Vous êtes sur la page 1sur 31

Systems in focus

Guidance on occupational safety

and health management systems
IOSH publishes a range of free Systems in focus – guidance on If you have any comments or questions
occupational safety and health about this guide please contact
technical guidance. Our management systems Research and Information Services at
guidance literature is designed The aim of this guide is to provide IOSH:
occupational safety and health (OSH) - t +44 (0)116 257 3100
to support and inform practitioners, managers, educators and - researchandinformation@iosh.co.uk
members and motivate and others with a basic understanding of
the role and development of OSH PDF versions of this and other guides
influence health and safety management systems. Starting with a are available at www.iosh.co.uk/
stakeholders. brief introduction to the subject, the freeguides.
guide contains:
- general structure – main Our materials are reviewed at least
components, history, links with once every three years. This document
international regulatory regimes and was last reviewed and revised in
integrated systems August 2014.
- detailed structure – key elements of
effective systems
- discussion – advantages and
disadvantages, certification and
getting started.

The guide also has reference and

further reading sections.

1 Introduction 02
2 The main components of OSH management systems 03
3 Typical systems – an overview 05
4 Regulatory and industry standards
– some global perspectives 08
5 Should management systems be integrated? 09
6 The key features of an effective OSHMS 10
7 Advantages and disadvantages of OSHMSs 18
8 OSHMS certification 21
9 How to get started 22

References 24
Further reading 25
Appendix: List of abbreviations 27
Acknowledgments 28

List of figures
1 Plan–Do–Check–Act diagram 03
2 Flowchart based on HSG65 05
3 Flowchart based on OHSAS 18001 06
4 Flowchart based on ILO guidelines 07
5 OSHMS stakeholders 13
6 Process for developing an OSHMS 23

List of tables
1 Typical changes faced by an organisation 10
2 Advantages and disadvantages of internal audit 16
3 Advantages and disadvantages of external audit 16
4 OSHMS comparison table 22
1 Introduction

Guidance context IOSH’s position OSHMSs – an overview

Changes in work IOSH recognises that work-related The main components of an OSHMS
Developed countries are experiencing a accidents and ill health can be prevented include both policy – a ‘mission
shift of balance from manufacturing to and wellbeing at work can be improved statement’ for health and safety that
service industries, new technologies, if organisations manage health and provides a mechanism for management
globalisation, flexible work practices safety competently and apply the same control and accountability – and
and an ageing workforce. Meanwhile, or better standards as they do to other arrangements for implementation,
many developing countries are shifting core business activities. We believe that monitoring (including audit) and
from rural to industrial and service the formal OSHMSs mentioned in this continual improvement. Formalising
activities. Both scenarios present guidance, and others based on similar these arrangements removes the
changing work patterns and associated principles, provide a useful approach to potential arbitrariness of processes
hazards. The multitude of work-related achieving these goals. developed by a few individuals and
risks requires a systematic approach to helps to support a management culture
occupational safety and health (OSH) Guidance that can involve the whole workforce.
management, and some of the This document helps professional
principal management tools are health and safety advisers to explore OSHMSs have developed through
occupational safety and health what OSHMSs can offer their own national and international co-operation.
management systems (OSHMSs). organisations and those that they Some were boosted by legal
advise. It has three specific aims: developments such as the European
Management system developments - to support improvements in Union (EU) Framework Directive,1 while
Organisations are being encouraged to effective health and safety others were created in response to
adopt formal management systems management industrial sector needs (eg Responsible
through their supply chains, and to a - to help organisations that want to care2 in the chemical industry). With the
lesser extent through legal pressures. introduce formal OSHMSs publication of International Labour
Current systems include both generic - to encourage IOSH members to play Organization (ILO) guidelines3 in 2001,
approaches and sector-specific a full part in these developments the international dimension came fully
arrangements developed by trade and in continually improving into focus. Today, the leading
bodies. The continued development and existing systems. international standard is OHSAS 18001.4
wider use of formal systems seems to be
inevitable, particularly where corporate Structure of guidance This guidance is divided into three
governance issues have a high priority. Adopting and implementing an OSHMS, broad parts. Sections 2–5 cover the
and integrating it with other general structure of OSHMSs, including
Common features management systems, requires careful their history, links with international
Formal systems have at their core the planning and management. This regulatory regimes and the issues
elements of plan, do, check and act guidance outlines the basis of these involved in integrating them with other
(PDCA) – embodying the principle of systems, discusses some of their benefits management systems and with
continual improvement. Although there and pitfalls, offers practical suggestions business risk management. The detailed
are potential disadvantages to formal and explains how to implement and structure of an OSHMS and the key
systems, such as increased paperwork, develop an effective OSHMS. issues involved in implementing it are
the benefits of developing arrangements covered in section 6. Sections 7–9
that fully meet your organisation’s needs provide information on the advantages
make them worthwhile when they’re and disadvantages of OSHMSs, the
properly implemented. issue of third-party certification, and
how to get started. The appendix
contains a list of the main abbreviations
used in this guidance.

2 The main components of OSH management systems

Whatever management model you use, organisation should set long term - Implementing and operating –
it’s likely to be based on the principle OSH objectives and plan targets and putting management processes and
of plan, do, check and act (PDCA – actions to achieve them. plans in place and carrying out the
also known as the ‘Deming cycle’). - Organising – a definition of the activities from risk assessment to
organisational structure, allocation audit – in other words, putting the
Numerous types of management system of OSH responsibilities to employees OSHMS into practice.
are based upon this principle, notably linked to operational controls, and - Measuring performance – from
health and safety (OHSAS 18001), ways of ensuring competence, reactive data on the rates of work-
quality management (the ISO 9000 training and consultation. related injuries, ill health, near
series) and environmental management - Workers’ representatives* – a misses (sometimes referred to as
(the ISO 14000 series). You can gain crucial resource that can make a ‘near hits’) and other incidents, to
significant benefits by integrating your valuable contribution to the active data on routine inspections,
organisation’s approach to these areas – organisation’s overall response to health and safety committee
in other words, by adopting a holistic risk and opportunities. activities, training, risk assessments
approach (see page 09). - Communicating – from basic and so on (see IOSH’s guidance on
information and work procedures to reporting performance5). Formal
Effective OSHMSs include the following the details of the system itself, from audits should evaluate the overall
elements: managers to workers and vice versa. performance of the system.
- Policy – a statement of commitment - Consulting – whatever the flow of - Corrective and preventive
and vision by the organisation, which information, you need an effective actions – a fundamental OSHMS
creates a framework for way of tapping into the fund of component is a systematic approach
accountability that is adopted and led knowledge and expertise held by to identifying opportunities for
by senior management. your workforce, clients, suppliers preventing accidents and ill health,
- Planning – a plan for identifying and other stakeholders (eg including those that stem from
hazards, assessing and controlling regulators, trade unions and investigating work-related injuries,
risks, and preparing for and neighbours). Involving all these ill health and incidents. Various
responding to emergencies, as well groups will also help you to shape techniques are used to identify and
as identifying legal and other your risk management programme. correct weaknesses in the system
standards that apply. The and to find ways of preventing
failures and harm.

- Policy
Plan - Planning
- Hazard identification and risk assessment

Do - Implementation and operation

- Performance assessment
Check > (active and reactive)

Act - Review and continual improvement

Figure 1: Plan–Do–Check–Act diagram

* We’ve used ‘workers’ representatives’ in this guidance to mean any workers’ safety representatives, regardless of whether they’re appointed by
a trade union or chosen in some other way.

- Management review – an
evaluation of how appropriate the
overall design and resourcing of the
system are, as well as its objectives
in the light of the performance
achieved. This includes making sure
that compliance with relevant legal
and other requirements is
periodically checked.
- Continual improvement – at the
heart of the system is a
fundamental commitment to
manage health and safety risks
proactively, so that accidents and ill
health are reduced (effectiveness)
and/or the system achieves the
desired aims by using fewer
resources (efficiency).

