Designing a Safety Strategy
At ComplianceQuest, we recently published a blog titled ‘7 Reasons to Implement a Modern Incident Management Software in Your Enterprise’. In this post, we had quoted an article published in McKinsey Quarterly that highlighted the need for cultural transformation to minimize and ideally eliminate unsafe behavior at the workplace.
One of the first points made in the McKinsey article was to create a way for anyone in the company to report incidents, observations, and near-misses without fear of blame. The process of capturing each and every “unsafe action or activity” and planning out a way to prevent that from happening in the future, holds the key to building a robust safety management program. Additionally, we have spoken to safety leaders who have repeatedly mentioned the importance of have a well-balanced safety strategy that is reactive, preventive and proactive, all at once.
It is also important to note here that governments and regulators have played a critical role in helping enterprises embrace a safety-first approach to business operations.
Regulators have been proactive in constantly fine-tuning and improving compliance requirements. They have used historical data and analytics to spot common safety issues, and established compliance requirements to prevent similar incidents in the future.
Needless to add, complying with regulations is becoming more complicated and time-consuming, making quality and compliance important points of discussion that are impacting bottom lines.
Of course, the companies that have displayed top-notch safety performance are the ones who go beyond regulatory requirements – striving for continuous improvement in their safety initiatives and looking at safety management as a way of driving competitive advantage.
Are you struggling to prepare for your safety management review meeting? Wondering what the status is of the risk mitigation action item from last week? Dealing with broken processes and workflows to meet ISO 45001 requirements?
It’s time to make the shift and implement ComplianceQuest EHS, a modern, cloud-based EHS solution which is highly flexible, customizable and scalable. To learn more about how we can help you automate and digitalize your ISO 45001 workflow, request a demo here:
https://www.compliancequest.com/online-demo/
ISO 45001: A Structured Framework
ISO 45001 Health and Safety Management Standard is an international workplace standard developed by non-governmental national and international standards committees and introduced in March 2018. Though it is not mandatory, it is a structured framework that will improve the safety and health aspects of the workplace, with an integrated risk management system.
ISO 45001 is similar to other ISO management systems such as ISO 14001 or ISO 9001. It draws from the best practices of international standards, including OHSAS 18001, and the International Labour Organization’s ILO-OSH guidelines, among others.
ISO 45001 can be implemented in organizations of any size, across industry segments, and is globally recognized and provides guidelines for:
- Creating the health and safety policy and objectives for your enterprise
- Identifying and eliminating hazards with a preventive and proactive mindset
- Identifying and reducing risks proactively, which also means you setup processes for employees to report risky behavior
- Continuously improving health and safety performance by using data and metrics
- Demonstrating conformance to regulatory requirements
- Collaborating with various stakeholders to meet safety requirements without passing on the blame of safety issues to others
Like other ISO standards, ISO 45001 also aligns with an organization’s business strategies instead of making organizations change according to the standard. Implementing ISO 45001 helps businesses take a risk-based approach to safety management which reduces the overall Cost of Safety (CoS) for your enterprise.
Each industry has its own unique type of risks apart from the common ones such as tripping, slipping, poor ergonomics, and so on. The earlier standard OHSAS 18001:2007 required all the risks and controls of all the activities, processes, and work areas to be identified and documented. In the case of ISO 45001, there is an additional requirement to take into account company-specific risks and opportunities by identifying both internal and external factors impacting safety. Industry-specific challenges must also be identified and factored in.
For instance, patient safety is a critical factor in the case of life sciences and medical device company and this must be considered and prioritized while you document your safety policy document.
What this translates to is the need to implement a company-specific approach to health and safety risks. The business should be able to predict risk trends and prepare to meet them when they occur. They could be due to the changing business environment, political or environmental reasons, regulatory changes, or changes within the organization. It may require being ready with a gap assessment and putting in place an action plan to fulfill those gaps. Upskilling the employees and providing appropriate training is crucial to meet ISO 45001 requirements.
Essential Requirements of ISO 45001
Continuous Improvement: One of the biggest differences between ISO 45001 and OHSAS 18001 is the need for proactive Continuous Improvement (CI) in the former. This means that safety leaders have to constantly look for ways to improve and enhance the safety management program. This includes conducting periodic audits, regular training programs, upgrading and digitalizing the safety management solution and so on. At a few proactive companies, safety leaders organize unique initiatives like “Safety Day” – where the focus is to rally together the entire organization across locations to think about safety with a mindset of continuous improvement.
Leadership and Enterprise-Wide Commitment: The top management is expected to lead the health and safety initiatives from the front and define the occupational health and safety policy. Assigning roles and responsibilities to process owners plays an important part of creating a culture of safety.
