You are currently viewing OHSAS 18001: Complete Guide

OHSAS 18001: Complete Guide

What is OHSAS 18001?

OHSAS Stands for the Occupational Health and Safety Assessment Series. 18000 series consists of OHSAS 18001 and OHSAS 18002.OHSAS 18001 covers requirements, whereas OHSAS 18002 covers guidelines for the standard implementation. It is one of the International Standard for Occupational Health and Safety Management Systems. It provides a framework for the effective management of OH&S including all aspects of risk management and legal compliance. 

Adherence to OHSAS is voluntary.OHSAS is a British standard but is a globally accepted standard. The first edition was issued in 1999 and the Second edition was issued in 2007.

BSI canceled BS OHSAS 18001 to adopt ISO 45001 as BS ISO 45001. ISO 45001 was published in March 2018 by the International Organization for Standardization. Organizations that are certified to BS OHSAS 18001 can migrate to ISO 45001 by March 2021 if they want to retain a recognized certification. 

Why OHSAS 18001?

Focus on Occupational Health and safety started in the early 19th century, with rapid industrialization.

Initially, the regulation was contained in the regulation of work hours for women and Children in work areas. With changing times organizations such as WHO and ILO felt the need to define OHS and that is when, in 1950, WHO and ILO first gave definition to OHS.

“OHS deals with all aspects of Health and Safety at the workplace and is strongly focused on preventing hazards.”

OHSAS 18000 has three main goals or purpose
  1. Maintain and promote Worker’ health and safety.
  2. Improve work conditions in the workplace.
  3. Developing work culture supporting Health and Safety.

OHSAS is important from the employee as well as employer perspective.

It is important from an employee perspective since it promotes employee health and safety, but it is also important from an employer’s perspective since any lapses could have legal, social, and financial consequences for the organization.

For example: If there is a safety-related major accident in an organization and someone is seriously hurt or died, can lead to the factory owner’s arrest.

Clause-by-clause summary of the standard

4.1 General Requirements

4.2 OH&S Policy

4.3 Planning

4.4 Implementation and Operations

4.5 Checking

4.6 Management Review

An easy way to remember elements is by remembering Mnemonics GO PIC My Rabbit.

Where 

G-General requirements, O-OH&S Policy, P-Planning, I-Implementation and Operations, C-Control, My-Management, and Rabbit-Review.

4.1 General Requirements

First, it is important to understand that all requirements listed in the standard are mandatory and we can’t choose which requirement applies and which one does not.

  1. The organization shall Maintain, document, and implement all the requirements mentioned in the standard. Missing any of the three parts can lead to failure of adherence to OHSAS 18001
  2. The Standard applies to only Employee’s health and safety and does not include Employee welfare schemes or Programs. Also does not involve product safety.
  3. Shall include scope. The scope further has two components Activities and Location. Activities mean all the activities the organization is involved in, such as manufacturing, trading or Education, etc, and Locations are all the locations the organization is operating from.

4.2 OH&S Policy

Implementation of any management system is not possible without the commitment from Management. So commitment from management is very important and it is reflected through OH&S policy for Organization.

OH&S Policy must include following points :

  1. OH&S policy shall cover commitment to prevent ill health,Injuries and to achieve zero accidents.
  2. Commitment to continual improvement
  3. Compliance with legal requirements.
  4. Component of Communication.

Policy shall be reviewed at specified regular intervals.

OHS Policy Example

(Company name) is committed to an OHS program that protects its employees, guests, contractors, the public, and property from incidents occurring on our site. Through this program, we will engage workers in safe work practices and in the development of a strong health and safety culture.

We believe that all incidents are preventable, so our goal is ZERO incidents. Active participation at all levels will ensure that our goal can be achieved.

(Company name) endeavors to provide proper and relevant employee training, job-specific safe work practices, personal protective equipment, operation and maintenance procedures, and safety guidelines that focus management, employee, and contractor awareness on reducing the risk of incidents in all activities.

