John Nolan When establishing and maintaining an ISO 45001:2018 system, one of the key aspects is ensuring that your organization complies with all legal requirements for the region you operate in. We have looked at How to identify and comply with legal requirements in ISO 45001 in a previous article, but at a practical level, how do we ensure that we are up to date, compliant, and that all our workforce are fully educated? Given that the health and well-being of the workforce is at stake, let us take a look at some specific tips to ensure that you can be compliant and “OH&S aware,” and that the results of your OH&S system reflect your commitment to employee safety.
Compliance – Tips for getting there
If you have established your OH&S system, you will be aware of the statement in clause 6.1.3 of ISO 45001, which specifies that legal and other requirements must be taken into account when you establish OHSMS plans. So, despite no explicit order from the standard to formally document the legal requirements, it will be very much easier to manage compliance if you do. Therefore, an OH&S Legal Register should be established. So, how do you populate it?
- Use your local government agencies to establish your legislative requirements. In the United Kingdom, the Health and Safety Executive is a government-run body that provides excellent support to establish regulatory compliance. In the United States, the Labor Department can provide similar information.
- Research local websites that provide relevant information. Whether their membership is paid or free, many organizations provide free bulletins with information on legislation and changes that may occur in the legislative system. The more information you can solicit, the less chance that you will miss anything.
- Compare notes! Find organizations in similar sectors and share information. Normally, you will both have tips you can provide to each other, and shared information will help you both protect the well-being of your respective workforces. Sharing information amongst businesses in similar areas of competition is unusual, but in terms of OH&S it is excellent practice.
- Consult stakeholders. Ensure employees are consulted, even in regulatory matters. Your workforce may have many years of experience in your sector – make sure you use it.
Compliance – Tips for staying there
The results of evaluation and compliance are one of the mandatory inputs to your OH&S system, so it is clear that constant evaluation must take place via the Management Review and other forums to allow top management to constantly consider and evaluate risk on the basis of these results. Therefore, we can understand that we have an obligation to keep on top of our legislative requirements and comply with the law. So, how do we do that effectively?
- Ensure that a process is in place where all incoming information from parties providing OH&S regulatory information are read, investigated, and formally recorded. Even if a regulatory change doesn’t affect your business, it is good practice to record it and build up a habit and history of constant investigation and evaluation.
- Ensure that your internal audit process pays due attention to legislative requirements. As you can read in this previous article: Why you should perform effective internal audits in ISO 45001, this is critical to maintaining performance.
- Set aside a time in your schedule for regulatory compliance checking. Why not assign a half hour per week to doing some online or “peer to peer” research to ensure that your compliance is up to date? Set a reminder on your mail calendar and create a small form on your OH&S system to ensure that this discipline is maintained. Think of this as your “check” before the internal audit process.
- Validate your corrective action process. This article entitled Seven steps for corrective and preventive action in the OH&S system will provide you with guidance as to whether your process is fit for purpose in terms of ensuring effective corrective action is taken when regulatory compliance has fallen short and is discovered.
- Continue to maintain your stakeholder involvement. Constant information flow between your employees, management, and external stakeholders will not only help to guarantee compliance, but will ensure communication, knowledge, and awareness exist, and even a compliant OH&S system is worthless without that aspect.
- Maintain regular updates or training sessions: ensure all your employees receive all the regulatory details they need to do their jobs safely and efficiently. Ensure you update their training plans accordingly; the responsibility and outcomes of any lack of regulatory knowledge are those of the OH&S Management Representative.
Plan, Do, Check, Act?
The methods proposed in this article can be traced back to the “Plan, Do, Check, Act” philosophy that exists in the ISO standard family. OH&S regulatory compliance can be achieved using a similar process, but if anything, you need to put particular emphasis on the “Check, Act” parts of the process, as with regulatory matters you are dealing with a moving target. Set up your process to ensure that you check, solicit, and share information on a regular and dedicated basis. Use all the means you have available to you and set aside research time. Listen to your employees and communicate clearly and effectively when you have information to update them with. Welcome their involvement, whether questions or feedback. Ensure that you use your compliance to derive the maximum benefit for your employees and stakeholders.
Use this free Gap Analysis Tool to assess how your OH&S measures up against the ISO 45001 standard requirement.
