2015 © All rights reserved. NOSA (PTY) LTD Copyright in the literary, ortstic and other works capable of copyright protection contained within these material: vestsin NOSA (PTY) LTD. These meterias or any part thereof may not be reproduced, adapted. pubsshed, performed in pubic, broadest or transmitted in any form without the express permission of NOSA [PTY] LTD. Should you carry out any of these actions in relation to any of the works contained within these training materials without permission, you ‘may be lable for civil low copyright infingement os well as ciminal prosecution. Visit: www.nosa.co.za Fifth Edition (2016) @NOSA TY) LID. www.nosa.ce 20NOSA HSE MANAGEMENT SYSTEM INTRODUCTION 1. SCOPE... 2. NORMATIVE ELEMENTS AND INTERPRETATION ... 3. TERMS AND DEFINITIONS... 4. NOSA HSE MANAGEMENT SYSTEM PRINCIPLES (CMB001: 2003) AND REQUIREMENTS 4.1 GENERAL... 4.2 COMMITMENT AND HSE MANAGEMENT POLICY... 4.3 PLANNING OF NOSA HSE MANAGEMENT SYSTEM. 4.3.1 IDENTIFICATION OF HSE HAZARDS, RISK ASSESSMENT AND RISK CONTROL... 4.3.2 HSE LEGAL AND OTHER REQUIREMENTS 4.3.3 HSE MANAGEMENT OBJECTIVES AND TARGETS... 4.3.4 HSE MANAGEMENT PROGRAM(S). 4A IMPLEMENTATION AND OPERATION OF THE NOSA HSE MANAGEMENT SYSTEM 4.4.1 HSE STRUCTURE, ROLES, RESPONSIBILIY, ACCOUNTABILITY AND AUTHORITY. 4.4.2 HSE TRAINING, AWARENESS AND COMPETENCE i 4.4.3 HSE COMMUNICATION, PARTICIPATION AND CONSULTATION. 4.4.4 HSE DOCUMENTATION .... 4.4.5 HSE DOCUMENTATION CONTROL... 4.4.6 HSE OPERATIONAL CONTROL... 4.4.7 HSE EMERGENCY RESPONSE AND CONTROL 45 NOSAHSE MANAGEMENT SYSTEM EVALUATION AND CORRECTIVE ACTION 4.5.1 HSE PERFORMANCE MEASUREMENT AND MONITORING 4.5.2 EVALUATION OF COMPLIANCE... 4.5.3 HSE INCIDENTS, NON-CONFORMANCES, CORRECTIVE AND PREVENTIVE ACTION 15 4.5.4 CONTROL OF HSE RECORDS.. 4.8.5 HSE SYSTEM AUDIT. 4.6 HSE MANAGEMENT REVIEW. 4.6.1 HSE SYSTEM REVIEW ..NOSA HSE MANAGEMENT SYSTEM OUR VALUES We are committed to conducting our business in an ethical manner and support company values of honesty, integrity, respect and accountability. Given the industry in which we operate, we view ourselves as somewhat of a role model, and strive to uphold the highest standards of ethical conduct. NOSA has a highly competent and experienced staff complement, enabling the business, through exceptional service, to meet the growing needs of its client base, particularly given the increased pressure on companies to comply with occupational health, safety and environmental legislation FOREWORD The NOSA System standard for occupational safety and health has been in existence since 1951, from which date it has been used as an auditing tool. The newer occupational safety, health and environmental management system standard has been developed in response to ‘customer and market demand for an internationally-recognised HSE standard against which monagement systems can be assessed and graded. The NOSA HSE Management System standard is compatible with the ISO 9001:2008 and the 1SO 14001:2004 management systems standards as well as the OHSAS 18001:2007, and facilitates the integration of the above-mentioned systems as well as any other systems implemented in organisations. The NOSA HSE Management System standard will be reviewed ‘or amended when deemed appropriate. + 150 9001:2008 —Quaiity management systems Requirements * 150 14001:2004 —Environmental management systems Requirements with guidance for use * OHSAS 18001:2007 —Occupational Health and Satety management systems — Requirements This publication does not purport to include all necessary provisions of a contract. Users are responsible for its conect application. Compliance with this standard publication does not of itself confer any kind of exemption trom legal obligations.NOSA HSE MANAGEMENT SYSTEM, INTRODUCTION Organisations are increasingly concerned, as well as legally bound, to achieve and demonstrate sound safely, health and environmental performance by controlling the impacts of their activities, products and services on the health and safety of employees, contract workers, the community, and the environment. Increasingly stringent legisiation in the fields of safety, health and environmental management, the development of sustainability accounting Performance requirements, enterprise-wide risk management and other business performance measures all foster sound safety, health and environmental management. Many organisations have separate safety, health and environmental management systems or some combination of them. However, effective management of safety, health and environment cannot be achieved if such separate systems are not integrated and aligned towards a common goal. They need to be within a structured system, integrated within the ‘organisations’ overall management strategies, objectives, and goals. The NOSA HSE Management System standard provides organisations with the key principles of an effective HSE management system, which can be integrated with other social and economic, legal, or quality management requirements. The NOSA HSE System standard is applicable to all types and sizes of organisations with diverse geographical, cultural, legal and social conditions. The basis of the approach to the