With the publication of ISO 45001, the world’s first international standard for occupational health and safety (OH&S) management, businesses can now easily integrate OH&S with their quality and environmental management systems. This provides major benefits to organizations that might not be easy to see.
Let’s say it right from the start: Historically, it hasn’t been easy to produce a truly integrated system. When I first began auditing management systems some 15 years ago, not many companies integrated their systems, mostly because the standards were written differently. The clauses and requirements of quality, environmental, and health and safety standards didn’t line up. This resulted in a fragmented approach—for example, the quality department handled the quality management system, and the environmental team handled the environmental system. Process-wise, this made sense because there were different sets of documentation and different processes.
The stars align
Sometimes I do see a company with a quality management system, and one that combines environmental and OH&S. This is because ISO 14001 and OHSAS 18001 aligned better with each other than with 9001. Today, with ISO 45001, we have that alignment. But what does it mean when we say that 9001, 14001, and 45001 are aligned?
The biggest change is that they are all now based on Annex SL, which defines the basic structure of a management system standard. This means that they all now share the same ten basic clauses. Clauses one through three are basic in that they define the scope, contain references, and also terms and definitions. Four through ten are where we find the real subject matter of the standard:
- Context of the Organization
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
All these clauses, across all three standards, have similar requirements and are based on similar ideas. For instance, clause six, which is planning, takes a risk-based approach. This means a company must determine their risks in quality, environmental, and OH&S and decide how to address those, and how do they fit into the context of the organization. Based on a company’s experience with this in 9001 and 14001, it’s easy to understand the approach for OHS&E to meet the requirements.
Benefits of integration
Many companies talk about having an ISO system, but I feel it should be the other way around. They really should have a business management system—a framework to run their business. In turn, that framework should be based on ISO standards. This integrated approach has its benefits, and they revolve around the idea of a single source of information:
One set of documentation. Imagine having just one set of documentation and one system you’re managing, as opposed to two or three sets of rules. This also means you’re training your employees on one system; they can be trained once and follow one process. This gives companies a holistic picture of their functions. There are things to be learned from each individual quality, environmental, and health and safety standard. Bringing these teams together can help them learn from all the standards, not just one.
One view of your processes. When an internal team is performing the core functions of the management system—internal audits, corrective actions, management review—that team is looking at everything at the same time. This provides a way to see where there are gaps. Notice I say “team” rather than “teams.” Having an integrated management system means you can go from three teams that manage your management systems to one, which is more efficient and can free up personnel to deploy to other areas of the business.
One integrated audit. With an integrated system, your registrar can perform one audit and reduce the traditional number of on-site auditing days using an integrated auditor. There’s an obvious cost benefit to this, as well as a benefit to less disruption in the business; they’re coming once a year instead of three. It can also produce a more effective and valuable audit because your auditor is looking at the system holistically.
I’ve had several clients go through the integration process and come out the other side pleased with the benefits.
One of our clients, a truck manufacturer, had two separate management systems when I first began visiting them. One was for 14001 and 18001, and another for 9001. When they decided to integrate the two, they took a critical look at their procedures. What they found were many outdated pieces—some ten years out of date—that weren’t needed any longer due to changes at the company. They substantially reduced the amount of documentation they had. As a result, we were able to send one auditing team, which meant fewer auditors and fewer audit days. Their big win was having a system that was under a central management team.
INTEGRATED MANAGEMENT SYSTEMS: IN TRANSITION
This chart shows the percentage of Lloyd’s Register clients with two or more integrated management systems.
Tips for moving to an integrated system
If a company is migrating from OHSAS 18001 to ISO 45001 in 2019, it’s an ideal time to take a fresh look at integration—it’s not as big of a job as you might think. One of my auditors compares it to a house; 45001 isn’t building an entirely new structure, it’s just adding another room.
Not only are the standards fully aligned, the number of required procedures are also reduced. This gives companies the opportunity to examine how their management system is constructed, and take advantage of this alignment. They can combine their internal audit processes and their corrective action processes, and in doing so, likely reduce their procedures.
The hardest part is deciding what to do with your existing management system. How much of it is still relevant to your company’s current operations? Speaking as someone who’s both managed management systems and audited them at different points in my career, there is a tendency to write the procedures to keep auditors happy, and also to satisfy what the standards call for. Now, the way the standards have been rewritten, you have the flexibility to document your processes in a way that benefits your company.
Hang-ups in the integration process
One of the most common places that companies get hung up on in the integration process is around responsibilities. It’s important to figure out, between the environmental, quality, and safety teams, who’s responsible for what in terms of the system.
It can also be difficult to decide how to meet new expectations in the standards. For example, there are no longer specific requirements for written procedures—a company can decide for itself what it wants to document. That flexibility means a company has to make some decisions: Should it still be a written procedure? Should it be a policy? Should it be a training requirement?
Metrics and measurement of the efficiency of your processes is another new requirement. While some processes are easily measured, for others it can be difficult to come up with metrics. A manufacturing process is easy to monitor and measure, setting key performance indicators (KPIs) that tell you if a process is effective (defects/hour or number first time right) or efficient (time for tooling changeover or number of inspections per day). However, other processes are more difficult to measure, such as purchasing or engineering. How do you measure the effectiveness of your internal audit or corrective action process? Measurements such as number of audits completed or number of audit findings may be of value, as might tracking non-conformance closure times. Your auditor will be looking for how you measure effectiveness and efficiency of your processes, and this will create opportunities to think differently about how you operate, and measure, your business.
I had one client with several divisions who spent a year re-thinking their framework and reassigning responsibilities, and coming up with ways to measure their processes, both quality and environmental. Through that process they produced a team truly committed to the management system. They produced a mastery process to gauge the level of readiness of every site so they could easily compare statistics and milestones. The added benefit was that site teams became competitive to reach the next level of mastery.
Final thoughts on integration and safety
Because of this alignment with 45001, I believe we’ll see more companies become ISO 45001 certified. Most companies I visit have a safety culture and have some kind of safety management system, even if it’s not certified. In the past, they didn’t see the advantage of certification; 18001 wasn’t an ISO standard and again, it was different enough from the others to make it somewhat difficult to implement.
With 45001, everything has changed. If you have 14001 certification, for example, then you’re halfway there. I get the general feeling that companies believe it’s the right thing to do, and they’re beginning to see value in it. For example, some insurance companies lower rates if there is a certified safety management system in place. Having a 45001 certified OH&S system can have a positive effect on OSHA visits.
The benefits with 45001 also go straight to the top. There is a much stronger focus on the role of both top management and all employees. The responsibilities for health and safety must be integrated into everyday business operations with wider accountability than only the health and safety manager. Consider these figures from the International Labor Organization: more than 2.78 million people die globally each year as a result of work-related illness or accidents, and 374 million non-fatal accidents and work-related illnesses are reported each year. Certainly a greater emphasis on safety by all employees can only help companies and also society in general. Q
