ISO 45001-2018 6.1 Risks and opportunities

 

FREE QHSE Software Click <HERE> to Learn More


QHSE Support >(Site Map) Health & Safety Guidance > ISO 45001:2018 Clauses > ISO 45001:2018 clause 6 >  

 

FREE Quality, Health and Safety, and HR Business Software Click <HERE> to Learn More and Download


ISO 45001:2018 Clause 6.1 Actions to address risks and opportunities


 

PLAN

DO

CHECK

ACT

 

ISO 45001:2018 Clause 6.1 Actions to address risks and opportunities

 

Clause 6.1 Breakdown

 

6.1 Actions to address risks and opportunities

 

  6.1.1 General

  6.1.2 Hazard identification and assessment of risks and opportunities

  6.1.3 Determination of legal requirements and other requirements

  6.1.4 Planning action

 

First thing to note about clause 6 is it includes additional sub-clauses not included in the documents main index!!!

 

The mind-map below includes the missing sub-clauses.

 

ISO 45001-2018 6.1 Actions to address risks and opportunities mind map, with missing clauses

 

The three new sub-clauses are all listed under clause 6.1.2 and include.

 

6.1.2 Hazard identification and assessment of risks and opportunities

  6.1.2.1 Hazard identification

  6.1.2.2 Assessment of OH&S risks and other risks of the OH&S management system

  6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system  

 

6.1.1 General

 

The mind-map below attempts to more clearly show the different areas of the standard that clause 6.1.1 makes direct or implied reference to.

 

ISO 45001-2018 6.1.1 General mind map

 

 

Clause 6.1 Actions to address risk and opportunities is divided into 4 main sub-clauses, with 6.1.1 giving an overview of the planning requirements.  Planning should be proportionate to the level of risk and the objectives of the organization. When determining the organization's risks and opportunities, the standard is looking to see that clause 4 context of the organization has been understood and used when taking into account;

 

hazards

OH&S risks and other risks

OH&S opportunities and other opportunities

legal requirements and other requirements

 

When considering hazards, it should not just be those probable to transpire, but also those with the most impact, i.e., those which can lead to the most significant risks to the organization.

 

This is about understanding the organization's internal and external OH&S issues, identifying interested parties and how they affect or are affected by the OH&S management system, knowing that the requirements only apply to the scope of your OH&S management system.  Note: While your OH&S management system scope may limit requirements of the standard, it does not distract from legal responsibilities placed upon an organization by country-specific OH&S and other legislative documents.

 

In general, the clause is looking to assess the risks to the OH&S management system and to provide assurance that risks are managed and where realistic or essential opportunities for improvements are identified, they are implemented.

 

At the most basic;

 

We are doing something.

Have we identified and then eliminated, prevented or reduced risks.

Did we take advantage of any opportunities.

 

This basic approach should be used where it is considered proportionate to the level of risk for the introduction or occurrence of:

 

new or modified equipment, tools, processes, activities or staff

new technologies

changes to interested parties

changes to work demands

changes to suppliers

infrequent and unscheduled work activities

emergency situations

 

6.1.2 Hazard identification and assessment of risks and opportunities

  6.1.2.1 Hazard identification

  6.1.2.2 Assessment of OH&S risks and other risks of the OH&S management system

  6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system

 

As is can be seen clause 6.1.2 is broken down into three parts which look at hazards and the risks and opportunities these hazards present.

 

ISO 45001:2018 6.1.2 Hazard identification and assessment of risks and opportunities

 

6.1.2.1 Hazard identification

 

The standard requires that an organization shall (i.e. mandatory) establish, implement and maintain a process(es) for hazard identification that is ongoing and proactive. Clause 3.19 defines a hazard as a 'source with a potential to cause injury and ill health. Clause 3.18 defines injury and ill health as; "adverse effects on the physical, mental or cognitive condition of a person".  Where adverse effects include occupational disease, illness and death.  We can therefore reliably conclude that a hazard is; "a source with a potential to cause adverse effect on the physical, mental or cognitive condition of a person".

 

We can also reliably conclude that hazard identification will be widespread across almost all of an organization's processes and activities.  Typically these can include, but not be limited to:

 

physical activities (e.g. manual handling, working at height)

chemical, biological (e.g. oils, dusts, viruses, bacteria, harmful plants)

psychosocial (e.g. stress, pressure, harassment, bullying, victimization, work-related violence, work conflicts)

physiological (e.g. extreme temperatures, unpleasant or hazardous conditions)

mechanical / electrical

 

ISO 45001:2018 6.1.2.1 Hazard identification typical areas

 

Hazard identification will need to cover normal and non-normal daily activities, e.g., holiday and absenteeism cover, or events that cause additional pressures on work schedules.  It should also cover routine and non-routine activities, e.g., maintenance and breakdowns, including what happens when things don't go to plan, e.g., staff accidents or incidents, emergency protocols being implemented.  The very nature of these non-normal events can lead to hazards in themself.  For example, fire evacuations; If not managed in a controlled manner, could lead to risks to employees and the responding emergency services.

