Guideline OHSAS 18002 2008
OHSAS 18002:2008
OCCUPATIONAL HEALTH AND SAFETY ASSESSMENT SERIES
Occupational health
and safety management
systems — Guidelines for
the implementation of
OHSAS 18001:2007
ICS 0 3 .1 0 0 .0 1 : 1 3 .1 0 0
NO COPYING WITHOUT OHSAS PROJECT GROUP PERMISSION EXCEPT AS PERMITTED
BY COPYRIGHT LAW
OHSAS 18002:2008
Publishing and copyright information
The OHSAS co pyrig ht no tice displayed in this do cument indicates when
the do cument was last issued.
© OHSAS Pro ject Gro up 2008
ISBN 978 0 580 61674 7
ICS 03.100.01; 13.100
Publication history
First published February 2000
Seco nd editio n No vember 2008
Amendments issued since publication
Amd. No.
Date
Text affected
OHSAS 18002:2008
Contents
Ackno wledg ement ii
Fo rewo rd iv
Intro ductio n 1
1
Sco pe 4
2
Reference publicatio ns 5
3
Terms and definitio ns 5
4
OH&S manag ement system requirements
9
Annexes
Annex A (info rmative) Co rrespo ndence between OHSAS 18001:2007,
ISO 14001:2004 and ISO 9001:2008 68
Annex B (info rmative) Co rrespo ndence between OHSAS 18001,
OHSAS 18002 and the ILO-OSH:2001 Guidelines o n o ccupatio nal safety
and health manag ement systems 71
Annex C (info rmative) Examples o f items fo r inclusio n in a hazard
identificatio n checklist 75
Annex D (info rmative) Co mpariso ns o f so me examples o f risk
assessment to o ls and metho do lo g ies 77
Biblio g raphy
78
List of figures
Fig ure 1 – OH&S manag ement system mo del fo r this OHSAS
Standard 2
Fig ure 2 – Overview o f the hazard identificatio n and risk assessment
pro cess 15
List of tables
Table A.1 – Co rrespo ndence between OHSAS 18001:2007,
ISO 14001:2004 and ISO 9001:2008 68
Table B.1 – Co rrespo ndence between the clauses o f the OHSAS
do cuments and the clauses o f the ILO-OSH Guidelines 73
Summary of pages
This do cument co mprises a fro nt co ver, an inside fro nt co ver,
pag es i to vi, pag es 1 to 78, an inside back co ver and a back co ver.
The co pyrig ht no tice displayed in this do cument indicates when the
do cument was last issued.
© OHSAS Project Group 2008 – All rights reserved
• i
OHSAS 18002:2008
Acknow ledgement
The fo llo wing o rg anizatio ns are included in this listing either
to reco g nize their assistance in the develo pment o f this editio n
o f OHSAS 18002, o r to reco g nize their g eneral suppo rt o f the
OHSAS standards.
AFAQ EAQA
American Industrial Hyg iene Asso ciatio n (AIHA)
American So ciety o f Safety Eng ineers (ASSE)
Aso ciació n Españo la de No rmalizació n y Certificació n (AENOR)
Asso ciatio n o f British Certificatio n Bo dies (ABCB)
British Standards Institutio n (BSI)
Bureau Veritas Certificatio n
Cˇeský no rmalizacˇní institute (CNI)
Co misió n Federal de Electricidad (CFE), (Gerencia de la seg uridad
industrial)
Czech Accreditatio n Institute (CAI)
Det No rske Veritas (DNV)
DS Certificatio n A/S
EEF the manufacturers’ o rg anisatio n
ENLAR Co mpliance Services, Inc.
Esto nian Centre fo r Standardisatio n (EVS)
Health and Safety Executive 1)
Ho ng Ko ng Quality Assurance Ag ency (HKQAA)
iM S Risk So lutio ns
Institute fo r Standardizatio n o f Serbia (ISS)
Institutio n o f Occupatio nal Safety and Health (IOSH)
Instituto Arg entino de No rmalizació n y Certificació n (IRAM )
Instituto Co lo mbiano de No rmas Técnicas y Certificació n (ICONTEC)
Instituto de No rmas Técnicas de Co sta Rica (INTECO)
Instituto M exicano de No rmalizació n y Certificació n, A.C. (IM NC, A.C.)
Instituto Urug uayo de No rmas Técnicas (UNIT)
ITS Co nsultants
Japan Industrial Safety and Health Asso ciatio n (JISHA)
Japanese Standards Asso ciatio n (JSA)
Ko rea Gas Safety Co rpo ratio n (ISO Certificate Divisio n)
Llo yds Reg ister Quality Assurance (LRQA)
M anag ement Systems Certificatio n Limited
1)
As the reg ulato ry autho rity respo nsible fo r health and safety in Great
Britain, the Health and Safety Executive wo uld wish to make it clear that
reliance o n the OHSAS Standard by o rg anizatio ns will no t abso lve them
fro m co mpliance with any o f their leg al health and safety o blig atio ns
under the laws o f Eng land and W ales, and Sco tland.
ii • © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
Natio nal Standards Autho rity o f Ireland (NSAI)
Natio nal University o f Sing apo re (NUS)
Nederlands No rmalisatie-instituut (NEN)
NPKF ELECTON
NQA
QM I-SAI Glo bal
SABS Co mmercial (Pty) Ltd.
Service de No rmalisatio n Industrielle M aro caine (SNIM A)
SGS United King do m Ltd
SIRIM QAS Internatio nal
Slo venský ústav technickej no rmalizácie (SUTN)
SPRING Sing apo re
Standards Institutio n o f Israel (SII)
Suco findo Internatio nal Certificatio n Services (SICS)
Swedish Industry Asso ciatio n (Sinf)
Swedish Standards Institute (SIS)
Techno fer Ltd.
TÜV Rheinland Cert GmbH – TÜV Rheinland Gro up
Standards Asso ciatio n o f Zimbabwe (SAZ)
W e wo uld also like to reco g nize the invaluable co ntributio n made
by tho se many o rg anizatio ns who to o k the time to review the
wo rking drafts o f OHSAS 18002, and who submitted co mments fo r
co nsideratio n. This helped us g reatly in impro ving the standard, and
is much appreciated.
© OHSAS Project Group 2008 – All rights reserved
• iii
OHSAS 18002:2008
Forew ord
This Occupatio nal Health and Safety Assessment Series (OHSAS)
g uideline, and OHSAS 18001:2007, Occupational health and safety
management systems — Requirements, have been develo ped in
respo nse to custo mer demand fo r a reco g nizable o ccupatio nal
health and safety manag ement system standard ag ainst which their
manag ement systems can be assessed and certified, and fo r g uidance
o n the implementatio n o f such a standard.
OHSAS 18001 is co mpatible with the ISO 9001:2008 (Quality) and
ISO 14001:2004 (Enviro nmental) manag ement systems standards,
in o rder to facilitate the integ ratio n o f quality, enviro nmental
and o ccupatio nal health and safety manag ement systems by
o rg anizatio ns, sho uld they wish to do so .
OHSAS 18002 quo tes the specific requirements fro m OHSAS 18001
and fo llo ws with relevant g uidance. The clause numbering o f
OHSAS 18002 is alig ned with that o f OHSAS 18001. Text g iven with
an o utlined bo x is an exact duplicatio n o f text fro m OHSAS 18001.
OHSAS 18002 will be reviewed and amended o r revised when
co nsidered appro priate. Reviews will be co nducted when new editio ns
o f OHSAS 18001 are published (expected when revised editio ns o f
either ISO 9001 o r ISO 14001 are published).
This OHSAS Standard will be withdrawn o n publicatio n o f its co ntents
in, o r as, an Internatio nal Standard.
This OHSAS Standard has been drafted in acco rdance with the rules
g iven in the ISO/IEC Directives, Part 2.
This seco nd editio n cancels and replaces the first editio n
(OHSAS 18002:2000), which has been technically revised.
The principal chang es with respect to the previo us editio n are as
fo llo ws:
1)
in relatio n to the revised text o f OHSAS 18001:
—
The impo rtance o f “ health” has no w been g iven g reater
emphasis.
—
OHSAS 18001 no w refers to itself as a standard, no t a
specificatio n, o r do cument, as in the earlier editio n. This
reflects the increasing ado ptio n o f OHSAS 18001 as the basis
fo r natio nal standards o n o ccupatio nal health and safety
manag ement systems.
—
The “ Plan-Do -Check-Act” mo del diag ram is o nly g iven in
the Intro ductio n, in its entirety, and no t also as sectio nal
diag rams at the start o f each majo r clause.
—
Reference publicatio ns in Clause 2 have been limited to
purely internatio nal do cuments.
—
New definitio ns have been added, and existing definitio ns
revised.
—
Sig nificant impro vement in alig nment with ISO 14001:2004
thro ug ho ut the standard, and impro ved co mpatibility with
ISO 9001:2008.
—
The term “ to lerable risk” has been replaced by the term
“ acceptable risk” (see 3.1 ).
iv • © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
—
The term “ accident” is no w included in the term “ incident”
(see 3.9 ).
—
The definitio n o f the term “ hazard” no lo ng er refers
to “ damag e to pro perty o r damag e to the wo rkplace
enviro nment” (see 3.6 ).
It is no w co nsidered that such “ damag e” is no t directly
related to o ccupatio nal health and safety manag ement,
which is the purpo se o f this OHSAS Standard, and that it is
included in the field o f asset manag ement. Instead, the risk
o f such “ damag e” having an effect o n o ccupatio nal health
and safety sho uld be identified thro ug h the o rg anizatio n’s
risk assessment pro cess, and be co ntro lled thro ug h the
applicatio n o f appro priate risk co ntro ls.
2)
—
Sub-clauses 4.3.3 and 4.3.4 have been merg ed, in line with
ISO 14001:2004.
—
A new requirement has been intro duced fo r the
co nsideratio n o f the hierarchy o f co ntro ls as part o f OH&S
planning (see 4.3.1 ).
—
M anag ement o f chang e is no w mo re explicitly addressed
(see 4.3.1 and 4.4.6 ).
—
A new clause o n the “ Evaluatio n o f co mpliance” (see 4.5.2 )
has been intro duced.
—
New requirements have been intro duced fo r participatio n
and co nsultatio n (see 4.4.3.2 ).
—
New requirements have been intro duced fo r the
investig atio n o f incidents (see 4.5.3.1 ).
in relatio n to chang es that are specific to OHSAS 18002:
—
OHSAS 18002:2000 included a presentation format where
firstly the relevant OHSAS 18001 clause was given followed by:
a)
a descriptio n o f the intent o f the clause;
b)
typical inputs needed fo r meeting the requirements o f
the clause;
c)
a descriptio n o f pro cesses that an o rg anizatio n co uld use
to meet the requirements;
d)
typical o utputs expected fro m meeting the requirements.
This fo rmat was fo und to be difficult to apply, so has no t been
fo llo wed in this editio n (in fact, the fo rmat had no t been
applied co nsistently in the 2000 editio n). Instead, this editio n o f
OHSAS 18002 is no w presented in a mo re lo g ical fo rmat, in which
items in a) to d) have been fo llo wed during the drafting o f the
g uidance, but have no t been g iven o vertly, as previo usly.
—
New sub-clauses, as per OHSAS 18001 (and fro m ISO 14001),
e.g .:
•
fo r OHSAS 18001:2007, 4.4.3 Co mmunicatio n,
participatio n and co nsultatio n (including new sub-clauses
o n participatio n/co nsultatio n), and 4.5.3.1 Incident
investig atio n.
•
fro m ISO 14001:2004, 4.3.3 Objectives and pro g ramme(s)
(thro ug h the merg ing o f the fo rmer sub-clauses 4.3.3 and
4.3.4 ), and 4.5.2 Evaluatio n o f co mpliance.
