LRQA Podcast: ISO 45001 then and now

In this conversation we are talking about five key health & safety challenges and how perspectives on these have evolved in the period since ISO 45001 was published in 2018. What are the areas you have chosen to discuss?

Well it was quite a challenge to identify just five topics for discussion today as there are many areas that of OHS management which can prove challenging for organisations of course, and where ISO 45001 and the guidance standards in the ISO 45000 series are trying to provide help. I mean leadership for example is a topic that very often arises in discussion as does worker participation and consultation. And I think there’s a good conversation to be had around the contribution of non-executive directors in setting expectations and challenging OHS performance as part of the top management that steers an organisation. But in the end, I chose other topics for today, including somewhere I think we have seen real progress in recent years and somewhere that’s perhaps more to do and where standards could contribute to the debate.

So the first subject is the shift from safety to health and safety. Can you tell us what you mean by that please?

Well I remember very well at the start of the development of ISO 45001 there was a lot of discussion about the need to include an increased emphasis on health. It was observed that for many organisations their OHS management system was largely a safety management system, and that there was very limited attention given to health. So there was a real wish that in moving from OHSAS 18001 to ISO 45001, we’d move to a standard which encouraged organisations to place equal weight on health and safety.

Now in reality, both standards actually are pretty consistent in mentioning health and safety equally, so when I look at the printed text, I’m not sure that ISO 45001 actually succeeded in giving greater emphasis to health.

However, perhaps it was its just the fact that this aspiration was so widely discussed and disseminated, or perhaps because the imbalance was being increasingly widely recognised in organisations anyway. But whatever the reason, there does seem to have been a trend for stronger coverage of health issues in OHS management systems over recent years.

Of course, the fact that we have those two different words health and safety is a useful reminder that the two things are different and have quite different characteristics. Safety incidents are often immediate and highly visible, whereas health effects can be slow to develop during or sometimes long after a period of exposure.

But of course the effects can be equally devastating for individuals and their families and in fact the costs to the organisation can be similar. So it’s easy to understand why we perhaps naturally focus on safety but when you look at it more rationally health is just as important. So I think it’s good to see more recognition of organisations more thoroughly addressing the health side of OHS including some excellent proactive work that we see these days to promote healthier lifestyles.

Its important of course that such proactive efforts are built on a solid foundation though and that solid foundation is about first identifying hazards to health, assessing the associated risks, and then applying appropriate controls.

The second topic is psychological health safety and wellbeing. Is that part of the same trend?

Yes, I think it is and I think that the focus on psychological health is perhaps a more recent development, perhaps as an extension of that longer term trend to focus more on health but definitely I would suggest accelerated by the Covid-19 pandemic.

And this is an excellent development because psychological health has been a long neglected area and of course also necessary because psycho-social risks have become more significant for many workers for perhaps a couple of reasons. One because we’ve just got better at managing the risks associated with physical hazards and they are now well controlled in many workplaces. But also, we have a growing service sector in many of the developed economies and in the service sector psycho-social risks are often the most significant risks.

So its great to see psychological health and safety and wellbeing getting the attention it deserves and hopefully ISO 45003 has contributed both to raising awareness and helping people know how to address the issues.

And here I think the challenge is really about striking the right balance between what might be seen as easy and visible adjustments and the often harder work of eliminating hazards at source. Now that’s just effected with the same issue we face with physical safety where the so called hierarchy of control encourages us first to eliminate hazards, second to substitute or change something to reduce the risk, and thirdly to apply engineering controls and administrative controls and only finally to use personal protective equipment or PPE. Recognising that as we work down that hierarchy, that measures we’re using are less effective and more likely to fail.

Well its exactly the same with psychological harm, we should always start by exploring the potential to eliminate the hazard or reduce the risk. In other words it should be about adapting work to the worker by changing the work arrangements, not trying to adapt the worker to tolerate the work unchanged. For example, its not enough say to acknowledge that there are potential sources of stress and simply say well we need to train people to be resilient and to cope with stress. Of course there is a place for such training but it should be used alongside and not instead of reducing the risk at source.