(Company name), contractor employers and contractor employees are responsible for complying with all health and safety standards and regulations, including the Workers Compensation Act and the OHS Regulation, and for co-operating with management in the implementation of the health and safety program, worksite inspections, incident investigations, and the continuous improvement of this program.

(Company name) is committed to safe and sustainable practices in all aspects of our operations and therefore will review and update our safety program on a yearly basis to adapt to industry changes, trends, and requirements.

(Company name) management, contractor management, and all employees are collectively responsible to ensure compliance with local government, OHS, and environmental regulations.

Signed:                                                                       Date: 

           President/CEO (or highest-ranking employee)

(Company name)

4.3 Planning

4.3.1 Hazard Identification, Risk Assessment, and Determining Controls

Hazard identification

Before we move forward let us understand the difference between Risk and hazard.

Risk is the likelihood of a harmful effect, whereas hazard is the potential source of that harm.

What are Hazards?

For hazard identification first, we need to understand the categories of Hazard.OHSAS 18001 does not categories hazard but based on experience these can be categorized as 

  1. Chemical
  2. Environmental
  3. Biological
  4. Physical
  5. Electrical 
  6. Psychological
Steps to Identify Hazards

Step 1: List down all the activities conducted in the organization. These can be internal or external activities. For example, machining part inside our own factory is an internal activity but outsourcing it for plating is an external activity. Activities can be further classified as Routine and Non-Routine activities. For example, Checking Machine as per daily machine checklist is a routine activity but Machine overhauling once six months as per PM Checklist is a non-routine activity.

Step 2: Identify the persons involved in those activities. These persons can also be divided into Internal and External. An internal person includes persons such as operators and an external person includes such as supplier representatives.

Step3 : Note down description of all the activities identified in the first step.

By following these three steps you would have ample amounts of data to identify the hazards involved in your organization.

Methods of Information Collection
  1. Observation of activities performed by internal and external stakeholders.
  2. Interviewing internal and external stakeholders.
  3. Past experiences and records
  4. Going through applicable legislation.

Risk Assessment

The second step is the risk assessment of the hazards identified. Each hazard would have a different level of risk involved and in this step, we try to quantify that risk. The parameter used to quantify risk is the calculation of impact.

Impact = Consequence(or Severity)*Probability of Hazard occurrence

Lower the Impact number better it is. High impact number means that hazard needs attention since the risk is high and hence action needs to be taken to control and reduce that risk.

Control

To understand control we need to understand hierarchy of control

  1. Eliminate: First try to eliminate hazards.
  2. Substitute: If elimination is not possible, try to substitute it.
  3. Isolate: If the substitution is not possible, isolate it.
  4. Engineering Control: If isolation is not possible, provide design or engineering control.
  5. Admin Control: If Engineering control is not possible, provide admin control.
  6. PPEs:  Personal Protective equipment shall be used as the last alternative.

4.3.2 Legal and other requirements

There is a requirement for a procedure to explain how the company obtains information regarding its legal and other requirements and makes that information known to relevant functions within the company. 

The intent of this sub-clause is to identify the legal and other requirements that pertain to its operations and activities so that the company can ensure that they are incorporated in the OHSMS. 

With the identification of the legal and other requirements, the company must determine if these requirements have health and safety consequences. It follows that high significance impacts identified (with the above 4.3.1 and 4.3.2) become candidates for health and safety programs (4.3.3 below) and health and safety programs are candidates for operational controls (4.4.6 below). 

Procedure must include following points :

  1. Review to be done at what frequency?
  2. Review to be done by whom?
  3. How will the review be conducted ?
  4. How will the results of the review be managed?

4.3.3 Objectives and Programs

In this sub-clause, there is a requirement for a system that ensures that health and safety programs with objectives and targets are consistent with the policy, which includes the commitments to compliance with legal and other requirements, continual improvement, and prevention of injury and ill health.

In addition, the company must take into consideration significant hazards, legal and other requirements, views of interested parties, and technological, financial, and business issues when deciding what it wants to accomplish as an objective. 

