Other stories

RRC's Homepage

Health and Safety Expo

RRC Spreads its Wings During 2007

Construction (Design and Management) Regulations 2007: A Briefing

Tutor Viewpoint

New HSE Programmes Coming Soon

Two New Partners for RRC

RRC Newsletter Reader Survey

Student Focus

News

Noticeboard

Health and Safety Business Spring 2007

Health and Safety Business Homepage

Tutor Viewpoint - Brief Summary of Some Common Safety Management Systems and Related Approaches

Dr David Towlson BSc, PhD, MIOSH

HSG65

Policy

This constitutes the general objectives and intentions (vision) of the organisation – guiding principles that underpin their approach. This is demonstrated as a written statement of intent.

HSG65

Organising

Successful implementation of the policy requires motivation, commitment and involvement of people, otherwise known as a positive health and safety culture. It is characterised by:

  • Control – commitment from the top, allocating responsibilities and accountability to meet objectives together with instructing and supervising.
  • Co-operation – consulting with and involving people, for example, in writing procedures.
  • Communication – providing information.
  • Competence – assessing skills and training.

Planning and Implementing

Planning involves “setting objectives, identifying hazards, assessing risks, implementing standards of performance and developing a positive culture”. Risk assessment is a key aspect of this. It identifies and prioritises risks and helps you decide on what needs to be done to control them.

Implementing is primarily concerned with the actions required to deal with specific types of hazards.

Measuring Performance

This helps you know whether targets have been met or whether you are complying with the law. Typically, a combination of reactive and active monitoring techniques are used to gather performance data.

  • Reactive monitoring (after the event) e.g. accident statistics/investigations
  • Active monitoring (before the event) e.g. inspections

Auditing and Reviewing

Auditing is “looking at the total health and safety management system and analysing its efficiency, effectiveness and reliability.” This is with a view to recognising achievements as well as identifying deficiencies and formulating corrective action for continuous improvement. The audit report is wide-ranging and is typically based on employee interviews, workplace observations and looking at available documents. The report will summarise the main non-compliances (more serious deficiencies such as failure to abide by a specific law or permit) and findings (less serious deficiencies). The results of monitoring and audits feed into health and safety reviews. It is useless simply to accumulate data. Reviewing is where you take stock of your data and see how it compares with where you wanted or expected to be. It is an evaluation of performance and then learning from that experience. The gaps will enable you to see what needs action for improvement.

BS 8800:2004 Guide to Occupational Health and Safety Management Systems

The guidelines in BS 8800:2004 are based on general principles of good management and are designed to enable the integration of OH&S management within an overall management system. It is not intended for certification purposes (just a guide). It is based on the approach used in HSG65.

BS 8800:2004

OHSAS 18001

OHSAS 18001 is based on the environmental standard ISO 14001 and HSG65. It is a recognisable management standard for certification. It requires an organisation to:

  • Determine its existing health and safety activities,
  • Develop programmes and systems for elimination of risk, and
  • Develop a management system that aims to ensure that health and safety performance is continuously monitored and improved.
OHSAS 18001

OH&S Policy

This should state the overall H&S objectives of the organisation and express commitment to improving H&S performance. To demonstrate that commitment, it should be authorised by top management. It should commit the organisation to continual improvement and compliance with legislation. It should be communicated to all employees and other interested parties and be kept up to date by periodic review. It should, of course, also be documented.

Planning

This is needed for the effective identification of hazards and assessment and control of risks. This means that the organisation needs procedures to cover risks in all activities. It also needs procedures for identifying any applicable law. The organisation needs to establish H&S objectives consistent with the H&S policy and establish a management programme to achieve those objectives. The management programme will include designation of roles/responsibilities, timescales, etc.

Implementation and Operation

The necessary organisational structure and resources need to be put in place to implement the plans, though top management retain ultimate responsibility. People need to be competent to perform their designated roles and so this may mean training and maintaining awareness. The organisation needs to have systems in place to make sure that H&S information is communicated to/from employees. Employees should also be consulted on H&S matters and be involved in the development and review of policies and procedures. It is also important to document the systems and exercise control over those documents (so that they are accessible, periodically reviewed, kept up to date (version control), retained (e.g. legal requirements for document retention)). There should be documented procedures where necessary to control risks arising from the range of operations within the organisation. In particular there should be plans and procedures (which should be regularly tested) to cover potential emergencies.

Checking and Corrective Action

The organisation needs procedures to make sure that it regularly measures and monitors H&S performance (proactive, reactive, qualitative and quantitative). The organisation also needs procedures to record and investigate accidents/non-conformances and to make sure that remedial actions are implemented and that such actions have been effective. OH&S data (including audit and review results) should be recorded. There should be an audit programme to identify whether the OH&S management system is operating as planned and is effective.

Management Review

This is the job of top management. The whole system is periodically reviewed to make sure it continues to be effective. This relies on results gathered during the “Checking and Corrective Action” stage. The review may, in turn, lead to changes in the policy, objectives and other elements of the management system. It should, like everything else, be documented.

