5.7.2 Management of Change
An increasingly important function in OH&S management is “management of change.” This concept is contained in all OHSMS approaches, and represents a significant advancement in OH&S management in recent decades. MOC addresses activities that require examining OH&S risks associated with new projects, processes or substances or when existing operations or processes are modified. Changes to an organization can disrupt established protections and controls which requires evaluation and active management not only of the end result but also the actions taken to get there. MOC also includes considerations related to human resources as well as organizational strategies. Industrial hygienists and OH&S professionals should consider MOC to be an important element of a comprehensive OS&H management system. The extent and complexity of a MOC process should be consistent with the potential risk of catastrophic failure of the new or modified process.
ISO 45001:2018 states (§8.1.3) that:
“…the organization shall establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance, including: new products, services and processes, or changes to existing products, services and processes (including – workplace locations and surroundings, work organization, working conditions; equipment, and work force); changes to legal requirements and other requirements; changes in knowledge or information about hazards and OH&S risks; developments in knowledge and technology” (63).
As well, the standard requires that a review is done of “the consequences of unintended changes, [and] taking action to mitigate any adverse effects, as necessary” (63).
5.7.3 Procurement
Procurement‐related requirements address the procurement of products and services “to ensure their conformity to” the OHSMS. Establishing, implementing, and maintaining process(es) to do this is required in ISO 45001:2018. This would include how the organization procures materials, such as chemicals and equipment, as well as people who perform activities that may, in some way, impact health and safety.
Related to contractors, ISO 45001:2018 (§8.1.4.2) states that:
“…the organization shall coordinate its procurement process(es) with its contractors, in order to identify hazards and to assess and control the OH&S risks arising from: the contractors' activities and operations that impact the organization; the organization's activities and operations that impact the contractors' workers; and, the contractors' activities and operations that impact other interested parties in the workplace” (65).
As well, the standard requires that contractors' conform with the organization's OHSMS requirements, and that the “procurement process(es) define and apply occupational health and safety criteria for the selection of contractors.” Annex A (§8.1.4.2) helpful guidance on contractor and OHSMS coordination (64).
In addition, the standard contains requirements for outsourcing activities, and defines “outsource” (verb) as to “make an arrangement where an external organization (3.1) performs part of an organization's function or process” (40). A note to this definition states that the “external organization is outside the scope of the management system (3.10), although the outsourced function or process is within the scope” (40). Relating to outsourcing, the standard states that (§8.1.4.3):
“…the organization shall ensure that outsourced functions and processes are controlled, [and that] the organization shall ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended outcomes of the OH&S management system. The type and degree of control to be applied to these functions and processes shall be defined within the OH&S management system” (65).
In practice, this means evaluation of the capabilities of the company that will perform the outsourced work that can impact the intended outcomes of your organization's OHSMS. The evaluation should conclude that they can perform the required work in a legal and safe manner.
5.7.4 Emergency Preparedness and Response
Being prepared for, and responding to emergencies is an historic component of IH/OH&S management. All OHSMS approaches address this, and contain guidance and requirements related to it. ISO 45001:2018 requires (§8.2) that “the organization shall establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 [hazard identification]” (65). This includes the following:
1 “establishing a planned response to emergency situations, including the provision of first aid;
2 providing training for the planned response;
3 periodically testing and exercising the planned response capability;
4 evaluating performance and, as necessary, revising the planned response, including after testing and, in particular, after the occurrence of emergency situations;
5 communicating and providing relevant information to all workers on their duties and responsibilities;
6 communicating relevant information to contractors, visitors, emergency response services, government authorities and, as appropriate, the local community;
7 taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response” (65).
As well, the standard requires that “documented information on the process(es) and on the plans for responding to potential emergency situations” (65) be maintained and retained.
5.8 Performance Evaluation (§9)
Many requirements in this ISO 45001:2018 section (§9) are familiar to industrial hygienist and OH&S professionals and are aligned with earlier generation OHSMSs. In addition to addressing general monitoring, measurement, analysis, and performance evaluation (§9.1) issues, this section contains requirements related to: the evaluation of compliance (§9.1.2), internal auditing (§9.2), and management review (§9.3).
5.8.1 Monitoring, Measurement, Analysis, and Performance Evaluation
ISO 45001:2018 outlines a general requirement that (§9.1.1) “the organization shall establish, implement, and maintain a process(es) for monitoring, measurement, analysis and performance evaluation” (65). To do this, the organization needs to determine what needs to be monitored and measured in order to evaluate OH&S and OHSMS performance, and the extent to which this is impacted, or dictated by legal and other requirements; activities and operations related to identified hazards, risks, and opportunities; progress toward achievement of the organization's OH&S objectives; and effectiveness of operational and other controls (65).
Included in these requirements is ensuring “that monitoring and measuring equipment is calibrated or verified as applicable, and is used and maintained as appropriate” (66).
5.8.2 Evaluation of Compliance
Evaluation of compliance to governmental regulation is a common activity in IH/OH&S management. ISO 45001:2018 provides guidance and requirements related to this. The standard states (§9.1.2) that “the organization shall establish, implement and maintain a process(es) for evaluating compliance with legal requirements and other requirements” (66). And that it “shall determine the frequency and method(s) for the evaluation of compliance; evaluate compliance and take action if needed; maintain knowledge and understanding of its compliance status with legal requirements and other requirements; and, retain documented information of the compliance evaluation result(s)” (66).