Ohsas 18001 Lead Auditor En V.7.4 Day-1.pdf

Schedule for Day 1 Section 1: Course objectives and structure Section 2: Standard and regulatory framework Section 3: Certification process Section 4: Fundamental principles of occupational health and safety Section 5: Occupational Health and Safety Management System (OHSMS) © 2005 PECB Version 7.4 Eric Lachapelle (Editor) Document number: OHSMSLAD1V7.4 Documents provided to participants are strictly reserved for training purposes and are copyrighted by PECB. Unless otherwise specified, no part of this publication may be, without PECB’s written permission, reproduced or used in any way or format or by any means whether it be electronic or mechanical including photocopy and microfilm.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 1/125

Normative references used in this training 1.Main standards ILO-OSH 2001, Guidelines on occupational safety and health management systems. ISO 17021:2011, Conformity assessment — Requirements for bodies providing audit and certification of management systems. ISO 17024:2003, Conformity assessment — General requirements for bodies operating certification of persons. ISO 19011:2011, Guidelines for auditing management systems. OHSAS 18001:2007, Occupational Health and Safety management systems — Requirements. OHSAS 18002:2008, Occupational Health and Safety management systems — Guidelines for the implementation of OHSAS 18001:2007.

2. Other standard references ISO Guide 73:2009, Risk management – Vocabulary. ISO 7010:2011 Graphical symbols - Safety colours and safety signs - Registered safety signs ISO 9000:2005, Quality management systems – Fundamentals and vocabulary. ISO 9001:2008, Quality management systems – Requirements. ISO 14001:2004, Environmental management systems – Requirements with guidance for use. ISO/IEC 17011:2004, Conformity assessment – General requirements for accreditation bodies accrediting conformity assessment bodies. ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain. ISO 22301:2012, Societal security — Business continuity management systems — Requirements. ISO/IEC 27004:2009, Information technology – Security techniques – Information security management – Measurement. ISO 28000:2007, Specification for security management systems for the supply chain. ISO 31000:2009, Risk Management – Principles and Guidelines.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 2/125

List of acronyms and abbreviations use in this training AENOR: Spanish Association of Standardization and Certification ANSI: American National Standards Institute BS: British Standard CMS: Content Management System CPD: Continuing Professional Development DMS: Document Management System EA: European Co-operation for Accréditation EDM: Electronic Document Management System EMS: Environment management system EU: European Union GAAS: Generally Accepted Auditing Standards IAF: International Accreditation Forum IFAC: International Federation of Accountants IMS2: Integrated Implementation Methodology for Management Systems and Standards ISO: International Standards Organization LA: Lead Auditor LI: Lead Implementer NC: Non-conformity NEBOSH: National Examination Board in Occupational Safety and Health Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 3/125

OHSAS: Occupational Health and Safety Assessment Series OECD: Organization for Economic Co-operation and Development PDCA: Plan-Do-Check-Act PIP: Polish National Labour Inspection QMS: Quality management system PECB: Professional Evaluation and Certification Board ROI: Return on Investment SMS: Service management system (or Safety management system)

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 4/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 5/125

To break the ice, participants introduce themselves stating: Name; Current position; Knowledge of and experience with occupational health and safety; Knowledge of and experience with OHSAS 18001 and OHSAS 18002; Knowledge and experience with other management systems (ISO 9001, ISO 14001, ISO 20000, ISO 22301, etc.); Auditing knowledge and experience; Course expectations and objectives. Duration of activity: 20 minutes

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 6/125

For simplification, only the masculine is used throughout this training and is not meant to offend anyone. In case of emergency, please be aware of exits. Agree on course schedule and two breaks (be on time). Set your cell phone on vibration and if you need To take a call, please do it outside the classroom. Recording devices are prohibited because they may restrict free discussions.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 7/125

The training is designed to allow candidates to acquire and/or enhance their competency to audit an occupational health and safety management system. From an educational view, competency consists of the following three elements: 1. Knowledge; 2. Skill; 3. Behavior (attitude). This training is focused on the acquisition of knowledge related to audit techniques applied to occupational health and safety, and not on the acquisition of an expertise in occupational health and safety. Minimal knowledge of OH&S is however required for successful completion of the course. To obtain more in-depth knowledge of the implementation and the management of an OHSMS, it is recommended to take the Certified OHSAS 18001 Lead Implementer course. At the end of the course, participants will obtain knowledge and develop the competency on How to audit and not only on the Why audit and What to do during an audit.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 8/125

Regarding the development of skills, the objective of this training is to ensure that the candidate can actively participate in an OHSAS 18001 certification audit or an internal audit the day following the end of the training. This training is focused on the daily realities of the conduct of an audit. The case study and role-plays act as simulations of situations that are as close as possible to the reality in the field. Regarding attitude, several exercises will allow the candidate to strengthen his personal skills necessary for an auditor to act with due professional care during the implementation of audit activities such as decision-making ability, teamwork, openness of mind, etc.

Important note: The Certified OHSAS 18001 Lead Auditor training is intended for both internal and external auditors. Auditing techniques and the competencies needed for auditors are common to all types of audits. The peculiarities of the different types of audits will be explained during the training. Internal audits will be handled in a dedicated section of day 4.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 9/125

This course is primarily based on: Trainer led sessions, where questions are welcomed. Student involvement: exercises, case studies, role-plays, notes, reactions, discussions (participant experiences).

Remember, this course is yours: you are the main players of its success. Students are encouraged to take additional notes. Homework and exercises are essential in the acquisition of the competencies necessary to conduct an audit. Thus it is very important to do them conscientiously. Moreover, even if they are not scored, homework and exercises prepare participants for the certification exam.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 10/125

ISO 19011 provides guidance on audit principles, audit program management, management systems audit, as well as guidance on the competencies of auditors. It applies to all organizations needing to conduct internal and external audits or to manage an audit program. The application of ISO 19011 to other types of audits is possible: it is sufficient, in this type of case, to give special attention to identifying the competencies required by the audit team members. Reference: www.iso.org

International Federation of Accountants - IFAC: This is the world accounting organization. It operates with its 157 members and associates in 122 countries to protect public interest by encouraging high quality practices by the accounting world. Standards developed by IFAC provide guidelines and advice in the following fields: audit, insurance, control and services related to quality, to training, ethics and accounting. Reference: www.ifac.org

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 11/125

Generally Accepted Auditing Standards - GAAS: These are several audit standards, developed by the AICPA (American Institute of Certified Public Accountants), including general standards, standards by activity sector and report standards, with interpretations. They were developed by AICPA in 1947 and have undergone a few minor changes since then. Reference: www.aicpa.org

Professional practices of the Internal Auditors Institute: The provide advice on conducting internal audits. They are the result of a careful analysis, consultations and deliberations on the fundamental principles concerning the performance of internal audit services by members of the IIA (Institute of Internal Auditor) and the CIA (Certified Internal Auditor). Reference: www.theiia.org

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 12/125

The objective of the certification examination is to ensure that auditor candidates have mastered audit concepts and techniques so that they are able to participate in audit assignments. The PECB examination committee shall ensure that the development and adequacy of the exam questions is maintained based upon current professional practice. The questions are developed and maintained by a committee of occupational health and safety specialists that are all OHSAS 18001 Lead Auditor certified.

The exam only contains essay questions. The duration of the exam is 3 hours. The minimum passing score is 70%. All notes and reference documents may be used during the exam excluding the use of a computer. The exam is available in several languages. When taking the exam, please ask the trainer or check on the PECB website to know the list of available languages. All seven competency domains are covered by the examination. To read a detailed description of each competency domain, please visit the PECB website.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 13/125

Passing the exam is not the only pre-requisite to obtain the credential of “Certified OHSAS 18001 Lead Auditor”. This credential will endorse both the passing the exam and the validation of the professional experience records. Unfortunately, many people claim they are OHSAS 18001 Lead Auditor-qualified following a successful exam, although they don’t have the required experience level. The set of criteria and the certification process are explained at the last day of the training. A candidate with lesser experience can apply for the credential of “Certified OHSAS 18001 Auditor” or “Certified OHSAS 18001 Provisional Auditor”.

Important note: Certification fees are included in the examination price. The candidate will therefore not have to pay any additional costs when applying for certification at their corresponding experience level and receive one of the other professional credentials, i.e. Certified OHSAS 18001 Provisional Auditor, Certified OHSAS 18001 Auditor or Certified OHSAS 18001 Lead Auditor.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 14/125

After passing the exam, the candidate has a maximum period of three years to apply for one of the professional credentials related to the OHSAS 18001 certification scheme. When the candidate is certified, he will receive, via electronic mail, from PECB a certificate valid for three years. To maintain his certification, the applicant must demonstrate every year that he is satisfying the requirements for the assigned credential and abiding to PECB’s Code of Ethics. To learn more about certificate maintenance and renewal procedure please visit PECB Website. At the end of the training, more details will be given.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 15/125

PECB is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise on multiple fields, including but not limited to Information Security, IT, Business Continuity, Service Management, Quality Management Systems, Risk & Management, Health, Safety, and Environment.

We help professionals and organizations to show commitment and competence with internationally recognized standards by providing this assurance through the education, evaluation and certification against rigorous, internationally recognized competence requirements. Our mission is to provide our clients comprehensive services that inspire trust, continual improvement, demonstrate recognition, and benefit society as a whole. PECB is accredited by IAS against ISO/IEC 17024, ISO/IEC 17021, ISO/IEC 17065. The purpose of PECB, as stated in its Bylaws, is to develop and promote professional standards for certification and to administer credible certification programs for individuals who practice in disciplines involving the audit and the implementation of a compliant management system. This principal purpose includes: 1. 2. 3. 4. 5. 6. 7. 8.

