Systems in focus

Guidance on occupational safety

and health management systems

IOSH publishes a range of free

technical guidance. Our
guidance literature is designed
to support and inform
members and motivate and
influence health and safety
stakeholders.

Systems in focus guidance on

occupational safety and health
management systems
The aim of this guide is to provide
occupational safety and health (OSH)
practitioners, managers, educators and
others with a basic understanding of
the role and development of OSH
management systems. Starting with a
brief introduction to the subject, the
guide contains:
- general structure main
components, history, links with
international regulatory regimes and
integrated systems
- detailed structure key elements of
effective systems
- discussion advantages and
disadvantages, certification and
getting started.
The guide also has reference and
further reading sections.

If you have any comments or questions

about this guide please contact
Research and Information Services at
IOSH:
- t +44 (0)116 257 3100
- researchandinformation@iosh.co.uk
PDF versions of this and other guides
are available at www.iosh.co.uk/
freeguides.
Our materials are reviewed at least
once every three years. This document
was last reviewed and revised in
August 2014.

Contents

1
2
3
4
5
6
7
8
9

Introduction
The main components of OSH management systems
Typical systems an overview
Regulatory and industry standards
some global perspectives
Should management systems be integrated?
The key features of an effective OSHMS
Advantages and disadvantages of OSHMSs
OSHMS certification
How to get started

02
03
05
08
09
10
18
21
22

References
Further reading
Appendix: List of abbreviations
Acknowledgments

24
25
27
28

List of figures
1 PlanDoCheckAct diagram
2 Flowchart based on HSG65
3 Flowchart based on OHSAS 18001
4 Flowchart based on ILO guidelines
5 OSHMS stakeholders
6 Process for developing an OSHMS

03
05
06
07
13
23

List of tables
1 Typical changes faced by an organisation
2 Advantages and disadvantages of internal audit
3 Advantages and disadvantages of external audit
4 OSHMS comparison table

10
16
16
22

1 Introduction

Guidance context
Changes in work
Developed countries are experiencing a
shift of balance from manufacturing to
service industries, new technologies,
globalisation, flexible work practices
and an ageing workforce. Meanwhile,
many developing countries are shifting
from rural to industrial and service
activities. Both scenarios present
changing work patterns and associated
hazards. The multitude of work-related
risks requires a systematic approach to
occupational safety and health (OSH)
management, and some of the
principal management tools are
occupational safety and health
management systems (OSHMSs).
Management system developments
Organisations are being encouraged to
adopt formal management systems
through their supply chains, and to a
lesser extent through legal pressures.
Current systems include both generic
approaches and sector-specific
arrangements developed by trade
bodies. The continued development and
wider use of formal systems seems to be
inevitable, particularly where corporate
governance issues have a high priority.
Common features
Formal systems have at their core the
elements of plan, do, check and act
(PDCA) embodying the principle of
continual improvement. Although there
are potential disadvantages to formal
systems, such as increased paperwork,
the benefits of developing arrangements
that fully meet your organisations needs
make them worthwhile when theyre
properly implemented.

02

IOSHs position
IOSH recognises that work-related
accidents and ill health can be prevented
and wellbeing at work can be improved
if organisations manage health and
safety competently and apply the same
or better standards as they do to other
core business activities. We believe that
the formal OSHMSs mentioned in this
guidance, and others based on similar
principles, provide a useful approach to
achieving these goals.
Guidance
This document helps professional
health and safety advisers to explore
what OSHMSs can offer their own
organisations and those that they
advise. It has three specific aims:
- to support improvements in
effective health and safety
management
- to help organisations that want to
introduce formal OSHMSs
- to encourage IOSH members to play
a full part in these developments
and in continually improving
existing systems.
Structure of guidance
Adopting and implementing an OSHMS,
and integrating it with other
management systems, requires careful
planning and management. This
guidance outlines the basis of these
systems, discusses some of their benefits
and pitfalls, offers practical suggestions
and explains how to implement and
develop an effective OSHMS.

OSHMSs an overview
The main components of an OSHMS
include both policy a mission
statement for health and safety that
provides a mechanism for management
control and accountability and
arrangements for implementation,
monitoring (including audit) and
continual improvement. Formalising
these arrangements removes the
potential arbitrariness of processes
developed by a few individuals and
helps to support a management culture
that can involve the whole workforce.
OSHMSs have developed through
national and international co-operation.
Some were boosted by legal
developments such as the European
Union (EU) Framework Directive,1 while
others were created in response to
industrial sector needs (eg Responsible
care2 in the chemical industry). With the
publication of International Labour
Organization (ILO) guidelines3 in 2001,
the international dimension came fully
into focus. Today, the leading
international standard is OHSAS 18001.4
This guidance is divided into three
broad parts. Sections 25 cover the
general structure of OSHMSs, including
their history, links with international
regulatory regimes and the issues
involved in integrating them with other
management systems and with
business risk management. The detailed
structure of an OSHMS and the key
issues involved in implementing it are
covered in section 6. Sections 79
provide information on the advantages
and disadvantages of OSHMSs, the
issue of third-party certification, and
how to get started. The appendix
contains a list of the main abbreviations
used in this guidance.

2 The main components of OSH management systems

Whatever management model you use,

its likely to be based on the principle
of plan, do, check and act (PDCA
also known as the Deming cycle).
Numerous types of management system
are based upon this principle, notably
health and safety (OHSAS 18001),
quality management (the ISO 9000
series) and environmental management
(the ISO 14000 series). You can gain
significant benefits by integrating your
organisations approach to these areas
in other words, by adopting a holistic
approach (see page 09).
Effective OSHMSs include the following
elements:
- Policy a statement of commitment
and vision by the organisation, which
creates a framework for
accountability that is adopted and led
by senior management.
- Planning a plan for identifying
hazards, assessing and controlling
risks, and preparing for and
responding to emergencies, as well
as identifying legal and other
standards that apply. The

organisation should set long term

OSH objectives and plan targets and
actions to achieve them.
Organising a definition of the
organisational structure, allocation
of OSH responsibilities to employees
linked to operational controls, and
ways of ensuring competence,
training and consultation.
Workers representatives* a
crucial resource that can make a
valuable contribution to the
organisations overall response to
risk and opportunities.
Communicating from basic
information and work procedures to
the details of the system itself, from
managers to workers and vice versa.
Consulting whatever the flow of
information, you need an effective
way of tapping into the fund of
knowledge and expertise held by
your workforce, clients, suppliers
and other stakeholders (eg
regulators, trade unions and
neighbours). Involving all these
groups will also help you to shape
your risk management programme.

- Implementing and operating

putting management processes and

plans in place and carrying out the
activities from risk assessment to
audit in other words, putting the
OSHMS into practice.
Measuring performance from
reactive data on the rates of workrelated injuries, ill health, near
misses (sometimes referred to as
near hits) and other incidents, to
active data on routine inspections,
health and safety committee
activities, training, risk assessments
and so on (see IOSHs guidance on
reporting performance5). Formal
audits should evaluate the overall
performance of the system.
Corrective and preventive
actions a fundamental OSHMS
component is a systematic approach
to identifying opportunities for
preventing accidents and ill health,
including those that stem from
investigating work-related injuries,
ill health and incidents. Various
techniques are used to identify and
correct weaknesses in the system
and to find ways of preventing
failures and harm.

- Policy
- Planning
- Hazard identification and risk assessment

Plan
Do

- Implementation and operation

Check
Act

- Performance assessment
> (active and reactive)

- Review and continual improvement

Figure 1: PlanDoCheckAct diagram

* Weve used workers representatives in this guidance to mean any workers safety representatives, regardless of whether theyre appointed by
a trade union or chosen in some other way.

03

- Management review an

04

evaluation of how appropriate the

overall design and resourcing of the
system are, as well as its objectives
in the light of the performance
achieved. This includes making sure
that compliance with relevant legal
and other requirements is
periodically checked.
Continual improvement at the
heart of the system is a
fundamental commitment to
manage health and safety risks
proactively, so that accidents and ill
health are reduced (effectiveness)
and/or the system achieves the
desired aims by using fewer
resources (efficiency).

3 Typical systems an overview

Many OSHMSs have been published

over the past 25 years. Some reflect
the interests of the sponsoring bodies.
For example, the American Industrial
Hygiene Association system places the
industrial (occupational) hygienist at
centre stage as the crucial competent
person. Others, such as the
International Safety Rating System,
were developed so that commercial
organisations could offer third party
certification. Three generic OSHMSs
reflect this history and illustrate the
different emphases of current systems.
HSG65*
The UK Health and Safety Executive (HSE)
published Successful health and safety
management (HS(G)65) in 1991. This
was characterised by five key elements:
- policy
- organising
- planning and implementation
- measuring performance
- audit and review.