 

6.1.2.2 Assessment of OH&S risks and other risks of the OH&S management system

 

All organizations are free to manage their OH&S and other risks in a way that suits their own and possibly unique criteria. This, providing they also meet their statutory and regulatory requirements, which would in itself be a requirement of meeting ISO 45001:2018 accreditation.  So organizations are free to choose their own appropriate way to assess risk (see clause 3.20), taking into account the activities they undertake and the latitude afforded them.

 

Many organizations will have generic risk assessments drawn up by OH&S specialists, hopefully with occupational knowledge of the industry sector.  These generic risk assessments will normally have a degree of customization, not only for site details but also site-specific activities and hazards (see clause 3.19).  This approach can provide consistency in the process (see clause 3.25) and paperwork across the organization, and possibly a proportion of cost-efficiency.  This approach also needs to have an element of careful deliberation to ensure it fully considers the varying site activities.

 

As listed in 6.1.2.1, risks can be associated with many different criteria, and the manner and methodology for recognising these risks will vary greatly.  This is an area that generic risk assessments can sometimes fall short in meeting the necessary prerequisites.

 

Not all risks can be accessed using a standard severity verses likelihood health and safety risk assessment.  These types of risk could include but not be limited to.

 

failure to address the needs and expectations of relevant interested parties;

inadequate planning or allocation of resources;

an ineffective audit programme;

poor succession planning for key roles; and

poor engagement by top management.

 

risks of these kind, if not managed effectively may well cause more than just accreditation issues.

 

 

6.1.2.2 Assessment of OH&S risks and other risks of the OH&S management system non direct health and safety risks

 

However, the organizations' choices to implement risk management need to be in a systematic and proactive way, not a 'fire fighting' reactive based system.  The approach to risk management adopted will need to be maintained as documented information with methodologies and criteria laid out.

 

6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system

 

The two main areas where opportunities for improvement can come from, OH&S performance and OH&S management.  One hopes if you get the latter right, the rest follows...

 

Opportunities for OH&S performance are probably recognised more simply from day to day activities, which may not be directly referenced by the standard, but may well come from clause 5.4 Consultation

 

OH&S performance opportunities can come from many areas; below are a few places to look:

 

eliminating hazards (see Clause 3.19) and risks (see clause 3.20)

work processes, work site layout, environmental conditions

procurement of goods and services

introduction of new technologies

introduction of automated machinery

maintaining workers engagement in their activities

eliminating worker fatigue

 

OH&S management performance, listed below are a few places to look:

 

making top management’s support for the OH&S management system more visible, e.g. through communications such as social media or highlighting OH&S performance in strategic business plans;

improving the organizational culture related to safety and training;

enhancing incident investigation processes;

increasing worker participation in OH&S decision-making; and

collaborating with other organizations in forums which focus on OH&S.

 

6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system OH&S management performance opportunities

 

6.1.3 Determination of legal requirements and other requirements

 

Each organization will have to determine not only health and safety but also other legal requirements such as building, environmental etc.  The extent of these legal requirements should cover the organization's hazards (see clause 3.19), OH&S risks (see clause 3.20) and OH&S management system (see clause 4.4), and will be partly based on the context of the organization (see clause 4.1) and any specific enforceable legislation of the country.

 

This example mind map shows some typical areas, however, each organization will have its own requirements to be met.

 

6.1.3 Determination of legal requirements and other requirements example area

 

The organizational will need to maintain as documented information its legal and other requirements and have processes in-place to ensure they remain compliant to these and any new requirements.

 

6.1.4 Planning action

 

This cause is about confirming you have plans in place to eliminate hazards (see clause 6.1.2.1), reduce OH&S risks (see clause 6.1.2.2), manage legal requirements and other requirements (see clause 6.1.3), and assess OH&S opportunities (see clause 6.1.2.3).   When planning the management of hazards, the requirements of clause 8 need to be considered, and clause 8.2 for emergency preparations.

 

The clause also seeks to ensure that the effectiveness of hazard planning is evaluated, and although not directly referenced, we are probably looking at clause 9

 

ISO 45001:2018 6.1.4 Planning action clause mind map

Useful integrated management system cross references

 

ISO 9001

 

ISO 9001-2015 6 Planning

ISO 9001-2015 6.1 Risks and opportunities

 

ISO 14001

 

ISO 14001-2015 6 Planning

ISO 14001-2015 6.1 Risks and opportunities

 


Help file v1.149.0321 : Copyright © 2021 Brian G. Welch MSc(QHSE), NVQ4(OH&S), CMIOSH - Supported by Website On Safe Lines 


FREE QHSE Software Click <HERE> to Learn More and Download