OHSAS 18001 2007 OH&S REQUIREMENTS

4.1 Establish an OHSMS for your Organization

General
Requirements
Develop an OHSMS that complies with OHSAS 18001.

Document your OHSMS in accordance with OHSAS 18001.

Implement your OHSMS in accordance with OHSAS 18001.

Maintain your OHSMS in accordance with OHSAS 18001.

Improve your OHSMS in accordance with OHSAS 18001.

4.2 Develop an OH&S Policy for your Organization

Policy
Requirements
Define your organizations OH&S policy.

Document your organizations OH&S policy.

Implement your organizations OH&S policy.

Maintain your organizations OH&S policy.

Communicate your organizations OH&S policy.

4.3.1 Analyze OH&S Hazards and Select Controls

4.3
Planning Identify OH&S hazards and assess your risks.
Requirements
Develop a methodology to identify OH&S
hazards and assess your organizations risks.

Establish procedures to identify OH&S hazards

and assess your organizations risks.

Implement your OH&S hazard identification

and risk assessment methods and procedures.

Maintain your OH&S hazard identification and

risk assessment methods and procedures.

Reduce OH&S risks by selecting your controls.

Establish procedures to select your OH&S controls.

Implement your OH&S control selection procedures.

Maintain your OH&S control selection procedures.

4.3.2 Respect Legal and Nonlegal OH&S Requirements

Establish procedures to identify and access the legal and

nonlegal OH&S requirements that apply to your organization.

Respect all legal and nonlegal requirements when

you establish your organizations OHSMS.

Keep your organizations legal and nonlegal

OH&S regulatory information up to date.

Communicate information about your regulatory

OH&S information to all interested participants.

4.3.3 Establish OH&S Objectives and Programs

Establish your organizations OH&S objectives.

Develop OH&S objectives for your organization.

Implement your organizations OH&S objectives.

Establish your organizations OH&S programs.

Develop programs to achieve your OH&S objectives.

Implement programs to achieve your OH&S objectives.

Maintain programs to achieve your OH&S objectives.

4.4 4.4.1 Establish Responsibility and Accountability
Implementation
Requirements
Ask your top management to accept responsibility for OH&S.

Make sure that management demonstrates a commitment to

OH&S.

Appoint a member of management to manage and control OH&S.

Make sure that your workers take responsibility for OH&S.

4.4.2 Ensure Competence and Provide Training

Ensure the competence of people who perform

tasks that could have an impact on OH&S.

Maintain records which show that people who

have an impact on OH&S are in fact competent.

Identify your organizations OH&S training needs.

Establish OH&S training methods and procedures.

Provide training to meet your OH&S training needs.

Evaluate the effectiveness of your OH&S training activities.

Maintain a record of OH&S training activities and results.

Establish a procedure to make people aware of OH&S.

Implement your OH&S awareness procedure.

Maintain your OH&S awareness procedure.

4.4.3 Establish Communication and Participation

4.4.3.1 Establish OH&S Communication Procedures
Establish an internal OH&S communication procedure.

Develop a procedure to control internal communications.

Implement your internal communications procedure.

Maintain your internal communications procedure.

Establish a contractor and visitor OH&S communication

procedure.

Develop a procedure to control how you communicate

about OH&S with your contractors and visitors.

Implement a procedure to control how you communicate

about OH&S with your contractors and visitors.

Maintain a procedure to control how you communicate

about OH&S with your contractors and visitors.

Establish an external OH&S communication procedure.

Develop a procedure to control external communications.

Implement a procedure to control external

communications.

Maintain a procedure to control external communications.

4.4.3.2 Establish OH&S Participation and Consultation

Establish a worker participation procedure.

Develop a procedure to manage worker involvement.

Implement your worker participation procedure.

Maintain your worker participation procedure.

Consult with workers about OH&S matters.

Consult with contractors and other parties.

Develop a procedure to manage contractor involvement.

Implement your contractor participation procedure.

Maintain your contractor participation procedure.

Consult with external parties about OH&S matters.

4.4.4 Document your Organization's OHSMS

 Document your organizations OH&S policy.

Document your organizations OH&S objectives.

Document the scope (boundary) of your OHSMS.

Document the elements (parts) of your OHSMS.

Document how the elements of your OHSMS interact.

4.4.5 Control your Organization's OH&S Documents

Control documents required by OHSAS 18001.

Establish a procedure to control OH&S documents.

Implement your OH&S document control procedure.

Maintain your OH&S document control procedure.

