Occupational health and safety management systems Specification

OCCUPATIONAL HEALTH AND SAFETY ASSESSMENT SERIES Occupational health and safety management systems Specification IMPORTANT BSI-OHSAS 18001 is not a British Standard BSI-OHSAS 18001 will be withdrawn on publication of its contents in, or as, a British Standard ICS 03.100.01; 13.100 OHSAS 18001:1999 Incorporating Amendment No. 1

This OHSAS publication comes into effect on 15 April 1999 BSI 13 December 2002 ISBN 0 580 28298 8 Acknowledgement OHSAS 18001 has been developed with the assistance of the following co-operating organizations: National Standards Authority of Ireland South African Bureau of Standards British Standards Institution Bureau Veritas Quality International Det Norske Veritas Lloyds Register Quality Assurance National Quality Assurance SFS Certification SGS Yarsley International Certification Services Asociación Española de Normalización y Certificación International Safety Management Organisation Ltd Standards and Industry Research Institute of Malaysia (Quality Assurance Services) International Certification Services Amendments issued since publication Amd. No. Date Comments 14223 13 December 2002 Indicated by a sideline in the margin

Contents Page Foreword ii 1 Scope 1 2 Reference publications 1 3 Terms and definitions 1 4 OH&S management system elements 3 4.1 General requirements 4 4.2 OH&S policy 4 4.3 Planning 5 4.4 Implementation and operation 7 4.5 Checking and corrective action 10 4.6 Management review 12 Annex A (informative) Correspondence between OHSAS 18001, ISO 14001:1996, ISO 9001:1994 and ISO 9001:2000 13 Annex B (informative) Corrspondence between OHSAS 18001, OHSAS 18002, and the ILO-OSH:2001 Guidelines on occupational safety and health management systems 17 Bibliography 21 Table A.1 Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:1994 13 Table A.2 Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:2000 15 Table B.1 Correspondence between the clauses of the OHSAS documents and the clauses of the ILO-OSH Guidelines 20 BSI 13 December 2002 i

Foreword This Occupational Health and Safety Assessment Series (OHSAS) specification and the accompanying OHSAS 18002, Guidelines for the implementation of OHSAS 18001, have been developed in response to urgent customer demand for a recognizable occupational health and safety management system standard against which their management systems can be assessed and certified. OHSAS 18001 is compatible with the ISO 9001:1994, ISO 9001:2000 (Quality) and ISO 14001:1996 (Environmental) management systems standards, in order to facilitate the integration of quality, environmental and occupational health and safety management systems by organizations, should they wish to do so. This OHSAS specification will be reviewed or amended when considered appropriate. Reviews will be conducted when new editions of either ISO 9001 or ISO 14001 are published, to ensure continuing compatibility. This OHSAS specification will be withdrawn on publication of its contents in, or as, an international standard. For the United Kingdom: BSI-OHSAS 18001 is not a British Standard; BSI-OHSAS 18001 will be withdrawn on publication of its content in, or as, a British Standard; BSI-OHSAS 18001 is published by BSI which retains its ownership and copyright. The development process used for OHSAS 18001 is open to other sponsors wishing to produce similar types of documents in association with BSI, provided that those sponsors are willing to comply with BSI s conditions for such documents. Publications referred to during the development of this OHSAS specification The following documents were referenced during the development of this OHSAS specification: ii BS 8800:1996, Guide to occupational health and safety management systems Technical Report NPR 5001:1997, Guide to an occupational health and safety management system SGS & ISMOL ISA 2000:1997, Requirements for Safety and Health Management Systems BVQI SafetyCert, Occupational Safety and Health Management Standard DNV, Standard for Certification of Occupational Health and Safety Management Systems (OHSMS):1997 Draft NSAI SR 320, Recommendation for an Occupational Health and Safety (OH & S) Management System Draft AS/NZ 4801, Occupational health and safety management systems Specification with guidance for use Draft BSI PAS 088, Occupational health and safety management systems BSI 13 December 2002

UNE 81900 series of pre-standards on the prevention of occupational risks Draft LRQA SMS 8800 Health & safety management systems assessment criteria OHSAS 18001 will supersede some of these referenced documents. OHSAS 18001 maintains a high level of compatibility with, and technical equivalence to UNE 81900. This publication does not purport to include all necessary provisions of a contract. Users are responsible for its correct application. Compliance with this Occupational Health and Safety Assessment Series publication does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, pages I to iv, pages 1 to 21, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. BSI 13 December 2002 iii