Establishing the minimum requirements necessary to qualify certified professionals; Reviewing and verifying the qualifications of applicants for eligibility to sit for the certification examinations; Developing and maintaining reliable, valid, and current certification examinations; Granting certificates to qualified candidates, maintaining certificant records, and publishing a directory of the holders of valid certificates; Establishing requirements for the periodic renewal of certification and determining compliance with those requirements; Ascertaining that certificants meet and continue to meet the PECB Code of Ethics; Representing its members, where appropriate, in matters of common interest; Promoting the benefits of certification to employers, public officials, practitioners in related fields, and the public.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 16/125

An internationally recognized certification can help you maximize your career potential and reach you professional objectives. An international certification is the formal recognition of competencies of an individual. According to salary surveys published by the several magazines in the last five years, certified auditors have an average salary considerably higher than their non-certified counterparts.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 17/125

In order to ensure your satisfaction and continually improve the training, examination and certification processes, PECB Customer Service has established a support ticket system for handling complaints and services for our clients. As a first step, we invite you to discuss the situation with the trainer. If necessary, do not hesitate to contact the head of the training organization where you are registered. In all cases, we remain at your disposal to arbitrate any dispute that might arise between you and these parties. To send comments, questions or complaints, please open a ticket on PECB’s website in the Contact Us section. If you have suggestions for improving PECB’s training materials, we'd like to hear from you. We read and evaluate the input we get from our members. Please open a ticket directed to Training Department on PECB’s website in the Contact Us section. In case of dissatisfaction with the training (trainer, training room, equipment,...), the examination or the certification processes, please open a ticket under “Make a complaint” category on PECB’s website in the Contact Us section.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 18/125

Day 1: Introduction to occupational health and safety and OHSAS 18001 1.Course objectives and structure 2.Standard and regulatory framework 3.Certification process 4.Fundamental principles of occupational health and safety 5.Occupational Health and Safety Management System (OHSMS)

Day 2: Audit principles, preparation and launching of an audit 6.Fundamental audit concepts and principles 7.Audit approach based on evidence and risk 8.Initiating the audit 9.Stage 1 audit 10.Preparing the stage 2 audit (on-site audit) 11.Stage 2 audit (Part 1)

Day 3: On-site audit activities 11.Stage 2 audit (Part 2) 12.Communication during the audit 13.Audit procedures 14.Creating audit test plans 15.Drafting audit findings and non-conformity reports

Day 4: Closing the audit 16.Documentation of the audit and quality review 17.Closing the audit 18.Evaluating action plans by the auditor 19.Beyond the initial audit 20.Managing an internal audit programme 21.Competence and evaluation of auditors 22.Closing the training Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 19/125

Day 5: Final exam

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 20/125

Section summary: 1. The main objective of this training is to acquire the competency (knowledge, skills and behavior) to participate in an OHSAS 18001 internal audit or certification audit. 2. Success of the training is based on participant involvement (experience feedback, discussions, role-play, exercises, etc.). 3. The objective of the certification examination is to ensure that auditor candidates have mastered audit concepts and techniques so that they are able to participate in audit assignments. The exam only contains essay questions. The duration of the exam is 3 hours. The minimum passing score is 70%. The exam is available in several languages. 4. Passing the exam is only one of the prerequisites to obtain the professional credential “Certified OHSAS 18001 Lead Auditor”. This professional credential endorses both the passing the exam and the validation of the professional experience records. 5. PECB (Professional Evaluation and Certification Board) is a certification organization for persons. The first objective of PECB, as included in its statutes, is to develop and promote professional standards for certification and to administer credible certification programs for persons who work in disciplines involving verification and implementation of a compliant management system.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 21/125

During this training, we will adopt the following convention: standards will often be referenced as “ISO XXXX” and “OHSAS 1800X” in the slide instead of their official designation “ISO/IEC XXXXX:20XX” and “OHSAS 1800X:200X” without specifying their publication date, each referring to its latest version. ISO documents are copyright protected. Each participant has a responsibility to possess a legal copy of the standards required for this course. If a standard is included or was given to you for the period of this training, you must follow the conditions for use stated by ISO. No part of this publication may be reproduced by any means or use in any way whether it be electronic our mechanical, including photocopies and microfilms, without written permission from ISO (see address below) or a member of the ISO organization located in the country of the person of the related organization. Copies of the different ISO standards can be bought online on the ISO website (www.iso.org) or from the accreditation authority of each country. For example, you can buy ISO standards from ANSI (webstore.ansi.org). Note on terminology: Depending on the standard, there are different terms used to refer to specific part of a standard like clause, section, paragraph or chapter. In this course we will use "clause" to express any reference to a specific part of a norm or standard.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 22/125

OHSAS 18001 Standard has been developed with the assistance of the following cooperating organizations: American Industrial Hygiene Association (AIHA) Asociación Española de Normalización y Certificación (AENOR) Association of British Certification Bodies (ABCB) British Standards Institution (BSI) Bureau Veritas Comisión Federal de Electricidad (CFE), (Gerencia de la seguridad industrial) Czech Accreditation Institute (CAI) Det Norske Veritas (DNV) DS Certification A/S EEF the manufacturers’ organisation ENLAR Compliance Services, Inc. Health and Safety Executive Hong Kong Quality Assurance Agency (HKQAA) Inspecta Certification Institution of Occupational Safety and Health (IOSH) Instituto Argentino de Normalización y Certificación (IRAM) Instituto Colombiano de Normas Técnicas y Certificación (ICONTEC) Instituto de Normas Técnicas de Costa Rica (INTECO) Instituto Mexicano de Normalización y Certificación (IMNC) Instituto Uruguayo de Normas Técnicas (UNIT) ITS Consultants Japan Industrial Safety and Health Association (JISHA) Japanese Standards Association (JSA)

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 23/125

Korea Gas Safety Corporation (ISO Certificate Division) Lloyds Register Quality Assurance (LRQA) Management Systems Certification Limited National Standards Authority of Ireland (NSAI) National University of Singapore (NUS) Nederlands Normalisatie-instituut (NEN) NPKF ELECTON NQA Quality Management Institute (QMI) SABS Commercial (Pty) Ltd. Service de Normalisation Industrielle Marocaine (SNIMA) SGS United Kingdom Ltd SIRIM QAS International SPRING Singapore Standards Institution of Israel (SII) Standards New Zealand (SNZ) Sucofindo International Certification Services (SICS) Swedish Industry Association (Sinf) TÜV Rheinland Cert GmbH – TÜV Rheinland Group Standards Association of Zimbabwe (SAZ)

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 24/125

History In 1946, delegates from 25 countries met in London and decided to create a new international organization, of which the object would be "to facilitate the international coordination and unification of industrial standards". The new organization officially began operations on 23 February 1947, in Geneva, Switzerland. The International Standards Organization (ISO) is a non-governmental organization that holds a special position between the public sector and the private sector. Its members include national standards organizations who often are part of government structures in their countries or who are mandated by these governments. Other members belong to the private sector as national partnerships of industry associations.

Goals/Advantages The role of ISO is to facilitate international coordination and the standardization of industrial standards. To reach these objectives, ISO publishes technical standards. These standards contribute to the development, manufacturing and delivery of products and services that are more effective, safer and clearer. They facilitate fair trade between countries. In addition, they bring a technical foundation for health, security, and environmental legislation to governments; and they help transfer technologies to developing countries. ISO standards are also used to protect consumers and general users of products and services. These standards are also used to simplify their lives. Note on terminology: Because "International Organization for Standardization" would have different acronyms in different languages ("IOS" in English, "OIN" in French for Organisation internationale de normalisation), its founders decided to give it also a short, all-purpose name. They chose "ISO", derived from the Greek isos, meaning "equal".

Source: www.iso.org

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 25/125

How ISO standards are developed? The national delegations of experts of a committee meet to discuss, debate and argue until they reach consensus on a draft agreement. The “organizations in liaison” also take part in this work. In some cases, advanced work within these organizations means that substantial technical development and debate has already occurred, leading to some international recognition and in this case, a document may be submitted for "fast-track" processing. In both cases, the resulting document is circulated as a Draft International Standard (DIS) to all ISO's member bodies for voting and comment. If the voting is in favor, the document, with eventual modifications, is circulated to the ISO members as a Final Draft International Standard (FDIS). If that vote is positive, the document is then published as an International Standard. Every working day of the year, an average of seven ISO technical meetings takes place around the world. In between meetings, the experts continue the standards' development work by correspondence. Increasingly, their work is carried out by electronic means, which speeds up the development of standards and cuts travel costs. International Standards are developed by a six-step process:

Stage 1: Proposal stage The first step in the development of an International Standard is to confirm that a particular International Standard is needed. A new work item proposal (NP) is submitted for vote by the members of the relevant TC or SC to determine the inclusion of the work item in the program of work. The proposal is accepted if a majority of the P-members of the TC/SC votes in favor and if at least five Pmembers declare their commitment to participate actively in the project. At this stage a project leader responsible for the work item is normally appointed.

Stage 2: Preparatory stage Usually, a working group of experts, the chairman (convener) of which is the project leader, is set up by the TC/SC for the preparation of a working draft. Successive working drafts may be considered until the working group is satisfied that it has developed the best technical solution to the problem being addressed. At this stage, the draft is forwarded to the working group's parent committee for the consensus-building phase. Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 26/125

Stage 3: Committee stage As soon as a first committee draft is available, it is registered by the ISO Central Secretariat. It is distributed for comment and, if required, voting, by the P-members of the TC/SC. Successive committee drafts may be considered until consensus is reached on the technical content. Once consensus has been attained, the text is finalized for submission as a draft International Standard (DIS).

Stage 4: Enquiry stage The draft International Standard (DIS) is circulated to all ISO member bodies by the ISO Central Secretariat for voting and comment within a period of five months. It is approved for submission as a final draft International Standard (FDIS) if a two-thirds majority of the P-members of the TC/SC are in favor and not more than onequarter of the total number of votes cast are negative. If the approval criteria are not met, the text is returned to the originating TC/SC for further study and a revised document will again be circulated for voting and comment as a draft International Standard.

Stage 5: Approval stage The final draft International Standard (FDIS) is circulated to all ISO member bodies by the ISO Central Secretariat for a final Yes/No vote within a period of two months. If technical comments are received during this period, they are no longer considered at this stage, but registered for consideration during a future revision of the International Standard. The text is approved as an International Standard if a two-thirds majority of the P-members of the TC/SC is in favor and not more than one-quarter of the total number of votes cast are negative. If these approval criteria are not met, the standard is referred back to the originating TC/SC for reconsideration in light of the technical reasons submitted in support of the negative votes received.

