While OHSAS 18001 has been widely embraced,

what's ISO 45001 going to bring to safety leaders?

While both standards are targeted toward improvements in working conditions, ISO 45001 takes a
proactive approach to risk control that starts with the incorporation of health and safety in the overall
management system of the organization, thus driving top management to have a stronger leadership role in
the safety and health program.

OHSAS 18001 takes a reactive approach of hazard control by delegation of hazard control responsibilities
to safety management personnel rather than integrating the responsibilities into the overall management
system of the company.

Understanding the differences between the programs is important for employers as they move into the new
system and explore the organizational possibilities. Below are several of the main differences between the
two standards:

Management Commitment
In ISO 45001, management commitment is central to the standard’s effectiveness and integration. The shift
in the new standard is toward managerial ownership. The safety culture of the organization is to be
supported by the engagement of management with workers, and demonstrated by a top-down emphasis.
Instead of providing oversight of the program, management should be true safety leaders.

This means an active, participatory role in the organization’s safety and health for C-suite and those in
management. Protection of workers, as well as performance improvements, are roles of leadership under
the new ISO 45001.

Worker Involvement
Workers also have broader participation in the new standard, with employees working with management to
implement the safety management system (SMS). Employees should be provided training and education to
identify risks and help the company create a successful safety program. Internal audits and risk assessment
results should be openly shared with workers and allow for employee input. According to ISO 45001, the
responsibility of safety management belongs to everyone in the organization.

Risk Versus Hazard

ISO 45001 follows a preventative process, which requires hazard risks to be evaluated and remedied, as
opposed to hazard control, under OHSAS 18001. Think of the new standard as proactive, rather than
reactive. In adopting ISO 45001, your organization will find and identify potential hazard risks before they
cause accidents and injuries. Audits, job safety analyses and monitoring of workplace conditions will be
vital to ensure the proactive approach prescribed by ISO 45001.
 Structure
One obvious and important difference between ISO 45001 and OHSAS 18001 is the structure. The new
standard is based on Annex SL, which replaced ISO Guide 83, and applies a universal structure,
terminology and definitions. You’re probably well familiar with this structure if you also use other systems
such as ISO 9001 and ISO 14001. Through using the same structure, multiple management systems are
easier to implement in a more streamlined and efficient way.

Ultimately, ISO 45001 can be best summarized as a whole-company, proactive approach to incorporating a
safety culture. It is a framework that can take your organization to the next level in safety and health.

Mahesh – 8940630864

The release of the ISO 45001 Standard is arguably the most significant event for
EHS managers in a generation. This new standard, which will replace OHSAS
18001, follows the approach of other management systems such as ISO 14001 and
ISO 90001 and has an increased emphasis on management commitment, worker
involvement, and risk control.

Adoption of the standard over the next three years will, no doubt, lead to many
questions as organizations evaluate their current health and safety processes.
Understanding the key differences between ISO 45001 and OHSAS 18001 is an
important first step. Below is an overview of ISO 45001 and a list of the key
similarities and differences in the two standards.

What is ISO 45001?

 ISO 45001 was published on March 12,2018and is the new international standard for
occupational health and safety (OH&S) management

 ISO 45001 specifies requirements for an occupational health and safety (OH&S)
management system and gives guidance for its use to enable organizations to provide safe
and healthy workplaces by preventing work-related injuries, illnesses, and fatalities and by
proactively improving OH&S performance

 ISO 45001 is applicable to any organization worldwide regardless of its size, type, or nature

 ISO 45001 replaces OHSAS 18001, the world’s former reference for OH&S management
(organizations currently certified under OHSAS 18001 will have until March 12,2021to
migrate to ISO 45001)

How is ISO 45001 similar to OHSAS 18001?

 Intent: The overall intent to create a framework for managing the prevention of employee
injuries, illnesses, and fatalities is the same for both standards
 Plan-Do-Check-Act: The PDCA cycle remains the fundamental operating principle in both
standards
 Other Similarities: Many of the requirements covered in OHSAS 18001, although
consolidated, relocated, or expanded on, are found in ISO 45001, including policy
requirements; identification of legal and other requirements; improvement objectives;
awareness requirements; competency requirements; resources needed to support the system;
and requirements for monitoring, measuring, and analyzing OH&S performance and
improvement
What are some of the main differences between ISO 45001 and OHSAS
18001?
 Structure: The structure of ISO 45001 is based on Annex SL, which is the framework used
in other ISO management system standards, making implementation easier and more efficient
 Management Commitment: ISO 45001 requires the incorporation of health and safety into
the overall management system of the organization, requiring management to take a stronger
leadership role in OH&S
 Worker Involvement: ISO 45001 requires employee training and education to identify risks
and help create a successful safety program, allowing broader employee participation
 Risk v. Hazard: ISO 45001 follows a preventative process, requiring hazard risks to be
evaluated and remedied before they cause accidents and injuries, unlike OHSAS 18001,
which focused only on hazard control