© OHSAS Project Group 2008 – All rights reserved
• v
OHSAS 18002:2008
—
New sub-clauses in alig nment with the ILO-OSH:2001
Guidelines, e.g . 4.1.2 Initial review, and 4.3.1.5 M anag ement
o f chang e
—
Additio nal new sub-clauses and annexes, e.g . 4.4.2.4
Awareness, Annex C – Examples o f items fo r inclusio n in a
hazard identificatio n checklist and Annex D – Co mpariso ns o f
so me examples o f risk assessment to o ls and metho do lo g ies
—
Expanded g uidance g iven in many sub-clauses, e.g . fo r 4.3.1
Hazard identificatio n, risk assessment and determinatio n
o f co ntro ls, 4.3.2 Leg al and o ther requirements, 4.3.3
Objectives and pro g ramme(s), 4.4.6 Operatio nal co ntro l, 4.4.7
Emerg ency preparedness and respo nse, 4.5.5 Internal audit
This publication does not purport to include all the necessary provisions
of a contract. Users are responsible for its correct application.
Compliance w ith this Occupational Health and Safety Assessment Series
(OHSAS) Standard cannot confer immunity from legal obligations.
vi • © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
Introduction
Org anizatio ns o f all kinds are increasing ly co ncerned with achieving
and demo nstrating so und o ccupatio nal health and safety (OH&S)
perfo rmance by co ntro lling their OH&S risks, co nsistent with their
OH&S po licy and o bjectives. They do so in the co ntext o f increasing ly
string ent leg islatio n, the develo pment o f eco no mic po licies and o ther
measures that fo ster g o o d OH&S practices, and o f increased co ncern
expressed by interested parties abo ut OH&S issues.
M any organizations have undertaken OH&S “ reviews” or “ audits” to
assess their OH&S performance. On their own, however, these “ reviews”
and “ audits” may not be sufficient to provide an organization with
the assurance that its performance not only meets, but will continue to
meet, its legal and policy requirements. To be effective, they need to be
conducted within a structured management system that is integrated
within the organization.
The OHSAS Standards co vering OH&S manag ement are intended
to pro vide o rg anizatio ns with the elements o f an effective OH&S
manag ement system that can be integ rated with o ther manag ement
requirements and help o rg anizatio ns achieve OH&S and eco no mic
o bjectives. These standards, like o ther Internatio nal Standards, are no t
intended to be used to create no n-tariff trade barriers o r to increase
o r chang e an o rg anizatio n’s leg al o blig atio ns.
OHSAS 18001 specifies requirements for an OH&S management system
to enable an organization to develop and implement a policy and
objectives which take into account legal requirements and information
about OH&S risks. It is intended to apply to all types and sizes of
organizations and to accommodate diverse geographical, cultural
and social conditions. The basis of the approach is shown in Figure 1.
The success of the system depends on commitment from all levels and
functions of the organization, and especially from top management. A
system of this kind enables an organization to develop an OH&S policy,
establish objectives and processes to achieve the policy commitments,
take action as needed to improve its performance, and demonstrate
the conformity of the system to the requirements of OHSAS 18001. The
overall aim of OHSAS 18001 is to support and promote good OH&S
practices, including self regulation, in balance with socio -economic
needs. It should be noted that many of the requirements can be
addressed concurrently or revisited at any time.
The develo pment o f OHSAS 18001:2007 fo cused o n impro ving the
standard by:
—
impro ving alig nment with ISO 14001 and ISO 9001;
—
seeking opportunities for alignment with other OH&S management
system standards, e.g. the ILO-OSH:2001 Guidelines;
—
reflecting develo pments in OH&S practices;
—
clarifying the o rig inal text fro m the OHSAS 18001:1999
requirements based o n experience o f its use.
There is an impo rtant distinctio n between OHSAS 18001, which
describes the requirements fo r an o rg anizatio n’s OH&S manag ement
system and can be used fo r certificatio n/reg istratio n and/o r
self-declaratio n o f an o rg anizatio n’s OH&S manag ement system, and
© OHSAS Project Group 2008 – All rights reserved
• 1
OHSAS 18002:2008
a no n-certifiable g uideline, such as OHSAS 18002, intended to pro vide
g eneric assistance to an o rg anizatio n fo r establishing , implementing
o r impro ving an OH&S manag ement system. OH&S manag ement
enco mpasses a full rang e o f issues, including tho se with strateg ic and
co mpetitive implicatio ns. Demo nstratio n o f successful implementatio n
o f OHSAS 18001 can be used by an o rg anizatio n to assure interested
parties that an appro priate OH&S manag ement system is in place.
Any reference to o ther Internatio nal Standards is fo r info rmatio n o nly.
Fig ure 1
OH&S management system model for this OHSAS Standard
Continual Improvement
OH&S policy
Management
review
Planning
Checking and
corrective action
Implementation
and operation
NOTE This OHSAS Standard is based on the methodology known as
Plan-Do-Check-Act (PDCA). PDCA can be briefly described as follows.
2
—
Plan: establish the objectives and processes necessary to deliver
results in accordance with the organization’s OH&S policy.
—
Do : implement the processes.
—
Check: monitor and measure processes against OH&S policy,
objectives, legal and other requirements, and report the results.
—
Act: take actions to continually improve OH&S performance.
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
M any organizations manage their operations via the application of a
system of processes and their interactions, which can be referred to as the
“ process approach” . ISO 9001 promotes the use of the process approach.
Since PDCA can be applied to all processes, the two methodologies are
considered to be compatible.
OHSAS 18001 contains requirements that can be objectively audited;
however, it does not establish absolute requirements for OH&S
performance beyond the commitments, in the OH&S policy, to comply
with applicable legal requirements and with other requirements to
which the organization subscribes, to the prevention of injury and ill
health and to continual improvement. Thus, two organizations carrying
out similar operations but having different OH&S performance can
both conform to its requirements.
OHSAS 18001 does not include requirements specific to other
management systems, such as those for quality, environmental,
security, or financial management, though its elements can be aligned
or integrated with those of other management systems. It is possible
for an organization to adapt its existing management system(s) in
order to establish an OH&S management system that conforms to the
requirements of OHSAS 18001. It is pointed out, however, that the
application of various elements of the management system might differ
depending on the intended purpose and the interested parties involved.
The level o f detail and co mplexity o f the OH&S manag ement system,
the extent o f do cumentatio n and the reso urces devo ted to it depend
o n a number o f facto rs, such as the sco pe o f the system, the size o f
an o rg anizatio n and the nature o f its activities, pro ducts and services,
and the o rg anizatio nal culture. This may be the case in particular fo r
small and medium-sized enterprises.
NOTE 1 As all of the requirements of OHSAS 18001:2007 are included
within OHSAS 18002:2008, organizations can choose to retain a copy of
OHSAS 18002 alone, for certification purposes.
NOTE 2 There are some small variations in text between the Introduction
given in OHSAS 18001 and this Introduction to account for the differences
in the two OHSAS standards.
© OHSAS Project Group 2008 – All rights reserved
• 3
OHSAS 18002:2008
Occupational health and safety management
systems — Guidelines for the implementation of
OHSAS 18001:2007
1
Scope
This Occupatio nal Health and Safety Assessment Series (OHSAS)
g uideline pro vides g eneric advice o n the applicatio n o f OHSAS
18001:2007.
It explains the underlying principles o f OHSAS 18001 and describes
the intent, typical inputs, pro cesses and typical o utputs, ag ainst each
requirement o f OHSAS 18001. This is to aid the understanding and
implementatio n o f OHSAS 18001.
OHSAS 18002 do es no t create additio nal requirements to tho se
specified in OHSAS 18001 no r do es it prescribe mandato ry appro aches
to the implementatio n o f OHSAS 18001.
OHSAS 18001 text
This Occupatio nal Health and Safety Assessment Series (OHSAS)
Standard specifies requirements fo r an o ccupatio nal health and
safety (OH&S) manag ement system, to enable an o rg anizatio n
to co ntro l its OH&S risks and impro ve its OH&S perfo rmance. It
do es no t state specific OH&S perfo rmance criteria, no r do es it g ive
detailed specificatio ns fo r the desig n o f a manag ement system.
This OHSAS Standard is applicable to any o rg anizatio n that
wishes to :
a)
establish an OH&S manag ement system to eliminate o r
minimize risks to perso nnel and o ther interested parties
who co uld be expo sed to OH&S hazards asso ciated with its
activities;
b)
implement, maintain and co ntinually impro ve an OH&S
manag ement system;
c)
assure itself o f its co nfo rmity with its stated OH&S po licy;
d)
demo nstrate co nfo rmity with this OHSAS Standard by:
1)
making a self-determinatio n and self-declaratio n, o r
2)
seeking co nfirmatio n o f its co nfo rmance by parties
having an interest in the o rg anizatio n, such as custo mers,
or
3)
seeking co nfirmatio n o f its self-declaratio n by a party
external to the o rg anizatio n, o r
4)
seeking certificatio n/reg istratio n o f its OH&S
manag ement system by an external o rg anizatio n.
All the requirements in this OHSAS Standard are intended to be
inco rpo rated into any OH&S manag ement system. The extent o f
the applicatio n will depend o n such facto rs as the OH&S po licy
o f the o rg anizatio n, the nature o f its activities and the risks and
co mplexity o f its o peratio ns.
4
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
This OHSAS Standard is intended to address o ccupatio nal health
and safety, and is no t intended to address o ther health and safety
areas such as emplo yee wellbeing /wellness pro g rams, pro duct
safety, pro perty damag e o r enviro nmental impacts.
2
Reference publications
Other publicatio ns that pro vide info rmatio n o r g uidance are listed
in the Biblio g raphy. It is advisable that the latest editio ns o f such
publicatio ns be co nsulted. Specifically, reference sho uld be made to
the fo llo wing publicatio ns.
OHSAS 18001:2007 , Occupational health and safety management
systems — Requirements
Internatio nal Labo ur Org anizatio n:2001 , Guidelines on occupational
safety and health management systems (ILO-OSH:2001)
ISO 19011:2002 , Guidelines for quality and/or environmental
management systems auditing
NOTE A project was approved by the International Organization for
Standardization (ISO) in M arch 2008 to revise ISO 19011 and to expand its
scope to cover the auditing of additional fields of management systems,
including OH&S management systems. Reference should be made to the
revised version when it is available.
3
Terms and definitions
Fo r the purpo ses o f this do cument, the terms and definitio ns g iven in
OHSAS 18001 apply.
OHSAS 18001 text
3.1
acceptable risk
risk that has been reduced to a level that can be to lerated by the
o rg anizatio n having reg ard to its leg al o blig atio ns and its o wn
OH&S po licy (3.16 )
3.2
audit
systematic, independent and do cumented pro cess fo r o btaining
“ audit evidence” and evaluating it o bjectively to determine the
extent to which “ audit criteria” are fulfilled
[ISO 9000:2005, 3.9.1 ]
NOTE 1 Independent does not necessarily mean external to the
organization. In many cases, particularly in smaller organizations,
independence can be demonstrated by the freedom from
responsibility for the activity being audited.
NOTE 2 For further guidance on “ audit evidence” and “ audit
criteria” , see ISO 19011.
© OHSAS Project Group 2008 – All rights reserved
• 5
OHSAS 18002:2008
3.3
continual improvement
recurring process of enhancing the OH&S management system (3.13 )
in order to achieve improvements in overall OH&S performance
(3.15 ) consistent with the organization’s (3.17 ) OH&S policy (3.16 )
NOTE 1 The process need not take place in all areas of activity
simultaneously.
NOTE 2
Adapted from ISO 14001:2004, 3.2 .
3.4
corrective action
actio n to eliminate the cause o f a detected no nco nfo rmity (3.11 )
o r o ther undesirable situatio n
NOTE 1
There can be more than one cause for a nonconformity.
NOTE 2 Corrective action is taken to prevent recurrence whereas
preventive action (3.18 ) is taken to prevent occurrence.
[ISO 9000:2005, 3.6.5 ]
3.5
document
info rmatio n and its suppo rting medium
NOTE The medium can be paper, magnetic, electronic or optical
computer disc, photograph or master sample, or a combination
thereof.
[ISO 14001:2004, 3.4 ]
3.6
hazard
so urce, situatio n, o r act with a po tential fo r harm in terms o f
human injury o r ill health (3.8 ), o r a co mbinatio n o f these
3.7
hazard identification
pro cess o f reco g nizing that a hazard (3.6 ) exists and defining its
characteristics
3.8
ill health
identifiable, adverse physical or mental condition arising from and/
or made worse by a work activity and/or work-related situation
3.9
incident
wo rk-related event(s) in which an injury o r ill health (3.8 )
(reg ardless o f severity) o r fatality o ccurred, o r co uld have o ccurred
NOTE 1 An accident is an incident which has given rise to injury, ill
health or fatality.