The objectives and targets can be very different and specific for each company and need to exist at whatever functions and levels of the company, and where practical be measurable. Health and safety programs are required in an OHSMS and become the plans and programs detailing how the objectives and targets will be accomplished. Typically, they identify the responsible personnel, benchmarks, milestones and dates, and measurements of success. 

When measuring and monitoring parameters are included in the programs, conformance to the performance measuring and monitoring sub-clause 4.5.1 (below) becomes practical. 

Following is the requirement for objectives defined:

  1. Quantifiable objective.
  2. Responsibility 
  3. Time Frame 
  4. Resources available to achieve that objective.

4.4 Implementation and Operations

4.4.1 Resources, Roles, Responsibility, Accountability and Authority

As we described earlier any management System implementation is not possible without top management involvement.The OHSAS 18001 standard requires that the top management be accountable and take the ultimate responsibility for OH&S and the OHSMS.Hence the role of top management is very important.

It majorly involves following activities :

  1. Providing resources for the implementation of all standard requirements. This sub-clause requires top management to demonstrate its commitment by ensuring that resources are available so that the OHSMS can be implemented, maintained, and improved. Resources include human resources, infrastructure, financial, technological resources, and others as needed
  2. Defining roles, responsibilities and authorities of persons involved in OH&S implementation. Roles, responsibilities, accountability, and authorities must be defined, documented, and communicated at the relevant levels and functions. An organization chart becomes an effective tool to demonstrate the responsibility and authority structure within the company. The company must appoint a member of top management as the management representative who becomes the OHS project manager who is responsible to report to management on its implementation progress. This person ensures that the OHSMS is established, implemented, and maintained consistent with OHSAS 18001, and reports to top management on the performance of the system including recommendations for improvement.

4.4.2 Competence, Training, and Awareness 

The primary requirement of this sub-clause is to ensure that persons performing tasks that have or can impact on health and safety and/or relate to the legal and other requirements are competent and able to do the tasks. 

Competency = Skill + Training +Experience

Competence is ensured through appropriate education, training, and/or experience. The company needs to identify training needs as they relate to the OHSMS, the risks associated with the significant hazards, and the legal and other requirements and make sure this training is provided and records maintained.

 A procedure is needed to make sure such persons are aware of the need to conform to all OHSMS procedures and requirements and know what they specifically need to do. Employees must be aware of the OH&S risks and the legal and other requirements associated with their respective responsibilities, why improved performance is beneficial, and what the consequences of not following procedures and requirements are. In addition to job-specific expertise and knowledge, it is expected that all personnel within the OHSMS (including contractors and visitors) have a general awareness of items such as the OH&S policy and emergency response. 

4.4.3 Communication, Participation and consultation 

This sub-clause of the standard requires procedure for communication.Procedure shall cover  both internal and external communications. 

For internal communications, the procedure needs to describe how communication among the levels of the company is accomplished. 

For external communications, the procedure has to describe how external communications are received, documented, and responses provided. There is a specific requirement for the company to establish, implement and maintain a procedure for the participation of workers and consultation with external contractors and relevant external interested parties. 

4.4.4 Documentation 

This requirement ensures that the company has documented the system (in either electronic or paper form) that addresses the clauses of the standard, describes how the company conforms to each clause and sub-clause and provides direction to related documentation.

 For this requirement, not all the OHSMS required activities need to be documented in procedures, as long as the system requirements can be verified. 

However, documentation must be provided such that enough is available to ensure the effective planning, operation, and control of processes related to the significant risks associated with identified hazards, and to demonstrate conformance to OHSAS 18001.

 At a minimum, such documentation includes 

  1. Policy and Objectives
  2. Procedures for all activities discussed.
  3. Scope of implementation
  4. Communication processes.

4.4.5 Control of Documents

 The company is required to control documents so that the latest versions of the OHSMS manual with its system procedures and work instructions are distributed and obsolete information removed from the system. 

In this sub-clause, there is a requirement for a document control procedure that ensures documents are approved prior to use, are reviewed and updated as necessary, changes to versions are identified, and that the current versions are available at points of use. 