Its based on the traditional PDCA

principle, where the organisations plans
reflect the policy document and the
implementation phase is dominated by
risk assessment and application of
controls. Checking includes a mixture of
performance monitoring, auditing and
corrective action.
The guidance intentionally reflected
contemporary management processes
and encouraged readers to harness
them for health and safety
programmes. However, at that time,
the HSE was under pressure to restrict
its activities to supporting and
enforcing legal compliance. This led to
a system in which legal compliance
became embedded in organisational
policy and, once achieved, the aim was
largely to maintain the status quo. This
compared unfavourably with systems
that unambiguously focus on continual
improvement, a fundamental weakness
that was addressed in the second and

current edition of HSG65.6 This edition

contains information on managing
change and more advice on
consultation, communication and
continual improvement. HSG65 retains
the special status of a management
system developed by a regulatory
agency, and its familiar to many UKbased managers and OSH practitioners,
particularly in larger organisations.
OHSAS 18001
OHSAS 180014 grew from a desire to
create a system capable of assessment
and certification, as a follow-on from
BS 8800 (now revised and reissued as
BS 18004:20087).
HS(G)65 covered the implementation
of an OSH policy, and implied that this
would be quite straightforward once
the policy had been adopted. OHSAS
18001, on the other hand, more fully
reflects the problems of changing an
organisation. Building on established

Control link

Policy

Information link

Organising

Planning and
implementation

Measuring
performance

Auditing

Reviewing
performance

Figure 2: Flowchart based on HSG65

* HSG65 is currently (May 2011) under revision see www.hse.gov.uk/managing/index.htm for more information.

05

environmental management systems in

particular, OHSAS 18001 recognises the
importance of planning and managing
the changes that are likely to be
needed as an OSHMS is introduced.
ILO OSHMS guidelines
The ILO is a tripartite United Nations
agency that influences the development
of labour laws across the globe. Its
publications and guidance are

authoritative and its 2001 Guidelines

on occupational safety and health
management systems3 established an
international model, following a
detailed review of over 20 management
systems worldwide. It reflects the
globalisation of organisations and the
increase in outsourcing and partnering
these changes demonstrate how
systems need to evolve continually to
reflect new business practices.

Policy

Continual
review
Planning

Implementation
and operation

Checking and
corrective action

Management
review
Figure 3: Flowchart based on OHSAS 18001

06

Continual
improvement

Policy

Organising

Planning and
implementation
Audit
Evaluation

Action for
improvement
Figure 4: Flowchart based on ILO guidelines

07

4 Regulatory and industry standards

some global perspectives

A key factor in implementing a formal

OSHMS is consideration of the legal
framework that creates the
operational context. In the EU,
Australia and offshore regimes
generally, regulation of major hazard
industries via a safety case approach
is accompanied by an emphasis on
effective management systems to
complement and reinforce required
high standards of technical safety.
Also, the International Maritime
Organization (IMO) now requires
most categories of international
shipping to use the International
Safety Management (ISM) Code,8 an
OSHMS for marine operations.
Some countries, particularly in the
Pacific Rim, require organisations to
adopt OSHMSs with third-party
auditing by government-approved
auditors. In others, there have been
moves to link internal OSHMS status
with the enforcement inspection
regime. For example, under the
Voluntary Protection Program in the
United States, organisations with
systems approved through an
extensive audit may be exempted from
normal Occupational Safety and
Health Administration (OSHA)
inspections. Proponents of this system
claim that it allows employers to
concentrate on systems of work rather
than individual deficiencies (hazards
and risks), but theres considerable
debate over the merits or
shortcomings of this approach.
Theres also been a general worldwide
movement away from prescriptive
regulations which have the
advantage that employers are told
explicitly what they have to do to
process requirements, with risk
assessment as the key process

08

(although many would argue that in

the EU theres still a strong drive
towards embedding detailed
prescriptive requirements in Directives).
Developing management systems is
another step along the same road. The
structure of a lot of national legislation
reflects this. In the UK, for example,
the Management of Health and Safety
at Work Regulations 19999 require
demonstrable management of OSH. In
Canada, due diligence defences have
been successfully used by defendants
with a formal OSHMS. In Norway since
1991, its been mandatory for
organisations to establish internal
control systems to make sure that
health and safety activities, including
internal and external audit, are legally
compliant, and to document them.
Similarly, Swedish law requires
systematic internal control of OSH. In
India, following the Bhopal disaster,
legislation in 1988 prescribed
systematic management to prevent
such events. The Chinese government
has adopted the ILOs OSHMS
guidelines and has used them to
develop a certification framework.
Australia and New Zealand have a welldeveloped national OSHMS standard,10
but no plans to make its adoption
mandatory. These are all examples of
the extension of self-regulation.
Some management systems have been
developed to meet the needs of
specific sectors. For example:
- the chemical industry has developed
Responsible care
- the shipping industry uses the IMOs
ISM Code
- oil and gas producers have
published comprehensive, global
guidelines for a health, safety and
environmental system for
exploration and production
activities.11

Looking ahead
There is increasing international
certification to OHSAS 18001 and an
increasing trend towards integrating
PDCA management systems. The
OHSAS Project Group surveys have
found that between 2003 and 2007,
the number of countries where OSHMS
certification occurs has grown from 70
to 102 and the number of reported
OHSAS 18001 (or equivalent)
certificates from 3,898 to 31,512.
These trends are driven by factors such
as the increasingly international nature
of business and supply chain
requirements in general, supported by
increasing recognition by enforcers that
management systems when run
properly can help to deliver improved
legal compliance and OSH
performance. In addition, the designers
of management systems themselves
are paying increasing attention to
supply chains and dealing with OSH
issues associated with products, not
just with operations.

5 Should management systems be integrated?

IOSHs guidance, Joined-up working

an introduction to integrated
management systems12 covers:
- the case in favour of integrating
management systems
- arguments for retaining largely
independent systems
- organisational prerequisites for
integration
- factors that should be considered
when introducing an integrated
management system (IMS)
- maintaining and developing an IMS.
IOSHs view is that an effective IMS
should be the preferred option for
many, but not all. A well-planned IMS
should be more efficient and capable
of taking the best decisions in the face
of various factors and uncertainties.
An integrated approach is also
expected in business risk management
(BRM), which is defined in IOSH
guidance13 as the eradication or
minimisation of the adverse effects of
pure and speculative risks to which an
organisation is exposed. Such risk
includes health and safety,
environmental and quality failures.

The requirement for corporate

accountability based on a BRM
approach is highlighted both globally
by the Organisation for Economic
Co-operation and Development and in
the so-called Turnbull Report,14 which
requires companies listed on the UK
stock market to identify, assess, record
and manage their significant risks in a
suitable manner. There must be
systems for regularly reviewing these
risks and adjusting their controls,
together with statements in company
annual reports that confirm the
effectiveness of these systems.
Hence, the management of OSH,
environmental or quality risks should
not be treated in isolation, because of
the impact that poor risk management
can have on brand, reputation,
business continuity and financial
wellbeing. This is the fundamental
reason why most organisations
integrate their OSHMS with the
systems used to manage environmental
and/or quality risks. Integration allows
risks to be prioritised overall, so that
resources can be allocated to achieve
maximum risk reduction and benefit. In
non-integrated systems, on the other
hand, resources are allocated to each
risk area in isolation, and the resources
allocated to each may not reflect that
risk areas overall significance.

The process of integration presents

distinct challenges to organisations.
Those that are most likely to integrate
their systems successfully will already
use multiple channels of
communication founded on trust,
respect for the expertise of co-workers,
and experience of and confidence in
managing change.
However, while many of the generic
elements of an IMS can be set up by
non-specialists, its vital that risk
assessment processes are supported by
people who are fully competent in the
specific areas covered by the integrated
system (quality, environment, health and
safety, and so on). This is necessary both
to avoid overlooking hazards and to
make sure that controls intended to
minimise risks reflect current good
practice.
An IMS encompassing OSH,
environmental and quality risks can be
a major step in the direction of
continual improvement. This drive for
continual improvement in all areas of
BRM including OSHMSs can be
further enhanced by setting targets,
establishing proactive key performance
indicators and using performance
appraisals to formalise responsibilities
for all directors, managers and
supervisors who contribute to the
achievement of the organisations goals,
vision and mission. An effective IMS
greatly enhances OSH management
and leads to continual improvement in
the level of performance.

09

6 The key features of an effective OSHMS

This section covers four essential

elements of an OSHMS:
- continual improvement (and how to
achieve it)
- system activities (high-level objectives
and detailed OSHMS activities)
- stakeholder involvement (internal
and external)
- auditing and verification (good
practices in OSH auditing and
auditor competence).
A good system?
If you want a simple diagnostic for
is our OSHMS good?, then evaluate
how effective it is at driving
improvements in performance,
rather than simply disciplining
people to follow set procedures.

Continual improvement
Quality systems standards did not initially
include continual improvement. This
omission was corrected in ISO 9001:
2008,15 but may be one reason for a
widespread view that the primary output
of quality management systems is
paperwork, rather than real improvement
in processes and products. In fact,
continual improvement is vital if
management systems are to be effective
(in the sense that the results achieved
are whats required) and efficient (in the
sense that the resources used are
sustainable in the long term). This is
particularly true for organisations
operating in a continually changing
environment (see Table 1). It also

explains why discussion about the need

for an OSHMS often starts from the
continual pressure to reduce accidents,
incidents and ill health.