NOTE 2 An incident where no injury, ill health, or fatality occurs
may also be referred to as a “ near-miss” , “ near-hit” , “ close call” or
“ dangerous occurrence” .
NOTE 3 An emergency situation (see 4.4.7 ) is a particular type of
incident.
6
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
3.10
interested party
perso n o r g ro up, inside o r o utside the wo rkplace (3.23 ),
co ncerned with o r affected by the OH&S perfo rmance (3.15 ) o f an
o rg anizatio n (3.17 )
3.11
nonconformity
no n-fulfilment o f a requirement
[ISO 9000:2005, 3.6.2 ; ISO 14001, 3.15 ]
NOTE
A nonconformity can be any deviation from:
—
relevant work standards, practices, procedures, legal
requirements, etc.
—
OH&S management system (3.13 ) requirements.
3.12
occupational health and safety (OH&S)
co nditio ns and facto rs that affect, o r co uld affect, the health
and safety o f emplo yees o r o ther wo rkers (including tempo rary
wo rkers and co ntracto r perso nnel), visito rs, o r any o ther perso n in
the wo rkplace (3.23 )
NOTE Organizations can be subject to legal requirements for the
health and safety of persons beyond the immediate workplace, or
who are exposed to the workplace activities.
3.13
OH&S management system
part o f an o rg anizatio n’s (3.17 ) manag ement system used to
develo p and implement its OH&S po licy (3.16 ) and manag e its
OH&S risks (3.21 )
NOTE 1 A management system is a set of interrelated elements used
to establish policy and objectives and to achieve those objectives.
NOTE 2 A management system includes organizational structure,
planning activities (including, for example, risk assessment and the
setting of objectives), responsibilities, practices, procedures (3.19 ),
processes and resources.
NOTE 3
Adapted from ISO 14001:2004, 3.8 .
3.14
OH&S objective
OH&S g o al, in terms o f OH&S perfo rmance (3.15 ), that an
o rg anizatio n (3.17 ) sets itself to achieve
NOTE 1
Objectives should be quantified wherever practicable.
NOTE 2 4.3.3 requires that OH&S objectives are consistent with the
OH&S policy (3.16 ).
3.15
OH&S performance
measurable results o f an o rg anizatio n’s (3.17 ) manag ement o f its
OH&S risks (3.21 )
NOTE 1 OH&S performance measurement includes measuring the
effectiveness of the organization’s controls.
© OHSAS Project Group 2008 – All rights reserved
• 7
OHSAS 18002:2008
NOTE 2 In the context of OH&S management systems (3.13 ),
results can also be measured against the organization’s (3.17 )
OH&S policy (3.16 ), OH&S objectives (3.14 ), and other OH&S
performance requirements.
3.16
OH&S policy
o verall intentio ns and directio n o f an o rg anizatio n (3.17 ) related
to its OH&S perfo rmance (3.15 ) as fo rmally expressed by to p
manag ement
NOTE 1 The OH&S policy provides a framework for action and for
the setting of OH&S objectives (3.14 )
NOTE 2
Adapted from ISO 14001:2004, 3.11 .
3.17
organization
co mpany, co rpo ratio n, firm, enterprise, autho rity o r institutio n, o r
part o r co mbinatio n thereo f, whether inco rpo rated o r no t, public
o r private, that has its o wn functio ns and administratio n
NOTE For organizations with more than one operating unit, a single
operating unit may be defined as an organization.
[ISO 14001:2004, 3.16 ]
3.18
preventive action
actio n to eliminate the cause o f a po tential no nco nfo rmity (3.11 )
o r o ther undesirable po tential situatio n
NOTE 1 There can be more than one cause for a potential
nonconformity.
NOTE 2 Preventive action is taken to prevent occurrence whereas
corrective action (3.4 ) is taken to prevent recurrence.
[ISO 9000:2005, 3.6.4 ]
3.19
procedure
specified way to carry o ut an activity o r a pro cess
NOTE
Procedures can be documented or not.
[ISO 9000:2005, 3.4.5 ]
3.20
record
do cument (3.5 ) stating results achieved o r pro viding evidence o f
activities perfo rmed
[ISO 14001:2004, 3.20 ]
3.21
risk
co mbinatio n o f the likeliho o d o f an o ccurrence o f a hazardo us
event o r expo sure(s) and the severity o f injury o r ill health (3.8 )
that can be caused by the event o r expo sure(s)
3.22
risk assessment
pro cess o f evaluating the risk(s) (3.21 ) arising fro m a hazard(s),
taking into acco unt the adequacy o f any existing co ntro ls, and
deciding whether o r no t the risk(s) is acceptable
8
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
3.23
w orkplace
any physical lo catio n in which wo rk related activities are
perfo rmed under the co ntro l o f the o rg anizatio n
NOTE W hen giving consideration to what constitutes a workplace,
the organization (3.17 ) should take into account the OH&S effects on
personnel who are, for example, travelling or in transit (e.g. driving,
flying, on boats or trains), working at the premises of a client or
customer, or working at home.
4
4.1
OH&S management system requirements
General requirements
OHSAS 18001 text
The o rg anizatio n shall establish, do cument, implement, maintain
and co ntinually impro ve an OH&S manag ement system in
acco rdance with the requirements o f this OHSAS Standard and
determine ho w it will fulfil these requirements.
The o rg anizatio n shall define and do cument the sco pe o f its
OH&S manag ement system.
4.1.1
OH&S management system
This OHSAS 18001 requirement is a g eneral statement co ncerning
the establishment and maintenance o f an OH&S manag ement system
within an o rg anizatio n
“ Establish” implies a level o f permanency and the system sho uld
no t be co nsidered established until all its elements have been
demo nstrably implemented. “ M aintain” implies that, o nce
established, the system co ntinues to o perate. This requires active
effo rt o n the part o f the o rg anizatio n. M any systems start well
but deterio rate due to lack o f maintenance. M any o f the elements
o f OHSAS 18001 (such as checking and co rrective actio n and
manag ement review) are desig ned to ensure active maintenance o f
the system.
An o rg anizatio n seeking to establish an OH&S manag ement system
that co nfo rms to OHSAS 18001 sho uld determine its current po sitio n
with reg ard to its OH&S risks by means o f an initial review (see 4.1.2
fo r further details o n initial review). In determining ho w it will fulfil
the requirements o f OHSAS 18001 the o rg anizatio n sho uld co nsider
the co nditio ns and facto rs that affect, o r co uld affect, the health
and safety o f perso ns, what OH&S po licies it needs, and ho w it will
manag e its OH&S risks.
The level o f detail and co mplexity o f the OH&S manag ement
system, the extent o f do cumentatio n and the reso urces devo ted to
it are dependent o n the nature (size, structure, co mplexity) o f an
o rg anizatio n and its activities.
© OHSAS Project Group 2008 – All rights reserved
• 9
OHSAS 18002:2008
4.1.2
Initial review
An initial review sho uld co mpare the o rg anizatio n’s current
manag ement o f OH&S ag ainst the OHSAS 18001 requirements
(including tho se fo r applicable leg al o r o ther requirements), in o rder
to determine the extent to which these requirements are being met.
The initial review will pro vide info rmatio n which an o rg anizatio n
can use in fo rmulating plans fo r implementing and prio ritizing
impro vements to the OH&S manag ement system.
The aim o f an initial review sho uld be to co nsider all OH&S risks faced
by the o rg anizatio n, as a basis fo r establishing the OH&S manag ement
system. An o rg anizatio n sho uld co nsider, but no t limit itself to , the
fo llo wing items within its initial review:
—
leg al and o ther requirements (see the examples in 4.3.2 );
—
identificatio n o f the OH&S hazards and evaluatio n o f risks faced
by the o rg anizatio n;
—
OH&S assessments;
—
an examinatio n o f existing systems, practices, pro cesses and
pro cedures;
—
evaluatio ns o f OH&S impro vement initiatives;
—
an evaluatio n o f feedback fro m the investig atio n o f previo us
incidents, wo rk related ill health, accidents and emerg encies;
—
relevant manag ement systems and available reso urces.
A suitable appro ach to the initial review can include the use o f:
—
checklists, interviews, direct inspectio n and measurement;
—
the results o f previo us manag ement system audits o r o ther
reviews, depending o n the nature o f the o rg anizatio n’s activities;
—
the results o f co nsultatio ns with wo rkers, co ntracto rs o r o ther
relevant external interested parties.
W here hazard identificatio n and risk assessment pro cesses already
exist, they sho uld be reviewed fo r adequacy ag ainst the requirements
o f OHSAS 18001.
It is emphasized that an initial review is no t a substitute fo r the
implementatio n o f the structured systematic appro ach to hazard
identificatio n, risk assessment and determining co ntro ls g iven in 4.3.1 .
Ho wever an initial review can pro vide additio nal inputs into planning
these pro cesses.
4.1.3
Scope of the OH&S management system
An o rg anizatio n can cho o se to implement an OH&S manag ement
system with respect to the entire o rg anizatio n, o r to a subdivisio n
o f the o rg anizatio n, pro vided this is co nsistent with its definitio n o f
its wo rkplace (see 3.23 ). Ho wever, o nce the wo rkplace is defined,
all the wo rk related activities and services o f the o rg anizatio n, o r
subdivisio n, within that wo rkplace need to be included in the OH&S
manag ement system.
Care sho uld be taken in defining and do cumenting the sco pe o f the
OH&S manag ement system, to determine who , what and where, are
to be co vered. The sco pe sho uld no t be limited so as to exclude an
10
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
o peratio n o r activity that can impact o n the OH&S (see 3.12 ) o f an
o rg anizatio n’s emplo yees and o ther perso ns under its co ntro l in the
wo rkplace.
NOTE The ILO-OSH:2001 Guidelines recommend that employees are
consulted when defining the scope, or when changes to the scope are
considered.
4.2
OH&S policy
OHSAS 18001 text
To p manag ement shall define and autho rize the o rg anizatio n’s
OH&S po licy and ensure that within the defined sco pe o f its
OH&S manag ement system it:
a)
is appro priate to the nature and scale o f the o rg anizatio n’s
OH&S risks;
b)
includes a co mmitment to preventio n o f injury and ill health
and co ntinual impro vement in OH&S manag ement and
OH&S perfo rmance;
c)
includes a co mmitment to at least co mply with applicable
leg al requirements and with o ther requirements to which the
o rg anizatio n subscribes that relate to its OH&S hazards;
d)
pro vides the framewo rk fo r setting and reviewing OH&S
o bjectives;
e)
is do cumented, implemented and maintained;
f)
is co mmunicated to all perso ns wo rking under the co ntro l o f
the o rg anizatio n with the intent that they are made aware o f
their individual OH&S o blig atio ns;
g)
is available to interested parties; and
h)
is reviewed perio dically to ensure that it remains relevant and
appro priate to the o rg anizatio n.
Top management should demonstrate the leadership and commitment
necessary for the OH&S management system to be successful and to
achieve improved OH&S performance.
An OH&S po licy establishes an o verall sense o f directio n and is the
driver fo r implementing and impro ving an o rg anizatio n’s OH&S
manag ement system so that it can maintain and po tentially impro ve
its OH&S perfo rmance.
It sho uld enable perso ns under the co ntro l o f the o rg anizatio n to
understand the o verall co mmitment o f the o rg anizatio n and ho w this
can affect their individual respo nsibilities.
The respo nsibility fo r defining and autho rizing an OH&S po licy rests
with the o rg anizatio n’s to p manag ement. The o ng o ing and pro active
invo lvement o f to p manag ement in develo ping and implementing an
OH&S po licy is crucial.
The o rg anizatio n’s OH&S po licy sho uld be appro priate to the nature
and scale o f its identified risks and sho uld g uide the setting o f
o bjectives. In o rder to be appro priate, the OH&S po licy sho uld:
© OHSAS Project Group 2008 – All rights reserved
• 11
OHSAS 18002:2008
—
be co nsistent with a visio n o f the o rg anizatio n’s future, and
—
be realistic, neither o verstating the nature o f the risks the
o rg anizatio n faces, no r trivializing them.