NOSA HSE ‘Management System is shown in Figure 1. in section 4.1. The success of the system depends on the commitment from al levels and functions of an organisation, and the integration of the system within other business management systems. The overall cim of the NOSA HSE Management System standard is to support safety, health and environmental management in balance with socio-economic, legal, and other business management requirements. HSE management encompasses a wide range of issues including those with strategic and competitive implications. This standard contains only those requirements that may be objectively audited for grading purposes and/or self-decloration purposes. Those organisations requiring more general and practical guidance on integrated NOSA HSE management system issues should refer to the NOSA HSE Management System Audit Guideline documents —the most widely used being the CMB253 and the CMBISON. The NOSA HSE standard establishes requirements of HSE performance within the scope of the commitment to complying with all appropriate HSE legislation, by-laws and regulations, and to principles and best practices of risk management. Thus, two organisations canying out similar activities but having different HSE risks ond HSE performance may both comply with requirements. In order to achieve HSE objectives, the NOSA HSE Management System standard ‘also encourages organisations to consider implementing the best available technology, where appropriate and economically viable. in addition, the cost of such technology must be fully taken info account. This standard shares common management system principles with the ISO 9000 and 14000 series, and OHSAS 18001 The NOSA HSE Management System is risk-based, which means compliance to requirements er se is not sufficient. In order to work properly, organisations must conduct a thorough baseline tisk assessment, upon which their systems are designed and implemented. 2 | nose eryNOSA HSE MANAGEMENT SYSTEM Compliance to the system, as well as overall effectiveness ought to be taken in consideration, in order to feed continuous updating of the organisations risk profile. In addition, any major changes in physical facilities/structures, machinery, inputs, products, and personnel also call for complementary HSE risk assessments. The ISO Guide 72, published in May 2001, states, “All new standards are no longer based upon the attainment of a prescribed level of performance but on the process based approach of continuous improvement.” In other words, since the year 2001, systems are required to be risk- based —that is the core of the process-based approach of continuous improvement concept. Aiming at aligning with such a concept, the most recent versions of ISO standards state, “This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financial management or risk management, However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. Its possible for an ‘organization to adapt its existing management system(s) in order fo establish a quality management system that complies with the requirements of this International Standard. (150 900/:2008, page Vil). (Standord ISO 14001:2004, also page VI, repeats the same paragraph.) In conclusion, the OHSAS 18001:2007 is very specific about establishing a risk-based system, “4.2. OH&S POLICY Top management shall define and authorise the organisation's HSE policy and ensure that within the defined scope of its HSE management system it: a) is appropriate to the nature and scale of the organization's HSE risks:". BNOSA (PTY) LID. www.nosa.cozo | 3NOSA HSE MANAGEMENT SYSTEM 1. SCOPE This NOSA System standard specifies requirements for an Occupational Safety, Health and Environmental (HSE) management system. The aim is to enable organisations to control their ‘eccupational HSE risks and improve their overall performance. The NOSA HSE Management System standard applies to those occupational HSE hazards that organisations can control and over which they can be expected to have influence. The NOSA HSE Management System standard enables organisations to: a) establish, approve and maintain HSE management systems; b) eliminate or minimise tisk to everyone that may be exposed fo the HSE hazards of business activities: ¢) develop, maintain and enforce a HSE management policy: and 4d) demonstrate to interested and affected parties —all stakeholders —that policies, procedures and practices are in conformity with the requirements of this standard. Al the requirements in this standard ore intended to be incorporated into any company business management system. The extent of the application will depend on such factors as the business risk management policy, strategy of the organisation, the nature and scope of its activities and the complexity of its operations. This standard is intended to address occupational Safety, Health and Environment rather than product and services safely. The requirements of this standard apply universally in terms of any industry sector, size of company and geographic location. 