Up to standard - Should your business adopt ISO 45001?
Up to standard - Should your business adopt ISO 45001?
Half a decade since the launch of the first global OSH management systems standard, ISO 45001, Louis Wustemann considers the questions to ask if you are considering certification.
It’s just over five years since the international management systems standard for occupational safety and health was issued and the first few companies were certified. By the end of last year there were 11,937 certificates issued in the UK, covering 22,424 sites, according to a survey of certifying bodies by the International Organisation for Standardization (ISO) which developed the standard.
Almost 12,000 companies certified is a significant number, and year on year growth is over 10 per cent, but that leaves almost 70 per cent of UK businesses with more than 50 employees that have not yet signed up. If you are one of the unaccredited majority, should you take the plunge?
Whether or not you should pursue certification depends on the answers to a few questions. One is whether your organisation is under external pressure to gain accreditation. In some sectors, such as construction and energy, bigger firms already vet their contractors, either directly or through third-party agencies, using metrics including health and safety, quality and environmental management criteria.
Accreditation to management systems standards often features in these prequalification schemes as one of the indicators of good performance. The growth of environment, social and governance (ESG) investing is leading to more pressure on businesses whose shares are publicly traded to demonstrate to institutional investors and fund managers that they take an interest in their suppliers’ impacts and standards. This means more large organisations are likely to prequalify and audit supply chains as the years pass.
Gap or chasm?
Another question to ponder is whether your organisation is ready to map to the standard. Almost every business with an individual responsible for day-to-day management of its health and safety compliance has a management system, even if it does not use the term. But if the company has a barebones system aimed at scraping by with the minimum effort necessary for legal compliance, a lot of work will be needed to reach ISO 45001’s requirements. The standard requires proof of employee involvement in OSH decisions, leadership from the top of the organisation and documented understanding of issues such as the way contractors and suppliers are impacted by the health and safety system. It also requires a commitment to continuous improvement in OSH management, which will have to be demonstrated to achieve recertification every three years.
Consultants that help ready businesses for certification will carry out a gap analysis of your current management system and the standard – or you can carry out the analysis yourself – but if you are confident the gaps are likely to be many and wide, it might be worth spending time creating some of the necessary infrastructure before starting on the formal road to accreditation.
Kate Field is Global Head of Health, Safety and Wellbeing at the British Standards Institution (BSI), the national standards body, which also accredits companies to ISO standards. She says that the holes in organisations’ arrangements most commonly identified by the gap analysis stage of the path to accreditation – or as non-conformances when they go through recertification – are a lack of internal audit procedures (required by the standard), poorly controlled areas of risk, emergency management arrangements and a lack of root cause analysis after incidents. “They tend to be the weaknesses we see consistently,” she says.
Looking in
At the other end of the spectrum, there are organisations that already have a well-developed management system and lower than average injury and illness rates. If you are in that enviable position and customers are not pressing for your organisation to certify, is it worth the expense and effort of jumping through the hoops?
“Certification is not necessarily for every organisation. There are plenty of organisations that implement management systems without getting certification,” says Field.
But she points to the value, even for the best-run organisations, of the external audit that is required for accreditation: “That independent fresh set of eyes coming in at set intervals brings that reassurance that everything you think is great really is great and you are not missing anything.”
There is also evidence associating certified management standards with better health and safety performance. A 2021 study by researchers from Harvard Business School and Duke University compared matched samples of 274 US businesses that had and 274 that had not adopted BS OHSAS 18001, the predecessor to ISO 45001, issued by BSI and withdrawn in 2021. They found that the 18001 accredited firms reported 20 per cent lower accident and injury levels to the US authorities than their uncertified peers.
Tone at the top
Field says that one of the common challenges for anyone steering a company through certification can be arranging time in the diaries of top management for the interviews demanded by the external auditors to gauge their commitment to, and leadership of, the management system.
ISO 45001 sets tighter requirements for this board-level engagement in health and safety than the equivalent standards for environment or quality. Is it worth pursuing certification without a board-level sponsor? Certainly, it would be hard to gain funding for any work needed to meet the standard’s requirements, let alone audit and certification costs, without senior support.
If management are not immediately sold on the idea of certification, Field argues it is worth making a business case using evidence about how much incidents and illness are costing the organisation, along with insurance claims for incidents such as road traffic accidents and the effect they have on insurance premiums. The evidence from the Harvard/Duke study of the potential reduction in injury rates may help. She suggests stretching the net wider and looking at the effect of a strong OSH system on turnover rates. “Talent, productivity, retention; those are very much on board agendas,” she notes.
A final question safety and health professionals may want to ask themselves, if they think certification might be of net value to their employer but are daunted by the effort involved in learning about the standard and mapping their management system to it, is: will it benefit my career? The answer is probably yes. In a random selection of 50 job advertisements for health and safety managers and advisors on LinkedIn in mid-September reviewed for this article, 24 asked for experience of ISO 45001 accreditation as a flat requirement or as desirable at least.
Whether or not to pursue ISO 45001 depends on your responses to all the above questions but above all on one overarching one that applies to any OSH initiative: do you believe it will help you better protect the people under your care?
Louis Wustemann is a writer and editor on sustainability and health and safety. He was previously Head of Regulatory Magazines at LexisNexis UK, publishing IOSH Magazine, Health and Safety at Work magazine and The Environmentalist among other titles. He is a trustee of the One Percent Safer Foundation.
Already a member? Login to MyRoSPA to read more articles
Login to you MyRoSPA account
Login to MyRoSPA to view more exclusive content
Login
| Join RoSPA
Become a member now
Become a member to access MyRoSPA to view more exclusive content
Join
Already a member? Login to MyRoSPA to read more articles
Login to you MyRoSPA account
Login to MyRoSPA to view some more exclusive content
Login
| Join RoSPA
Become a member now
Become a part of the MyRoSPA team to view more exclusive content
Register