Overview of OHSAS 18001 and 18002

These notes are provided as a brief overview of OHSAS 18001 and OHSAS 18002. They are intended for people who are not familiar with these documents and need a basic knowledge of their contents. These notes should not be used as a substitute for the full text of OHSAS 18001 and OHSAS 18002, both of which are available from the British Standards Institute (BSI) www.bsi-global.com. ISCA also provides Briefing Days for organisations wishing to know more about OHSAS 18001, OHSAS 18002 and other management systems. The BSI also publishes a British Standard on OH&S management systems (BS 8800) and OHSAS 18001 refers to, and uses material from, this standard. It is, therefore, easier to understand OHSAS 18001 if the following points about BS 8800 are borne in mind. BS 8800 is, in practice, two standards. One standard is based on ISO 14001 and the other standard is based on the first edition of the HSEs "Successful Health and Safety Management" (HS(G)65). Since BS 8800 was published the HSE has produced a second edition of "Successful Health and Safety Management" (HSG65) which supersedes the edition used in BS 8800. Organisations adopting BS 8800 choose which of the versions of the standard they wish to use. In addition to the standard itself, which is described in four main clauses, BS 8800 has a number of "informative" annexes, intended for guidance. Two of these annexes, Risk Assessment and Measuring Performance are referenced in OHSAS 18002.

OHSAS 18001
The BSI published OHSAS (Occupational Health and Safety Assessment Series) 18001 to come into effect in April 1999. Its full title is "Occupational health and safety management systems - specification". There is a second document in the series (OHSAS 18002) which provides guidelines on the implementation of OHSAS 18001, and this is described later. OHSAS 18001 is based on the ISO 14001 diagram but uses parts of the HS(G)65 diagram as a "heading" for each of the main sub-clauses. This can be confusing because, for example, there is no separate audit element in the ISO 14001 diagram but audit appears as a separate element in the diagrams used as "headings". Readers of OHSAS will find it easier to understand if they ignore these diagrams.

The contents of OHSAS 18001 are listed below, followed by brief notes on each of the main subheadings. 1 Scope 2 Reference publications 3 Terms and definitions 4 OH&S management system elements 4.1 General requirements 4.2 OH&S policy 4.3 Planning 4.4 Implementation and operation 4.5 Checking and corrective action 4.6 Management review Annex A (informative) Correspondence between OHSAS 18001, ISO 14001:1996 and ISO 9001:1994 Bibliography

1. Scope

The Scope section of OHSAS 18001 is a straightforward description of where OHSAS 18001 is intended to apply, and where it is not intended to apply. There is also a list of organisations to whom OHSAS is applicable. The list is as follows. "This OHSAS specification is applicable to any organization that wishes to: establish an OH&S management system to eliminate or minimize risk to employees and other interested parties who may be exposed to OH&S risks associated with its activities; implement, maintain and continually improve an OH&S management system; assure itself of its conformance with its stated OH&S policy; demonstrate such conformance to others; seek certification/registration of its OH&S management system by an external organization; or make a self-determination and declaration of conformance with this OHSAS specification."

2. Reference publications
Only two publications are given in this section, OHSAS 18002 and BS 8800.

3. Terms and definitions

This section defines a number of OH&S terms, for example, hazard, risk, accident and incident. However, it also includes a number of terms which are more associated with quality management, for example, interested parties and continual improvement.

4. OH&S management system elements

This clause begins with the diagram reproduced earlier, followed by six subclauses setting out the detailed requirements. 4.1 General requirements Organisations have to establish and maintain an OH&S management system which meets the requirements set out in the rest of clause 4. 4.2 OH&S policy The organisations top management have to authorise an OH&S policy stating the organisations OH&S objectives and its commitment to continual improvement. There are other requirements covering, for example, communication and review of the policy.