. iv blank

1 Scope This Occupational Health and Safety Assessment Series (OHSAS) specification gives requirements for an occupational health and safety (OH&S) management system, to enable an organization to control its OH&S risks and improve its performance. It does not state specific OH&S performance criteria, nor does it give detailed specifications for the design of a management system. This OHSAS specification is applicable to any organization that wishes to: a) establish an OH&S management system to eliminate or minimize risk to employees and other interested parties who may be exposed to OH&S risks associated with its activities; b) implement, maintain and continually improve an OH&S management system; c) assure itself of its conformance with its stated OH&S policy; d) demonstrate such conformance to others; e) seek certification/registration of its OH&S management system by an external organization; or f) make a self-determination and declaration of conformance with this OHSAS specification. All the requirements in this OHSAS specification are intended to be incorporated into any OH&S management system. The extent of the application will depend on such factors as the OH&S policy of the organization, the nature of its activities and the risks and complexity of its operations. This OHSAS specification is intended to address occupational health and safety rather than product and services safety. 2 Reference publications Other publications that provide information or guidance are listed in the Bibliography. It is advisable that the latest editions of such publications be consulted. Specifically, reference should be made to: OHSAS 18002:2000, Occupational health and safety management systems Guidelines for the implementation of OHSAS 18001. BS 8800:1996, Guide to occupational health and safety management systems. 3 Terms and definitions For the purposes of this OHSAS specification the following terms and definitions apply. 3.1 accident undesired event giving rise to death, ill health, injury, damage or other loss 3.2 audit systematic examination to determine whether activities and related results conform to planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving the organization s policy and objectives (see 3.9) BSI 13 December 2002 1

3.3 continual improvement process of enhancing the OH&S management system, to achieve improvements in overall occupational health and safety performances, in line with the organization s OH&S policy NOTE The process need not take place in all areas of activity simultaneously. 3.4 hazard source or situation with a potential for harm in terms of human injury or ill health, damage to property, damage to the workplace environment, or a combination of these 3.5 hazard identification process of recognizing that a hazard (see 3.4) exists and defining its characteristics 3.6 incident event that gave rise to an accident or had the potential to lead to an accident NOTE An incident where no ill health, injury, damage, or other loss occurs is also referred to as a near-miss. The term incident includes near-misses. 3.7 interested parties individual or group concerned with or affected by the OH&S performance of an organization 3.8 nonconformance any deviation from work standards, practices, procedures, regulations, management system performance etc. that could either directly or indirectly lead to injury or illness, property damage, damage to the workplace environment, or a combination of these 3.9 objectives goals, in terms of OH&S performance, that an organization sets itself to achieve NOTE Objectives should be quantified wherever practicable. 3.10 occupational health and safety conditions and factors that affect the well-being of employees, temporary workers, contractor personnel, visitors and any other person in the workplace 3.11 OH&S management system part of the overall management system that facilitates the management of the OH&S risks associated with the business of the organization. This includes the organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the organization's OH&S policy 3.12 organization company, operation, firm, enterprise, institution or association, or part thereof, whether incorporated or not, public or private, that has its own functions and administration NOTE For organizations with more than one operating unit, a single operating unit may be defined as an organization. 2 BSI 13 December 2002

3.13 performance measurable results of the OH&S management system, related to the organization s control of health and safety risks, based on its OH&S policy and objectives NOTE Performance measurement includes measurement of OH&S management activities and results. 3.14 risk combination of the likelihood and consequence(s) of a specified hazardous event occurring 3.15 risk assessment overall process of estimating the magnitude of risk and deciding whether or not the risk is tolerable 3.16 safety freedom from unacceptable risk of harm [ISO/IEC Guide 2] 3.17 tolerable risk risk that has been reduced to a level that can be endured by the organization having regard to its legal obligations and its own OH&S policy 4 OH&S management system elements Figure 1 Elements of successful OH&S management BSI 13 December 2002 3

4.1 General requirements The organization shall establish and maintain an OH&S management system, the requirements for which are set out in Clause 4. 4.2 OH&S policy 4 Figure 2 OH&S policy There shall be an occupational health and safety policy authorized by the organization s top management, that clearly states overall health and safety objectives and a commitment to improving health and safety performance. The policy shall: a) be appropriate to the nature and scale of the organization s OH&S risks; b) include a commitment to continual improvement; c) include a commitment to at least comply with current applicable OH&S legislation and with other requirements to which the organization subscribes; d) be documented, implemented and maintained; e) be communicated to all employees with the intent that employees are made aware of their individual OH&S obligations; f) be available to interested parties; and g) be reviewed periodically to ensure that it remains relevant and appropriate to the organization. BSI 13 December 2002

4.3 Planning Figure 3 Planning 4.3.1 Planning for hazard identification, risk assessment and risk control The organization shall establish and maintain procedures for the ongoing identification of hazards, the assessment of risks, and the implementation of necessary control measures. These shall include: routine and non-routine activities; activities of all personnel having access to the workplace (including subcontractors and visitors); facilities at the workplace, whether provided by the organization or others. The organization shall ensure that the results of these assessments and the effects of these controls are considered when setting its OH&S objectives. The organization shall document and keep this information up to date. The organization s methodology for hazard identification and risk assessment shall: be defined with respect to its scope, nature and timing to ensure it is proactive rather than reactive; provide for the classification of risks and identification of those that are to be eliminated or controlled by measures as defined in 4.3.3 and 4.3.4; be consistent with operating experience and the capabilities of risk control measures employed; BSI 13 December 2002 5

