Safety Assessment Series OHSAS18001

7/27/2019 Safety Assessment Series OHSAS18001

1/14

MANAGING RISK

What is Occupational Health and

Safety Assessment Series(OHSAS 18001) & Should I Care?

DNV Certifcation


2/14

1

The role of safety standards

When considering OHSAS 18001 or anysimilar standard, an organization should beaware that the standards do not replace ornegate any federal, state, or local regulationsconcerning occupational safety and healthissues. OHSAS 18001 was developed toprovide organizations with aninternationally accepted system for

managing the organizations activities andprocesses in order to reduce or eliminateOH&S risks to employees. In general, theobjective of any type of standard, whether itrelates to the manufacture of cars, airplanes,and machinery, or in the petrochemicalprocess industry, or in the delivery of aservice - transportation, hospitals, etc. - is thesame. Standards are designed to promote,

facilitate and enable consistency in activitiesand processes or to provide assurance thatthe processes (for quality purposes, productoutput) will meet requirements, to provide auniform and predictable outcome everytime a set of procedures are executed. It isimportant to understand that standards, inand of themselves, do not necessarilyproduce, in this case, safe behavior or a

safe workplace, or process.

The Occupational Health and Safety

Assessment Series (OHSAS 18001) standardwas first published in April 1999 and revisedin July 2007 to improve alignment with ISO14001:2004 throughout the standard.Compatibility with ISO 9001:2000 was alsoimproved in the 2007 revision. This wasdone to facilitate the integration of quality,environmental and occupational health andsafety management systems by organizations,

should they wish to do so. Today, OHSAS18001 is not an International Organizationfor Standardization (ISO) standard or an

ANSI standard but it is internationallyrecognized. OHSAS 18001 was specificallydeveloped to enable organizations tosystematically control OH&S risks andimprove performance. It does not statespecific performance criteria.

The OHSAS 18001 Standard may be appliedwithin any organization that wishes to:

1. Establish and implement an OH&Smanagement system in order toeliminate or minimize hazards andrisks to employees and people

working on its behalf


3/14

2. Implement, maintain, andcontinually improve its OH&Smanagement system and specificOH&S performance targets

3. Provide a mechanism to facilitateOSHA compliance

4. Demonstrate to customers,employees and other stakeholdersthat the organization conforms toan internationally recognizedstandard

OHSAS 18001 is compatible with the ISO9001 and ISO 14001 series of standards andtheir underlying principles and processessuch as the Plan-Do-Check-Act. While there

are some differences, OHSAS 18001 is alsovery compatible with ANSI/AIHA Z10-2005,American National Standard - Occupational

Health and Safety Management Systemswhichwas released on September 5, 2005 throughthe American Industrial Hygiene Association(AIHA).

What is an Occupational Health and

Safety Management System?

An Occupational Health and SafetyManagement System (OHSMS) provides aframework for managing OH&S activities,procedures and processes so they becomemore efficient and a more integrated part ofthe overall business operations. An OH&Smanagement system also provides a formalstructure for identifying and managingsignificant OH&S hazards and risks. OH&SManagement Systems are based onstandards which specify a process forachieving improved OH&S performanceand complying with regulations.

DNV offers certification to theinternationally recognized assessmentspecification OHSAS 18001.

Registration can: Reduce risk

Provide competitive advantages Help companies maintain

compliance with legal

requirements

Improve overall business andOH&S performance

The OHSAS 18001 Standard

OHSAS 18001 is an internationalmanagement system standard developed

with input from international companies,cooperating National Standards Bodies andregistrars including DNV. The standardconsists of a Foreword section thatincludes scope, definitions, referencepublications and the auditable managementsystem requirements. It also includes aninformative Annex and Bibliographysections.

The structure of the

OHSAS 18001 standard

The structure of OHSAS 18001 iscomplimentary to the clause (element)

2 The Standard


4/14

structure of ISO 9001 and ISO 14001.(Note: OHSAS 18001 has not been updatedto reflect the new clause numbering andnomenclature of ISO 9001:2000 and ISO14001: 2004.)