Stage 6: Publication stage Once a final draft International Standard has been approved, only minor editorial changes, if and where necessary, are introduced into the final text. The final text is sent to the ISO Central Secretariat which publishes the International Standard. Reference: www.iso.org

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 27/125

ISO basic principles 1. Equal representation: Every ISO member (full-fledged member) has the right to participate in the development of any standard it deems important to the economy of its country. Whatever the size or strength of the economy, each participating member can claim their right to vote. ISO activities are thus carried out in a democratic structure where member countries are on the same footing in terms of their influence on work orientation. 2. Voluntary: Adoption of ISO standards is voluntary. As a non-governmental organization, ISO has no legal authority for their implementation. A percentage of ISO standards – more particularly those related to health, security and the environment – have been adopted in several countries as part of the regulatory framework, or are mentioned in the legislation for which they act as a technical basis. Such adoptions are sovereign decisions by regulatory organizations or governments. ISO itself does not regulate, or legislate. However, although ISO standards are voluntary, they can become a market requirement, as is the case with ISO 9001 or with freight container dimensions, the traceability of food products, etc.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 28/125

3. Business orientation: ISO only develops standards for which a market demand exists. Work is carried out by experts in the related industrial, technical and business sectors. These experts may be joined by other experts holding the appropriate knowledge such as public organizations, academic world and testing laboratories. ISO launches the development of new standards in response to sectors and stakeholders that express a clearly established need for them. An industry sector or other stakeholder group typically communicates its requirement for a standard to one of ISO's national members. The latter then proposes the new work item to the relevant ISO technical committee developing standards in that area. New work items may also be proposed by organizations in liaison with such committees. When work items do not relate to existing committees, proposals may also be made by ISO members to set up new technical committees to cover new fields of activity.

4. Consensus approach: ISO standards are based on a representative consensus approach of the different stakeholders (experts, industries, researchers, governments, etc.). This ensures a larger circulation and a greater application. ISO standards are developed by technical committees, (subcommittees or project committees) comprising experts from the industrial, technical and business sectors which have asked for the standards, and which subsequently put them to use. These experts may be joined by representatives of government agencies, testing laboratories, consumer associations, non-governmental organizations and academic circles. Proposals to establish new technical committees are submitted to all ISO national member bodies, who may opt to be participating (P), observer (O) or non-members of the committee. The secretariat (i.e. the body providing the administrative support to the work of the committee) is allocated by the Technical Management Board (which itself reports to the ISO Council), usually to the ISO member body which made the proposal. The secretariat is responsible for nominating an individual to act as chair of the technical committee. The chair is formally appointed by the Technical Management Board. Experts participate as national delegations, chosen by the ISO national member body for the country concerned. National delegations are required to represent not just the views of the organizations in which their participating experts work, but those of other stakeholders too. National delegations are usually based on and supported by national mirror committees to which the delegations report. According to ISO rules, the national member body is expected to take account of the views of all parties interested in the standard under development. This enables them to present a consolidated, national consensus position to the technical committee. Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 29/125

International and regional organizations from both business and the public sector may apply for liaison status to participate in developing a standard, or to be informed about the work. Such “organizations in liaisons” are accepted through voting by the relevant ISO committee. They may comment on successive drafts, propose new work items or even propose documents for “fast tracking” , but they have no voting rights.

5. International cooperation: ISO standards are technical agreements that bring, at the international level, technological compatibility structures. Developing a technical consensus on an international scale is a major activity. 3 000 technical ISO groups are identified (technical committees, subcommittees, work groups, etc.) within which 50 000 experts take part in developing standards annually. Source: www.iso.org

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 30/125

1.Customer focus: Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations. Management system implications Researching and understanding customer needs and expectations. Ensuring that the objectives of the organization are linked to customer needs and expectations. Communicating customer needs and expectations throughout the organization. Systematically managing customer relationships. Ensuring a balanced approach between satisfying customers and other interested parties (such as owners, employees, suppliers, financiers, local communities and society as a whole). 2.Leadership: Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives. Management system implications Considering the needs of all interested parties including customers, owners, employees, suppliers, financiers, local communities and society as a whole. Establishing a clear vision of the organization's future. Setting challenging goals and targets. Creating and sustaining shared values, fairness and ethical role models at all levels of the organization. Establishing trust and eliminating fear. Providing people with the required resources, training and freedom to act with responsibility and accountability. Inspiring, encouraging and recognizing people's contributions.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 31/125

3.Involvement of people: People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit. Management system implications People understanding the importance of their contribution and role in the organization. People identifying constraints to their performance. People accepting ownership of problems and their responsibility for solving them. People evaluating their performance against their personal goals and objectives. People actively seeking opportunities to enhance their competence, knowledge and experience. People freely sharing knowledge and experience. People openly discussing problems and issues. 4.Process approach: A desired result is achieved more efficiently when activities and related resources are managed as a process. Management system implications Systematically defining the activities necessary to obtain a desired result. Establishing clear responsibility and accountability for managing key activities. Analyzing and measuring of the capability of key activities. Identifying the interfaces of key activities within and between the functions of the organization. Focusing on the factors such as resources, methods, and materials that will improve key activities of the organization. Evaluating risks, consequences and impacts of activities on customers, suppliers and other interested parties. 5.System approach to management: Identifying, understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives. Management system implications Structuring a system to achieve the organization's objectives in the most effective and efficient way. Understanding the interdependencies between the processes of the system. Structured approaches that harmonize and integrate processes. Providing a better understanding of the roles and responsibilities necessary for achieving common objectives and thereby reducing cross-functional barriers. Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 32/125

Understanding organizational capabilities and establishing resource constraints prior to action. Targeting and defining how specific activities within a system should operate. Continually improving the system through measurement and evaluation. 6. Continual improvement: Continual improvement of the organization's overall performance should be a permanent objective of the organization.

Management system implications Employing a consistent organization-wide approach to continual improvement of the organization's performance. Providing people with training in the methods and tools of continual improvement. Making continual improvement of products, processes and systems an objective for every individual in the organization. Establishing goals to guide, and measures to track, continual improvement. Recognizing and acknowledging improvements. 7.Factual approach to decision making: Effective decisions are based on the analysis of data and information. Management system implications Ensuring that data and information are sufficiently accurate and reliable. Making data accessible to those who need it. Analyzing data and information using valid methods. Making decisions and taking action based on factual analysis, balanced with experience and intuition. 8.Mutually beneficial supplier relationships: An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value. Management system implications Establishing relationships that balance short-term gains with long-term considerations. Pooling of expertise and resources with partners. Identifying and selecting key suppliers. Clear and open communication. Sharing information and future plans. Establishing joint development and improvement activities. Inspiring, encouraging and recognizing improvements and achievements by suppliers.

Source: www.iso.org

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 33/125

Since 1947 ISO has published over 19 000 international standards. ISO publishes standards related to traditional activities such as agriculture and construction, media devices and the most recent development in information technologies, such as the digital coding of audiovisual signals for multimedia applications. ISO 9000 and ISO 14000 families are among the best known ISO standards. The ISO 9000 standard has become an international reference in regard to the quality requirements in commerce and business transactions. The ISO 14000 standard, for its part, is used to help organizations meet challenges of an environmental nature.

ISO 9001 is related to quality management. It contains the good practices that aim to improve customer satisfaction, achievement of customer requirements and regulatory requirements as well as continuous improvement actions in those fields. In December of 2009, 1 064 785 organizations were ISO 9001 certified (China having the most certified organizations: 257 076). ISO 14001 is mainly related to environmental management. It defines the actions that the organization can implement for the maximum reduction of negative impacts of its activities on the environment and for the continuous improvement of its environmental performance. In December 2009, 223 149 organizations were ISO 14001 certified (China having the most certified organizations: it had in 2009, 55 316; Japan is second with 39 556 certified organizations).

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 34/125

OHSAS 18001 (OHSAS = Occupational Health and Safety Assessment Series) identifies best practices for the rigorous management and effective protection of the occupational health and safety. In spite of the publication of the ISO 18001 standard after various disagreements within the ISO organization to create a management standard for health and safety, OHSAS 18001 is the de facto standard for health and safety at the enterprise. OHSAS 18001 is a private norm. It was developed from existing national standards (BS 8800, UNE 81900, VCA) and standards published by different certification bodies (OHSMS, SafetyCert, SMS 8800). ISO 20000-1 defines the requirements that an information technology service provider must apply. This standard applies to service providers regardless of the organization’s size or type. The standard consists of two parts. The first part defines the specifications the organization shall apply to obtain certification. The second part (ISO 20000-2) explains the different practices or recommendations to reach the objectives previously defined. ISO 22000 creates and manages a food safety management system (FSMS). This standard applies to all organizations that are involved in any aspects of the food supply chain and want to implement a system to continuously provide safe food. This standard focuses on personnel competencies, continuous information research about food products (new legislations, standards, rules…). Organizations must perform a HACCP (Hazard Analysis Critical Control Point) to identify, analyze and evaluate the risks for food safety. For each risk that has been defined as significant, the organization must define controls to implement. ISO 22301 defines the requirements that an organization must apply to certify a Business Continuity Management System (BCMS). To comply with the requirements of this standard the organization needs to document a model to develop, implement, operate, monitor, review, maintain and improve a BCMS to increase the resilience of an organization in case of a disaster. This standard is compatible with PAS 22399 (Guideline for incident preparedness and operational continuity management) and BS 25999 (British Standard on business continuity). ISO 27001 defines the requirements that an organization must apply to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. The ISO 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO 27002. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted good practice security controls. Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 35/125

ISO 28000 prescribes the requirements applicable to a security management system of the supply chain. An organization has to define, implement, maintain, and improve a supply chain security management system during each step of production: manufacturing, maintenance, storage or transport of goods.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 36/125

More and more organizations have to manage several compliance frameworks simultaneously. To simplify the work, to avoid conflicts and to reduce duplication of documents, it is recommended to implement an integrated management system. The table in the slide presents certain requirements that are common to all management systems.

