Professional Documents
Culture Documents
CONTENTS
Introduction ................................................................................................................................ 4
Key figures for Great Britain (2016) ................................................................................... 4
About Ideagen ............................................................................................................................ 5
About ISO 45001 and OHSAS 18001 ................................................................................. 6
The PDCA Logic of ISO 45001 ....................................................................................... 7
How to Conform to ISO 45001 with Ideagen Products ............................................. 8
Q-Pulse ......................................................................................................................................... 8
Q-Pulse Risk ................................................................................................................................. 8
Q-Pulse Reporting and Incident Management ........................................................... 9
Using Q-Pulse Document Control to create an OH&S Risk Register ..................... 10
Using Coruson ........................................................................................................................... 11
Using Ideagen Academy to Educate Staff about ISO 45001 .................................. 12
Conclusions and Recommendations ................................................................................ 12
2
Ideagen | WHITE PAPER
Often, when we’re tired and distracted, the only thing that can save us is our
good habits.
Total Safety Culture, p58. Dr. Tim Marsh; Ryder Marsh, 2014
An organization is responsible for the health and safety of its workers and
that of other persons under its control who are performing work on its behalf,
including promoting and protecting their physical and mental health. The
adoption of an occupational health and safety (OH&S) management system is
intended to enable an organization to improve its OH&S performance in the
enhancement of health and safety at work and to manage its OH&S risks.
3
Ideagen | WHITE PAPER
INTRODUCTION
Although some countries have improved their industrial safety performance through legislative, regulatory and
cultural change over the past three decades, the issue of work-related injuries and diseases is globally substantial
and growing, damaging the lives of individuals and families, damaging companies and blighting economies.
To recognise and tackle this issue, ISO is in the final stages of developing a new standard named ISO 45001:
Occupational health and safety management systems – Requirements with guidance for use.
There is clearly a need for a global standard. Writing in his 2014 book, Total Safety Culture, Dr. Tim Marsh notes
that, “Here in the UK we have reached a level where, despite a population of around 60 million, deaths from
accidents at work are currently running at fewer than 200 per year. In 1974 when the Health and Safety at Work Act
was introduced it was 650 and back in 1910 it was around 12,000.” Legislative, regulatory and cultural change along
with a changing industrial profile has made places like the UK safer to live and work in, but of course 137 deaths is
137 too many. And globally, the ILO statistics indicate that in some places the level of OH&S risk maturity is closer
to 1910 than 2017.
www.hse.gov.uk/statistics/
other injuries to employees injuries occurred at work working days lost due to estimated cost of injuries
reported under RIDDOR according to the Labour work-related illness and and ill health from current
Force Survey workplace injury working conditions (2014/15)
Globally: (according to ILO, World Day for Safety and Health at Work, 2017)
Work related accidents Work-related fatal Occupation and work- Work-related deaths Lost GDP due to
causing injury accidents related fatal diseases occupational accidents
and diseases
ISO 45001 will be the world’s first international OH&S standard and will help organisations everywhere to protect
their employees and the public, provide safer working environments, prevent deaths, injuries and diseases while
at the same time participating in supply chains, mitigating broader risks, safeguarding reputation and improving
efficiency and productivity. By implementing ISO 45001, companies will become more transparent, accountable
and resilient. Management will have better situational awareness and the operational intelligence that is necessary
for the organisation to thrive.
4
Ideagen | WHITE PAPER
About Ideagen
Ideagen is a leader in the development and provision of risk and safety management software solutions for
aviation, aerospace and defence and advanced manufacturing companies. We work closely with compliance,
quality, safety and risk industry professionals around the world and we know many of our customers are keen to
adopt ISO 45001.
Our view is that ISO 45001 will make a material difference to the health and safety performance of any
organisation that adopts it and internalises its intrinsic methodology. But not only that, our understanding of ISO
45001 coupled with our experience of similar standards including ISO 9001 and ISO 14001 makes it evident to us
that those organisations that embrace it will also benefit indirectly in terms of:
▪▪ Operational excellence;
▪▪ A culture of reporting, learning and sharing;
▪▪ A stronger brand and reputation;
▪▪ A substantial reduction in problems, undesirable events and failures of every type;
▪▪ Increased business resilience (deriving in part from an improved safety culture that drives risk awareness).