The Requirements ofOHSAS 18001

4.1 General Requirements

4.2 OH&S Policy

4.3 Planning

4.3.1 Hazard identification, riskassessment and determining controls

4.3.2 Legal and Other Requirements

4.3.3 Objectives and program(s)

4.3.4 OH&S Management programs(s)4.4 Implementation and Operation

4.4.1 Resources, roles, responsibility,accountability and authority

4.4.2 Competence, training and awareness

4.4.3 Communication, participation andconsultation

4.4.3.1 Communication

4.4.3.2 Participation and consultation4.4.4 Documentation

4.4.5 Control of documents

4.4.6 Operational Control

4.4.7 Emergency Preparedness andResponse

4.5 Checking

4.5.1 Performance measurement andmonitoring

4.5.2 Evaluation of compliance

4.5.3 Incident investigation,nonconformity, corrective actionand preventive action

4.5.3.1 Incident investigation

4.5.3.2 Nonconformity, corrective actionand preventive action

4.5.4 Control of records

4.5.5 Internal audit

4.6 Management Review

Basic Description of the OHSAS

18001 clauses (elements)

4.1 General Requirements To establish andmaintain a management system thatensures conformance to the standard.This should help provide for regulatorycompliance.

4.2 OH&S Policy In the terminology ofOHSAS 18001, the policy is meant toestablish an overall sense of directionand define the principles of action for

an organization. This includes statingoverall health and safety objectives and acommitment to at least comply withapplicable legal requirements and withother requirements to which theorganization subscribe that relate to itsOH&S hazards, prevention of injury andill health and continual improvement inOH&S management and performance.

4.3 Planning

4.3.1 Hazard identification, riskassessment and determining controls The organization must identify andcontrol risks associated with routineand non-routine activities of allpersons having access to the

workplace (including contractors

and visitors).

4.3.2 Legal and Other RequirementsTheorganization must understand andbe aware of any regulations affectingits operations and keep up to date.Relevant personnel must be keptinformed.

4.3.3 Objectives and program(s)The

3


5/14

4

organization must set measurable(quantifiable where practicable)OH&S objectives and track results inall relevant locations, levels andfunctions. The organization shalldefine programs for achieving itsobjectives and define means tomonitor, review, update and recordas needed. Programs should includedesignated responsibilities andauthorities and the means and time-frame to achieve the objectives.

4.4 Implementation and Operation

4.4.1 Resources, roles, responsibility,

accountability and authority Theorganization shall ensure theavailability of required resources andestablish roles, and designatedresponsibilities and authorities, andensure that these are defined,documented and communicated asappropriate.

4.4.2 Competence, training and awareness

The organization must have

effective procedures ensuring thatpersonnel assigned to tasks arecompetent.

4.4.3 Communication, participation andconsultation

4.4.3.1 Communication Theorganization needs to determinemeans to communicate internally,

with contractors and other visitorsand also define how to respond toexternal interested partiescommunications.

4.4.3.2 Participation and consultationTheOrganization needs to determinehow workers will participate inhazard identification, riskassessments and accidentidentification; consultation ofcontractors where there are changesthat affect their OH&S.

4.4.4 Documentation -- The organizationmust describe the elements of itsOH&S management systems inelectronic or paper form.

Clauses


6/14

4.4.5 Control of documents -- Theorganization must define controlmechanism for all internal andexternal documents required by theOH&S management system toensure that they are effectivelymanaged and protected.

4.4.6 Operational ControlTheorganization must establish,document (as the standardrequires), and implementprocedures to control the identifiedhazards and risks of its operationsincluding stipulating operatingparameters and establishing andmaintaining procedures for thedesign of the workplace.

4.4.7 Emergency Preparedness and

ResponseThe organization mustidentify the potential for accidentsand incidents and establish plansand procedures to respond to them,including the mitigation of anyillness or injury.