2. NORMATIVE ELEMENTS AND INTERPRETATION The organisation shall comply with national and other applicable local legislation, other Fequirements to which the organisation subscribes, and this standard. When national and other applicable legislation, other requirements to which the company subscribes, and this standard address the same issue, the most stringent provision shall apply. 3. TERMS AND DEFINITIONS Accident: Undesired event giving rise to death, ill health, injury. damage or other forms of loss. Audit: A systematic and, wherever possible, independent examination to determine whether activities and related results conform to planned arrangements, and whether these arrangements are implemented effectively and are suitable to achieve the organisation's policy and objectives. Continual improvement: Recurring process of enhancing the HSE management system in order to achieve improvements in overall business performance. in line with the organisation's HSE policy and updated risk profile. 4 | BNOSA (PTY) LTD. wuw.nosa.coz0NOSA HSE MANAGEMENT SYSTEM Document control: Procedure|s) for ensuring effective management of all system registers and documents (information and their supporting media) Environment: Surroundings in which an organisation operates; this includes the natural environment (air, sol, water, natural resources, fauna and flora) and the community (humans, their interactions and social, cultural, economic and bodily well-being). Surroundings in this context extend from within an organisation to the global system. Hazard: Source or situation with a potential for harm in terms of injury or ilshealth at the workplace and/or in the environment and community. Hazard identification: Process of recognising that a hazard exists and defining its characteristics Incident: Undesired but caused event that has the potential fo lead to an accident or harm to people or the environment, _ Note: The term “incident” therefore includes accidents, no-loss incidents called “near-misses” and any event that causes or has the potential to cause harm to people or environment, Non-conformance: Any deviation from physical conditions, work standards, practices, procedures, regulations, management system performance etc., which may either directly or indirectly lead to injury or illness, property damage, damage to the workplace environment, ‘or a combination of these. Objectives: Medium- and long-term accomplishments, in terms of HSE performance, which an ‘organisation sets itself to achieve Occupational safety, health and environment: Conditions and factors that may affect the health and/or well-being of employees, temporary workers, contractor personnel, visitors and ‘any other person in the workplace and their environment. Organisation: Company, operation, firm, enterprise, institution or association, or part thereof, whether incorporated or not, public or private, that has its own functions and administration. Performance: Measurable results of the HSE management system, related to the organisation's control of safety, health and environmental risks, based on its HSE policy and objectives. Risk: Combination of the likelihood of an occurrence of a hazordous event or exposure(s) and the severity of injury or il health that can be caused by the event or exposure(s}. Risk assessment: Process of evaluating the risk(s) arising from a hazard(s). taking into account the adequacy of any existing controls, and deciding whether or not the risk(s) is acceptable. Safety: Freedom from unacceptable risk of harm (ISO/IEC Guide 21) HSE management policy: Statement of intent for HSE status improvement through the HSE management system,NOSA HSE MANAGEMENT SYSTEM HSE management program: The action plan(s) required to manage the achievement of HSE targets. HSE management system: That part of the overall management system that facilitates the Management of the HSE risks associated with the business of the organisation, _ Note: The HSE management system includes the organisational structure, planning activities, | ‘and responsibilities, accountabilities, practice, proc es for developing, ‘implementing, achieving, reviewing and maintaining the organisation's HSE policy. Stakeholder: individuals or groups concerned with or affected by the HSE performance of an organisation. Target: Short-term accomplishments, set and included in a yearly plan (program), executed and monitored, which contribute to the organisation achieving their objectives. 4. NOSA HSE MANAGEMENT SYSTEM PRINCIPLES (CMBO01: 2003) AND REQUIREMENTS 4.1 GENERAL The organisation shall establish, document, implement, maintain, and continually improve the NOSA HSE management system by complying with requirements included in this section. There are a number Crt of principles that make up the NOSA HSE Management System. These principles are shown in Figure 01 The organisation shall also determine how it will fulfil such requirements, as well as define and document the scope of the NOSA HSE ee Management System. Figue 01: flements of he NOSA HSE management sysem 4.2 COMMITMENT AND HSE MANAGEMENT POLICY ‘CORPORATE STANDARDS HSE HAZARD IDENTIFICATION. RISK "ASSESSMENT AND RISK CONTROL SP ANSE eno. [BUSINESS RISK MANAGEMENT IDENTIFICATION OF ROLE PLAYERS STRATEGY AND/OR SYSTEM 'AND ELECTION OF COMMITTEE Figure 02: Input in the formulation of HSE Management