- improvements in the system itself,

With continual improvement built into

an OSHMS, opportunities to improve
effectiveness and efficiency are
systematically identified and action is
taken. Often this can be done at low
cost as part of the preparation for, or
response to, other required changes.

Reporting up?
When launching a more systematic
approach to health and safety, one
improvement will be in reporting
rates, ie staff and managers will
declare a higher proportion of
accidents and incidents. This leads to
an apparently rising rate which can
look like failure. Prepare colleagues
for this before you begin.

However, improvement need not

imply greater complexity. If the OSHMS
is simplified, it may become easier to
understand and apply, yielding better
overall results. Improvement may also
be possible by broadening the scope of
the system, for example by applying it
to outsourced services, value chain
interactions and new technical areas
such as occupational road risk.
Continual improvement in an OSHMS
can have four aspects:
- results that are better year on year,
as measured by falling rates of
injuries, ill health and damage
- steady or improved results that are
achieved with fewer resources
because the OSHMS itself improves
and effort is better targeted
- results that move the culture of the
whole organisation to a new state
of effectiveness and efficiency, often
described as breakthrough
performance

so that its more comprehensive,

easier to understand, or in other
respects better than before.

How to achieve continual

improvement
Traditionally, the audit stages of the
OSHMS are seen as the fount of all
improvement wisdom, but this
viewpoint unnecessarily restricts
thinking about improvements in
managing the workplace. There are
other important sources of data,
including statistics, benchmarking and
industry or sector guidelines, as well as
the people in the organisation.
People who operate systems are often
a fertile source of improvement ideas
if theyre encouraged to express them.
Managers, team leaders, workers and
their representatives if they truly feel
they own the work processes and are
actively monitoring them usually have
many ideas for improvement, to make
processes both easier to operate

External changes

Internal changes

- New guidance, industry or national standards

- National targets, such as Revitalising health and safety

- New products, services or workplaces

- New working arrangements, such as a union agreement

(launched in 2000 in the UK)16 for more information

see www.hse.gov.uk/statistics/pdf/prog2009.pdf
New hazards, or new emphasis on old hazards, such as
stress and asbestos
Campaigns by regulators, trade unions, nongovernmental organisations (NGOs), media
New or revised legislation
Supply chain (client) pressures

Table 1: Typical changes faced by an organisation

10

or home working

- Business reorganisation, such as outsourcing

- Business growth and change
- New work equipment, or changed contractors or
suppliers

- New employees, or experienced employees leaving the

organisation

- Merger or takeover

(efficient) and more likely to produce

the desired results (effective). Involving
the workforce, particularly through
worker representatives, is crucial to
achieving OSH improvements. One
method that is effective is the creation
of diagonal slice groups such as
worker, team leader, engineer and
manager working as an improvement
team. To achieve good OSH results, its
also essential that directors, managers,
team leaders and the whole workforce
see health and safety issues as their
responsibility, not just the concern of
the OSH professionals.
A process is needed to make sure that
improvement ideas are gathered and
evaluated (with feedback given to the
originators), and that those that add
value are suitably resourced,
implemented and monitored. Its
important that improvement
suggestions support long term strategic
goals. If they do, and theyre swiftly
implemented, the net effect of many
small improvements can be dramatic.
The process of creating improvement
ideas can also be subject to formal
management processes. For example:
- issues can be managed using
SMARTT improvement plans, ie
specific, measurable, agreed, realistic,
timetabled and tracked actions that
are reported back to the owner
(accountable person or group)
which may be the safety committee,
the local line manager or a director
- a task group can be set up to
review a particular issue, such as
workplace transport, with a brief to
report back with recommendations
for improvement to the owner of
the issue.

System activities
Documenting your organisations
activities, whether on paper or
electronically, is important and should
be the basis for:
- training people with OSHMS
responsibilities
- the OSHMS trainees reference
manual
- the audit standard.

High-level objectives
The OSHMS will incorporate detailed
activities designed to achieve or
support the following high-level
objectives:
- clear policy-making with written
commitment to good standards at
the highest level in the
organisation, supported by visible
leadership, adequate resources,
personal involvement, and regular
monitoring and reviews of
performance (which, for example,
require the chief executive officer or
managing director to ask probing
questions during meetings and site
visits, and all directors to participate
in risk inspections or reviews)
- employment of competent staff,
with adequate resources and time
to train and develop them
- effective arrangements for involving
and consulting key stakeholders such
as employees (including developing
partnership agreements with trade
unions), customers, regulators and
other statutory consultees,
contractors, partners and
neighbours, and also for sharing
lessons across the organisation and
more widely as appropriate
- making sure that materials,
equipment and services bought
outside the organisation are chosen
according to appropriate OSH
criteria as well as price.
- making sure that technical and
operational records are available,
updated and retained as necessary
to meet business needs and
regulatory requirements
- regular monitoring of all parts of
the OSHMS by those responsible for
business processes, work groups
and work sites, to compare actual
performance with expected results
and goals
- a system for planned audits to
verify how effective the OSHMS is
in practice (see page 16)
- systems for identifying and
reporting instances where the
required standards arent met,
including external reporting where
required

- investigation of the root causes of

these non-conformances, with

corrective actions applied to
improve the OSHMS and prevent
recurrences
emergency systems, including plans
and competent people to
implement and respond to them,
for containing and controlling
serious system or business failures
and minimising adverse effects.
Step change or continual?
A step change is often suggested,
perhaps in response to external
pressures for improvement. But the
ability to achieve a step change in
most organisations is limited even
when there are true step changes in
inputs to a complex system, outputs
alter much more slowly. Step changes
in organisations often have
unplanned and undesired effects.
Even where a real step change is
needed, an effective project to make
it happen will consist of many small
changes, each contributing to the
overall plan and aligned with the
overall objectives. Thus, a continual
improvement model is a good way
to manage all types of change. This
was recognised by Rolls-Royce plc
when it initiated the One small step
programme for organisational
transformation. It was summarised
well by the Japanese industrialist,
Soichiro Honda, who once said: It is
more benefit to the success of the
business that 1,000 people take one
step forward rather than one person
taking 1,000 steps forward.

What is the system?

A description of a management
system is not the system itself.
Sometimes a manual is handed over
with the comment this is our
management system, when what
should be said is this document
describes and summarises what we
do in practice our management
system.

11

Detailed OSHMS activities

The OSHMS model you use (see page
22 for information on choosing the
right one) should be adapted to meet
the needs of your organisation. How
the high-level requirements
summarised above are broken down
into activities and described in practice
can depend on:
- the type of hazards managed by the
system are they well understood
or new? Are external and/or internal
stakeholders at risk? Do they have
short or long term effects?
- the type of organisation does it
cover a single site or many? Is there
much outsourcing or not? How
many products and customers are
involved?
- the range of technologies how
many technical disciplines and
standards are there?
- legislative and other applicable
standards are they based on
prescriptive laws and external
operating standards or goal-setting?
Each of the OSHMS activities should be
in the form of an auditable standard
in other words, a system or process
that uses defined inputs to achieve
defined output goals. Here are some
examples:
- A current health and safety policy
statement, signed by the
responsible director, is readily
available and used during the
induction process for all employees
and contractors.
- A register of relevant hazards is
held by each work section,
including summaries of key controls
and any current improvement plans
(risk assessments). This includes the
likely consequences if control
systems fail, such as single or
multiple fatalities, small or large
scale damage and short or long
term ill health.

12

- All reported accidents are

categorised by potential (not just

actual) outcome and prioritised for
investigation into root causes on
the basis of this potential outcome.
Suitable recommendations are
made to prevent recurrence and are
monitored to verify that theyve
been followed through.
Contracts are awarded and
managed with OSH performance
among the key performance criteria.

Each of these describes goals to be

achieved, but doesnt detail what
actually happens in the workplace. The
OSHMS activity description is goalsetting, minimising the need for
revision whenever the organisation and
its work processes change. Prescriptive
detailed procedures, responsibilities,
documents, training modules and so on
are needed, but these operational-level
documents dont usually form part of
the OSHMS description. Operationallevel procedures need to include the
key element of accountability and must
be sample audited to make sure that
they define whos responsible for what
and when (or how often), and what the
expected outcome is. The monitoring
and audit steps are used to check
whether such supporting processes are
available where needed, and whether
theyre effective, and to identify
possible improvements.
Its increasingly apparent that effective
OSHMSs cover human factors and dont
assume a mechanistic approach to
organisational and individual behaviour.
For example, leadership and the effects
of human reliability on the effectiveness
of hazard controls are important issues
to consider and monitor.

Tailor the system

It is vital to adapt the standard
OSHMS to the particular
organisation. An OSHMS used by a
large multinational organisation can
have more than 200 activities all
of which are needed somewhere
although each small part of the
organisation will implement only the
subset relevant to its part of the
organisation. A smaller single-site
organisation might need
substantially fewer activities to cover
everything significant.