In develo ping its OH&S po licy, an o rg anizatio n sho uld co nsider:
—
its missio n, visio n, co re values and beliefs,
—
co o rdinatio n with o ther po licies (co rpo rate, integ rated, etc.),
—
the needs o f perso ns wo rking under the co ntro l o f the
o rg anizatio n,
—
the OH&S hazards o f the o rg anizatio n,
—
leg al and o ther requirements to which the o rg anizatio n
subscribes that relate to its OH&S hazards,
—
histo rical and current OH&S perfo rmance by the o rg anizatio n,
—
o ppo rtunities and needs fo r co ntinual impro vement and the
preventio n o f injury and ill health,
—
the views o f interested parties,
—
what is needed to establish realistic and achievable o bjectives.
The po licy is, as a minimum, required to include statements abo ut the
co mmitment o f an o rg anizatio n to :
—
the preventio n o f injury and ill health,
—
co ntinual impro vement in OH&S manag ement,
—
co ntinual impro vement in OH&S perfo rmance,
—
co mpliance with applicable leg al requirements, and
—
co mpliance with o ther requirements to which the o rg anizatio n
subscribes.
The OH&S po licy can be linked with o ther po licy do cuments o f
the o rg anizatio n and sho uld be co nsistent with the o rg anizatio n’s
o verall business po licies and with its po licies fo r o ther manag ement
disciplines, e.g . quality manag ement o r enviro nmental manag ement.
The co mmunicatio n o f the po licy sho uld assist in:
—
demo nstrating the co mmitment o f to p manag ement and the
o rg anizatio n to OH&S,
—
increasing awareness o f the co mmitments made in the po licy
statement,
—
explaining why the OH&S system is established and is maintained,
—
g uiding individuals in understanding their OH&S respo nsibilities
and acco untabilities (see 4.4.2 ).
In communicating the policy, consideration should be given to how to
create and maintain awareness in both new and existing persons under
the control of the organization. The policy can be communicated in
alternative forms to the policy statement itself, such as through the
use of rules, directives and procedures, wallet cards, posters, etc. In
communicating the policy, account should be taken of issues such as
diversity in the workplace, literacy levels, language skills, etc.
It is fo r the o rg anizatio n to determine ho w it wishes to make the
po licy available to its interested parties, e.g . thro ug h publicatio n o n a
web site, o r by pro viding printed co pies o n request.
12
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
The OH&S po licy sho uld be reviewed perio dically (see 4.6 ) to ensure
that it remains relevant and appro priate to the o rg anizatio n.
Chang e is inevitable, as leg islatio n and so cietal expectatio ns evo lve;
co nsequently, the o rg anizatio n’s OH&S po licy and OH&S manag ement
system need to be reviewed reg ularly to ensure their co ntinuing
suitability and effectiveness. If chang es are made to the po licy, the
revised po licy sho uld be co mmunicated to all perso ns wo rking under
the co ntro l o f the o rg anizatio n.
NOTE “ OH&S management” is equivalent to “ the management
of OH&S” and is the coordinated activities to direct and control an
organization with regard to OH&S.
4.3
4.3.1
Planning
Hazard identification, risk assessment and determining
controls
OHSAS 18001 text
The o rg anizatio n shall establish, implement and maintain
a pro cedure(s) fo r the o ng o ing hazard identificatio n, risk
assessment, and determinatio n o f necessary co ntro ls.
The pro cedure(s) fo r hazard identificatio n and risk assessment
shall take into acco unt:
a)
ro utine and no n-ro utine activities;
b)
activities o f all perso ns having access to the wo rkplace
(including co ntracto rs and visito rs);
c)
human behavio ur, capabilities and o ther human facto rs;
d)
identified hazards o rig inating o utside the wo rkplace capable
o f adversely affecting the health and safety o f perso ns under
the co ntro l o f the o rg anizatio n within the wo rkplace;
e)
hazards created in the vicinity o f the wo rkplace by
wo rk-related activities under the co ntro l o f the o rg anizatio n;
NOTE 1 It may be more appropriate for such hazards to be
assessed as an environmental aspect.
f)
infrastructure, equipment and materials at the wo rkplace,
whether pro vided by the o rg anizatio n o r o thers;
g)
chang es o r pro po sed chang es in the o rg anizatio n, its
activities, o r materials;
h)
mo dificatio ns to the OH&S manag ement system, including
tempo rary chang es, and their impacts o n o peratio ns,
pro cesses, and activities;
i)
any applicable leg al o blig atio ns relating to risk assessment
and implementatio n o f necessary co ntro ls (see also the NOTE
to 3.12 );
j)
the desig n o f wo rk areas, pro cesses, installatio ns, machinery/
equipment, o perating pro cedures and wo rk o rg anizatio n,
including their adaptatio n to human capabilities.
© OHSAS Project Group 2008 – All rights reserved
• 13
OHSAS 18002:2008
The o rg anizatio n’s metho do lo g y fo r hazard identificatio n and risk
assessment shall:
a)
be defined with respect to its sco pe, nature and timing to
ensure it is pro active rather than reactive; and
b)
pro vide fo r the identificatio n, prio ritizatio n and
do cumentatio n o f risks, and the applicatio n o f co ntro ls, as
appro priate.
Fo r the manag ement o f chang e, the o rg anizatio n shall identify
the OH&S hazards and OH&S risks asso ciated with chang es in the
o rg anizatio n, the OH&S manag ement system, o r its activities, prio r
to the intro ductio n o f such chang es.
The o rg anizatio n shall ensure that the results o f these assessments
are co nsidered when determining co ntro ls.
W hen determining co ntro ls, o r co nsidering chang es to existing
co ntro ls, co nsideratio n shall be g iven to reducing the risks
acco rding to the fo llo wing hierarchy:
a)
eliminatio n;
b)
substitutio n;
c)
eng ineering co ntro ls;
d)
sig nag e/warning s and/o r administrative co ntro ls;
e)
perso nal pro tective equipment.
The o rg anizatio n shall do cument and keep the results o f
identificatio n o f hazards, risk assessments and determined
co ntro ls up-to -date.
The o rg anizatio n shall ensure that the OH&S risks and determined
co ntro ls are taken into acco unt when establishing , implementing
and maintaining its OH&S manag ement system.
4.3.1.1
General
Hazards have the po tential to cause human injury o r ill health.
Hazards therefo re need to be identified befo re the risks asso ciated
with these hazards can be assessed and, if no co ntro ls exist o r existing
co ntro ls are inadequate, effective co ntro ls sho uld be implemented
acco rding to the hierarchy o f co ntro ls [see bullets a) to e) in
OHSAS 18001:2007, 4.3.1 ].
An organization will need to apply the process of hazard identification
(see 3.7 ) and risk assessment (see 3.22 ) to determine the controls
that are necessary to reduce the risks of incidents (see 3.9 ). The
overall purpose of the risk assessment process is to recognize and
understand the hazards (see 3.6 ) that might arise in the course of the
organization’s activities and ensure that the risks (see 3.21 ) to people
arising from these hazards are assessed, prioritized and controlled to a
level that is acceptable (see 3.1 ).
This is achieved by:
14
—
develo ping a metho do lo g y fo r hazard identificatio n and risk
assessment,
—
identifying hazards,
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
—
estimating the asso ciated risks, taking into acco unt the adequacy
o f any existing co ntro ls (it co uld be necessary to o btain
additio nal data and perfo rm further analysis in o rder to achieve a
reaso nable estimatio n o f the risks),
—
determining whether these risks are acceptable, and
—
determining the appro priate risk co ntro ls, where these are
fo und to be necessary (wo rkplace hazards and the way they
are to be co ntro lled are o ften defined in reg ulatio ns, co des o f
practice, g uidance published by reg ulato rs, and industry g uidance
do cuments).
The results o f risk assessments enable the o rg anizatio n to co mpare
risk reductio n o ptio ns and prio ritize reso urces fo r effective risk
manag ement.
The o utputs fro m the hazard identificatio n, risk assessment and
determining co ntro l pro cesses sho uld also be used thro ug ho ut the
develo pment and implementatio n o f the OH&S manag ement system.
Fig ure 2 pro vides an o verview o f the risk assessment pro cess.
Fig ure 2
Overview of the hazard identification and risk assessment process
Develop
Methodology
Identify
Hazards
Monitor &
Review
Implement
Controls
Manage
Change
As s es s
Ris ks
Determine
Controls
NOTE The development of the methodology can itself be subject to
change or improvement.
4.3.1.2
Developing a methodology and procedures for hazard
identification and risk assessment
Hazard identificatio n and risk assessment metho do lo g ies vary g reatly
acro ss industries, rang ing fro m simple assessments to co mplex
quantitative analyses with extensive do cumentatio n. Individual
hazards can require that different metho ds be used, e.g . an
assessment o f lo ng term expo sure to chemicals can need a different
metho d than that taken fo r equipment safety o r fo r assessing an
© OHSAS Project Group 2008 – All rights reserved
• 15
OHSAS 18002:2008
o ffice wo rkstatio n. Each o rg anizatio n sho uld cho o se appro aches
that are appro priate to its sco pe, nature and size, and which meet
its needs in terms o f detail, co mplexity, time, co st and availability o f
reliable data. In co mbinatio n, the cho sen appro aches sho uld result
in an inclusive metho do lo g y fo r the o ng o ing evaluatio n o f all the
o rg anizatio n’s OH&S risks.
The manag ement o f chang e (see 4.3.1.5 ) needs to be co nsidered
fo r chang es in assessed risks, determinatio n o f co ntro ls, o r the
implementatio n o f co ntro ls. M anag ement review sho uld be used to
determine whether chang es to the metho do lo g y are needed o verall.
To be effective, the organization’s procedures for hazard identification
and risk assessment should take account of the following:
—
hazards,
—
risks,
—
co ntro ls,
—
manag ement o f chang e,
—
do cumentatio n,
—
o ng o ing review.
To ensure co nsistency o f applicatio n, it is reco mmended that these
pro cedure(s) be do cumented.
OHSAS 18001:2007, 4.3.1 , identifies in bullets a) to j) what sho uld be
taken into acco unt in develo ping the pro cedure(s). Guidance o n these
can be fo und in sub-clauses 4.3.1.3 to 4.3.1.8 .
4.3.1.3
Hazard Identification
Hazard identificatio n sho uld aim to determine pro actively all so urces,
situatio ns o r acts (o r a co mbinatio n o f these), arising fro m an
o rg anizatio n’s activities, with a po tential fo r harm in terms o f human
injury o r ill health (see the definitio n o f “ hazard” in 3.6 ). Examples
include:
—
so urces (e.g . mo ving machinery, radiatio n o r energ y so urces),
—
situatio ns (e.g . wo rking at heig hts), o r
—
acts (e.g . manual lifting ).
Hazard identificatio n sho uld co nsider the different types o f hazards
in the wo rkplace, including physical, chemical, bio lo g ical and
psycho so cial (see Annex C fo r examples o f hazards).
The o rg anizatio n sho uld establish specific hazard identificatio n
to o ls and techniques that are relevant to the sco pe o f its OH&S
manag ement system.
The fo llo wing so urces o f info rmatio n o r inputs sho uld be co nsidered
during the hazard identificatio n pro cess:
16
—
OH&S leg al and o ther requirements (see 4.3.2 ), e.g . tho se that
prescribe ho w hazards sho uld be identified,
—
OH&S po licy (see 4.2 ),
—
mo nito ring data (see 4.5.1 ),
—
o ccupatio nal expo sure and health assessments,
—
reco rds o f incidents (see 3.9 ),
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
—
repo rts fro m previo us audits, assessments o r reviews,
—
input fro m emplo yees and o ther interested parties (see 4.4.3 ),
—
info rmatio n fro m o ther manag ement systems (e.g . fo r quality
manag ement o r enviro nmental manag ement),
—
info rmatio n fro m emplo yee OH&S co nsultatio ns,
—
pro cess review and impro vement activities in the wo rkplace,
—
info rmatio n o n best practice and/o r typical hazards in similar
o rg anizatio ns,
—
repo rts o f incidents that have o ccurred in similar o rg anizatio ns,
—
info rmatio n o n the facilities, pro cesses and activities o f the
o rg anizatio n, including the fo llo wing :
•
wo rkplace desig n, traffic plans (e.g . pedestrian walkways,
vehicle ro uting ), si
OCCUPATIONAL HEALTH AND SAFETY ASSESSMENT SERIES
Occupational health
and safety management
systems — Guidelines for
the implementation of
OHSAS 18001:2007
ICS 0 3 .1 0 0 .0 1 : 1 3 .1 0 0
NO COPYING WITHOUT OHSAS PROJECT GROUP PERMISSION EXCEPT AS PERMITTED
BY COPYRIGHT LAW
OHSAS 18002:2008
Publishing and copyright information
The OHSAS co pyrig ht no tice displayed in this do cument indicates when
the do cument was last issued.
