Occupational health & safety management systems – the business case for ISO 45001
17 November 2020
The International Standards Organisation (ISO) has been providing a framework of standards that British industry has been familiar with for years. These have defined electrical and mechanical connections, product specifications, processes and all manner of things. As they define the way products and services work together, obtaining certification that a business complies to an ISO standard can be a major investment.
The main reason subcontractors and specialists seek certification used to be because it was mandated by a large customer or strategic partner. But for a company such as Enspec Power, 'standards' are at the route of everything the company does. As Director Steve Jones says; “Compliance with customer demands was not the reason we decided to seek certification for ISO 45001. Enspec is a relatively small, specialist power engineering company, and you might think that it would be a big investment for us to seek certification in a standard for occupational health and safety management. After all, Health & Safety is already covered by masses of legislation and government regulation. Our answer is that we wanted to go above and beyond, and we felt we had a strong business case to prove the value of the necessary investment.”
What is ISO 45001? ISO 45001 is an international standard for health and safety at work. Introduced in March 2018, it’s replacing the current standard (BS OHSAS 18001) which will be withdrawn. Businesses have a three-year period to move from the old standard to the new one.
ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organisations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance. It is applicable to any organisation that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies).
ISO 45001 also helps an organisation to achieve the intended outcomes of its OH&S management system. According to the standard, the intended outcomes of an OH&S management system include:
a) continual improvement of OH&S performance;
b) fulfilment of legal requirements and other requirements;
c) achievement of OH&S objectives.
The standard is applicable to any organisation regardless of its size, type and activities. It also enables an organisation, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/well-being. However, although it does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties, it does provide a platform that can integrate other standards and policies covering these areas.
The business case
Put simply, Enspec does dangerous stuff within important, time-critical projects that represent huge capital and social investments. Steve Jones says; “Our reputation and brand is built on being able to deliver our part of these projects. It turns out that the single most avoidable cause of delay to any project is accident and injury. So, from a business perspective, we needed a system that prevented accidents, managed the risk involved in EVERY task our staff are involved with, and to prevent recurrences should anything unforeseen happen.”
However, it's not just about projects. “We are a firm of specialists. Our people are valuable,” says Steve Jones. “And as a small firm, our people become part of our 'family'. We wanted a system that would help us ensure we all keep each other safe at all times, and implementing ISO 45001 is simply the best way to create that system.”
Another useful point to the business case has been the way it simplifies tendering – for both Enspec and its clients. For example, a client may ask many detailed questions about safety management procedures in their invitation to tender (ITT). By being able to answer that they are covered by ISO 45001:2018 accreditation, and demonstrating that accreditation is up to date, both responding to a potential client’s ITT and assessing Enspec's tender response becomes much easier and quicker.
How Enspec did it
Implementing ISO 45001 may help your organisation demonstrate compliance with health and safety law. But, in some respects, it goes way beyond what the law requires. So, is the cost of adoption worth it?
Steve Jones says, “Our organisation already had a developed health and safety management structure, and we were very familiar with other management standards. In fact, our existing working and H&S practices made it straightforward for us to adopt ISO 45001.”
However, Enspec did have a few minor difficulties in interpreting what the standards were asking and gauging how proportionate implementation will look.
“Working closely with our auditors helped a lot. We were able to develop things based on their advice, and test them iteratively before being audited,” says Steve Jones.
Audit
To implement ISO 45001 in a proportionate way, auditors or certifiers should understand that it needs to be:
- tailored to an organisation’s size and level of complexity
- in proportion to the risks
Auditors should be able to provide evidence that they’re competent to a recognised standard.
The certification body should be accredited by either the United Kingdom Accreditation Service (UKAS) for ISO 45001 or an equivalent accreditation body that is a member of the European Cooperation for Accreditation (EA) or the International Accreditation Forum (IAF).
How long did it take?
“We built the entire company culture around 'standards',” explains Steve Jones. “From day one, twenty-odd years ago, we could see that the industry was heading towards a position where standards were expected in project planning, safety and procurement, so we wanted to ensure that we could offer standards accreditation at every stage of the tendering process.
“In addition, if you're building a business from scratch, why try to invent everything from new? The British Standards Institute had developed a whole range of standards for managing and operating a business such as ours, so building our systems and processes to meet those standards was an obvious way to go.”
It turns out Enspec's belief in standards was sound. Since Enspec was founded, the BSI standards became very much more widely expected and requested in tendering processes. And as the market opened up across Europe, the development of the International Standards Organisation and the adoption of their ISO standards has very much become the norm.
So, how long did it take? That's not a straightforward question, because standards and the company culture and processes are completely interlocked. So, when the time came to move from BSI 18001 to ISO 45001, it took almost no time at all. “We needed to make very few minor changes in our existing processes, procedures or controls, and only small adjustments to our documentation in order for the auditor to give us our ISO 45001:2018 accreditation,” says Steve Jones.
ISO 45001 now covers work at its manufacturing site in Newcastle, at its design office in St Helens, and everywhere that the company works, installing its systems or carrying out consultations.
Who was responsible
Company director and Fellow of the Institute of Engineering and Technology, Dave Jones led the project to implement ISO: 45001, supported by fellow director Steve Jones and safety manager Derek Hall. However, you can only be successful when implementing such a comprehensive system if you incorporate input from every member of staff – and that's what Enspec did.
“The one significant change we had to make was to ensure that the directors and senior managers were more actively 'responsible' for the safety management system. But that concept is familiar to everyone in engineering – everyone is responsible, but a nominated person carries ultimate responsibility for that project, for quality assurance, and in this case for safety assurance,” says Steve Jones.
“Because we involved everyone in the project, everyone is ‘invested’ because they can all see how it will make their job better, safer, and (by making the company more successful) more secure. We involved everyone, so everyone can see that rules and procedures have been built around their work to manage risks, not to make working more difficult and complex.”
Help with ISO 45001 from outside your organisation
You can get external advice to help comply with the standard but your organisation will remain legally responsible for the day-to-day control of risk.
If you choose to use a third party (including auditors and certifiers) ask them for proof that they have experience implementing the standard proportionately across a range of business sizes, types and sectors.
You can get help finding a consultant with experience of your work by using the Occupational Safety and Health Consultants Register.
You can also find information on a number of key websites.
- Find out about product standards and their use.
- More information about ISO 45001 - ISO website.
- General guidelines for the application of ISO 45001 - BSI website.
Contact Details and Archive...