You are on page 1of 32

Systems in focus

Guidance on occupational safety

and health management systems Information guide

IOSH publishes a range of Systems in focus guidance on If you have any comments or questions
occupational safety and health about this guide please contact
free technical guidance. Our management systems Research and Information Services at
guidance literature is designed The aim of this guide is to provide IOSH:
occupational safety and health (OSH) - t +44 (0)116 257 3100
to support and inform practitioners, managers, educators -
members and motivate and and others with a basic understanding
of the role and development of OSH PDF versions of this and other guides
influence health and safety management systems. Starting with a are available at
stakeholders. brief introduction to the subject, the freeguides.
guide contains:
- general structure main Our materials are reviewed at least
components, history, links with once every three years. This document
international regulatory regimes and was last reviewed and revised in
integrated systems May 2015.
- detailed structure key elements of
effective systems
- discussion advantages and
disadvantages, certification and
getting started.

The guide also has reference and

further reading sections.

1 Introduction 02
2 The main components of OSH management systems 03
3 Typical systems an overview 05
4 Regulatory and industry standards
some global perspectives 08
5 Should management systems be integrated? 09
6 The key features of an effective OSHMS 10
7 Advantages and disadvantages of OSHMSs 18
8 OSHMS certification 21
9 How to get started 22

References 24
Further reading 25
Appendix: List of abbreviations 27
Acknowledgments 28

List of figures
1 PlanDoCheckAct diagram 03
2 Flowchart based on HSG65 05
3 Flowchart based on OHSAS 18001 06
4 Flowchart based on ILO guidelines 07
5 OSHMS stakeholders 13
6 Process for developing an OSHMS 23

List of tables
1 Typical changes faced by an organisation 10
2 Advantages and disadvantages of internal audit 16
3 Advantages and disadvantages of external audit 16
4 OSHMS comparison table 22
1 Introduction

Guidance context IOSHs position OSHMSs an overview

Changes in work IOSH recognises that work-related The main components of an OSHMS
Developed countries are experiencing accidents and ill health can be prevented include both policy a mission
a shift of balance from manufacturing and wellbeing at work can be improved statement for health and safety that
to service industries, new technologies, if organisations manage health and provides a mechanism for management
globalisation, flexible work practices safety competently and apply the same control and accountability and
and an ageing workforce. Meanwhile, or better standards as they do to other arrangements for implementation,
many developing countries are shifting core business activities. We believe that monitoring (including audit) and
from rural to industrial and service the formal OSHMSs mentioned in this continual improvement. Formalising
activities. Both scenarios present guidance, and others based on similar these arrangements removes the
changing work patterns and associated principles, provide a useful approach to potential arbitrariness of processes
hazards. The multitude of work- achieving these goals. developed by a few individuals and
related risks requires a systematic helps to support a management culture
approach to occupational safety and Guidance that can involve the whole workforce.
health (OSH) management, and some This document helps professional
of the principal management tools health and safety advisers to explore OSHMSs have developed through
are occupational safety and health what OSHMSs can offer their own national and international co-operation.
management systems (OSHMSs). organisations and those that they Some were boosted by legal
advise. It has three specific aims: developments such as the European
Management system developments - to support improvements in Union (EU) Framework Directive,1 while
Organisations are being encouraged effective health and safety others were created in response to
to adopt formal management systems management industrial sector needs (eg Responsible
through their supply chains, and to a - to help organisations that want to care2 in the chemical industry). With
lesser extent through legal pressures. introduce formal OSHMSs the publication of International Labour
Current systems include both generic - to encourage IOSH members to play Organization (ILO) guidelines3 in 2001,
approaches and sector-specific a full part in these developments the international dimension came
arrangements developed by trade and in continually improving fully into focus. Today, the leading
bodies. The continued development and existing systems. international standard is OHSAS 18001.4
wider use of formal systems seems to be
inevitable, particularly where corporate Structure of guidance This guidance is divided into three
governance issues have a high priority. Adopting and implementing an broad parts. Sections 25 cover the
OSHMS, and integrating it with other general structure of OSHMSs, including
Common features management systems, requires careful their history, links with international
Formal systems have at their core the planning and management. This regulatory regimes and the issues
elements of plan, do, check and act guidance outlines the basis of these involved in integrating them with
(PDCA) embodying the principle of systems, discusses some of their benefits other management systems and with
continual improvement. Although there and pitfalls, offers practical suggestions business risk management. The detailed
are potential disadvantages to formal and explains how to implement and structure of an OSHMS and the key
systems, such as increased paperwork, develop an effective OSHMS. issues involved in implementing it are
the benefits of developing arrangements covered in section 6. Sections 79
that fully meet your organisations needs provide information on the advantages
make them worthwhile when theyre and disadvantages of OSHMSs, the
properly implemented. issue of third-party certification, and
how to get started. The appendix
contains a list of the main abbreviations
used in this guidance.

2 The main components of OSH management systems

Whatever management model you use, organisation should set long term - Implementing and operating
its likely to be based on the principle OSH objectives and plan targets and putting management processes and
of plan, do, check and act (PDCA actions to achieve them. plans in place and carrying out the
also known as the Deming cycle). - Organising a definition of the activities from risk assessment to
organisational structure, allocation audit in other words, putting the
Numerous types of management system of OSH responsibilities to employees OSHMS into practice.
are based upon this principle, notably linked to operational controls, and - Measuring performance from
health and safety (OHSAS 18001), ways of ensuring competence, reactive data on the rates of work-
quality management (the ISO 9000 training and consultation. related injuries, ill health, near
series) and environmental management - Workers representatives* a misses (sometimes referred to as
(the ISO 14000 series). You can gain crucial resource that can make near hits) and other incidents, to
significant benefits by integrating your a valuable contribution to the active data on routine inspections,
organisations approach to these areas organisations overall response to health and safety committee
in other words, by adopting a holistic risk and opportunities. activities, training, risk assessments
approach (see page 09). - Communicating from basic and so on (see IOSHs guidance on
information and work procedures to reporting performance5). Formal
Effective OSHMSs include the following the details of the system itself, from audits should evaluate the overall
elements: managers to workers and vice versa. performance of the system.
- Policy a statement of commitment - Consulting whatever the flow - Corrective and preventive
and vision by the organisation, of information, you need an actions a fundamental OSHMS
which creates a framework for effective way of tapping into the component is a systematic approach
accountability that is adopted and fund of knowledge and expertise to identifying opportunities for
led by senior management. held by your workforce, clients, preventing accidents and ill health,
- Planning a plan for identifying suppliers and other stakeholders including those that stem from
hazards, assessing and controlling (eg regulators, trade unions and investigating work-related injuries,
risks, and preparing for and neighbours). Involving all these ill health and incidents. Various
responding to emergencies, as groups will also help you to shape techniques are used to identify and
well as identifying legal and your risk management programme. correct weaknesses in the system
other standards that apply. The and to find ways of preventing
failures and harm.

- Policy
Plan - Planning
- Hazard identification and risk assessment

Do - Implementation and operation

- Performance assessment
Check > (active and reactive)

Act - Review and continual improvement

Figure 1: PlanDoCheckAct diagram

* Weve used workers representatives in this guidance to mean any workers safety representatives, regardless of whether theyre appointed by
a trade union or chosen in some other way.

- Management review an
evaluation of how appropriate the
overall design and resourcing of the
system are, as well as its objectives
in the light of the performance
achieved. This includes making
sure that compliance with relevant
legal and other requirements is
periodically checked.
- Continual improvement at
the heart of the system is a
fundamental commitment to
manage health and safety risks
proactively, so that accidents and ill
health are reduced (effectiveness)
and/or the system achieves the
desired aims by using fewer
resources (efficiency).