6 provide input into the determination of facility requirements, identification of training needs and/or development of operational controls; provide for the monitoring of required actions to ensure both the effectiveness and timeliness of their implementation. NOTE For further guidance on hazard identification, risk assessment and risk control, see OHSAS 18002. 4.3.2 Legal and other requirements The organization shall establish and maintain a procedure for identifying and accessing the legal and other OH&S requirements that are applicable to it. The organization shall keep this information up-to-date. It shall communicate relevant information on legal and other requirements to its employees and other relevant interested parties. 4.3.3 Objectives The organization shall establish and maintain documented occupational health and safety objectives, at each relevant function and level within the organization. NOTE Objectives should be quantified wherever practicable. When establishing and reviewing its objectives, an organization shall consider its legal and other requirements, its OH&S hazards and risks, its technological options, its financial, operational and business requirements, and the views of interested parties. The objectives shall be consistent with the OH&S policy, including the commitment to continual improvement. 4.3.4 OH&S management programme(s) The organization shall establish and maintain (an) OH&S management programme(s) for achieving its objectives. This shall include documentation of: a) the designated responsibility and authority for achievement of the objectives at relevant functions and levels of the organization; and b) the means and time-scale by which objectives are to be achieved. The OH&S management programme(s) shall be reviewed at regular and planned intervals. Where necessary the OH&S management programme(s) shall be amended to address changes to the activities, products, services, or operating conditions of the organization. BSI 13 December 2002

4.4 Implementation and operation Figure 4 Implementation and operation 4.4.1 Structure and responsibility The roles, responsibilities and authorities of personnel who manage, perform and verify activities having an effect on the OH&S risks of the organization s activities, facilities and processes, shall be defined, documented and communicated in order to facilitate OH&S management. Ultimate responsibility for occupational health and safety rests with top management. The organization shall appoint a member of top management (e.g. in a large organization, a Board or executive committee member) with particular responsibility for ensuring that the OH&S management system is properly implemented and performing to requirements in all locations and spheres of operation within the organization. Management shall provide resources essential to the implementation, control and improvement of the OH&S management system. NOTE Resources include human resources and specialized skills, technology and financial resources. BSI 13 December 2002 7

The organization s management appointee shall have defined roles, responsibilities and authority for: a) ensuring that OH&S management system requirements are established, implemented and maintained in accordance with this OHSAS specification; b) ensuring that reports on the performance of the OH&S management system are presented to top management for review and as a basis for improvement of the OH&S management system. All those with management responsibility shall demonstrate their commitment to the continual improvement of OH&S performance. 4.4.2 Training, awareness and competence Personnel shall be competent to perform tasks that may impact on OH&S in the workplace. Competence shall be defined in terms of appropriate education, training and/or experience. The organization shall establish and maintain procedures to ensure that its employees working at each relevant function and level are aware of: the importance of conformance to the OH&S policy and procedures, and to the requirements of the OH&S management system; the OH&S consequences, actual or potential, of their work activities and the OH&S benefits of improved personal performance; their roles and responsibilities in achieving conformance to the OH&S policy and procedures and to the requirements of the OH&S management system, including emergency preparedness and response requirements (see 4.4.7); the potential consequences of departure from specified operating procedures. Training procedures shall take into account differing levels of: 8 responsibility, ability and literacy; and risk. 4.4.3 Consultation and communication The organization shall have procedures for ensuring that pertinent OH&S information is communicated to and from employees and other interested parties. Employee involvement and consultation arrangements shall be documented and interested parties informed. Employees shall be: involved in the development and review of policies and procedures to manage risks; consulted where there are any changes that affect workplace health and safety; represented on health and safety matters; and informed as to who is their employee OH&S representative(s) and specified management appointee (see 4.4.1). BSI 13 December 2002