Stakeholder involvement
A range of individuals and groups are
stakeholders in the OSHMS in other
words, they may be affected by its
results and therefore potentially
interested in its content and
effectiveness. They include people both
inside and outside the organisation itself,
as shown in Figure 5.
Internal stakeholders
Directors or trustees
Directors (including charity trustees and
senior officers of public bodies, as
specified in their policies and
arrangements) are legally responsible for
organisational performance.
Traditionally, financial performance
indicators are the only ones included in
directors annual reports, but measures
of performance in other key areas,
notably corporate social responsibility
(CSR) which includes health and
safety, environmental and other issues
are increasingly used. UK accounting
standards for organisations quoted on
the London Stock Exchange (Turnbull14)
and for registered charities (SORP17)
require directors, trustees and senior
officers to provide assurances that all
significant risks, including health and
safety risks, have been identified and
that appropriate controls are in place.
IOSH has published guidance for people
responsible for reporting organisational
health and safety performance,
outlining how to include these data in
annual reports.5

A prerequisite of good performance is

that leaders of organisations
consistently demonstrate that health
and safety results are as important as
other key business goals. This should
be reflected in annual business targets.
Similarly, OSH performance should
form part of business agendas, formal
and informal discussions with
employees and so on.

and also accept personal responsibility

for organisational performance, theyll
be able to make a huge difference to
the commitment to continual
improvement. In the UK, the Institute
of Directors and the HSE have
produced a guide for directors and
their equivalents.18

If leaders display behaviour that

demonstrates the high value they place
on the health and safety of each
person for whom theyre responsible,

Reality check
Make sure that senior managers
and directors visit accident sites and
those affected by accidents, such as
people who are hospitalised
following an accident. This will help
to make sure that senior staff dont
become isolated from the realities
of daily workplace hazards and the
damaging effects to individuals of
failures in the OSHMS.
Conversations with workers
representatives can also act as a
helpful reality check for senior staff.

Internal stakeholders
- directors and trustees,
or equivalents
- workforce, including
trade unions, worker
representatives and
on-site contractors
- OSH professionals
External stakeholders
- regulators
- neighbours
- clients and supply chain
- insurers
- shareholders/investors
- corporate social responsibility
lobby/consumers
- global bodies
Figure 5: OSHMS stakeholders

13

The workforce
The workforce is a key stakeholder for
a number of reasons:
- If OSH management is deficient, the
workforce is usually the group most
at risk from injury and ill health.
This is a major focus for trade
unions, both at individual
workplaces and through national
and international campaigning.
- Employees have first-hand
experience of many workplace
hazards and of how efficient and
effective current controls are in
practice. Employees are a prime
source of ideas for continual
improvement. But some hazards
arent easily identified, as their
effects are long term or are realised
so rarely that theres no workforce
memory. This means that its
essential to train relevant staff so
that theyre competent in practical
hazard identification.
- Trade unions and workers
representatives generally have a
wide knowledge of and strong
commitment to health and safety,
so are a significant resource for
the OSHMS to incorporate and
benefit from.
- Whatever formal systems and
controls are used, the individual or
small team performing a task has
great influence over its outcomes.
Legally and morally, each person
has a duty of care to him or herself
and to others who may be affected
by acts or omissions. You can
change the behaviour of individuals
and groups by making sure that
they understand the hazards
identified by the local OSHMS, the
controls in place and why these are
judged to be sufficient.
Workers representatives
Setting up a system of employee OSH
representatives can act alongside
promoting personal motivation to add
value to the OSHMS. Such a system is
often developed as part of the formal
election of workers representatives. In
the EU and some other regulatory
regimes, employee consultation is a
14

legal requirement. Representatives

contribute to the effectiveness of the
OSHMS with their detailed knowledge
of what happens at the sharp end.
They can:
- identify opportunities for
improvement
- make sure that workplace
inspections and monitoring are
thorough
- check that planned improvements
and changes are realistic
- help with root-cause investigations
of failures
- act as a focus for employees
questions and concerns
- give access to external information
about best practices via trade unions
- provide a valuable reality check for
senior managers and regulators, as
representatives are typically confident
in stating their views.
Workers representatives need training
to be effective; team leaders and
supervisors also need training on how
to work with representatives.
OSH professionals
OSH professionals form the main group
of people who advocate the benefits of
OSH systems. UK-based organisations
have a legal requirement to appoint
one or more competent persons to
help them comply with relevant OSH
legislation. Where more than one person
is appointed, team work is important to
make sure that the OSHMS is
comprehensive, efficient and effective.
OSH professionals have a key role in
advising others with responsibilities
under the OSHMS, especially in
knowing about hazards, their likely
effects and current good practice for
avoiding, minimising, controlling and
mitigating them. For OSH professionals
to be able to give advice, they must
understand relevant legislation,
standards, best practice, practical risk
assessment methods, cost-effective
controls and training provision. The
OSH professional is also likely to liaise
with external professionals, such as
occupational hygiene consultants (who

may, for example, monitor exposure to

hazardous substances) and engineering
inspectors (who may examine and test
local exhaust ventilation and so on).
Its likely that an OSH professional will
be appointed custodian of the OSHMS
on behalf of the organisation, with a
key role in its effective implementation
and regular review. OSH professionals
should also be able to make key
contributions to audit processes and
investigations of serious incidents such
as injury, ill health or damage.
External stakeholders
Regulators
Regulators actions reflect societys
growing intolerance of organisations
whose profits appear to be earned
without due care for the health and
safety of workers, customers or the
public. Outside the UK and particularly
in the Pacific Rim, its becoming
increasingly common for national
legislation to require certification to a
recognised national or international
OSHMS standard, particularly for higher
hazard industries such as construction.
In the UK, areas regulated by safety
cases (eg nuclear, onshore major
hazards, pipelines, offshore, railways,
gas supply) all require a summary of the
OSHMS to be included in the safety
case submitted by the operator to the
regulator. In addition, some industries
have adopted voluntary codes and
standards that include a systematic
approach to OSH management (see the
examples on page 08).
Investors and insurers
Both investors and insurers are
concerned about risk, particularly risk
that isnt managed effectively. Whereas
the Turnbull requirements (see page
09) are targeted at avoiding major
losses, investors are increasingly
requiring more positive reassurance
that a business is well managed, and
may take health and safety as a marker
for performance in general. Insurers
may decline certain types of risk unless
theyre convinced that the issues are
well managed. Evidence of a

5 How should employers promote health?

comprehensive and effective OSHMS

can help directors respond to questions
and concerns raised by both investors
and insurers.
CSR lobby
In developed countries, theres now
significant demand for CSR, including
public corporate reporting. Both the
Dow Jones and the FTSE operate
investor listings linked to CSR results
that include health and safety.
In addition, non-governmental
organisations, investors and
consumers19 ask questions about OSH
results, particularly of global
organisations, if they suspect that
activities are being exported to
locations where workplace OSH
standards are lower than in the
organisations home country, thereby
increasing profits at the expense of the
workforces health and safety. The
ASSE and IOSH guidelines, Global best
practices in contractor safety,20 cover
some of these issues and identify more
than 60 aspects of good practice for
both clients and contractors these are
applicable to workplace health as well
as safety. Compliance with a
recognised OSHMS standard is one of
the recommended good practices.
Voluntary codes, such as the Global
Reporting Initiative (GRI)21 and Social
Accountability 8000,22 bring together
the expectations of various
stakeholders in this area, including the
need for appropriate management
systems and verification. In addition,
theres a growing consensus that
effective risk management needs to
extend throughout an organisations
supply chain, to ensure security and
thus sustainability (a development
reflected in the ILO OSHMS guidelines).
Global bodies
The United Nations and its subsidiary
bodies, such as the ILO, the World
Health Organization (WHO) and the
IMO, set standards, as does the GRI,
based for example on the Universal
Declaration of Human Rights. With

globalisation, such standards assume

higher profiles and responsible
organisations must pay more attention
to ensuring compliance. There is special
focus on the protection of vulnerable
groups such as children, migrant
workers and female workers. The ILO
has published numerous codes on a
wide variety of health and safety issues,
seeking to set minimum standards of
practice around the world.
Compliance with relevant ILO, IMO and
WHO codes for workplace health and
safety is often a requirement for
operating in developing economies, in
particular for projects funded by the
World Bank or the International
Monetary Fund. It can be expected that
compliance with GRI guidelines will
move, in due course, from voluntary
towards mandatory status. Third-party
verification of such compliance may also
be expected, hence the link to OSHMSs.

Auditing and verification

Good practices in OSH auditing
Auditing is the sampling of a process
by a competent person whos
independent of the process. Auditors
report on the effectiveness of the
process, focusing on inputs, outputs
and testing internal controls.
Verification has a similar meaning to
audit, but where verification involves
confirming conformity to an external,
recognised standard and results in the
issue of a compliance certificate, it is
generally called certification. ISO
1901123 is a useful overall guide on
how to set up and run a successful
audit programme. It can be applied to
virtually any PDCA management
system; though it only covers
environmental and quality systems, it
can easily be adapted to apply to
health and safety auditing and is in the
process of being amended to
incorporate this.
Typical audits cover three types of
evidence:
- documentation is it adequate?
Does it reflect all OSH hazards of
the organisation?

