OHSAS 18001: All You Need to Know

What is OHSAS 18001?

OHSAS 18001 is an internationally recognised standard for health and safety management.  Certification to the standard demonstrates that the organisation has considered how they will identify, manage and control health and safety risks.
The standard is based on the ‘plan – do – check – act’ management process, and it has been designed to be compatible with ISO 9001 and ISO 14001 standards.  However, this does not mean that all three standards have to be in place to achieve certification.

What is the ‘Plan – Do – Check – Act’ management process?

Plan – Do – Check – Act (PDCA) is a management framework which provides a methodical approach to problem solving and continual improvement.  This cycle is based on the following four phases:

1. Plan – This stage requires you to identify your objectives, understand your current situation, set targets, consider tasks, timing, cost, roles and communicate it with all relevant parties
2. Do – This section deals with the implementation of your plan.  You need to focus on how you communicate, monitor and make adjustments as you go along.
3. Check – This is the review phase where you evaluate your progress against your initial objectives.  The key point it to evaluate progress by identifying what went well, and what needs to improve.  Don’t forget to let people know about this along the way!
4. Act – Now its time for action!  By this stage you should know what improvements are required to make your system successful, so you need to determine how this will happen and develop a further action plan which will form the start of the next PDCA cycle.

Why choose OHSAS 18001?

• OHSAS 18001 demonstrates that your organisation is legally compliant and is able to manage health and safety risks.
• Stakeholders have to prove their commitment to health and safety, resulting in a positive impact on your company’s health and safety culture.
• Certification can reduce downtime following an accident and insurance costs.
• Continual development enables your organisation to innovate and demonstrate forward thinking approaches.
• It also pushes your organisation to ensure that it has a competitive edge.
• Certification is often a requirement for organisations tendering for new work.
• Successful implementation will increase your access to new business.

Who carries out the audit?

External audits are carried out by accredited certification bodies such as the British Standards Institution (BSI) who have been assessed against internationally recognised standards.  Accredited bodies are independently evaluated for competence, are impartial, and are able to issue written assurance that your management system meets the requirements of the standard.  However, your organisation will also be required to carry out internal audits as part of the certification process.

What are the key stages of an OHSAS 18001 audit process?

The key stages of an OHSAS 18001 audit are summarised below.  The full process typically takes between 6 to 12 months depending on the size and complexity of the organisation.

1    Developing a health and safety management system

The OHSAS 18001 audit will assess the effectiveness of your organisations health and safety management system.  Your organisation should have an effective management system in place before deciding if the certification route is the right for you.

2    Organising the audit

Each organisation must select an external certifying body who is accredited to carry out OHSAS 18001 audits.

3    Pre-assessment audit

This is an optional assessment which can be carried out by the external auditor to ensure that the organisation is ready to proceed with the full certification audit.  This audit will check that the key requirements of the standard have been included in your health and safety management system.  If they haven’t, the external auditor will highlight areas that you need to work on and make recommendations.

4    Gap analysis

Prior to the Stage 1 audit a gap analysis should be carried out by the organisation to ensure that they:

• have the commitment of top management
• have defined their occupational health and safety policy
• use a framework for identifying hazards, risk assessments and the implementation of necessary control measures
• have identified the legal obligations for the organisation, set objectives and established a management programme for achieving the objectives.

The gap analysis is not mandatory but is recommended as a way of identifying the strengths and weaknesses in your health and safety management system.  It can also be used as a way of identifying what actions need to be taken to achieve certification.

5    Action plan

On completion of the gap analysis the organisation should develop an action plan detailing how they will meet the requirements of the standard.  This will include compliance, improvement, timescales for implementation and ownership of actions.

6    Management review

Each organisation must carry out a management review which includes senior management and considers:

• health and safety objectives
• actions from health and safety audits and programmes
• outcomes of accident investigations
• changes in organisational and legal circumstances.

The OHSAS 18001 standard has specific requirements for management reviews.  It is important that ‘top management’ are actively involved with health and safety and carry out reviews of the health and safety management system on a regular basis. During the external audit the assessor will ask to see evidence that these reviews take place.  They may also wish to speak to managers who have health and safety responsibilities within your organisation.

7    Stage 1 Audit

The Stage 1 audit focuses on the arrangements put in place by the organisation to meet the requirements of OHSAS 18001.  The external assessor will:

• confirm that the OH&S management system conforms to the standard
• confirm the scope of certification
• check legislative compliance
• produce a report that identifies any non-compliance or potential for non-compliance and agree a corrective action plan if required
• produce an assessment plan and confirm a date for the Stage 2 assessment visit.

8    OH&S Audit

Prior to Stage 2 an internal heath and safety audit should to be carried out to check that the requirements of the standard have been effectively implemented.  This audit will focus on the implementation of procedures, development of minutes for meetings, training records, health and safety inspections, completion of risk assessments, maintenance records and ensure that you have effectively implemented the arrangements detailed in the health and safety management system.  Actions identified during the audit should be completed before the external auditors visit.  If this is not possible there should be a concise plan detailing who is responsible for the action and when it will be carried out.

9    Stage 2 Audit

The Stage 2 audit focuses on the implementation of the arrangements put in place by the organisation.  The external assessor will:

• undertake sample audits of the processes and activities
• document how the management system complies with the standard
• report any non-compliances or potential for non-compliance
• produce a surveillance plan and confirm a date for the first surveillance visit.

10    Surveillance visits

Regular (6 monthly or annual) surveillance visits are carried out by the external assessor to ensure that the organisation is still meeting the requirements of the standard.

11    Continual improvement

The organisation must demonstrate that they are continually monitoring and reviewing their health and safety performance whilst striving to improve.

What are non-conformities?

Non-conformities refer to sections of your health and safety management system which do not comply with the OHSAS 18001 standard.  The following non-conformities can be issued by an external auditor during pre-assessment, Stage 1 or Stage 2 audit.
Observation – This is a finding which may move towards a non-conformity.  Observations are usually supported by a recommendation.
Minor – Minor non-conformances are failures to meet a requirement of the standard.  Organisations need to demonstrate that they are able to comply with the clause within a specific timescale.  The issue of a minor non-conformance does not necessarily result in non-certification.
Major – Major non-conformances are issued where there is an absence or total breakdown of a system to meet the requirements of the standard.  A major non-conformity will result in non-certification.

How can we help?

System Concepts can help you to ensure that your health and safety management system is implemented effectively and is suited to your organisation.   We can work with you to develop systems and work with you through the certification process.  This might include project scopes; arrange, facilitate or manage the third party audits; support you through the audit process by carrying out gap analysis of your systems; attend and carry out audits.

For more information about how we can work together and provide you with competent, practical and tailor-made health and safety advice please contact us.