PolicyNOSA HSE MANAGEMENT SYSTEM ‘Top management shall formulate, approve and authorise a HSE management policy that: a) is appropriate to the nature and scale of the organisations HSE risks and impacts; b) is cligned with the HSE hazard identification and risk assessment outcomes: ¢)_ includes a commitment to continual improvement of the HSE system; 4) includes a commitment to comply as a minimum with curent applicable legislation, regulations and other requirements to which the organisati e) includes explicit commitment to prevent: 0 injuries: ©. ilkhealth; and © pollution; f) provides a framework for setting and reviewing HSE objectives and targets; 8) is documented, implemented, maintained and communicated to all employees, contractors, other service providers, and visitors; h) is available to all interested and affected parties; and 1) Is reviewed periodically to remain relevant and appropriate to the organisations HSE risks, 4.3 PLANNING OF NOSA HSE MANAGEMENT SYSTEM Perce igure 03: inputs for planning the NOSA HSE Management System 4.3.1 IDENTIFICATION OF HSE HAZARDS, RISK ASSESSMENT AND RISK CONTROL The organisation shall establish and maintain procedure(s) for the ongoing systematic identification of HSE hazards, the assessment of the risks and the determination of allnecessary control measures to be implemented, The organisation shall consider all its activities, products and services that may impact HSE. in order to control them, taking into account which of them it is expected to have an influence. These shail include: * routine, non-routine and emergency activities: * activities of all persons having access to the workplace (including sub-contractors and visitors); * human behaviour, capabilities and other human factors @NOSA [PTY] LID. www.nosa.co.NOSA HSE MANAGEMENT SYSTEM * identified hazards originating outside the workplace copable of adversely affecting the health and safety of persons under the control of the organisation within the workplace; ‘+ hazards created in the vicinity of the workplace by work-related activities under the control of the organisation; ‘* ony applicable legal obligations relating to risk assessment and implementation of necessary controls, as organisations can be subject to legal requirements for the health and safety of persons beyond the immediate workplace, or who are exposed to the workplace activities: * all faciities, inftastucture, equipment and materials at the workplace, whether provided by the organisation or others: + community and social factors; ‘+ new projects and development: ‘* changes or proposed changes and additions or proposed additions (both intemal nd external), to the organisation, its activities, or materials; ‘+ modifications and/or updating to the NOSA HSE Management System, as adopted ‘and implemented by the organisation, including temporary changes, and their impacts on operations, processes, and activities; and + the design of work creas, processes, installations, machinery/equipment, operating Procedures and work organisation, including their adaptation to human capabitities. The organisations methodology for HSE hazard identification and risk assessment shall: ‘+ be defined with respect to its scope, nature, timing and review; ‘+ clearly indicate the involvement of role players from all levels and functions of the ‘organisation; * provide for the identification, class ation, prioritisation and documentation of risks, ‘and determination and application of appropriate control measures: + take into consideration all operational risks that may have impact on HSE; * provide input into the determination of facility requirements, including identification of training needs and/or development of operational controls; ‘+ provide for the monitoring of required actions to ensure both the effectiveness and timeliness of their implementation. The organisation shall ensure that the results of these assessments and the effects of these Controls be considered when setting its HSE management abjectives and torgets. The organisation shall record this information and keep it up to date. Where applicable, the organisation shall communicate to all employees and affected parties the HSE hazards to which they may be exposed in the workplace and/or the environment, due to the nature of the organisations operations. (PIV) LTO. weww.nosa.coz0NOSA HSE MANAGEMENT SYSTEM M: For the management of change, the organisation shall identify the HSE hazards and HSE risks associated with changes in the organisation, the comespondent HSE NOSA Management System applicable elements, oF its activities, prior to the introduction of such changes. The organisation shail ensure that the results of these assessments are considered when determining and applying controls. Dt When determining controls, or considering changes to existing controls, consideration shall be aiven to reducing the risks according to the following hierarchy, in the light of the ILO Convention 176, arlicle 6: 1), elimination: 2) substitution; 3} engineering controls; 4) signage/wamnings and/or administrative controls 5} personal protective equioment. The organisation shall document and keep the results of identification