3 Typical systems an overview

Many OSHMSs have been published Its based on the traditional PDCA current edition of HSG65.6 This edition
over the past 25 years. Some reflect principle, where the organisations plans contains information on managing
the interests of the sponsoring reflect the policy document and the change and more advice on consultation,
bodies. For example, the American implementation phase is dominated communication and continual
Industrial Hygiene Association system by risk assessment and application of improvement. HSG65 retains the
places the industrial (occupational) controls. Checking includes a mixture of special status of a management system
hygienist at centre stage as the crucial performance monitoring, auditing and developed by a regulatory agency, and
competent person. Others, such as corrective action. its familiar to many UK-based managers
the International Safety Rating System, and OSH practitioners, particularly in
were developed so that commercial The guidance intentionally reflected larger organisations.
organisations could offer third party contemporary management processes
certification. Three generic OSHMSs and encouraged readers to harness OHSAS 18001
reflect this history and illustrate the them for health and safety programmes. OHSAS 180014 grew from a desire to
different emphases of current systems. However, at that time, the HSE was create a system capable of assessment
under pressure to restrict its activities and certification, as a follow-on from
HSG65* to supporting and enforcing legal BS 8800 (now revised and reissued as
The UK Health and Safety Executive (HSE) compliance. This led to a system BS 18004:20087).
published Successful health and safety in which legal compliance became
management (HS(G)65) in 1991. This was embedded in organisational policy HS(G)65 covered the implementation
characterised by five key elements: and, once achieved, the aim was of an OSH policy, and implied that this
- policy largely to maintain the status quo. This would be quite straightforward once
- organising compared unfavourably with systems the policy had been adopted. OHSAS
- planning and implementation that unambiguously focus on continual 18001, on the other hand, more fully
- measuring performance improvement, a fundamental weakness reflects the problems of changing an
- audit and review. that was addressed in the second and organisation. Building on established

Policy Control link

Information link


Planning and


Auditing Reviewing

Figure 2: Flowchart based on HSG65

* HSG65 is currently (May 2011) under revision see for more information.

environmental management systems in authoritative and its 2001 Guidelines
particular, OHSAS 18001 recognises the on occupational safety and health
importance of planning and managing management systems3 established
the changes that are likely to be an international model, following a
needed as an OSHMS is introduced. detailed review of over 20 management
systems worldwide. It reflects the
ILO OSHMS guidelines globalisation of organisations and the
The ILO is a tripartite United Nations increase in outsourcing and partnering
agency that influences the development these changes demonstrate how
of labour laws across the globe. systems need to evolve continually to
Its publications and guidance are reflect new business practices.


and operation

Checking and
corrective action


Figure 3: Flowchart based on OHSAS 18001

Policy Continual

Planning and


Action for

Figure 4: Flowchart based on ILO guidelines

4 Regulatory and industry standards
some global perspectives

A key factor in implementing a process (although many would argue Looking ahead
formal OSHMS is consideration of that in the EU theres still a strong There is increasing international
the legal framework that creates drive towards embedding detailed certification to OHSAS 18001 and an
the operational context. In the EU, prescriptive requirements in Directives). increasing trend towards integrating
Australia and offshore regimes Developing management systems is PDCA management systems. The
generally, regulation of major hazard another step along the same road. The OHSAS Project Group surveys have
industries via a safety case approach structure of a lot of national legislation found that between 2003 and 2007,
is accompanied by an emphasis on reflects this. In the UK, for example, the number of countries where
effective management systems to the Management of Health and Safety OSHMS certification occurs has grown
complement and reinforce required at Work Regulations 19999 require from 70 to 102 and the number of
high standards of technical safety. demonstrable management of OSH. In reported OHSAS 18001 (or equivalent)
Also, the International Maritime Canada, due diligence defences have certificates from 3,898 to 31,512.
Organization (IMO) now requires most been successfully used by defendants These trends are driven by factors
categories of international shipping with a formal OSHMS. In Norway such as the increasingly international
to use the International Safety since 1991, its been mandatory for nature of business and supply chain
Management (ISM) Code,8 an OSHMS organisations to establish internal requirements in general, supported
for marine operations. control systems to make sure that by increasing recognition by enforcers
health and safety activities, including that management systems when
Some countries, particularly in the internal and external audit, are run properly can help to deliver
Pacific Rim, require organisations legally compliant, and to document improved legal compliance and OSH
to adopt OSHMSs with third-party them. Similarly, Swedish law performance. In addition, the designers
auditing by government-approved requires systematic internal control of management systems themselves
auditors. In others, there have been of OSH. In India, following the are paying increasing attention to
moves to link internal OSHMS status Bhopal disaster, legislation in 1988 supply chains and dealing with OSH
with the enforcement inspection prescribed systematic management issues associated with products, not
regime. For example, under the to prevent such events. The Chinese just with operations.
Voluntary Protection Program in government has adopted the ILOs
the United States, organisations OSHMS guidelines and has used them
with systems approved through an to develop a certification framework.
extensive audit may be exempted Australia and New Zealand have a well-
from normal Occupational Safety developed national OSHMS standard,10
and Health Administration (OSHA) but no plans to make its adoption
inspections. Proponents of this mandatory. These are all examples of
system claim that it allows employers the extension of self-regulation.
to concentrate on systems of work Some management systems have
rather than individual deficiencies been developed to meet the needs of
(hazards and risks), but theres specific sectors. For example:
considerable debate over the merits or - the chemical industry has developed
shortcomings of this approach. Responsible care
- the shipping industry uses the
Theres also been a general IMOs ISM Code
worldwide movement away from - oil and gas producers have
prescriptive regulations which published comprehensive, global
have the advantage that employers guidelines for a health, safety
are told explicitly what they have and environmental system for
to do to process requirements, exploration and production
with risk assessment as the key activities.11

5 Should management systems be integrated?

IOSHs guidance, Joined-up working The requirement for corporate The process of integration presents
an introduction to integrated accountability based on a BRM distinct challenges to organisations.
management systems12 covers: approach is highlighted both globally Those that are most likely to
- the case in favour of integrating by the Organisation for Economic integrate their systems successfully
management systems Co-operation and Development and will already use multiple channels of
- arguments for retaining largely in the so-called Turnbull Report,14 communication founded on trust,
independent systems which requires companies listed on the respect for the expertise of co-workers,
- organisational prerequisites for UK stock market to identify, assess, and experience of and confidence in
integration record and manage their significant managing change.
- factors that should be considered risks in a suitable manner. There must
when introducing an integrated be systems for regularly reviewing However, while many of the generic
management system (IMS) these risks and adjusting their controls, elements of an IMS can be set up
- maintaining and developing an IMS. together with statements in company by non-specialists, its vital that risk
annual reports that confirm the assessment processes are supported by
IOSHs view is that an effective IMS effectiveness of these systems. people who are fully competent in the
should be the preferred option for specific areas covered by the integrated
many, but not all. A well-planned IMS Hence, the management of OSH, system (quality, environment, health
should be more efficient and capable environmental or quality risks should and safety, and so on). This is
of taking the best decisions in the face not be treated in isolation, because of necessary both to avoid overlooking
of various factors and uncertainties. the impact that poor risk management hazards and to make sure that controls
can have on brand, reputation, intended to minimise risks reflect
An integrated approach is also business continuity and financial current good practice.
expected in business risk management wellbeing. This is the fundamental
(BRM), which is defined in IOSH reason why most organisations An IMS encompassing OSH,
guidance13 as the eradication or integrate their OSHMS with the environmental and quality risks can
minimisation of the adverse effects systems used to manage environmental be a major step in the direction of
of pure and speculative risks to and/or quality risks. Integration allows continual improvement. This drive for
which an organisation is exposed. risks to be prioritised overall, so that continual improvement in all areas of
Such risk includes health and safety, resources can be allocated to achieve BRM including OSHMSs can be
environmental and quality failures. maximum risk reduction and benefit. In further enhanced by setting targets,
non-integrated systems, on the other establishing proactive key performance
hand, resources are allocated to each indicators and using performance
risk area in isolation, and the resources appraisals to formalise responsibilities
allocated to each may not reflect that for all directors, managers and
risk areas overall significance. supervisors who contribute to the
achievement of the organisations goals,
vision and mission. An effective IMS
greatly enhances OSH management and
leads to continual improvement in the
level of performance.