- interviews to confirm that

-

awareness, competence and

resources are appropriate
observation to check that
arrangements and standards
described in the OSHMS are actually
present in the workplace.

Audits have several key features:

- Auditors independence gives
credibility to the audit findings.
Auditors should not have any
personal accountability, or direct
reporting relationships, in the group
or area theyre auditing.
- Auditors need a strong analytical
ability but also well-developed
people skills, so that they can
collect reliable evidence quickly. The
skills of a good accident investigator
have a lot in common with those of
a good auditor, and vice versa.
- Company procedures and local
documents are sampled and
evidence is collected to check that
operational practice is consistent
with documented practice. In other
words, say what you do; do what
you say you do; and prove it.
- Evidence is collected from corporate
and local documents, interviews
and inspections of workplaces.
Auditors should choose some
samples themselves, not just accept
what is put before them.
- Because an audit is a sample,
however well judged, it can never
result in a perfect view of the facts.
Also, findings are valid only up to
the time of the audit. When
planning improvements, audit
evidence, though very powerful,
should be reviewed alongside other
data on system performance.
Some small and medium-sized
enterprises may not have a fully
documented OSHMS, but will be able
to demonstrate a clear understanding
of hazards and effective controls.
Examples of good auditing practice
- Techniques to avoid conflict between
the aims of the auditor and the
perceptions of the auditee include:
15

Avoid paper mountains

In audits, dont overemphasise the
need for comprehensive
documentation if evidence from
interviews and work sites shows the
system produces high quality results,
would more or better paperwork
add value?

- For large organisations, an

- using a transparent
performance standard as an
agreed basis for audit (eg the
organisations own OSHMS
activity descriptions or a
published standard)
- making sure that audit reports
arent seen as the only source
for continual improvement ideas
- including positive as well as
negative findings in the final
report
- discussing potential negative
findings as the audit progresses,
to give people the chance to
produce additional evidence if
provisional findings are incorrect.

overall audit plan is required so

that all areas are covered in an
agreed timescale. The initial plan
may be hazard-based (areas with
the highest potential for harm
are audited first), later becoming
risk-based (areas with least
effective controls are checked
more than those with proven
effective controls).
Any audit scoring system should
encourage future improvements in
preference to highlighting past
successes. Discourage
overemphasis on numerical scores
and inter-group competition based
on them; scores should be used as
benchmarks for improvement.
In the UK, the HSEs guidance,
Measuring health and safety
performance,24 can be used both
as an input to OSH audit
methodology and as a source of
ideas on quantifying audit results.

- As audit processes mature, include

auditors from clients, contractors,
trade unions or other partners to
aid both transparency and the
sharing of good practice. Consider
the value of external certification
as an additional source of
improvement ideas.
Positive and practical?
A really effective audit system is one
in which those being audited look
forward to the process, expecting
new and useful ideas for practical
improvements. If they face audits
with dread, the audit system needs
to improve, not those being
audited!

Advantages

Disadvantages

- Internal auditors know the organisation and where to

- External stakeholders may have suspicions about the

look for evidence

- Internal auditors reports have high internal credibility

- Because internal auditors audit their peers, their findings
are more likely to be seen as realistic by auditees

independence of internal auditors

- Internal auditing takes resources away from normal

work for both training and planned audits

- Internal auditors can have a limited vision of

- Auditing is an excellent developmental experience

-

improvement opportunities because of a lack of

external benchmarks

because employees learn in detail about other parts of

the organisation
Using internal auditors helps the transfer of good
practices across the organisation because they identify
opportunities for sharing

Table 2: Advantages and disadvantages of internal audit

Advantages

Disadvantages

- External auditors have high credibility with external

- External auditors must earn respect for their findings

stakeholders
External auditors provide strong benchmarking knowledge
and can give access to external verification bodies and
recognised certification where this adds value

Table 3: Advantages and disadvantages of external audit

16

within the organisation initially, they are often viewed

negatively
External auditors dont know the organisation, so may
ask for a lot of pre-audit documentation and take
longer than internal auditors to complete their work
External audits can be expensive

Auditor competence
Competence of auditors is a critical
factor. Competence requires knowledge,
skill, practical experience and suitable
personal qualities, and must cover two
areas: auditing methods and the
processes being audited. Its often easier
to supply the necessary breadth and
depth of competence in a small audit
team than in a single individual. A team
approach also allows new or
inexperienced auditors to be introduced
to processes and organisations. When
planning audits, you must decide
whether to use auditors who are
external to the organisation, or to use
internal auditors who are independent
of the areas to be audited.
Where formal certification is offered as
a result of an audit, all auditors should
meet recognised competence standards
in OSH, such as those required of

Chartered Members of IOSH. Their

Continuing Professional Development
(CPD) should also ensure that their
auditing skills are current. However,
where certification is not involved, and
particularly where specialist areas are
being audited, it may be enough for
the leader to meet these standards,
while other team members have an
appropriate mix of OSH and audit
competences. OSH professionals
providing internal OSHMS audit
services should meet similar standards
to those of external auditors.

Auditors experience
Whatever their understanding of
OSHMS models and theory, if an
OSHMS auditor lacks current
experience in practical OSH hazard
identification, assessment and
implementation of suitable controls
in the type of organisation theyre
auditing, their report is unlikely to
add much value.

While part-time internal OSHMS

auditors are unlikely to benefit from
formal qualifications and CPD to the
same extent, they should have basic
training in both OSH and audit skills,
which can be given through internal
courses and experience.

17

7 Advantages and disadvantages of OSHMSs

Advantages
A system meeting your risk needs
An OSHMS can prioritise the planning,
organising, control, monitoring and
review of measures to protect people
from work risks. Itll help you allocate
the correct resources, achieving
effectiveness and efficiency.
Occupational health focus
Significant occupational health risks
can be assigned the correct level of
importance and be properly resourced.
This isnt always the case with ad hoc
OSH processes, which depend largely
on the experience of available OSH
practitioners (including occupational
hygienists) and the internal structures
of the organisation. Also, employees
generally have a greater understanding
of safety risks than health risks. When
implemented correctly, an OSHMS
should address these issues and strike
the right balance in controlling all risks.
OSH is as important as other
business objectives
Many organisations struggle to give
OSH objectives the same importance as
other business objectives. At times, this
failure threatens the survival of an
organisation; at others, it can lead to
prosecutions and other penalties. A
correctly implemented OSHMS will
make sure that appropriate OSH
objectives are set by focusing on policy
and the process of setting objectives
and their delivery through the
management programme.
OSH in relation to quality
British and international standards
support the drive towards customer
first services, and as a result quality is
high on the agenda. Quality isnt usually
a legal requirement, but health, safety
and (often) environmental performance
are. The development of formal
OSHMSs should make sure that
sufficient importance is given to OSH
performance, which typically has more
impact on employees than on customers.

18

Legal compliance is easier to

attain and prove
The development and extension of
health and safety law, notably through
new approach Directives to help
create a single European market, have
led to additional legal requirements.
Organisations can have difficulty
keeping up to date with the
requirements relevant to their sectors.
An OSHMS helps identify relevant
statutory provisions and creates a
framework of procedures to make sure
that the organisation consistently
complies with the law.

Increasing the effectiveness

of initiatives
The longevity of management and
other health and safety-related
initiatives in organisations varies. Many
organisations use campaigns and
awareness-raising programmes to
improve knowledge and encourage
participation in health and safety
issues. An OSHMS requires continual
improvement and this can increase the
duration and effectiveness of
management initiatives, allowing them
to adapt and develop in line with
policy commitments.

Proving reasonably practicable

In the UK and some other countries,
you may have to prove that youve met
practicable and reasonably
practicable requirements in order to
demonstrate legal compliance. When a
balanced management system is
implemented and risk management is
systematically applied based upon the
proportionality of risk it should be
easier to prove compliance. For
example, quality management systems
(QMSs) have been used to prove due
diligence for compliance with food
safety law and to ensure product safety.

Visible commitment of
top managers
OSHMSs, like other management
systems, formally require top
management to be involved in and
committed to the system. This is
carefully documented through setting
policies and objectives and through
regular reviews to check the results
achieved. Once the objectives are set,
senior managers must visibly
demonstrate their commitment to
achieving them. Its consistently argued
that such commitment is essential for
world-class OSH results an OSHMS
demands it.

Helping system integration

Many organisations started with a
QMS, then adopted an environmental
management system and are now
considering an OSHMS. The structures
are similar, and adopting an OSHMS
will mean that if, at a later date, you
decide you need a holistic business risk
management approach, integration
should be straightforward.
Continual improvement
This process aims to improve some part
of the OSHMS at any one time, rather
than trying to improve all the elements
in the system simultaneously. This
structured and very practical approach
allows the organisation to improve
areas that arent operating effectively
or efficiently, using reviews and audits
to identify systematically the
opportunities for improvement.