4.3 Planning 4.3.1 Planning for hazard identification, risk assessment and risk control. Organisations have to have procedures for risk assessment an risk control and use the outputs from these procedures in setting OH&S objectives. There is also a list of criteria which must be met by the hazard identification, risk assessment and risk control procedures. 4.3.2 Legal and other requirements. Organisations must keep up to date records of the legal and other OH&S requirements which apply to them, and ensure access to details of these requirements. The requirements must also be communicated to employees and other relevant interested parties. 4.3.3 Objectives. Organisations have to establish and maintain documented OH&S objectives and these OH&S objectives have to meet certain criteria. 4.3.4 OH&S management programme(s). These programmes are the ones required to achieve the OH&S objectives. The programme(s) must be documented, with details of responsibilities and timescales, and reviewed and revised as necessary. 4.4 Implementation and operation 4.4.1 Structure and responsibility. Organisations are required to document OH&S responsibilities and how these responsibilities are structured. A member of top management (the management appointee) must be responsible for the totality of the OH&S management system. There are also requirements to provide adequate resources for the OH&S management system and for all those with management responsibility to demonstrate their commitment to continual improvement of OH&S performance. 4.4.2 Training, awareness and competence. This subclause requires that personnel are competent to perform tasks that may impact on OH&S and, when training is used to provide competence, it takes into account the ability and literacy of the trainees and the risk to which they will be exposed. The subclause also lists a number of OH&S issues of which employees should be aware. 4.4.3 Consultation and communication. Organisations must have procedures for communication on OH&S issues and documented arrangements for employee involvement and consultation. There is also a list of criteria to be met by the involvement and consultation arrangements. 4.4.4 Documentation. There must be a written description of the management system with, as necessary, references to more detailed documentation.

4.4.5 Document and data control. There must be control of all documents and data required by the OH&S management system and this control must ensure a number of things, including adequate locating, reviewing and archiving of documents and data. 4.4.6 Operational control. This subclause begins with a requirement to identify all activities where control measures need to be applied. These activities must then be planned to ensure that they are carried out under specified conditions. There is also a list of criteria which must be met by these plans, and their implementation. 4.4.7 Emergency preparedness and response. Organisations must identify the potential for, and responses to, incidents and emergency situations. The plans must be reviewed and tested where practicable. 4.5 Checking and corrective action 4.5.1 Performance measuring and monitoring. This subclause begins with a list of the requirements for monitoring and measuring OH&S performance and then deals with what organisations have to do if they use monitoring equipment. 4.5.2 Accidents, incidents, non-conformances and corrective and preventive action. Organisations must have procedures for investigating accidents, incidents and nonconformances and for ensuring that appropriate corrective and preventive action is taken. Proposed corrective and preventive actions must be the subject of a risk assessment prior to their implementation. Changes arising from any of these activities must be documented. 4.5.3 Records and record management. The main purpose of records is to be able to demonstrate conformance with the OHSAS 18001 specification, and this section lists the criteria which must be met by the record management procedures. 4.5.4 Audit. Organisations must have periodic OH&S management system audits which check whether the OH&S management system conforms to planned arrangements, is properly implemented and maintained, and is effective. To meet the requirements, the audit programme and procedures have to conform to a number of criteria. 4.6 Management review Top management are required to review the suitability, adequacy and effectiveness of the OH&S management system at intervals determined by the top management. The reviews must be documented.

Annex A (informative)
This annex consists of a table showing the correspondence between OHSAS 18001, ISO 14001 and ISO 9001:1994. However, since ISO 9000:2000 has been published the table in

OHSAS 18001 is out of date. ISCA has, therefore, prepared the table below which shows the correspondence between OHSAS 18001, ISO 14001 and ISO 9001:2000. Clause OHSAS 18001 Clause ISO 14001 Clause ISO 9001:2000 0 0.1 0.2 0.3 0.4 Introduction General Process approach Relationship with ISO 9004 Compatibility with other management systems Scope General Application Normative reference Terms and definitions Quality management system

Scope

Scope

1 1.1 1.2

2 3 4

Reference publications Terms and definitions OH&S management system elements

2 3 4

Normative references Definitions Environmental management system requirements General requirements

2 3 4

4.1

General requirements 4.1

4.1 5.5

General requirements Responsibility, authority and communication Responsibility and authority Management commitment Quality policy Improvement