© OHSAS Pro ject Gro up 2008
ISBN 978 0 580 61674 7
ICS 03.100.01; 13.100
Publication history
First published February 2000
Seco nd editio n No vember 2008
Amendments issued since publication
Amd. No.
Date
Text affected
OHSAS 18002:2008
Contents
Ackno wledg ement ii
Fo rewo rd iv
Intro ductio n 1
1
Sco pe 4
2
Reference publicatio ns 5
3
Terms and definitio ns 5
4
OH&S manag ement system requirements
9
Annexes
Annex A (info rmative) Co rrespo ndence between OHSAS 18001:2007,
ISO 14001:2004 and ISO 9001:2008 68
Annex B (info rmative) Co rrespo ndence between OHSAS 18001,
OHSAS 18002 and the ILO-OSH:2001 Guidelines o n o ccupatio nal safety
and health manag ement systems 71
Annex C (info rmative) Examples o f items fo r inclusio n in a hazard
identificatio n checklist 75
Annex D (info rmative) Co mpariso ns o f so me examples o f risk
assessment to o ls and metho do lo g ies 77
Biblio g raphy
78
List of figures
Fig ure 1 – OH&S manag ement system mo del fo r this OHSAS
Standard 2
Fig ure 2 – Overview o f the hazard identificatio n and risk assessment
pro cess 15
List of tables
Table A.1 – Co rrespo ndence between OHSAS 18001:2007,
ISO 14001:2004 and ISO 9001:2008 68
Table B.1 – Co rrespo ndence between the clauses o f the OHSAS
do cuments and the clauses o f the ILO-OSH Guidelines 73
Summary of pages
This do cument co mprises a fro nt co ver, an inside fro nt co ver,
pag es i to vi, pag es 1 to 78, an inside back co ver and a back co ver.
The co pyrig ht no tice displayed in this do cument indicates when the
do cument was last issued.
© OHSAS Project Group 2008 – All rights reserved
• i
OHSAS 18002:2008
Acknow ledgement
The fo llo wing o rg anizatio ns are included in this listing either
to reco g nize their assistance in the develo pment o f this editio n
o f OHSAS 18002, o r to reco g nize their g eneral suppo rt o f the
OHSAS standards.
AFAQ EAQA
American Industrial Hyg iene Asso ciatio n (AIHA)
American So ciety o f Safety Eng ineers (ASSE)
Aso ciació n Españo la de No rmalizació n y Certificació n (AENOR)
Asso ciatio n o f British Certificatio n Bo dies (ABCB)
British Standards Institutio n (BSI)
Bureau Veritas Certificatio n
Cˇeský no rmalizacˇní institute (CNI)
Co misió n Federal de Electricidad (CFE), (Gerencia de la seg uridad
industrial)
Czech Accreditatio n Institute (CAI)
Det No rske Veritas (DNV)
DS Certificatio n A/S
EEF the manufacturers’ o rg anisatio n
ENLAR Co mpliance Services, Inc.
Esto nian Centre fo r Standardisatio n (EVS)
Health and Safety Executive 1)
Ho ng Ko ng Quality Assurance Ag ency (HKQAA)
iM S Risk So lutio ns
Institute fo r Standardizatio n o f Serbia (ISS)
Institutio n o f Occupatio nal Safety and Health (IOSH)
Instituto Arg entino de No rmalizació n y Certificació n (IRAM )
Instituto Co lo mbiano de No rmas Técnicas y Certificació n (ICONTEC)
Instituto de No rmas Técnicas de Co sta Rica (INTECO)
Instituto M exicano de No rmalizació n y Certificació n, A.C. (IM NC, A.C.)
Instituto Urug uayo de No rmas Técnicas (UNIT)
ITS Co nsultants
Japan Industrial Safety and Health Asso ciatio n (JISHA)
Japanese Standards Asso ciatio n (JSA)
Ko rea Gas Safety Co rpo ratio n (ISO Certificate Divisio n)
Llo yds Reg ister Quality Assurance (LRQA)
M anag ement Systems Certificatio n Limited
1)
As the reg ulato ry autho rity respo nsible fo r health and safety in Great
Britain, the Health and Safety Executive wo uld wish to make it clear that
reliance o n the OHSAS Standard by o rg anizatio ns will no t abso lve them
fro m co mpliance with any o f their leg al health and safety o blig atio ns
under the laws o f Eng land and W ales, and Sco tland.
ii • © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
Natio nal Standards Autho rity o f Ireland (NSAI)
Natio nal University o f Sing apo re (NUS)
Nederlands No rmalisatie-instituut (NEN)
NPKF ELECTON
NQA
QM I-SAI Glo bal
SABS Co mmercial (Pty) Ltd.
Service de No rmalisatio n Industrielle M aro caine (SNIM A)
SGS United King do m Ltd
SIRIM QAS Internatio nal
Slo venský ústav technickej no rmalizácie (SUTN)
SPRING Sing apo re
Standards Institutio n o f Israel (SII)
Suco findo Internatio nal Certificatio n Services (SICS)
Swedish Industry Asso ciatio n (Sinf)
Swedish Standards Institute (SIS)
Techno fer Ltd.
TÜV Rheinland Cert GmbH – TÜV Rheinland Gro up
Standards Asso ciatio n o f Zimbabwe (SAZ)
W e wo uld also like to reco g nize the invaluable co ntributio n made
by tho se many o rg anizatio ns who to o k the time to review the
wo rking drafts o f OHSAS 18002, and who submitted co mments fo r
co nsideratio n. This helped us g reatly in impro ving the standard, and
is much appreciated.
© OHSAS Project Group 2008 – All rights reserved
• iii
OHSAS 18002:2008
Forew ord
This Occupatio nal Health and Safety Assessment Series (OHSAS)
g uideline, and OHSAS 18001:2007, Occupational health and safety
management systems — Requirements, have been develo ped in
respo nse to custo mer demand fo r a reco g nizable o ccupatio nal
health and safety manag ement system standard ag ainst which their
manag ement systems can be assessed and certified, and fo r g uidance
o n the implementatio n o f such a standard.
OHSAS 18001 is co mpatible with the ISO 9001:2008 (Quality) and
ISO 14001:2004 (Enviro nmental) manag ement systems standards,
in o rder to facilitate the integ ratio n o f quality, enviro nmental
and o ccupatio nal health and safety manag ement systems by
o rg anizatio ns, sho uld they wish to do so .
OHSAS 18002 quo tes the specific requirements fro m OHSAS 18001
and fo llo ws with relevant g uidance. The clause numbering o f
OHSAS 18002 is alig ned with that o f OHSAS 18001. Text g iven with
an o utlined bo x is an exact duplicatio n o f text fro m OHSAS 18001.
OHSAS 18002 will be reviewed and amended o r revised when
co nsidered appro priate. Reviews will be co nducted when new editio ns
o f OHSAS 18001 are published (expected when revised editio ns o f
either ISO 9001 o r ISO 14001 are published).
This OHSAS Standard will be withdrawn o n publicatio n o f its co ntents
in, o r as, an Internatio nal Standard.
This OHSAS Standard has been drafted in acco rdance with the rules
g iven in the ISO/IEC Directives, Part 2.
This seco nd editio n cancels and replaces the first editio n
(OHSAS 18002:2000), which has been technically revised.
The principal chang es with respect to the previo us editio n are as
fo llo ws:
1)
in relatio n to the revised text o f OHSAS 18001:
—
The impo rtance o f “ health” has no w been g iven g reater
emphasis.
—
OHSAS 18001 no w refers to itself as a standard, no t a
specificatio n, o r do cument, as in the earlier editio n. This
reflects the increasing ado ptio n o f OHSAS 18001 as the basis
fo r natio nal standards o n o ccupatio nal health and safety
manag ement systems.
—
The “ Plan-Do -Check-Act” mo del diag ram is o nly g iven in
the Intro ductio n, in its entirety, and no t also as sectio nal
diag rams at the start o f each majo r clause.
—
Reference publicatio ns in Clause 2 have been limited to
purely internatio nal do cuments.
—
New definitio ns have been added, and existing definitio ns
revised.
—
Sig nificant impro vement in alig nment with ISO 14001:2004
thro ug ho ut the standard, and impro ved co mpatibility with
ISO 9001:2008.
—
The term “ to lerable risk” has been replaced by the term
“ acceptable risk” (see 3.1 ).
iv • © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
—
The term “ accident” is no w included in the term “ incident”
(see 3.9 ).
—
The definitio n o f the term “ hazard” no lo ng er refers
to “ damag e to pro perty o r damag e to the wo rkplace
enviro nment” (see 3.6 ).
It is no w co nsidered that such “ damag e” is no t directly
related to o ccupatio nal health and safety manag ement,
which is the purpo se o f this OHSAS Standard, and that it is
included in the field o f asset manag ement. Instead, the risk
o f such “ damag e” having an effect o n o ccupatio nal health
and safety sho uld be identified thro ug h the o rg anizatio n’s
risk assessment pro cess, and be co ntro lled thro ug h the
applicatio n o f appro priate risk co ntro ls.
2)
—
Sub-clauses 4.3.3 and 4.3.4 have been merg ed, in line with
ISO 14001:2004.
—
A new requirement has been intro duced fo r the
co nsideratio n o f the hierarchy o f co ntro ls as part o f OH&S
planning (see 4.3.1 ).
—
M anag ement o f chang e is no w mo re explicitly addressed
(see 4.3.1 and 4.4.6 ).
—
A new clause o n the “ Evaluatio n o f co mpliance” (see 4.5.2 )
has been intro duced.
—
New requirements have been intro duced fo r participatio n
and co nsultatio n (see 4.4.3.2 ).
—
New requirements have been intro duced fo r the
investig atio n o f incidents (see 4.5.3.1 ).
in relatio n to chang es that are specific to OHSAS 18002:
—
OHSAS 18002:2000 included a presentation format where
firstly the relevant OHSAS 18001 clause was given followed by:
a)
a descriptio n o f the intent o f the clause;
b)
typical inputs needed fo r meeting the requirements o f
the clause;
c)
a descriptio n o f pro cesses that an o rg anizatio n co uld use
to meet the requirements;
d)
typical o utputs expected fro m meeting the requirements.
This fo rmat was fo und to be difficult to apply, so has no t been
fo llo wed in this editio n (in fact, the fo rmat had no t been
applied co nsistently in the 2000 editio n). Instead, this editio n o f
OHSAS 18002 is no w presented in a mo re lo g ical fo rmat, in which
items in a) to d) have been fo llo wed during the drafting o f the
g uidance, but have no t been g iven o vertly, as previo usly.
—
New sub-clauses, as per OHSAS 18001 (and fro m ISO 14001),
e.g .:
•
fo r OHSAS 18001:2007, 4.4.3 Co mmunicatio n,
participatio n and co nsultatio n (including new sub-clauses
o n participatio n/co nsultatio n), and 4.5.3.1 Incident
investig atio n.
•
fro m ISO 14001:2004, 4.3.3 Objectives and pro g ramme(s)
(thro ug h the merg ing o f the fo rmer sub-clauses 4.3.3 and
4.3.4 ), and 4.5.2 Evaluatio n o f co mpliance.
© OHSAS Project Group 2008 – All rights reserved
• v
OHSAS 18002:2008
—
New sub-clauses in alig nment with the ILO-OSH:2001
Guidelines, e.g . 4.1.2 Initial review, and 4.3.1.5 M anag ement
o f chang e
—
Additio nal new sub-clauses and annexes, e.g . 4.4.2.4
Awareness, Annex C – Examples o f items fo r inclusio n in a
hazard identificatio n checklist and Annex D – Co mpariso ns o f
so me examples o f risk assessment to o ls and metho do lo g ies
—
Expanded g uidance g iven in many sub-clauses, e.g . fo r 4.3.1
Hazard identificatio n, risk assessment and determinatio n
o f co ntro ls, 4.3.2 Leg al and o ther requirements, 4.3.3
Objectives and pro g ramme(s), 4.4.6 Operatio nal co ntro l, 4.4.7
Emerg ency preparedness and respo nse, 4.5.5 Internal audit
This publication does not purport to include all the necessary provisions
of a contract. Users are responsible for its correct application.