Important note: In June 2009, the Technical Steering Committee of ISO adopted a resolution asking the committees involved in the development of standards to specify the requirements of a management system (ISO 14001, ISO 22000, ISO 27001, etc.) by following a common structure of clauses in line with ISO 9001. This Directive is applicable to the versions published after 2011. So the common elements to every management system will have the same reference. The main objective is to facilitate the combined management of a normative framework for an organization.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 37/125

There are many ISO standards published on health and safety, including the following examples:

ISO 15743: This standard presents a strategy and practical tools for assessing and managing cold risk in the workplace, and includes: models and methods for cold risk assessment and management; a checklist for identifying cold-related problems at work; a model, method and questionnaire intended for use by occupational health care professionals in identifying those individuals with symptoms that increase their cold sensitivity and, with the aid of such identification, offering optimal guidance and instructions for individual cold protection; guidelines on how to apply thermal standards and other validated scientific methods when assessing cold related risks; a practical example from cold work. ISO/TR 12885: This technical report describes health and safety practices in occupational settings relevant to nanotechnologies. It focuses on the occupational manufacture and use of engineered nanomaterials. Use of the information in this international standard could help companies, researchers, workers and other people to prevent adverse health and safety consequences during the production, handling, use and disposal of manufactured nanomaterials. ISO/TR 12296: This ISO technical report provides guidance for assessing the problems and risks associated with manual patient handling in the healthcare sector, and for identifying and applying ergonomic strategies and solutions to those problems and risks. Its main goals are to improve caregivers' working conditions by decreasing biomechanical overload risk, thus limiting work-related illness and injury, as well as the consequent costs and absenteeism, and to account for patients' care quality, safety, dignity and privacy as regards their needs, including specific personal care and hygiene.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 38/125

ISO 1819: This standard sets out safety rules relating to continuous mechanical handling equipment, including its construction, installation, utilization and maintenance, to ensure that it is used to the best advantage, and to prevent any accidents or failures that could arise from misuse. These rules provide precise directives necessary to comply with legal texts and requirements decreed by governmental bodies in certain countries. ISO 20347: This standard specifies basic and optional requirements for occupational footwear that is not exposed to any mechanical risks (impact or compression). Special risks are covered by complementary job-related standards (e.g. footwear for firefighters, electrical insulating footwear, protection against chain saw injuries, protection against chemicals and against molten metal splash, protection for motor cycle riders). ISO/TS 4869-5: This technical specification specifies a method for measuring noise reduction of passive hearing protectors at the threshold of hearing. The method is designed to provide estimates of the noise reduction obtained by typical groups of users in real-world occupational settings, who may lack the training and motivation to wear hearing protectors in an optimum manner.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 39/125

1996 The British Standard (BS) 8800 was published. It gives guidelines based on the general principles of good management and designed to enable the integration of occupational health and safety management (OH&S) within an overall management system. The UNE 81900 standards series published by the Spanish Association of Standardization and Certification (AENOR) is a set of standards that lays down requirements for the introduction of an occupational safety and health management system. Worker Protection Program PL 9407 was published by Polish National Labor Inspection (PIP).It is a collection of the best EU practices and describes various models for dealing with safety and health management in small and medium-sized enterprises.

1997 Was published the second edition (1st ed. 1997) of Successful health and safety management (HSG 65) and is still being updated to reflect the modern business approach to managing in general and to recognize the changed business environment. In September of 1997 was published the Dutch Technical Report NPR 5001, which gives guidance and recommendations to an occupational health and safety management system.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 40/125

2001 At the international level, in 2001, the ILO published guidelines on occupational safety and health management systems (ILO-OSH 2001). Because of their tripartite approach (representing governments, employers and workers) these guidelines have become a widely used model for developing national standards in this area. AS 4801:2000 and NZS 4801(Int):1999 jointly revised and designated AS/NZS 4801:2001.

2005 The American National Standards Institute (ANSI) Z10, American National Standard for Occupational Health and Safety Management Systems (OHSMS) was published as a voluntaryconsensus standardin the United States.

2007 OHSAS 18001:2008, Occupational health and safety management systems — Requirements, cancels and replaces the first edition (OHSAS 18001:2000), which has been technically revised.

2008 OHSAS 18002:2008, Occupational health and safety management systems — Requirements, cancels and replaces the first edition (OHSAS 18002:2000), which has been technically revised.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 41/125

Resulting from International workgroup reflections dedicated to the OH&S scope, the OHSAS 18000 family is progressively published since 1999. OHSAS 18000 is the name given to the family of international standards relating to occupational health and safety management. It consists of OHSAS 18001 and OHSAS 18002. OHSAS 18001:2007 is the only certifiable standard of the OHSAS 18000 family. The other one provides guidelines for the implementation of OHSAS 18001.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 42/125

OHSAS 18001: A set of normative requirements for the establishment, implementation, operation, monitoring and review to update and improve an Occupational Health and Safety Management System (OHSMS); A set of requirements for selecting safety controls tailored to the needs of each organization based on industry best practices; A management system that is integrated in the overall risk framework associated with the activity of the organization; An internationally-recognized process, defined and structured to manage health and safety at work; This standard suits all types of organizations (e.g. commercial enterprises, government agencies, nonprofit organizations ...), of all sizes in all industries. This OHSAS Standard will be withdrawn on publication of its contents in, or as, an International Standard.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 43/125

OHSAS 18002: The second edition (OHSAS 18002:2008) cancels and replaces the first edition (OHSAS 18002:2000), which has been technically revised. This guideline explains the underlying principles of OHSAS 18001 and describes the intent, typical inputs, processes and typical outputs, against each requirement of OHSAS 18001. It does not create additional requirements to those specified in OHSAS 18001 nor does it prescribe mandatory approaches to the implementation of OHSAS 18001. This Standard will be withdrawn on publication of its contents in, or as, an International Standard. OHSAS 18002, Introduction: There is an important distinction between OHSAS 18001, which describes the requirements for an organization’s OH&S management system and can be used for certification/registration and/or self declaration of an organization’s OH&S management system, and a non certifiable guideline, such as OHSAS 18002, intended to provide generic assistance to an organization for establishing, implementing or improving an OH&S management system.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 44/125

Please read the following parts of the case study provided for this course: History of the business enterprise Organization of the business enterprise Basing yourself on this information, determine and explain the three greatest advantages for implementing the OHSAS 18001 standard for this organization and how South Haven Resort can measure these advantages thanks to metrics. Duration of the exercise: 30 minutes Comments: 15 minutes

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 45/125

Improvement of safety: General improvement of the effectiveness of occupational health and safety; Independent review of your occupational health and safety management system; Better awareness to occupational health and safety; Mechanisms to measure the effectiveness of the management system.

Good governance: Awareness and empowerment of personnel regarding occupational health and safety; Decrease of lawsuit risks against upper management in virtue of the ‘‘due care’’ and the ‘‘due diligence’’ principles; The opportunity to identify the weaknesses of the OHSMS and to provide corrections; Increase of the accountability of top management for occupational health and safety.

Conformity: To other ISO standards (ISO 9001, ISO 14001, etc.); To the recommendations of the ILO (International Labour Organization) Guidelines (see OHSAS 18001, Annex B); To national and regional laws.

Cost reduction: Cost reduction through improvement in work safety, reduction in number of accidents and the costs that come with them.

Marketing: Differentiation provides a competitive advantage for the organization; Satisfaction of requirements of customer and/or other stakeholders; Consolidating confidence of customers, suppliers and partners of the organization.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 46/125

OHSAS 18002, Introduction IMPORTANT - OHSAS 18001 specifies requirements for an OH&S management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and information about OH&S risks.

OHSAS 18001, clause 4: OH&S management system requirements 4.3.2 Legal and other requirements - The organization shall establish, implement and maintain a procedure(s) for identifying and accessing the legal and other OH&S requirements that are applicable to it. The organization shall ensure that these applicable legal requirements and other requirements to which the organization subscribes are taken into account in establishing, implementing and maintaining its OH&S management system. The organization shall keep this information up to date. The organization shall communicate relevant information on legal and other requirements to persons working under the control of the organization, and other relevant interested parties.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 47/125

It is generally desirable that the expert in OH&S is working with legal advisers to identify the subjects to analyze and explain the health and safety issues involved. For example, he should explain the lawyer involved in this analysis policies and procedures regarding the hiring, evaluation, termination and compensation of the personnel, so he can better assess whether it violates any law or internal regulation of the organization. Moreover, new laws related to workplace health and safety, employer obligations and corporate governance requires them to monitor their OH&S infrastructure more responsive and effective than before. Several public and private organizations that deal with these companies are mandated to ensure a minimum level of safety. In the absence of a proactive safety, business executives may be exposed to lawsuits (in civil or even sometimes criminal) for breach of their fiduciary and legal responsibilities. In larger companies, demand for legal advice may focus on:

1. Health and Safety Protection at Work In countries where specific safety and healthlaws exist, employers have a legal responsibility to protect their workers. Occupational health and safetyis governed by a system of laws, regulationson protecting thesafety,healthandwelfareof people engaged inwork or employment. It may also protect co-workers, family members, employers, customers, and many others who might be affected by the workplace environment. The goal of national occupational safety and health programs include to foster a safe and healthy work environment.

2. Accidents, injuries and work-related diseases In compliance with applicable laws, many organizations choose to establish procedures to record, investigate and analyze incidents in their workplace in order to stop them happening again. In some countries it is a legal obligation to report some work-related accidents that cause serious harm.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 48/125

3. Worker compensation Countries differ greatly with respect to how they fund workers’ compensation. According to International Labor Organization (ILO), compensation may be provided by a workers’ compensation system, a broad-based social insurance or social security system, an accident compensation system, sick pay, disability insurance and/or employers’ liability. Most industrial countries use some combination of these regimes.

4. Workplace discrimination Most of the occupational health and safety laws worldwide include acts and regulations related to equal opportunity and anti-discrimination at workplace. In many countries it is illegal for an employer to discriminate against a worker because of his or her race, color, religion, sex, national origin, age, disability or genetic information. 5. Hours of work Many countries have the working time regulations that govern the hours of work for workers. These national regulations may set: a maximum number of hours in a working week, rest breaks during working hours, minimum breaks between shifts, restricts excessive night work, the right to a minimum number of holidays each year, special regulations for young workers, etc.