3 Typical systems – an overview

Many OSHMSs have been published It’s based on the traditional PDCA current edition of HSG65.6 This edition
over the past 25 years. Some reflect principle, where the organisation’s plans contains information on managing
the interests of the sponsoring bodies. reflect the policy document and the change and more advice on
For example, the American Industrial implementation phase is dominated by consultation, communication and
Hygiene Association system places the risk assessment and application of continual improvement. HSG65 retains
industrial (occupational) hygienist at controls. Checking includes a mixture of the special status of a management
centre stage as the crucial competent performance monitoring, auditing and system developed by a regulatory
person. Others, such as the corrective action. agency, and it’s familiar to many UK-
International Safety Rating System, based managers and OSH practitioners,
were developed so that commercial The guidance intentionally reflected particularly in larger organisations.
organisations could offer third party contemporary management processes
certification. Three generic OSHMSs and encouraged readers to harness OHSAS 18001
reflect this history and illustrate the them for health and safety OHSAS 180014 grew from a desire to
different emphases of current systems. programmes. However, at that time, create a system capable of assessment
the HSE was under pressure to restrict and certification, as a follow-on from
HSG65* its activities to supporting and BS 8800 (now revised and reissued as
The UK Health and Safety Executive (HSE) enforcing legal compliance. This led to BS 18004:20087).
published Successful health and safety a system in which legal compliance
management (HS(G)65) in 1991. This became embedded in organisational HS(G)65 covered the implementation
was characterised by five key elements: policy and, once achieved, the aim was of an OSH policy, and implied that this
- policy largely to maintain the status quo. This would be quite straightforward once
- organising compared unfavourably with systems the policy had been adopted. OHSAS
- planning and implementation that unambiguously focus on continual 18001, on the other hand, more fully
- measuring performance improvement, a fundamental weakness reflects the problems of changing an
- audit and review. that was addressed in the second and organisation. Building on established

Policy Control link

Information link


Planning and


Auditing Reviewing

Figure 2: Flowchart based on HSG65

* HSG65 is currently (May 2011) under revision – see www.hse.gov.uk/managing/index.htm for more information.

environmental management systems in authoritative and its 2001 Guidelines
particular, OHSAS 18001 recognises the on occupational safety and health
importance of planning and managing management systems3 established an
the changes that are likely to be international model, following a
needed as an OSHMS is introduced. detailed review of over 20 management
systems worldwide. It reflects the
ILO OSHMS guidelines globalisation of organisations and the
The ILO is a tripartite United Nations increase in outsourcing and partnering
agency that influences the development – these changes demonstrate how
of labour laws across the globe. Its systems need to evolve continually to
publications and guidance are reflect new business practices.


and operation

Checking and
corrective action


Figure 3: Flowchart based on OHSAS 18001

Policy Continual

Planning and


Action for

Figure 4: Flowchart based on ILO guidelines

4 Regulatory and industry standards
– some global perspectives

A key factor in implementing a formal (although many would argue that in Looking ahead
OSHMS is consideration of the legal the EU there’s still a strong drive There is increasing international
framework that creates the towards embedding detailed certification to OHSAS 18001 and an
operational context. In the EU, prescriptive requirements in Directives). increasing trend towards integrating
Australia and offshore regimes Developing management systems is PDCA management systems. The
generally, regulation of major hazard another step along the same road. The OHSAS Project Group surveys have
industries via a ‘safety case’ approach structure of a lot of national legislation found that between 2003 and 2007,
is accompanied by an emphasis on reflects this. In the UK, for example, the number of countries where OSHMS
effective management systems to the Management of Health and Safety certification occurs has grown from 70
complement and reinforce required at Work Regulations 19999 require to 102 and the number of reported
high standards of technical safety. demonstrable management of OSH. In OHSAS 18001 (or equivalent)
Also, the International Maritime Canada, ‘due diligence’ defences have certificates from 3,898 to 31,512.
Organization (IMO) now requires been successfully used by defendants These trends are driven by factors such
most categories of international with a formal OSHMS. In Norway since as the increasingly international nature
shipping to use the International 1991, it’s been mandatory for of business and supply chain
Safety Management (ISM) Code,8 an organisations to establish internal requirements in general, supported by
OSHMS for marine operations. control systems to make sure that increasing recognition by enforcers that
health and safety activities, including management systems – when run
Some countries, particularly in the internal and external audit, are legally properly – can help to deliver improved
Pacific Rim, require organisations to compliant, and to document them. legal compliance and OSH
adopt OSHMSs with third-party Similarly, Swedish law requires performance. In addition, the designers
auditing by government-approved systematic internal control of OSH. In of management systems themselves
auditors. In others, there have been India, following the Bhopal disaster, are paying increasing attention to
moves to link internal OSHMS status legislation in 1988 prescribed supply chains and dealing with OSH
with the enforcement inspection systematic management to prevent issues associated with products, not
regime. For example, under the such events. The Chinese government just with operations.
Voluntary Protection Program in the has adopted the ILO’s OSHMS
United States, organisations with guidelines and has used them to
systems approved through an develop a certification framework.
extensive audit may be exempted from Australia and New Zealand have a well-
‘normal’ Occupational Safety and developed national OSHMS standard,10
Health Administration (OSHA) but no plans to make its adoption
inspections. Proponents of this system mandatory. These are all examples of
claim that it allows employers to the extension of self-regulation.
concentrate on systems of work rather Some management systems have been
than individual deficiencies (hazards developed to meet the needs of
and risks), but there’s considerable specific sectors. For example:
debate over the merits or - the chemical industry has developed
shortcomings of this approach. Responsible care
- the shipping industry uses the IMO’s
There’s also been a general worldwide ISM Code
movement away from prescriptive - oil and gas producers have
regulations – which have the published comprehensive, global
advantage that employers are told guidelines for a health, safety and
explicitly what they have to do – to environmental system for
process requirements, with risk exploration and production
assessment as the key process activities.11

5 Should management systems be integrated?

IOSH’s guidance, Joined-up working – The requirement for corporate The process of integration presents
an introduction to integrated accountability based on a BRM distinct challenges to organisations.
management systems12 covers: approach is highlighted both globally Those that are most likely to integrate
- the case in favour of integrating by the Organisation for Economic their systems successfully will already
management systems Co-operation and Development and in use multiple channels of
- arguments for retaining largely the so-called ‘Turnbull Report’,14 which communication founded on trust,
independent systems requires companies listed on the UK respect for the expertise of co-workers,
- organisational prerequisites for stock market to identify, assess, record and experience of and confidence in
integration and manage their significant risks in a managing change.
- factors that should be considered suitable manner. There must be
when introducing an integrated systems for regularly reviewing these However, while many of the generic
management system (IMS) risks and adjusting their controls, elements of an IMS can be set up by
- maintaining and developing an IMS. together with statements in company non-specialists, it’s vital that risk
annual reports that confirm the assessment processes are supported by
IOSH’s view is that “an effective IMS effectiveness of these systems. people who are fully competent in the
should be the preferred option for specific areas covered by the integrated
many, but not all”. A well-planned IMS Hence, the management of OSH, system (quality, environment, health and
should be more efficient and capable environmental or quality risks should safety, and so on). This is necessary both
of taking the best decisions in the face not be treated in isolation, because of to avoid overlooking hazards and to
of various factors and uncertainties. the impact that poor risk management make sure that controls intended to
can have on brand, reputation, minimise risks reflect current good
An integrated approach is also business continuity and financial practice.
expected in business risk management wellbeing. This is the fundamental
(BRM), which is defined in IOSH reason why most organisations An IMS encompassing OSH,
guidance13 as “the eradication or integrate their OSHMS with the environmental and quality risks can be
minimisation of the adverse effects of systems used to manage environmental a major step in the direction of
pure and speculative risks to which an and/or quality risks. Integration allows continual improvement. This drive for
organisation is exposed”. Such risk risks to be prioritised overall, so that continual improvement in all areas of
includes health and safety, resources can be allocated to achieve BRM – including OSHMSs – can be
environmental and quality failures. maximum risk reduction and benefit. In further enhanced by setting targets,
non-integrated systems, on the other establishing proactive key performance
hand, resources are allocated to each indicators and using performance
risk area in isolation, and the resources appraisals to formalise responsibilities
allocated to each may not reflect that for all directors, managers and
risk area’s overall significance. supervisors who contribute to the
achievement of the organisation’s goals,
vision and mission. An effective IMS
greatly enhances OSH management
and leads to continual improvement in
the level of performance.