4.4.4 Documentation The organization shall establish and maintain information, in a suitable medium such as paper or electronic form, that: a) describes the core elements of the management system and their interaction; and b) provides direction to related documentation. NOTE It is important that documentation is kept to the minimum required for effectiveness and efficiency. 4.4.5 Document and data control The organization shall establish and maintain procedures for controlling all documents and data required by this OHSAS specification to ensure that: a) they can be located; b) they are periodically reviewed, revised as necessary and approved for adequacy by authorized personnel; c) current versions of relevant documents and data are available at all locations where operations essential to the effective functioning of the OH&S system are performed; d) obsolete documents and data are promptly removed from all points of issue and points of use or otherwise assured against unintended use; and e) archival documents and data retained for legal or knowledge preservation purposes or both, are suitably identified. 4.4.6 Operational control The organization shall identify those operations and activities that are associated with identified risks where control measures need to be applied. The organization shall plan these activities, including maintenance, in order to ensure that they are carried out under specified conditions by: a) establishing and maintaining documented procedures to cover situations where their absence could lead to deviations from the OH&S policy and the objectives; b) stipulating operating criteria in the procedures; c) establishing and maintaining procedures related to the identified OH&S risks of goods, equipment and services purchased and/or used by the organization and communicating relevant procedures and requirements to suppliers and contractors; d) establishing and maintaining procedures for the design of workplace, process, installations, machinery, operating procedures and work organization, including their adaptation to human capabilities, in order to eliminate or reduce OH&S risks at their source. BSI 13 December 2002 9

4.4.7 Emergency preparedness and response The organization shall establish and maintain plans and procedures to identify the potential for, and responses to, incidents and emergency situations, and for preventing and mitigating the likely illness and injury that may be associated with them. The organization shall review its emergency preparedness and response plans and procedures, in particular, after the occurrence of incidents or emergency situations. The organization shall also periodically test such procedures where practicable. 4.5 Checking and corrective action 10 Figure 5 Checking and corrective action 4.5.1 Performance measurement and monitoring The organization shall establish and maintain procedures to monitor and measure OH&S performance on a regular basis. These procedures shall provide for: both qualitative and quantitative measures, appropriate to the needs of the organization; monitoring of the extent to which the organization s OH&S objectives are met; proactive measures of performance that monitor compliance with the OH&S management programme, operational criteria and applicable legislation and regulatory requirements; reactive measures of performance to monitor accidents, ill health, incidents (including near-misses) and other historical evidence of deficient OH&S performance; recording of data and results of monitoring and measurement sufficient to facilitate subsequent corrective and preventative action analysis. BSI 13 December 2002

If monitoring equipment is required for performance measurement and monitoring, the organization shall establish and maintain procedures for the calibration and maintenance of such equipment. Records of calibration and maintenance activities and results shall be retained. 4.5.2 Accidents, incidents, nonconformances and corrective and preventive action The organization shall establish and maintain procedures for defining responsibility and authority for: a) the handling and investigation of: accidents; incidents; nonconformances; b) taking action to mitigate any consequences arising from accidents, incidents or nonconformances; c) the initiation and completion of corrective and preventive actions; d) confirmation of the effectiveness of corrective and preventive actions taken. These procedures shall require that all proposed corrective and preventive actions shall be reviewed through the risk assessment process prior to implementation. Any corrective or preventive action taken to eliminate the causes of actual and potential nonconformances shall be appropriate to the magnitude of problems and commensurate with the OH&S risk encountered. The organization shall implement and record any changes in the documented procedures resulting from corrective and preventive action. 4.5.3 Records and records management The organization shall establish and maintain procedures for the identification, maintenance and disposition of OH&S records, as well as the results of audits and reviews. OH&S records shall be legible, identifiable and traceable to the activities involved. OH&S records shall be stored and maintained in such a way that they are readily retrievable and protected against damage, deterioration or loss. Their retention times shall be established and recorded. Records shall be maintained, as appropriate to the system and to the organization, to demonstrate conformance to this OHSAS specification. 4.5.4 Audit The organization shall establish and maintain an audit programme and procedures for periodic OH&S management system audits to be carried out, in order to: a) determine whether or not the OH&S management system: 1) conforms to planned arrangements for OH&S management including the requirements of this OHSAS specification; 2) has been properly implemented and maintained; and BSI 13 December 2002 11

3) is effective in meeting the organization s policy and objectives; b) review the results of previous audits; c) provide information on the results of audits to management. The audit programme, including any schedule, shall be based on the results of risk assessments of the organization s activities, and the results of previous audits. The audit procedures shall cover the scope, frequency, methodologies and competencies, as well as the responsibilities and requirements for conducting audits and reporting results. Wherever possible, audits shall be conducted by personnel independent of those having direct responsibility for the activity being examined. NOTE The word independent here does not necessarily mean external to the organization. 4.6 Management review 12 Figure 6 Management review The organization s top management shall, at intervals that it determines, review the OH&S management system, to ensure its continuing suitability, adequacy and effectiveness. The management review process shall ensure that the necessary information is collected to allow management to carry out this evaluation. This review shall be documented. The management review shall address the possible need for changes to policy, objectives and other elements of the OH&S management system, in the light of OH&S management system audit results, changing circumstances and the commitment to continual improvement. BSI 13 December 2002