6. Young workers Contractual arrangements and employment contract regulations for young workers vary according to the country and employment sector. Labor laws, including young worker regulations,in almost every country are enacted at national (state) level. Employer has the responsibility to understand and comply with the relevantyoung labor laws, taking into consideration age restrictions, task restrictions, time restrictions etc.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 49/125

OHSAS 18001 and Regulatory Frameworks Example – United States Occupational Safety and Health Act (1970) Occupational Safety and Health Act or OSH Act was enacted to assure safe and healthful working conditions for working men and women. It is administered by the Occupational Safety and Health Administration (OSHA). In general, the OSH Act covers all employers and their employees in the 50 states, the District of Columbia, Puerto Rico, and other U.S. territories. The Act encourages states to develop and operate their own job safety and health programs. OSHA approves and monitors these state plans, which operate under the authority of state law.

Federal Mine Safety and Health Act (1977) The 1977 law that Mine Safety and Health Administration (MSHA) administers today combined and extended previous mining laws. Like previous mining laws, this legislation was born out of mining injuries, illnesses, deaths and terrible mining disasters. The Act provides protection of the health and safety of persons working in the coal mining industry of the United States. MSHA works cooperatively with industry, labor, and other Federal and state agencies to improve safety and health conditions for all miners in the United States.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 50/125

OHSAS 18001 and Regulatory Frameworks Example – Europe The European Parliament and the European Council have issued several guidelines, regulations and decisions related to health and safety at work. These guidelines are strongly based on the protection of European consumer-citizen rights. All guidelines have been transposed in the national legislations of member states.

Directive 89/391/EEC The European Framework Directive on Safety and Health at Work adopted in 1989 was a substantial milestone in improving safety and health at work. It guarantees minimum safety and health requirements throughout Europe while Member States are allowed to maintain or establish more stringent measures.

Directive 90/269/EEC Council Directive 90/269/EEC of 29 May 1990 on the minimum health and safety requirements is a manual for handling of loads where there is a risk particularly of back injury to workers Directive 92/58/EEC This Directive lays down minimum requirements for the provision of safety and/or health signs at work. The Directive standardizes safety signs throughout member states of the European Union so that wherever a particular safety sign is seen it provides the same message. The intention is that workers who move from site to site, such as service engineers, will not be faced with different signs at different workplaces.

Directive 2009/148/EC The Directive aims to protect workers health from risk of asbestos exposure, lays down limit values and specific requirements. It does not prevent Member States from applying laws which ensure greater protection for workers.

Directive 2003/10/EC The objective of this Directive is to lay down minimum requirements for the protection of workers from risks to their health and safety arising or likely to arise from exposure to noise and in particular the risk to hearing. The Directive defines the physical parameters that serve as risk predictors, such as peak sound pressure, daily noise Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 51/125

exposure level and weekly noise exposure level.

Source: www.europa.eu

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 52/125

OHSAS 18001 and Regulatory Frameworks Example – International and industry repositories ILO OSH (2001) In 2001, the International Labor Organization (ILO) developed its voluntary guidelines on occupational safety and health (OSH) management systems which reflect ILO values for the protection of workers' safety and health. These guidelines may be applied on two levels - national and organizational. At the national level, they provide for the establishment of a national framework for occupational safety and health (OSH) management systems, preferably supported by national laws and regulations. At the organizational level, the Guidelines encourage the integration of OSH management system elements as an important component of overall policy and management arrangements.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 53/125

Section summary: 1. ISO is a network of national standards bodies of over 160 countries who publish standards. 2. The eight ISO management principles are: client orientation, leadership, personal implication, process approach, management system approach, continuous improvement, factual approach, mutually beneficial supplier approach. 3. The two main management system standards are ISO 9001 (quality) and ISO 14001 (environment). Other management system standards for which certification is possible are: OHSAS 18001 (Occupational Health and Safety), ISO 20000 (IT Services), ISO 22000 (Food Safety), ISO 22301 (Business Continuity), ISO 27001 (Information Security) and ISO 28000 (Security for the Supply Chain). 4. OHSAS 18000 is a family of standards in occupational health and safety. It has been drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. 5. OHSAS 18001 specifies the requirements for the management of an OHSMS and organizations can obtain certification for this standard. 6. OHSAS 18002 is a guidance for the implementation of OHSAS 18001:2007 and organizations cannot obtain certification for this standard. 7. In most countries, the implementation of an ISO standard is a voluntary decision made by the organization, not a legal requirement. 8. OHSAS 18001 can be used to comply to several laws, regulatory frameworks, industry standards and contractual agreements in full or in part.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 54/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 55/125

Certification Process Obtaining a certification for the organization: 1. 2. 3. 4. 5. 6. 7. 8.

Implementation of the OHSMS Selecting the certification body Preparing the certification audit Stage 1 audit Stage 2 audit Follow-up audit Confirmation of registration Obtain the OHSAS 18001 Certification

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 56/125

The certification process involves the following parties: Accreditation authorities (responsible for the assessment and the accreditation of certification organizations): IAS, ANAB, ANSI, SCC, UKAS, COFRAC, etc. Certification bodies (responsible for managing the certification activities of their customers and performing audits on their customers’ management system): PECB, BSI, SGS, Bureau Veritas, DNV, TUV, etc. Organizations certifying persons, like PECB, will certify not only auditors but also training organizations and trainers. Organizations whose management system is subject to certification and who are customers of certification bodies.

Important note: The accreditation and certification activities are not performed by ISO but by specialized and independent accreditation and certification bodies. The mission of ISO is to develop international standards and not to verify that ISO standards are implemented by users in accordance with the requirements defined in these standards.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 57/125

ISO 17011 specifies general requirements for accreditation authorities assessing and accrediting certification bodies. It consists of a requirements document for the peer evaluation process for mutual recognition arrangements between accreditation bodies. Usually, there is only one accreditation authority in each country. However, in the United States, there are different accreditation bodies: IAS, ANSI and ANAB. The International Accreditation Service (IAS) accredits certification programs for persons, products and management systems according to ISO 17024, ISO 17065, and ISO 17021. ANSI oversees the creation and distribution of international standards and accredits certification programs for persons according to ISO 17024; ANAB supervises the certification bodies accredited under ISO 17021.

Accreditation Authority Groups • European co-operation for Accreditation (EA) is the European network of accreditation organizations nationally recognized based in the European geographic sector. The members include UKAS, COFRAC, BNAC, ENAC ... www.european-accreditation.org • International Accreditation Forum (IAF) is the international association of accreditation organizations for systems in management, product, services, individuals and other programs of this type. The objective of IAF is to ensure that the member national certification organizations only certify competent organizations and establish agreements of mutual recognition among its members. www.iaf.nu

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 58/125

Here is a not exhaustive list of accreditation authorities for several countries (see complete list on IAF website www.iaf.nu):

Argentina: Organismo Argentino de Acreditacion (OAA), www.oaa.org.ar Australia & New Zealand: Joint Accreditation System of Australia and New Zealand (JAS-ANZ), www.jasanz.org Austria: Federal Ministry of Economy, Family and Youth (BMWFJ), www.bmwfj.gv.at Belgium: Belgian Accreditation Structure (BELAC), www.belac.fgov.be Brazil: General Coordination for Accreditation (CGCRE), www.inmetro.gov.br Canada: Standards Council of Canada (Conseil Canadien des Normes) (SCC), www.scc.ca Chile: Instituto Nacional de Normalizacion (INN), www.inn.cl China: China National Accreditation Service for Conformity Assessment (CNAS), eng.cnas.org.cn Egypt: Egyptian Accreditation Council (EGAC), www.egac.gov.eg Finland: Finnish Accreditation Service (FINAS), www.finas.fi France: Comité Français d’Accréditation (COFRAC), www.cofrac.fr Germany: Deutsche Akkreditierungsstelle GmbH (DAkkS), www.dakks.de Hong Kong, China:Hong Kong Accreditation Service (HKAS), www.itc.gov.hk/hkas India: National Accreditation Board for Certification Bodies (NABCB), www.qcin.org Iran: National Accreditation Center of Iran (NACI), http://naci.isiri.org Ireland: Irish National Accreditation Board (INAB), www.inab.ie Japan: The Japan Accreditation Board for Conformity Assessment (JAB), www.jab.or.jp Korea: Korea Accreditation Board (KAB), www.kab.or.kr Malaysia: Department of Standards Malaysia, www.standardsmalaysia.gov.my Mexico: Mexican Accreditation Entity, (Entidad Mexicana de Acreditacion) (EMA), www.ema.org.mx Netherlands: Dutch Accreditation Council (Raad Voor Accreditatie) (RvA), www.rva.nl Norway: Norwegian Accreditation (NA), www.akkreditert.no Pakistan: Pakistan National Accreditation Council (PNAC), www.pnac.org.pk Philippines: Philippine Accreditation Office (PAO), www.dti.gov.ph/dti/index.php?p=176 Portugal: Portuguese Institute for Accreditation (IPAC), www.ipac.pt Spain: Entidad Nacional de Acreditacion (ENAC), www.enac.es Romania: Romanian Accreditation Association (Asociatia de Acreditare din Romania) (RENAR), www.renar.ro Russian Federation: Scientific Technical Centre on Industrial Safety (STC-IS), www.oaontc.ru Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 59/125

Singapore: Singapore Accreditation Council (SAC), www.sac-accreditation.gov.sg Slovenia: Slovenska Akreditacija (SA), www.gov.si/sa South Africa: South African National Accreditation System (SANAS), www.sanas.co.za Sweden: Swedish Board for Accreditation and Conformity Assessment (SWEDAC), www.swedac.se/sdd/SwInternet.nsf Switzerland: State Secretariat for Economic Affairs, Swiss Accreditation Service (SAS), www.sas.ch Taiwan: Taiwan Accreditation Foundation (TAF), www.taftw.org.tw Thailand: National Standardization Council of Thailand (NSC), www.tisi.go.th Tunisia: Tunisian Accreditation Council (Conseil National d'Accréditation, CNA) (TUNAC), www.tunac.tn Turkey: Turkish Accreditation Agency (TURKAK:), www.turkak.org.tr United Arab Emirates: Dubai Accreditation Center (DAC), www.dac.gov.ae United Kingdom:United Kingdom Accreditation Service (UKAS), www.ukas.com United States: ANSI-ASQ National Accreditation Board (ANAB), www.anab.org United States: American National Standards Institute (ANSI), www.ansi.org United States: International Accreditation Services (IAS), www.iasonline.org Uruguay: Organismo Uruguayo de Acreditacion (OUA), www.organismouruguayodeacreditacion.org Vietnam: Bureau of Accreditation (BoA), www.boa.gov.vn

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 60/125

ISO 17021-1, clause 1: Scope This part of ISO/IEC 17021 contains principles and requirements for the competence, consistency and impartiality of bodies providing audit and certification of all types of management systems. Certification bodies operating to this part of ISO/IEC 17021 do not need to offer all types of management system certification. Certification of management systems is a third-party conformity assessment activity (see ISO/IEC 17000:2004, 5.5) and bodies performing this activity are therefore third-party conformity assessment bodies. NOTE 1 Examples of management systems include environmental management systems, quality management systems and information security management systems. NOTE 2 In this part of ISO/IEC 17021, certification of management systems is referred to as “certification” and third-party conformity assessment bodies are referred to as “certification bodies”. NOTE 3 A certification body can be non-governmental or governmental, with or without regulatory authority. NOTE 4 This part of ISO/IEC 17021 can be used as a criteria document for accreditation, peer assessment or other audit processes. ISO 17021-1: Introduction Certification of a management system provides independent demonstration that the management system of the organization: a) conforms to specified requirements, b) is capable of consistently achieving its stated policy and objectives, and c) is effectively implemented. Certification activities involve the audit of an organization's management system. The form of attestation of conformity of an organization's management system to a specific management system standard or other Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 61/125

normative requirements is normally a certification document or a certificate.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 62/125

Here is a not exhaustive list of certification bodies that have a certification program for ISO 27001: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31.