6 The key features of an effective OSHMS

This section covers four essential explains why discussion about the need - improvements in the system itself,
elements of an OSHMS: for an OSHMS often starts from the so that it’s more comprehensive,
- continual improvement (and how to continual pressure to reduce accidents, easier to understand, or in other
achieve it) incidents and ill health. respects better than before.
- system activities (high-level objectives
and detailed OSHMS activities) With continual improvement built into Reporting up?
- stakeholder involvement (internal an OSHMS, opportunities to improve When launching a more systematic
and external) effectiveness and efficiency are approach to health and safety, one
- auditing and verification (good systematically identified and action is improvement will be in reporting
practices in OSH auditing and taken. Often this can be done at low rates, ie staff and managers will
auditor competence). cost as part of the preparation for, or declare a higher proportion of
response to, other required changes. accidents and incidents. This leads to
A good system? an apparently rising rate – which can
If you want a simple diagnostic for However, ‘improvement’ need not look like failure. Prepare colleagues
‘is our OSHMS good?’, then evaluate imply greater complexity. If the OSHMS for this before you begin.
how effective it is at driving is simplified, it may become easier to
improvements in performance, understand and apply, yielding better How to achieve continual
rather than simply disciplining overall results. Improvement may also improvement
people to follow set procedures. be possible by broadening the scope of Traditionally, the audit stages of the
the system, for example by applying it OSHMS are seen as the fount of all
Continual improvement to outsourced services, value chain improvement wisdom, but this
Quality systems standards did not initially interactions and new technical areas viewpoint unnecessarily restricts
include continual improvement. This such as occupational road risk. thinking about improvements in
omission was corrected in ISO 9001: managing the workplace. There are
2008,15 but may be one reason for a Continual improvement in an OSHMS other important sources of data,
widespread view that the primary output can have four aspects: including statistics, benchmarking and
of quality management systems is - results that are better year on year, industry or sector guidelines, as well as
paperwork, rather than real improvement as measured by falling rates of the people in the organisation.
in processes and products. In fact, injuries, ill health and damage
continual improvement is vital if - steady or improved results that are People who operate systems are often
management systems are to be effective achieved with fewer resources a fertile source of improvement ideas –
(in the sense that the results achieved because the OSHMS itself improves if they’re encouraged to express them.
are what’s required) and efficient (in the and effort is better targeted Managers, team leaders, workers and
sense that the resources used are - results that move the culture of the their representatives – if they truly feel
sustainable in the long term). This is whole organisation to a new state they ‘own’ the work processes and are
particularly true for organisations of effectiveness and efficiency, often actively monitoring them – usually have
operating in a continually changing described as ‘breakthrough many ideas for improvement, to make
environment (see Table 1). It also performance’ processes both easier to operate

External changes Internal changes

- New guidance, industry or national standards - New products, services or workplaces
- National targets, such as Revitalising health and safety - New working arrangements, such as a union agreement
(launched in 2000 in the UK)16 – for more information or home working
see www.hse.gov.uk/statistics/pdf/prog2009.pdf - Business reorganisation, such as outsourcing
- New hazards, or new emphasis on old hazards, such as - Business growth and change
stress and asbestos - New work equipment, or changed contractors or
- Campaigns by regulators, trade unions, non- suppliers
governmental organisations (NGOs), media - New employees, or experienced employees leaving the
- New or revised legislation organisation
- Supply chain (client) pressures - Merger or takeover

Table 1: Typical changes faced by an organisation

(efficient) and more likely to produce High-level objectives - investigation of the root causes of
the desired results (effective). Involving The OSHMS will incorporate detailed these non-conformances, with
the workforce, particularly through activities designed to achieve or corrective actions applied to
worker representatives, is crucial to support the following high-level improve the OSHMS and prevent
achieving OSH improvements. One objectives: recurrences
method that is effective is the creation - clear policy-making with written - emergency systems, including plans
of ‘diagonal slice’ groups – such as commitment to good standards at and competent people to
worker, team leader, engineer and the highest level in the implement and respond to them,
manager – working as an improvement organisation, supported by visible for containing and controlling
team. To achieve good OSH results, it’s leadership, adequate resources, serious system or business failures
also essential that directors, managers, personal involvement, and regular and minimising adverse effects.
team leaders and the whole workforce monitoring and reviews of
see health and safety issues as their performance (which, for example, ‘Step change’ or ‘continual’?
responsibility, not just the concern of require the chief executive officer or A ‘step change’ is often suggested,
the OSH professionals. managing director to ask probing perhaps in response to external
questions during meetings and site pressures for improvement. But the
A process is needed to make sure that visits, and all directors to participate ability to achieve a step change in
improvement ideas are gathered and in risk inspections or reviews) most organisations is limited – even
evaluated (with feedback given to the - employment of competent staff, when there are true step changes in
originators), and that those that add with adequate resources and time inputs to a complex system, outputs
value are suitably resourced, to train and develop them alter much more slowly. Step changes
implemented and monitored. It’s - effective arrangements for involving in organisations often have
important that improvement and consulting key stakeholders such unplanned and undesired effects.
suggestions support long term strategic as employees (including developing Even where a real step change is
goals. If they do, and they’re swiftly partnership agreements with trade needed, an effective project to make
implemented, the net effect of many unions), customers, regulators and it happen will consist of many small
small improvements can be dramatic. other statutory consultees, changes, each contributing to the
The process of creating improvement contractors, partners and overall plan and aligned with the
ideas can also be subject to formal neighbours, and also for sharing overall objectives. Thus, a ‘continual
management processes. For example: lessons across the organisation and improvement’ model is a good way
- issues can be managed using more widely as appropriate to manage all types of change. This
‘SMARTT’ improvement plans, ie - making sure that materials, was recognised by Rolls-Royce plc
specific, measurable, agreed, realistic, equipment and services bought when it initiated the ‘One small step’
timetabled and tracked actions that outside the organisation are chosen programme for organisational
are reported back to the ‘owner’ according to appropriate OSH transformation. It was summarised
(accountable person or group) – criteria as well as price. well by the Japanese industrialist,
which may be the safety committee, - making sure that technical and Soichiro Honda, who once said: “It is
the local line manager or a director operational records are available, more benefit to the success of the
- a task group can be set up to updated and retained as necessary business that 1,000 people take one
review a particular issue, such as to meet business needs and step forward rather than one person
workplace transport, with a brief to regulatory requirements taking 1,000 steps forward.”
report back with recommendations - regular monitoring of all parts of
for improvement to the owner of the OSHMS by those responsible for
the issue. business processes, work groups What is the system?
and work sites, to compare actual A description of a management
System activities performance with expected results system is not the system itself.
Documenting your organisation’s and goals Sometimes a manual is handed over
activities, whether on paper or - a system for planned audits to with the comment ‘this is our
electronically, is important and should verify how effective the OSHMS is management system’, when what
be the basis for: in practice (see page 16) should be said is ‘this document
- training people with OSHMS - systems for identifying and describes and summarises what we
responsibilities reporting instances where the do in practice – our management
- the OSHMS trainees’ reference required standards aren’t met, system’.
manual including external reporting where
- the audit standard. required
Detailed OSHMS activities - All reported accidents are Tailor the system
The OSHMS model you use (see page categorised by potential (not just
It is vital to adapt the ‘standard’
22 for information on choosing the actual) outcome and prioritised for
OSHMS to the particular
right one) should be adapted to meet investigation into root causes on
organisation. An OSHMS used by a
the needs of your organisation. How the basis of this potential outcome.
large multinational organisation can
the high-level requirements Suitable recommendations are
have more than 200 ‘activities’ – all
summarised above are broken down made to prevent recurrence and are
of which are needed somewhere –
into activities and described in practice monitored to verify that they’ve
although each small part of the
can depend on: been followed through.
organisation will implement only the
- the type of hazards managed by the - Contracts are awarded and
subset relevant to its part of the
system – are they well understood managed with OSH performance
organisation. A smaller single-site
or new? Are external and/or internal among the key performance criteria.
organisation might need
stakeholders at risk? Do they have
substantially fewer activities to cover
short or long term effects? Each of these describes goals to be
everything significant.
- the type of organisation – does it achieved, but doesn’t detail what
cover a single site or many? Is there actually happens in the workplace. The
much outsourcing or not? How OSHMS activity description is ‘goal- Stakeholder involvement
many products and customers are setting’, minimising the need for A range of individuals and groups are
involved? revision whenever the organisation and ‘stakeholders’ in the OSHMS – in other
- the range of technologies – how its work processes change. Prescriptive words, they may be affected by its
many technical disciplines and detailed procedures, responsibilities, results and therefore potentially
standards are there? documents, training modules and so on interested in its content and
- legislative and other applicable are needed, but these operational-level effectiveness. They include people both
standards – are they based on documents don’t usually form part of inside and outside the organisation itself,
prescriptive laws and external the OSHMS description. Operational- as shown in Figure 5.
operating standards or goal-setting? level procedures need to include the
key element of accountability and must Internal stakeholders
Each of the OSHMS activities should be be sample audited to make sure that Directors or trustees
in the form of an auditable standard – they define who’s responsible for what Directors (including charity trustees and
in other words, a ‘system’ or ‘process’ and when (or how often), and what the senior officers of public bodies, as
that uses defined inputs to achieve expected outcome is. The monitoring specified in their policies and
defined output goals. Here are some and audit steps are used to check arrangements) are legally responsible for
examples: whether such supporting processes are organisational performance.
- A current health and safety policy available where needed, and whether Traditionally, financial performance
statement, signed by the they’re effective, and to identify indicators are the only ones included in
responsible director, is readily possible improvements. directors’ annual reports, but measures
available and used during the of performance in other key areas,
induction process for all employees It’s increasingly apparent that effective notably corporate social responsibility
and contractors. OSHMSs cover human factors and don’t (CSR) – which includes health and
- A register of relevant hazards is assume a mechanistic approach to safety, environmental and other issues –
held by each work section, organisational and individual behaviour. are increasingly used. UK accounting
including summaries of key controls For example, leadership and the effects standards for organisations quoted on
and any current improvement plans of human reliability on the effectiveness the London Stock Exchange (Turnbull14)
(risk assessments). This includes the of hazard controls are important issues and for registered charities (SORP17)
likely consequences if control to consider and monitor. require directors, trustees and senior
systems fail, such as single or officers to provide assurances that all
multiple fatalities, small or large significant risks, including health and
scale damage and short or long safety risks, have been identified and
term ill health. that appropriate controls are in place.
IOSH has published guidance for people
responsible for reporting organisational
health and safety performance,
outlining how to include these data in
annual reports.5