5.5.1 4.2 OH&S policy 4.2 Environmental policy 4.5.1 5.3 8.5

4.3 4.3.1

Planning Planning for hazard identification, risk assessment and risk control

4.3 4.3.1

Planning Environmental aspects

5.4 5.2 7.2.1

Planning Customer focus Determination of requirements related to the product Review of requirements related to the product Customer focus Determination of requirements related to the product Quality objectives Quality management system planning Continual improvement Product realization Planning of product realization Management responsibility Management commitment Responsibility and authority Management representative Resource management Provision of resources Human resources

7.2.2

4.3.2

Legal and other requirements

4.3.2

Legal and other requirements

5.2 7.2.1

4.3.3 4.3.4

Objectives OH&S management programme(s)

4.3.3 4.3.4

Objectives and targets Environmental management programme(s)

5.4.1 5.4.2 8.5.1 7 7.1 5 5.1 5.5.1 5.5.2 6 6.1 6.2

4.4

Implementation and operation

4.4

Implementation and operation

4.4.1

Structure and responsibility

4.4.1

Structure and responsibility

6.2.1 6.3 6.4 4.4.2 Training, awareness and competence Consultation and communication 4.4.2 Training, awareness and competence Communication 6.2.2

General Infrastructure Work environment Competence, awareness and training Internal communication Customer communication Documentation requirements Quality manual Control of documents Product realization Control of nonconforming product Measurement, analysis and improvement Control of monitoring and measuring devices General Monitoring and measurement Customer satisfaction Monitoring and measurement of processes Monitoring and measurement of

4.4.3

4.4.3

5.5.3 7.2.3

4.4.4

Documentation

4.4.4

Environmental management system documentation Document control

4.2 4.2.2 4.2.3

4.4.5 4.4.6 4.4.7

Document and data control Operational control Emergency preparedness and response Checking and corrective action Performance measurement and monitoring

4.4.5 4.4.6 4.4.7

Operational control 7 Emergency preparedness and response Checking and corrective action Measurement and monitoring 8.3

4.5

4.5

4.5.1

4.5.1

7.6

8.1 8.2 8.2.1 8.2.3

8.2.4

product 8.4 4.5.2 Accidents, incidents, 4.5.2 non-conformances and corrective and preventive action Non-conformance and corrective and preventive action 8.3 Analysis of data Control of nonconforming product Corrective action Preventive action Control of quality records Internal audit

8.5.2 8.5.3

4.5.3 4.5.4

Records and record management Audit

4.5.3 4.5.4

Records Environmental management system audit Management review

4.2.4 8.2.2

4.6

Management review 4.6

5.6

Management review

Annex Correspondence to A ISO 14001, ISO 9001

Annex Correspondence A between ISO 9000:2000 and ISO 14001:1996 Annex Correspondence to Annex Correspondence B ISO 14001 B between ISO 9000:2000 and ISO 9001:1994

Bibliography

Annex Bibliography C

Bibliography

(See OHSAS 18002) Annex Guidance on the A use of the specification

OHSAS 18002
OHSAS 18002 is a much more detailed document than OHSAS 18001 (54 pages compared with 15). However, it follows exactly the same structure as OHSAS 18001 and uses the same numbering for clauses and sub-clauses. Within each sub-clause, the same format is used as follows.

OHSAS 18001 requirements. This is a reprint of the relevant material from OHSAS 18001. Intent. This is a general statement of what the OHSAS 18001 requirement is intended to achieve. Typical inputs. This is a list of the inputs required for the process, or processes, needed to satisfy those OHSAS 18001 requirements which are the subject of the sub-clause under consideration. Process. This is a description of what organisations have to do in order to meet the OHSAS requirements. In many sub-clauses there are a number of processes reflecting the complexity of particular OHSAS requirements. Typical outputs. This is a list of the expected outputs from the process or processes under consideration. OHSAS 18002 states that it imposes no requirements which are additional to those imposed by OHSAS 18001.