Guidelines on Occupational Safety and Health Management Systems, ILO-OSH, 2001

ILO-OSH, 2001

Adapted from Guidelines on Occupational Safety and Health Management Systems, ILO-OSH, 2001. Note that the basic parts are very similar to HSG65 and OHSAS 18001 in concept. It is intended that the safety management system should be compatible with or integrated into other management systems within the organisation.

1. Policy

Developed in consultation with workers, this should be signed by a senior member of the organisation. It should commit the organisation to protecting the health and safety of employees, compliance with applicable laws and guidance, consultation with employees and their participation and continuous improvement. The guidance stresses very forcefully the importance of employee consultation and participation in all elements of the safety management system for it to be effective. As such the ILO-OSH guidelines highly recommend the establishment of a health and safety committee and the recognition of safety representatives.

2. Organising

Whilst the employer retains overall responsibility for H&S, specific roles should be delegated/allocated throughout the organisation. This includes delegation of responsibility, accountability and authority. The structure and processes need to be in place to, amongst other things:

  • Actively promote co-operation and effective two-way communication in order to implement the safety management system.
  • Establish arrangements to identify and control workplace risks.
  • Provide supervision.
  • Provide adequate resources, etc.

Particularly recommended is the appointment of a senior individual for overseeing the development and maintenance of the OSH management system elements as a whole, promoting participation and periodic performance reporting.

Competence and training are stressed as key elements needed to implement such a programme. OSH management system documentation (policy, objectives, key roles/responsibilities, significant hazards and methods of prevention/control, procedures, etc.) should be created and maintained. Additionally, records should be kept, e.g. accident data, health surveillance, other monitoring data.

3. Planning and Implementation

This should start with an initial review to understand where the organisation sits currently. It should:

  • Identify applicable laws, standards, guidelines.
  • Assess H&S risks to the organisation.
  • Determine whether existing (or planned) controls are adequate.
  • Analyse health surveillance data.

This initial review provides the baseline for future continuous improvement.

The next stage is the planning, development and implementation of the safety management system (based on the results of initial or subsequent reviews). This should involve the setting of realistic, achievable objectives and the creation of a plan to meet those objectives. It should also involve selecting appropriate measurement criteria which will later be used to see if the objectives have been met and help with the allocation of resources.

Preventive and protective measures should be planned and implemented to eliminate and/or control risks to H&S. These should follow the general hierarchy of control: eliminate; control at source (using engineering and organisational measures); minimise (safe systems of work, including administrative controls); PPE if risks cannot be adequately controlled by collective measures.

Management of change is also important. Changes may occur internally (new processes, staff, etc.) as well as externally (legal changes, mergers, etc.) and it is important to manage those changes in a systematic way. Risk assessment is a key part of that, as well as ensuring that people are consulted and that any proposed changes are properly communicated to those likely to be affected.

Plans should also cover foreseeable emergencies (prevention, preparedness and response aspects), such as fire and first-aid.

Procurement procedures should make sure that H&S requirements (national and organisational) are an integral part of purchasing and leasing specifications. You should also ensure that the organisation’s H&S requirements are applied to contractors (including contractor selection and their work on site (hazard awareness, training, co-ordination and communication, accident reporting, site rules, compliance monitoring, etc.)).

4. Evaluation

Procedures need to be in place to monitor, measure and record performance of the H&S system. You should use a mixture of qualitative and quantitative and active and reactive performance measures. You should not just rely on accident rate data! Active monitoring includes things such as inspections, surveillance, compliance with laws, achievement of plans, etc. Reactive monitoring includes reporting and investigation of accidents/ill-health and OSH system failures. Accidents, etc. should be properly investigated to determine the root cause failures in the OHS management system. Investigations should be properly documented and remedial action implemented to prevent recurrence.

The organisation should have an audit policy (scope, competency, frequency, methodology, etc.). Audits seek to evaluate the performance of the OHS management system elements (or a sub-set) and should at least cover:

  • Policy
  • Worker participation
  • Responsibility/accountability
  • Competence and training
  • Documentation
  • Communication
  • Planning, development, implementation
  • Preventive and control measures
  • Management of change
  • Emergency preparedness
  • Procurement
  • Contracting
  • Performance monitoring/measurement
  • Accident investigations
  • Audits
  • Management review
  • Preventive and corrective action
  • Continuous improvement.

The audit should ultimately make conclusions about the effectiveness of the OHS management system.

A management review should evaluate the overall OHS management system and progress towards the organisation’s goals. It will, of course, use data from monitoring, measuring and auditing of the system as well as take account of other factors (including organisational changes) that may influence the system in the future. It will establish whether changes are needed to the system (or components). The results need to be recorded and communicated.

5. Action for Improvement

OSH management system performance monitoring, audits and management reviews will necessarily create a list of corrective actions. You must ensure that, firstly, you establish the root causes of the problems requiring correction and, secondly, that there is a system in place for making sure that actions are carried out (and checks made on their effectiveness).