A prerequisite of good performance is and also accept personal responsibility
Reality check
that leaders of organisations for organisational performance, they’ll
Make sure that senior managers
consistently demonstrate that health be able to make a huge difference to
and directors visit accident sites and
and safety results are as important as the commitment to continual
those affected by accidents, such as
other key business goals. This should improvement. In the UK, the Institute
people who are hospitalised
be reflected in annual business targets. of Directors and the HSE have
following an accident. This will help
Similarly, OSH performance should produced a guide for directors and
to make sure that senior staff don’t
form part of business agendas, formal their equivalents.18
become isolated from the realities
and informal discussions with
of daily workplace hazards and the
employees and so on.
damaging effects to individuals of
failures in the OSHMS.
If leaders display behaviour that
Conversations with workers’
demonstrates the high value they place
representatives can also act as a
on the health and safety of each
helpful ‘reality check’ for senior staff.
person for whom they’re responsible,

Internal stakeholders
- directors and trustees,
or equivalents
- workforce, including
trade unions, worker
representatives and
on-site contractors
- OSH professionals

External stakeholders
- regulators
- neighbours
- clients and supply chain
- insurers
- shareholders/investors
- corporate social responsibility
- global bodies

Figure 5: OSHMS stakeholders

The workforce legal requirement. Representatives may, for example, monitor exposure to
The workforce is a key stakeholder for contribute to the effectiveness of the hazardous substances) and engineering
a number of reasons: OSHMS with their detailed knowledge inspectors (who may examine and test
- If OSH management is deficient, the of what happens at the ‘sharp end’. local exhaust ventilation and so on).
workforce is usually the group most They can:
at risk from injury and ill health. - identify opportunities for It’s likely that an OSH professional will
This is a major focus for trade improvement be appointed custodian of the OSHMS
unions, both at individual - make sure that workplace on behalf of the organisation, with a
workplaces and through national inspections and monitoring are key role in its effective implementation
and international campaigning. thorough and regular review. OSH professionals
- Employees have first-hand - check that planned improvements should also be able to make key
experience of many workplace and changes are realistic contributions to audit processes and
hazards and of how efficient and - help with root-cause investigations investigations of serious incidents such
effective current controls are in of failures as injury, ill health or damage.
practice. Employees are a prime - act as a focus for employees’
source of ideas for continual questions and concerns External stakeholders
improvement. But some hazards - give access to external information Regulators
aren’t easily identified, as their about best practices via trade unions Regulators’ actions reflect society’s
effects are long term or are realised - provide a valuable ‘reality check’ for growing intolerance of organisations
so rarely that there’s no workforce senior managers and regulators, as whose profits appear to be earned
‘memory’. This means that it’s representatives are typically confident without due care for the health and
essential to train relevant staff so in stating their views. safety of workers, customers or the
that they’re competent in practical public. Outside the UK and particularly
hazard identification. Workers’ representatives need training in the Pacific Rim, it’s becoming
- Trade unions and workers’ to be effective; team leaders and increasingly common for national
representatives generally have a supervisors also need training on how legislation to require certification to a
wide knowledge of and strong to work with representatives. recognised national or international
commitment to health and safety, OSHMS standard, particularly for higher
so are a significant resource for OSH professionals hazard industries such as construction.
the OSHMS to incorporate and OSH professionals form the main group In the UK, areas regulated by safety
benefit from. of people who advocate the benefits of cases (eg nuclear, onshore major
- Whatever formal systems and OSH systems. UK-based organisations hazards, pipelines, offshore, railways,
controls are used, the individual or have a legal requirement to “appoint gas supply) all require a summary of the
small team performing a task has one or more competent persons” to OSHMS to be included in the safety
great influence over its outcomes. help them comply with relevant OSH case submitted by the operator to the
Legally and morally, each person legislation. Where more than one person regulator. In addition, some industries
has a duty of care to him or herself is appointed, team work is important to have adopted voluntary codes and
and to others who may be affected make sure that the OSHMS is standards that include a systematic
by acts or omissions. You can comprehensive, efficient and effective. approach to OSH management (see the
change the behaviour of individuals examples on page 08).
and groups by making sure that OSH professionals have a key role in
they understand the hazards advising others with responsibilities Investors and insurers
identified by the local OSHMS, the under the OSHMS, especially in Both investors and insurers are
controls in place and why these are knowing about hazards, their likely concerned about risk, particularly risk
judged to be sufficient. effects and current good practice for that isn’t managed effectively. Whereas
avoiding, minimising, controlling and the Turnbull requirements (see page
Workers’ representatives mitigating them. For OSH professionals 09) are targeted at avoiding major
Setting up a system of employee OSH to be able to give advice, they must losses, investors are increasingly
representatives can act alongside understand relevant legislation, requiring more positive reassurance
promoting personal motivation to add standards, best practice, practical risk that a business is well managed, and
value to the OSHMS. Such a system is assessment methods, cost-effective may take health and safety as a marker
often developed as part of the formal controls and training provision. The for performance in general. Insurers
election of workers’ representatives. In OSH professional is also likely to liaise may decline certain types of risk unless
the EU and some other regulatory with external professionals, such as they’re convinced that the issues are
regimes, employee consultation is a occupational hygiene consultants (who well managed. Evidence of a
5 How should employers promote health?