Control your OH&S management records.

4.4.6 Implement Operational OH&S Control Measures

Identify those operations and activities that should use

controls to manage OH&S hazards and reduce risks.

Implement controls to manage OH&S hazards and reduce risks.

Implement documented procedures to reduce your OH&S risks.

Implement operating criteria to reduce your OH&S risks.

Maintain your organizations OH&S procedures and controls.

Maintain the operating criteria needed to control OH&S risks.

4.4.7 Establish an OH&S Emergency Management Process

 Prepare for emergency situations that could impact OH&S.

Establish OH&S emergency management procedures.

Test your OH&S emergency management procedures.

Implement your OH&S emergency management procedures.

Review your OH&S emergency management procedures.

Revise your OH&S emergency management procedures.

4.5 4.5.1 Monitor and Measure your OH&S Performance

Checking
Requirements
Establish procedures to monitor and measure OH&S
performance.

Implement your OH&S monitoring and measurement procedures.

Maintain your OH&S monitoring and measurement procedures.

Record the results of your monitoring and measurement

activities.

Establish procedures for monitoring and measurement

equipment.

Implement procedures for monitoring and measurement

equipment.

Maintain procedures for monitoring and measurement

equipment.

4.5.2 Evaluate Legal and Nonlegal Compliance

4.5.2.1 Evaluate Compliance with Legal Requirements

Establish a procedure to periodically evaluate how well
your organization complies with legal OH&S requirements.

Record the results of your legal OH&S compliance evaluations.

4.5.2.2 Evaluate Compliance with Nonlegal Requirements

Establish a procedure to periodically evaluate how well your
organization complies with nonlegal (other) OH&S requirements.

Record the results of your nonlegal OH&S compliance

evaluations.
 4.5.3 Investigate Incidents and Take Remedial Action

4.5.3.1 Investigate your Organization's OH&S Incidents

Establish procedures to investigate OH&S incidents.

Implement your OH&S incident investigation procedures.

Maintain your OH&S incident investigation procedures.

4.5.3.2 Take Corrective and Preventive Action

Establish nonconformity management procedures.

Implement your nonconformity management procedures.

Maintain your nonconformity management procedures.

4.5.4 Establish and Control OH&S Records

Establish OH&S records for your organization.

Maintain your organizations OH&S records.

Develop procedures to control your OH&S records.

Implement your OH&S record keeping procedures.

4.5.5 Conduct Internal Audits of your OHSMS

Establish an internal OHSMS audit program.

Implement your internal OHSMS audit program.

Implement your internal OHSMS audit program.

4.6 Review the Performance of your OHSMS

Review
Requirements
Review your OHSMS by examining inputs.

Assess the results of your management reviews.

Generate OHSMS management review outputs.

Communicate management review outputs.

 OHSAS 18001 2007
IN PLAIN ENGLISH

INTRODUCTION

OHSAS 18001 is an occupational health and safety management

standard.

INTRODUCTION TO OHSAS 18001

OHSAS 18001 2007 is an occupational health and safety management standard. It
defines a set of occupational health and safety (OH&S) management
requirements for occupational health and safety management systems
(OHSMS).
OHSAS 18001 2007 was developed by the OHSAS Project Group, a consortium of
43 organizations from 28 countries. This consortium includes national standards
bodies, registrars (certification bodies), OH&S institutes, and consultants.
This new OHSAS 18001 2007 standard was officially published during July of 2007.
It cancels and replaces OHSAS 18001 1999. Since it was first published in 1999,
OHSAS 18001 has rapidly become the most widely used international OH&S
management standard. OHSAS 18001 applies to all types of organizations. It
doesnt matter what size they are or what they do.
The purpose of OHSAS 18001 is to help organizations to manage and control their
OH&S risks and to improve their OH&S performance. They can achieve this
purpose by developing an OHSMS that complies with OHSAS 18001.
An OHSMS is a network of interrelated elements. These elements
include responsibilities, authorities, relationships, functions, activities, processes,
practices, procedures, and resources. These elements are used to establish OH&S
policies, plans, programs, and objectives.
Certainly the concept of an OHSMS is rather abstract. However, fortunately, you
dont really have to completely grasp, absorb or memorize what it means. Simply
by meeting all of the OHSAS 18001 requirements (Part 4), you will automatically
establish an integrated OHSMS for your organization.