Regular audits
Audits present an opportunity for
benchmarking (eg through creating
audit teams with members from
different departments or from outside
the organisation) and identifying
opportunities for improvement. External
certification and assurance bodies
which audit against applicable standards
can help to identify non-compliances
and necessary improvements.
Part of corporate governance
Theres an ever-increasing requirement
for directors to follow codes of practice
and meet the standards expected in
public life. Demonstrating that OSH
controls are adequate is an important
part of meeting this responsibility, and
independent audit to externally set
standards is an impartial way of

achieving this. Regular management

review of audit reports and OSHMS
results meets governance requirements
for OSH risks.
Reassuring the enforcement
authorities
Enforcement authorities require
organisations to comply with applicable
health and safety legislation. The
formality and systematic approach to
compliance required by an OSHMS
encourages confidence in the
organisations internal approach. In the
UK, for example, the HSEs HSG65
states: If you do follow the guidance
you will normally be doing enough to
comply with the law.
A focus on OSH resources
An OSHMS requires resources to be
allocated in all functions and at all
levels throughout the organisation. A
risk-based approach which ensures that
the scale of a management system is
proportionate to the risks and necessary
control measures makes such resource
allocation intrinsic to the whole
organisation. This is, in part, what the
Turnbull Report requires of London
Stock Exchange-listed companies.
Emergency preparedness
OSHMSs should make sure that suitable
resources are made available to respond
to foreseeable emergencies. This may
include provision for contacting outside
agencies, including emergency services,
and developing and communicating onand offsite emergency plans. An
OSHMS places such planning in a
proper management context.
Managers have a finger on the pulse
The OSHMS includes defect (nonconformance) reporting, which
directs managers attention to
opportunities for correcting problems
and making improvements. Managers
need to address health and safety
issues effectively, no matter how busy
they are. Alerting managers to
problems and actions they can take or
sanction continually reminds them of
their critical health and safety role.

Systematic risk management

Perhaps the biggest challenge is to
comply with the legislative need to
plan, organise, control, monitor and
review the preventive measures in
place to control significant risks. An
OSHMS creates a structured system for
compliance with the requirements of
both applicable legislative codes and
industrial sector best practice.

Disadvantages
Bureaucracy (paperwork or
electronic documents)
The need for a simple, effective system
wont be met if the system generates
excessive paperwork. You need to
minimise the number of documents
and records (in other words, streamline
document control), but be careful in
doing this.
Integration
Usually discussed as an advantage,
integration depends on many factors,
including internal politics. Theres a risk
of diluting health and safety effort or
creating inequality between
management of quality, health and
safety, and environment. For example,
an organisation in a high hazard industry
may not benefit from system integration
if it doesnt allow a focus on managing
significant risks. Similarly, if existing
management systems are inefficient,
then adding health and safety to the mix
will be counterproductive.
Time to implement
Designing and implementing an
OSHMS can be very time-consuming.
This may be exacerbated by overstating
system requirements and
documentation, by not matching the
system to the organisations health and
safety risks, or by not incorporating
existing OSH management processes
but starting again from scratch.
Heavy demand on resources
A lot of resources are required to set up
an OSHMS. Although this can be offset
by the inclusion and involvement of
employees, key managers and safety
representatives, a realistic appraisal will

still identify the need for significant

management time, and implementing
an OSHMS is likely to dominate the
work of the OSH professionals involved.
If some of the work is contracted out,
take care to check that the results
match the organisations needs.
Human behaviour may not be
fully addressed
Recent developments in determining
reasons for health and safety errors
place greater emphasis on the
behaviour of workers and managers.
This focus on the human factor can be
lost if theres too much emphasis on
the paperwork requirements of a
formal OSHMS. For example, its easy
to overlook the need to monitor
workplace behaviour and talk with and
involve people. However, with
attention to continual improvement,
any issue including human factors
can be addressed.
Certification and assurance bodies
are still learning
There can be conflict when auditors
interpretations of health and safety
are different from those of the sector
or organisation being audited.
Differences can often be resolved by
referring to relevant guidance notes
and authoritative information. This
type of conflict can reflect the relative
inexperience of external auditors in
this work.
True independence?
OSHMS certification is relatively
immature and underdeveloped. If
external auditors are to be truly
independent, they shouldnt have
played any part in advising the
organisation on how best to
implement an OSHMS in the first place.
Also, as has been learned with
financial audits, it may be difficult to
provide genuinely independent
auditing if theres an existing
relationship with the auditors or if
service costs are a prime issue.

19

Barriers to change
Barriers to change are invariably
erected in the way of new systems.
Often theres a suspicion, at times well
founded, that change is being made
for its own sake and without business
justification. Some organisations may
be able to manage health and safety
successfully by consistent and good
management, without the need for a
formal system.
Managers dont understand
the systems
Typically, managers are not committed
to the introduction of new systems.
Managers require time, training and
motivation to make sure they become
advocates of the system and not
enemies within. Its a mistake to think
that OSHMSs are self-evidently a good
thing; they require effective
communication to win people over.

Numerous audits
These days, stress is recognised as a
workplace hazard that needs to be
managed within the framework of the
OSHMS. It should also be recognised
that pressure to achieve certification for
a new OSHMS can create its own stress
on managers and employees alike.
Dont overlook the need to provide
support before and during audits.
Which OSHMS model?
Deciding which OSHMS to use can be
confusing. The aim should be a
system that is consistent with your
organisations needs and its
management approach. While OHSAS
18001 aligns extremely well with ISO
1400125 and other international PDCA
standards, and is therefore useful for
integration, the organisation, clients,
enforcement authorities or
government may better understand
other systems based on standards or
guidelines such as BS 18004, HSG65,
ILO or an industry code. All systems
need to be adapted to the specific
needs and culture of the organisation
or they wont be sustainable.

Is the written procedure safe

and healthy?
In some countries theres a tendency to
write down whats currently done and
adopt that as the OSHMS. This can
create a significant liability risk if the
procedures havent been checked to
make sure they are in fact
comprehensive (that they cover all
hazards) and adequate (that the
controls are effective in reducing risk).
The liability exists in any event, but the
OSHMS documentation then appears
to validate it. A properly functioning
OSHMS should make sure that these
problems are identified and corrected.

* Debate still continues on definitions for quality of life; collectively they highlight that its a subjective state encompassing physical, psychological
and social functioning, and a key feature is its basis on the perceived gap between actual and desired living standards.7

20

8 OSHMS certification

The desire to gain certification of an

OSHMS may come from internal
stakeholders who need assurance that
their organisation meets a verifiable
standard, or who judge that certification
will add value with clients or customers.
However, its more likely that pressures
will come from external stakeholders, in
particular prospective or existing clients,
or regulators as part of national policy.
In this case, certification is likely to move
rapidly from being a preferred option
to become an entry condition, without
which existing or potential business is
lost.

This poses few problems provided the

certification process is applied to a
developed OSHMS, validating its
effectiveness, or encouraging
further improvements to meet the
external standard. An OSHMS that is
seen as just a tool for obtaining the
required certification will be
ineffective in its true purpose of
continually reducing work-related
accidents and ill health.
IOSH recognises OSHMS standards and
certification processes as relatively new
and still developing, and we suggest the
following as good practices in relation
to OSHMS certification:
- Dont allow a business need for
external certification of OSH
standards and practices to get in
the way of developing strong
internal continual improvement
processes, including internal audit.

- Make sure that an external

certification audit isnt viewed solely

as a pass/fail exercise, but as one
step within an overall OSH
continual improvement plan.
Where external certification isnt a
pressing business need, develop
internal audit processes first.
Where possible, base external
audits primarily on evidence from
internal audits. Consider adding
external auditors to internal teams
in preference to increasing the
number of audits.
Make sure that internal and
external OSHMS auditors meet the
IOSH competence standards (see
page 17).

21

9 How to get started

The way forward for organisations

developing their first formal OSHMS is
to choose the system they wish to use
as a basis, establish which
arrangements are already in place, and
then identify gaps between those and
the requirements of the OSHMS.
Choosing a system
One way of choosing a system is to
create a comparison table and score the
systems you wish to consider to see
which most closely meets your
preferred specification the more
relevant features you tick, the better.
The example in Table 4 includes
comparisons between some of the
main management systems mentioned
in this guidance. However, if theres a
preferred system for your particular
industry, you may also want to include
an industry-specific column. For
instance, if your organisation is a
contractor to the chemical industry, you
could include Responsible care in this
column. In addition to those features
listed, there may be in-house and other
factors to be considered, in which case
you can add them to the table (for
example, if your customers use a
particular system, adopting the same
system will enhance your compatibility).