comprehensive and effective OSHMS globalisation, such standards assume - interviews – to confirm that
can help directors respond to questions higher profiles and responsible awareness, competence and
and concerns raised by both investors organisations must pay more attention resources are appropriate
and insurers. to ensuring compliance. There is special - observation – to check that
focus on the protection of ‘vulnerable arrangements and standards
CSR lobby groups’ such as children, migrant described in the OSHMS are actually
In developed countries, there’s now workers and female workers. The ILO present in the workplace.
significant demand for CSR, including has published numerous codes on a
public corporate reporting. Both the wide variety of health and safety issues, Audits have several key features:
Dow Jones and the FTSE operate seeking to set minimum standards of - Auditors’ independence gives
investor listings linked to CSR results practice around the world. credibility to the audit findings.
that include health and safety. Auditors should not have any
Compliance with relevant ILO, IMO and personal accountability, or direct
In addition, non-governmental WHO codes for workplace health and reporting relationships, in the group
organisations, investors and safety is often a requirement for or area they’re auditing.
consumers19 ask questions about OSH operating in developing economies, in - Auditors need a strong analytical
results, particularly of global particular for projects funded by the ability but also well-developed
organisations, if they suspect that World Bank or the International ‘people skills’, so that they can
activities are being ‘exported’ to Monetary Fund. It can be expected that collect reliable evidence quickly. The
locations where workplace OSH compliance with GRI guidelines will skills of a good accident investigator
standards are lower than in the move, in due course, from voluntary have a lot in common with those of
organisation’s home country, thereby towards mandatory status. Third-party a good auditor, and vice versa.
increasing profits at the expense of the verification of such compliance may also - Company procedures and local
workforce’s health and safety. The be expected, hence the link to OSHMSs. documents are sampled and
ASSE and IOSH guidelines, Global best evidence is collected to check that
practices in contractor safety,20 cover Auditing and verification operational practice is consistent
some of these issues and identify more Good practices in OSH auditing with documented practice. In other
than 60 aspects of good practice for Auditing is the sampling of a process words, say what you do; do what
both clients and contractors – these are by a competent person who’s you say you do; and prove it.
applicable to workplace health as well independent of the process. Auditors - Evidence is collected from corporate
as safety. Compliance with a report on the effectiveness of the and local documents, interviews
recognised OSHMS standard is one of process, focusing on inputs, outputs and inspections of workplaces.
the recommended good practices. and testing internal controls. Auditors should choose some
‘Verification’ has a similar meaning to samples themselves, not just accept
Voluntary codes, such as the Global ‘audit’, but where verification involves what is put before them.
Reporting Initiative (GRI)21 and Social confirming conformity to an external, - Because an audit is a sample,
Accountability 8000,22 bring together recognised standard and results in the however well judged, it can never
the expectations of various issue of a compliance certificate, it is result in a ‘perfect’ view of the facts.
stakeholders in this area, including the generally called ‘certification’. ISO Also, findings are valid only up to
need for appropriate management 1901123 is a useful overall guide on the time of the audit. When
systems and verification. In addition, how to set up and run a successful planning improvements, audit
there’s a growing consensus that audit programme. It can be applied to evidence, though very powerful,
effective risk management needs to virtually any PDCA management should be reviewed alongside other
extend throughout an organisation’s system; though it only covers data on system performance.
supply chain, to ensure security and environmental and quality systems, it
thus sustainability (a development can easily be adapted to apply to Some small and medium-sized
reflected in the ILO OSHMS guidelines). health and safety auditing and is in the enterprises may not have a fully
process of being amended to documented OSHMS, but will be able
Global bodies incorporate this. to demonstrate a clear understanding
The United Nations and its subsidiary of hazards and effective controls.
bodies, such as the ILO, the World Typical audits cover three types of
Health Organization (WHO) and the evidence: Examples of good auditing practice
IMO, set standards, as does the GRI, - documentation – is it adequate? - Techniques to avoid conflict between
based for example on the Universal Does it reflect all OSH hazards of the aims of the auditor and the
Declaration of Human Rights. With the organisation? perceptions of the auditee include:
Avoid paper mountains - For large organisations, an - As audit processes mature, include
In audits, don’t overemphasise the overall audit plan is required so auditors from clients, contractors,
need for comprehensive that all areas are covered in an trade unions or other partners to
documentation – if evidence from agreed timescale. The initial plan aid both transparency and the
interviews and work sites shows the may be hazard-based (areas with sharing of good practice. Consider
system produces high quality results, the highest potential for harm the value of external certification
would more or better paperwork are audited first), later becoming as an additional source of
add value? risk-based (areas with least improvement ideas.
effective controls are checked
- using a transparent more than those with proven Positive and practical?
performance standard as an effective controls). A really effective audit system is one
agreed basis for audit (eg the - Any audit scoring system should in which those being audited look
organisation’s own OSHMS encourage future improvements in forward to the process, expecting
activity descriptions or a preference to highlighting past new and useful ideas for practical
published standard) successes. Discourage improvements. If they face audits
- making sure that audit reports overemphasis on numerical scores with dread, the audit system needs
aren’t seen as the only source and inter-group competition based to improve, not those being
for continual improvement ideas on them; scores should be used as audited!
- including positive as well as benchmarks for improvement.
negative findings in the final - In the UK, the HSE’s guidance,
report Measuring health and safety
- discussing potential negative performance,24 can be used both
findings as the audit progresses, as an input to OSH audit
to give people the chance to methodology and as a source of
produce additional evidence if ideas on quantifying audit results.
provisional findings are incorrect.

Advantages Disadvantages
- Internal auditors know the organisation and where to - External stakeholders may have suspicions about the
look for evidence independence of internal auditors
- Internal auditors’ reports have high internal credibility - Internal auditing takes resources away from normal
- Because internal auditors audit their peers, their findings work – for both training and planned audits
are more likely to be seen as realistic by auditees - Internal auditors can have a limited vision of
- Auditing is an excellent developmental experience improvement opportunities because of a lack of
because employees learn in detail about other parts of external benchmarks
the organisation
- Using internal auditors helps the transfer of good
practices across the organisation because they identify
opportunities for sharing

Table 2: Advantages and disadvantages of internal audit

Advantages Disadvantages
- External auditors have high credibility with external - External auditors must earn respect for their findings
stakeholders within the organisation – initially, they are often viewed
- External auditors provide strong benchmarking knowledge negatively
and can give access to external verification bodies and - External auditors don’t know the organisation, so may
recognised certification where this adds value ask for a lot of pre-audit documentation and take
longer than internal auditors to complete their work
- External audits can be expensive

Table 3: Advantages and disadvantages of external audit

Auditor competence Chartered Members of IOSH. Their
Auditors’ experience
Competence of auditors is a critical Continuing Professional Development
Whatever their understanding of
factor. Competence requires knowledge, (CPD) should also ensure that their
OSHMS models and theory, if an
skill, practical experience and suitable auditing skills are current. However,
OSHMS auditor lacks current
personal qualities, and must cover two where certification is not involved, and
experience in practical OSH hazard
areas: auditing methods and the particularly where specialist areas are
identification, assessment and
processes being audited. It’s often easier being audited, it may be enough for
implementation of suitable controls
to supply the necessary breadth and the leader to meet these standards,
in the type of organisation they’re
depth of competence in a small audit while other team members have an
auditing, their report is unlikely to
team than in a single individual. A team appropriate mix of OSH and audit
add much value.
approach also allows new or competences. OSH professionals
inexperienced auditors to be introduced providing internal OSHMS audit
to processes and organisations. When services should meet similar standards
planning audits, you must decide to those of external auditors.
whether to use auditors who are
external to the organisation, or to use While part-time internal OSHMS
internal auditors who are independent auditors are unlikely to benefit from
of the areas to be audited. formal qualifications and CPD to the
same extent, they should have basic
Where formal certification is offered as training in both OSH and audit skills,
a result of an audit, all auditors should which can be given through internal
meet recognised competence standards courses and experience.
in OSH, such as those required of

7 Advantages and disadvantages of OSHMSs

Advantages Legal compliance is easier to Increasing the effectiveness

A system meeting your risk needs attain and prove of initiatives
An OSHMS can prioritise the planning, The development and extension of The longevity of management and
organising, control, monitoring and health and safety law, notably through other health and safety-related
review of measures to protect people ‘new approach’ Directives to help initiatives in organisations varies. Many
from work risks. It’ll help you allocate create a single European market, have organisations use campaigns and
the correct resources, achieving led to additional legal requirements. awareness-raising programmes to
effectiveness and efficiency. Organisations can have difficulty improve knowledge and encourage
keeping up to date with the participation in health and safety
Occupational health focus requirements relevant to their sectors. issues. An OSHMS requires continual
Significant occupational health risks An OSHMS helps identify relevant improvement and this can increase the
can be assigned the correct level of statutory provisions and creates a duration and effectiveness of
importance and be properly resourced. framework of procedures to make sure management initiatives, allowing them
This isn’t always the case with ad hoc that the organisation consistently to adapt and develop in line with
OSH processes, which depend largely complies with the law. policy commitments.
on the experience of available OSH
practitioners (including occupational Proving ‘reasonably practicable’ Visible commitment of
hygienists) and the internal structures In the UK and some other countries, ‘top managers’
of the organisation. Also, employees you may have to prove that you’ve met OSHMSs, like other management
generally have a greater understanding ‘practicable’ and ‘reasonably systems, formally require ‘top
of safety risks than health risks. When practicable’ requirements in order to management’ to be involved in and
implemented correctly, an OSHMS demonstrate legal compliance. When a committed to the system. This is
should address these issues and strike balanced management system is carefully documented through setting
the right balance in controlling all risks. implemented and risk management is policies and objectives and through
systematically applied – based upon the regular reviews to check the results
OSH is as important as other proportionality of risk – it should be achieved. Once the objectives are set,
business objectives easier to prove compliance. For senior managers must visibly
Many organisations struggle to give example, quality management systems demonstrate their commitment to
OSH objectives the same importance as (QMSs) have been used to prove due achieving them. It’s consistently argued
other business objectives. At times, this diligence for compliance with food that such commitment is essential for
failure threatens the survival of an safety law and to ensure product safety. ‘world-class’ OSH results – an OSHMS
organisation; at others, it can lead to demands it.
prosecutions and other penalties. A Helping system integration
correctly implemented OSHMS will Many organisations started with a Regular audits
make sure that appropriate OSH QMS, then adopted an environmental Audits present an opportunity for
objectives are set by focusing on policy management system and are now benchmarking (eg through creating
and the process of setting objectives considering an OSHMS. The structures audit teams with members from
and their delivery through the are similar, and adopting an OSHMS different departments or from outside
management programme. will mean that if, at a later date, you the organisation) and identifying
decide you need a holistic business risk opportunities for improvement. External
OSH in relation to quality management approach, integration certification and assurance bodies –
British and international standards should be straightforward. which audit against applicable standards
support the drive towards ‘customer – can help to identify non-compliances
first’ services, and as a result quality is Continual improvement and necessary improvements.
high on the agenda. Quality isn’t usually This process aims to improve some part
a legal requirement, but health, safety of the OSHMS at any one time, rather Part of corporate governance
and (often) environmental performance than trying to improve all the elements There’s an ever-increasing requirement
are. The development of formal in the system simultaneously. This for directors to follow codes of practice
OSHMSs should make sure that structured and very practical approach and meet the standards expected in
sufficient importance is given to OSH allows the organisation to improve public life. Demonstrating that OSH
performance, which typically has more areas that aren’t operating effectively controls are adequate is an important
impact on employees than on customers. or efficiently, using reviews and audits part of meeting this responsibility, and
to identify systematically the independent audit to externally set
opportunities for improvement. standards is an impartial way of