HOW TO USE OHSAS 18001

If you dont already have an occupational health and safety management system
(OHSMS), you can use this OHSAS 18001 standard to establish one. And once
youve established your organizations OHSMS, you can use it to manage and
control your OH&S risks and to improve your OH&S performance.
OHSAS 18001 expects organizations to comply with all of the requirements that
make up the standard. According to the standard, your OHSMS must comply
with every OHSAS 18001 requirement (Part 4 of the standard).
However, the size and complexity of OHSMSs vary quite a bit. How far you go is up
to you. The size and complexity of your OHSMS, the extent of your
documentation, and the resources allocated to your system will depend on many
things. How you meet each of the OHSAS 18001 requirements, and to what extent,
depends on many factors, including:
1. The size of your organization
2. The location of your organization
3. The nature of your organizations culture
4. The nature of your organizations activities
5. The nature of your organizations legal obligations
6. The nature and scope of your organizations OHSMS
7. The content of your organizations OH&S policy
8. The nature of your organizations OH&S hazards
9. The nature of your organizations OH&S risks

OHSAS 18001 is designed to be used for certification (registration) purposes.

However, OHSAS 18001 does not require certification. You can be in compliance
without being formally certified (registered). You can self-assess (self audit) your
OHSMS and simply declare that it complies with the OHSAS 18001 standard (if it
actually does).
If you wish to become certified, you need to ask a registrar to audit your OHSMS. If
your system complies with OHSAS 18001, your registrar will issue a Certificate
that you can use to formally announce that your OHSMS is compliant.

THE PDCA METHODOLOGY

OHSAS 18001 uses what is called the Plan-Do-Check-Act (PDCA) methodology. It
uses this methodology to organize the standard and you can use it to establish
your OHSMS.
The PDCA methodology is used to organize
OHSAS 18001 in the following way:
1. P L A N . Parts 4.1, 4.2, and 4.3 expect you
to plan the establishment of your OHSMS.

2. D O . Part 4.4 expects you to implement your OHSMS.

3. C H E C K . Parts 4.5 and 4.6 expect you to monitor,

measure, and report on the performance of your OHSMS.

4. A C T . Parts 4.5 and 4.6 expect you to improve your OHSMS.

You can also use a PDCA approach to help you establish your organizations
OHSMS. By taking the following 4 steps you will be using a PDCA approach:
1. P L A N . Plan your OHSMS.
 2. D O . Establish your OHSMS.

3. C H E C K . Evaluate your OHSMS.

4. A C T . Improve your OHSMS.

YOUR GENERAL APPROACH

The following material presents a brief OHSMS development plan.
It summarizes the general approach you will take to develop your own unique
OHSMS. It uses a PDCA approach and is taken directly from our OHSAS 18001
Translated into Plain English. If you use our plain English standard to develop
your organizations OHSMS, you will automatically take the following steps:
1. Define the scope of your OHSMS.
2. Define your organizations OHSMS policy.
3. Develop a methodology to identify hazards and assess risks.
4. Establish procedures to identify hazards and assess risks.
5. Identify your organizations hazards and assess your risks.
6. Establish procedures to evaluate and select OH&S controls.
7. Evaluate the adequacy of your existing OH&S controls.
8. Select OH&S controls that reduce your OH&S risks.
9. Document the results of your control selection process.
10. Identify relevant legal and nonlegal OH&S requirements.
11. Respect all relevant legal and nonlegal OH&S requirements.
12. Establish unique OH&S objectives for your organization.
13. Establish programs to achieve your OH&S objectives.
14. Appoint a member of top management to manage OH&S.
15. Ensure the competence of those who influence OH&S.
16. Identify your OH&S training and awareness needs.
17. Establish OH&S training and awareness procedures.
18. Implement OH&S training and awareness procedures.
19. Establish procedures to manage OH&S communications.
20. Establish procedures to manage OH&S participation.
21. Document your organizations unique OHSMS.
22. Control your organizations OH&S documents and records.
23. Implement controls to manage OH&S hazards and risks.
24. Establish an OH&S emergency management process.
25. Monitor and measure your organizations OH&S performance.
26. Record the results of your OH&S monitoring and measuring.
27. Evaluate compliance with legal and nonlegal requirements.
28. Record the results of your OH&S compliance evaluations.
29. Establish procedures to investigate OH&S incidents.
30. Establish nonconformity management procedures.
31. Perform regular internal audits of your OHSMS.
32. Review your OHSMS at planned intervals.
 33. Update and improve your OHSMS.

