Communicate selection decisions to each affected employee; and,
Select PPE that properly fits each affected employee. Note: Non‐mandatory Appendix B contains an example of procedures that would comply with the requirement for a hazard assessment.
The employer shall verify that the required workplace hazard assessment has been performed through a written certification that identifies the workplace evaluated; the person certifying that the evaluation has been performed; the date(s) of the hazard assessment; and, which identifies the document as a certification of hazard assessment.
An example of a PPE Hazard Assessment can be found in Chapter 5, Fundamental Risk Assessments.
2.4.2 1910.119, Process Safety Management Standard
As indicated earlier, OSHA 29 CFR 1910.119, Process Safety Management (PSM) of Highly Hazardous Chemicals is the most prominent standard containing requirements for risk assessment. The Process Safety Management standard was established in 1992 and requires process hazard analyses (PHAs) for regulated industrial processes containing 10 000 pounds or more of a hazardous chemical for the purpose of protecting the employees working in and around such processes. 1910.119(e) requires an initial process hazard analysis (PHA) be conducted and revalidated every five years with a follow‐up PHA. While this requirement is called a process hazard analysis, a PHA is similar to a risk assessment in that it identifies and analyzes the hazards and existing controls to determine if additional controls are needed.
The PHA must be conducted on a prioritized basis and consider the extent of the hazard, number of potentially affected people, age of the process, and operating history of the process. Some of the same risk assessment techniques mentioned in this book and various assessment standards are referenced by the OSHA PSM regulation including those below.
What‐If Analysis
Checklists Analysis
What‐If/Checklists Analysis
Hazard and Operability Study (HAZOP)
Failure Mode and Effects Analysis (FMEA)
Fault Tree Analysis (FTA)
The PHA must address the potential consequences of past incidents and the potential consequences of the failure of engineering and administrative controls. It must also consider human factors and include a qualitative evaluation of safety and health effects of the failure of controls on employees in the workplace. Other notable sections of the Process Safety Management standard include requirements for Pre‐Start‐up Safety Reviews (PSSR) and Management of Change (MOC) procedures.
The references to prioritization and consequences in the PSM regulation are consistent with a risk assessment. All of these PHA activities must be formal and documented. Further discussion can be found on PHAs in Chapter 7, What‐if Hazard Analysis.
2.4.3 Other OSHA Standards
Other OSHA standards require that a hazard or exposure determination be made, and that existing hazards are controlled. Examples include the 1910.146, Permit‐required Confined Space standard which requires an initial evaluation of the workplace to identify confined spaces and determine if they are “permit‐required” spaces, the identification and evaluation of hazards prior to entry into Permit spaces; and the 1910.1200, Hazard Communication standard which requires an inventory of hazardous chemicals and a hazard determination be made. Thus, risk assessments, while not specifically required, are a technique that should be used to comply with these requirements.
Also consider the OSHA General Duty Clause requirement that all employers must provide their employees a workplace that is free of recognized hazards. The General Duty Clause is intended to apply to all hazards that the employer should be aware of, but that are not covered by a specific OSHA regulation. A logical approach to this requirement is to perform hazard identification and analysis, and risk assessment. Again, risk assessment is not specifically required by the General Duty Clause, but a thorough risk assessment would enable employers to comply with this OSHA requirement.
It is the authors’ opinion, that the United States has fallen behind other parts of the world in the use of formal risk assessments, partially due to the fact that most OSHA standards do not include specific requirements to do so. However, there is a growing interest in the use of risk assessment taking shape in consensus standards, and industry practices.
2.5 Consensus Standards Requiring Risk Assessment
Even though compliance standards are not the current driving force for risk assessment, there is a movement toward formal risk assessments in several key consensus standards and technical reports. These include:
ANSI/ASSP Z10.0‐2019, Occupational Health and Safety Management Systems;
ANSI/ASSP/ISO 45001‐2018 Occupational Health and Safety Management Systems ‐ Requirements with Guidance for Use;
ANSI/ASSP Z590.3‐2011(R2016) Prevention through Design;
ANSI/ASSP/ISO 31000‐2018 Risk Management;
ANSI/ASSP/ISO 31010‐2019 Risk Management – Risk Assessment;
ANSI B11.0‐2020, Safety of Machinery;
ASSP TR‐31010‐2020 Technical Report: Risk Management – Techniques for Assessing Risk.
2.6 ANSI Z10.0
As the standard states, risk assessment is essential to an organization’s occupation health and safety management system. To begin, a clear understanding of occupational health and safety management systems (OHSMS) is necessary. The American National Standard, ANSI/ASSP Z10.0‐2019, Occupational Health and Safety Management Systems, defines such a systems as “a set of interrelated elements that establish and/or support occupational health and safety policy and objectives, and mechanisms to achieve those objectives in order to continually improve occupational health and safety.” In essence, it is a business system employed by the organization to effectively manage operational risks to enable the organization to achieve its business objectives.
The ANSI Z10 standard was originally approved and published in 2005, and recently revised in 2019. It is consistent with other OHSMS models. Z10 dedicates significant emphasis to risk assessment in sections 6.2 Assessment and Prioritization, 8.3 Risk Assessment, and Annex E8.3 Risk Assessment (informative). Requirements are identified by the word “shall,” while the recommended practices or explanatory notes are described by the word “should.” It requires an organization to establish a risk assessment process as part of an OHSMS.
In section 6.2 of ANSI Z10, it states that “the organizations shall establish a process to assess, prioritize and address its OHSMS issues on an ongoing basis …” The standard goes on to state that organization shall do this by “establishing priorities based on factors such as hazards identified, level of risk, potential for system improvements, fatal and serious injury and illness potential, standards, regulations, feasibility and potential positive and negative business consequences, and identifying causes and contributing factors related to system deficiencies and that lead to hazards and risks” (ANSI Z10.0 2019).
Section 8.3, Risk Assessment specifically states that an organization “shall establish and implement a risk assessment process(es) appropriate to the OHSMS issues identified in Section 8.2 to determine the level of risk and enable prioritization for appropriate actions” (ANSI Z10.0 2019). The standard outlines requirements