CONTENTS



OHSAS Project GroupImplementation Guidance for migrating from OHSAS 18001:2007 to ISO 45001:2018CONTENTS INTRODUCTION2.0 BACKGROUND ON ISO 45001 DEVELOPMENT PROCESS 3.0 USER GROUPS4.0IMPLEMENTATION GUIDANCE4.1 GENERIC GUIDANCE4.2 SPECIFIC GUIDANCE TO USER GROUPS5.0FREQUENTLY ASKED QUESTIONS 6.0AUTHENTICITY OF INFORMATION REGARDING ISO 45001 1. INTRODUCTIONThis Implementation Guidance has been developed to assist users in understanding the issues that need to be considered when moving towards using ISO 45001.A wide diffusion of this implementation guidance is recommended, in particular the comparison tables between OHSAS 18001:2007 and ISO 45001:2018. These show the correspondence between the clauses of the standards and can be found in Annex A at the end of this paper.The development of ISO 45001 introduces a new 10 clause structure, several new requirements and new terms. Users will need to plan how to incorporate these changes into their occupational health and safety management system (OHSMS).Additional information and guidance from ISO and its Project Committee 283 (ISO/PC 283) on ISO 45001 can be found on its web site at: 2. BACKGROUND TO THE ISO 45001 DEVELOPMENT PROCESS Prior to the development of a management system standard in ISO, a “Justification Study” is prepared to present a case for the proposed project. In relation to the development of ISO 45001 user needs were identified from the following:The demands from users for the requirements of management system standards to be better aligned, to enable “integration” into their organization’s management systems. This led to the development by ISO of a “High Level Structure” (often referred to as “Annex SL”) which provides a common clause sequence (structure), text, terms and definitions for its management system standards. This “High Level Structure” has been applied during the development of ISO 45001. The OHSAS Project Group’s 2011 Survey of standards and certificates, which showed there are now more than 90000 certificates issued in 127 countries and the need for an ISO International Standard for this discipline. The Justification Study identified that ISO 45001 would need to:enable organizations to provide safe and healthy working environmentsbe generic and relevant to all types and sizes of organizations, operating in any sector, and be able to accommodate diverse geographical, cultural and social conditions.be capable of being applied to the widest possible range of organizations with varying degrees of maturity of their OHSMSspecify the essential components of an OHSMS enable organizations to demonstrate conformity to the requirementsenable organizations to identity, assess and control their OH&S risks and improve their OH&S performancealign with other management system standards (in particular ISO 14001 for environmental management systems).The expected benefits identified for ISO 45001:2018 include:Provides clarity on OHSMS issuesEnhanced leadership involvement and worker participation in the OHSMS Risk-based thinking for the OHSMS, as well as for OH&S risksAlignment of the OH&S policy and objectives with the strategic direction of the organizationIntegration of the OHSMS into the business processes of the organizationSimplified language, common structure and terms3. USER GROUPS3.1 Individual organizations using OHSAS 18001a) Current Users of OHSAS 18001This user group is defined as having completed, or being in the process of, implementing OHSAS 18001, regardless of whether they are certified or not, or whether they intend to be certified or not. b) New Users A New User is defined as an organisation that is either beginning to use OHSAS 18001 or ISO 45001:2018 for the first time, or is a potential user of the standards in the future.3.2 Other user groups These are defined as being:a) National Standards Bodies (NSBs)b) Accreditation Bodies (ABs)c) Certification/Registration Bodies (CB/RBs)d) Trainers and Consultantse) Legislative or Regulatory Bodies4. IMPLEMENTATION GUIDANCE4.1 Generic guidanceAll users groups are strongly advised to note the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to ISO 45001:2018 from OHSAS 18001:2007? (see: ) for implementation of accredited certification to ISO 45001:2018, which details the agreed implementation plan for accredited certification, as follows:Accredited certification to ISO 45001:2018 shall not be granted until the publication of ISO 45001:2018 as an International Standard. Accredited certification of conformity to ISO 45001:2018 and/or national equivalents shall only be issued after the official publication of ISO 45001:2018 (currently targeted for 1st quarter of 2018), by an accredited certification body, and after a certification audit against ISO 45001:2018. Validity of certifications to OHSAS 18001:2007 OHSAS 18001:2007 certifications will not be valid after three years from publication of ISO 45001:2018. The expiry date of certifications to OHSAS 18001:2007 issued during the migration period needs to correspond to the end of the three year migration period.TimelineDec 2017 / Jan 2018Mar 2018Mar 20213 year migration periodOHSAS 