Of course, you may already have an existing OHSMS. If this is true, you dont need to
follow a detailed OHSMS development plan. You would probably find it easier and
more efficient to use a gap analysis approach, instead.
A gap analysis would compare your existing OHSMS with the OHSAS 18001
requirements. Such a comparison would pinpoint the areas that fall short of the
standard (the gaps). By focusing on filling your unique occupational health and
safety gaps, you will soon comply with the OHSAS 18001 standard.
If you already have an existing OHSMS , a gap analysis is more targeted and
efficient. It is more targeted and efficient because it takes an incremental approach
and ignores areas that already comply with the standard.

OHSAS 18001 2007

PLAIN ENGLISH DEFINITIONS

OHSAS 18001 is an Occupational Health and Safety Standard.

(OHSAS stands for Occupational Health and Safety Assessment Series. )

Acceptable Risk - Audit - Continual Improvement - Corrective Action

Document - Hazard - Hazard Identification - Ill Health - Incident -

Interested Party

Nonconformity - Occupational Health & Safety - Occupational Health &

Safety System

Occupational Health & Safety Objective - Occupational Health & Safety

Performance

Occupational Health & Safety Policy - Organization - Preventive Action

Procedure - Record - Risk - Risk Assessment - Workplace

 The following section on Terminology is based on OHSAS 18001 2007,
section 3, Terms and definitions. We have translated these definitions
into
plain English in order to make them easier to understand. However, in
order
to make these definitions more informative, we have also used
information
from OHSAS 18002. We have taken this approach in order to add
substance
to definitions that are often rather cryptic and difficult to understand.

3.1 Acceptable Risk

A risk is acceptable if it has been reduced to a level that your organization

can tolerate given its occupational health and safety (OH&S) policy and its
legal obligations.

3.2 Audit

An audit is an evidence gathering process. Audit evidence is used

to evaluate how well audit criteria are being met. Audits must be
both objective and independent and the audit process must be
both systematic and documented.

3.3 Continual Improvement

Continual improvement is a recurring process that enhances

an organizations OH&S management system and improves its overall OH&S
performance. Continual improvements must be consistent with the
organizations OH&S policy and can be achieved by carrying out internal
audits, performing management reviews, analyzing data, and
implementing corrective and preventive actions.

3.4 Corrective Action

Corrective actions are steps that are taken to remove the cause or causes of
an existing nonconformity or other undesirable situation. Corrective actions
address actual problems. In general, the corrective action process can
be thought of as a problem solving process.
3.5 Document

When information is placed on a medium it becomes a document. In this

context, the term medium usually refers to paper. But it can also refer to
electronic, magnetic, or optical disks. A set of documents is often referred to
as documentation.

NOTE: Neither OHSAS 18001 nor OHSAS 18002 expects you to write an
OH&S Manual (per OHSAS 18001 and 18002 section 4.4.4).

3.6 Hazard

A hazard is any situation, substance, activity, event, or environment that

could potentially cause injury or ill health. More precisely:

Hazardous situations can cause injury or ill health.

Examples of potentially hazardous situations include slippery or
uneven walking surfaces, cramped working conditions, badly
ventilated areas, high altitudes, noisy locations, poorly lit areas, and
confined spaces.

Hazardous substances can cause injury or ill health. Examples of

potentially hazardous substances include corrosive and toxic
chemicals, flammable and explosive materials, dangerous gases and
liquids, radioactive substances, particulates, poisons, bacteria, and
viruses.

Hazardous activities can cause injury or ill health. Examples

of potentially hazardous activities include dangerous tasks, unnatural
movements and postures, heavy lifting, repetitive work, interpersonal
conflicts, bullying, and intimidation.

Hazardous events can cause injury or ill health. Examples

of potentially hazardous events include explosions, implosions,
collisions, vibrations, fires, leaks, releases, chemical reactions,
electric shocks, falling objects, loud noises, structural
breakdowns, software failures, equipment malfunctions,
and unscheduled shutdowns.

3.7 Hazard Identification

Hazard identification is a process that involves recognizing that an OH&S
hazard exists and then describing its characteristics.
3.8 Ill Health
Ill health is an adverse physical or mental condition. In order to qualify as an
occupational health and safety problem, an adverse physical or mental
condition must be identifiable and be caused or aggravated by a work
activity or a work related situation.

3.9 Incident
An incident is a work related event during which:
1. injury, ill health, or fatality actually occurs, or

2. injury, ill health, or fatality could have occurred.