Documents need to be legible, identifiable, and obsolete ones so-identified as to avoid unintended use. Other documents of internal origin can be used in the OHSMS, but they must be identified as being essential to the OHSMS and their distribution controlled. 

4.4.6 Operational Control

 For this requirement, critical functions related to the policy, significant health and safety hazards, the legal and other requirements, and objectives and programs are identified. Procedures and work instructions are required to ensure proper execution of activities.

 This sub-clause includes communicating applicable system requirements to contractors who are involved on behalf of the company. The required procedures and instructions need to provide sufficient details so that the company can conform to the policy, the health and safety objectives, targets, programs, the legal and other requirements, and address any impacts from significant hazards. The need for these can be determined with the review of the health and safety risks, objectives, targets, programs, the legal and other requirements, and policy and then deciding what must be documented as a procedure to ensure that deviations from planned arrangements do not occur.

 In addition, the company will need to establish procedures related to the significant hazards and the legal and other requirements for the goods and services it uses, and communicate the relevant elements of those procedures to the suppliers and contractors. 

4.4.7 Emergency Preparedness and Response 

Although this sub-clause can typically be addressed through conventional emergency response plans, it also requires that a process exists for actually identifying the potential emergencies, in addition to planning and mitigating them.

 Emergency incidents include those that may not be regulated but may still cause a significant impact as defined by the company. As part of continual improvement, it is required that the company not only respond to emergency situations but also review the emergency procedures and make improvements as necessary. This may involve periodic testing of emergency procedures, such as with a mock-drill, if practicable. 

4.5 Checking

4.5.1 Performance Measurement and Monitoring

 To properly manage the OHSMS, monitoring must be done and measurements taken to determine how the system is performing. Data generated from this activity can be analyzed and improvement action identified. 

For this sub-clause, procedures are required to describe how the company will monitor and measure key parameters of the operations. These parameters relate to the operations that can have significant impacts, to monitor performance towards the objectives and programs, and to monitor conformance to the legal and other requirements and other OHSMS requirements.

 In addition, equipment and measuring devices related to health and safety measurements must be calibrated according to procedures, and records maintained. 

4.5.2 Evaluation of Compliance 

The first part of this sub-clause requires the company to have a procedure to periodically evaluate its compliance with applicable legal requirements as previously defined per paragraph 4.3.2. The company will need to keep records of these periodic evaluations. The second part of this sub-clause similarly requires an evaluation for compliance with other requirements and a procedure to evaluate compliance can include both legal requirements and other requirements. 

4.5.3 Incident Investigation, Non-conformity, Corrective and Preventive Action

 This sub-clause requires procedures to record, investigate, and analyze incidents in order to determine underlying OH&S deficiencies and for taking action on non-conformances identified in the system, and including corrective and preventive action.

 A nonconformance occurs when the actual condition is not in accordance with planned conditions. 

For example, someone not following a procedure, a regulatory non-compliance, or a misused protective device, are all possible system non-conformances. Non-conformances may be identified through audits, monitoring and measurement, and other communications. 

The company is required to correct the system flaws by addressing root causes, rather than only fixing the immediate problem. The standard also requires that trends in corrective actions be evaluated to see if preventive actions can also be implemented. The procedure needs to make sure the non-conformances are not only first addressed to mitigate health and safety impacts, but that further investigation occurs to determine their cause, and action is taken to avoid it happening again. 

Preventive actions would then be those actions resulting from evaluation as to why nonconformities are occurring and taking action to prevent their recurrence. 

This sub-clause also states that the corrective action be appropriate to the magnitude of the problem and the impacts encountered; to avoid either over-compensating or under compensating for a problem. The company must record the results of corrective actions taken, and must also review the effectiveness of actions taken.

 4.5.4 Control of Records 

Records are expected to be generated to provide objective evidence and to serve as verification that the system is functioning and that the company is in conformance to the standard and to its own OHSMS requirements. A procedure for this sub-clause is required for the maintenance of records, and specifically requires that records be identifiable, retrievable, safely stored, legible, traceable, and retained as appropriate.

