How to handle nonconformities in ISO 45001

If your workplace operates an ISO 45001:2018 system, then you will be aware of the importance of being able to identify, and therefore eliminate any nonconformities that may be found. A nonconformity is defined as a “failure to meet requirements” which can include accepted standards, rules or laws; therefore, it is easy to see that any nonconformities that go unchecked in an ISO 45001 system could have a detrimental effect on your workforce’s well-being and safety. So, what exactly constitutes a nonconformity, and how can they be identified?

Nonconformities and incidents

In ISO 45001, generally speaking, a nonconformity can thought of as failure to fulfill a requirement. Even if the ISO 45001 system is functioning effectively, you may well still have “incidents” or “near misses,” a near miss usually being an “event” where no injury has occurred, as opposed to an incident where some sort of injury has. It is important to understand that these “events” in and of themselves are not nonconformities, although it is possible that an event occurs because of a nonconformity. So, what methods can we use to identify a nonconformity?

Nonconformity identification

There are several methods by which a nonconformity can be identified:

  • Incident investigation: This process should be set up to conduct a thorough investigation into any incidents within the workplace; and, if possible, to identify any nonconformities that may be the root cause for the incident. (For more information, see How to perform incident investigation according to ISO 45001).
  • Internal audits: Again, this function should point toward identifying any nonconformity that may exist in your OHSMS.
  • Employee forums and feedback: Your employees will know the processes better than anyone; solicit their feedback in order to identify nonconformities in the process.

So, in summary, let us look at an imaginary workplace scenario:

A mining company performs a controlled explosion to remove earth to allow for deeper mining to take place. The explosion is larger than expected, and although the correct safety process is followed, the desired outcome has not been reached and an unnecessary risk to employees, the environment, and the cost of the project has been discovered. The incident investigation concluded the following outcome:

  • The incident was classified as a “near miss,” as no employees were hurt.
  • The process documentation was examined and employees interviewed. It was found that the employees had followed the process document and guidelines diligently, but that the amount of explosives specified in the process document was incorrect.
  • The nonconformity was the incorrect explosives mix specified in the document, and this was addressed by a corrective action.

So, we now understand what a nonconformity is, but how do we fix it?

Nonconformity – Eliminate, communicate, monitor

Nonconformities, whether regulatory or legislative –which you can read more about in this previous article Advice to ensure you meet regulatory requirements – or simply oversights within your process, must be fixed, communicated, and monitored regularly. For your ISO 45001 system to be compliant, it also must be formally recorded. Therefore, the following actions should be taken:

  • The corrective action should be decided on, with stakeholder input if required, and the root cause addressed. (For more information, see Seven steps for corrective and preventive actions in the OH&S management system).
  • Communication should be undertaken, with the opportunity for feedback. Remember that if a critical non-conformity is to be eliminated by a process change, it is vital that all employees are aware of it, understand the changes fully, and sign off to say so.
  • A period of monitoring and measuring should be agreed and acted upon, until confidence is high that there will be no reoccurrence.
  • The whole process should be formally documented. This will also help you build up a history in your ISO 45001 system – for example, to take past issues into account when preparing an internal audit, which you can find out more about in the article Why you should perform effective internal audits.

Therefore, you can ensure that you have the capability to identify, fix, and monitor the results of your nonconformities within your ISO 45001 system. Naturally, in terms of employee well-being, prevention is better than a cure, but it is vitally important that you can fully understand, remove, and ensure there is no repeat of any nonconformity that may occur. As ever, harnessing employee feedback and opinion and ensuring that your communication is extremely effective are also very important. It is also sound practice to review your OHSMS regularly to ensure that you are effective in all these measures, thereby providing a “closed loop” continual improvement process. Strive to be as effective as you can be – after all, your profit, reputation, and well-being depend on it.

To learn more about nonconformities and other requirements of ISO 45001, download this free white paper: Clause-by-clause explanation of ISO 45001:2018.

Advisera John Nolan
John Nolan
John Nolan is a Fellow of the Institute of Leaders and Managers in the United Kingdom, and Prince 2 accredited with a background in Engineering and Electronics and Data Storage and Transfer. Having studied and qualified as both a Mechanical and Electronic Engineer, he has spent the last 15 years designing and delivering Quality Systems and projects across many sectors in the UK, including both national and local government.