An accident is a type of incident. It is a work-related event during which

injury, ill health, or fatality actually occurs. It is a type of incident (see 1,
above).
A close call, near miss, near hit, or dangerous occurrence is also a type of
incident. It is a work-related event during which injury, ill health, or fatality
could have occurred, but didnt actually occur (see 2, above).

3.10 Interested Party

An interested party is a person or group that has a stake in the
OH&S performance of an organization. Interested parties may be directly
affected by the organizations OH&S performance or actively concerned
about it. They come from both inside and outside of the workplace.

3.11 Nonconformity
Nonconformity is the non fulfillment of a requirement or a deviation from a
standard. When an organization fails to meet requirements or deviates from
a standard, a nonconformity exists. Accordingly, any deviation from the
OHSAS 18001 standard is a nonconformity.
3.12 Occupational Health & Safety
When OHSAS 18001 uses the term occupational health and safety, it refers
to all of the factors and conditions that:
1. affect health and safety in the workplace, or

2. could affect health and safety in the workplace.

Occupational health and safety (OH&S) factors affect employees (permanent

and temporary), contractors, visitors, and anyone else who is in the
workplace.

3.13 Occupational Health & Safety Management System

An occupational health and safety management system (OHSMS) is used to
establish an OH&S policy and to manage OH&S risks. An organizations
OHSMS is one part of a larger management system.
A management system, including an OHSMS, is a network of interrelated
elements. These elements include responsibilities, authorities,
relationships, functions, activities, processes, practices, procedures, and
resources. A management system uses these elements to establish
policies, plans, programs, and objectives and to develop ways of
implementing these policies, plans, and programs, and achieving these
objectives.

3.14 Occupational Health & Safety Objective

OH&S objectives are OH&S performance goals that organizations set for
themselves and wish to achieve. Your organizations OH&S objectives
should be both measurable and consistent with its OH&S policy.

3.15 Occupational Health & Safety Performance

OH&S performance is all about results. Its all about how well organizations
manage their OH&S risks and the results they actually achieve. In order to
be able to determine how well OH&S risks are being managed, OH&S
performance must be measurable. You can measure your organizations
OH&S performance by measuring the effectiveness of your controls and by
comparing your OH&S results and achievements against your OH&S policy,
objectives, or any other suitable OH&S performance requirements.

3.16 Occupational Health & Safety Policy

An organizations OH&S policy statement expresses a commitment to the
implementation and ongoing maintenance of its OHSMS and the
improvement of its overall OH&S performance. Your OH&S policy should
emphasize the need to prevent injury and ill health, comply with all legal
and nonlegal requirements, and be appropriate to the nature and scale of
the OH&S risks that your organization must deal with. In general, an OH&S
policy should be used to drive the implementation and maintenance of the
OHSMS, to develop OH&S objectives, and to encourage action.

3.17 Organization
An organization is a company, corporation, enterprise, firm, institution, or
authority. Organizations can be either incorporated or unincorporated, and
can be either privately or publicly owned. It can also be a single operating
unit or part of a larger entity. However, an operating unit or part of a larger
entity must have its own functions and administration in order to count as
an organization.

3.18 Preventive Action

Preventive actions are steps that are taken to remove the causes of potential
nonconformities or other undesirable situations that have not yet occurred.
Preventive actions address potential problems. In general, the preventive
action process can be thought of as a risk analysis process.

3.19 Procedure
A procedure is a specified way of carrying out an activity or a process.
Procedures may or may not be documented.
A documented procedure describes and controls a logically distinct process
or activity, including the associated inputs and outputs. Documented
procedures can be very general or very detailed, or anywhere in between.
While a general procedure could take the form of a simple flow diagram, a
detailed procedure could be a one page form or it could be several pages of
text.
A detailed documented procedure defines and controls the work that should
be done, and explains how it should be done, who should do it, and under
what circumstances. In addition, it often explains what authority and what
responsibility has been allocated, which supplies and materials should be
used, and which documents and records must be used to carry out the work.

3.20 Record
A record is a document that shows what kinds of activities are
being performed or what kind of results are being achieved.
It always documents and provides evidence about the past.
3.21 Risk
Risk combines three elements: it starts with a potential event, and then
combines its probability with its potential severity. In the context of
OH&S, the concept of risk asks two future oriented questions:
1. What is the probability that a particular hazardous
event or exposure will actually occur in the future?

2. How severe would the impact on health and safety be

if the hazardous event or exposure actually occurred?

A high risk hazardous event or exposure would have both a high probability
of occurring and a severe impact on OH&S if it actually occurred. A high risk
event or exposure is one that is likely to cause severe injury or ill health.