6 The key features of an effective OSHMS

This section covers four essential explains why discussion about the need - improvements in the system itself,
elements of an OSHMS: for an OSHMS often starts from the so that its more comprehensive,
- continual improvement (and how to continual pressure to reduce accidents, easier to understand, or in other
achieve it) incidents and ill health. respects better than before.
- system activities (high-level objectives
and detailed OSHMS activities) With continual improvement built Reporting up?
- stakeholder involvement (internal into an OSHMS, opportunities to When launching a more systematic
and external) improve effectiveness and efficiency approach to health and safety, one
- auditing and verification (good are systematically identified and action improvement will be in reporting
practices in OSH auditing and is taken. Often this can be done at low rates, ie staff and managers will
auditor competence). cost as part of the preparation for, or declare a higher proportion of
response to, other required changes. accidents and incidents. This leads to
A good system? an apparently rising rate which can
If you want a simple diagnostic However, improvement need not look like failure. Prepare colleagues
for is our OSHMS good?, then imply greater complexity. If the OSHMS for this before you begin.
evaluate how effective it is at driving is simplified, it may become easier to
improvements in performance, understand and apply, yielding better How to achieve continual
rather than simply disciplining overall results. Improvement may also improvement
people to follow set procedures. be possible by broadening the scope Traditionally, the audit stages of
of the system, for example by applying the OSHMS are seen as the fount
Continual improvement it to outsourced services, value chain of all improvement wisdom, but
Quality systems standards did not initially interactions and new technical areas this viewpoint unnecessarily restricts
include continual improvement. This such as occupational road risk. thinking about improvements in
omission was corrected in ISO 9001: managing the workplace. There are
2008,15 but may be one reason for Continual improvement in an OSHMS other important sources of data,
a widespread view that the primary can have four aspects: including statistics, benchmarking and
output of quality management - results that are better year on year, industry or sector guidelines, as well as
systems is paperwork, rather than real as measured by falling rates of the people in the organisation.
improvement in processes and products. injuries, ill health and damage
In fact, continual improvement is vital if - steady or improved results that People who operate systems are often
management systems are to be effective are achieved with fewer resources a fertile source of improvement ideas
(in the sense that the results achieved because the OSHMS itself improves if theyre encouraged to express them.
are whats required) and efficient (in and effort is better targeted Managers, team leaders, workers and
the sense that the resources used are - results that move the culture of their representatives if they truly feel
sustainable in the long term). This the whole organisation to a new they own the work processes and
is particularly true for organisations state of effectiveness and efficiency, are actively monitoring them usually
operating in a continually changing often described as breakthrough have many ideas for improvement, to
environment (see Table 1). It also performance make processes both easier to operate

External changes Internal changes

- New guidance, industry or national standards - New products, services or workplaces
- National targets, such as Revitalising health and safety - New working arrangements, such as a union agreement
(launched in 2000 in the UK)16 for more information or home working
see - Business reorganisation, such as outsourcing
- New hazards, or new emphasis on old hazards, such as - Business growth and change
stress and asbestos - New work equipment, or changed contractors or
- Campaigns by regulators, trade unions, non- suppliers
governmental organisations (NGOs), media - New employees, or experienced employees leaving the
- New or revised legislation organisation
- Supply chain (client) pressures - Merger or takeover

Table 1: Typical changes faced by an organisation

(efficient) and more likely to produce High-level objectives - investigation of the root causes
the desired results (effective). Involving The OSHMS will incorporate detailed of these non-conformances,
the workforce, particularly through activities designed to achieve or with corrective actions applied to
worker representatives, is crucial to support the following high-level improve the OSHMS and prevent
achieving OSH improvements. One objectives: recurrences
method that is effective is the creation - clear policy-making with written - emergency systems, including
of diagonal slice groups such as commitment to good standards plans and competent people to
worker, team leader, engineer and at the highest level in the implement and respond to them,
manager working as an improvement organisation, supported by visible for containing and controlling
team. To achieve good OSH results, its leadership, adequate resources, serious system or business failures
also essential that directors, managers, personal involvement, and regular and minimising adverse effects.
team leaders and the whole workforce monitoring and reviews of
see health and safety issues as their performance (which, for example, Step change or continual?
responsibility, not just the concern of require the chief executive officer or A step change is often suggested,
the OSH professionals. managing director to ask probing perhaps in response to external
questions during meetings and site pressures for improvement. But the
A process is needed to make sure that visits, and all directors to participate ability to achieve a step change in
improvement ideas are gathered and in risk inspections or reviews) most organisations is limited even
evaluated (with feedback given to the - employment of competent staff, when there are true step changes
originators), and that those that add with adequate resources and time in inputs to a complex system,
value are suitably resourced, to train and develop them outputs alter much more slowly. Step
implemented and monitored. Its - effective arrangements for involving changes in organisations often have
important that improvement and consulting key stakeholders unplanned and undesired effects.
suggestions support long term strategic such as employees (including Even where a real step change is
goals. If they do, and theyre swiftly developing partnership agreements needed, an effective project to make
implemented, the net effect of many with trade unions), customers, it happen will consist of many small
small improvements can be dramatic. regulators and other statutory changes, each contributing to the
The process of creating improvement consultees, contractors, partners and overall plan and aligned with the
ideas can also be subject to formal neighbours, and also for sharing overall objectives. Thus, a continual
management processes. For example: lessons across the organisation and improvement model is a good way
- issues can be managed using more widely as appropriate to manage all types of change. This
SMARTT improvement plans, ie - making sure that materials, was recognised by Rolls-Royce plc
specific, measurable, agreed, realistic, equipment and services bought when it initiated the One small
timetabled and tracked actions that outside the organisation are chosen step programme for organisational
are reported back to the owner according to appropriate OSH transformation. It was summarised
(accountable person or group) criteria as well as price. well by the Japanese industrialist,
which may be the safety committee, - making sure that technical and Soichiro Honda, who once said: It
the local line manager or a director operational records are available, is more benefit to the success of the
- a task group can be set up to updated and retained as necessary business that 1,000 people take one
review a particular issue, such as to meet business needs and step forward rather than one person
workplace transport, with a brief to regulatory requirements taking 1,000 steps forward.
report back with recommendations - regular monitoring of all parts of
for improvement to the owner of the OSHMS by those responsible
the issue. for business processes, work groups What is the system?
and work sites, to compare actual A description of a management
System activities performance with expected results system is not the system itself.
Documenting your organisations and goals Sometimes a manual is handed
activities, whether on paper or - a system for planned audits to over with the comment this is our
electronically, is important and should verify how effective the OSHMS is management system, when what
be the basis for: in practice (see page 16) should be said is this document
- training people with OSHMS - systems for identifying and describes and summarises what we
responsibilities reporting instances where the do in practice our management
- the OSHMS trainees reference required standards arent met, system.
manual including external reporting where
- the audit standard. required
Detailed OSHMS activities - All reported accidents are
Tailor the system
The OSHMS model you use (see categorised by potential (not just
It is vital to adapt the standard
page 22 for information on choosing actual) outcome and prioritised for
OSHMS to the particular
the right one) should be adapted to investigation into root causes on
organisation. An OSHMS used by a
meet the needs of your organisation. the basis of this potential outcome.
large multinational organisation can
How the high-level requirements Suitable recommendations are
have more than 200 activities all
summarised above are broken down made to prevent recurrence and
of which are needed somewhere
into activities and described in practice are monitored to verify that theyve
although each small part of the
can depend on: been followed through.
organisation will implement only
- the type of hazards managed by the - Contracts are awarded and
the subset relevant to its part of
system are they well understood managed with OSH performance
the organisation. A smaller single-
or new? Are external and/or internal among the key performance criteria.
site organisation might need
stakeholders at risk? Do they have
substantially fewer activities to cover
short or long term effects? Each of these describes goals to be
everything significant.
- the type of organisation does it achieved, but doesnt detail what
cover a single site or many? Is there actually happens in the workplace.
much outsourcing or not? How The OSHMS activity description is Stakeholder involvement
many products and customers are goal-setting, minimising the need for A range of individuals and groups
involved? revision whenever the organisation and are stakeholders in the OSHMS
- the range of technologies how its work processes change. Prescriptive in other words, they may be
many technical disciplines and detailed procedures, responsibilities, affected by its results and therefore
standards are there? documents, training modules and so on potentially interested in its content and
- legislative and other applicable are needed, but these operational-level effectiveness. They include people both
standards are they based on documents dont usually form part of inside and outside the organisation itself,
prescriptive laws and external the OSHMS description. Operational- as shown in Figure 5.
operating standards or goal-setting? level procedures need to include the
key element of accountability and must Internal stakeholders
Each of the OSHMS activities should be be sample audited to make sure that Directors or trustees
in the form of an auditable standard they define whos responsible for what Directors (including charity trustees
in other words, a system or process and when (or how often), and what the and senior officers of public bodies,
that uses defined inputs to achieve expected outcome is. The monitoring as specified in their policies and
defined output goals. Here are some and audit steps are used to check arrangements) are legally responsible
examples: whether such supporting processes are for organisational performance.
- A current health and safety available where needed, and whether Traditionally, financial performance
policy statement, signed by the theyre effective, and to identify indicators are the only ones included in
responsible director, is readily possible improvements. directors annual reports, but measures
available and used during the of performance in other key areas,
induction process for all employees Its increasingly apparent that effective notably corporate social responsibility
and contractors. OSHMSs cover human factors and dont (CSR) which includes health and
- A register of relevant hazards assume a mechanistic approach to safety, environmental and other issues
is held by each work section, organisational and individual behaviour. are increasingly used. UK accounting
including summaries of key controls For example, leadership and the effects standards for organisations quoted on
and any current improvement plans of human reliability on the effectiveness the London Stock Exchange (Turnbull14)
(risk assessments). This includes of hazard controls are important issues and for registered charities (SORP17)
the likely consequences if control to consider and monitor. require directors, trustees and senior
systems fail, such as single or officers to provide assurances that all
multiple fatalities, small or large significant risks, including health and
scale damage and short or long safety risks, have been identified and
term ill health. that appropriate controls are in place.
IOSH has published guidance for people
responsible for reporting organisational
health and safety performance,
outlining how to include these data in
annual reports.5

