Digital Technology to Help Implement ISO 45001

Introduction to ISO 45001

To help organizations provide a safe and healthy workplace to their employees and prevent work-related injury and ill health to other stakeholders, the ISO (International Standards Organization) published ISO 45001: 2018.

To this date, ISO 45001 remains the sole, high-level, international standard providing organizations a common framework to manage their safety riskⁱ. Applicable to organizations of all size, kind, and in any market, the ISO 45001 standard offers a systematic, integrated approach to managing safety-related matters.

ISO 45001, as such, represents a landmark in the space, a means of internationalizing best practices adopted in national contexts, such as OHSAS 18001 (U.K.), but lacking in international heft and ability to integrate with other ISO standards.

The ISO standard, as a result, remains the established best practice in the field, becoming all the more relevant in the post-COVID era as the family of ISO 45000 standards evolved to include public health concerns as well as psychosocial risk in the workplace.

Given the importance of ISO 45001, this guide lays out the digital technology capabilities needed to implement the standard expeditiously while first addressing a few important provisions of the standard itself.

What Does ISO 45001 Say?

So, what does the standard say?

For starters, the standard takes the vaunted Plan-Do-Check-Act (PDCA) approach.

The PDCA concept is an iterative process used by organizations to achieve continual improvement, and it can be applied to a management system and to each of its individual elements, as follows:

• Plan. Determine and assess safety risks, opportunities, and other risks and other opportunities, establish safety objectives and processes necessary to deliver results in accordance with the organization’s safety policy
• Do. Implement the processes as planned
• Check. Monitor and measure activities and processes with regard to the safety policy and objectives and report the results
• Act. Take actions to continually improve safety performance to achieve intended outcomes

The PDCA cycle

Like OHSAS 18001 before it, ISO 45001 also includes a PDCA “Plan, Do, Check, Act” cycle.

In both contexts, the cycle provides a helpful framework for organizations to take stock of critical OHS risk areas. In addition, the cycle lays out the following:

• Plan by establishing the objectives and processes you need to deliver positive OHS results.
• Do by implementing the processes you’ve sketched out above.
• Check by monitoring and measuring what you’ve done against what your OHS policy, objectives, and regulatory requirements outline.
• Act by addressing gaps and taking action to ensure continual improvement.

What about the safety management system itself?

Per the standard, an organization has the freedom and flexibility to define the boundaries and applicability of its safety management system.

The boundaries and applicability may include the whole organization, or a specific part(s) of the organization, provided that the top management of that part of the organization has its own functions, responsibilities, and authorities for establishing the system.

The choice of these boundaries is was makes the system credible in the first place. But the scope shouldn’t be used to exclude activities, products, and services that have or can impact the organization’s safety performance, or to evade its legal requirements and other requirements.

And the scope of the system should be a factual and representative statement of the organization’s operations included within system boundaries that should not mislead interested parties.

This brings us directly to the role of leadership.

As expected, the standard argues that leadership and commitment from the organization’s top management, i.e., awareness, responsiveness, active support, and feedback, are what’s critical to the success of the safety management system and to the achievement of its intended outcomes.

Top management, as a result, has specific responsibilities for which they need to be personally involved or which they need to direct.

One of those responsibilities is fostering a safety culture. Such a culture, the product of individual and group values, attitudes, managerial practices, perceptions, competencies, and patterns of activities, must be supportive of the safety management system. A safety culture is characterized by the following:

• Active participation of workers
• Cooperation and communications founded on mutual trust
• Shared perceptions of the importance of the safety management system by active involvement in detection of safety opportunities
• Confidence in the effectiveness of preventive and protective measures

At the end of the day, though, safety management is about eliminating hazards and reducing safety risk. To that end, the standard requires organizations to establish, implement, and maintain a process(es) for the elimination of hazards and reduction of risks by using the following hierarchy of controls:

• Eliminate the hazard
• Substitute with less hazardous processes, operations, materials, or equipment
• Use engineering controls and reorganization of work
• Use administrative controls, including training
• Use adequate personal protective equipment

At a glance: Key business benefits of ISO 45001

• Enables the development of an effective safety management system
• Enforces safety best practices
• Ensures senior management and workers take an active interest in safety management
• Seeks to address and control key safety risks
• Takes a risk-based approach, ensuring constant updating as an organization’s context shifts
• Aligns safety risk management with other management processes
• Helps ensure compliance
• Bolsters a company’s reputation for being a safe place to work, which can:
  • Contribute to improved morale
  • Reduce regulatory oversight
  • Lower insurance costs
• Reduces the cost of safety disruptions
• Can help reduce employee downtime and absenteeism, thereby improving productivity

The Role of Emergency Management in ISO 45001

ISO 45001 is also distinct among most other safety management standards in that it lays out robust protocols for emergency management. In contrast, British standard OHSAS 18001 focuses almost exclusively on logging fire evacuation practice sessions and other superficial changes to emergency evacuation procedures.

Why the interest in emergency management for a safety management standard? Well, emergency situations create their own set of safety risk.

As a result, ISO 45001 mandates that safety professionals take a far more active part in all stages of the emergency management lifecycle (mitigation, preparedness, response, and recovery).

The standard also broadens the number of (internal and external) stakeholders who must be consulted, which holds in emergency situations, as well. That means emergency response agencies and the local community must be consulted as well as internal stakeholders.