And the same goes for wellbeing interventions and the support that can be provided by mental health first aiders, these can be very useful but they are not a substitute for actions to eliminate hazards, reduce risk and prevent the occurrence of harm.

So this has been an area of rapid progress but I think we need to see some of those efforts maturing a bit more. Its great to have organisations starting to think about psychological health and safety and wellbeing, but we need the primary focus to be on hazard elimination and risk reduction rather than on making workers resilient or on supporting and rehabilitating people who have already suffered harm due to their situation at work.

You called the third challenge, boundaries of the workplace. Can you explain what you mean by that?

I remember that there was a lot of debate when ISO 45001 was being written about how to define a workplace and there were questions and debates about whether for people travelling on business the airport, hotel or aircraft were to be treated as part of their workplace. And there were also discussions about people working in public spaces such as utility workers on the public highway or the emergency services. There wasn’t as far as I can recall much discussion at the time about working from home.

Now a lot has changed since then particularly the prevalence of working from home and also with the generally more flexible approach to workplace that many organisations have adopted. It feels to me that ISO 45001 got it more or less correct with its definition of workplace as a place where a worker needs to go or to be for work purposes while recognising that the degree of control that the organisation has over that workplace may vary.

I think there’s a general acceptance that this all embracing definition of workplace is correct, the key challenge for organisations is to take measures that are appropriate to that degree of control that they have over the workplace and particularly if its not their own premises.

So we saw some organisation that implemented working from home during the early months of the Covid-19 pandemic during the time requiring workers to carry out risk assessments of their own home working set-up. And then going on to provide equipment such as height adjustable chairs, extra monitors where these were needed and all of that very much relied on consultation with workers and collaboration really to get to the point where workers and employers were content that any significant risks had been addressed.

But I don’t think we can perhaps assume that that was the norm, I suspect there are still some organisations which haven’t properly addressed their workers home working arrangements.

We also probably should remember that it’s not just physical issues that arise here with the increased flexibility of work. There can be psycho-social effects too and they also need to be considered. That might be people becoming isolated or people for whom working from home begins to feel like living at work.

But certainly looking forward as working arrangements in many organisations become more flexible and with the increased amount of work being undertaken in environments or premises that are not under the control of the organisation, it does become increasingly important that organisations make sure that their OHS management system reflects this change.

You have made supply chain responsibility as your next area of challenge. Please can you tell us more about that?
This is a very challenging area from a standards writer’s perspective because standards aim to be applicable to organisations of any size and that makes it difficult then to reflect the huge differences between the situation of large organisations at the top of the global supply chains, and smaller organisations much further down those supply chains.

I’m sure many listeners will recall the collapse of the Rana Plaza building in Dhaka in Bangladesh in 2013 which has five garment factories, and in that collapse over 1,100 people lost their lives and about 2,500 people were injured. And it really was an event which resonated around the world and it raised a lot of questions around the OHS responsibilities of the large multinational clothing brands who contracted the manufacturing of their garments to the factories in the Rana Plaza building. And there was a lot of concern that these companies were at worst perhaps ignoring the health and safety of those making their garments, concerned only with getting the garments made cheaply. Or if it wasn’t that, then was it at least true to say that the companies were failing to use their influence to improve OHS standards in their supply chains.

I think many people would think it reasonable to expect the large corporations and brands at the top of the global supply chains to take some interest in and in fact exert some positive influence over the health and safety standards being applied within their supply chains. But we equally need to recognise that smaller organisations much further down those supply chains, and especially those small and micro organisations with just a handful of employees. They potentially have very little if any such influence over those from whom they buy products and services given that those suppliers might in fact be larger and more powerful organisations anyway.