In this paper we indicate some of the ways in which Ideagen’s quality, safety and risk software products can help you:
▪▪ Achieve and demonstrate compliance with any standard, including ISO 45001, using Statements of
Applicability;
▪▪ To use the document control system in Q-Pulse or Coruson to implement risk-based policies and procedures
and then control these using the reporting system;
▪▪ Apply highly visual risk assessments to events using the Q-Pulse or Coruson Incident Management and
Investigation System (IMS);
▪▪ Fully implement a risk-based approach to OH&S management using the risk modelling and management
capabilities of Q-Pulse Risk or Coruson.
▪▪ Integrate your audit activities and incident management information with risk models.
5
Ideagen | WHITE PAPER
ISO 45001 reflects ISO’s new High Level Structure (HLS) which covers ten standard clauses:
Clause 1 - Scope
Clause 5 - Leadership
Clause 6 - Planning
Clause 7 - Support
Clause 8 - Operation
Clause 10 - Improvement
As a result, it is designed to integrate with other management systems and the standardised approach makes it
easier for organisations to adopt and implement and for senior management to get on board. Above all, perhaps,
it will be easier to manage compliance with a system that already has its basic structure reflected in existing
business processes. That is, if you have already implemented ISO 9001:2015 or 14001:2015, then it will be relatively
straightforward to implement 45001.
More flexibility around the documentation and structuring of the management system, for example in the
requirement for information rather than procedures. Similarly, since the overall purpose of the standard is
preventive there is no requirement to state specific preventive activities.
The focus on organisational context (clause 4), including internal and external issues and stakeholder needs.
This finds its highest expression in the requirement for leadership involvement and grass-roots participation
throughout the organisation.
The emphasis of risk-basis, like ISO 9001:2015, puts greater emphasis on risk modelling and hazard and
opportunity identification at the planning stage (6.1), control management (8.1), change management (8.2)
and the risky business of outsourcing and supplier management (8.3-5).
6
Ideagen | WHITE PAPER
The diagram below shows how the improvement cycle works within the OH&S management system with the
standard HLS clauses noted in brackets.
INSTRUCTED
DS OF PAR
NEE TIE
S
PERFORMANCE
EVALUATION
DO CHECK
RED
IMP CED INJURY & ILLN CE
EXTERNALL ISSUES
INTERNAL ISSUES
U
ROVED
PARTICIPATION
SUPPORT &
PERFORMA
& IMPROVEMENT
OPERATIONS
LEADERSHIP
N
ESS
PLAN ACT
PLANNING
CO N
NTE
XT OF ISATIO
THE ORGAN
Planning is central to the OH&S management system and starts with understanding the organisational context
and the needs of interested parties (4.1 & 4.2), which are then used to scope the business processes (4.3 & 4.4).
Successful implementation relies on leadership commitment to focus the entire organisation on developing a
strong safety culture (5.1, 5.2 & 5.3).
The next level of planning brings risk basis into the standard. This is a key difference from OHSAS 18001 and
reflects the emphasis on hazard and opportunity risk in ISO 9001:2015. (6.1, 6.2 & 6.3). The final planning level
focuses on the support structure for execution (7.1-5).
Doing, i.e. execution of the plan extends to all of the activities and processes required to implement the OH&S
management system, including safety operations (8.1), business change programme (8.2), outsourcing and
procurement (8.3-5) and emergency response processes (8.5).
ISO 45001 contains several elements aimed at checking and managing the performance and effectiveness of the
OH&S management system (9.1-3) including monitoring, measurement, internal audit and evaluation.
Act refers to the need to address problems identified in the check stage (10.1-2).
7
Ideagen | WHITE PAPER
Q-Pulse ®
Q-Pulse Risk
Both Q-Pulse Risk and Coruson (see below) provide the tools for you to create and view a Statement of Applicability
in relation to any standards that you need to comply with. In a risk-based OH&S Management System, risks related
to policies, procedures, assets, suppliers or other such entities within the system can be identified and their
associated threats, controls and consequences can be recorded and the risks managed throughout their complete
lifecycle.
