Professional Documents
Culture Documents
OHSAS 18001 2017 tcm12-52345 PDF
OHSAS 18001 2017 tcm12-52345 PDF
GUIDANCE DOCUMENT
Occupational Health & Safety Management System
OHSAS 18001:2007 is expected to be revised to ISO 45001 by end of 2017, beginning of 2018.
Please visit www.dnvgl.co.uk for further information.
Overview of OHSAS 18001’s Structure
There is some freedom and flexibility in defining
the scope and boundaries of an OH&S Management
General requirements 4.1
System, but the overall aim is to safeguard life.
OH&S policy 4.2 Therefore, this management system more than any
other will require your certification body to visit the
Planning 4.3.1 Hazard identification, risk assessment workplace of your employees, including any field
and determining controls
4.3.2 Legal and other requirements activities where employees are away form the main
4.3.3 Objectives and programme(s) premises, to ensure that they are implementing the
system and applying effective controls. The scope
Implementation and 4.4.1 Resources, roles, responsibility,
operation accountability and authority should not attempt to exclude an activity or part of a
4.4.2 Competence, training and awareness process on the grounds of riskiness, that are essential
4.4.3 Communication, participation and
to the operation of the organisation as a whole. Where
consultation
4.4.4 Documentation a part of an organisation is excluded from the scope of
4.4.5 Control of documents its OH&S management system, the organisation should
4.4.6 Operational control
4.4.7 Emergency preparedness be able to justify the exclusion. Orgnaisations should
and response be aware that exclusion from ‘scope’ does not exclude
continuing to meet legal requirements.
Checking 4.5.1 Performance measurement and
monitoring
4.5.2 Evaluation of compliance 4.2 Occupational Health & Safety Policy
4.5.3 Incident investigation, nonconformity,
corrective action and preventive action
Based on the identified significant risks (see below),
4.5.4 Control of records
4.5.5 Internal audit the organisation’s top management shall define and
document the Occupational Health & Safety Policy. This
is currently a legal requirement for organisations with
Review 4.6 Management Review
more than 5 staff.
4.3.1 Planning for Hazard Identification, Risk The model below shows how the hazard identification/
Assessment and Risk Control risk assessment process feeds into other elements of
the OH&S management system. Once the significant
Hazard identification and the assessment of significance hazards and risks have been identified it is possible to:
other requirements and for deciding whether they
■■ Create a relevant Occupational Health & Safety are applicable or not;
Policy; ■■ Key requirements are communicated to those that
■■ Set objectives and targets to improve performance need to know; and
and/or reduce risk; ■■ There are periodic reviews to capture changes.
■■ Determine where operational controls/procedures
are needed to manage risks; The organisation should have some means to prove
■■ Determine where specific training may be required; that they have identified applicable compliance
■■ Identify relevant legislation. requirements. This could be some form of “register”.
ASPECTS ■■ Specific
EVALUATION ■■ Measurable
■■ Achievable
■■ Relevant
■■ Time-bound
The organisation must have a process for developing, Some activities which are normally considered as
distributing, controlling and maintaining OH&S insignificant can become significant risk exposures
management system documentation. when operating under abnormal conditions or in the
event of an accident or emergency. The organisation
Is there a procedure to control documents and does it must be prepared for any such situations that are
ensure that they are: reasonably foreseeable. A typical example of an
■■ identifiable, reviewed, authorised and revised as abnormal situation would be operations occurring
necessary? during maintenance or shutdown. Controls must
■■ include responsibility for creation/revision? include part time and subcontractor workers.
■■ of the current revision at the operating location?
■■ removed if obsolete or otherwise marked to show ■■ Records may also include items like:
status? ■■ Permits to Work;
■■ legible, dated, well ordered and retained for a ■■ Records of inspections;
specific period? ■■ Audit records;
■■ Records of task observations.
4.4.6 Operational Control
4.5.2 (4.5.2.1 and 4.5.2.2) This Section of OHSAS 18001 requires the organisation
The organisation should define its processes take action to avoid repetition – corrective action.
evaluations. This area is commonly misunderstood – it There also needs to be a mechanism for identifying and
is not the identification of legal requirements that is eliminating potential problems – preventive action.
applicable legal requirements are being complied with commensurate with the hazards and risks encountered.
by the business. As stated this is usually completed The organisation must seek to resolve root causes,
rather than just treating symptoms. Changes as a
result of action taken must be reflected in procedures. ■■ OH&S meetings minutes.
■■ Medical reports and health surveillance records.
Records of nonconformities, corrective and preventive ■■ PPE issue and maintenance records.
actions must be maintained and could should include: ■■ Management reviews.
■■ Hazard identification, risk assessment and risk
■■ A description of the actual or potential control records.
nonconformities (i.e. an accident/incident reporting ■■ The corrective actions taken to eliminate the causes
form).
of actual and potential nonconformities.
■■ Causes of nonconformities.
■■ Any procedural changes implemented and
■■ The actions taken to eliminate the causes of actual
and potential nonconformities. documented as a result of nonconformities.
■■ Any procedural changes implemented and
documented as a result of nonconformities.
■■ Records of accident reports should be kept securely,
particularly since they often contain personal
data which must be protected. In cases where
compensation claims arise, the accident report may
4.5.5 Audit Check
be the most important part of a company’s defence.
Records of the organisation’s management reviews Driven by our purpose of safeguarding life, property
must be retained and documented in such a way to and the environment, DNV GL enables organizations
demonstrate conformance with the standard which to advance the safety and sustainability of their
states that input to management reviews shall include: business. DNV GL is a leading provider of classification,
certification, verification and training services. With
a. results of internal audits and evaluations of our origins stretching back to 1864, our reach today
compliance with applicable legal requirements and is global. Operating in more than 100 countries,
with other requirements to which the organisation our 16,000 professionals are dedicated to helping
subscribes; our customers make the world safer, smarter and
b. the results of participation and consultation (see greener. As a world-leading certification body, DNV
4.4.3); GL helps businesses assure the performance of their
c. relevant communication(s) from external interested organizations, products, people, facilities and supply
parties, including complaints;
chains through certification, verification, assessment,
d. the OH&S performance of the organisation;
and training services. We also deliver deep insight and
e. the extent to which objectives have been met;
pragmatic support to major companies enabling them
f. status of incident investigations, corrective actions
to build effective sustainability strategies. Partnering
and preventive actions;
g. follow-up actions from previous management with our customers, we build sustainable business
reviews; performance and create stakeholder trust.
h. changing circumstances, including developments in
legal and other requirements related to OH&S; and For more information please do not hesitate to
i. recommendations for improvement. contact us.
www.dnvgl.co.uk/assurance