So from the point of view of standardisation this is a challenge, we can’t set a requirement in a standard which is impossible for a subset of users to fulfil. But equally, it just feels unsatisfactory to conclude that the standard can’t include any requirement for those global corporations and brands to consider and seek to influence the OHS performance of their suppliers. So I think this will be an interesting debate when eventually we come around to revising ISO 45001 because we will really want to encourage our organisations who realistically can do something to do it, to exert positive influence on OHS in their supply chains. Because that could have a huge benefit in driving up OHS standards around the globe and especially in smaller organisations, but on the other hand we can’t set a requirement which not all companies would have a chance of being able to fulfil.

The final topic on your list is about creating an accurate picture of performance. Tell us why you regard this as a challenging area?

I’ve been thinking quite a lot about this area recently as the ISO Technical Committee for OHS has a working group, which is in the early stages of developing a guidance standard on OSH performance management, and that’s ISO 45004 which is due for publication in 2024. And I’ve actually been participating in some of the working group discussions, contributing some of my own experience in performance evaluation and that’s really brought home to me what a challenging area this has been and continues to be for many organisations.

I think also, an area which is likely to get more scrutiny in the future including in relation to what organisations report externally about their OHS performance and that’s given the sort of increased profile of ESG considerations in business, environment, social and governance and the expansion of interest in resilience and then sustainability of which OHS is a significant component.

So in management system terms when we think of the plan-do-check-act (PDCA) cycle it’s easy to associate performance evaluation with the check step, but it’s also worth thinking about two other steps in the PDCA to understand just how important appropriate use of metrics really is. Firstly, you know its easy to just say it but let’s recognise that the act step of the PDCA cycle is entirely dependent on the information, the performance picture that we assemble through measurement. So if we measure the wrong things or if we lack measurements in key areas, we’re creating blind spots which make us vulnerable to taking for decisions.

And secondly, I think it’s worth just reminding ourselves that we need to start considering performance measurement not at the check stage in the PDCA cycle, but actually at the plan stage. And so whenever we’re thinking about a significant change or a new initiative, we need to think at that time about what we will we need to measure, how will we measure it as part of the development of our plan.

I suppose the key challenge for any organisation is to get the right blend of leading and lagging indicators making sure that you have a manageable number of top tier performance indicators that provide oversight of key aspects of performance and then have some lower tier metrics through which you can drill down into detail and monitor specifics. Because we need to combine an ability to see the overall performance picture clearly and not be overwhelmed with data whilst still being able to monitor the many individual components of the system.

I think we’d all recognise the importance of using leading indicators and not relying purely on the rear view mirror that is provided through lagging indicators. But I think we shouldn’t take our lagging indicators for granted either because they also need to be chosen thoughtfully and treated with some care. For example, its important that our performance evaluation covers not just those regularly experienced hopefully relatively minor events that happen day-to-day, but that it also is covering any potential low frequency high sequence events and looking at the controls that we have in place against those more severe incidents.

And that’s really important because there’s increasing research evidence that measuring and trending things like slips, trips and falls doesn’t tell us anything about the effectiveness of our controls against major incidents and that’s because we very often rely on quite different controls against major and minor incidents. We often use behavioural controls to help reduce things like slips, trips and falls but we’ll be using engineering controls to prevent more severe accidents and this means we can’t use the trends and things like slips, trips and falls to tell us how effectively our engineering controls are being applied to protect us from a major incident and we need separate measurements for this

I suppose this is well illustrated by the Macondo disaster in the gulf of Mexico, and many listeners will probably recall that the deep water Horizon drilling rig had been commended for its performance in terms of those routine relatively minor incidents. In the immediate run-up to that blow out and explosion in 2010 which destroyed the rig causing the loss of eleven lives and substantial environmental damage. And its certainly been suggested that the good performance in relation to minor incidents had been providing false reassurance that the risks of a major incident were being properly controlled when in fact it turned out they were not.

And there’s a lot more I could say about the challenges of performance measurement, but perhaps we’ll keep that for another day.