ACS Registrars Limited (UKAS), www.ACSRegistrars.com AJA Registrars Limited (UKAS), www.ajaregistrars.co.uk AQA International (ANAB), www.aqausa.com BM TRADA Certification Limited Incorporating CQA (UKAS), www.bmtrada.com Brightline (ANAB), www.brightline.com BSI (ANAB, UKAS), www.bsi-global.com Bureau Veritas Certification Holding SAS (UKAS), www.bvqi.com Center Teknologisk institutt Sertifisering AS (NA), www.teknologisk.no Certification International Limited (UKAS), www.cert-int.com China Certification Center Inc (UKAS), www.ccci.com.cn CEPREI (ANAB), www.ceprei.org CQS (CAI), www.cqs.cz D.A.S Certification Limited (UKAS), www.dascertification.co.uk DNV Certification B.V. (UKAS), www.dnv.com EQAICC (ANAB), www.eqaicc.com HKQAA (Hong Kong Quality Assurance Agency) (China), www.hkqaa.org ISOQAR Limited (UKAS), www.isoqar.com JACO-IS (Japan), www.jaco-is.co.jp Japan Quality Assurance Organization (Japan), www.jqa.jp KPMG Audit Plc (UKAS), www.kpmg.co.uk Lloyd’s Register Quality Assurance Limited (UKAS), www.lrqa.com Moody International Certification Limited (UKAS), www.moody-group.com National Quality Assurance (ANAB), www.nqa-usa.com Nemko (Norway), www.nemko.com NICEIC Group Limited Trading as NQA (UKAS), www.nqa.com Professional Evaluation and Certification Board (PECB), www.pecb.com PSB Certification (Singapore), www.psbcert.com Perry Johnson Registrars, Inc (UKAS), www.pjr.com Registrar ofStandards (Holdings) Ltd, Incorporating (UKAS), www.ros-group.com RINA S.p.A. (ANAB), www.rina.org SFS-Inspecta Certification (Finland), www.inspecta.com

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 63/125

32. 33. 34. 35.

SIRIM QAS International Sdn. Bhd. (Malaysia), www.sirim-qas.com.my SRI Quality System Registrar (ANAB), www.sriregistrar.com SGS United Kingdom Limited (ANAB, UKAS), www.sgs.co.uk United Registrar of Systems Limited (UKAS), www.urs.co.uk

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 64/125

The ISO/IEC 17024 standard provides a comprehensive framework for certification bodies for persons such as PECB to operate coherently, comparable and trusted in the world. The primary function of the certification body for persons is an independent assessment of the demonstrated experience, knowledge and attitudes of a candidate that are applicable to the field for which certification is granted. The ISO/IEC 17024 standard provides a uniform set of guidelines for organizations that manage the qualification and certification of persons, including procedures relating to the preparation and updating of a certification scheme. The standard is designed to help organizations that carry out certification of persons to conduct wellplanned and structured assessments using objective criteria of competencies and grading to ensure impartiality of operations and reduce the risk of conflict of interest. The ISO/IEC 17024 addresses the structure and governance of the certification body, the characteristics of the certification programme, information that must be made available to candidates and the renewal of the certification of the certification body.

Important note: Only a certification body accredited under ISO/IEC 17024 standard ensures an international recognition. It is important to validate the status of a certification body with the associated accreditation authority such as IAS, ANSI and UKAS. For further information regarding PECB accreditation please visit: www.pecb.com/en/affiliations

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 65/125

Section summary: 1. The certification process of an organization is as follows: a)Implementation of the management system; b)Internal audit and review by top management; c)Selection of the certification body (registrar); d)Pre-assessment audit (optional); e)Stage 1 audit; f)Stage 2 audit (On-site visit); g)Follow-up-up audit and; h)Confirmation of registration; i)Continual improvement and surveillance audits; 2. The accreditation authority is the organization at the national level that supervises the certification programs (organizations and auditors) and that ensures the compliance of the national and international criteria. 3. A certification body is a third party that evaluates the conformity of management systems. 4. The role of a certification body of persons is to certify professionals (auditors and consultants), training organizations, training and the trainers.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 66/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 67/125

NOTE: Organizations can be subject to legal requirements for the health and safety of persons beyond the immediate workplace, or who are exposed to the workplace activities. Occupational health and safety (OH&S) is generally defined as the science of the anticipation, recognition, evaluation and control of hazards arising in or from the workplace that could impair the health and well-being of workers, taking into account the possible impact on the surrounding communities and the general environment.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 68/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 69/125

Note: ill health: identifiable, adverse physical or mental condition arising from and/or made worse by a work activity and/or work-related situation.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 70/125

NOTES A near-miss is an incident where no injury or illness occurs. Therefore, an incident can be either an accident or a near-miss An emergency situation is a particular type of incident.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 71/125

OHSAS 18001, clause 3.23 workplace: any physical location in which work related activities are performed under the control of the organization NOTE: When giving consideration to what constitutes a workplace, the organization should take into account the OH&S effects on personnel who are, for example, travelling or in transit (e.g. driving, flying, on boats or trains), working at the premises of a client or customer, or working at home.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 72/125

These factors can vary but are typically divided into four groups: man, machine, media and management. They are also known as four Ms (4M).

Man: Human factor is a major component of the causes of accidents in the workplace, that’s why it is a vital consideration during accident investigation. Factors such as employee age, experience, skill level, education, fatigue level and attitude, as well as many other human factors, can influence the development of an accident. Machine: Plenty of accidents experienced in industry involve exterior forces such as mechanized equipment, vehicles, stationary industrial equipment and a plethora of other types of equipment that feature moving parts or the ability to produce energy. The machine factor is integral to any accident investigation. Media: Media includes the method and/or atmosphere in which the accident took place. Besides working conditions (such as working methods, procedures, etc.), it is important to consider the atmospheric conditions (weather, environment, pollution, etc.) as they often play a role in accidents. Equally important is the method in which the accident came about; this provides valuable causal insight. Management: Company or organization management represents a commonly overlooked accident factor. The lack of management buy-in to company safety programs is a systemic problem that likely will lead to accidents. Organization policies, organization structure, mission statements and production objectives should include Health and Safety endeavors as well.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 73/125

Workplace hazards can come from a wide range of sources, including any substance, material, process, practice etc., that has the ability to cause harm or adverse health effect to a person under certain conditions.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 74/125

A common way to classify hazards is by category:

Physical - hot/cold objects, airborne particles, equipment and machinery, electricity, falling objects, sharp objects, etc. Environmental - hot/cold environments, radiation, magnetic fields, pressure extremes (high pressure or vacuum), air quality, noise, pollution, etc. Chemical - hazardous and dangerous substances, combustible material, fire, exposure, etc. Psycho-social - workload, stress, health, personal life, etc Ergonomic - manual handling, highly repetitive tasks, vibration, improper set up of workstation, etc. Biological - pathogens, animals, insects, toxins, etc.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 75/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 76/125

Hazards have the potential to cause human injury or ill health. It can be: a thing (e.g. sharp-edged objects such as knife, glass fragments, etc.) a substance (e.g. benzene, lead, vinyl chloride, arsenic, radioactive substances, etc.) a material (e.g. asbestos) a source of energy (e.g. electricity, heat, noise, etc.) a condition (e.g. unsuitable floor coverings, wet surfaces, unsanitary conditions, etc.) a practice (e.g. hard rock mining, deep-water working, etc.) A risk is the likelihood of a hazard resulting in an injury or disease. Therefore, hazards need to be identified before the risks associated with these hazards can be assessed and, if no controls exist or existing controls are inadequate, effective controls should be implemented. For example: The hazard is electricity. The risk is the likelihood that a worker might be electrocuted because of exposure to electrical wires that is inadequately insulated. The hazard is benzene. The risk is the likelihood that a worker might suffer Leukemia because of long-term exposure to the hazardous chemical benzene.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 77/125

OHSAS 18001 - Definitions

3.15. OH&S performance: measurable results of an organization’s management of its OH&S risks NOTE 1: OH&S performance measurement includes measuring the effectiveness of the organization’s controls. NOTE 2: In the context of OH&S management systems, results can also be measured against the organization’s OH&S policy, OH&S objectives, and other OH&S performance requirements.