 4.5.5 Internal Audit 

The OHSAS 18001 standard requires that internal audits be carried out. 

This sub-clause requires a procedure that includes the methods, schedules, checklists and forms, and processes used to conduct the audits. The purpose of the internal audit is to determine whether the system conforms to the requirements of OHSAS 18001 and the company’s own OHSMS detailed requirements. It also serves to determine if the OHSMS has been properly implemented and maintained. The procedure for internal audits has to address responsibilities and requirements for planning and executing the audits, reporting results, and what records will be generated and maintained. The procedures also address the determination of audit scope, how often they will be conducted, and specifically how they will be done. Auditors need to be selected and trained so that objectivity and impartiality of the audit process are assured. 

4.6 Management Review 

The last clause of OHSAS 18001:2007 requires that, at planned intervals, top management reviews the OHSMS to ensure it is operating and functioning as planned, and is suitable, adequate, and effective.

The company needs to ensure that the inputs for management reviews include results of internal audits, evaluation of compliance with legal and other requirements, results of participation and consultation, relevant communications from external interested parties, OH&S performance, the extent to which objectives and targets are met, the status of incident investigations, the status of corrective and preventive actions, follow up on actions from prior management reviews, changing conditions or situations, and recommendations for improvement.

Results and records become the outputs of management review and can include meeting agendas, attendance records, a summary of the discussions and decisions taken, and made available for communication and consultation. 

Reference Material :

  1. nqa.com
  2. https://en.wikipedia.org/wiki/OHSAS_18001

This Post Has 10 Comments

  1. custom wristbands

    Thank you for your own labor on this site. Gloria takes pleasure
    in carrying out research and it is easy to see why. Many of us hear all regarding the lively method you deliver great
    things through your blog and in addition increase contribution from other people on the subject matter so our favorite simple princess is without a doubt becoming educated a whole lot.
    Take pleasure in the rest of the new year. You are always performing a tremendous job.[X-N-E-W-L-I-N-S-P-I-N-X]I am extremely impressed with
    your writing skills and also with the layout in your weblog.

    Is this a paid subject or did you customize it yourself?
    Anyway stay up the excellent high quality writing,
    it is uncommon to peer a great blog like this one these days.

  2. Jorg

    It’s a pity you don’t have a donate button! I’d most certainly donate to this fantastic blog!
    I guess for now i’ll settle for bookmarking and adding
    your RSS feed to my Google account. I look forward to fresh updates and will
    share this site with my Facebook group. Talk soon!

  3. Eloise

    I really like your blog.. very nice colors & theme. Did you design this website yourself or did you hire someone to do it for you?
    Plz answer back as I’m looking to design my own blog and would
    like to find out where u got this from. thank you

  4. Usa Proxies

    May I simply say what a relief to discover somebody who really knows what they are talking about on the web. You certainly know how to bring a problem to light and make it important. More people ought to look at this and understand this side of the story. I was surprised that you’re not more popular given that you most certainly have the gift.

  5. Get Private Proxy

    Howdy! I simply want to offer you a huge thumbs up for your great info you’ve got right here on this post. I am coming back to your website for more soon.

  6. Katharina

    Very descriptive article, I loved that bit.

    Will there be a part 2?

  7. Cindy

    You really make it seem so easy with your presentation but I find this topic to
    be really something which I think I would never understand.
    It seems too complex and very broad for me. I am looking forward for your next post, I’ll try to get the hang of it!

  8. Cathern

    We absolutely love your blog and find a lot of your post’s to be exactly what I’m looking for.
    Would you offer guest writers to write content to suit your needs?
    I wouldn’t mind producing a post or elaborating on many of the subjects
    you write about here. Again, awesome web log!

  9. Georgiana

    Just wish to say your article is as astonishing.
    The clarity to your put up is just nice and
    that i can assume you’re a professional in this subject. Fine
    along with your permission let me to snatch your feed to stay updated with impending post.
    Thanks a million and please continue the enjoyable work.

Leave a Reply