A prerequisite of good performance and also accept personal responsibility
Reality check
is that leaders of organisations for organisational performance, theyll
Make sure that senior managers
consistently demonstrate that health be able to make a huge difference
and directors visit accident sites
and safety results are as important to the commitment to continual
and those affected by accidents,
as other key business goals. This improvement. In the UK, the Institute
such as people who are hospitalised
should be reflected in annual business of Directors and the HSE have
following an accident. This will
targets. Similarly, OSH performance produced a guide for directors and
help to make sure that senior staff
should form part of business agendas, their equivalents.18
dont become isolated from the
formal and informal discussions with
realities of daily workplace hazards
employees and so on.
and the damaging effects to
individuals of failures in the OSHMS.
If leaders display behaviour that
Conversations with workers
demonstrates the high value they
representatives can also act as a
place on the health and safety of each
helpful reality check for senior staff.
person for whom theyre responsible,

Internal stakeholders
- directors and trustees,
or equivalents
- workforce, including
trade unions, worker
representatives and
on-site contractors
- OSH professionals

External stakeholders
- regulators
- neighbours
- clients and supply chain
- insurers
- shareholders/investors
- corporate social responsibility
- global bodies

Figure 5: OSHMS stakeholders

The workforce legal requirement. Representatives may, for example, monitor exposure to
The workforce is a key stakeholder for contribute to the effectiveness of the hazardous substances) and engineering
a number of reasons: OSHMS with their detailed knowledge inspectors (who may examine and test
- If OSH management is deficient, of what happens at the sharp end. local exhaust ventilation and so on).
the workforce is usually the group They can:
most at risk from injury and ill - identify opportunities for Its likely that an OSH professional will
health. This is a major focus for improvement be appointed custodian of the OSHMS
trade unions, both at individual - make sure that workplace on behalf of the organisation, with a
workplaces and through national inspections and monitoring are key role in its effective implementation
and international campaigning. thorough and regular review. OSH professionals
- Employees have first-hand - check that planned improvements should also be able to make key
experience of many workplace and changes are realistic contributions to audit processes and
hazards and of how efficient and - help with root-cause investigations investigations of serious incidents such
effective current controls are in of failures as injury, ill health or damage.
practice. Employees are a prime - act as a focus for employees
source of ideas for continual questions and concerns External stakeholders
improvement. But some hazards - give access to external information Regulators
arent easily identified, as their about best practices via trade unions Regulators actions reflect societys
effects are long term or are realised - provide a valuable reality check for growing intolerance of organisations
so rarely that theres no workforce senior managers and regulators, as whose profits appear to be earned
memory. This means that its representatives are typically confident without due care for the health and
essential to train relevant staff so in stating their views. safety of workers, customers or the
that theyre competent in practical public. Outside the UK and particularly
hazard identification. Workers representatives need training in the Pacific Rim, its becoming
- Trade unions and workers to be effective; team leaders and increasingly common for national
representatives generally have a supervisors also need training on how legislation to require certification to
wide knowledge of and strong to work with representatives. a recognised national or international
commitment to health and safety, OSHMS standard, particularly for higher
so are a significant resource for OSH professionals hazard industries such as construction.
the OSHMS to incorporate and OSH professionals form the main group In the UK, areas regulated by safety
benefit from. of people who advocate the benefits of cases (eg nuclear, onshore major
- Whatever formal systems and OSH systems. UK-based organisations hazards, pipelines, offshore, railways,
controls are used, the individual or have a legal requirement to appoint gas supply) all require a summary of
small team performing a task has one or more competent persons to the OSHMS to be included in the safety
great influence over its outcomes. help them comply with relevant OSH case submitted by the operator to the
Legally and morally, each person legislation. Where more than one person regulator. In addition, some industries
has a duty of care to him or herself is appointed, team work is important have adopted voluntary codes and
and to others who may be affected to make sure that the OSHMS is standards that include a systematic
by acts or omissions. You can comprehensive, efficient and effective. approach to OSH management (see the
change the behaviour of individuals examples on page 08).
and groups by making sure that OSH professionals have a key role in
they understand the hazards advising others with responsibilities Investors and insurers
identified by the local OSHMS, the under the OSHMS, especially in Both investors and insurers are
controls in place and why these are knowing about hazards, their likely concerned about risk, particularly
judged to be sufficient. effects and current good practice for risk that isnt managed effectively.
avoiding, minimising, controlling and Whereas the Turnbull requirements
Workers representatives mitigating them. For OSH professionals (see page 09) are targeted at avoiding
Setting up a system of employee OSH to be able to give advice, they must major losses, investors are increasingly
representatives can act alongside understand relevant legislation, requiring more positive reassurance
promoting personal motivation to add standards, best practice, practical risk that a business is well managed,
value to the OSHMS. Such a system is assessment methods, cost-effective and may take health and safety as a
often developed as part of the formal controls and training provision. The marker for performance in general.
election of workers representatives. OSH professional is also likely to liaise Insurers may decline certain types of
In the EU and some other regulatory with external professionals, such as risk unless theyre convinced that the
regimes, employee consultation is a occupational hygiene consultants (who issues are well managed. Evidence of
a comprehensive and effective OSHMS globalisation, such standards assume - interviews to confirm that
can help directors respond to questions higher profiles and responsible awareness, competence and
and concerns raised by both investors organisations must pay more attention resources are appropriate
and insurers. to ensuring compliance. There is special - observation to check that
focus on the protection of vulnerable arrangements and standards
CSR lobby groups such as children, migrant described in the OSHMS are actually
In developed countries, theres now workers and female workers. The ILO present in the workplace.
significant demand for CSR, including has published numerous codes on a
public corporate reporting. Both the wide variety of health and safety issues, Audits have several key features:
Dow Jones and the FTSE operate seeking to set minimum standards of - Auditors independence gives
investor listings linked to CSR results practice around the world. credibility to the audit findings.
that include health and safety. Auditors should not have any
Compliance with relevant ILO, IMO personal accountability, or direct
In addition, non-governmental and WHO codes for workplace health reporting relationships, in the group
organisations, investors and and safety is often a requirement for or area theyre auditing.
consumers19 ask questions about operating in developing economies, - Auditors need a strong analytical
OSH results, particularly of global in particular for projects funded by ability but also well-developed
organisations, if they suspect that the World Bank or the International people skills, so that they can
activities are being exported to Monetary Fund. It can be expected that collect reliable evidence quickly. The
locations where workplace OSH compliance with GRI guidelines will skills of a good accident investigator
standards are lower than in the move, in due course, from voluntary have a lot in common with those of
organisations home country, thereby towards mandatory status. Third-party a good auditor, and vice versa.
increasing profits at the expense of verification of such compliance may also - Company procedures and local
the workforces health and safety. The be expected, hence the link to OSHMSs. documents are sampled and
ASSE and IOSH guidelines, Global best evidence is collected to check that
practices in contractor safety,20 cover Auditing and verification operational practice is consistent
some of these issues and identify more Good practices in OSH auditing with documented practice. In other
than 60 aspects of good practice for Auditing is the sampling of a words, say what you do; do what
both clients and contractors these process by a competent person you say you do; and prove it.
are applicable to workplace health whos independent of the process. - Evidence is collected from corporate
as well as safety. Compliance with a Auditors report on the effectiveness and local documents, interviews
recognised OSHMS standard is one of of the process, focusing on inputs, and inspections of workplaces.
the recommended good practices. outputs and testing internal controls. Auditors should choose some
Verification has a similar meaning to samples themselves, not just accept
Voluntary codes, such as the Global audit, but where verification involves what is put before them.
Reporting Initiative (GRI)21 and confirming conformity to an external, - Because an audit is a sample,
Social Accountability 8000,22 bring recognised standard and results in the however well judged, it can never
together the expectations of various issue of a compliance certificate, it result in a perfect view of the
stakeholders in this area, including the is generally called certification. ISO facts. Also, findings are valid only
need for appropriate management 1901123 is a useful overall guide on up to the time of the audit. When
systems and verification. In addition, how to set up and run a successful planning improvements, audit
theres a growing consensus that audit programme. It can be applied evidence, though very powerful,
effective risk management needs to to virtually any PDCA management should be reviewed alongside other
extend throughout an organisations system; though it only covers data on system performance.
supply chain, to ensure security and environmental and quality systems,
thus sustainability (a development it can easily be adapted to apply to Some small and medium-sized
reflected in the ILO OSHMS guidelines). health and safety auditing and is in enterprises may not have a fully
the process of being amended to documented OSHMS, but will be able
Global bodies incorporate this. to demonstrate a clear understanding
The United Nations and its subsidiary of hazards and effective controls.
bodies, such as the ILO, the World Typical audits cover three types of
Health Organization (WHO) and the evidence: Examples of good auditing practice
IMO, set standards, as does the GRI, - documentation is it adequate? - Techniques to avoid conflict between
based for example on the Universal Does it reflect all OSH hazards of the aims of the auditor and the
Declaration of Human Rights. With the organisation? perceptions of the auditee include:
Avoid paper mountains - For large organisations, an overall - As audit processes mature, include
In audits, dont overemphasise audit plan is required so that all auditors from clients, contractors,
the need for comprehensive areas are covered in an agreed trade unions or other partners to
documentation if evidence from timescale. The initial plan may aid both transparency and the
interviews and work sites shows the be hazard-based (areas with the sharing of good practice. Consider
system produces high quality results, highest potential for harm are the value of external certification
would more or better paperwork audited first), later becoming as an additional source of
add value? risk-based (areas with least improvement ideas.
effective controls are checked
using a transparent
more than those with proven Positive and practical?
performance standard as an
effective controls). A really effective audit system is one
agreed basis for audit (eg the
organisations own OSHMS
- Any audit scoring system should in which those being audited look
encourage future improvements forward to the process, expecting
activity descriptions or a
in preference to highlighting new and useful ideas for practical
published standard)
past successes. Discourage improvements. If they face audits
making sure that audit reports
overemphasis on numerical scores with dread, the audit system
arent seen as the only source
and inter-group competition based needs to improve, not those being
for continual improvement ideas
on them; scores should be used as audited!
including positive as well as
benchmarks for improvement.
negative findings in the final
- In the UK, the HSEs guidance,
Measuring health and safety
discussing potential negative
performance,24 can be used
findings as the audit progresses,
both as an input to OSH audit
to give people the chance to
methodology and as a source of
produce additional evidence if
ideas on quantifying audit results.
provisional findings are incorrect.