4.5 Checking4.5.1 Performance measurement and

monitoring The organization mustestablish key performanceparameters to monitor the OH&Smanagement system andperformance objectives, consideringthe following: procedures, qualitativeand quantitative measures, proactiveand reactive performance indicators,and recording of data.

4.5.2 Evaluation of complianceTheorganization must define means toperiodically evaluate compliance

with applicable legal requirementsand any other to which it subscribes.

4.5.3 Incident investigation,nonconformity, corrective actionand preventive action

4.5.3.1 Incident investigation Theorganization must establish and

maintain procedures that define howthe organization handles incidents(The term accident is nowincluded in the term incident),identification of needed actions tomitigate their consequences, theinitiation and close out of correctiveand preventive actions, andconfirmation of the effectiveness ofthe actions taken.

4.5.3.2 Nonconformity, corrective actionand preventive action Theorganization must define means fordealing with actual and potentialnonconformity(ies) and for takingcorrective and preventive actionsand review their effectiveness.

4.5.4 Control of records The

organization must maintain recordsand manage them, as appropriate tothe standard and its own systems, toensure that the documentation isproperly categorized, traceable tothe pertinent activities, is legible andprotected.

4.5.5 Internal audit -- The organization

should review and continuallymonitor the effectiveness of itsOH&S management system throughperiodic internal audits.

4.6 Management ReviewTop managementmust conduct reviews of the OH&Smanagement system. This includesassessing the system for continual

improvement opportunities,effectiveness, and suitability, etc.

Should OHSAS 18001 certification

be a part of my companys businessplans?

There are costs associated with

implementing an OH&S management

5


7/14

6

system in conformance to OHSAS 18001. Ifcompanies make this investment, then it isextremely important that they are able toderive positive benefits and a financialreturn on that investment.

There are basically four reasons why anyorganization would consider OHSAS 18001certification:

1. Minimize health and safety risks toemployees and others

2. Improve business performance3. Assist organizations in establishing

a responsible image within theirmarketplace or industry sector

4. Ensure an impartial, credibleassessment of the OH&S

management system

Some direct benefits to employees and tothe financial bottom line of the organization

which have been reported include:

Reductionsindowntimeand

associated costs Recognizeddemonstrationoflegal

and regulatory compliance Increasedaccesstonewcustomers

and winning additional work(especially with governmentalagencies)

Reductionofpublicliability

insurance costs Reductionsinthenumberof

incident reports (i.e., OSHA

reportables) for several consecutiveperiods

Duetotheresultsachiev1ed,certain

organizations top managementhave justified direct rebates toemployees for safety shoes andother safety equipment, and existingPPE was often enhanced.

Procedureswereupdatedtoreflect

current practices; Records were

maintained and standardized, whichresulted in a more reliablereporting system and moremeaningful data.

Allemployeesorthoseworkingon

the organizations behalf have beentrained and/or refresher traininghas been provided, and training hasbeen extended into new employeeorientation programs. Evacuationdrills were held as well as specializedtraining in CPR, proper fire-extinguisher use, spill cleanup,pollution prevention, andconservation of energy andresources.

Turnoverratehasdecreased.

Your answers or responses to the

benefits described above shouldprovide you with a strong basis tomake an informed decision as to

whether OHSAS 18001 should be inyour companys plans. One thing iskey, if based on the responses to theabove, you make a determinationthat OHSAS 18001 should be in

your companys future, put plans in

place to do it at your own speed---not someone elses. Do notwaituntil your best customers, agovernmental agency or an industryassociation, give you an or elseultimatum requiring you to becertified in six or nine months inorder to continue to do business

with them.

What does OHSAS 18001

registration/certification require?