Annex A (informative) Correspondence between OHSAS 18001, ISO 14001:1996, ISO 9001:1994 and ISO 9001:2000 Table A.1 Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:1994 Clause OHSAS 18001 Clause ISO 14001:1996 Clause ISO 9001:1994 1 Scope 1 Scope 1 Scope 2 Reference publications 2 Normative references 2 Normative references 3 Terms and definitions 3 Definitions 3 Definitions 4 OH&S management system elements 4 Environmental management system requirements 4 Quality system requirements 4.1 General requirements 4.1 General requirements 4.2.1 General (1st sentence) 4.2 OH&S policy 4.2 Environmental policy 4.1.1 Quality policy 4.3 Planning 4.3 Planning 4.2 Quality system 4.3.1 Planning for hazard identification, risk assessment and risk control 4.3.2 Legal and other requirements 4.3.1 Environmental aspects 4.2 Quality system 4.3.2 Legal and other requirements 4.3.3 Objectives 4.3.3 Objectives and targets 4.2 Quality system 4.3.4 OH&S management programme(s) 4.4 Implementation and operation 4.3.4 Environmental management programme(s) 4.4 Implementation and operation 4.4.1 Structure and responsibility 4.4.1 Structure and responsibility 4.1 4.4.2 Training, awareness and competence 4.4.3 Consultation and communication 4.4.2 Training, awareness and competence 4.2 Quality system BSI 13 December 2002 13 4.2 4.9 4.1.2 Quality system Process control Management responsibility Organization 4.18 Training 4.4.3 Communication 4.4.4 Documentation 4.4.4 Environmental management system documentation 4.2.1 General (without 1st sentence) 4.4.5 Document and data control 4.4.5 Document control 4.5 Document and data control 4.4.6 Operational control 4.4.6 Operational control 4.2.2 Quality system procedures 4.3 Contract review 4.4 Design control 4.6 Purchasing 4.7 Customer supplied product 4.8 Product identification and traceability 4.9 Process control 4.15 Handling, storage, packaging, preservation and delivery 4.19 Servicing 4.20 Statistical techniques

14 Table A.1 Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:1994 (continued) Clause OHSAS 18001 Clause ISO 14001:1996 Clause ISO 9001:1994 4.4.7 Emergency preparedness and response 4.5 Checking and corrective action 4.5.1 Performance measurement and monitoring 4.5.2 Accidents, incidents, nonconformances and corrective and preventive action 4.5.3 Records and records management 4.4.7 Emergency preparedness and response 4.5 Checking and corrective action 4.5.1 Monitoring and measurement 4.5.2 Nonconformance and corrective and preventive action 4.5.4 Audit 4.5.4 Environmental management system audit 4.10 4.11 4.12 4.13 4.14 Inspection and testing Control of inspection, measuring and test equipment Inspection and test status Control of nonconforming product Corrective and preventive action 4.5.3 Records 4.16 Control of quality records 4.17 Internal quality audits 4.6 Management review 4.6 Management review 4.1.3 Management review Annex A Correspondence to ISO 14001, ISO 9001 Annex B Correspondence to ISO 9001 Bibliography Annex C Bibliography Annex A Bibliography (See OHSAS 18002) Annex A Guidance on the use of the specification BSI 13 December 2002

Table A.2 Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:2000 Clause OHSAS 18001 Clause ISO 14001:1996 Clause ISO 9001:2000 Introduction 0 0.1 0.2 0.3 0.4 Introduction General Process approach Relationship with ISO 9004 Compatibility with other management systems 1 Scope 1 Scope 1 1.1 1.2 Scope General Application 2 Reference publications 2 Normative reference 2 Normative reference 3 Definitions 3 Definitions 3 Terms and definitions 4 OH&S management system elements 4 Environmental management system requirements 4 Quality management system 4.1 General requirements 4.1 General requirements 4.1 5.5 5.5.1 4.2 OH&S policy 4.2 Environmental policy 5.1 5.3 8.5 4.3 Planning 4.3 Planning 5.4 Planning 4.3.1 Planning for hazard 4.3.1 Environmental aspects 5.2 identification, risk 7.2.1 assessment and risk control 7.2.2 4.3.2 Legal and other requirements 4.3.2 Legal and other requirements General requirements Responsibility, authority and communication Responsibility and authority Management commitment Quality policy Improvement Customer focus Determination of requirements related to the product Review of requirements related to the product BSI 13 December 2002 15 5.2 7.2.1 Customer focus Determination of requirements related to the product 4.3.3 Objectives 4.3.3 Objectives and targets 5.4.1 Quality objectives 4.3.4 OH&S management programme(s) 4.3.4 Environmental management programme(s) 5.4.2 8.5.1 Quality management system planning Continual improvement 4.4 Implementation and operation 4.4 Implementation and operation 7 7.1 Product realization Planning of product realization 4.4.1 Structure and responsibility 4.4.1 Structure and responsibility 5 5.1 5.5.1 5.5.2 6 6.1 6.2 6.2.1 6.3 6.4 4.4.2 Training, awareness and competence 4.4.3 Communication 5.5.3 7.2.3 4.4.2 Training, awareness and competence 4.4.3 Consultation and communication 4.4.4 Documentation 4.4.4 Environmental management system documentation 4.4.5 Document and data control Management responsibility Management commitment Responsibility and authority Management representative Resource management Provision of resources Human resources General Infrastructure Work environment 6.2.2 Competence, awareness and training Internal communication Customer communication 4.2 Documentation requirements 4.2.1 General 4.2.2 Quality manual 4.4.5 Document control 4.2.3 Control of documents