Advantages Disadvantages
- Internal auditors know the organisation and where to - External stakeholders may have suspicions about the
look for evidence independence of internal auditors
- Internal auditors reports have high internal credibility - Internal auditing takes resources away from normal
- Because internal auditors audit their peers, their findings work for both training and planned audits
are more likely to be seen as realistic by auditees - Internal auditors can have a limited vision of
- Auditing is an excellent developmental experience improvement opportunities because of a lack of
because employees learn in detail about other parts of external benchmarks
the organisation
- Using internal auditors helps the transfer of good
practices across the organisation because they identify
opportunities for sharing

Table 2: Advantages and disadvantages of internal audit

Advantages Disadvantages
- External auditors have high credibility with external - External auditors must earn respect for their findings
stakeholders within the organisation initially, they are often viewed
- External auditors provide strong benchmarking knowledge negatively
and can give access to external verification bodies and - External auditors dont know the organisation, so may
recognised certification where this adds value ask for a lot of pre-audit documentation and take
longer than internal auditors to complete their work
- External audits can be expensive
Table 3: Advantages and disadvantages of external audit
Auditor competence Chartered Members of IOSH. Their
Auditors experience
Competence of auditors is a critical Continuing Professional Development
Whatever their understanding
factor. Competence requires (CPD) should also ensure that their
of OSHMS models and theory, if
knowledge, skill, practical experience auditing skills are current. However,
an OSHMS auditor lacks current
and suitable personal qualities, and where certification is not involved, and
experience in practical OSH hazard
must cover two areas: auditing methods particularly where specialist areas are
identification, assessment and
and the processes being audited. Its being audited, it may be enough for
implementation of suitable controls
often easier to supply the necessary the leader to meet these standards,
in the type of organisation theyre
breadth and depth of competence while other team members have an
auditing, their report is unlikely to
in a small audit team than in a single appropriate mix of OSH and audit
add much value.
individual. A team approach also competences. OSH professionals
allows new or inexperienced auditors providing internal OSHMS audit
to be introduced to processes and services should meet similar standards
organisations. When planning audits, to those of external auditors.
you must decide whether to use
auditors who are external to the While part-time internal OSHMS
organisation, or to use internal auditors auditors are unlikely to benefit from
who are independent of the areas to be formal qualifications and CPD to the
audited. same extent, they should have basic
training in both OSH and audit skills,
Where formal certification is offered as which can be given through internal
a result of an audit, all auditors should courses and experience.
meet recognised competence standards
in OSH, such as those required of

