ups, shut-downs, during possible incident and emergency situations
Colombian Safety Council, 2 July 2004 86
Activity Form IMS team Environmental review OH&S Risk assessment Set Objectives Define improvement programme
Implement Improvement programme
Define Operational controls Define administrative controls Write manuals Launch to staff Operate new systems Internal audit Prove legal compliance Performance reports Management review External assessment Celebrate
Time (months) 2 4 6 8 10 12 14 16 18
An 18 month IMS implementation plan
Colombian Safety Council, 2 July 2004 87
Key enablers
Leadership and change management
Human resource management and development
Colombian Safety Council, 2 July 2004 88
Conclusion
Your organization’s management system will be unique.
Understanding the intention behind the management standards will enable you to incorporate their requirements into your organization’s management system in a planned and consistent manner.
Business efficiencies can be achieved through the use of a fully integrated system.