Registration requires evidence ofimplementation of OHSAS 18001requirements, which includes: Proceduresand records to maintain compliance toapplicable laws, commitment to continual

Requirements


8/14

improvement (in a broad sense), andcommitment to prevention of accidents andincidents. The decision to actually certify anorganization to OHSAS 18001 will bedependent on the specific business goals

that the company has in conforming to thestandard as well as the market and publiccontext in which the company operates. Forsome companies, independent, third-partycertification may be the most beneficialoption. For example, companies sellingproducts to markets in Europe or togovernmental agencies might faceconsiderable pressure to obtain third-partycertification. However, even in Europe,companies should not presume certification

will be necessary. It is very important tounderstand that either third-partycertification or self-declaration may beoptions. Third-party certification may ormay not be mandated by the supplierscustomers.

Has there been acceptance of theOHSAS 18001 standard?

While there is no accurate count of thenumber of certificates issued, the OHSAS

18001 standard has been accepted andadopted by businesses in many countriesthroughout the world.

What is the OHSAS 18001

certification process?

The basic steps to certification involve anindependent evaluation (audit) by anexternal, unbiased company i.e., the

OHSAS 18001 certification body orregistrar. Generally speaking, a documentreview and a two stage on-site audit processare typical steps that must be undertaken byan organization toward achieving OHSAS18001 certification. (An optional pre-assessment may be selected in addition tothe two stage audit. This can be conductedin conjunction with the stage one initial

visit.)

7


9/14

8

The size of the audit team and the durationof the on-site audit are a function of thenumber of employees within the scope ofthe audit and the type and number ofhazards and the risks associated with theorganizations activities. Typically, twopeople would be required to conduct theOHSAS 18001 certification audit.

During the stage one audit (initial visit), theaudit team will check that the company hasidentified all of the applicable federal, stateand local OH&S requirements, statutes andany other requirements to which itsubscribes. The effectiveness of themanagement review process for identifyingand defining hazards and risks will also beevaluated. A review of how the significance

of the identified hazards and risks isdetermined will also be conducted. SinceOHSAS 18001 is based on a Plan-Do-Check-

Act model, the stage one audit of theOH&S management system is focused onensuring that the plan aspect of the modelhas been effectively implemented. Areas ofnon-conformity will be noted and correctiveactions may be required.

The stage two audit (certification audit) istypically scheduled 4 to 6 weeks after thestage one initial visit audit. The focus ofstage two audit is the do, check, act partsof the model. The auditors are seeking toobjectively verify that the organizationadheres to its OH&S policy, objectives, andprocedures as they directly relate to the

requirements of OHSAS 18001. The actualrecommendation for certification to OHSAS18001 is based on objective evidence thatthe OH&S management system is inconformance with OHSAS 18001, and thatthe organizations associated internal OH&Sprocedures are implemented andmaintained. Ultimately, certificationdepends on whether or not any major and/

or minor non-conformances were issued by

the auditor against the OH&S managementsystem.

How long does it take and howmuch will it cost?

The time required to implement an OHSAS18001 compliant system is a function of the

size of the company, the number of peopleinvolved under the scope of thecertification, the complexity of theprocesses, the sector in which the companyoperates in, the number and significance ofthe identified hazards and risks, and thedegree to which the existing OH&Smanagement system meets the requirementsof the standard. A typical time line forimplementation is six to twelve months.Certification costs, that is, those fees paid tothe registrar, are small compared to theoverall internal costs of the developmentand implementation of the OH&Smanagement system. The registrar fees are afunction of the audit days required to verifyconformance to the standard, which in turnis a function of the hazards and risksassociated with the organizations activitiesand the number of employees and sites, etc.Most registrars will provide a no obligationcosts quotation on request.