7 Advantages and disadvantages of OSHMSs

Advantages Legal compliance is easier to Increasing the effectiveness

A system meeting your risk needs attain and prove of initiatives
An OSHMS can prioritise the planning, The development and extension The longevity of management and other
organising, control, monitoring and of health and safety law, notably health and safety-related initiatives in
review of measures to protect people through new approach Directives organisations varies. Many organisations
from work risks. Itll help you allocate to help create a single European use campaigns and awareness-raising
the correct resources, achieving market, have led to additional legal programmes to improve knowledge
effectiveness and efficiency. requirements. Organisations can have and encourage participation in health
difficulty keeping up to date with the and safety issues. An OSHMS requires
Occupational health focus requirements relevant to their sectors. continual improvement and this can
Significant occupational health risks An OSHMS helps identify relevant increase the duration and effectiveness
can be assigned the correct level of statutory provisions and creates a of management initiatives, allowing
importance and be properly resourced. framework of procedures to make them to adapt and develop in line with
This isnt always the case with ad hoc sure that the organisation consistently policy commitments.
OSH processes, which depend largely complies with the law.
on the experience of available OSH Visible commitment of
practitioners (including occupational Proving reasonably practicable top managers
hygienists) and the internal structures In the UK and some other countries, OSHMSs, like other management
of the organisation. Also, employees you may have to prove that youve systems, formally require top
generally have a greater understanding met practicable and reasonably management to be involved in and
of safety risks than health risks. When practicable requirements in order to committed to the system. This is carefully
implemented correctly, an OSHMS demonstrate legal compliance. When documented through setting policies and
should address these issues and strike a balanced management system is objectives and through regular reviews
the right balance in controlling all risks. implemented and risk management is to check the results achieved. Once the
systematically applied based upon objectives are set, senior managers must
OSH is as important as other the proportionality of risk it should visibly demonstrate their commitment to
business objectives be easier to prove compliance. For achieving them. Its consistently argued
Many organisations struggle to give example, quality management systems that such commitment is essential for
OSH objectives the same importance (QMSs) have been used to prove due world-class OSH results an OSHMS
as other business objectives. At times, diligence for compliance with food demands it.
this failure threatens the survival of safety law and to ensure product safety.
an organisation; at others, it can lead Regular audits
to prosecutions and other penalties. Helping system integration Audits present an opportunity for
A correctly implemented OSHMS Many organisations started with a benchmarking (eg through creating
will make sure that appropriate OSH QMS, then adopted an environmental audit teams with members from
objectives are set by focusing on policy management system and are now different departments or from outside
and the process of setting objectives considering an OSHMS. The structures the organisation) and identifying
and their delivery through the are similar, and adopting an OSHMS opportunities for improvement. External
management programme. will mean that if, at a later date, you certification and assurance bodies
decide you need a holistic business risk which audit against applicable standards
OSH in relation to quality management approach, integration can help to identify non-compliances
British and international standards should be straightforward. and necessary improvements.
support the drive towards customer
first services, and as a result quality Continual improvement Part of corporate governance
is high on the agenda. Quality isnt This process aims to improve some Theres an ever-increasing requirement for
usually a legal requirement, but health, part of the OSHMS at any one time, directors to follow codes of practice and
safety and (often) environmental rather than trying to improve all the meet the standards expected in public
performance are. The development of elements in the system simultaneously. life. Demonstrating that OSH controls are
formal OSHMSs should make sure that This structured and very practical adequate is an important part of meeting
sufficient importance is given to OSH approach allows the organisation to this responsibility, and independent
performance, which typically has more improve areas that arent operating audit to externally set standards is an
impact on employees than on customers. effectively or efficiently, using reviews impartial way of achieving this. Regular
and audits to identify systematically the management review of audit reports
opportunities for improvement. and OSHMS results meets governance
requirements for OSH risks.
Reassuring the enforcement Systematic risk management still identify the need for significant
authorities Perhaps the biggest challenge is to management time, and implementing
Enforcement authorities require comply with the legislative need to an OSHMS is likely to dominate the
organisations to comply with applicable plan, organise, control, monitor and work of the OSH professionals involved.
health and safety legislation. The review the preventive measures in If some of the work is contracted out,
formality and systematic approach to place to control significant risks. An take care to check that the results
compliance required by an OSHMS OSHMS creates a structured system for match the organisations needs.
encourages confidence in the compliance with the requirements of
organisations internal approach. In both applicable legislative codes and Human behaviour may not be
the UK, for example, the HSEs HSG65 industrial sector best practice. fully addressed
states: If you do follow the guidance Recent developments in determining
you will normally be doing enough to Disadvantages reasons for health and safety errors
comply with the law. Bureaucracy (paperwork or place greater emphasis on the
electronic documents) behaviour of workers and managers.
A focus on OSH resources The need for a simple, effective system This focus on the human factor can
An OSHMS requires resources to be wont be met if the system generates be lost if theres too much emphasis
allocated in all functions and at all excessive paperwork. You need to on the paperwork requirements of
levels throughout the organisation. A minimise the number of documents a formal OSHMS. For example, its
risk-based approach which ensures that and records (in other words, easy to overlook the need to monitor
the scale of a management system is streamline document control), but be workplace behaviour and talk with
proportionate to the risks and necessary careful in doing this. and involve people. However, with
control measures makes such resource attention to continual improvement,
allocation intrinsic to the whole Integration any issue including human factors
organisation. This is, in part, what the Usually discussed as an advantage, can be addressed.
Turnbull Report requires of London integration depends on many factors,
Stock Exchange-listed companies. including internal politics. Theres Certification and assurance bodies
a risk of diluting health and safety are still learning
Emergency preparedness effort or creating inequality between There can be conflict when auditors
OSHMSs should make sure that suitable management of quality, health and interpretations of health and safety
resources are made available to respond safety, and environment. For example, are different from those of the
to foreseeable emergencies. This may an organisation in a high hazard industry sector or organisation being audited.
include provision for contacting outside may not benefit from system integration Differences can often be resolved by
agencies, including emergency services, if it doesnt allow a focus on managing referring to relevant guidance notes
and developing and communicating significant risks. Similarly, if existing and authoritative information. This
on- and offsite emergency plans. An management systems are inefficient, type of conflict can reflect the relative
OSHMS places such planning in a then adding health and safety to the mix inexperience of external auditors in
proper management context. will be counterproductive. this work.

Managers have a finger on the pulse Time to implement True independence?

The OSHMS includes defect (non- Designing and implementing an OSHMS certification is relatively
conformance) reporting, which directs OSHMS can be very time-consuming. immature and underdeveloped. If
managers attention to opportunities This may be exacerbated by external auditors are to be truly
for correcting problems and making overstating system requirements and independent, they shouldnt have
improvements. Managers need to documentation, by not matching the played any part in advising the
address health and safety issues system to the organisations health and organisation on how best to implement
effectively, no matter how busy they safety risks, or by not incorporating an OSHMS in the first place. Also, as
are. Alerting managers to problems existing OSH management processes has been learned with financial audits,
and actions they can take or sanction but starting again from scratch. it may be difficult to provide genuinely
continually reminds them of their independent auditing if theres an
critical health and safety role. Heavy demand on resources existing relationship with the auditors
A lot of resources are required to set or if service costs are a prime issue.
up an OSHMS. Although this can be
offset by the inclusion and involvement
of employees, key managers and safety
representatives, a realistic appraisal will
Barriers to change Numerous audits Is the written procedure safe
Barriers to change are invariably These days, stress is recognised as a and healthy?
erected in the way of new systems. workplace hazard that needs to be In some countries theres a tendency
Often theres a suspicion, at times well managed within the framework of the to write down whats currently
founded, that change is being made OSHMS. It should also be recognised done and adopt that as the OSHMS.
for its own sake and without business that pressure to achieve certification for This can create a significant liability
justification. Some organisations may a new OSHMS can create its own stress risk if the procedures havent been
be able to manage health and safety on managers and employees alike. checked to make sure they are in
successfully by consistent and good Dont overlook the need to provide fact comprehensive (that they cover
management, without the need for a support before and during audits. all hazards) and adequate (that the
formal system. controls are effective in reducing risk).
Which OSHMS model? The liability exists in any event, but the
Managers dont understand Deciding which OSHMS to use can OSHMS documentation then appears
the systems be confusing. The aim should be to validate it. A properly functioning
Typically, managers are not committed a system that is consistent with OSHMS should make sure that these
to the introduction of new systems. your organisations needs and its problems are identified and corrected.
Managers require time, training management approach. While OHSAS
and motivation to make sure they 18001 aligns extremely well with ISO
become advocates of the system and 1400125 and other international PDCA
not enemies within. Its a mistake to standards, and is therefore useful
think that OSHMSs are self-evidently for integration, the organisation,
a good thing; they require effective clients, enforcement authorities or
communication to win people over. government may better understand
other systems based on standards or
guidelines such as BS 18004, HSG65,
ILO or an industry code. All systems
need to be adapted to the specific
needs and culture of the organisation
or they wont be sustainable.

* Debate still continues on definitions for quality of life; collectively they highlight that its a subjective state encompassing physical, psychological
and social functioning, and a key feature is its basis on the perceived gap between actual and desired living standards.7

8 OSHMS certification

The desire to gain certification of This poses few problems provided - Make sure that an external
an OSHMS may come from internal the certification process is applied to certification audit isnt viewed
stakeholders who need assurance that a developed OSHMS, validating its solely as a pass/fail exercise, but
their organisation meets a verifiable effectiveness, or encouraging as one step within an overall OSH
standard, or who judge that certification further improvements to meet the continual improvement plan.
will add value with clients or customers. external standard. An OSHMS that - Where external certification isnt
However, its more likely that pressures is seen as just a tool for obtaining a pressing business need, develop
will come from external stakeholders, the required certification will be internal audit processes first.
in particular prospective or existing ineffective in its true purpose of - Where possible, base external
clients, or regulators as part of national continually reducing work-related audits primarily on evidence from
policy. In this case, certification is likely accidents and ill health. internal audits. Consider adding
to move rapidly from being a preferred IOSH recognises OSHMS standards and external auditors to internal teams
option to become an entry condition, certification processes as relatively new in preference to increasing the
without which existing or potential and still developing, and we suggest the number of audits.
business is lost. following as good practices in relation - Make sure that internal and
to OSHMS certification: external OSHMS auditors meet the
- Dont allow a business need for IOSH competence standards (see
external certification of OSH page 17).
standards and practices to get
in the way of developing strong
internal continual improvement
processes, including internal audit.