3.16. OH&S policy: overall intentions and direction of an organization related to its OH&S performance as formally expressed by top management NOTE : The OH&S policy provides a framework for action and for the setting of OH&S objectives

3.17. Organization: company, corporation, firm, enterprise, authority or institution, or part or combination thereof, whether incorporated or not, public or private, that has its own functions and administration

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 78/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 79/125

Occupational accidents cause direct (visible) and indirect (hidden) costs for the whole society. A popular way to demonstrate proportion of the costs is the iceberg model. Usually the proportion of indirect costs is much bigger than direct costs. Accidents are more expensive than most people realize because of the hidden costs. Some costs are obvious; for example, workers' compensation claims, medical costs and indemnity payments for an injured or ill worker. These are thedirect costsof accidents. In the other hand, there are hidden costs such as the costs to train and compensate a replacement worker, repairing and replacing damaged capital and material, investigate the accident and implement corrective action, and to maintain insurance coverage. Even less apparent are the costs related to schedule delays, added administrative time, lower morale, increased absenteeism, and poorer customer relations. These are theindirect costs.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 80/125

The risks at workplace must be reduced to the lowest reasonably practicable level by taking the control measures in the following order. In most cases a combination of elimination, substitution, engineering controls, administrative controls and Personal Protective Equipment are chosen to effectively control the occupational risks. 1. Elimination of the hazard is the most effective means of hazard control. Redesign the task (or eliminate the hazardous substance) in order to remove the unsafe work practice. For example: repair damaged equipment before the employee uses it. 2. Substitution of the hazard is done if the elimination of the hazard is not practicable. Replace the hazardous substance or process with a less hazardous one. For example: use a less toxic chemical. 3. Engineering controls include designs or modifications to plants, equipment, systems and processes that reduce the source of exposure to the risk. For example: insulationofhot pipesinorder to prevent the risk ofburn injuries. 4. Administration controls involve establishment of policies, procedures, work instructions as well as signs and warnings designed to reduce a worker's exposure to a risk. For example: occupational health and safety trainings for employees are also administrative controls. 5. Personal protective equipment is equipment worn by individuals to reduce exposure to hazards. This is the least control measure, and can be used only when all the previous measures have been tried and found to be ineffective in controlling the identified risk. For example: wearing protective footwear, gloves, goggles, aprons, etc..

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 81/125

Safety Signs may be used toprevent accidents, signifyhealth hazards, indicate the location ofsafety and fire protectionequipment, or for giving guidance and instruction in anemergency situation.They should be clear and consistent, and usediagramsandsimple language. The use of standardized safety signs does not replace proper work methods, instructions and accident prevention training and/or measures. Education is an essential part of any system that provides safety information. ISO 7010 prescribes safety signs for the purposes of accident prevention, fire protection, health hazard information and emergency evacuation. This International Standard is generally applicable to safety signs in workplaces and all locations and all sectors where safety-related questions may be posed. It presents the safety sign originals according to their category as follows: −M Mandatory action signs: (round shape) white pictogram on abluecircular background. −P Prohibitory signs: (round shape) black pictogram onwhitebackground,rededging and diagonal line. −W Warning signs: (triangular shape) black pictogram on a yellow background with black edging. −E Escape and emergency signs: (rectangular or square shape) white pictogram on a green background. −F Fire safety signs: (rectangular or square shape) white pictogram on a red background.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 82/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 83/125

In this section, we will discuss the main steps to implement an Occupational Health and Safety Management System and the mandatory clauses tied to these steps. OHSMS is used to ensure the selection of adequate and balanced controls that protect health and safety of workers and other stakeholders (interested parties). An auditor must have general knowledge of the functioning of a management system as well as the process approach to be able to perform an OHSAS 18001 audit effectively.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 84/125

A management system is a system that allows organizations to establish policies and objectives and to subsequently implement them. The management system of an organization may include different management systems, such as a quality management system, information security, environmental, etc. Organizations use management systems to develop their policies and put them into effect through objectives using: An organizational structure; Systematic processes and associated resources; An effective assessment methodology; A review process to ensure that the problems are adequately corrected and that opportunities for improvement are recognized and implemented when justified.

Note: What is implemented must be controlled and measured, what is controlled and measured must be managed. The standard indicates that the organization must measure and monitor the effectiveness of the processes and controls in order to measure the OH&S performance (Clause 4.5.1.c). This clause is an essential component of a management system because without the evaluation of the effectiveness of processes and controls in place, it is impossible to validate if the organization has achieved its objectives.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 85/125

This international standard adopts the process model “Plan-Do-Check-Act” (PDCA) or the Deming wheel which is applied to the structure of all the processes in a management system. The figure illustrates how a management system uses as input the requirements and the expectations of the stakeholders (interested parties), and how it produces, with the necessary actions and processes, the health and safety results that meet the requirements and expectations.

Plan (establish the management system): Establish the policy, the objectives, processes and procedures related to risk management and the improvement of occupational health and safety to provide results in line with the global policies and objectives of the organization. Do (implement and operate the management system): Implement and operate the policy, controls, processes and procedures of the management system. Check (monitor and review the management system): Assess and, if applicable, measure process performances against the policy, objectives and practical experience and report the results to management for review. Act (maintain and improve the management system): Undertake corrective and preventive actions, on the basis of the results of the internal audit and management review, or other relevant information to continually improve the said system.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 86/125

Processes can be defined as being a logical group of interrelated tasks, performed to reach a defined objective. A process is a sequence of structured and measured activities designed to create a product or a service for a specific market or a particular client. For an organization to function effectively, it must implement and manage numerous interrelated and interactive processes. Often, the output element of a process directly forms the input element to the next process. The identification and orderly management of processes within an organization and especially the interactions of these processes are called "process approach“.

Controls are used to ensure that the conduct of the business processes is performed in a secure manner in terms of health and safety at workplace. These OH&S processes and controls are dependent of the business processes because they are part of it. For example, safety measures relating to human resources should be integrated into existing processes for human resources management of an organization by making these processes safer by ensuring that: Everyone’s responsibilities in terms of OH&S be defined; Background checks of applicants be performed to ensure theyare capable of meeting the inherentrequirementsof the role; The organization has a formal disciplinary process in case of a breach in Health and Safety;

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 87/125

A PECB member committee has developed the methodology for implementing an OHSMS, “Integrated Implementation Methodology for Management Systems and Standards (IMS2)”, based on project management best practices in line with the Project Management Institute (PMI) and the International Project Management Association (IPMA) as well as the ISO 10006 standard, “Quality management systems – Guidelines for quality management in projects”.

This method is introduced in a detailed manner in the Certified OHSAS 18001 Lead Implementer training. By adopting the “Plan-Do-Check-Act” (PDCA) process model, the IMS2 method allows an effective and operational implementation of the different stages of the OHSMS life cycle: creation, implementation, operation, monitoring and review, update and improvement.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 88/125

An organization seeking certification to OHSAS 18001 must comply with all terms defined in sections 4 of the standard. An organization should also define the applicable controls and justify the inapplicable controls in the statement of applicability.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 89/125

An organization can choose to implement an OH&S management system with respect to the entire organization, or to a subdivision of the organization, provided this is consistent with its definition of its workplace. In defining and documenting the scope of the OH&S management system, care should be given to determine who, what and where, are to be covered. Also defined the scope in terms of: Business processes; Organizational units; and Location. Consider interfaces with: Other systems; Organizations; Suppliers; Dependencies.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 90/125

During the planning stage the organization should: 1. Ensure it has the commitment of top management. 2. Define, with the authorization of top management, the company's occupational health and safety policy. 3. Establish a framework for identifying hazards, the assessment of risks and the implementation of necessary control measures. 4. Objectives must be set and management programmes for achieving them must be implemented. During this process the organization should take into account applicable legal requirements and other requirements to which it subscribes. The whole process should be documented as well.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 91/125

OH&S policy demonstrates the leadership and commitment of top management to the OHSMS. It also, enables persons under the control of the organization to understand the organization’s overall commitment to OH&S.

OHSAS documents give the minimum requirements to be included in an OH&S policy. The policy should include statements about the commitments of an organization to: — the prevention of injury and ill health, — continual improvement in OH&S management, — continual improvement in OH&S performance, — compliance with applicable legal requirements, and — compliance with other requirements to which the organization subscribes.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 92/125

OHSAS 18002, clause 4.3.1.2 Each organization should choose approaches that are appropriate to its scope, nature and size, and which meet its needs in terms of detail, complexity, time, cost and availability of reliable data. In combination, the chosen approaches should result in an inclusive methodology for the ongoing evaluation of all the organization’s OH&S risks. To be effective, the organization’s procedures for hazard identification and risk assessment should take account of the following: −hazards, −risks, −controls, −management of change, −documentation, −ongoing review.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 93/125

After the hazards related to the activities, processes, equipment etc. have all been identified, the company should assess risks associated with identified hazards. Risk assessment is a process of evaluating the risk(s) arising from hazard(s), taking into account the adequacy of any existing controls and deciding whether the risk(s) is/are acceptable. NOTE: Some reference documents use the term “risk assessment” to encompass the entire process of hazard identification, risk assessment and determining controls; OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process separately and use the term “risk assessment” to refer explicitly to the second stage of this process.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 94/125

Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessments to complex quantitative analyses with extensive documentation. Any risk assessment methodology that complies with the minimum OHSAS 18001 criteria is acceptable, even a methodology developed internally. Individual hazards can require that different methods be used, e.g. an assessment of long term exposure to chemicals can need a different method than that taken for equipment safety or for assessing an office workstation.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 95/125

Any risk assessment methodology that complies with the minimum OHSAS 18001 criteria is acceptable, even a methodology developed internally. The following is a list of several recognized risk assessment tools and methodologies:

Checklists/Questionnaires – Checklists are lists of hazards, risks or control failures that have been developed usually from experience, either as a result of a previous risk assessment or as a result of past failures. They can be used to identify hazards and risks or to assess the effectiveness of controls. Risk matrices – Matrices are the most common used risk assessment tools. A matrix is a means of combining qualitative or semi-quantitative ratings of hazard severity and probability to produce a level of risk or risk rating. This is commonly used as a screening tool when many risks have been identified, for example to define which risks need further or more detailed analysis, which risks need treatment first, or which need to be referred to a higher level of management. Ranking/Voting tables – A risk ranking/voting table (also known as risk index) is a semi-quantitative measure of risk which is an estimate derived using a scoring approach using ordinal scales. They can be used to rate a series of risks using similar criteria so that they can be compared. Scores are applied to each component of risk, for example contaminant characteristics (sources), the range of possible exposure pathways and the impact on the receptors.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 96/125

FMEA (Failure Mode and Effect Analysis) is a technique used to identify the ways in which components, systems or processes can fail to fulfill their design intent. This method identifies: all potential failure modes of the various parts of a system (a failure mode is what is observed to fail or to perform incorrectly); the effects these failures may have on the system; the mechanisms of failure; how to avoid the failures, and/or mitigate the effects of the failures on the system.