Initial status review (gap analysis)

The gap analysis approach ensures that
you dont waste effort on developing
new systems when existing internal
arrangements are working well. Even
organisations which believe that they
have nothing in place often find that
there are long-established working
practices that have never been formally
recognised or documented.
A simple way of carrying out the initial
status review is as a desktop exercise,
with the draft safety management plan
drawn as a flow diagram or matrix on
a flipchart. Its important to consult and
involve all parties in the organisation,
including workers representatives
ownership and success of the OSHMS
is likely to be greater because of the
interest developed in this way.
Remember the most successful
management systems arent created at
initial status review, but are developed
through effective performance
measurement, review and continual
improvement. However, reporting the
status review to senior managers or
directors, and communicating the
results to the workforce, can get this
process under way at this early stage.

Making it happen
Most of the OSHMSs referred to in
this document include extensive
practical guidance in support of the
main code or standard, usually in
subsidiary publications (see further
reading on IOSHs website at
www.iosh.co.uk/freeguides).
However, theres no doubt that
adapting a standard system for use in
a particular organisation requires
significant time and resources.
Organisations with experience of
managing significant internal process or
organisational change should find it
relatively easy to introduce an OSHMS
by using similar methods. Organisations
without such experience may need to
employ external change management
advisers to help effective consultation
and to ensure the involvement and
commitment of all necessary parties.
Techniques to support effective
implementation include:
- clear support and personal
commitment from leaders in the
organisation, including modelling of
desired behaviour
- incorporating both OSHMS
implementation and results in

Management systems
Features

HSG65

BS 18004

OHSAS 18001

ILO

Industry-specific
(eg Responsible
care)

Certifiable
International

(see note below)

Regulator support
(some non-UK)
Tested (> 2 years old)
Stakeholder
recognition
In-house factors (eg
your customer uses
this system)
Note: Responsible care isnt classed here as international because, while some
countries do adopt a management systems approach to it, many dont.

Table 4: OSHMS comparison table for a UK-based contractor to the chemical industry
22

declared high-level business targets

(eg x per cent of sites are expected
to complete their gap analysis by y
and their initial roll-out by z;
priority improvements over the next
year are to be areas a, b, c)
seconding staff from across the
organisation full-time to the
development and implementation
team
customising the model system to
suit the needs and culture of the
organisation, and linking it to
internal consultation processes
developing benchmarking contacts
with similar organisations that have
experience of implementing similar
systems

- trials in one or more selected areas

-

before the OSHMS is launched

more widely
not taking too long trying to
develop a perfect system, but
rather implementing something
reasonable and learning how to do
better via the internal audit,
management review and continual
improvement processes
recognising and celebrating small
successes on the route to a fully
sustainable OSHMS.

Getting started
One large catering organisation
appointed a mixed team of
managers and workers to undertake
an initial status review. The team
undertook this exercise by
identifying key elements of the
existing processes, completing a
brainstorming exercise to identify
gaps within the system and then
mapping this out in the form of a
flow diagram.

Typical outputs

Typical inputs
Any information relating
to hazard identification
and risk assessment
Review of OSH
performance, including
incidents and accidents
Identification and review of
existing OSH management
arrangements or processes
Competence and training
requirements
Workforce involvement
OSH legal and other
standards and best
practice within the sector,
eg a compliance register

Initial status review

(gap analysis)
Undertaken by a mixed safety
management team that
includes worker
representatives and a
competent practitioner
Where are we now?

Draft an OSH management

plan, including:
- an OSH policy statement
- hazard identification and
risk assessments
- OSH management
arrangements
- competence and training
needs
- OSH management
programme
The objective is to ensure
effective OSH management
and a process of continual
improvement

Figure 6: Process for developing an OSHMS

23

References

24

Council Directive 89/391/EEC of 12

June 1989 on the introduction of
measures to encourage
improvements in the safety and
health of workers at work. Official
Journal of the European
Communities, 29 June 1989, L183,
Brussels.
Responsible Care management
systems guidance, RC127 (fourth
edition), and Links between the
Responsible Care management
systems guidance and self
assessment and the business
excellence model, RC129 (second
edition). London: Chemical
Industries Association, London,
2003.
Guidelines on occupational safety
and health management systems,
ILO-OSH 2001. Geneva:
International Labour Office, 2001.
Occupational health and safety
management systems
requirements, OHSAS 18001:
2007. London: BSI, 2007.
Reporting performance guidance
on including health and safety
performance in annual reports.
Wigston: IOSH, 2008. See
www.iosh.co.uk/performance.
Successful health and safety
management, HSG65 (second
edition). Sudbury: HSE Books,
1997.
Guide to achieving effective
occupational health and safety
performance, BS 18004: 2008.
London: BSI, 2008.
International safety management
(ISM) code. London: IMO, 2002.
See www5.imo.org/SharePoint/
mainframe.asp?topic_id=287.
Management of Health and Safety
at Work Regulations 1999, SI
1999/3242. London: The Stationery
Office.

10 Occupational health and safety

management systems general
guidelines on principles, systems and
supporting techniques,
AS/NZS4804:2001. Sydney:
Standards Australia International
Ltd, 2001.
11 Guidelines for the development and
application of health, safety and
environmental management
systems, Report no. 6.36/210.
London: OGP, 1994. See
www.ogp.org.uk/pubs/210.pdf.
12 Joined-up working an introduction
to integrated management systems.
Wigston: IOSH, 2006. See
www.iosh.co.uk/joinedup.
13 Business risk management getting
health and safety firmly on the
agenda. Wigston: IOSH, 2008. See
www.iosh.co.uk/businessrisk.
14 Internal control: revised guidance for
directors on the Combined Code.
London: Financial Reporting Council,
2005. See www.frc.org.uk/
FRC/media/Documents/RevisedTurnbull-Guidance-October2005.pdf.
15 Quality management systems:
requirements, BS EN ISO 9001:2000.
London: BSI, 2000.
16 Revitalising health and safety
strategy statement, OSCSG0390.
Wetherby: Department for the
Environment, Transport and the
Regions, 2000. See
www.ilo.org/wcmsp5/groups/
public/---ed_protect/---protrav/
---safework/documents/policy/
wcms_212111.pdf.
17 Accounting and reporting by
charities: statement of
recommended practice. London:
Charity Commission for England and
Wales, 2005. See www.charitycommission.gov.uk/
Charity_requirements_guidance/
Accounting_and_reporting/
Preparing_charity_accounts/
sorpfront.aspx.

18 Leading health and safety at work

leadership actions for directors
and board members, INDG417.
Sudbury: HSE Books, 2007. See
www.iod.com/hsguide and
www.hse.gov.uk/leadership.
19 The first ever European survey of
consumers attitudes towards
corporate social responsibility and
country profiles. Brussels: CSR
Europe (MORI poll), 2000.
20 Global best practices in contractor
safety. Wigston: IOSH, 2001. See
www.iosh.co.uk/globalcontractor.
21 Sustainability reporting guidelines
on economic, environmental and
social performance, version 3.0.
Netherlands: Global Reporting
Initiative, 2006. See
www.globalreporting.org.
22 Social Accountability 8000, SA
8000:2008, New York: Social
Accountability International, 2008.
23 Guidelines for quality and/or
environmental management
systems auditing, BS EN ISO 19011:
2002. London: BSI, 2002. Currently
being revised to include OSH.
24 Measuring health and safety
performance, HSE, 2001. See
www.hse.gov.uk/opsunit/
perfmeas.pdf.
25 Environmental management
systems. Requirements with
guidance for use, BS EN ISO
14001:2004. London: BSI, 2004.

Further reading

Auditing a safety and health

management system: a safety and
health audit tool for the healthcare
sector. Health and Safety Authority,
2006. Available from www.hsa.ie/eng/
Publications_and_Forms/Publications/
Occupational_Health/Auditing
_Healthcare.pdf.
The Health and Safety Authority (HSA)
in the Republic of Ireland has produced
this audit tool to assist in the
continuous development and
implementation of health and safety
management systems for the
healthcare sector. Eighteen different
criteria for audit are described and
followed by guidance. This tool is to be
used in conjunction with the 2006 HSA
guidance document for the healthcare
sector, How to develop and implement
a safety and health management
system, available at www.hsa.ie/eng/
Publications_and_Forms/Publications/
HealthCare_Sector/Guidance_
Document_for_the_Healthcare_
Sector_-_How_to_develop_and_
implement_a_Safety_and_Health_
Management_System.html.
Code of practice for risk management,
BS 31100:2008. London: BSI, 2008
This standard for risk management
helps organisations to understand how
to develop, implement and maintain
effective risk management, thereby
helping them achieve their objectives.
It treats risk management as being as
much about exploiting potential
opportunities as preventing potential
problems, and sees it as an essential
part of good management. The
standard establishes the principles and
terminology and provides
recommendations for the model,
framework, process and
implementation of risk management.
Development of working model of
how human factors, safety
management systems and wider
organisational issues fit together.
Research report RR 543:2007 prepared
by White Queen Safety Strategies and