3.22 Risk Assessment

A risk assessment considers the effectiveness of existing OH&S controls
and then evaluates the probability and the potential severity of specific
hazardous events and exposures. On the basis of such an assessment,
organizations decide whether or not the risk is acceptable.

3.23 Workplace
A workplace is a physical location where an organizations work is
performed. A physical location is an organizations workplace only if it is
under its control. However, control may extend to work that is performed
while traveling, working at home, or at a customers workplace. Regardless
of where work is performed, organizations must manage their OH&S risks.

Our gap analysis tool will allow you to compare your current OH&S
practices with the new OHSAS 18001 2007 OH&S management
standard. This comparison will pinpoint the areas that fall short of
the new standard (the gaps). Once you know where to focus your
attention, you can begin to make the changes that are needed to
comply with the new OHSAS 18001 2007 standard.

Our gap analysis process consists of six questionnaires, one for

each of the six Parts (4.1 to 4.6) that make up the core of the OHSAS
18001 standard. In total, there are 561 questions, one for each of the
requirements that make up the OHSAS 18001 2007 standard.

Part 4.1 starts with some very general questions. The rest of the Gap
Analysis (Parts 4.2 to 4.6) discusses these general questions in greater
detail. Because of this we suggest that you use the general questions
in Part 4.1 to give you an overview of what the rest of the OHSAS 18001
standard expects you to do. Your detailed Gap Analysis will be carried
out as you answer the specific questions in Parts 4.2 to 4.6.

For each question, two answers are possible: YES or NO. Answer
each question by selecting one of these two answers. A YES answer
means youre in compliance with the standard while a NO answer
means youre not in compliance. NO answers reveal gaps that exist
between the OHSAS 18001 2007 standard and your organizations OH&S
practices. To the right of your answers, you will find a space that you
can use to record any comments or observations you might have.

Once youve completed all six questionnaires, study your NO

answers and your comments and use them to develop your own
unique OHSAS 18001 Compliance Plan. Use the associated questions
to formulate actions or steps that need to be taken in order to bring
your OH&S practices into compliance.

Our OHSAS 18001 Gap Analysis Tool is easy to understand and

ready to use. It is focused, detailed, and complete. We guarantee it!

Overview of our OHSAS 18001 2007 Gap Analysis Tool

The following material will introduce our OHSAS 18001 Gap Analysis
Tool.
However, it will not present the complete product. Instead, it will
show
you how our Gap Analysis Tool is organized and how it is used. In
addition,
we will show you an example of our approach. Once you've examined
our approach, we hope you'll consider purchasing our complete
OHSAS 18001 2007 OH&S Gap Analysis Tool (Title 66).

OHSAS 18001 2007 OH&S Gap Analysis Tool

PART TABLE OF CONTENTS PAGE

1 Profile of Gap Analysis Project 3

2 Explanation of Gap Analysis Process 4

3 OH&S Terms and Definitions 6

 4 GAP ANALYSIS QUESTIONNAIRES 13

4.1 General Gap Analysis Questionnaire 13

4.2 Policy Gap Analysis Questionnaire 14

4.3 Planning Gap Analysis Questionnaire 16

4.4 Implementation Gap Analysis Questionnaire 27

4.5 Checking Gap Analysis Questionnaire 43

4.6 Review Gap Analysis Questionnaire <SAMPLE

5 LICENSE AGREEMENT AND CONTACT INFORMATION 58

FEB 2008 COPYRIGHT PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED. VER 1.0

The following example will show you what our Gap

Analysis Tool looks like. This example is taken from
4.6 Review Gap Analysis Questionnaire .

OHSAS 18001 2007 OH&S GAP ANALYSIS TOOL

4 . 6 R E V I E W G A P A N A LY S I S Q U E S T I O N N A I R E

1
Do you review your organization's OHSMS YES NO
at planned intervals by examining inputs?

2 Do you review your internal audit results? YES NO

3
Do you review your compliance with legal YES NO
and nonlegal (other) OH&S requirements?

4
Do you review changes in legal and nonlegal YES NO
(other) OH&S requirements and circumstances?

5
Do you review the results of your organizations YES NO
OH&S participation and consultation process?

6 Do you review feedback from workers? YES NO

7 Do you review feedback from contractors? YES NO

8
Do you review OH&S communications YES NO
received from external interested parties?
9
Do you review complaints received YES NO
from external interested parties?