achieving this. Regular management Systematic risk management still identify the need for significant
review of audit reports and OSHMS Perhaps the biggest challenge is to management time, and implementing
results meets governance requirements comply with the legislative need to an OSHMS is likely to dominate the
for OSH risks. plan, organise, control, monitor and work of the OSH professionals involved.
review the preventive measures in If some of the work is contracted out,
Reassuring the enforcement place to control significant risks. An take care to check that the results
authorities OSHMS creates a structured system for match the organisation’s needs.
Enforcement authorities require compliance with the requirements of
organisations to comply with applicable both applicable legislative codes and Human behaviour may not be
health and safety legislation. The industrial sector best practice. fully addressed
formality and systematic approach to Recent developments in determining
compliance required by an OSHMS Disadvantages reasons for health and safety errors
encourages confidence in the Bureaucracy (paperwork or place greater emphasis on the
organisation’s internal approach. In the electronic documents) behaviour of workers and managers.
UK, for example, the HSE’s HSG65 The need for a simple, effective system This focus on the human factor can be
states: “If you do follow the guidance won’t be met if the system generates lost if there’s too much emphasis on
you will normally be doing enough to excessive paperwork. You need to the paperwork requirements of a
comply with the law.” minimise the number of documents formal OSHMS. For example, it’s easy
and records (in other words, streamline to overlook the need to monitor
A focus on OSH resources document control), but be careful in workplace behaviour and talk with and
An OSHMS requires resources to be doing this. involve people. However, with
allocated in all functions and at all attention to continual improvement,
levels throughout the organisation. A Integration any issue – including human factors –
risk-based approach which ensures that Usually discussed as an advantage, can be addressed.
the scale of a management system is integration depends on many factors,
proportionate to the risks and necessary including internal politics. There’s a risk Certification and assurance bodies
control measures makes such resource of diluting health and safety effort or are still learning
allocation intrinsic to the whole creating inequality between There can be conflict when auditors’
organisation. This is, in part, what the management of quality, health and interpretations of health and safety
Turnbull Report requires of London safety, and environment. For example, are different from those of the sector
Stock Exchange-listed companies. an organisation in a high hazard industry or organisation being audited.
may not benefit from system integration Differences can often be resolved by
Emergency preparedness if it doesn’t allow a focus on managing referring to relevant guidance notes
OSHMSs should make sure that suitable significant risks. Similarly, if existing and authoritative information. This
resources are made available to respond management systems are inefficient, type of conflict can reflect the relative
to foreseeable emergencies. This may then adding health and safety to the mix inexperience of external auditors in
include provision for contacting outside will be counterproductive. this work.
agencies, including emergency services,
and developing and communicating on- Time to implement True independence?
and offsite emergency plans. An Designing and implementing an OSHMS certification is relatively
OSHMS places such planning in a OSHMS can be very time-consuming. immature and underdeveloped. If
proper management context. This may be exacerbated by overstating external auditors are to be truly
system requirements and independent, they shouldn’t have
Managers have a ‘finger on the pulse’ documentation, by not matching the played any part in advising the
The OSHMS includes defect (‘non- system to the organisation’s health and organisation on how best to
conformance’) reporting, which safety risks, or by not incorporating implement an OSHMS in the first place.
directs managers’ attention to existing OSH management processes Also, as has been learned with
opportunities for correcting problems but starting again from scratch. financial audits, it may be difficult to
and making improvements. Managers provide genuinely independent
need to address health and safety Heavy demand on resources auditing if there’s an existing
issues effectively, no matter how busy A lot of resources are required to set up relationship with the auditors or if
they are. Alerting managers to an OSHMS. Although this can be offset service costs are a prime issue.
problems and actions they can take or by the inclusion and involvement of
sanction continually reminds them of employees, key managers and safety
their critical health and safety role. representatives, a realistic appraisal will
Barriers to change Numerous audits Is the written procedure safe
Barriers to change are invariably These days, stress is recognised as a and healthy?
erected in the way of new systems. workplace hazard that needs to be In some countries there’s a tendency to
Often there’s a suspicion, at times well managed within the framework of the write down what’s currently done and
founded, that change is being made OSHMS. It should also be recognised adopt that as the OSHMS. This can
for its own sake and without business that pressure to achieve certification for create a significant liability risk if the
justification. Some organisations may a new OSHMS can create its own stress procedures haven’t been checked to
be able to manage health and safety on managers and employees alike. make sure they are in fact
successfully by consistent and good Don’t overlook the need to provide comprehensive (that they cover all
management, without the need for a support before and during audits. hazards) and adequate (that the
formal system. controls are effective in reducing risk).
Which OSHMS model? The liability exists in any event, but the
Managers don’t understand Deciding which OSHMS to use can be OSHMS documentation then appears
the systems confusing. The aim should be a to validate it. A properly functioning
Typically, managers are not committed system that is consistent with your OSHMS should make sure that these
to the introduction of new systems. organisation’s needs and its problems are identified and corrected.
Managers require time, training and management approach. While OHSAS
motivation to make sure they become 18001 aligns extremely well with ISO
advocates of the system and not 1400125 and other international PDCA
enemies within. It’s a mistake to think standards, and is therefore useful for
that OSHMSs are self-evidently ‘a good integration, the organisation, clients,
thing’; they require effective enforcement authorities or
communication to win people over. government may better understand
other systems based on standards or
guidelines such as BS 18004, HSG65,
ILO or an industry code. All systems
need to be adapted to the specific
needs and culture of the organisation
or they won’t be sustainable.

* Debate still continues on definitions for quality of life; collectively they highlight that it’s a subjective state encompassing physical, psychological
and social functioning, and a key feature is its basis on the perceived gap between actual and desired living standards.7

8 OSHMS certification

The desire to gain certification of an This poses few problems provided the - Make sure that an external
OSHMS may come from internal certification process is applied to a certification audit isn’t viewed solely
stakeholders who need assurance that developed OSHMS, validating its as a pass/fail exercise, but as one
their organisation meets a verifiable effectiveness, or encouraging step within an overall OSH
standard, or who judge that certification further improvements to meet the continual improvement plan.
will add value with clients or customers. external standard. An OSHMS that is - Where external certification isn’t a
However, it’s more likely that pressures seen as just a tool for obtaining the pressing business need, develop
will come from external stakeholders, in required certification will be internal audit processes first.
particular prospective or existing clients, ineffective in its true purpose of - Where possible, base external
or regulators as part of national policy. continually reducing work-related audits primarily on evidence from
In this case, certification is likely to move accidents and ill health. internal audits. Consider adding
rapidly from being a ‘preferred option’ IOSH recognises OSHMS standards and external auditors to internal teams
to become an ‘entry condition’, without certification processes as relatively new in preference to increasing the
which existing or potential business is and still developing, and we suggest the number of audits.
lost. following as ‘good practices’ in relation - Make sure that internal and
to OSHMS certification: external OSHMS auditors meet the
- Don’t allow a business need for IOSH competence standards (see
external certification of OSH page 17).
standards and practices to get in
the way of developing strong
internal continual improvement
processes, including internal audit.

