Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
This document was prepared by Project Committee ISO/PC 283, Occupational health and safety management systems.
Introduction
0.1 Background
An organization is responsible for the occupational health and safety of workers and others who can be affected by its activities. This responsibility includes promoting and protecting their physical and mental health.
The adoption of an OH&S management system is intended to enable an organization to provide safe and healthy workplaces, prevent work-related injury and ill health, and continually improve its OH&S performance.
0.2 Aim of an OH&S management system
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and opportunities. The aim and intended outcomes of the OH&S management system are to prevent work-related injury and ill health to workers and to provide safe and healthy workplaces; consequently, it is critically important for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and protective measures.
When these measures are applied by the organization through its OH&S management system, they improve its OH&S performance. An OH&S management system can be more effective and efficient when taking early action to address opportunities for improvement of OH&S performance.
Implementing an OH&S management system conforming to this document enables an organization to manage its OH&S risks and improve its OH&S performance. An OH&S management system can assist an organization to fulfil its legal requirements and other requirements.
0.3 Success factors
The implementation of an OH&S management system is a strategic and operational decision for an organization. The success of the OH&S management system depends on leadership, commitment and participation from all levels and functions of the organization.
The implementation and maintenance of an OH&S management system, its effectiveness and its ability to achieve its intended outcomes are dependent on a number of key factors, which can include:
- a) top management leadership, commitment, responsibilities and accountability;
- b) top management developing, leading and promoting a culture in the organization that supports the intended outcomes of the OH&S management system;
- c) communication;
- d) consultation and participation of workers, and, where they exist, workers’ representatives;
- e) allocation of the necessary resources to maintain it;
- f) OH&S policies, which are compatible with the overall strategic objectives and direction of the organization;
- g) effective process(es) for identifying hazards, controlling OH&S risks and taking advantage of OH&S opportunities;
- h) continual performance evaluation and monitoring of the OH&S management system to improve OH&S performance;
- i) integration of the OH&S management system into the organization’s business processes;
- j) OH&S objectives that align with the OH&S policy and take into account the organization’s hazards, OH&S risks and OH&S opportunities;
- k) compliance with its legal requirements and other requirements.
Demonstration of successful implementation of this document can be used by an organization to give assurance to workers and other interested parties that an effective OH&S management system is in place. Adoption of this document, however, will not in itself guarantee prevention of work-related injury and ill health to workers, provision of safe and healthy workplaces and improved OH&S performance.
The level of detail, the complexity, the extent of documented information and the resources needed to ensure the success of an organization’s OH&S management system will depend on a number of factors, such as:
- — the organization’s context (e.g. number of workers, size, geography, culture, legal requirements and other requirements);
- — the scope of the organization’s OH&S management system;
- — the nature of the organization’s activities and the related OH&S risks.
0.4 Plan-Do-Check-Act cycle
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-Check-Act (PDCA).
The PDCA concept is an iterative process used by organizations to achieve continual improvement. It can be applied to a management system and to each of its individual elements, as follows:
- a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities, establish OH&S objectives and processes necessary to deliver results in accordance with the organization’s OH&S policy;
- b) Do: implement the processes as planned;
- c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S objectives, and report the results;
- d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
This document incorporates the PDCA concept into a new framework, as shown in Figure 1.
0.5 Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements include a high level structure, identical core text and common terms with core definitions, designed to benefit users implementing multiple ISO management system standards.
This document does not include requirements specific to other subjects, such as those for quality, social responsibility, environmental, security or financial management, though its elements can be aligned or integrated with those of other management systems.
This document contains requirements that can be used by an organization to implement an OH&S management system and to assess conformity. An organization that wishes to demonstrate conformity to this document can do so by:
- — making a self-determination and self-declaration, or
- — seeking confirmation of its conformity by parties having an interest in the organization, such as customers, or
- — seeking confirmation of its self-declaration by a party external to the organization, or
- — seeking certification/registration of its OH&S management system by an external organization.
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions which apply to the use of this document, while Clauses 4 to 10 contain the requirements to be used to assess conformity to this document. Annex A provides informative explanations to these requirements. The terms and definitions in Clause 3 are arranged in conceptual order, with an alphabetical index provided at the end of this document.
