Hi
Can someone please explain to me how 'standards' fit into the OHS world. For example ISO 31000:2018 - Risk Management or ISO 45001:2018 - Occupational Health and Safety Management Systems. Are many organisations out there accredited with them, are many aiming for them. Are they worth the investment. Are they a gold standard we should all aim for?
Thanks
Riki
Not a fan of general management system standards. Standards originally arose out of engineering where there were clear and unambiguous levels required to meet safe and reliable outcomes. This simply isn't the case within general management systems in areas such as health and safety.
Some standards provide some very good guidance where they are about more specific areas and some provide reasonable frameworks to hang your management system off. My experience is that any value from certification is almost entirely dependent on the quality of the auditor and a good auditor will give that value regardless of whether you apply it to a formal standard or not.
But, as has been said on another thread recently, the most important thing to consider is your business, your context and how your management system best supports that.
There are some standards that are cited by Regulations, so they do have legislative status.
However most standards are voluntarily used to demonstrate compliance or good practice (such as ISO 45001:2018).
Some industries are highly-regulated with external auditors loving standards to audit against.
I have an issue with Standards NZ as they don't keep up: for example they still list AS/NZS ISO 31000:2009 as current.
The hierarchy of legislation, Codes, Standards etc from an enforceability perspective is as follows.
Act of Parliament / Legislation, i.e Statutes, state general duties = mandatory & enforceable
Regulations – made pursuant to a statute, specify particular compliance requirements; = mandatory
& enforceable
Approved Codes of Practice, developed by Industry and /or Regulator = approved by a Minister of
the Crown; typically regarded as “best practice” and may be referenced as practicable steps in
enforcement action.
AS/NZS Standards, International standards = persuasive, not enforceable per se. Some covering
more technical subject matter, e.g engineering, (electrical, mechanical etc) may be regarded as
minimum requirements, but must still pass the practicability test on a case by case basis for
enforcement purposes.
Guidelines & non-approved codes, produced by Regulator / Worksafe, Industry, or from other
jurisdictions. = informative. Not enforceable.
Even when Audits are conducted against a standard or reference document there can be significant variation in assessed results / conformance due to auditor experience / competence, scale of operation, complexity of subject matter etc.
In my view / experience OHSMS standards and similar, are overly burdensome and require administrative resources that make conformance by the average SME in NZ too difficult to maintain. The focus and available resource gets directed at achieving "system" conformance with the audit criteria and fails to relate to work practice. For 20 odd years we persisted with the Standards conformance / System audit process (ACC WSMP etc) before the evidence of management system / work practice disconnect became overwhelmingly apparent. Now we are talking about "work as imagined vs work as done". About time!
Slight correction, where a Standard is cited by a Regulation as mandatory to comply with, then it is enforceable. So for example, AS/NZS 3000:2008 is cited in the Electrical Safety Regulations as mandatory for low and extra low voltage installations (Reg 59).
We have done the following.
1. ACC audit
2. Sitewise
3. OHSAS 18001 and Prequal
3. Looking at doing ISO 18001 and have renewed Prequal.
We do it as we want to have robust safety systems and not take our word for it have others review them. Some (not many) clients ask for it. To date we have found that 18001 audits in person are not that good. They don't add much value to our business. The audits we have had the person is going through the motions and not really engaging in reviewing our systems. We will give it one more shot.
The prequal is better and not as expensive but it relies on us having 18001 to get a good grade. Auditors are in an office at the other end of the country and have little understanding of our business.
I get the feeling all these audits are just a business people have and they generate revenue from it. Some people have to have them so they go through the motions. Getting a warrant on your car is often more beneficial. They tell you about risks you did not know. The others more of a tick boxing exercise. Have you got meeting minutes.....without really getting into actual details and investing mental energy.
It is a bit like when you goto a site and they have a huge folder of safety information. Often a photo copy of a photo copy of a photo copy. The same old same old information which is rarely read by anyone.
So much depends on the perspective and mind-set of the auditor. I have seen a few (VERY few!) very good auditors who go beyond just "ticking the boxes" and dig more deeply into behaviour and culture - those few offer very good value to organisations that genuinely value their people and want to ensure their safety. Others get too caught up on literal interpretation of the standards and either use their 'authority' as an auditor to impose their own (mostly narrow) interpretation or miss really important issues because they "can't see the forest for the trees".
In addition, I have come to realise that in very many ways safety - or "non-safety" is actually a symptom of other organisational issues further up the chain. Safety, along with quality, productivity, even employee engagement, is actually a byproduct of effective systems, processes and culture. A lot of these elements need to be understood more deeply and applied more specifically in each particular context in order to deliver the desired results. So getting value from an audit means using an auditor who understands these factors at a much deeper level and can apply the principles of the audit framework requirements to different organisations, industries and cultures.
There is quite an inclination to want to "standardise" and make things uniform across the board for everyone, but that is not a real-world experience.
Good point re auditors - we are accredited to ISO 17025 a quality standard. What happens what they look at is very much determined by the auditor. They tend to zoom into the areas they know the best.
All good examples above of how the OH&S certification industry has fostered management system complexity and personal interpretations instead of leadership in developing simplicity and effectiveness for the client.
I think I'm right to say that ISO9001 Quality Management was the first International Standards Organization standard for a management system. It morphed into the framework for all management system standards, known "in the trade" as annex SL. That forms part of a 700+ pages document on developing and publishing management system standards. For example, ISO45001 was developed using annex SL. Thus, if PCBU has an ISO9001 quality management system it is a relatively short step to incorporate the OHS material required under ISO45001. Management system standards are generally auditable but, in ISO45001, read clause 0.5 and notice that a PCBU can make a self-declaration of conformance.
ISO31000 was first published in 2009 and was pretty good. When reissued in 2018 it had been revised to remove material that now appears in annex SL and, thus, management system standards. It includes brief guidance on integration and complements the management system standards.
As mentioned above, if a standard is cited in Regulations it is enforceable but, as far as I know, none of the management system standards are cited.
Personally, I go the integrated management system approach and that is what I teach at Victoria University of Wellington. That makes it possible to bring in the International Electrotechnical Commission standards on reliability of (in the broadest sense) equipment and human factors. Done well, an integrated system can be understood by auditors, either in its entirety or just the system they are auditing.
If anyone is looking for a continuing professional development option come and study paper HLWB507 Health and Safety Management at Victoria as a way of widening horizons. Actually, have a look at all the offerings for post graduate certificate or diploma or the Master's degree.