Compliance w ith this Occupational Health and Safety Assessment Series
(OHSAS) Standard cannot confer immunity from legal obligations.
vi • © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
Introduction
Org anizatio ns o f all kinds are increasing ly co ncerned with achieving
and demo nstrating so und o ccupatio nal health and safety (OH&S)
perfo rmance by co ntro lling their OH&S risks, co nsistent with their
OH&S po licy and o bjectives. They do so in the co ntext o f increasing ly
string ent leg islatio n, the develo pment o f eco no mic po licies and o ther
measures that fo ster g o o d OH&S practices, and o f increased co ncern
expressed by interested parties abo ut OH&S issues.
M any organizations have undertaken OH&S “ reviews” or “ audits” to
assess their OH&S performance. On their own, however, these “ reviews”
and “ audits” may not be sufficient to provide an organization with
the assurance that its performance not only meets, but will continue to
meet, its legal and policy requirements. To be effective, they need to be
conducted within a structured management system that is integrated
within the organization.
The OHSAS Standards co vering OH&S manag ement are intended
to pro vide o rg anizatio ns with the elements o f an effective OH&S
manag ement system that can be integ rated with o ther manag ement
requirements and help o rg anizatio ns achieve OH&S and eco no mic
o bjectives. These standards, like o ther Internatio nal Standards, are no t
intended to be used to create no n-tariff trade barriers o r to increase
o r chang e an o rg anizatio n’s leg al o blig atio ns.
OHSAS 18001 specifies requirements for an OH&S management system
to enable an organization to develop and implement a policy and
objectives which take into account legal requirements and information
about OH&S risks. It is intended to apply to all types and sizes of
organizations and to accommodate diverse geographical, cultural
and social conditions. The basis of the approach is shown in Figure 1.
The success of the system depends on commitment from all levels and
functions of the organization, and especially from top management. A
system of this kind enables an organization to develop an OH&S policy,
establish objectives and processes to achieve the policy commitments,
take action as needed to improve its performance, and demonstrate
the conformity of the system to the requirements of OHSAS 18001. The
overall aim of OHSAS 18001 is to support and promote good OH&S
practices, including self regulation, in balance with socio -economic
needs. It should be noted that many of the requirements can be
addressed concurrently or revisited at any time.
The develo pment o f OHSAS 18001:2007 fo cused o n impro ving the
standard by:
—
impro ving alig nment with ISO 14001 and ISO 9001;
—
seeking opportunities for alignment with other OH&S management
system standards, e.g. the ILO-OSH:2001 Guidelines;
—
reflecting develo pments in OH&S practices;
—
clarifying the o rig inal text fro m the OHSAS 18001:1999
requirements based o n experience o f its use.
There is an impo rtant distinctio n between OHSAS 18001, which
describes the requirements fo r an o rg anizatio n’s OH&S manag ement
system and can be used fo r certificatio n/reg istratio n and/o r
self-declaratio n o f an o rg anizatio n’s OH&S manag ement system, and
© OHSAS Project Group 2008 – All rights reserved
• 1
OHSAS 18002:2008
a no n-certifiable g uideline, such as OHSAS 18002, intended to pro vide
g eneric assistance to an o rg anizatio n fo r establishing , implementing
o r impro ving an OH&S manag ement system. OH&S manag ement
enco mpasses a full rang e o f issues, including tho se with strateg ic and
co mpetitive implicatio ns. Demo nstratio n o f successful implementatio n
o f OHSAS 18001 can be used by an o rg anizatio n to assure interested
parties that an appro priate OH&S manag ement system is in place.
Any reference to o ther Internatio nal Standards is fo r info rmatio n o nly.
Fig ure 1
OH&S management system model for this OHSAS Standard
Continual Improvement
OH&S policy
Management
review
Planning
Checking and
corrective action
Implementation
and operation
NOTE This OHSAS Standard is based on the methodology known as
Plan-Do-Check-Act (PDCA). PDCA can be briefly described as follows.
2
—
Plan: establish the objectives and processes necessary to deliver
results in accordance with the organization’s OH&S policy.
—
Do : implement the processes.
—
Check: monitor and measure processes against OH&S policy,
objectives, legal and other requirements, and report the results.
—
Act: take actions to continually improve OH&S performance.
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
M any organizations manage their operations via the application of a
system of processes and their interactions, which can be referred to as the
“ process approach” . ISO 9001 promotes the use of the process approach.
Since PDCA can be applied to all processes, the two methodologies are
considered to be compatible.
OHSAS 18001 contains requirements that can be objectively audited;
however, it does not establish absolute requirements for OH&S
performance beyond the commitments, in the OH&S policy, to comply
with applicable legal requirements and with other requirements to
which the organization subscribes, to the prevention of injury and ill
health and to continual improvement. Thus, two organizations carrying
out similar operations but having different OH&S performance can
both conform to its requirements.
OHSAS 18001 does not include requirements specific to other
management systems, such as those for quality, environmental,
security, or financial management, though its elements can be aligned
or integrated with those of other management systems. It is possible
for an organization to adapt its existing management system(s) in
order to establish an OH&S management system that conforms to the
requirements of OHSAS 18001. It is pointed out, however, that the
application of various elements of the management system might differ
depending on the intended purpose and the interested parties involved.
The level o f detail and co mplexity o f the OH&S manag ement system,
the extent o f do cumentatio n and the reso urces devo ted to it depend
o n a number o f facto rs, such as the sco pe o f the system, the size o f
an o rg anizatio n and the nature o f its activities, pro ducts and services,
and the o rg anizatio nal culture. This may be the case in particular fo r
small and medium-sized enterprises.
NOTE 1 As all of the requirements of OHSAS 18001:2007 are included
within OHSAS 18002:2008, organizations can choose to retain a copy of
OHSAS 18002 alone, for certification purposes.
NOTE 2 There are some small variations in text between the Introduction
given in OHSAS 18001 and this Introduction to account for the differences
in the two OHSAS standards.
© OHSAS Project Group 2008 – All rights reserved
• 3
OHSAS 18002:2008
Occupational health and safety management
systems — Guidelines for the implementation of
OHSAS 18001:2007
1
Scope
This Occupatio nal Health and Safety Assessment Series (OHSAS)
g uideline pro vides g eneric advice o n the applicatio n o f OHSAS
18001:2007.
It explains the underlying principles o f OHSAS 18001 and describes
the intent, typical inputs, pro cesses and typical o utputs, ag ainst each
requirement o f OHSAS 18001. This is to aid the understanding and
implementatio n o f OHSAS 18001.
OHSAS 18002 do es no t create additio nal requirements to tho se
specified in OHSAS 18001 no r do es it prescribe mandato ry appro aches
to the implementatio n o f OHSAS 18001.
OHSAS 18001 text
This Occupatio nal Health and Safety Assessment Series (OHSAS)
Standard specifies requirements fo r an o ccupatio nal health and
safety (OH&S) manag ement system, to enable an o rg anizatio n
to co ntro l its OH&S risks and impro ve its OH&S perfo rmance. It
do es no t state specific OH&S perfo rmance criteria, no r do es it g ive
detailed specificatio ns fo r the desig n o f a manag ement system.
This OHSAS Standard is applicable to any o rg anizatio n that
wishes to :
a)
establish an OH&S manag ement system to eliminate o r
minimize risks to perso nnel and o ther interested parties
who co uld be expo sed to OH&S hazards asso ciated with its
activities;
b)
implement, maintain and co ntinually impro ve an OH&S
manag ement system;
c)
assure itself o f its co nfo rmity with its stated OH&S po licy;
d)
demo nstrate co nfo rmity with this OHSAS Standard by:
1)
making a self-determinatio n and self-declaratio n, o r
2)
seeking co nfirmatio n o f its co nfo rmance by parties
having an interest in the o rg anizatio n, such as custo mers,
or
3)
seeking co nfirmatio n o f its self-declaratio n by a party
external to the o rg anizatio n, o r
4)
seeking certificatio n/reg istratio n o f its OH&S
manag ement system by an external o rg anizatio n.
All the requirements in this OHSAS Standard are intended to be
inco rpo rated into any OH&S manag ement system. The extent o f
the applicatio n will depend o n such facto rs as the OH&S po licy
o f the o rg anizatio n, the nature o f its activities and the risks and
co mplexity o f its o peratio ns.
4
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
This OHSAS Standard is intended to address o ccupatio nal health
and safety, and is no t intended to address o ther health and safety
areas such as emplo yee wellbeing /wellness pro g rams, pro duct
safety, pro perty damag e o r enviro nmental impacts.
2
Reference publications
Other publicatio ns that pro vide info rmatio n o r g uidance are listed
in the Biblio g raphy. It is advisable that the latest editio ns o f such
publicatio ns be co nsulted. Specifically, reference sho uld be made to
the fo llo wing publicatio ns.
OHSAS 18001:2007 , Occupational health and safety management
systems — Requirements
Internatio nal Labo ur Org anizatio n:2001 , Guidelines on occupational
safety and health management systems (ILO-OSH:2001)
ISO 19011:2002 , Guidelines for quality and/or environmental
management systems auditing
NOTE A project was approved by the International Organization for
Standardization (ISO) in M arch 2008 to revise ISO 19011 and to expand its
scope to cover the auditing of additional fields of management systems,
including OH&S management systems. Reference should be made to the
revised version when it is available.
3
Terms and definitions
Fo r the purpo ses o f this do cument, the terms and definitio ns g iven in
OHSAS 18001 apply.
OHSAS 18001 text
3.1
acceptable risk
risk that has been reduced to a level that can be to lerated by the
o rg anizatio n having reg ard to its leg al o blig atio ns and its o wn
OH&S po licy (3.16 )
3.2
audit
systematic, independent and do cumented pro cess fo r o btaining
“ audit evidence” and evaluating it o bjectively to determine the
extent to which “ audit criteria” are fulfilled
[ISO 9000:2005, 3.9.1 ]
NOTE 1 Independent does not necessarily mean external to the
organization. In many cases, particularly in smaller organizations,
independence can be demonstrated by the freedom from
responsibility for the activity being audited.
NOTE 2 For further guidance on “ audit evidence” and “ audit
criteria” , see ISO 19011.
© OHSAS Project Group 2008 – All rights reserved
• 5
OHSAS 18002:2008
3.3
continual improvement
recurring process of enhancing the OH&S management system (3.13 )
in order to achieve improvements in overall OH&S performance
(3.15 ) consistent with the organization’s (3.17 ) OH&S policy (3.16 )
NOTE 1 The process need not take place in all areas of activity
simultaneously.
NOTE 2
Adapted from ISO 14001:2004, 3.2 .
3.4
corrective action
actio n to eliminate the cause o f a detected no nco nfo rmity (3.11 )
o r o ther undesirable situatio n
NOTE 1
There can be more than one cause for a nonconformity.
NOTE 2 Corrective action is taken to prevent recurrence whereas
preventive action (3.18 ) is taken to prevent occurrence.
[ISO 9000:2005, 3.6.5 ]
3.5
document
info rmatio n and its suppo rting medium
NOTE The medium can be paper, magnetic, electronic or optical
computer disc, photograph or master sample, or a combination
thereof.
[ISO 14001:2004, 3.4 ]
3.6
hazard
so urce, situatio n, o r act with a po tential fo r harm in terms o f
human injury o r ill health (3.8 ), o r a co mbinatio n o f these
3.7
hazard identification
pro cess o f reco g nizing that a hazard (3.6 ) exists and defining its
characteristics
3.8
ill health
identifiable, adverse physical or mental condition arising from and/
or made worse by a work activity and/or work-related situation
3.9
incident
wo rk-related event(s) in which an injury o r ill health (3.8 )
(reg ardless o f severity) o r fatality o ccurred, o r co uld have o ccurred
NOTE 1 An accident is an incident which has given rise to injury, ill
health or fatality.