9 How to get started

The way forward for organisations Initial status review (gap analysis) Making it happen
developing their first formal OSHMS The gap analysis approach ensures that Most of the OSHMSs referred to
is to choose the system they wish you dont waste effort on developing in this document include extensive
to use as a basis, establish which new systems when existing internal practical guidance in support of the
arrangements are already in place, and arrangements are working well. Even main code or standard, usually in
then identify gaps between those and organisations which believe that they subsidiary publications (see further
the requirements of the OSHMS. have nothing in place often find that reading on IOSHs website at www.
there are long-established working However,
Choosing a system practices that have never been formally theres no doubt that adapting a
One way of choosing a system is to recognised or documented. standard system for use in a particular
create a comparison table and score organisation requires significant time
the systems you wish to consider to A simple way of carrying out the initial and resources.
see which most closely meets your status review is as a desktop exercise,
preferred specification the more with the draft safety management plan Organisations with experience of
relevant features you tick, the better. drawn as a flow diagram or matrix on a managing significant internal process
The example in Table 4 includes flipchart. Its important to consult and or organisational change should find it
comparisons between some of the involve all parties in the organisation, relatively easy to introduce an OSHMS
main management systems mentioned including workers representatives by using similar methods. Organisations
in this guidance. However, if theres ownership and success of the OSHMS is without such experience may need to
a preferred system for your particular likely to be greater because of the employ external change management
industry, you may also want to interest developed in this way. advisers to help effective consultation
include an industry-specific column. and to ensure the involvement and
For instance, if your organisation is a Remember the most successful commitment of all necessary parties.
contractor to the chemical industry, you management systems arent created at
could include Responsible care in this initial status review, but are developed Techniques to support effective
column. In addition to those features through effective performance implementation include:
listed, there may be in-house and other measurement, review and continual - clear support and personal
factors to be considered, in which improvement. However, reporting commitment from leaders in the
case you can add them to the table the status review to senior managers organisation, including modelling of
(for example, if your customers use a or directors, and communicating the desired behaviour
particular system, adopting the same results to the workforce, can get this - incorporating both OSHMS
system will enhance your compatibility). process under way at this early stage. implementation and results in

Management systems
Features HSG65actors (eg BS 18004 OHSAS 18001 ILO Industry-specific
your customer (eg Responsible
uses this system) care)

(see note below)
Regulator support
(some non-UK)
Tested (> 2 years old)

In-house factors (eg
your customer uses
this system)
Note: Responsible care isnt classed here as international because, while some
countries do adopt a management systems approach to it, many dont.
Table 4: OSHMS comparison table for a UK-based contractor to the chemical industry
declared high-level business targets - trials in one or more selected areas Getting started
(eg x per cent of sites are expected before the OSHMS is launched
One large catering organisation
to complete their gap analysis by more widely
appointed a mixed team of
y and their initial roll-out by z; - not taking too long trying to managers and workers to undertake
priority improvements over the next develop a perfect system, but
an initial status review. The
year are to be areas a, b, c) rather implementing something
team undertook this exercise by
- seconding staff from across the reasonable and learning how to
identifying key elements of the
organisation full-time to the do better via the internal audit,
existing processes, completing a
development and implementation management review and continual
brainstorming exercise to identify
team improvement processes
gaps within the system and then
- customising the model system - recognising and celebrating small mapping this out in the form of a
to suit the needs and culture of successes on the route to a fully
flow diagram.
the organisation, and linking it to sustainable OSHMS.
internal consultation processes
- developing benchmarking contacts
with similar organisations that have
experience of implementing similar

Typical inputs Typical outputs

Any information relating

to hazard identification
and risk assessment

Review of OSH
performance, including
incidents and accidents Draft an OSH management
plan, including:
Identification and review of Initial status review - an OSH policy statement
existing OSH management (gap analysis) - hazard identification and
arrangements or processes Undertaken by a mixed safety risk assessments
management team that - OSH management
includes worker arrangements
Competence and training representatives and a - competence and training
requirements competent practitioner needs
- OSH management
Workforce involvement Where are we now?

OSH legal and other The objective is to ensure

standards and best effective OSH management
practice within the sector, and a process of continual
eg a compliance register improvement

Figure 6: Process for developing an OSHMS


1 Council Directive 89/391/EEC of 10 Occupational health and safety 18 Leading health and safety at work
12 June 1989 on the introduction management systems general leadership actions for directors
of measures to encourage guidelines on principles, systems and board members, INDG417.
improvements in the safety and supporting techniques, AS/ Sudbury: HSE Books, 2007. See
and health of workers at work. NZS4804:2001. Sydney: Standards and
Official Journal of the European Australia International Ltd, 2001.
Communities, 29 June 1989, L183, 11 Guidelines for the development 19 The first ever European survey
Brussels. and application of health, safety of consumers attitudes towards
2 Responsible Care management and environmental management corporate social responsibility
systems guidance, RC127 (fourth systems, Report no. 6.36/210. and country profiles. Brussels:
edition), and Links between the London: OGP, 1994. See www.ogp. CSREurope (MORI poll), 2000.
Responsible Care management 20 Global best practices in contractor
systems guidance and self 12 Joined-up working an introduction safety. Wigston: IOSH, 2001. See
assessment and the business to integrated management systems.
excellence model, RC129 (second Wigston: IOSH, 2006. See www. 21 Sustainability reporting guidelines
edition). London: Chemical on economic, environmental and
Industries Association, London, 13 Business risk management getting social performance, version 3.0.
2003. health and safety firmly on the Netherlands: Global Reporting
3 Guidelines on occupational agenda. Wigston: IOSH, 2008. See Initiative, 2006. See www.
safety and health management
systems, ILO-OSH 2001. Geneva: 14 Internal control: revised guidance for 22 Social Accountability 8000, SA
International Labour Office, 2001. directors on the Combined Code. 8000:2008, New York: Social
4 Occupational health and London: Financial Reporting Council, Accountability International, 2008.
safety management systems 2005. See 23 Guidelines for quality and/or
requirements, OHSAS 18001: FRC/media/Documents/Revised- environmental management
2007. London: BSI, 2007. Turnbull-Guidance-October-2005. systems auditing, BS EN ISO 19011:
5 Reporting performance guidance pdf. 2002. London: BSI, 2002. Currently
on including health and safety 15 Quality management systems: being revised to include OSH.
performance in annual reports. requirements, BS EN ISO 9001:2000. 24 Measuring health and safety
Wigston: IOSH, 2008. See www. London: BSI, 2000. performance, HSE, 2001.See 16 Revitalising health and safety
6 Successful health and safety strategy statement, OSCSG0390. perfmeas.pdf.
management, HSG65 (second Wetherby: Department for the 25 Environmental management
edition). Sudbury: HSE Books, Environment, Transport and the systems. Requirements with
1997. Regions, 2000. See www.ilo. guidance for use, BS EN ISO
7 Guide to achieving effective org/wcmsp5/groups/public/--- 14001:2004. London: BSI, 2004.
occupational health and safety ed_protect/---protrav/---safework/
performance, BS 18004: 2008. documents/policy/wcms_212111.
London: BSI, 2008. pdf.
8 International safety management 17 Accounting and reporting
(ISM) code. London: IMO, 2002. by charities: statement of
See recommended practice. London:
mainframe.asp?topic_id=287. Charity Commission for England
9 Management of Health and Safety and Wales, 2005. See
at Work Regulations 1999, SI
1999/3242. London: The Stationery Charity_requirements_guidance/
Office. Accounting_and_reporting/