16 Table A.2 Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:2000 (continued) Clause OHSAS 18001 Clause ISO 14001:1996 Clause ISO 9001:2000 4.4.6 Operational control 4.4.6 Operational control 7 Product realization 7.1 Planning of product realization 7.2 Customer-related processes 7.2.1 Determination of requirements related to the product 7.2.2 Review of requirements related to the product 7.3 Design and development 7.3.1 Design and development planning 7.3.2 Design and development inputs 7.3.3 Design and development outputs 7.3.4 Design and development review 7.3.5 Design and development verification 7.3.6 Design and development validation 7.3.7 Control of design and development changes 7.4 Purchasing 7.4.1 Purchasing process 7.4.2 Purchasing information 7.4.3 Verification of purchased product 7.5 Production and service provision 7.5.1 Control of production and service provision 7.5.3 Identification and traceability 7.5.4 Customer property 7.5.5 Preservation of product 7.5.2 Validation of processes for production and service provision 4.4.7 Emergency preparedness 4.4.7 Emergency preparedness 8.3 Control of nonconforming product and response and response 4.5 Checking and corrective action 4.5 Checking and corrective action 8 Measurement, analysis and improvement 4.5.1 Performance measurement and 4.5.1 Monitoring and measurement 7.6 Control of monitoring and measuring devices monitoring 8.1 General 8.2 Monitoring and measurement 8.2.1 Customer satisfaction 8.2.3 Monitoring and measurement of processes 8.2.4 Monitoring and measurement of product 4.5.2 Accidents, incidents, nonconformance and corrective and preventive action 4.5.3 Records and records management 4.5.2 Nonconformance and corrective and preventive 8.4 Analysis of data 8.3 Control of nonconforming product 8.5.2 Corrective action action 8.5.3 Preventive action 4.5.3 Records 4.2.4 Control of records 4.5.4 Audit 4.5.4 Environmental management 8.2.2 Internal audit system audit 4.6 Management review 4.6 Management review 5.6 5.6.1 5.6.2 5.6.3 Management review General Review input Review output Annexes Correspondence to Annex B Correspondence to Annex A Correspondence to ISO 14001 A and B ISO 14001 and ISO 9001 ISO 9001 Bibliography Annex C Bibliography Bibliography (See OHSAS 18002) Annex A Guidance on the use of the specification BSI 13 December 2002

Annex B (informative) Correspondence between OHSAS 18001, OHSAS 18002, and the ILO-OSH:2001 Guidelines on occupational safety and health management systems B.1 Introduction This annex identifies the key differences between the International Labour Organization s ILO-OSH Guidelines and the OHSAS documents, and provides a comparative assessment of their differing requirements. It should be noted that no areas of significant difference have been identified. Consequently, those organizations that have implemented an OH&S management system that is compliant with OHSAS 18001 may be reassured that their OH&S management system will also be compatible with the recommendations of the ILO-OSH Guidelines. A correspondence table between the individual clauses of the OHSAS documents and those of the ILO-OSH Guidelines is given in B.4. B.2 Overview The two prime objectives of the ILO-OSH Guidelines are: a) to assist countries in the establishment of a national framework for occupational health and safety management systems; and b) to provide guidance to individual organizations regarding the integration of OH&S elements into their overall policy and management arrangements. OHSAS 18001 specifies requirements for OH&S management systems, to enable organizations to control risks and to improve their performance. OHSAS 18002 gives guidance on the implementation of OHSAS 18001. The OHSAS documents are therefore comparable with Section 3 of the ILO-OSH Guidelines The occupational safety and health management system in the organization. B.3 Detailed analysis of Section 3 of the ILO-OSH Guidelines against the OHSAS documents B.3.1 Scope The focus of the ILO-OSH Guidelines is on workers. The focus of the OHSAS series standards, towards employees and other interested parties, is broader. The definition of Hazard in OHSAS 18001, 3.4: source or situation with a potential for harm in terms of injury or ill health, damage to property, damage to the workplace environment, or a combination of these is equally more broad than that in the ILO-OSH BSI 13 December 2002 17