of hazards, risk assessments and determined controls up-to-date. The organisation shall ensure that the HSE "sks ond determined controls ore taken into aecount when estabishing, implementing and Maintaining its HSE management system, 4.3.2 HSE LEGAL AND OTHER REQUIREMENTS The organisation shall establish and maintain a procedure for: a) identifying; b) accessing; and ¢)_ interpreting the legal and other applicable requirements, to ensure effective HSE management and continual improvement of the system. The organisation shall: 1) keep this information recorded and up to date: 2]_ communicate relevant information on legal and other requirements to employees ‘nd other relevant interested parties; 3) designate responsibiity and authority for full compliance to the legal and other feauirements at relevant functions and levels of the organisation; and 4) make it clear to all management and staff that legal compliance is the minimum standard —the risk profile must be used as the guide for further adaion of requirements and standards. 4.3.3 HSE MANAGEMENT OBJECTIVES AND TARGETS The organisation shall establish and maintain documented HSE objectives and targets, at each ‘elevant function and level within the organisation. Objectives should be quantified wherever practicable. BNOSA (PTY) LID. wwww.nosa.coza | 9NOSA HSE MANAGEMENT SYSTEM When establishing and reviewing their HSE objectives and targets, organisations shall consider: a) legal and other requirements; b) HSE risks; ¢) technological options; and d) financial, operational and business practicalities. They shall also consider the views of interested and affected parties —all stakeholders. The objectives and targets shall be consistent with the HSE policy, including the commitment to continual improvement. 4.3.4 HSE MANAGEMENT PROGRAMS) The organisation shall establish and maintain a HSE management program or programs for achieving its objectives and targets. This shall include documentation of: a) the designated responsibility and authority for achieving the objectives and targets ‘at relevant functions and levels of the organisation; and b) the means and time frame within which objectives are to be achieved. The HSE management program(s) shall be reviewed and approved by top management at regular and planned intervals, New development or modified activities, products or services shall be accompanied with program(s) or amended program(s) that are related and relevant. The organisation shall communicate to all employees (own and contractors) and affected parties, where applicable, the objectives and targets that may be affected by their activities, to make them aware of and ensure compliance with the HSE policy. 4.4 IMPLEMENTATION AND OPERATION OF THE NOSA HSE MANAGEMENT SYSTEM Figure 04: inputs for implementation and Operation othe NOSA HSE Management System 4.4.1 HSE STRUCTURE, ROLES, RESPONSIBILITY, ACCOUNTABILITY AND AUTHORITY The organisation shall define, document and communicate roles, responsiilties, accountabilities, and authorities for effective HSE management. Top management shall fake ultimate responsibilty for HSE and the NOSA HSE Management System. 10 | @NOSA (PTY) LID. www.nosa.co.zaNOSA HSE MANAGEMENT SYSTEM Top management shall demonstrate its commitment by: a) ensuring the availabilty of resources essential to establish, implement, maintain, control and improve the NOSA HSE Management System: b) defining roles, allocating responsibiities and accountabilities, and delegating authorities, to facilitate effective HSE management: roles, responsibilities, accountabilities, and authorities shall be documented and communicated. Management shall also provide such resources, essential to the implementation and control of the HSE management system. Resources include human resources, organisational infrastructure, specialised skils, technology and financial resources. The organisations top management shall formally appoint one or more specific management representatives that, iespective of other responsibilities, shall have defined roles, responsibilities and enough authority for ensuring that: a) HSE management system requirements are established, implemented and maintained in accordance with this standard: b) regular reports on the performance of the NOSA HSE Management System are presented to top management for review and; ©) all workforce and community are adequately represented by HSE representatives on the HSE management committee. 