Under the terms of ISO 45001, organizations must also take the following steps to anticipate, prevent, or minimize risk from potential emergencies:

• Identify and plan for potential emergency situations; integrate emergency exercises into your system
• Prepare a planned response to emergency situations, such as bomb threats, terrorist attacks, active shooter incidents, or natural disasters
• Periodically test and exercise emergency response capabilities
• Evaluate and revise emergency preparedness measures, especially after the occurrence of emergency situations
• Provide relevant information to all members of the organizations regarding their duties and responsibilities during an emergency event
  • At the very least, organizations should proactively maintain up-todate contact details of all internal and external stakeholders and procure mass communication tools to be deployed during major emergencies, e.g., earthquakes and storms
• Provide emergency prevention, preparedness, and response training
• Communicate information to contractors, visitors, relevant emergency response services, government authorities, and the local community

Digitization to Help Expedite ISO 45001 Compliance

How to fast-track ISO 45001 compliance? Consider safety management software built in line with ISO 45001.

Why? Well, such solutions let organizations manage every aspect of their environmental health and safety in an integrated safety and security platform, with all the information and tools that needed to effectively manage all environmental, health and safety incidents, risks, and hazards. That saves time, helps with better informed decision-making, enables risk and incident reduction, as well as facilitates faster response.

What are the key features to look for to expedite compliance with ISO 45001. We would consider the following:

• Incident reporting and management for environmental, health, and safety
• Investigations using ICAM and 5 Whys approach
• Injury and illness management, including treatments, expenses, and return-to-work planning
• Action management, including due date and completion tracking
• Risk management using Bow Tie, SWMS, Permit to Work, and JSA approaches, with a configurable risk matrix
• Contractor management and site-specific inductions
• Visitor Management
• Staff training and competency management
• Global and site-specific dashboards
• Hazard and near-miss reporting
• Safety meetings and follow-up action alerts
• Safety Engagements using behavior-based observations
• Lessons learned register
• Real-time KPI/KRI reporting and analytics
• Industrial hygiene and hazardous substance management
• Customizable access and security policies based on role type
• Safety inspections and compliance audits generated from a user-defined library
• Compliance breaches, obligations, and plans
• Employment health checks and drug/alcohol tests
• Controlled document management, including confirmation of understanding
• Asset management, including plant, equipment, & PPE
• Sustainability management
• Emergency and evacuation drills
• Mobile-first application (iOS and Android)
• All features are user-configurable using a no-code design

Benefits of integrated safety management software

Benefits of integrated safety management software, however, go beyond ISO 45001 compliance.

They include:

• Provide single source of truth for all safety data via integration with your other systems
• Increased stakeholder engagement by enabling anyone to report an event using public forms
• Reduced downtime using the platform’s offline capability to continue your work while disconnected from network
• Better integrates contractors and suppliers into safety programs via contractor management capabilities
• Manages psychological risks, which better ensures compliance with ISO 45003
• Improve collaboration using tools including chat, timelines, and incident guides
• Keeps stakeholders up to date
• Improves response efficiency using plan templates that can be assigned in response to events
• Saves time on manual processes by automating through drag and drop workflow designer
• Improves data quality with Smart forms to give users real time feedback about their inputs
• Ability to track performance in real time using configurable analytics and dashboards to generate insights
• Simplifies reporting by generating reports which can be customized then emailed or printed

Software Functionality to Support ISO 45001 Compliance

What about functionality to help comply with the emergency management subsections of ISO 45001? Here’s where an integrated platform comes in especially handy. Integrated emergency and incident management functionality to ensure compliance with ISO 45001 include:

Incident management

Report and manage all incidents and crises; activate teams, assign response tasks, record decisions, facts, assumptions, and share updates with key stakeholders.

Team activation and collaboration

Swiftly notify response teams and keep communication lines open; team members can easily join dedicated chat groups to discuss incidents.

Response plans and checklists

Generate emergency response action plans using a comprehensive library of best practices. Customize pre-existing strategies to align with your organization’s requirements or develop your own unique plans to effectively address your organization’s specific needs.

Situational awareness

Improve situational awareness with customizable dashboards that gather data using scrolling banners, live maps, and feeds to consolidate information from various sources, including news, weather, social media, traffic, and natural disaster streams.

Analytics and reporting

Analyze trends and create dashboards to visualize metrics important to your organization. Create custom reports as PDF or Word documents and share with stakeholders to improve data visibility, accountability, and lessons learned.

Finally, employers across the world have a duty of care to provide their employees a safe working environment. Since Covid, that duty of care obligation has become even harder to maintain.

Establishing an effective safety management system in compliance with ISO 45001 is one of the surefire ways to comply with the duty. But maintaining such a safety management system takes time and effort.

Fortunately, integrated safety management software cuts down on the time and effort it takes to comply with ISO 45001 and maintain a best-practice safety management system.

In fact, solutions like Noggin are already built in line with the standard, providing all the tools needed to automate your Plan, Do, Check, Act management cycle in a centralized, easy-to-use platform that increases organizational efficiency and drives your Safety program forward.

Sources

i NSF International Strategic Registrations: ISO 45001 Occupational Health and Safety Management Systems: Information Guide. Available at https://www.nsf.org/newsroom_pdf/isr_dis45001_ guide.pdf.