6. Continual Improvement

The organisation should strive to continually improve. It should compare itself with other similar organisations.

Summary of Key Elements of OHS Management Systems

Common features are:

Policy

This is the same for OHSAS, ILO-OSH, HSG65 and BS8800.

Organising

This is the same for HSG65, BS8800 and ILO-OSH. For OHSAS this is part of the “Implementation and Operation” step.

Planning and Implementing

This is the same for HSG65, BS8800 and ILO-OSH. For OHSAS, Planning is broken out as a separate step (after Policy) but Implementing is covered under “Implementation and Operation”.

Performance Review

HSG65 and BS8800 cover this under “Measuring Performance” and “Reviewing Performance” or “Initial/Periodic Status Review”. ILO-OSH covers this under “Evaluation”. OHSAS covers this under “Checking and Corrective Action” and “Management Review”.

Audit

This is part of HSG65, BS8800, ILO-OSH and OHSAS and is usually discussed in the section on reviewing/evaluating performance of the system as a whole.

Continuous Improvement

Discussed in HSG65 and BS8800 as a feedback loop resulting from reviewing performance – corrective actions being fed back up the system to improve the system as a whole in an iterative process. The implication, therefore, is that improvement is continuous. ILO-OSH mentions this as a separate point, but again it naturally falls out of the management review as part of the “Evaluation” step and the “Action for Improvement” step. OHSAS does not identify this as a separate point (other than in their system flow diagram), but the practical arrangements for continual improvement (e.g. corrective actions, etc.) are discussed throughout the OHSAS document.

AS/NZS 4360 Risk Management Standard

ILO-OSH, 2001

This related management standard is also well worth a mention. Note that this standard is not restricted to health and safety (H&S) risks. It is much wider than that. Risk management here is seen in a wider context than usually considered in H&S (which usually has a negative spin and generally concentrates on losses). It considers risk to essentially be exposure to the consequences of uncertainty (or deviations from the plan). Risk management is then applied to speculative risks – that is, to manage risk where there may either be potential losses or potential gains.

Communicate and Consult

This means making sure that you communicate with all appropriate stakeholders (internal and external) at every stage of the process. You need to make sure that you get the whole picture and don’t miss out – a simple way of doing that is making sure you seek the views of interested parties.

Establish the Context

This will determine the direction of the rest of the process. It sets the scope of the whole process. Look at both the internal and external environment of the business and what the purpose/objective of the risk management exercise is to be. External context would include such things as the regulatory regime, competitiveness, politics, culture, external stakeholders, etc. Internal context would include consideration of issues such as internal stakeholders, organisational structure, resources, internal culture, goals/objectives, etc. At this stage you should establish the criteria against which risk will later be evaluated (to determine its significance). For example, you may have humanitarian, financial, legal, social, technical, operational or environmental criteria against which risks are evaluated and upon which risk treatment decisions are based. Criteria may be greatly influenced by regulatory requirements and by stakeholder perception of risk. You should also define a structured approach to the rest of the process.

Identify Risks

Think about what events might impact on the business (either positively or negatively) and how/when they might occur. Although some events might not stop you reaching an objective they might delay or degrade that performance. Even if the risk is beyond the immediate control of the organisation, it should be identified. Systematic methods should be used in order to reduce the likelihood of overlooking significant risks. There is a huge variety of techniques for risk identification, ranging from brainstorming and checklists to more formal, rigorous methods.

Analyse Risks

This involves trying to understand risks. Look at existing control measures and determine the level of risk remaining (potential consequences and likelihood). There are lots of methods for this, ranging from qualitative to fully quantitative.

Evaluate Risks

This is a comparison of the levels of risk (estimated in the previous step) against established criteria. This enables you to see how significant the risks are and whether there is a balance between potential costs/losses and potential benefits. This enables you to decide what risks need treatment and also the priorities for treatment.

(The process of identifying, analysing and evaluating risks is what is generally called “risk assessment”.)

Treat Risk

This is just identifying options to reduce potential costs/losses and increase potential benefits/gains, followed by assessing their relative merits, followed by devising and implementing treatment plans. Remember that in this context, risks may have positive outcomes as well as negative. Risks that have positive outcomes are generally called opportunities. General treatment options are:

  • Actively seek opportunities or actively avoid risks (though there is a danger here, with undue risk averse organisations, to miss out on significant opportunities in doing so).
  • Changing the likelihood or consequences of the opportunity or risk (so as to affect the likelihood and extent of any gains/losses).
  • Sharing the opportunity or risk with others (via contracts, insurance, etc. – though these can introduce new risks).
  • Retaining the residual opportunity or risk (with or without knowledge) within the organisation.

Monitor and Review

This is the continuous improvement step and also making sure that you take account of changes of circumstances to keep your systems up to date.

Record

Don’t forget to document the whole process. This is just good corporate governance, so that everyone knows what decisions have been made and the basis for those decisions.

Back to top

Please e-mail us with news and views about health and safety which you think would be of interest and would like to share with other newsletter subscribers.

Contact us here!

Click here to be removed from our mailing list.