4.4.2 HSE TRAINING, AWARENESS AND COMPETENC! The organisation shall ensure that personnel be competent to perform tasks that may impact HSE in the workplace. Competence shall be defined in terms of appropriate education, training/refreshing, and/or experience. The organisation shail identity, document and review HSE training needs on an ongoing basis All personnel whose work may create a tisk to HSE system performance shall receive appropriate training, The organisation shal review and record the suitability and effectiveness of the training program on a regular bass. The organisation shall establish and maintain procedures to ensure that its employees working at each relevant function and level are aware of: the importance of conformance to the HSE management policy and procedures, and fo the requirements of the HSE management system: © their roles and responsibilities in achieving such conformance; * the potential consequences of departure from the HSE policy and procedures and requirements of the HSE system; * the significant HSE hazards to which they are exposed: * the potential consequences of departure from specified operating procedures: * the emergency preparedness and response requirements. Personnel performing tasks that con pose significant HSE risks shall be competent on the basis of appropriate education, training/refreshing and/or experience.NOSA HSE MANAGEMENT SYSTEM Training procedures shall take info account differing levels of: © tisk: and * responsibility, accountability, ability and literacy. 4.4.3 HSE COMMUNICATION, PARTICIPATION AND CONSULTATION 4.4.3.1 COMMUNICATION Taking info account its identified hazards, assessed risks, and the NOSA HSE Management System adopted, the organisation shall establish, implement and maintain procedures f a) internal communication among the various levels and functions of the organisation; b) communication with all contractors and other service providers, ond visitors to the organisation; ©) receiving, documenting and responding to relevant communication from external interested and affected parties. The organisation shall consider processes for external communication on its significant HSE hazards and record the decisions. 4.4.3.2 PARTICIPATION AND CONSULTATION The organisation shall establish, implement and maintain procedures so that employees shall be: * involved and shail actively participate in hazard identification, risk assessment and determination of control measures: * involved in the development and review of policies and procedures to manage HSE tisk ‘+ informed of the HSE hazards and risks they are exposed to or have an influence over; ‘+ _ involved in incident investigation teams, whenever appropriate: + consulted where there are any changes that affect workplace and environment; ‘* represented on HSE-related matters; and ‘+ _ informed with regards to who their workplace HSE representative(s) and specified management appointees (see 4.3.1) are. 4.4.4 HSE DOCUMENTATION The organisation shall establish and maintain information, in a suitable medium, such as paper or electronic form, containing: Q) the HSE policy and objectives; b) description and scope of the NOSA HSE Management System; ¢) descripti n of the core elements of the management system and their interaction; 4) documents, including records, required by this specification standard; €} documents, including records, determined by the organisation to be necessary to ensure the effective planning, operation and control of processes that relate to the management of its HSE risks; f)__ provision for direction to related documentation, 12 | ®NOSA [PTY) LID. www nosa.co.z0NOSA HSE MANAGEMENT SYSTEM 4.4.5 HSE DOCUMENTATION CONTROL The organisation shall establish and maintain procedures for controlling all documents and data required by this standard specification to ensure that: 9} they can be located: b) they are periodically reviewed, revised as necessary and approved for adequacy by authorised personnel; €) current versions of relevant documents and data are available at all locations where operations essential to the effective functioning of the HSE management system are performed: @) documents of external origin determined by the organisation to be necessary for the planning and operation of the HSE management system are identified and their distribution controlled: @) obsolete documents and data are promptly removed from all points of issue and points of use: f) should obsolete documents be deemed retainable for ony purpose, by management, they be suitably and visibly identified in order fo prevent their unintended use; and 9) archival documents and data retained for legal or knowledge preservation Purposes, or both, are suitably identified. All documentation shall be legible, dated and readily identifiable, maintained in an orderly manner and retained for a specific period. Procedures and responsibilities shall be established and maintained conceming the creation and modification of the various types of documents. 4.4.6 HSE OPERATIONAL CONTROL The organisation shall identify the risks associated with operations and activities in order to plan, implement and maintain control measures. The organisation shall schedule these activities, including maintenance, aiming at ensuring that they are carried out under specified conditions, by: @) establishing and maintaining documented procedures to cover situations where their absence might lead to deviations from the HSE policy, objectives and targets; b} stipulating operating criteria in the procedures; ¢}_ establishing and maintaining procedures related to the identified significant HSE risks to goods, equipment and services purchased, used, or produced by the organisation; d)_ communicating relevant procedures and requirements to suppliers and contractors; €|_ establishing and maintaining procedures for the design of workplaces, processes, installations, machinery, operating procedures