NOTE 2 An incident where no injury, ill health, or fatality occurs
may also be referred to as a “ near-miss” , “ near-hit” , “ close call” or
“ dangerous occurrence” .
NOTE 3 An emergency situation (see 4.4.7 ) is a particular type of
incident.
6
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
3.10
interested party
perso n o r g ro up, inside o r o utside the wo rkplace (3.23 ),
co ncerned with o r affected by the OH&S perfo rmance (3.15 ) o f an
o rg anizatio n (3.17 )
3.11
nonconformity
no n-fulfilment o f a requirement
[ISO 9000:2005, 3.6.2 ; ISO 14001, 3.15 ]
NOTE
A nonconformity can be any deviation from:
—
relevant work standards, practices, procedures, legal
requirements, etc.
—
OH&S management system (3.13 ) requirements.
3.12
occupational health and safety (OH&S)
co nditio ns and facto rs that affect, o r co uld affect, the health
and safety o f emplo yees o r o ther wo rkers (including tempo rary
wo rkers and co ntracto r perso nnel), visito rs, o r any o ther perso n in
the wo rkplace (3.23 )
NOTE Organizations can be subject to legal requirements for the
health and safety of persons beyond the immediate workplace, or
who are exposed to the workplace activities.
3.13
OH&S management system
part o f an o rg anizatio n’s (3.17 ) manag ement system used to
develo p and implement its OH&S po licy (3.16 ) and manag e its
OH&S risks (3.21 )
NOTE 1 A management system is a set of interrelated elements used
to establish policy and objectives and to achieve those objectives.
NOTE 2 A management system includes organizational structure,
planning activities (including, for example, risk assessment and the
setting of objectives), responsibilities, practices, procedures (3.19 ),
processes and resources.
NOTE 3
Adapted from ISO 14001:2004, 3.8 .
3.14
OH&S objective
OH&S g o al, in terms o f OH&S perfo rmance (3.15 ), that an
o rg anizatio n (3.17 ) sets itself to achieve
NOTE 1
Objectives should be quantified wherever practicable.
NOTE 2 4.3.3 requires that OH&S objectives are consistent with the
OH&S policy (3.16 ).
3.15
OH&S performance
measurable results o f an o rg anizatio n’s (3.17 ) manag ement o f its
OH&S risks (3.21 )
NOTE 1 OH&S performance measurement includes measuring the
effectiveness of the organization’s controls.
© OHSAS Project Group 2008 – All rights reserved
• 7
OHSAS 18002:2008
NOTE 2 In the context of OH&S management systems (3.13 ),
results can also be measured against the organization’s (3.17 )
OH&S policy (3.16 ), OH&S objectives (3.14 ), and other OH&S
performance requirements.
3.16
OH&S policy
o verall intentio ns and directio n o f an o rg anizatio n (3.17 ) related
to its OH&S perfo rmance (3.15 ) as fo rmally expressed by to p
manag ement
NOTE 1 The OH&S policy provides a framework for action and for
the setting of OH&S objectives (3.14 )
NOTE 2
Adapted from ISO 14001:2004, 3.11 .
3.17
organization
co mpany, co rpo ratio n, firm, enterprise, autho rity o r institutio n, o r
part o r co mbinatio n thereo f, whether inco rpo rated o r no t, public
o r private, that has its o wn functio ns and administratio n
NOTE For organizations with more than one operating unit, a single
operating unit may be defined as an organization.
[ISO 14001:2004, 3.16 ]
3.18
preventive action
actio n to eliminate the cause o f a po tential no nco nfo rmity (3.11 )
o r o ther undesirable po tential situatio n
NOTE 1 There can be more than one cause for a potential
nonconformity.
NOTE 2 Preventive action is taken to prevent occurrence whereas
corrective action (3.4 ) is taken to prevent recurrence.
[ISO 9000:2005, 3.6.4 ]
3.19
procedure
specified way to carry o ut an activity o r a pro cess
NOTE
Procedures can be documented or not.
[ISO 9000:2005, 3.4.5 ]
3.20
record
do cument (3.5 ) stating results achieved o r pro viding evidence o f
activities perfo rmed
[ISO 14001:2004, 3.20 ]
3.21
risk
co mbinatio n o f the likeliho o d o f an o ccurrence o f a hazardo us
event o r expo sure(s) and the severity o f injury o r ill health (3.8 )
that can be caused by the event o r expo sure(s)
3.22
risk assessment
pro cess o f evaluating the risk(s) (3.21 ) arising fro m a hazard(s),
taking into acco unt the adequacy o f any existing co ntro ls, and
deciding whether o r no t the risk(s) is acceptable
8
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
3.23
w orkplace
any physical lo catio n in which wo rk related activities are
perfo rmed under the co ntro l o f the o rg anizatio n
NOTE W hen giving consideration to what constitutes a workplace,
the organization (3.17 ) should take into account the OH&S effects on
personnel who are, for example, travelling or in transit (e.g. driving,
flying, on boats or trains), working at the premises of a client or
customer, or working at home.
4
4.1
OH&S management system requirements
General requirements
OHSAS 18001 text
The o rg anizatio n shall establish, do cument, implement, maintain
and co ntinually impro ve an OH&S manag ement system in
acco rdance with the requirements o f this OHSAS Standard and
determine ho w it will fulfil these requirements.
The o rg anizatio n shall define and do cument the sco pe o f its
OH&S manag ement system.
4.1.1
OH&S management system
This OHSAS 18001 requirement is a g eneral statement co ncerning
the establishment and maintenance o f an OH&S manag ement system
within an o rg anizatio n
“ Establish” implies a level o f permanency and the system sho uld
no t be co nsidered established until all its elements have been
demo nstrably implemented. “ M aintain” implies that, o nce
established, the system co ntinues to o perate. This requires active
effo rt o n the part o f the o rg anizatio n. M any systems start well
but deterio rate due to lack o f maintenance. M any o f the elements
o f OHSAS 18001 (such as checking and co rrective actio n and
manag ement review) are desig ned to ensure active maintenance o f
the system.
An o rg anizatio n seeking to establish an OH&S manag ement system
that co nfo rms to OHSAS 18001 sho uld determine its current po sitio n
with reg ard to its OH&S risks by means o f an initial review (see 4.1.2
fo r further details o n initial review). In determining ho w it will fulfil
the requirements o f OHSAS 18001 the o rg anizatio n sho uld co nsider
the co nditio ns and facto rs that affect, o r co uld affect, the health
and safety o f perso ns, what OH&S po licies it needs, and ho w it will
manag e its OH&S risks.
The level o f detail and co mplexity o f the OH&S manag ement
system, the extent o f do cumentatio n and the reso urces devo ted to
it are dependent o n the nature (size, structure, co mplexity) o f an
o rg anizatio n and its activities.
© OHSAS Project Group 2008 – All rights reserved
• 9
OHSAS 18002:2008
4.1.2
Initial review
An initial review sho uld co mpare the o rg anizatio n’s current
manag ement o f OH&S ag ainst the OHSAS 18001 requirements
(including tho se fo r applicable leg al o r o ther requirements), in o rder
to determine the extent to which these requirements are being met.
The initial review will pro vide info rmatio n which an o rg anizatio n
can use in fo rmulating plans fo r implementing and prio ritizing
impro vements to the OH&S manag ement system.
The aim o f an initial review sho uld be to co nsider all OH&S risks faced
by the o rg anizatio n, as a basis fo r establishing the OH&S manag ement
system. An o rg anizatio n sho uld co nsider, but no t limit itself to , the
fo llo wing items within its initial review:
—
leg al and o ther requirements (see the examples in 4.3.2 );
—
identificatio n o f the OH&S hazards and evaluatio n o f risks faced
by the o rg anizatio n;
—
OH&S assessments;
—
an examinatio n o f existing systems, practices, pro cesses and
pro cedures;
—
evaluatio ns o f OH&S impro vement initiatives;
—
an evaluatio n o f feedback fro m the investig atio n o f previo us
incidents, wo rk related ill health, accidents and emerg encies;
—
relevant manag ement systems and available reso urces.
A suitable appro ach to the initial review can include the use o f:
—
checklists, interviews, direct inspectio n and measurement;
—
the results o f previo us manag ement system audits o r o ther
reviews, depending o n the nature o f the o rg anizatio n’s activities;
—
the results o f co nsultatio ns with wo rkers, co ntracto rs o r o ther
relevant external interested parties.
W here hazard identificatio n and risk assessment pro cesses already
exist, they sho uld be reviewed fo r adequacy ag ainst the requirements
o f OHSAS 18001.
It is emphasized that an initial review is no t a substitute fo r the
implementatio n o f the structured systematic appro ach to hazard
identificatio n, risk assessment and determining co ntro ls g iven in 4.3.1 .
Ho wever an initial review can pro vide additio nal inputs into planning
these pro cesses.
4.1.3
Scope of the OH&S management system
An o rg anizatio n can cho o se to implement an OH&S manag ement
system with respect to the entire o rg anizatio n, o r to a subdivisio n
o f the o rg anizatio n, pro vided this is co nsistent with its definitio n o f
its wo rkplace (see 3.23 ). Ho wever, o nce the wo rkplace is defined,
all the wo rk related activities and services o f the o rg anizatio n, o r
subdivisio n, within that wo rkplace need to be included in the OH&S
manag ement system.
Care sho uld be taken in defining and do cumenting the sco pe o f the
OH&S manag ement system, to determine who , what and where, are
to be co vered. The sco pe sho uld no t be limited so as to exclude an
10
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
o peratio n o r activity that can impact o n the OH&S (see 3.12 ) o f an
o rg anizatio n’s emplo yees and o ther perso ns under its co ntro l in the
wo rkplace.
NOTE The ILO-OSH:2001 Guidelines recommend that employees are
consulted when defining the scope, or when changes to the scope are
considered.
4.2
OH&S policy
OHSAS 18001 text
To p manag ement shall define and autho rize the o rg anizatio n’s
OH&S po licy and ensure that within the defined sco pe o f its
OH&S manag ement system it:
a)
is appro priate to the nature and scale o f the o rg anizatio n’s
OH&S risks;
b)
includes a co mmitment to preventio n o f injury and ill health
and co ntinual impro vement in OH&S manag ement and
OH&S perfo rmance;
c)
includes a co mmitment to at least co mply with applicable
leg al requirements and with o ther requirements to which the
o rg anizatio n subscribes that relate to its OH&S hazards;
d)
pro vides the framewo rk fo r setting and reviewing OH&S
o bjectives;
e)
is do cumented, implemented and maintained;
f)
is co mmunicated to all perso ns wo rking under the co ntro l o f
the o rg anizatio n with the intent that they are made aware o f
their individual OH&S o blig atio ns;
g)
is available to interested parties; and
h)
is reviewed perio dically to ensure that it remains relevant and
appro priate to the o rg anizatio n.
Top management should demonstrate the leadership and commitment
necessary for the OH&S management system to be successful and to
achieve improved OH&S performance.
An OH&S po licy establishes an o verall sense o f directio n and is the
driver fo r implementing and impro ving an o rg anizatio n’s OH&S
manag ement system so that it can maintain and po tentially impro ve
its OH&S perfo rmance.
It sho uld enable perso ns under the co ntro l o f the o rg anizatio n to
understand the o verall co mmitment o f the o rg anizatio n and ho w this
can affect their individual respo nsibilities.
The respo nsibility fo r defining and autho rizing an OH&S po licy rests
with the o rg anizatio n’s to p manag ement. The o ng o ing and pro active
invo lvement o f to p manag ement in develo ping and implementing an
OH&S po licy is crucial.
The o rg anizatio n’s OH&S po licy sho uld be appro priate to the nature
and scale o f its identified risks and sho uld g uide the setting o f
o bjectives. In o rder to be appro priate, the OH&S po licy sho uld:
© OHSAS Project Group 2008 – All rights reserved
• 11
OHSAS 18002:2008
—
be co nsistent with a visio n o f the o rg anizatio n’s future, and
—
be realistic, neither o verstating the nature o f the risks the
o rg anizatio n faces, no r trivializing them.