Mandatory documents and records required by ISO 45001:2018

Here are the documents you need to produce if you want to be compliant with ISO 45001:

 Scope of the OH&S management system (clause 4.3)

 OH&S policy (clause 5.2)
 Responsibilities and authorities within OH&SMS (clause 5.3)
 OH&S process for addressing risks and opportunities (clause 6.1.1)
 Methodology and criteria for assessment of OH&S risks (clause 6.1.2.2)
 OH&S objectives and plans for achieving them (clause 6.2.2)
 Emergency preparedness and response process (clause 8.2)

And, here are the mandatory records:

 OH&S risks and opportunities and actions for addressing them (clause 6.1.1)
 Legal and other requirements (clause 6.1.3)
 Evidence of competence (clause 7.2)
 Evidence of communications (clause 7.4.1)
 Plans for responding to potential emergency situations (clause 8.2)
 Results on monitoring, measurements, analysis and performance evaluation (clause 9.1.1)
 Maintenance, calibration or verification of monitoring equipment (clause 9.1.1)
 Compliance evaluation results (clause 9.1.2)
 Internal audit program (clause 9.2.2)
 Internal audit report (clause 9.2.2)
 Results of management review (clause 9.3)
 Nature of incidents or nonconformities and any subsequent action taken (clause 10.2)
 Results of any action and corrective action, including their effectiveness (clause 10.2)
 Evidence of the results of continual improvement (clause 10.3)

Non-mandatory documents
There are numerous non-mandatory documents that can be used for ISO 45001 implementation.
However, these are the non-mandatory documents that are most commonly used:
 Procedure for Determining Context of the Organization and Interested Parties (clause 4.1)
 OH&S Manual (clause 4)
 Procedure for Consultation and Participation of Workers (clause 5.4)
 Procedure for Hazard Identification and Assessment (clause 6.1.2.1)
 Procedure for Identification of Legal Requirements (clause 6.1.3)
 Procedure for Communication (clause 7.4.1)
 Procedure for Document and Record Control (clause 7.5)
 Procedure for Operational Planning and Control (clause 8.1)
 Procedure for Change Management (clause 8.1.3)
 Procedure for Monitoring, Measuring and Analysis (clause 9.1.1)
 Procedure for Compliance Evaluation (clause 9.1.2)
 Procedure for Internal Audit (clause 9.2)
 Procedure for Management Review (clause 9.3)
 Procedure for Incident Investigation (clause 10.1)
 Procedure for Management of Nonconformities and Corrective Actions (clause 10.1)
 Procedure for Continual Improvement (clause 10.3)

Mandatory documents and records required by ISO 9001:2015

Here are the documents you need to produce if you want to be compliant with ISO 9001:2015.
(Please note that some of the documents will not be mandatory if the company does not perform
relevant processes.):
 Scope of the QMS (clause 4.3)
 Quality policy (clause 5.2)
 Quality objectives (clause 6.2)
 Criteria for evaluation and selection of suppliers (clause 8.4.1)

And, here are the mandatory records (note that records marked with * are only mandatory in
cases when the relevant clause is not excluded):
 Monitoring and measuring equipment calibration records* (clause 7.1.5.1)
 Records of training, skills, experience and qualifications (clause 7.2)
 Product/service requirements review records (clause 8.2.3.2)
 Record about design and development outputs review* (clause 8.3.2)
 Records about design and development inputs* (clause 8.3.3)
 Records of design and development controls* (clause 8.3.4)
 Records of design and development outputs *(clause 8.3.5)
 Design and development changes records* (clause 8.3.6)
 Characteristics of product to be produced and service to be provided (clause 8.5.1)
 Records about customer property (clause 8.5.3)
 Production/service provision change control records (clause 8.5.6)
 Record of conformity of product/service with acceptance criteria (clause 8.6)
 Record of nonconforming outputs (clause 8.7.2)
 Monitoring and measurement results (clause 9.1.1)
 Internal audit program (clause 9.2)
 Results of internal audits (clause 9.2)
 Results of the management review (clause 9.3)
 Results of corrective actions (clause 10.1)

Non-mandatory documents
There are numerous non-mandatory documents that can be used for ISO 9001 implementation.
However, I find these non-mandatory documents to be most commonly used:
 Procedure for determining context of the organization and interested parties (clauses 4.1 and
4.2)
 Procedure for addressing risks and opportunities (clause 6.1)
 Procedure for competence, training and awareness (clauses 7.1.2, 7.2 and 7.3)
 Procedure for equipment maintenance and measuring equipment (clause 7.1.5)
 Procedure for document and record control (clause 7.5)
 Sales procedure (clause 8.2)
 Procedure for design and development (clause 8.3)
 Procedure for production and service provision (clause 8.5)
 Warehousing procedure (clause 8.5.4)
 Procedure for management of nonconformities and corrective actions (clauses 8.7 and 10.2)
 Procedure for monitoring customer satisfaction (clause 9.1.2)
 Procedure for internal audit (clause 9.2)
 Procedure for management review (clause 9.3)

What are the 4 main differences between ISO 9001:2008 and ISO 9001:2015?