In the case of ISO 45001, for example, specific controls can be linked to the Standard’s clauses and a detailed,
specific Statement of Applicability (SOA) can be generated. This allows you to demonstrate the extent of your
organisation’s conformance to the Standard at any given moment. For instance, in advance of an internal or
external audit you can provide the auditor with a copy of your Statement of Applicability in order that they can
quickly determine the extent of your compliance and also plan their audit to address the areas of highest current
and emerging risk.
The graphical visualisation features of Q-Pulse Risk help drive communication about risk and increase overall
adoption of the OH&S Management System:
▪▪ Widespread understanding of risk across the organisation – from the most junior to the most senior;
▪▪ Real time visibility of the organisation’s risk profile;
▪▪ Effective leadership oversight of all risks and the effectiveness of the controls in place;
▪▪ Instant understanding of the impact and extent of change to any controls;
▪▪ The sharing of lessons learned and best practice across the entire organisation.
Q-Pulse Risk uses the bowtie model to graphically illustrate a risk, including the undesirable events to be avoided,
the preventive and recovery controls that mitigate the business risk. When integrated with the Q-Pulse, the result is
a solution that supports dynamic risk management where controls are maintained in real time.
Rather than defining and managing risks inside documents in the Q-Pulse Documents Module, Q-Pulse Risk uses
risk registers where risks can be recorded, described and visualised in terms of the hazards or assets they relate
to and where undesirable events are represented as threats, consequences and controls. Leaders have ultimate
responsibility for effective risk management in any organisation: the new draft standard emphasises this. A risk-
based operating model delivers high performance people, processes and organisations and puts business critical
decision support information in front of management in near or real time.
8
Ideagen | WHITE PAPER
Flexible form builder for all kinds Flexible workflow modelling and Incident management and
of operational reporting response automation investigation features
To support a culture of leadership and learning, it is vital to foster open reporting procedures for all stakeholders:
free from punitive measures and prescriptive manual processes. The Q-Pulse Advanced Reporting capability acts
as a central focal point that ensures the effective capture of information, minimises the risk of data inaccuracy and
avoids duplication of reports and information. This approach generates a single version of the truth.
Q-Pulse Advanced Reporting has several features that increase the volume and quality (accuracy) of reporting,
notably:
In addition to a basic process management approach (described below), Advanced Reporting embeds risk
assessment and management into the operational reporting process. In responding to an incident, the reporting
module includes risk assessment and analysis tools that enable:
Next-steps guidance is also shown for consistent decision support across teams. Each risk can be assigned:
9
Ideagen | WHITE PAPER
can exist as a document within the repository. It can be created collaboratively, edited, approved, published,
distributed, reviewed and withdrawn. When new information becomes available that can strengthen a preventive
barrier, it simply becomes a matter of updating the control description in the relevant procedure document.
For example, you are the safety manager in an industrial plant. An undesirable event that you want to avoid is
someone falling from a height. You can model this undesirable event as a risk:
A fall is the failure you want to prevent. Preventive controls (barriers) are put in place that include:
▪▪ Safety briefings
▪▪ Planned maintenance
▪▪ Supervision
▪▪ Platform Safe-To-Work instructions
▪▪ Competent staff
A new member of staff is recruited and starts work without receiving a safety briefing. They subsequently use
a ladder on a slippery floor and are injured in a fall. What can then happen is that a safety manager (or any
employee) involved can raise a change request against the risk definition document: a preventive control needs to
be added (or strengthened) to the effect that a safety briefing must be delivered to a new staff member before s/
he is allowed onto that part of the plant. The respective document is then updated, reviewed, approved, published
and distributed. The organisation learns and quality and safety is improved.
This approach to risk documentation and management, using the Document Control module you already have in
your Q-Pulse installation, is one way that you can start to think about and align with the new ISO
45001 standard. You can experiment with it and roll it out across any part of the business: the risks can range from
slips and trips in the foyer to losing a major account to a competitor. The process is the same regardless of the
scale and context of the risk: define the failure, define the preventive controls, define the mitigations, document
these definitions and procedures and use the Q-Pulse Document Control, CAPA and Audit modules to manage all
of this.
