What is ISO 45001 change management process?
When you are creating your Occupational Health & Safety Management System (OHSMS) using the requirements of ISO 45001:2018 it is important to remember that implementing the OHSMS according to the requirements is only the beginning. Your OHSMS becomes an ongoing project that requires maintenance and improvement, and processes will need to be updated and changed as time goes on. Due to this, the standard also includes some requirements on how to manage these changes and when these changes need to be considered. Find out below what ISO 45001 management of change means for you and your company.
ISO 45001 management of change requirements
The requirements for managing change are written in clause 8.1.3 of the ISO 45001:2018 standard. Due to the vastly different risks and hazards between organizations, this clause is very flexible in how change management can be applied from the standard requirements. To start with, ISO 45001 does not identify how your process for change must work, but requires that you have a process for implementing planned changes that impact the OH&S performance. This specifically requires you to apply this process for both temporary and permanent changes.
Additionally, the standard specifies some items that would activate the process because these activities change the OH&S performance. These activities are:
- Changes in products, services or processes – Before you add new, or change existing products, services and processes, you need to ensure that you use your change management process. This process would assess the risks of these changes and help control the risks. Some examples of these changes, given in the standard, include changing workplace locations, re-organization of work, altering work condition, changing equipment or people required for the work.
- Legal changes – If there are changes to the legal or other requirements that affect your OH&S performance, you need to make the necessary changes to your processes.
- Hazard & OH&S risk knowledge – If you gain new knowledge about your hazards or OH&S risks, such as new research that changes what is known about a cleaning chemical you are using, this new information needs to be assessed to see if OHSMS change is needed.
- Knowledge and technology developments – As you learn about new information or technology that can change how you do business, you also need to assess how this changes the OHSMS processes, and control the changes. For example, a new electronically controlled machine may become available that will remove some physical injury hazards associated with using the equipment.
One additional requirement in clause 8.1.3 talks about unintended changes. If you realize that something has changed without being planned, such as a mistake being made in the purchase of a cleaning chemical where the wrong chemical was used, you need to take action to address any negative effects that this change caused. This way you still react to risks posed by mistakes that were made.
When does the ISO 45001 standard mention considering changes in the OHSMS?
Along with these requirements on how to manage OH&S change, the standard has many requirements that include the consideration of changes in the OHSMS. So, when does ISO 45001 require you to consider these changes?
- Assessing risks and opportunities – Clause 6.1.1 requires that your assessment of risks and opportunities include those that come from changes in the organization, including intended outcomes for the OHSMS. When the change is planned, this assessment should occur before the change is implemented. Learn more about risks and opportunities in the article How to address risks and opportunities in ISO 45001.
- Identification of hazards – Part of the assessment of OH&S hazards in clause 18.104.22.168 requires that you consider hazards for actual or proposed changes in your company’s organization, operations, processes, activities or the OHSMS.
- Opportunity assessment – When you are assessing the opportunities (clause 22.214.171.124), which is a follow-on from clause 6.1.1 above, consideration of your planned changes to the organization should be included; such as adapting work in order to enhance OH&S performance.
- Internal communication – One of the types of information that need to be internally communicated (clause 7.4.2) within your organization are the changes to the OHSMS that people need to know.
- Management review – Clause 9.3 gives the requirements for management review. One of the outputs from the top management review of the OHSMS is the need for any changes in the management system. These identified changes should kick off the use of the change management process defined for the organization.
- Corrective action – As part of the corrective action process (clause 10.2), the standard requires that you implement any changes necessary to react to process nonconformity using the change management process for the organization. By doing this, corrective changes will be properly managed.
As a summary of these requirements, you can see that the change management process is intended to be used before making any changes within the organization that could potentially affect the OH&S performance.
Why management of change is important
The main reason to implement an OHSMS is to manage the hazards and risks that could cause injury and ill health in your workplace, so it becomes imperative that you take a proactive approach to change. This change ensures that these risks and hazards do not become worse during or after you modify the OHSMS. Understanding what could go wrong will help you to plan your changes so that you retain control of negative impacts and prevent you from dealing with unnecessary troubles as you improve.
For a better understanding of change management and other requirements in ISO 45001:2018, see this free white paper: Clause-by-clause explanation of ISO 45001:2018.
About the author:
Mark Hammar is a Certiﬁed Manager of Quality / Organizational Excellence through the American Society for Quality, and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes and writing procedures for Quality, Environmental and Occupational Health & Safety Management Systems, and is certiﬁed as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.