9 How to get started

The way forward for organisations Initial status review (gap analysis) Making it happen
developing their first formal OSHMS is The gap analysis approach ensures that Most of the OSHMSs referred to in
to choose the system they wish to use you don’t waste effort on developing this document include extensive
as a basis, establish which new systems when existing internal practical guidance in support of the
arrangements are already in place, and arrangements are working well. Even main code or standard, usually in
then identify gaps between those and organisations which believe that they subsidiary publications (see further
the requirements of the OSHMS. have nothing in place often find that reading on IOSH’s website at
there are long-established working www.iosh.co.uk/freeguides).
Choosing a system practices that have never been formally However, there’s no doubt that
One way of choosing a system is to recognised or documented. adapting a standard system for use in
create a comparison table and score the a particular organisation requires
systems you wish to consider to see A simple way of carrying out the initial significant time and resources.
which most closely meets your status review is as a desktop exercise,
preferred specification – the more with the draft safety management plan Organisations with experience of
relevant features you tick, the better. drawn as a flow diagram or matrix on managing significant internal process or
The example in Table 4 includes a flipchart. It’s important to consult and organisational change should find it
comparisons between some of the involve all parties in the organisation, relatively easy to introduce an OSHMS
main management systems mentioned including workers’ representatives – by using similar methods. Organisations
in this guidance. However, if there’s a ownership and success of the OSHMS without such experience may need to
preferred system for your particular is likely to be greater because of the employ external change management
industry, you may also want to include interest developed in this way. advisers to help effective consultation
an industry-specific column. For and to ensure the involvement and
instance, if your organisation is a Remember – the most successful commitment of all necessary parties.
contractor to the chemical industry, you management systems aren’t created at
could include Responsible care in this initial status review, but are developed Techniques to support effective
column. In addition to those features through effective performance implementation include:
listed, there may be in-house and other measurement, review and continual - clear support and personal
factors to be considered, in which case improvement. However, reporting the commitment from leaders in the
you can add them to the table (for status review to senior managers or organisation, including modelling of
example, if your customers use a directors, and communicating the desired behaviour
particular system, adopting the same results to the workforce, can get this - incorporating both OSHMS
system will enhance your compatibility). process under way at this early stage. implementation and results in

Management systems
Features HSG65 BS 18004 OHSAS 18001 ILO Industry-specific
(eg Responsible

(see note below)
Regulator support
(some non-UK)
Tested (> 2 years old)
In-house factors (eg
your customer uses
this system)
Note: Responsible care isn’t classed here as ‘international’ because, while some
countries do adopt a management systems approach to it, many don’t.

Table 4: OSHMS comparison table for a UK-based contractor to the chemical industry
declared high-level business targets - trials in one or more selected areas Getting started
(eg ‘x per cent of sites are expected before the OSHMS is launched
One large catering organisation
to complete their gap analysis by y more widely
appointed a mixed team of
and their initial roll-out by z’; - not taking too long trying to
managers and workers to undertake
‘priority improvements over the next develop a ‘perfect’ system, but
an initial status review. The team
year are to be areas a, b, c’) rather implementing something
undertook this exercise by
- seconding staff from across the reasonable and learning how to do
identifying key elements of the
organisation full-time to the better via the internal audit,
existing processes, completing a
development and implementation management review and continual
brainstorming exercise to identify
team improvement processes
gaps within the system and then
- customising the model system to - recognising and celebrating small
mapping this out in the form of a
suit the needs and culture of the successes on the route to a fully
flow diagram.
organisation, and linking it to sustainable OSHMS.
internal consultation processes
- developing benchmarking contacts
with similar organisations that have
experience of implementing similar

Typical inputs Typical outputs

Any information relating

to hazard identification
and risk assessment

Review of OSH
performance, including
incidents and accidents Draft an OSH management
plan, including:
Identification and review of Initial status review - an OSH policy statement
existing OSH management (gap analysis) - hazard identification and
arrangements or processes Undertaken by a mixed safety risk assessments
management team that - OSH management
includes worker arrangements
Competence and training representatives and a - competence and training
requirements competent practitioner needs
- OSH management
Workforce involvement Where are we now?

OSH legal and other The objective is to ensure

standards and best effective OSH management
practice within the sector, and a process of continual
eg a ‘compliance register’ improvement

Figure 6: Process for developing an OSHMS


1 Council Directive 89/391/EEC of 12 10 Occupational health and safety 18 Leading health and safety at work
June 1989 on the introduction of management systems – general – leadership actions for directors
measures to encourage guidelines on principles, systems and and board members, INDG417.
improvements in the safety and supporting techniques, Sudbury: HSE Books, 2007. See
health of workers at work. Official AS/NZS4804:2001. Sydney: www.iod.com/hsguide and
Journal of the European Standards Australia International www.hse.gov.uk/leadership.
Communities, 29 June 1989, L183, Ltd, 2001. 19 The first ever European survey of
Brussels. 11 Guidelines for the development and consumers’ attitudes towards
2 Responsible Care management application of health, safety and corporate social responsibility and
systems guidance, RC127 (fourth environmental management country profiles. Brussels: CSR
edition), and Links between the systems, Report no. 6.36/210. Europe (MORI poll), 2000.
Responsible Care management London: OGP, 1994. See 20 Global best practices in contractor
systems guidance and self www.ogp.org.uk/pubs/210.pdf. safety. Wigston: IOSH, 2001. See
assessment and the business 12 Joined-up working – an introduction www.iosh.co.uk/globalcontractor.
excellence model, RC129 (second to integrated management systems. 21 Sustainability reporting guidelines
edition). London: Chemical Wigston: IOSH, 2006. See on economic, environmental and
Industries Association, London, www.iosh.co.uk/joinedup. social performance, version 3.0.
2003. 13 Business risk management – getting Netherlands: Global Reporting
3 Guidelines on occupational safety health and safety firmly on the Initiative, 2006. See
and health management systems, agenda. Wigston: IOSH, 2008. See www.globalreporting.org.
ILO-OSH 2001. Geneva: www.iosh.co.uk/businessrisk. 22 Social Accountability 8000, SA
International Labour Office, 2001. 14 Internal control: revised guidance for 8000:2008, New York: Social
4 Occupational health and safety directors on the Combined Code. Accountability International, 2008.
management systems – London: Financial Reporting Council, 23 Guidelines for quality and/or
requirements, OHSAS 18001: 2005. See www.frc.org.uk/ environmental management
2007. London: BSI, 2007. FRC/media/Documents/Revised- systems auditing, BS EN ISO 19011:
5 Reporting performance – guidance Turnbull-Guidance-October- 2002. London: BSI, 2002. Currently
on including health and safety 2005.pdf. being revised to include OSH.
performance in annual reports. 15 Quality management systems: 24 Measuring health and safety
Wigston: IOSH, 2008. See requirements, BS EN ISO 9001:2000. performance, HSE, 2001. See
www.iosh.co.uk/performance. London: BSI, 2000. www.hse.gov.uk/opsunit/
6 Successful health and safety 16 Revitalising health and safety perfmeas.pdf.
management, HSG65 (second strategy statement, OSCSG0390. 25 Environmental management
edition). Sudbury: HSE Books, Wetherby: Department for the systems. Requirements with
1997. Environment, Transport and the guidance for use, BS EN ISO
7 Guide to achieving effective Regions, 2000. See 14001:2004. London: BSI, 2004.
occupational health and safety www.ilo.org/wcmsp5/groups/
performance, BS 18004: 2008. public/---ed_protect/---protrav/
London: BSI, 2008. ---safework/documents/policy/
8 International safety management wcms_212111.pdf.
(ISM) code. London: IMO, 2002. 17 Accounting and reporting by
See www5.imo.org/SharePoint/ charities: statement of
mainframe.asp?topic_id=287. recommended practice. London:
9 Management of Health and Safety Charity Commission for England and
at Work Regulations 1999, SI Wales, 2005. See www.charity-
1999/3242. London: The Stationery commission.gov.uk/
Office. Charity_requirements_guidance/