Selecting a Registrar

If you are planning on becoming certified toOHSAS 18001 or another accreditedmanagement system standard, the selectionof your certifying body is an importantdecision. Everything being equal, this is arelationship that will be in place for a verylong time. That is why it is so important that

your choice is one which will provide youwith a partnership approach to certification,provide you with value-added services andresult in a certification that is recognizedand accepted by your customers and

Selecting a Registrar


10/14

prospects. In the OHSAS 18001 marketplacethere are a large number of registrarsoffering certification services. It is anunregulated market - that is anybody can setthemselves up as an OHSAS 18001 registrar,perform audits and issue certificates. It is

very much a buyer beware market place.So how do you go about making aninformed decision when selecting yourregistrar?

If you call several companies and ask a seriesof challenging questions - What was yourexperience with XYZ registrar? Whatimpressed you most about the registrar?

What did you least like about your dealingswith them? Would you recommend them toothers? If you ask these questions of six or

seven companies, you will get a pretty goodpicture of the overall character and thephilosophy of the registrar. Everything beingequal, this is a relationship that will be inplace for a long time and it is thereforeimperative that you make a decision basedon sound information.

Areas to consider when evaluating registrars:

Technicalcompetencies

Interpretationofthestandardand

overall philosophy Price

Peoplefactors

Technical competencies

Most registrars that are accredited have verysimilar technical competencies.These competencies are defined and aremandatory requirements of theaccreditation bodies or the professionalstandards body. The rules that registrarsoperate under are largely governed by whatis known in the certification industry as

accreditation bodies. Most of the countries

that have adopted or accepted the OHSAS18001 standard have their own nationalaccreditation body. In the U.S. that body isthe American National Accreditation Board(ANAB formerly the RAB.) Havingmanagement system accreditation by ANABor another accreditation body is animportant attribute when selecting aregistrar and a key factor in making yourinitial short list of candidates. In order tobecome accredited a registrar mustundergo a rigorous audit and reviewprocess. Currently, ANAB does not offerOHSAS 18001 accreditation. However,registrars accredited for ISO 14001, in orderto maintain their accreditation, are subjectto ongoing surveillance audits and otherformal requirements to ensure the quality of

their services and for the maintenance oftechnical competencies. Not all accreditedregistrars are created equal. There areconsiderable differences between them thatshould be assessed before a selection ismade.

Interpretation of the OHSAS 18001standard and the overall philosophy

There may be variances in how registrarsinterpret the OHSAS 18001 standard and/or their general audit philosophy. Asexamples, are they auditing to the letter ofthe standard or do they adopt a morepragmatic approach of auditing to theintent of the standard? What kind ofcustomer service response can you expect if

you select a particular registrar? What istheir track record on customer satisfaction?

What experience does this particularregistrar have in your industry sector, howmany certificates have they issued tobusinesses like yours? These questions arebest answered by talking to clients who haveselected and become certified by the

9


11/14

10

registrar that you are considering. Referenceaccounts are fine but are generally selectedor pre-screened by the registrar. A moreeffective and potentially unbiased approachis for you to make the customer selection

yourself. If a registrar is accredited they are

obligated to produce and maintain a list ofall companies that they have certified. Thelist may be in hard copy or part of their webpage. Obtain access to the list and then picksix or seven certified companies. Selectcompanies which are either in similarbusinesses to yours or which aregeographically close to you or just selectcompanies whose judgment you trust.

Price is important

Money is obviously important to most of usas individuals, as employees and asmanagers and owners of businesses. Most ofthe major registrars have an overall cost ofcertification which is similar. Auditor dayrate might appear to be a convenientindicator to compare registrar costs - but it

will not give you the basis for an apples-to-apples comparison. An important thing tokeep in mind is that registrars have manydifferent ways of actually structuring theirquotations. There are some registrars thathave application, listing and administration

fees, additions to travel expenses,cancellation and deferment fees. There arealmost as many pricing schemes as there areregistrars. How they price is not nearly asimportant as the overall cost for certification- having said that, keep a look out forcancellation and deferment charges whichcan be particularly unfriendly. Irrespectiveof how a quotation is structured theimportant thing is that you are able todetermine the exact cost-of-ownership.Most registrars will have certificates whichare valid for three years. Irrespective of howthe pricing is structured, ask for quotationsin a format that will allow you to determinethe full, accurate costs for a three yearperiod. This will enable you to make anapples-to-apples comparison of registrarcharges.