▪▪ Lack of automation
▪▪ No graphical visibility of risk profiles
▪▪ Limited visibility of exposure to emerging risks
▪▪ No risk/control impact or relationships for change assessment
For example, supervisors and workers may use non-conformance reporting to report unsafe practices in working
at height and in a given month there may be many such reports but no actual incidents. In the case of a document-
based risk management system, this trend of emerging risk would not be visible. To make this emerging risk profile
visible requires a more powerful risk management capability such as that available in Q-Pulse Advanced Reporting,
Q-Pulse Risk or Coruson.
10
Ideagen | WHITE PAPER
Using Coruson
Ideagen Coruson is an enterprise risk-based safety management software product that comprises policy
management, incident management, safety reporting, audit and risk management. Built on Amazon Web Services,
Coruson has scalable cloud architecture and can be extended without limits to user numbers and geographical
location. It is always accessible through a modern browser and easy to roll out to new users.
Coruson delivers all of the functionality discussed above in relation to Q-Pulse and Q-Pulse Risk in a complete,
seamlessly integrated, cloud software application:
Policy and Procedure Audit Management Corrective/Preventive Action Incident Management and
repository with full Change (CA/PA) Management Reporting
Control
Investigation and Action Hazard Identification Risk Assurance and Dashboards, Analysis and
Tracking Management Management Business Intelligence
The tools are there when you need them and when you are ready, we will help you to get the maximum
transformational benefit regardless of what maturity stage your organisation is at.
As with Q-Pulse, Coruson is ready to respond to ISO 45001 via intelligent document management, intuitive
accurate reporting, risk modelling and management that ties into all the other functions, third party management
and real time analysis and insights for organisational leaders. Above all in this context of the risk-based model
intrinsic to ISO 45001, Coruson has been designed and built on the same basis. Coruson enables you to identify,
understand and manage risk throughout your organisation. Like Q-Pulse
Risk, Coruson uses the Bowtie Methodology to help you build graphical visualisations that help you to quantify,
prioritise and mitigate threats to the safety and wellbeing of personnel. Seamless integration with Coruson’s
performance management tools results in automatic alerts and workflow-driven escalations when thresholds and
risk controls are compromised. It is possible to track trends and keep on top of emerging risks to the business such
as correlated near misses or frequency of unsafe working practices.
11
Ideagen | WHITE PAPER
Once the standard is published, you can be sure that it will be captured and reflected in the training courses
and content available. You can also add your own content to support internal training needs and employee skill
development. Competence management can be aligned to business risk as well as operational needs.
The benefits of compliance with ISO 45001 include improved safety and wellbeing of staff and the public, reduced
costs associated with improved safety, better relationships with customers and suppliers and more efficient
business processes. The risk-based approach to compliance inherent in ISO 45001 adds significantly to this via the
anticipative, proactive attitude it engenders.
Ideagen’s safety, compliance, quality and risk management products Q-Pulse and Coruson offer a complete
solution to achieving ISO 45001 conformance. The approach and degree of process automation you choose can be
partial, stepped or complete. Whatever your choice, the Ideagen Customer Experience and Professional Services
teams are available to help you every step of the way.
12
Ideagen | WHITE PAPER
Review the ISO 45001 standard and identify the gaps in your OH&S management system that need to be
addressed for compliance with the new standard.
Create an action plan for implementation that includes senior stakeholders and representatives and champions
throughout the business.
Verify the effectiveness of your upgraded OH&S management system and consult with your certification body
regarding the 18001-45001 migration tasks, including any training and competence requirements.
It is likely that significant changes will be needed in your OH&S management system and this is where a software
solution like Q-Pulse or Coruson can be not just an enabler for the migration but also a long-term bulwark for
positive change and business process improvement. Some initial key tasks will include:
The biggest benefit of business process modernisation is felt in the long term as a result of the positive cultural
change that derives from:
Culture in many ways is what staff in your organisation do when you are not
watching them. It is values based and ethically driven. You can create ever
stronger processes and controls, but if your staff do not understand or buy in,
these will only be paper thin and will probably not stand up to scrutiny in a
future crisis.
Alex Hindson, former Chairman of IRM, writing in “The Risk Management Handbook,” KoganPage, 2016
13
Please contact Ideagen for advice about using
our software to help you to improve your OH&S
performance in a proactive manner, preventing
e : info@ideagen.com | w : ideagen.com
Copyright © 2017 Ideagen Plc. All rights reserved worldwide.