and work organisation, including their adaptation to human capabilities, in order to eliminate or minimise HSE risks at their source. @NOSA [PTY] LID. www.nosa.co.za | 13NOSA HSE MANAGEMENT SYSTEM 4.4.7 HSE EMERGENCY RESPONSE AND CONTROL The organisation shall establish and maintain plans and procedures to: ©) identify the potential for, and responses to, incidents and emergency situations: and b) prevent and mitigate the likely injury, illness, damage, and loss that may be associated with them. The organisation shall communicate the plans and procedures to all employees and interested and affected parties, where applicable. The procedure(s) shall include the periodic testing and planned maintenance of all emergency equipment for effectiveness. The orgonisation shall periodically review its emergency preparedness, response and contingency plans. procedures and risk assessment. in particular affer the occurrence of incidents or emergency situations. The organisation shall also periodically test such procedures where practicable. The organisation shall correlate ond cross-reference documentation, such as inspection registers, incident investigation reports, internal and external audits reports, government agencies citations, etc.,.and use the information thereot to update its risk profile. 4.5 NOSA HSE MANAGEMENT SYSTEM EVALUATION AND CORRECTIVE ACTION __NON-CONFORMANCE Figure 05: HSE Management Checking and Corrective Action 4.5.1 HSE PERFORMANCE MEASUREMENT AND MONITORING The organisation shall establish and maintain documented procedures to monitor and measure HSE management performance on a regular basis. These procedures shall provide for: @) both qualitative and quantitative measures, appropriate and commensurate fo the needs of the organisation: b}_ monitoring of the extent to which the organisation's HSE management objectives ond targets are met; ¢}_ proactive measures of performance that monitor compliance with the NOSA HSE Management program, operational criteria. applicable legislation and regulatory requirements; d) reactive measures of performance to monitor incidents (including near-misses} and other historical evidence of deficient HSE management performance, aimi preventing their reoccurrence: at 14 | @NOsA [PTY) LID. www.nosa.cozaNOSA HSE MANAGEMENT SYSTEM e) recording of data and results of monitoring and measurement sufficient to facilitate subsequent corrective ond preventive action analysis; f) periodically evaluating compliance with relevant legislation and regulations; and g}_ monitoring the effectiveness of all HSE proactive and reactive control measures, thus ensuring they are appropriate and commensurate. If monitoring equipment is required for performance measurement and monitoring, the ‘organisation shall establish and maintain procedures for the calibration and maintenance of such equipment. Records of calibration and maintenance activities and resuits shall be retained according to the organisation's procedures. 4.5.2 EVALUATION OF COMPLIANCE 45.2.1 Consistent with its commitment to compliance, the organisation shall establish, implement and maintain a procedure(s) for periodically evaivating compliance with applicable legal requirements (see 4.3.2). The organisation shall keep records of the results of the periodic evaluations. | __ Note: The frequency of periodic evaluation may 4.2.2 The organisation shall evaluate compliance with other requirements to which it subscribes (see 4.3.2). The organisation may wish to combine this evaluation with the evaluation of legal compliance referred to in 4.5.2.1 or to establish a separate procedure(s). The organisation shall keep records of the results of the periodic evaluations. PREVENTIVE ACTION The organisation shall establish and maintain procedures for defining responsibility and authority for the handling and investigation of incidents and non-conformities: 4.5.3.1 Incident investigation: The organisation shall establish, implement and maintain o procedure(s) to deal with, Le. record, investigate. and analyse actual and potential incidents, and take corrective and preventive action, in order to: ©) determine underlying HSE deficiencies and other factors that might be causing or contributing to their occurrence; b) bearin mind that reoccurrence of incidents is not acceptable: Cc) investigate incidents to find out facts and root causes; ) identify the need for corrective action, including the mitigation of present and future environmental impacts ©) identify opportunities for preventive action; f) identify opportunities for continual improvement; g) communicate the results of such investigations. ®NOSA [PIY] LID. www.nosa.coze | 18NOSA HSE MANAGEMENT SYSTEM The investigations shall be performed in a timely manner. Any identified need for corrective action or opportunities for preventive action shall be dealt with in accordance with the relevant parts of 4.5.3.2. The results of incident investigations shall be documented ond maintained and the ‘organisation's risk profile updated accordingly. 