Risk Identification and Management: Like the other ISO standards, ISO 45001 encourages a risk-based approach by defining the requirements for addressing risks and opportunities and enabling occupational risk analysis. It also helps with:
- Hazard identification and assessment
- Determining legal and other requirements
- Defining health and safety objectives with a risk-aware mindset
Resource Identification and Allocation: Effective health and safety management requires the right set of resources (people, technology, financial) to be allocated. Resources include:
- People
- Infrastructure
- Work environment
- Monitoring and measuring resources
- Training resources
- Digital tools and technology
- Budget allocation
Operational Controls and Performance Evaluation: Establishing operational controls is required for mitigating occupational health and safety hazards, managing change and emergency preparedness and response. Further, the standard also requires periodic review to ensure its effectiveness through:
- Monitoring and measuring
- Performance evaluation
- Compliance
- Internal audit
- Management review
These aspects help with identifying opportunities for continual improvement to manage nonconformities, incidents, and take corrective and preventive actions with agility.
Risk-Aware Safety Management
A risk-based approach requires safety leaders and top management to identify the different factors affecting the safety and health of the workers and the environment. They should be able to understand the frequency and severity of the risk factors and plan strategies to mitigate the risks based on whether the risk is high, medium, or low.
This can be a tall order in a manual system. Anticipating risks, identifying opportunities, and leveraging them to strengthen and improve the safety management system without data can make the business vulnerable and more prone to accidents. Safety leaders need access to enterprise-wide safety data in real-time to understand current performance and future trends.
They need analytics to gain these insights. And more importantly, they need to understand how control measures will impact the risk. Sometimes, the risk may get mitigated, but a new one may be created, which can be costlier. Whenever a change is proposed, be it in the operational area, safety policy, or even the worker handling a particular operation, the risks can change and need to be addressed.
Businesses, therefore, need an automated Safety Management Solution that helps to mitigate risks and conform to the ISO 45001 standards. It needs automation to reduce human errors and improve the effectiveness of the solution.
ISO 45001 Automation – Powered by CQ EHS
ComplianceQuest offers a modern, AI-powered, cloud-based EHS solution aligned with all major safety regulations and standards including ISO 45001. Some of the key features of ComplianceQuest Safety Solutions with automation for greater compliance and improved safety include
Audits and Inspections: Internal and external audits and inspections ensure improved compliance with the standard. Auditing includes reviewing documents, records, and processes to assess areas of improvement and reduce non-conformities. ComplianceQuest helps to automate the audit process right from the time of scheduling it to provide access to the necessary information at the click of a button. It also helps with monitoring the follow-up action on audit findings, thus enhancing the safety management system.
Management Review: ComplianceQuest improves management involvement in safety management by providing them with access to crucial data required to assess the robustness of the safety management system. The safety control tower is a repository of all safety-related data that helps the management make timely and essential decisions on resource planning and allocation, assigning tasks, and monitoring and measuring progress. To know more about how ComplianceQuest enabled Management Review Automation for ISO 45001, read this blog.
Safety Observations, Near Misses, Incident Reporting: Observations and near misses are just as important as reports on full-blown incidents. They help to proactively identify potential issues, capture trends, triage and take appropriate action to reduce incidents at the workplace. By empowering the employee with the tools required to report events–potential and current–it also helps to create a culture of safety, encouraging employees to report big and small events without fear of retribution.
CAPA: The data collected from audits and safety towers enable taking timely action to correct the problem and preventive action to ensure there is no future recurrence. This also helps with the continuous improvement of the safety management system while improving compliance.
Document Management: This is a key aspect of all regulations and standards. Manual documents, or even those stored under the file system in a computer, can be hard to find when needed. Version control is another challenge businesses face. ComplianceQuest provides a document management solution that makes the entire document lifecycle, from creation to archiving, easy and intuitive.
Communication and Collaboration: Whenever there is a change to the policy or any system that may impact safety, it needs to be communicated with the rest of the organization. Communication can often be a weak point. But with ComplianceQuest, different stakeholders can collaborate and share information as required.
Training Management: Changes also require appropriate training to handle the new requirements of the safety management system efficiently. An integrated, end-to-end solution like ComplianceQuest helps identify the skill gaps, plan the curriculum and training schedule, deliver courses, assess, and ensure that the employees are up to speed.
Other features such as reports and dashboards further help with assessing the robustness of the safety management system and ensure continuous improvement. A control tower of safety information enables visualization of safety-related data to determine the safety training and management needs to reduce incidents and make the company a zero-incident company.
To know more about ComplianceQuest’s Incident Management solution and how it can help meet ISO 45001 requirements, visit: https://www.compliancequest.com/health-and-safety-incident-management-software