In this document, the following verbal forms are used:
- a) “shall” indicates a requirement;
- b) “should” indicates a recommendation;
- c) “may” indicates a permission;
- d) “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the terminological data and can contain provisions relating to the use of a term.
1 Scope
This document specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
This document is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
This document helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization’s OH&S policy, the intended outcomes of an OH&S management system include:
- a) continual improvement of OH&S performance;
- b) fulfilment of legal requirements and other requirements;
- c) achievement of OH&S objectives.
This document is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization’s control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
This document does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
This document enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
This document does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
This document can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization’s OH&S management system and fulfilled without exclusion.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
- — ISO Online browsing platform: available at https://www.iso.org/obp
- — IEC Electropedia: available at http://www.electropedia.org/
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.16)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
Note 2 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.2
interested party (preferred term)
stakeholder (admitted term)
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or activity
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.3
worker
person performing work or work-related activities that are under the control of the organization (3.1)
Note 1 to entry: Persons perform work or work-related activities under various arrangements, paid or unpaid, such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis.
Note 2 to entry: Workers include top management (3.12), managerial and non-managerial persons.
Note 3 to entry: The work or work-related activities performed under the control of the organization may be performed by workers employed by the organization, workers of external providers, contractors, individuals, agency workers, and by other persons to the extent the organization shares control over their work or work-related activities, according to the context of the organization.
3.4
participation
involvement in decision-making
Note 1 to entry: Participation includes engaging health and safety committees and workers’ representatives, where they exist.
3.5
consultation
seeking views before making a decision
Note 1 to entry: Consultation includes engaging health and safety committees and workers’ representatives, where they exist.
3.6
workplace
place under the control of the organization (3.1) where a person needs to be or to go for work purposes
Note 1 to entry: The organization’s responsibilities under the OH&S management system (3.11) for the workplace depend on the degree of control over the workplace.
3.7
contractor
external organization (3.1) providing services to the organization in accordance with agreed specifications, terms and conditions
Note 1 to entry: Services may include construction activities, among others.
3.8
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.1) and interested parties (3.2) that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information (3.24).
Note 3 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.9
legal requirements and other requirements
legal requirements that an organization (3.1) has to comply with and other requirements (3.8) that an organization has to or chooses to comply with
Note 1 to entry: For the purposes of this document, legal requirements and other requirements are those relevant to the OH&S management system (3.11).
Note 2 to entry: “Legal requirements and other requirements” include the provisions in collective agreements.
Note 3 to entry: Legal requirements and other requirements include those that determine the persons who are workers’ (3.3) representatives in accordance with laws, regulations, collective agreements and practices.
3.10
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.14) and objectives (3.16) and processes (3.25) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning, operation, performance evaluation and improvement.
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 2 to entry has been modified to clarify some of the wider elements of a management system.
3.11
occupational health and safety management system
OH&S management system
management system (3.10) or part of a management system used to achieve the OH&S policy (3.15)
Note 1 to entry: The intended outcomes of the OH&S management system are to prevent injury and ill health (3.18) to workers (3.3) and to provide safe and healthy workplaces (3.6).
Note 2 to entry: The terms “occupational health and safety” (OH&S) and “occupational safety and health” (OSH) have the same meaning.
3.12
top management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization, provided ultimate responsibility for the OH&S management system (3.11) is retained.
Note 2 to entry: If the scope of the management system (3.10) covers only part of an organization, then top management refers to those who direct and control that part of the organization.
Note 3 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 to entry has been modified to clarify the responsibility of top management in relation to an OH&S management system.
3.13
effectiveness
extent to which planned activities are realized and planned results achieved
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.14
policy
intentions and direction of an organization (3.1), as formally expressed by its top management (3.12)
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.15
occupational health and safety policy
OH&S policy
policy (3.14) to prevent work-related injury and ill health (3.18) to workers (3.3) and to provide safe and healthy workplaces (3.6)
3.16
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.25)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an OH&S objective (3.17), or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original Note 4 to entry has been deleted as the term “OH&S objective” has been defined separately in 3.17.
3.17
occupational health and safety objective
OH&S objective
objective (3.16) set by the organization (3.1) to achieve specific results consistent with the OH&S policy (3.15)
3.18
injury and ill health
adverse effect on the physical, mental or cognitive condition of a person
Note 1 to entry: These adverse effects include occupational disease, illness and death.