4.5.3.2 NON-CONFORMITY, CORRECTIVE ACTION AND PREVENTIVE ACTION The organisation shall establish, implement and maintain a procedure(s) for dealing with actual and potential non-conformity(ies] and for taking corrective action and preventive action. The procedure(s) shall define requirements for: «identifying and correcting non-conformity(ies) and taking action(s} to mitigate thei HSE consequences: * investigating non-contormity(ies). determining their cause(s} and taking actions in order to avoid their reoccurrence; * evaluating the need for action(s) to prevent non-conformity ies) and implementing ‘appropriate actions designed to avoid their occurrence; + recording and communicating the results of corrective action(s) and preventive action(s) taken; ond ‘+ reviewing the effectiveness of corrective action(s) and preventive action(s) taken Where the corrective action and preventive action identifies new or changed hazards or the need for new or changed controls, the procedure shall require that the proposed actions shall bbe token through a risk assessment prior to implementation. Any corrective or preventive action taken to eliminate the causes of actual and potential non- conformances shall be appropriate to the magnitude of problems and commensurate with the HSE risks encountered and assessed, The organisation shall implement and record any changes in the documented procedures resulting from corrective and preventive action. 4.5.4 CONTROL OF HSE RECORDS The organisation shall establish and maintain procedures for the identification, maintenance and disposition of HSE related records, as well as the results of audits and reviews. HSE-related records shall be legible, identifiable and traceable, and maintained in such a way that they are readily retrievable and protected against damage, deterioration or loss. Their retention times shall be established and recorded. Legal requirements regarding filing and archiving shall be complied with. Records shall be maintained, as appropriate to the system and to the organisation, to demonstrate conformance with this standard specification. 16 | @NOSA (PTY) LID. wowneNOSA HSE MANAGEMENT SYSTEM 4.5.5 HSE SYSTEM AUDIT The organisation shall establish and maintain an audit program and procedures for periodic HSE management system audits in order to: a) determine whether or not the HSE management system: © conforms to planned arrangements for HSE management including the requirements of the NOSA HSE Management System standard; has been established os a result of a thorough tisk assessment; hos been properly implemented and maintained; © Is effective in meeting the organization's policy and objectives; 'b) review the results of previous audits; ¢)_ provide information on the resuits of audits to management and employees. The audit program, including any schedules, shall be based on the results of risk assessments of the organisations activities, and the results of previous audits. The audit procedures shall cover the scope, frequency, methodologies and competencies, as well as the responsibilties, ‘accountabilities, and requirements for conducting audits and reporting results. Itis highly recommended that audits be conducted by personnel independent of those having direct responsibilty for the activity being examined. 4.6 HSE MANAGEMENT REVIEW 4.6.1 HSE SYSTEM REVIEW The organisations top management shall, at intervals they determine, review the NOSA HSE Management System to ensure its continuing suitability, adequacy and effectiveness. The management review process shall ensure that the necessary information is collected to allow management to carry out this evaluation. This review shall be documented. Input to management reviews shall include: ) results of internal audits and evaluations of compliance with applicable legal requirements and with other requirements to which the organisation subscribes: 'b]_ the results of participation and consultation (see 4.4.3): ) relevant communication(s) from extemal interested parties, including complaints: d]_the HSE performance of the organisation: e} the extent to which objectives have been met: f]__ status of incident investigations, non-conformance analyses, corrective actions and preventive actions; 9) follow-up actions from previous management reviews; h) changing circumstances, including developments in legal ond other requirements related to HSE: i) recommendations for improvement. @NOSA (PTY) LID. www nosa.coza | 17NOSA HSE MANAGEMENT SYSTEM The outputs from management reviews shall be consistent with the organisations commitment to continual improvement and shall include any decisions and actions related to possible changes to: 4) HSE performance: b]_HSE policy and objectives: ¢) resources; and d) other elements of the HSE management system. Relevant outputs from management review shall be made available for communication and consultation (see 4.4.3) CHECKING AND comtecve hon vee = enemas ‘HSE POLICY Figure 06: NOSA HSE Management System Review Elements The management review shall ascertain the updating of the organisations risk profle and Gddress the possible need for changes to policy, objectives and other elements of the HSE management system, in the light of HSE management system audit results, changing circumstances and the commitment to continual improvement. 18 | @NOSA PITY} LID. www