Guidelines, whose sole focus is towards the potential to cause injury or damage to people's health. B.3.2 OH&S management system models The models picturing the main elements of an OH&S management system are directly equivalent between the ILO-OSH Guidelines and the OHSAS documents. B.3.3 ILO-OSH Section 3.2, Worker participation In the ILO-OSH Guidelines, subsection 3.2.4 recommends that: "The employer should ensure as appropriate, the establishment and efficient functioning of a health and safety committee and the recognition of workers health and safety representatives in accordance with national laws and practice". OHSAS 18001 requires the organization to document and promote its arrangements, and to involve a wider spectrum of consultees, i.e. interested parties (due to the broader scope of application of the document). Interestingly, the ILO-OSH Guidelines would allow organizations to abdicate from the above, if national laws and practice did not stipulate such a requirement. B.3.4 ILO-OSH Section 3.3, Responsibility and accountability The ILO-OSH Guidelines recommend in 3.3.1(h) the establishment of prevention and health programmes. The OHSAS documents would require these if the organization s risk assessments, or the OH&S management system and objectives, required them. B.3.5 ILO-OSH Section 3.4, Competence and training The recommendation of the ILO-OSH Guidelines sub-section 3.4.4: "Training should be provided to all participants at no cost and should take place during working hours if possible", is not a requirement of the OHSAS documents. B.3.6 ILO-OSH Section 3.10 Hazard prevention, 3.10.1 Prevention and control measures The ILO-OSH Guidelines recommend the implementation of preventive and protective measures to control hazards and risks. These are listed in an order of priority from 3.10.1(a) elimination of the hazard/risk, to 3.10.1(d) provision of personal protective equipment (PPE). The OHSAS documents are not so definitive: "Measures for the management of risk should reflect the principle of the elimination of hazards where practicable, followed in turn by risk reduction (either by reducing the likelihood of occurrence or potential severity of injury or damage), with the adoption of personal protective equipment (PPE) as a last resort." Note the reference to "practicable" means. The OHSAS documents also provide more detailed information on hazard identification, risk assessment and risk control. 18 BSI 13 December 2002

B.3.7 ILO-OSH Section 3.10.4, Procurement The ILO-OSH Guidelines emphasize that safety and health requirements of the organization should be incorporated into purchasing and leasing specifications. The OHSAS documents demand that such requirements be communicated to the supplier, but do not stipulate how. The ILO-OSH Guidelines also stipulate that national laws and regulations should be identified prior to procurement. In the OHSAS documents, these would Ipso facto be identified during the risk assessment process [see OHSAS 18002, 4.3.1d (1)i ]. B.3.8 ILO-OSH Section 3.10.5, Contracting The ILO-OSH Guidelines define the steps to be taken to ensure that the organization's safety and health requirements are applied to contractors (they also provide a summary of the actions needed to ensure that they are). This is implicit in OHSAS. B.3.9 ILO-OSH Section 3.12, Investigation of work related injuries, ill health, diseases and incidents, and their impact on safety and health performance The ILO-OSH Guidelines do not require corrective or preventive actions to be reviewed through the risk assessment process prior to implementation, as they are in OHSAS 18001, 4.5.2(d). B.3.10 ILO-OSH Section 3.13, Audit The ILO-OSH Guidelines recommend consultation on the selection of auditors. In contrast, the OHSAS documents require audit personnel to be impartial and objective. B.3.11 ILO-OSH Section 3.16, Continual improvement This is a separate subclause in the ILO-OSH Guidelines. It details arrangements that should be taken into account for the achievement of continual improvement. Similar arrangements are detailed throughout the OHSAS documents, which consequently do not have a corresponding clause. BSI 13 December 2002 19

B.4 Correspondence between the clauses of the OHSAS documents and the clauses of the ILO-OSH Guidelines Table B.1 Correspondence between the clauses of the OHSAS documents and the clauses of the ILO-OSH Guidelines Clause OHSAS Clause ILO-OSH Guidelines 1 Scope 1.0 Objectives 2 Reference publications 3 Terms and definitions 4 OH&S management system elements 3.0 The occupational safety and health management system in the organization 4.1 General requirements 3.0 The occupational safety and health management system in the organization 4.2 OH&S policy 3.1 Occupational safety and health policy 4.3 Planning 3.7 3.8 4.3.1 Planning for hazard identification, risk assessment and risk control 20 3.10 3.10.1 3.10.2 3.10.5 4.3.2 Legal and other requirements 3.7.2 3.10.1.2 4.3.3 Objectives 3.8 3.9 3.16 Initial review System planning, development and implementation Hazard prevention Prevention and control measures Management of change Contracting Initial review Hazard prevention System planning, development and implementation Occupational safety and health objectives Continual improvement 4.3.4 OH&S management programme(s) 3.8 System planning, development and implementation 4.4 Implementation and operation 4.4.1 Structure and responsibility 3.3 3.8 4.4.2 Training, awareness and competence 3.2 3.4 4.4.3 Consultation and communication 3.2 3.6 Responsibility and accountability System planning, development and implementation Worker participation Competence and training Worker participation Communication 4.4.4 Documentation 3.5 Occupational safety and health management system documentation 4.4.5 Document and data control 3.5 Occupational safety and health management system documentation 4.4.6 Operational control 3.10.2 3.10.4 3.10.5 Management of change Procurement Contracting 4.4.7 Emergency preparedness and response 3.10.3 Emergency prevention, preparedness and response 4.5 Checking and corrective action 4.5.1 Performance measurement and monitoring 3.11 Performance monitoring and measurement 4.5.2 Accidents, incidents, nonconformances and corrective and preventive action 3.12 3.15 Investigation of work related injuries, ill health, diseases and incidents and their impact on safety and health performance Preventive and corrective action 4.5.3 Records and records management 3.5 Occupational safety and health management system documentation 4.5.4 Audit 3.13 Audit 4.6 Management review 3.14 Management review BSI 13 December 2002