18001:2007ISO45001:2018FDIS ballotPublication ofInternational StandardNational Standards BodiesTranslationRelease of national standardAccreditation BodiesAccreditation update transitionAccreditationCertification BodiesCertification update transitionISO 45001:2018 certificationTrainersAuditor UpgradeCertification update transitionCertified OrganizationsCertification update transitionKeyPreparationCommencement/ continuationEndFigure 1 - Implementation timetable for ISO 45001:2018, for all user groups To benefit from the changes introduced into ISO 45001:2018, users (from all user groups) should note the recommendations given below. Recommendations for specific user groups are given in section 4.2 further down. To get acquainted with the new edition of the standard use the following resources:Guidance available at The correspondence matrices between OHSAS 18001:2008 and ISO 45001:2018, which provides a before and after view of the clauses (see Annex A below)Determine the impact of the changes of the new version on your current use of OHSAS 18001 and plan any necessary remedial actions. Use the Plan-Do-Check-Act (PDCA) methodology to manage the implementation. Note that the actions may need to vary according to your user group (see 4.2 below).4.2Guidance for specific user groups These recommendations complement the generic guidance to all user groups given in section 3.0 above.4.2.1Organizations using OHSAS 18001:2007 a) Current usersOrganisations that are already certified to OHSAS 18001:2007 should contact their certification/registration bodies (CB/RB) to agree a program for analysing the clarifications in ISO 45001:2018 in relation to their individual OHSMS and for upgrading their certificates.Certified organizations should bear in mind that OHSAS 18001:2007 certificates have the same status as new ISO 45001:2018 certificates during the co-existence anizations in the process of certification to OHSAS 18001:2008 should change to using ISO 45001:2018 and apply for certification to it (however, if your organization is nearing completion of its certification process, then it may be preferable for your organization to complete its certification to OHSAS 18001, and then look at converting to using ISO 45001).b) New usersNew users should start by using ISO 45001:2018.Note: Unaccredited certifications do not have the same status as accredited certifications, and organizations with unaccredited OHSAS 18001 certifications may require additional audit time in order to achieve accredited certification to ISO 45001.4.2.2National Standards Bodies Information regarding ISO 45001 should be communicated to potential users by the national standards bodies (NSBs), in a timely manner. It is recommended that NSB actions be synchronized with the information flows from ISO, ISO/PC 283, the OHSAS Project Group and the IAF.NSBs may find they are responsible, at a national level, for communicating the issues regarding the changes from OHSAS 18001:2007 to ISO 45001 to all interested parties. It is recommended that they coordinate their communications regarding these issues with other local interested parties (for example: ABs, CB/RBs, professional OH&S associations, etc.).Translation Issues – Where NSBs need to provide translations of the standard into their own national languages, it is recommended that they start this as early as possible. NSBs encountering any interpretation problems in the preparation of their translations of ISO 45001 should contact the ISO/PC 283 Secretariat for assistance.4.2.3Accreditation BodiesABs should refer to the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to ISO 45001:2018 from OHSAS 18001:2007 for the implementation of accredited certification to ISO 45001:2018 (see 4.1 above).AB’s should be reminded that they can only grant accreditation for certification to ISO 45001:2018 after the official publication of the standard.AB’s should train their assessors and verify their competence to assess CB’s providing ISO 45001:2018 certifications.4.2.4Certification BodiesCBs should refer to the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to ISO 45001:2018 from OHSAS 18001:2007 for the implementation of accredited certification to ISO 45001:2018 (see 4.1 above).CBs should remember that certificates of conformity to ISO 45001:2018 and/or its national equivalent adoptions can only be issued after the official publication of the standard.Prior to allowing their auditors to conduct audits against ISO 45001, it is important that accredited certification bodies ensure that their auditors are aware of:the changes introduced in ISO 45001:2018 compared to OHSAS 18001, and their implicationsthe requirements of ISO/IEC TS 17021-10 Conformity assessment -- Requirements for bodies providing audit and certification of management systems -- Part 10: Competence requirements for auditing and certification of occupational health and safety management systems (The TS is due to be published concurrently with ISO 45001)It is also important that other CB personnel (for example, those making certification decisions) are aware of the changes in ISO 45001:2018 compared to OHSAS 18001, and their implications.4.2.5Training Bodies and ConsultantsAll trainers and consultants should be aware of the changes introduced by ISO 45001:2018. All training bodies and consultants are recommended to determine the need for updating training programs and documentation, or any other changes necessary, to the services they provide. 