Environmental Resources Management

for HSE London. Available from www.
hse.gov.uk/research/rrpdf/rr543.pdf.
This report describes a project to
develop a working model linking
human factors, safety management
systems and organisational issues in
the context of safety. While the focus is
on chemical major hazards in
particular, it is also intended to apply to
health and safety in general.
Guidance for health and safety
management systems interfacing. Step
Change in Safety, 1999. Available from
http://stepchangeinsafety.net/
stepchange.
This guidance addresses the issue of
meshing OSHMSs used by separate
organisations when they decide to
work together perhaps in a formal
partnership, but more often as client
and contractor or contractor and subcontractor working at a particular
location or on a project. The document
includes two checklists, based on the
HSG65 model but adaptable to others,
which can be used to identify which
interfaces have to be managed and
whether theres clear understanding
about who does what at each
interface.
IMS: The framework integrated
management systems series, HB
10190:2001. London: BSI, 2001
This outlines a framework for
managing the operational risks any
organisation faces in its day-to-day
business. The aim is to provide a
structure by which an organisation can
efficiently and effectively manage its
operation through one system.
IMS: Implementing and operating
integrated management systems series,
HB 10191:2002. London: BSI, 2002
This gives an approach for integrating
the management of quality, OSH and
environmental aspects within one
management system. This how to do

it manual includes flowcharts,

questionnaires and examples, and
takes readers through the model
outlined in IMS: The framework.
Managing health and safety five
steps to success, INDG275. Sudbury:
HSE Books, 1998 (reprinted 2008).
Available from www.hse.gov.uk/
pubns/indg275.pdf.
Aimed mainly at directors and
managers, this short booklet
summarises the key messages of
HSG65, outlining good practice and
the costs of getting it wrong. It
describes five key steps: set policy;
organise staff; plan and set standards;
measure performance; and learn from
experience (audit and review). There
are questions following the
descriptions to help readers assess how
well their organisations are doing in
each area.
Managing safety the systems way: BS
8800 to OHSAS 18001, HB
10180:2000. London: BSI, 2000
This is an easy-to-follow guide to
implementing the new British
Standard. The book has been revised
and updated to incorporate the
requirements of the new BS OHSAS
18001 and best practice. It takes a
practical approach to tackling the
various elements of an OSH
management system for your business.
It also explains how the system can be
maintained as OSH evolves, responding
to internal and external influences.
Occupational health and safety
management systems Guidelines for
the implementation of OHSAS 18001:
2007, OHSAS 18002:2008. London:
BSI, 2008
This Occupational Health and Safety
Assessment Series (OHSAS) guideline
provides generic advice on
implementing OHSAS 18001 (a
specification for an occupational safety
and health management system),
explaining its principles, intent, typical
inputs and outputs, and processes. It
25

includes a correspondence table

between OHSAS 18001:2007, ISO
14001:2004 and ISO 9001:2008. It
also features a table showing the
correspondence between the clauses of
the OHSAS documents and the clauses
of the 2001 ILO-OSH guidelines.
Specification of common management
system requirements as a framework
for integration, PAS 99:2006. London:
BSI, 2006
This Publicly Available Specification (PAS)
was produced in response to the
increased interest in an integrated
approach to management systems and
corporate governance. It contains a
framework for implementing common
requirements of management system
standards or specifications in an
integrated way. Adopting this PAS will
simplify the implementation of multiple
system standards and any associated
conformity assessment. The reduction in
duplication by combining two or more
systems in this way has the potential to
significantly reduce the overall size of
the management system and improve
system efficiency and effectiveness. It
can apply to all sizes and types of
organisation. PAS 99:2006 will be
withdrawn when its content is
published in, or as, a British Standard.
Strategies to promote safe behaviour
as part of a health and safety
management system. Prepared by the
Keil Centre for HSE: Contract research
report 430: 2002. Available from
www.hse.gov.uk/research/
crr_pdf/2002/crr02430.pdf.

26

This report promotes safe behaviour at

work as a critical part of the
management of health and safety,
because behaviour is important in
transforming systems and procedures
into reality. Good systems on their own
are not enough to ensure successful
health and safety management; the key
is how organisations live their systems.
This report covers:
- the theory underpinning strategies to
promote safe behaviour
- the key elements of programmes in
use to promote safe behaviour
- how to use behavioural strategies to
promote critical health and safety
behaviours
- how to integrate behavioural
strategies into a health and safety
management system.
The use of occupational safety and
health management systems in the
member states of the European Union:
experiences at company level. European
Agency for Safety and Health at Work,
2002. Available from
http://osha.europa.eu/en/
publications/reports/307.
The European Agency for Safety and
Health at Work has published this report
covering OSHMSs in the member states
of the EU and the best approach to
take. It identifies five key elements of
effective OSHMSs: initiation (OSH input);
formulation and implementation (OSH
process); effects (OSH output);
evaluation (OSH feedback); and
improvement and integration (open
system elements). It then looks at eleven
companies across the EU that have

introduced or improved their OSHMSs,

indicating which of the key elements
each particular case study highlights.
The report also comments on the
strengths and weaknesses of the case
study systems, noting that they tend to
concentrate mainly on work-related
accidents, but give less attention to
work-related ill health. It also notes
that some organisations attach a
greater level of importance to health
and safety than others and that there
are weaknesses wherever
communication or competence are
inadequate.
Regarding strengths, as well as
reducing accidents and lost-time in the
larger organisations, it was felt that
OSHMSs increased employee
motivation and identification with their
employers and also helped develop
their competence.

Appendix: List of abbreviations

CPD
Continuing professional development
a means to ensure ongoing
competence in a changing world

ILO
International Labour Organization
a United Nations agency, based in
Geneva

NGO
Non-governmental organisation (eg
voluntary, campaigning or professional
body)

CSR
Corporate social responsibility a
system whereby organisations integrate
social and environmental concerns into
their business operations and
interactions with stakeholders

IMO
International Maritime Organization
a United Nations agency, based in
London

OSH
Occupational safety and health

GRI
Global Reporting Initiative an
international sustainability reporting
institution that has developed
guidelines for voluntary reporting on
the economic, environmental and
social performance of organisations
HSE
Health and Safety Executive the UK
OSH regulator

IOSH
Institution of Occupational Safety and
Health
ISM
International Safety Management
a formal code requirement of the IMO
that applies to most classes of large ship
ISO
International Organization for
Standardization

OSHMS
Occupational safety and health
management system
SMARTT
Specific, measurable, agreed, realistic,
timetabled and tracked action a
method for managing action plans
WHO
World Health Organization a United
Nations agency, based in Geneva

27

Acknowledgments

IOSH would like to thank the working

party who produced the original
version of this guide and also Paul
Reeve CFIOSH CEnv FIEMA for
updating it:
Lawrence Waterman CFIOSH
(Chairman), Managing Director, Sypol
Martin Allan CFIOSH, Managing
Director, Martin Allan Partnerships Ltd
Lawrence Bamber CFIOSH, Managing
Director, Risk Solutions International
Martyn Hopkinson CMIOSH, Company
Health and Safety Manager, British
Sugar plc
Arran Linton-Smith CFIOSH, Health and
Safety Consultant, MacGregor
Associates
Ian Waldram CFIOSH, Safety, Health
and Environment Consultant
Richard Jones CFIOSH (Administrator),
Policy and Technical Director, IOSH

We would also like to thank the

original consultees, who were:
Dr Janet Asherson CMIOSH, Head of
Environment, Health and Safety, CBI
Dr Tony Boyle CFIOSH, Consultant,
HASTAM
David Eves CB, IOSH Honorary Vicepresident and former Deputy
Director-General, HSE
Stephen Fulwell CFIOSH, Independent
Safety, Health and Environment
Consultant
Liam Howe CFIOSH, Safety and
Training Manager, Coillte Teoranta
Jay Joshi CMIOSH, Chief Information
Officer, British Safety Council
Brian Kazer CFIOSH, Chief Executive,
BOHRF
Paul Reeve CFIOSH, Head of HS&E,
Electrical Contractors Association
Owen Tudor, Senior Health and Safety
Policy Officer, TUC

Finally, IOSH would like to thank the following organisations

for their valued support of this document:

www.cbi.org.uk

28

www.tuc.org.uk

Institution of Occupational
Safety and Health
Founded 1945
Incorporated by Royal Charter 2003
Registered charity 1096790

IOSH was founded in 1945 and is a registered

charity with international NGO status.

This document is printed on chlorine-free paper produced from managed, sustained forests.
POL2175/141014/IOSH

We set standards, and support, develop and

connect our members with resources, guidance,
events and training. Were the voice of the
profession, and campaign on issues that affect
millions of working people.

Robert J Prowse

t +44 (0)116 257 3100

www.iosh.co.uk
twitter.com/IOSH_tweets
facebook.com/IOSHUK
tinyurl.com/IOSH-linkedin

IOSH is the Chartered body for health and safety

professionals. With more than 44,000 members
in over 120 countries, were the worlds largest
professional health and safety organisation.

FS 60566

image:

IOSH
The Grange
Highfield Drive
Wigston
Leicestershire
LE18 1NN
UK