In develo ping its OH&S po licy, an o rg anizatio n sho uld co nsider:
—
its missio n, visio n, co re values and beliefs,
—
co o rdinatio n with o ther po licies (co rpo rate, integ rated, etc.),
—
the needs o f perso ns wo rking under the co ntro l o f the
o rg anizatio n,
—
the OH&S hazards o f the o rg anizatio n,
—
leg al and o ther requirements to which the o rg anizatio n
subscribes that relate to its OH&S hazards,
—
histo rical and current OH&S perfo rmance by the o rg anizatio n,
—
o ppo rtunities and needs fo r co ntinual impro vement and the
preventio n o f injury and ill health,
—
the views o f interested parties,
—
what is needed to establish realistic and achievable o bjectives.
The po licy is, as a minimum, required to include statements abo ut the
co mmitment o f an o rg anizatio n to :
—
the preventio n o f injury and ill health,
—
co ntinual impro vement in OH&S manag ement,
—
co ntinual impro vement in OH&S perfo rmance,
—
co mpliance with applicable leg al requirements, and
—
co mpliance with o ther requirements to which the o rg anizatio n
subscribes.
The OH&S po licy can be linked with o ther po licy do cuments o f
the o rg anizatio n and sho uld be co nsistent with the o rg anizatio n’s
o verall business po licies and with its po licies fo r o ther manag ement
disciplines, e.g . quality manag ement o r enviro nmental manag ement.
The co mmunicatio n o f the po licy sho uld assist in:
—
demo nstrating the co mmitment o f to p manag ement and the
o rg anizatio n to OH&S,
—
increasing awareness o f the co mmitments made in the po licy
statement,
—
explaining why the OH&S system is established and is maintained,
—
g uiding individuals in understanding their OH&S respo nsibilities
and acco untabilities (see 4.4.2 ).
In communicating the policy, consideration should be given to how to
create and maintain awareness in both new and existing persons under
the control of the organization. The policy can be communicated in
alternative forms to the policy statement itself, such as through the
use of rules, directives and procedures, wallet cards, posters, etc. In
communicating the policy, account should be taken of issues such as
diversity in the workplace, literacy levels, language skills, etc.
It is fo r the o rg anizatio n to determine ho w it wishes to make the
po licy available to its interested parties, e.g . thro ug h publicatio n o n a
web site, o r by pro viding printed co pies o n request.
12
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
The OH&S po licy sho uld be reviewed perio dically (see 4.6 ) to ensure
that it remains relevant and appro priate to the o rg anizatio n.
Chang e is inevitable, as leg islatio n and so cietal expectatio ns evo lve;
co nsequently, the o rg anizatio n’s OH&S po licy and OH&S manag ement
system need to be reviewed reg ularly to ensure their co ntinuing
suitability and effectiveness. If chang es are made to the po licy, the
revised po licy sho uld be co mmunicated to all perso ns wo rking under
the co ntro l o f the o rg anizatio n.
NOTE “ OH&S management” is equivalent to “ the management
of OH&S” and is the coordinated activities to direct and control an
organization with regard to OH&S.
4.3
4.3.1
Planning
Hazard identification, risk assessment and determining
controls
OHSAS 18001 text
The o rg anizatio n shall establish, implement and maintain
a pro cedure(s) fo r the o ng o ing hazard identificatio n, risk
assessment, and determinatio n o f necessary co ntro ls.
The pro cedure(s) fo r hazard identificatio n and risk assessment
shall take into acco unt:
a)
ro utine and no n-ro utine activities;
b)
activities o f all perso ns having access to the wo rkplace
(including co ntracto rs and visito rs);
c)
human behavio ur, capabilities and o ther human facto rs;
d)
identified hazards o rig inating o utside the wo rkplace capable
o f adversely affecting the health and safety o f perso ns under
the co ntro l o f the o rg anizatio n within the wo rkplace;
e)
hazards created in the vicinity o f the wo rkplace by
wo rk-related activities under the co ntro l o f the o rg anizatio n;
NOTE 1 It may be more appropriate for such hazards to be
assessed as an environmental aspect.
f)
infrastructure, equipment and materials at the wo rkplace,
whether pro vided by the o rg anizatio n o r o thers;
g)
chang es o r pro po sed chang es in the o rg anizatio n, its
activities, o r materials;
h)
mo dificatio ns to the OH&S manag ement system, including
tempo rary chang es, and their impacts o n o peratio ns,
pro cesses, and activities;
i)
any applicable leg al o blig atio ns relating to risk assessment
and implementatio n o f necessary co ntro ls (see also the NOTE
to 3.12 );
j)
the desig n o f wo rk areas, pro cesses, installatio ns, machinery/
equipment, o perating pro cedures and wo rk o rg anizatio n,
including their adaptatio n to human capabilities.
© OHSAS Project Group 2008 – All rights reserved
• 13
OHSAS 18002:2008
The o rg anizatio n’s metho do lo g y fo r hazard identificatio n and risk
assessment shall:
a)
be defined with respect to its sco pe, nature and timing to
ensure it is pro active rather than reactive; and
b)
pro vide fo r the identificatio n, prio ritizatio n and
do cumentatio n o f risks, and the applicatio n o f co ntro ls, as
appro priate.
Fo r the manag ement o f chang e, the o rg anizatio n shall identify
the OH&S hazards and OH&S risks asso ciated with chang es in the
o rg anizatio n, the OH&S manag ement system, o r its activities, prio r
to the intro ductio n o f such chang es.
The o rg anizatio n shall ensure that the results o f these assessments
are co nsidered when determining co ntro ls.
W hen determining co ntro ls, o r co nsidering chang es to existing
co ntro ls, co nsideratio n shall be g iven to reducing the risks
acco rding to the fo llo wing hierarchy:
a)
eliminatio n;
b)
substitutio n;
c)
eng ineering co ntro ls;
d)
sig nag e/warning s and/o r administrative co ntro ls;
e)
perso nal pro tective equipment.
The o rg anizatio n shall do cument and keep the results o f
identificatio n o f hazards, risk assessments and determined
co ntro ls up-to -date.
The o rg anizatio n shall ensure that the OH&S risks and determined
co ntro ls are taken into acco unt when establishing , implementing
and maintaining its OH&S manag ement system.
4.3.1.1
General
Hazards have the po tential to cause human injury o r ill health.
Hazards therefo re need to be identified befo re the risks asso ciated
with these hazards can be assessed and, if no co ntro ls exist o r existing
co ntro ls are inadequate, effective co ntro ls sho uld be implemented
acco rding to the hierarchy o f co ntro ls [see bullets a) to e) in
OHSAS 18001:2007, 4.3.1 ].
An organization will need to apply the process of hazard identification
(see 3.7 ) and risk assessment (see 3.22 ) to determine the controls
that are necessary to reduce the risks of incidents (see 3.9 ). The
overall purpose of the risk assessment process is to recognize and
understand the hazards (see 3.6 ) that might arise in the course of the
organization’s activities and ensure that the risks (see 3.21 ) to people
arising from these hazards are assessed, prioritized and controlled to a
level that is acceptable (see 3.1 ).
This is achieved by:
14
—
develo ping a metho do lo g y fo r hazard identificatio n and risk
assessment,
—
identifying hazards,
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
—
estimating the asso ciated risks, taking into acco unt the adequacy
o f any existing co ntro ls (it co uld be necessary to o btain
additio nal data and perfo rm further analysis in o rder to achieve a
reaso nable estimatio n o f the risks),
—
determining whether these risks are acceptable, and
—
determining the appro priate risk co ntro ls, where these are
fo und to be necessary (wo rkplace hazards and the way they
are to be co ntro lled are o ften defined in reg ulatio ns, co des o f
practice, g uidance published by reg ulato rs, and industry g uidance
do cuments).
The results o f risk assessments enable the o rg anizatio n to co mpare
risk reductio n o ptio ns and prio ritize reso urces fo r effective risk
manag ement.
The o utputs fro m the hazard identificatio n, risk assessment and
determining co ntro l pro cesses sho uld also be used thro ug ho ut the
develo pment and implementatio n o f the OH&S manag ement system.
Fig ure 2 pro vides an o verview o f the risk assessment pro cess.
Fig ure 2
Overview of the hazard identification and risk assessment process
Develop
Methodology
Identify
Hazards
Monitor &
Review
Implement
Controls
Manage
Change
As s es s
Ris ks
Determine
Controls
NOTE The development of the methodology can itself be subject to
change or improvement.
4.3.1.2
Developing a methodology and procedures for hazard
identification and risk assessment
Hazard identificatio n and risk assessment metho do lo g ies vary g reatly
acro ss industries, rang ing fro m simple assessments to co mplex
quantitative analyses with extensive do cumentatio n. Individual
hazards can require that different metho ds be used, e.g . an
assessment o f lo ng term expo sure to chemicals can need a different
metho d than that taken fo r equipment safety o r fo r assessing an
© OHSAS Project Group 2008 – All rights reserved
• 15
OHSAS 18002:2008
o ffice wo rkstatio n. Each o rg anizatio n sho uld cho o se appro aches
that are appro priate to its sco pe, nature and size, and which meet
its needs in terms o f detail, co mplexity, time, co st and availability o f
reliable data. In co mbinatio n, the cho sen appro aches sho uld result
in an inclusive metho do lo g y fo r the o ng o ing evaluatio n o f all the
o rg anizatio n’s OH&S risks.
The manag ement o f chang e (see 4.3.1.5 ) needs to be co nsidered
fo r chang es in assessed risks, determinatio n o f co ntro ls, o r the
implementatio n o f co ntro ls. M anag ement review sho uld be used to
determine whether chang es to the metho do lo g y are needed o verall.
To be effective, the organization’s procedures for hazard identification
and risk assessment should take account of the following:
—
hazards,
—
risks,
—
co ntro ls,
—
manag ement o f chang e,
—
do cumentatio n,
—
o ng o ing review.
To ensure co nsistency o f applicatio n, it is reco mmended that these
pro cedure(s) be do cumented.
OHSAS 18001:2007, 4.3.1 , identifies in bullets a) to j) what sho uld be
taken into acco unt in develo ping the pro cedure(s). Guidance o n these
can be fo und in sub-clauses 4.3.1.3 to 4.3.1.8 .
4.3.1.3
Hazard Identification
Hazard identificatio n sho uld aim to determine pro actively all so urces,
situatio ns o r acts (o r a co mbinatio n o f these), arising fro m an
o rg anizatio n’s activities, with a po tential fo r harm in terms o f human
injury o r ill health (see the definitio n o f “ hazard” in 3.6 ). Examples
include:
—
so urces (e.g . mo ving machinery, radiatio n o r energ y so urces),
—
situatio ns (e.g . wo rking at heig hts), o r
—
acts (e.g . manual lifting ).
Hazard identificatio n sho uld co nsider the different types o f hazards
in the wo rkplace, including physical, chemical, bio lo g ical and
psycho so cial (see Annex C fo r examples o f hazards).
The o rg anizatio n sho uld establish specific hazard identificatio n
to o ls and techniques that are relevant to the sco pe o f its OH&S
manag ement system.
The fo llo wing so urces o f info rmatio n o r inputs sho uld be co nsidered
during the hazard identificatio n pro cess:
16
—
OH&S leg al and o ther requirements (see 4.3.2 ), e.g . tho se that
prescribe ho w hazards sho uld be identified,
—
OH&S po licy (see 4.2 ),
—
mo nito ring data (see 4.5.1 ),
—
o ccupatio nal expo sure and health assessments,
—
reco rds o f incidents (see 3.9 ),
• © OHSAS Project Group 2008 – All rights reserved
OHSAS 18002:2008
—
repo rts fro m previo us audits, assessments o r reviews,
—
input fro m emplo yees and o ther interested parties (see 4.4.3 ),
—
info rmatio n fro m o ther manag ement systems (e.g . fo r quality
manag ement o r enviro nmental manag ement),
—
info rmatio n fro m emplo yee OH&S co nsultatio ns,
—
pro cess review and impro vement activities in the wo rkplace,
—
info rmatio n o n best practice and/o r typical hazards in similar
o rg anizatio ns,
—
repo rts o f incidents that have o ccurred in similar o rg anizatio ns,
—
info rmatio n o n the facilities, pro cesses and activities o f the
o rg anizatio n, including the fo llo wing :
•
wo rkplace desig n, traffic plans (e.g . pedestrian walkways,
vehicle ro uting ), si