10
Do you review the overall OH&S YES NO
performance of your organization?

11
Do you review how well your OH&S YES NO
objectives are being achieved?

12
Do you review the status of YES NO
OH&S incident investigations?

13
Do you review the status YES NO
of corrective OH&S actions?

14
Do you review the status YES NO
of preventive OH&S actions?

15
Do you review previous YES NO
OH&S management reviews?

16 Do you review previous follow up actions? YES NO

17 Do you review changes in OH&S risks? YES NO

18
Do you review recommendations YES NO
for OH&S improvement?

19
Do you consider whether or not YES NO
your OHSMS should be changed?

20
Do you consider whether or not your YES NO
OH&S policy should be changed?

21
Do you consider whether or not your YES NO
OH&S objectives should be changed?

22 Do you assess the results of management reviews? YES NO

23 Do you assess the performance of your OHSMS? YES NO

24
Do you assess the suitability YES NO
of your organizations OHSMS?

25
Do you assess opportunities to improve the YES NO
suitability of your organizations OHSMS?

26
Do you assess the adequacy YES NO
of your organizations OHSMS?

27
Do you assess opportunities to improve the YES NO
adequacy of your organizations OHSMS?

28
Do you assess the effectiveness YES NO
of your organizations OHSMS?

29
Do you assess opportunities to improve the YES NO
effectiveness of your organizations OHSMS?

30
Do you assess the need to change YES NO
your organizations OHSMS?
31 Do you assess the need to YES NO
 change your OH&S policy?

32
Do you assess the need to YES NO
change your OH&S objectives?

33 Do you generate management review outputs? YES NO

Do you make decisions and take actions

34 which support your general commitment YES NO
to continual improvement?

Do you make decisions and take

35 actions to change or improve the YES NO
elements of your OHSMS?

36
Do you make decisions and take actions YES NO
to improve the suitability of OHSMS?

37
Do you make decisions and take actions YES NO
to improve the adequacy of OHSMS?

38
Do you make decisions and take actions YES NO
to improve the effectiveness of OHSMS?

39
Do you make decisions and take YES NO
actions to change your OH&S policy?

40
Do you make decisions and take actions YES NO
to change your OH&S objectives?

41
Do you make decisions and take actions YES NO
to change your OH&S performance?

42
Do you make decisions and take actions YES NO
to change your OH&S resources?

43 Do you record your management reviews? YES NO

44
Do you retain your organizations YES NO
management review records?

45
Do you communicate your YES NO
management review outputs?

Do you use your communication

46 and consultation process to discuss YES NO
outputs with workers?

Do you use your communication

47 and consultation process to discuss YES NO
outputs with contractors?

SAMPLE AUDIT QUESTIONS

A. COMPLIANCE AUDIT PROGRAM

 3. COMPLIANCE AUDIT QUESTIONS

SECTION 4.5 - CHECKING AUDIT QUESTIONNAIRE

4.5.1 MONITOR AND MEASURE YOUR OH&S PERFORMANCE

1
Did you establish procedures to monitor and YES NO
measure your organizations OH&S performance?

2
Did you establish monitoring and measurement YES NO
methods that meet your organizations needs?

3
Did you establish quantitative methods to YES NO
monitor and measure OH&S performance?

4
Did you establish qualitative methods to YES NO
monitor and measure OH&S performance?

5
Do you use your organizations OH&S YES NO
monitoring and measurement procedures?

6
Do you monitor and measure how well your YES NO
organization is achieving its OH&S objectives?

7
Do you monitor and measure the YES NO
effectiveness of OH&S programs?

8
Do you monitor and measure the YES NO
effectiveness of OH&S controls?

9 Do you monitor and measure health controls? YES NO

1
0 Do you monitor and measure safety controls? YES NO

11
Do you monitor and measure the overall YES NO
effectiveness of OH&S operating criteria?

1 Do you monitor and measure historical YES NO

2 OH&S performance deficiencies?
1
3 Do you monitor and measure ill health? YES NO

1
4 Do you monitor and measure incidents? YES NO

1
5 Do you monitor and measure accidents? YES NO

1
6 Do you monitor and measure near-misses? YES NO

1 Do you maintain your organizations OH&S YES NO

7 monitoring and measurement procedures?

1 Do you record the results of your OH&S YES NO

8 monitoring and measuring activities?
 Can your organizations OH&S monitoring and
1
9 measuring records provide the evidence that is YES NO
needed to take corrective action?

Can your organizations OH&S monitoring and

2
0 measuring records provide the evidence that is YES NO
needed to take preventive action?