ISO 9001:2015 HAS TEN CLAUSES INSTEAD OF EIGHT

The following table shows the relationship of the ISO 9001:2008 clauses to those in the new ISO
9001:2015.

ISO 9001:2008 ISO 9001:2015

0. Introduction 0. Introduction
1. Scope 1. Scope
2. Normative reference 2. Normative reference
3. Terms and definitions 3. Terms and definitions
4. Quality management system 4. Context of the organization
5. Leadership
5. Management responsibility
6. Planning
6. Resource management 7. Support
7. Product realization 8. Operation
9. Performance evaluation
8. Measurement, analysis and improvement
10. Improvement

The first three clauses in ISO 9001:2015 are largely the same as those in ISO 9001:2008, but
there are considerable differences between ISO 9001:2008 and ISO 9001:2015 from the fourth
clause onwards. The last seven clauses are now arranged according to the PDCA cycle (Plan,
Do, Check, Act). The following figure shows this.
The PDCA cycle is a four-step management method used to achieve and maintain control and
continual improvement for process and products.

Plan- Establish the objectives and processes necessary to deliver results in accordance with the
target or goal.

Do- Implement the plan, execute the process, make the product.

Check- Study the actual results and compare against the expected results.

Act- If the CHECK shows that the PLAN implemented in DO is an improvement, then that
becomes the new standard. If not, then adjustments are made to insure consistent improvement.

By diligently using the PDCA cycle, we can insure that complacency never occurs, and that
Cubbison is consistently raising and maintaining our standards.

Clauses 4, 5, 6 and 7 of ISO 9001:2015 come under PLAN, clause 8 comes under DO, clause 9
comes under CHECK and clause 10 is covered by ACT.

With this new arrangement, the new ISO 9001:2015 strives to give additional momentum to the
continuous and systematic improvement of processes within organizations and businesses, such
as the Cubbison Company.
ISO 9001:2015 PUTS MORE FOCUS ON INPUT AND OUTPUT

There is more emphasis in ISO 9001:2015 on measuring and properly assessing the input and
output of processes. According to ISO 9001:2015, We closely monitor which articles, information
and specifications are involved in the production process. We also clearly check whether good
articles come out of the production process.

RISK-BASED THINKING IS AT THE CORE OF ISO 9001:2015

Risk-based thinking has a very important place in ISO 9001:2015. We use risk analysis in order
to decide for ourselves which challenges we see in the management of our business processes.

Formal risk analysis, familiar to many organizations via FMEA or HACCP techniques, is now
standard for everyone. To emphasize their dominance, the concept of ’risk’ occurs forty-eight
times in ISO 9001:2015, compared with only three times in ISO 9001:2008.

The addition of risk-based thinking has made the ‘preventive measures’ of ISO 9001:2008
redundant. These preventive measures no longer appear in ISO 9001:2015. The transition from
‘Preemptive measures’ to ‘Risk-based Thinking’ is a smart one, as it acts to analyze situations,
and solve potential problems long before they begin to develop.

LEADERSHIP AND COMMITMENT IN ISO 9001:2015

ISO 9001:2015 also places more emphasis on leadership and management commitment. It
requires greater involvement by top managers and business leaders in controlling the quality
management system.

This way, ISO 9001:2015 is intended to encourage integration and harmonization with business
processes and business strategies. This helps emphasize top management responsibility to
ensure the effectiveness of the quality management system.

Because ISO 9001:2015 pays more attention to risk management, interested parties and the
context of the organization, the quality management system also fits in better with the needs of
the top management.
The quality management system is now more than ever a means for being strategically
successful by addressing the needs of interested parties and by managing opportunities and
threats.

The ‘management representative’ of ISO 9001:2008 was a member of the management

committee who had the responsibility and authority for steering the quality management system
along the right lines. ISO 9001:2015 does not mention this aspect any more. The idea behind the
change is that quality is a matter for everyone and for all levels within the organization.

We, at the Cubbison Company, are proud to be recognized as one of the few companies to
achieve this level of certification to date. To us, our ISO 9001:2015 registration is verification of
our ingenuity, leadership, progressiveness, and our attention to detail, efficiency, quality, safety
and care for our customers in the printed electronics and product identification industries.