Summary


12/14

So all these things being equal - how do youmake an informed decision? When makinga registrar selection price is important butshould not be your primary selectioncriteria. If you make a decision based solelyon price you are probably making a decisionthat you may regret later. Certification is afree market service. This means that there isno requirement for a registrar to beaccredited (some industry specific standardsmay require accreditation.) If a registrar isunaccredited there are no rules orrequirements for auditor training andqualifications, industry or work experience,the methodology for the certificationprocess and more. Compliance withaccreditation requirements costs money -but has value to you as a customer. Look for

registrars that offer value added servicesbeyond the structured certification processsuch as company listing on their web site,electronic access to your audit reports andaudit schedule. The external fees that you

will pay to registrars for your certificationare small compared to money you will haveinvested internally in putting your system inplace. Most estimates will show that the

internal costs are at least 10 times the coststhat you will pay the registrar. Having madethe commitment and investment toimplement a system in conformance toOHSAS 18001 - keep cost in mind whenmaking your registrar selection but makesure that you take into account the otherimportant factors described here.

People Factors

The registration/certification process is verymuch an individual people business -outside of the certificate itself, there is nophysical product. The product consists ofa series of interfaces from initial requests forinformation, requests for quotations,answers to questions, visits and

presentations. Ask yourself the following

questions about your initial experienceswhen dealing with a potential registrarcandidate. They will give you a pretty goodindication where the registrar is on thepeople factor scale:

Whatwasandhasbeentheresponse

to your requests? Weretheresponsestimely?

Whatwasthegeneralattitudeofthe

people you had to deal with? Dotheyreallyactliketheywould

want and work to keep yourbusiness?

Arethesethekindofpeoplethat

you would look forward to having along term business relationship

with?

Summary

Selecting an OHSAS 18001 registrar is animportant decision, everything being equal,it is a relationship which will, ideally, be inplace for a long time. Taking the time toevaluate registrars based on the abovecriteria will be a good investment of your

time and money.

Additional information

For copies of this leaflet, to request aquotation or for additional informationabout certification, please call:

Toll Free: 1.877.DNV.3530 or1.877.368.3530E-mail: [email protected]

Web Site: www.dnvcert.com

11


13/14

Printed in United States of America

Published by

DNV Certication, Inc.16340 Park Ten PlaceHouston, TX 77084

www.dnvcert.com

DNV is an independent foundationestablished in 1864 whose objective issafeguarding life, property and theenvironment.

DNV is a world-class provider of riskmanagement services including safety,health, quality and environmentalprotection for business, government andindustry.

Worldwide publishing and distributionrights held by Det Norske VeritasCertification, Inc. (DNV Certification),16340 Park Ten Place, Houston, Texas,77084. No part of this document may bereproduced by any means, nor transmitted,nor translated into a machine language

without prior written permission of thepublisher.

The information contained in thisreference material is distributed as a guideonly; it has been compiled from sourcesbelieved to be reliable and to represent thebest current opinion on the subject. No

warranty, guarantee or representation is

made by DNV Certification, as to theabsolute correctness or sufficiency of anyrepresentation contained in this referencematerial, and DNV Certification assumes noresponsibility in connection therewith; norcan it be assumed that all acceptable safetymeasures are included herein, or that othermeasures may not be required in particularor exceptional conditions or circumstances.

While DNV Certification does not undertaketo provide a revision service or guaranteeaccuracy, we shall be pleased to respond to

your individual requests for information atany time.

2008 Det Norske Veritas Certification, Inc.All rights reserved.

12 Additional Information


14/14

DNV Certification

www.dnvcert.com

877.DNV.3530

16340 Park Ten Place

Houston, TX 77084 REV. 07.08

Safety Assessment Series OHSAS18001

Documents