4.2.6Legislative or Regulatory BodiesWhere legislative or regulatory bodies have referenced or adopted OHSAS 18001 in their legislation or regulations or other communications, they should review ISO 45001 to determine if it is acceptable as an alternative. In the longer term, the legislation/regulations/ communications may need to be updated to reference or adopt ISO 45001. Until such updating occurs, it is recommended that the legislative or regulatory bodies should issue a communique to advise that they will accept ISO 45001 in place of OHSAS 18001.5.0FREQUENTLY ASKED QUESTIONS While this Implementation Guidance provides recommendations on a number of issues facing the different user groups during the co-existence period, it does not address more general questions about ISO 45001. Instead ISO/PC 283 is preparing a set of frequently asked questions (FAQs) to provide such advice. It is expected that the FAQs will be updated on a more regular basis than this Implementation Guidance. For the latest version of the FAQs, reference should be made to the open access web site at 6.0AUTHENTICITY OF INFORMATION REGARDING ISO 45001:2018The first point of contact for information regarding the requirements of ISO 45001:2018 should be your National Standards Body (for a listing of ISO’s member National Standards Bodies, see members.htm). Other recommended sources of information are:ISO’s web site provides general information regarding the ISO 45001:2018 development programme (as well as details of its member National Standards Bodies). ISO has a microsite dedicated to ISO 45001 at: The ISO/PC 283 web site, , provides detailed information on the ISO 45001 development programme and is updated on a regular basis.Annex ACorrespondence between OHSAS 18001:2007 and ISO 45001 Users should note that there will not be full correspondence between the requirements of the two standards on an equivalent topic, and that the following tables are an approximation only.Table A.1 - Correspondence between ISO 45001 and OHSAS 18001:2007ISO?45001OHSAS 18001:2007Context of the organization (title only)4-New requirement[see also 4.6 h) in Management review]Understanding the organization and its context4.1-New requirement[see also 4.6 h) in Management review]Understanding the needs and expectations of workers and other interested parties4.24.4.3.2Participation and consultation (in part)[see also 4.6 b) and c) in Management review]Determining the scope of the OH&S management system4.34.1General requirements (in part)OH&S management system4.444.1Management systemGeneral requirementsLeadership and worker participation (title only)54.4.3Communication, participation and consultation (title only)Leadership and commitment5.14.4.1Resources, roles, responsibility, accountability and authorityOH&S Policy5.24.2OH&S policyOrganizational roles, responsibilities and authorities5.34.4.1Resources, roles, responsibility, accountability and authorityConsultation and participation of workers 5.44.4.3.2Participation and consultationPlanning (title only)64.3Planning (title only)Actions to address risks and opportunities (title only)6.14.14.3.1General requirementsHazard identification, risk assessment and determining controlsGeneral6.1.14.4.6Operational ControlHazard identification and assessment of risks and opportunities (title only)6.1.24.3.1Hazard identification, risk assessment anddetermining controlsHazard identification6.1.2.14.3.1Hazard identification, risk assessment anddetermining controlsAssessment of OH&S risks and other risks to the OH&S management system6.1.2.24.3.1Hazard identification, risk assessment anddetermining controlsIdentification of OH&S opportunities and other opportunities to the OH&S management system6.1.2.3-New RequirementDetermination of legal requirements and other requirements6.1.34.3.2Legal and other requirementsPlanning action6.1.44.4.6Operational ControlOH&S objectives and planning to achieve them (title only)6.24.3.3Objectives and programme(s)OH&S objectives6.2.14.3.3Objectives and programme(s)Planning to achieve OH&S objectives6.2.24.3.3Objectives and programme(s)Support (title only)74.4Implementation and operation (title only)Resources7.14.4.1Resources, roles, responsibility, accountability and authorityCompetence7.24.4.2Competence, training and awarenessAwareness7.34.4.2Competence, training and awarenessCommunication 7.44.4.3.1CommunicationGeneral7.4.14.4.3.1CommunicationInternal communication7.4.24.4.3.1CommunicationExternal communication7.4.34.4.3.1CommunicationDocumented information (title only)7.54.4.44.5.4DocumentationControl of recordsGeneral7.5.14.4.44.5.4DocumentationControl of recordsCreating and updating7.5.24.4.54.5.4Control of documentsControl of recordsControl of documented information7.5.34.4.54.5.4Control of documentsControl of recordsOperation (title only)84.4Implementation and operation (title only)Operational planning and control (title only)8.14.4.6Operational controlGeneral8.1.14.4.6Operational controlEliminating hazards and reducing OH&S risks8.1.24.3.14.4.6Hazard identification, risk assessment anddetermining controlsOperational controlManagement of change8.1.34.3.14.4.6Hazard identification, risk assessment anddetermining controlsOperational controlProcurement (title only)8.1.44.4.6Operational controlGeneral8.1.4.14.4.6Operational controlContractors8.1.4.24.3.14.4.3.14.4.3.24.4.6Hazard identification, risk assessment anddetermining controlsCommunicationParticipation and consultationOperational controlOutsourcing8.1.4.34.3.24.4.3.14.4.6Legal and other requirementsCommunicationOperational controlEmergency preparedness and response8.24.4.7Emergency preparedness and responsePerformance evaluation (title only)94.5Checking (title only)Monitoring, measurement, analysis and performance evaluation (title only)9.14.5.1Performance measurement and monitoring General9.1.14.5.1Performance measurement and monitoringEvaluation of compliance9.1.24.5.2Evaluation of complianceInternal audit (title only)9.24.5.5Internal auditGeneral9.2.14.5.5Internal auditInternal audit programme9.2.24.5.5Internal auditManagement review9.34.6Management reviewImprovement (title only)104.6Management reviewGeneral10.14.6Management reviewIncident, nonconformity and corrective action10.24.5.34.5.3.14.5.3.2Incident investigation, nonconformity, corrective action and preventive action (title only)Incident investigationNonconformity, corrective action and preventive actionContinual improvement 10.34.24.3.34.6OH&S PolicyObjectives and programme(s)Management reviewTable A.2 - Correspondence between OHSAS 18001:2007 and ISO 45001 OHSAS 18001:2007ISO?45001Management system44.4OH&S management systemGeneral requirements 4.14.34.4Determining the scope of the OH&S management system OH&S management system OH&S policy4.25.210.3OH&S Policy Continual improvementPlanning (title only)4.36Planning (title only)Hazard identification, risk assessment and determining controls4.3.16.16.1.26.1.2.16.1.2.28.1.28.1.38.1.4.2Actions to address risks and opportunities (title only)Hazard identification and assessment of risks and opportunities (title only)Hazard identificationAssessment of OH&S risks and other risks to the OH&S management system Eliminating hazards and reducing OH&S risks Management of change ContractorsLegal and other requirements4.3.26.1.38.1.4.3Determination of legal requirements and other requirements OutsourcingObjectives and programme(s)4.3.36.26.2.16.2.210.3OH&S objectives and planning to achieve them (title only) OH&S objectives Planning to achieve OH&S objectivesContinual improvementImplementation and operation (title only)4.478Support (title only) Operation (title only)Resources, roles, responsibility, accountability and authority4.4.15.15.37.1Leadership and commitment Organizational roles, responsibilities and authorities ResourcesCompetence, training and awareness4.4.27.27.3CompetenceAwarenessCommunication, participation and consultation (title only)4.4.35Leadership and worker participation (title only)Communication4.4.3.17.47.4.17.4.27.4.38.1.4.28.1.4.3Communication GeneralInternal communicationExternal communicationContractorsOutsourcingParticipation and consultation4.4.3.24.25.48.1.4.2Understanding the needs and expectations of workers and other interested partiesConsultation and participation of workers ContractorsDocumentation4.4.47.57.5.1Documented information (title only)GeneralControl of documents4.4.57.5.27.5.3Creating and updating Control of documented informationOperational Control4.4.66.1.16.1.48.18.1.18.1.28.1.38.1.48.1.4.18.1.4.28.1.4.3GeneralPlanning actionOperational planning and control (title only)GeneralEliminating hazards and reducing OH&S risksManagement of changeProcurement (title only)GeneralContractorsOutsourcingEmergency preparedness and response4.4.78.2Emergency preparedness and responseChecking (title only)4.59Performance evaluation (title only)Performance measurement and monitoring 4.5.19.19.1.1Monitoring, measurement, analysis and performance evaluation (title only)GeneralEvaluation of compliance4.5.29.1.2Evaluation of complianceIncident investigation, nonconformity, corrective action and preventive action (title only)4.5.310.2Incident, nonconformity and corrective actionIncident investigation4.5.3.110.2Incident, nonconformity and corrective actionNonconformity, corrective action and preventive action4.5.3.210.2Incident, nonconformity and corrective actionControl of records4.5.47.57.5.17.5.27.5.3Documented information (title only)GeneralCreating and updatingControl of documented informationInternal audit4.5.59.29.2.19.2.2Internal audit (title only)GeneralInternal audit programmeManagement review4.644.14.29.31010.110.3Context of the organization (title only)Understanding the organization and its contextUnderstanding the needs and expectations of workers and other interested partiesManagement reviewImprovement (title only)GeneralContinual improvement ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download