Further reading

Auditing a safety and health Development of working model of how HSG65, outlining good practice
management system: a safety and human factors, safety management and the costs of getting it wrong. It
health audit tool for the healthcare systems and wider organisational describes five key steps: set policy;
sector. Health and Safety Authority, issues fit together. Research report RR organise staff; plan and set standards;
2006. Available from www.hsa. 543:2007 prepared by White Queen measure performance; and learn
ie/eng/Publications_and_Forms/ Safety Strategies and Environmental from experience (audit and review).
Publications/Occupational_Health/ Resources Management for HSE There are questions following the
Auditing_Healthcare.pdf. London. Available from www. descriptions to help readers assess how well their organisations are doing in
The Health and Safety Authority each area.
(HSA) in the Republic of Ireland has This report describes a project to
produced this audit tool to assist develop a working model linking Managing safety the systems way:
in the continuous development human factors, safety management BS 8800 to OHSAS 18001, HB
and implementation of health and systems and organisational issues in the 10180:2000. London: BSI, 2000
safety management systems for the context of safety. While the focus is on
healthcare sector. Eighteen different chemical major hazards in particular, it This is an easy-to-follow guide
criteria for audit are described and is also intended to apply to health and to implementing the new British
followed by guidance. This tool is to be safety in general. Standard. The book has been revised
used in conjunction with the 2006 HSA and updated to incorporate the
guidance document for the healthcare IMS: The framework integrated requirements of the new BS OHSAS
sector, How to develop and implement management systems series, HB 18001 and best practice. It takes
a safety and health management 10190:2001. London: BSI, 2001 a practical approach to tackling
system, available at the various elements of an OSH
Publications_and_Forms/Publications/ This outlines a framework for management system for your business.
HealthCare_Sector/Guidance_ managing the operational risks any It also explains how the system can be
Document_for_the_Healthcare_ organisation faces in its day-to-day maintained as OSH evolves, responding
Sector_-_How_to_develop_and_ business. The aim is to provide a to internal and external influences.
implement_a_Safety_and_Health_ structure by which an organisation can
Management_System.html. efficiently and effectively manage its Occupational health and safety
operation through one system. management systems Guidelines for
Code of practice for risk management, the implementation of OHSAS 18001:
BS 31100:2008. London: BSI, 2008 IMS: Implementing and operating 2007, OHSAS 18002:2008. London:
integrated management systems series, BSI, 2008
This standard for risk management HB 10191:2002. London: BSI, 2002
helps organisations to understand This Occupational Health and
how to develop, implement and This gives an approach for integrating Safety Assessment Series (OHSAS)
maintain effective risk management, the management of quality, OSH guideline provides generic advice
thereby helping them achieve their and environmental aspects within on implementing OHSAS 18001 (a
objectives. It treats risk management one management system. This how specification for an occupational safety
as being as much about exploiting to do it manual includes flowcharts, and health management system),
potential opportunities as preventing questionnaires and examples, and explaining its principles, intent, typical
potential problems, and sees it as an takes readers through the model inputs and outputs, and processes.
essential part of good management. outlined in IMS: The framework. It includes a correspondence table
The standard establishes the between OHSAS 18001:2007, ISO
principles and terminology and Managing health and safety five 14001:2004 and ISO 9001:2008.
provides recommendations for the steps to success, INDG275. Sudbury: It also features a table showing the
model, framework, process and HSE Books, 1998 (reprinted 2008). correspondence between the clauses of
implementation of risk management. Available from the OHSAS documents and the clauses
pubns/indg275.pdf. of the 2001 ILO-OSH guidelines.

Aimed mainly at directors and

managers, this short booklet
summarises the key messages of

Specification of common management key is how organisations live their work-related ill health. It also notes
system requirements as a framework systems. This report covers: that some organisations attach
for integration, PAS 99:2006. London: - the theory underpinning strategies to a greater level of importance to
BSI, 2006 promote safe behaviour health and safety than others and
- the key elements of programmes in that there are weaknesses wherever
This Publicly Available Specification use to promote safe behaviour communication or competence are
(PAS) was produced in response to - how to use behavioural strategies inadequate.
the increased interest in an integrated to promote critical health and safety
approach to management systems and behaviours Regarding strengths, as well as
corporate governance. It contains a - how to integrate behavioural reducing accidents and lost-time in
framework for implementing common strategies into a health and safety the larger organisations, it was felt
requirements of management system management system. that OSHMSs increased employee
standards or specifications in an motivation and identification with their
integrated way. Adopting this PAS The use of occupational safety and employers and also helped develop
will simplify the implementation of health management systems in the their competence.
multiple system standards and any member states of the European
associated conformity assessment. The Union: experiences at company level.
reduction in duplication by combining European Agency for Safety and Health
two or more systems in this way has at Work, 2002. Available from http://
the potential to significantly reduce the
overall size of the management system reports/307.
and improve system efficiency and
effectiveness. It can apply to all sizes The European Agency for Safety and
and types of organisation. PAS 99:2006 Health at Work has published this
will be withdrawn when its content is report covering OSHMSs in the member
published in, or as, a British Standard. states of the EU and the best approach
to take. It identifies five key elements
Strategies to promote safe behaviour of effective OSHMSs: initiation (OSH
as part of a health and safety input); formulation and implementation
management system. Prepared by the (OSH process); effects (OSH output);
Keil Centre for HSE: Contract research evaluation (OSH feedback); and
report 430: 2002. Available from improvement and integration (open system elements). It then looks at eleven
crr_pdf/2002/crr02430.pdf. companies across the EU that have
introduced or improved their OSHMSs,
This report promotes safe behaviour indicating which of the key elements
at work as a critical part of the each particular case study highlights.
management of health and safety,
because behaviour is important in The report also comments on the
transforming systems and procedures strengths and weaknesses of the case
into reality. Good systems on their own study systems, noting that they tend
are not enough to ensure successful to concentrate mainly on work-related
health and safety management; the accidents, but give less attention to

Appendix: List of abbreviations


Continuing professional development International Labour Organization Non-governmental organisation (eg
a means to ensure ongoing a United Nations agency, based in voluntary, campaigning or professional
competence in a changing world Geneva body)


Corporate social responsibility a International Maritime Organization Occupational safety and health
system whereby organisations integrate a United Nations agency, based in
social and environmental concerns London OSHMS
into their business operations and Occupational safety and health
interactions with stakeholders IOSH management system
Institution of Occupational Safety and
Global Reporting Initiative an Specific, measurable, agreed, realistic,
international sustainability reporting ISM timetabled and tracked action a
institution that has developed International Safety Management method for managing action plans
guidelines for voluntary reporting on a formal code requirement of the IMO
the economic, environmental and that applies to most classes of large ship WHO
social performance of organisations World Health Organization a United
ISO Nations agency, based in Geneva
HSE International Organization for
Health and Safety Executive the UK Standardization
OSH regulator


IOSH would like to thank the working We would also like to thank the
party who produced the original version original consultees, who were:
of this guide and also Paul Reeve
CFIOSH CEnv FIEMA for updating it: Dr Janet Asherson CMIOSH, Head of
Environment, Health and Safety, CBI
Lawrence Waterman CFIOSH Dr Tony Boyle CFIOSH, Consultant,
(Chairman), Managing Director, Sypol HASTAM
Martin Allan CFIOSH, Managing David Eves CB, IOSH Honorary Vice-
Director, Martin Allan Partnerships Ltd president and former Deputy
Lawrence Bamber CFIOSH, Managing Director-General, HSE
Director, Risk Solutions International Stephen Fulwell CFIOSH, Independent
Martyn Hopkinson CMIOSH, Company Safety, Health and Environment
Health and Safety Manager, British Consultant
Sugar plc Liam Howe CFIOSH, Safety and
Arran Linton-Smith CFIOSH, Health Training Manager, Coillte Teoranta
and Safety Consultant, MacGregor Jay Joshi CMIOSH, Chief Information
Associates Officer, British Safety Council
Ian Waldram CFIOSH, Safety, Health Brian Kazer CFIOSH, Chief Executive,
and Environment Consultant BOHRF
Richard Jones CFIOSH (Administrator), Paul Reeve CFIOSH, Head of HS&E,
Policy and Technical Director, IOSH Electrical Contractors Association
Owen Tudor, Senior Health and Safety
Policy Officer, TUC

Finally, IOSH would like to thank the following organisations

for their valued support of this document:

IOSH IOSH is the Chartered body for health and safety
The Grange professionals. With more than 44,000 members
Highfield Drive in over 120 countries, were the worlds largest
Wigston professional health and safety organisation.
LE18 1NN We set standards, and support, develop and
UK connect our members with resources, guidance,
events and training. Were the voice of the
t +44 (0)116 257 3100 profession, and campaign on issues that affect millions of working people. IOSH was founded in 1945 and is a registered charity with international NGO status.

Institution of Occupational
Safety and Health
Founded 1945
Incorporated by Royal Charter 2003
Registered charity 1096790 FS 60566