2 Did you establish procedures to control your YES NO

1 OH&S monitoring and measuring equipment?

2 Do you control how your OH&S monitoring YES NO

2 and measuring equipment is calibrated?

2 Do you keep records of your equipment YES NO

3 calibration results and activities?

2 Do you control how your OH&S monitoring YES NO

4 and measuring equipment is maintained?

2 Do you keep records of your equipment YES NO

5 maintenance results and activities?

2 Do you maintain procedures to control your YES NO

6 OH&S monitoring and measuring equipment?

4.5.2 EVALUATE LEGAL AND NONLEGAL COMPLIANCE

4.5.2.1 EVALUATE COMPLIANCE WITH LEGAL REQUIREMENTS

Did you establish a procedure to periodically

2
7 evaluate how well your organization complies YES NO
with all applicable legal OH&S requirements?

2 Did you implement your organizations YES NO

8 legal compliance evaluation procedure?

2 Do you maintain your organizations YES NO

9 legal compliance evaluation procedure?

3 Do you record the results of your periodic YES NO

0 legal OH&S compliance evaluations?
3
1 Do you keep legal compliance evaluation records? YES NO

4.5.2.2 EVALUATE COMPLIANCE WITH NONLEGAL (OTHER) REQUIREMENTS

Did you establish a procedure to periodically

3
2 evaluate how well your organization complies YES NO
with nonlegal (other) OH&S requirements?

3 Did you implement your organizations YES NO

3 nonlegal compliance evaluation procedure?

3 Do you maintain your organizations YES NO

4 nonlegal compliance evaluation procedure?

3 Do you record the results of nonlegal YES NO

5 (other) compliance evaluations?
3 Do you maintain nonlegal YES NO
6 compliance evaluation records?

4.5.3 INVESTIGATE INCIDENTS AND TAKE REMEDIAL ACTION

4.5.3.1 INVESTIGATE YOUR ORGANIZATION'S OH&S INCIDENTS

3
7 Did you create procedures to investigate incidents? YES NO

3
8 Do you use incident investigation procedures? YES NO

3
9 Do you record your OH&S incidents? YES NO

4
0 Do you investigate incidents in a timely manner? YES NO

4
1 Do you analyze the factors that cause incidents? YES NO

Do you identify the OH&S deficiencies and

4
2 other factors that could be causing incidents YES NO
or contributing to their occurrence?
4
3 Do you identify remedial action opportunities? YES NO

4
4 Do you identify corrective action opportunities? YES NO

4 Do you ensure that corrective actions YES NO

5 comply with Part 4.5.3.2, below?
4
6 Do you identify preventive action opportunities? YES NO

4 Do you ensure that preventive actions YES NO

7 comply with Part 4.5.3.2, below?

4 Do you identify continual YES NO

8 improvement opportunities?

4 Do you document the results of YES NO

9 OH&S incident investigations?
5
0 Do you keep incident investigation documents? YES NO

5 Do you communicate the results YES NO

1 of OH&S incident investigations?
5
2 Do you maintain incident investigation procedures? YES NO

Etcetera ...

OVERVIEW OF OHSAS 18001 2007 REQUIREMENTS

4.1 General Requirements

Establish an occupational health and safety management

system (OHSMS) that complies with OHSAS 18001 2007.

4.2 Policy Requirements

Establish an occupational health and safety (OH&S) policy.

4.3 Planning Requirements

4.3.1 Analyze OH&S hazards and select OH&S controls.

4.3.2 Respect legal and nonlegal OH&S requirements.

4.3.3 Establish OH&S objectives and programs.

4.4 Implementation Requirements

4.4.1 Establish responsibility and accountability for OH&S.

4.4.2 Ensure competence and provide OH&S training.

4.4.3 Establish OH&S communication and participation.

4.4.4 Document your organization's unique OHSMS.

4.4.5 Control your organization's OH&S documents.

4.4.6 Implement operational OH&S control measures.

4.4.7 Establish an OH&S emergency management process.

4.5 Checking Requirements

4.5.1 Monitor and measure your OH&S performance.

4.5.2 Evaluate your legal and nonlegal compliance.

4.5.3 Investigate incidents and take remedial action.

4.5.4 Establish and control your OH&S records.

4.5.5 Conduct internal audits of your OHSMS.

4.6 Review Requirements

Review your OHSMS by examining inputs.

Assess the results of your management reviews.

Generate OHSMS management review outputs.

Communicate management review outputs.