Note 2 to entry: The term “injury and ill health” implies the presence of injury or ill health, either on their own or in combination.
3.19
hazard
source with a potential to cause injury and ill health (3.18)
Note 1 to entry: Hazards can include sources with the potential to cause harm or hazardous situations, or circumstances with the potential for exposure leading to injury and ill health.
3.20
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
Note 5 to entry: In this document, where the term “risks and opportunities” is used this means OH&S risks (3.21), OH&S opportunities (3.22) and other risks and other opportunities for the management system.
Note 6 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 5 to entry has been added to clarify the term “risks and opportunities” for its use within this document.
3.21
occupational health and safety risk
OH&S risk
combination of the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and the severity of injury and ill health (3.18) that can be caused by the event(s) or exposure(s)
3.22
occupational health and safety opportunity
OH&S opportunity
circumstance or set of circumstances that can lead to improvement of OH&S performance (3.28)
3.23
competence
ability to apply knowledge and skills to achieve intended results
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.24
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
- a) the management system (3.10), including related processes (3.25);
- b) information created in order for the organization to operate (documentation);
- c) evidence of results achieved (records).
Note 3 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.25
process
set of interrelated or interacting activities which transforms inputs into outputs
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.26
procedure
specified way to carry out an activity or a process (3.25)
Note 1 to entry: Procedures may be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5, modified — Note 1 to entry has been modified.]
3.27
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings. Results can be determined and evaluated by qualitative or quantitative methods.
Note 2 to entry: Performance can relate to the management of activities, processes (3.25), products (including services), systems or organizations (3.1).
Note 3 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 to entry has been modified to clarify the types of methods that may be used for determining and evaluating results.
3.28
occupational health and safety performance
OH&S performance
performance (3.27) related to the effectiveness (3.13) of the prevention of injury and ill health (3.18) to workers (3.3) and the provision of safe and healthy workplaces (3.6)
3.29
outsource,verb
make an arrangement where an external organization (3.1) performs part of an organization’s function or process (3.25)
Note 1 to entry: An external organization is outside the scope of the management system (3.10), although the outsourced function or process is within the scope.
Note 2 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.30
monitoring
determining the status of a system, a process (3.25) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
Note 2 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.31
measurement
process (3.25) to determine a value
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.32
audit
systematic, independent and documented process (3.25) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.1) itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.33
conformity
fulfilment of a requirement (3.8)
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.34
nonconformity
non-fulfilment of a requirement (3.8)
Note 1 to entry: Nonconformity relates to requirements in this document and additional OH&S management system (3.11) requirements that an organization (3.1) establishes for itself.
Note 2 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 to entry has been added to clarify the relationship of nonconformities to the requirements of this document and to the organization’s own requirements for its OH&S management system.
3.35
incident
occurrence arising out of, or in the course of, work that could or does result in injury and ill health (3.18)
Note 1 to entry: An incident where injury and ill health occurs is sometimes referred to as an “accident”.
Note 2 to entry: An incident where no injury and ill health occurs, but has the potential to do so, may be referred to as a “near-miss”, “near-hit” or “close call”.
Note 3 to entry: Although there can be one or more nonconformities (3.34) related to an incident, an incident can also occur where there is no nonconformity.
3.36
corrective action
action to eliminate the cause(s) of a nonconformity (3.34) or an incident (3.35) and to prevent recurrence
Note 1 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The definition has been modified to include reference to “incident”, as incidents are a key factor in occupational health and safety, yet the activities needed for resolving them are the same as for nonconformities, through corrective action.
3.37
continual improvement
recurring activity to enhance performance (3.27)
Note 1 to entry: Enhancing performance relates to the use of the OH&S management system (3.11) in order to achieve improvement in overall OH&S performance (3.28) consistent with the OH&S policy (3.15) and OH&S objectives (3.17).
Note 2 to entry: Continual does not mean continuous, so the activity does not need to take place in all areas simultaneously.
Note 3 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 to entry has been added to clarify the meaning of “performance” in the context of an OH&S management system; Note 2 to entry has been added to clarify the meaning of “continual”.