Further reading

Auditing a safety and health Environmental Resources Management it’ manual includes flowcharts,
management system: a safety and for HSE London. Available from www. questionnaires and examples, and
health audit tool for the healthcare hse.gov.uk/research/rrpdf/rr543.pdf. takes readers through the model
sector. Health and Safety Authority, outlined in IMS: The framework.
2006. Available from www.hsa.ie/eng/ This report describes a project to Managing health and safety – five
Publications_and_Forms/Publications/ develop a working model linking steps to success, INDG275. Sudbury:
Occupational_Health/Auditing human factors, safety management HSE Books, 1998 (reprinted 2008).
_Healthcare.pdf. systems and organisational issues in Available from www.hse.gov.uk/
the context of safety. While the focus is pubns/indg275.pdf.
The Health and Safety Authority (HSA) on chemical major hazards in
in the Republic of Ireland has produced particular, it is also intended to apply to Aimed mainly at directors and
this audit tool to assist in the health and safety in general. managers, this short booklet
continuous development and summarises the key messages of
implementation of health and safety Guidance for health and safety HSG65, outlining good practice and
management systems for the management systems interfacing. Step the costs of getting it wrong. It
healthcare sector. Eighteen different Change in Safety, 1999. Available from describes five key steps: set policy;
criteria for audit are described and http://stepchangeinsafety.net/ organise staff; plan and set standards;
followed by guidance. This tool is to be stepchange. measure performance; and learn from
used in conjunction with the 2006 HSA experience (audit and review). There
guidance document for the healthcare This guidance addresses the issue of are questions following the
sector, How to develop and implement meshing OSHMSs used by separate descriptions to help readers assess how
a safety and health management organisations when they decide to well their organisations are doing in
system, available at www.hsa.ie/eng/ work together – perhaps in a formal each area.
Publications_and_Forms/Publications/ partnership, but more often as client
HealthCare_Sector/Guidance_ and contractor or contractor and sub- Managing safety the systems way: BS
Document_for_the_Healthcare_ contractor working at a particular 8800 to OHSAS 18001, HB
Sector_-_How_to_develop_and_ location or on a project. The document 10180:2000. London: BSI, 2000
implement_a_Safety_and_Health_ includes two checklists, based on the
Management_System.html. HSG65 model but adaptable to others, This is an easy-to-follow guide to
which can be used to identify which implementing the new British
Code of practice for risk management, interfaces have to be managed and Standard. The book has been revised
BS 31100:2008. London: BSI, 2008 whether there’s clear understanding and updated to incorporate the
about who does what at each requirements of the new BS OHSAS
This standard for risk management interface. 18001 and best practice. It takes a
helps organisations to understand how practical approach to tackling the
to develop, implement and maintain IMS: The framework – integrated various elements of an OSH
effective risk management, thereby management systems series, HB management system for your business.
helping them achieve their objectives. 10190:2001. London: BSI, 2001 It also explains how the system can be
It treats risk management as being as maintained as OSH evolves, responding
much about exploiting potential This outlines a framework for to internal and external influences.
opportunities as preventing potential managing the operational risks any
problems, and sees it as an essential organisation faces in its day-to-day Occupational health and safety
part of good management. The business. The aim is to provide a management systems – Guidelines for
standard establishes the principles and structure by which an organisation can the implementation of OHSAS 18001:
terminology and provides efficiently and effectively manage its 2007, OHSAS 18002:2008. London:
recommendations for the model, operation through one system. BSI, 2008
framework, process and
implementation of risk management. IMS: Implementing and operating – This Occupational Health and Safety
integrated management systems series, Assessment Series (OHSAS) guideline
Development of working model of HB 10191:2002. London: BSI, 2002 provides generic advice on
how human factors, safety implementing OHSAS 18001 (a
management systems and wider This gives an approach for integrating specification for an occupational safety
organisational issues fit together. the management of quality, OSH and and health management system),
Research report RR 543:2007 prepared environmental aspects within one explaining its principles, intent, typical
by White Queen Safety Strategies and management system. This ‘how to do inputs and outputs, and processes. It
includes a ‘correspondence’ table This report promotes safe behaviour at introduced or improved their OSHMSs,
between OHSAS 18001:2007, ISO work as a critical part of the indicating which of the key elements
14001:2004 and ISO 9001:2008. It management of health and safety, each particular case study highlights.
also features a table showing the because behaviour is important in
correspondence between the clauses of transforming systems and procedures The report also comments on the
the OHSAS documents and the clauses into reality. Good systems on their own strengths and weaknesses of the case
of the 2001 ILO-OSH guidelines. are not enough to ensure successful study systems, noting that they tend to
health and safety management; the key concentrate mainly on work-related
Specification of common management is how organisations ‘live’ their systems. accidents, but give less attention to
system requirements as a framework This report covers: work-related ill health. It also notes
for integration, PAS 99:2006. London: - the theory underpinning strategies to that some organisations attach a
BSI, 2006 promote safe behaviour greater level of importance to health
- the key elements of programmes in and safety than others and that there
This Publicly Available Specification (PAS) use to promote safe behaviour are weaknesses wherever
was produced in response to the - how to use behavioural strategies to communication or competence are
increased interest in an integrated promote critical health and safety inadequate.
approach to management systems and behaviours
corporate governance. It contains a - how to integrate behavioural Regarding strengths, as well as
framework for implementing common strategies into a health and safety reducing accidents and lost-time in the
requirements of management system management system. larger organisations, it was felt that
standards or specifications in an OSHMSs increased employee
integrated way. Adopting this PAS will The use of occupational safety and motivation and identification with their
simplify the implementation of multiple health management systems in the employers and also helped develop
system standards and any associated member states of the European Union: their competence.
conformity assessment. The reduction in experiences at company level. European
duplication by combining two or more Agency for Safety and Health at Work,
systems in this way has the potential to 2002. Available from
significantly reduce the overall size of http://osha.europa.eu/en/
the management system and improve publications/reports/307.
system efficiency and effectiveness. It
can apply to all sizes and types of The European Agency for Safety and
organisation. PAS 99:2006 will be Health at Work has published this report
withdrawn when its content is covering OSHMSs in the member states
published in, or as, a British Standard. of the EU and the best approach to
take. It identifies five key elements of
Strategies to promote safe behaviour effective OSHMSs: initiation (OSH input);
as part of a health and safety formulation and implementation (OSH
management system. Prepared by the process); effects (OSH output);
Keil Centre for HSE: Contract research evaluation (OSH feedback); and
report 430: 2002. Available from improvement and integration (open
www.hse.gov.uk/research/ system elements). It then looks at eleven
crr_pdf/2002/crr02430.pdf. companies across the EU that have

Appendix: List of abbreviations


Continuing professional development – International Labour Organization – Non-governmental organisation (eg
a means to ensure ongoing a United Nations agency, based in voluntary, campaigning or professional
competence in a changing world Geneva body)


Corporate social responsibility – a International Maritime Organization – Occupational safety and health
system whereby organisations integrate a United Nations agency, based in
social and environmental concerns into London OSHMS
their business operations and Occupational safety and health
interactions with stakeholders IOSH management system
Institution of Occupational Safety and
Global Reporting Initiative – an Specific, measurable, agreed, realistic,
international sustainability reporting ISM timetabled and tracked action – a
institution that has developed International Safety Management – method for managing action plans
guidelines for voluntary reporting on a formal code requirement of the IMO
the economic, environmental and that applies to most classes of large ship WHO
social performance of organisations World Health Organization – a United
ISO Nations agency, based in Geneva
HSE International Organization for
Health and Safety Executive – the UK Standardization
OSH regulator


IOSH would like to thank the working We would also like to thank the
party who produced the original original consultees, who were:
version of this guide and also Paul
Reeve CFIOSH CEnv FIEMA for Dr Janet Asherson CMIOSH, Head of
updating it: Environment, Health and Safety, CBI
Dr Tony Boyle CFIOSH, Consultant,
Lawrence Waterman CFIOSH HASTAM
(Chairman), Managing Director, Sypol David Eves CB, IOSH Honorary Vice-
Martin Allan CFIOSH, Managing president and former Deputy
Director, Martin Allan Partnerships Ltd Director-General, HSE
Lawrence Bamber CFIOSH, Managing Stephen Fulwell CFIOSH, Independent
Director, Risk Solutions International Safety, Health and Environment
Martyn Hopkinson CMIOSH, Company Consultant
Health and Safety Manager, British Liam Howe CFIOSH, Safety and
Sugar plc Training Manager, Coillte Teoranta
Arran Linton-Smith CFIOSH, Health and Jay Joshi CMIOSH, Chief Information
Safety Consultant, MacGregor Officer, British Safety Council
Associates Brian Kazer CFIOSH, Chief Executive,
Ian Waldram CFIOSH, Safety, Health BOHRF
and Environment Consultant Paul Reeve CFIOSH, Head of HS&E,
Richard Jones CFIOSH (Administrator), Electrical Contractors’ Association
Policy and Technical Director, IOSH Owen Tudor, Senior Health and Safety
Policy Officer, TUC

Finally, IOSH would like to thank the following organisations

for their valued support of this document:

www.cbi.org.uk www.tuc.org.uk

This document is printed on chlorine-free paper produced from managed, sustained forests.
IOSH IOSH is the Chartered body for health and safety
The Grange professionals. With more than 44,000 members
Highfield Drive in over 120 countries, we’re the world’s largest
Wigston professional health and safety organisation.
LE18 1NN We set standards, and support, develop and

UK connect our members with resources, guidance,
events and training. We’re the voice of the
t +44 (0)116 257 3100 profession, and campaign on issues that affect
www.iosh.co.uk millions of working people.
facebook.com/IOSHUK IOSH was founded in 1945 and is a registered
tinyurl.com/IOSH-linkedin charity with international NGO status.

© Robert J Prowse

Institution of Occupational
Safety and Health
Founded 1945

Incorporated by Royal Charter 2003

Registered charity 1096790 FS 60566