Bibliography ISO 9001:1994, Quality systems: Model for quality assurance in design, development, production, installation and servicing. ISO 9001:2000, Quality management systems Requirements. ISO 14001:1996, Environmental management systems Specification with guidance for use. ISO/IEC Guide 2:1996, Standardization and related activities General vocabulary. United Kingdom supplement BSI standards publications BRITISH STANDARDS INSTITUTION, LONDON W4 4AL BS 8800:1996, Guide to occupational health and safety management systems. BS EN ISO 9001:1994, Quality systems: Model for quality assurance in design, development, production, installation and servicing. BS EN ISO 9001:2000, Quality management systems Requirements. BS EN ISO 14001:1996, Environmental management systems Specification with guidance for use. BS EN ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing. Health and Safety Commission/Executive publications [1] Health and Safety Commission Management of health and safety at work. 1992. London: The Stationery Office. [2] Health and Safety Executive Successful health and safety management: HS(G) 65, 1997. London: The Stationery Office. The public enquiry point is: HSE Information Centre Tel: 08701 545500 Fax:02920 859260 www.hse.gov.uk Email: hseinformationservices@natbrit.com HSE priced and free publications are available from: HSE Books PO Box 1999 CO10 2WA Fax: 0178 731 3995 www.hsebooks.co.uk BSI 13 December 2002 21

OHSAS 18001:1999 BSI 389 Chiswick High Road London W4 4AL BSI British Standards Institution BSI is the independent national body responsible for preparing British Standards. It presents the UK view on standards in Europe and at the international level. It is incorporated by Royal Charter. Revisions British Standards are updated by amendment or revision. Users of British Standards should make sure that they possess the latest amendments or editions. It is the constant aim of BSI to improve the quality of our products and services. We would be grateful for notification of an inaccuracy or ambiguity found while using this BSI publication. Tel: +44 (0)20 8996 9000. Fax: +44 (0)20 8996 7400. BSI offers members an individual updating service called PLUS which ensures that subscribers automatically receive the latest editions of standards and other BSI publications. Buying British Standards and other BSI publications Orders for all BSI, international and foreign standards and other BSI publications should be addressed to Customer Services. Tel: +44 (0)20 8996 9001. Fax: +44 (0)20 8996 7001. Email: orders@bsi-global.com. Standards and other BSI publications are also available from the BSI website at http://www.bsi-global.com. In response to orders for international standards, it is BSI policy to supply the BSI implementation of those that have been published as British Standards, unless otherwise requested. Information on standards and other BSI publications BSI provides a wide range of information on national, European and international standards and other BSI publications through its Library and its Technical Help to Exporters Service. Various BSI electronic information services are also available which gives details on all its products and services. Contact the Information Centre. Tel: +44 (0)20 8996 7111. Fax: +44 (0)20 8996 7048. Email: info@bsi-global.com. Subscribing members of BSI are kept up to date with standards developments and receive substantial discounts on the purchase price of standards and other BSI publications. For details of these and other benefits contact Membership Administration. Tel: +44 (0)20 8996 7002. Fax: +44 (0)20 8996 7001. Email: membership@bsi-global.com. Information regarding online access to British Standards and other BSI publications via British Standards Online can be found at http://www.bsi-global.com/bsonline. Further information about BSI is available on the BSI website at http://www.bsi-global.com. Copyright Copyright subsists in all BSI publications. BSI also holds the copyright, in the UK, of the publications of the international standardization bodies. Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, photocopying, recording or otherwise without prior written permission from BSI. This does not preclude the free use, in the course of implementing the standard, of necessary details such as symbols, and size, type or grade designations. If these details are to be used for any other purpose than implementation then the prior written permission of BSI must be obtained. Details and advice can be obtained from the Copyright & Licensing Manager. Tel: +44 (0)20 8996 7070. Fax: +44 (0)20 8996 7553. Email: copyright@bsi-global.com.