HAZOP (Hazard and operability studies) - A general process of risk identification to define possible deviations from the expected or intended performance. The HAZOP process is a qualitative technique based on use of guide words which question how the design intention or operating conditions might not be achieved at each step in the design, process, procedure or system. It is generally carried out by a multi-disciplinary team during a set of meetings. Exposure assessment Strategy - Hazards are identified and analyzed and possible pathways by which a specified target might be exposed to the hazard are identified. Information on the level of exposure and the nature of harm caused by a given level of exposure are combined to give a measure of the probability that the specified harm will occur. Computer modelling – These methods are used where the future state of a system depends only upon its present state. Pareto analysis is the expression given to the simple process of ranking or ordering risks once they have been assessed, determine the order in which they should be managed. This method uses the Pareto principle (also known as the 80:20 Rule), which is the idea that 20% of causes generate 80% of results.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 97/125

The hazard identification step is the step where the organization identifies potential workplace hazards, including all events and situations which have the potential to cause harm to its employees, while they are performing their duties at workplace. Hazards can be identified by various methods, such as observing and inspecting the workplace, interviewing employees, conducting surveys, reviewing historic data and trends related to previous oh&s events etc. The organization should establish specific hazard identification tools and techniques that are relevant to the scope of its OH&S management system. The identification must be performed with the level of detail that provides enough information to evaluate the risks and the level of risk with which the organization is comfortable. The level of detail used on the identification of hazards will influence on the global volume of information collected during the risk evaluation. This step should consider the different types of hazards in the workplace, including physical, chemical, biological and psychosocial. A hazard can be a source (e.g. moving machinery, radiation or energy sources), a situation (e.g. working at heights) or an act (e.g. manual lifting), arising from an organization’s activities, with a potential for harm in terms of human injury or ill health.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 98/125

After the hazards related to the activities, processes, equipment etc. have all been identified, the company should assess risks associated with identified hazards. Risk assessment is a process of evaluating the risk(s) arising from hazard(s), taking into account the adequacy of any existing controls and deciding whether the risk(s) is/are acceptable. NOTE: Some reference documents use the term “risk assessment” to encompass the entire process of hazard identification, risk assessment and determining controls; OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process separately and use the term “risk assessment” to refer explicitly to the second stage of this process.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 99/125

An organization can use different risk assessment methods as part of an overall strategy for addressing different areas or activities. When seeking to establish the likelihood of harm, the adequacy of existing control measures should be taken into account. A risk assessment should be detailed enough to determine appropriate control measures. Some risk assessment methods are complex and appropriate to special or particularly hazardous activities. For example, risk assessment of a chemical process plant might require complex mathematical calculations of the probabilities of events that could lead to a release of agents that might affect individuals in the workplace or the public. In many circumstances, OH&S risk can be addressed using simpler methods and can be qualitative. These approaches typically involve a greater degree of judgment, since they place less reliance on quantifiable data. In some cases, these methods will serve as initial screening tools, to determine where a more detailed assessment is needed.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 100/125

The risk assessment method must allow managing the risk according to the principle of the hierarchy of controls: 1. Elimination – modify a design to eliminate the hazard, e.g. introduce mechanical lifting devices to eliminate the manual handling hazard; 2. Substitution – substitute a less hazardous material or reduce the system energy (e.g. lower the force, amperage, pressure, temperature, etc.); 3. Engineering controls – install ventilation systems, machine guarding, interlocks, sound enclosures, etc.; 4. Signage, warnings, and/or administrative controls – safety signs, hazardous area marking, photo luminescent signs, markings for pedestrian walkways, warning sirens/lights, alarms, safety procedures, equipment inspections, access controls, safe systems of working, tagging and work permits, etc.; 5. Personal protective equipment (PPE) – safety glasses, hearing protection, face shields, safety harnesses and lanyards, respirators and gloves.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 101/125

For the management of change, the organization shall identify the OH&S hazards and OH&S risks associated with changes in the organization, the OH&S management system, or its activities, prior to the introduction of such changes.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 102/125

The organization should manage and control any changes that can affect or impact its OH&S hazards and risks. This includes changes to the organization’s structure, personnel, management system, processes, activities, use of materials, etc. Such changes should be evaluated through hazard identification and risk assessment prior to their introduction. The organization should consider hazards and potential risks associated with new processes or operations at the design stage as well as changes in the organization, existing operations, products, services or suppliers.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 103/125

After the hazards related to the activities, processes, equipment etc. have all been identified, the company should assess risks associated with identified hazards. Risk assessment is a process of evaluating the risk(s) arising from hazard(s), taking into account the adequacy of any existing controls and deciding whether the risk(s) is/are acceptable. NOTE: Some reference documents use the term “risk assessment” to encompass the entire process of hazard identification, risk assessment and determining controls; OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process separately and use the term “risk assessment” to refer explicitly to the second stage of this process.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 104/125

The organization should apply the appropriate controls to: Be compliant with legal, regulatory and contractual obligations; Reduce the likelihood of hazards; Reduce impacts if the risk occurs; Prevent or detect, react and correct undesired events. Controls themselves must be selected and set in place to meet the requirements identified by risk assessment process. This selection must take into account the principle of the hierarchy of controls as well as legal, regulatory and contractual requirements.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 105/125

The notion of residual risk can be defined as being the risk that remains after the implementation of controls aiming to reduce the inherent risk, and can be summarized as follows:

Residual risk = Inherent risk – Risk treated by controls In risk treatment, selection of controls should be determined by the principle of the hierarchy of controls, i.e. the elimination of hazards where practicable, followed in turn by risk reduction (either by reducing the likelihood of occurrence or potential severity of injury or harm), with the adoption of personal protective equipment (PPE) as a last resort. After the controls have been implemented and risks have been reduced, there may still be residual risks which are acceptable. OHSAS documents define these acceptable risks as the risk that has been reduced to a level that can be tolerated by the organization having regard to its legal obligations and its own OH&S policy.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 106/125

Determine some of the hazards associated to the following facilities of South Haven and indicate the possible risks related to the hazards identified. Hazards that might exist in the hotel facilities Hazards that might exist in the dining facilities Complete the risk matrix and get ready to discuss your answers after the exercise. Duration of exercise: 20 minutes Comments: 20 minutes

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 107/125

After the hazards related to the activities, processes, equipment etc. have all been identified, the company should assess risks associated with identified hazards. Risk assessment is a process of evaluating the risk(s) arising from hazard(s), taking into account the adequacy of any existing controls and deciding whether the risk(s) is/are acceptable. NOTE: Some reference documents use the term “risk assessment” to encompass the entire process of hazard identification, risk assessment and determining controls; OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process separately and use the term “risk assessment” to refer explicitly to the second stage of this process.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 108/125

Following the initial authorization to implement the OHSMS, it is good practice to make an official announcement. This can be done by the sending of an official letter from the management to the employees or by a kickoff meeting. It is important to ensure, however, that the risk assessment is regularly reviewed and that the residual risk continues to be under-written (i.e. accepted) by management.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 109/125

The organization that wants to implement an OHSMS must document, maintain, monitor and improve it continually. Its implementation includes a risk analysis as well as the selection and operation of controls to reduce the risks identified during the risk assessment. The implementation of the OHSMS involves a certain number of tasks including: 1. Documenting the planning of action to implement with the resources (financial, human, material, software) as well as the priorities and responsibilities to treat the identified risks. 2. Implementing the controls listed in the risk treatment plan and defining methods to assess the effectiveness of controls. 3. The organization must implement a program to raise awareness and train all stakeholders on safety issues. This can be done through internal training, distribution of a newsletter, provision of intranet web pages or of more formal communications. 4. The organization must be able to manage the OHSMS on a long-term basis and demonstrate that it has the necessary resources to operate an OHSMS. 5. The organization must document and implement effective processes, including incident detection and treatment.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 110/125

Through its leadership and actions, management can create an environment in which different actors are fully involved and in which the management system can operate effectively in synergy with the objectives of the organization. Management can use the eight management principles of ISO to define its role, which includes: a) establish guidelines and objectives of the organization; b) promote policies and objectives at all levels of the organization to increase awareness, motivation and involvement; c) ensure that the requirements of stakeholders (customers, partners, shareholders, legislators, etc..) are a priority at all levels of the organization; d) ensuring that appropriate processes and controls are implemented to help meet the requirements of customers and other stakeholders; e) ensuring that an efficient and effective management system is established, implemented and maintained; f) ensuring the availability of necessary resources; g) assurance that internal audits are conducted; h) conduct the management review at least once a year; i) decide on actions concerning the quality policy and quality objectives; j) decide on actions to improve the management system.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 111/125

An organization wishing to be conform to OHSAS 18001 shall at least: 1. Publish all documents required; 2. Develop a procedure for control of documents; 3. Develop a procedure to control records. Each organization determines the extent of the necessary documentation and media types to use. It depends on factors such as type and size of the organization, complexity and interaction of processes, information systems and technologies available, the requirements of stakeholders such as customers and suppliers, applicable regulatory requirements, etc. In many organizations, the creation of the documentation is disproportionate. The preparation of documents should not be an end in itself. It must be create an added value supporting the management system. A too heavy documentation is difficult to manage, often not understood by users - therefore, not used... The primary value of documentation is to allow communication of the objectives of the organization and to ensure consistency of the actions. Documentation contributes to: a) Achieving compliance with legal, regulatory and contractual obligations; b) Providing media for communication and training; c) Ensuring repeatability and traceability; d) Providing evidence to prepare for the certification audit; e) Evaluating the effectiveness and continued relevance of the management system; f) Improving processes and OH&S controls included in the management system.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 112/125

After the hazards related to the activities, processes, equipment etc. have all been identified, the company should assess risks associated with identified hazards. Risk assessment is a process of evaluating the risk(s) arising from hazard(s), taking into account the adequacy of any existing controls and deciding whether the risk(s) is/are acceptable. NOTE: Some reference documents use the term “risk assessment” to encompass the entire process of hazard identification, risk assessment and determining controls; OHSAS 18001 and OHSAS 18002 refer to the individual elements of this process separately and use the term “risk assessment” to refer explicitly to the second stage of this process.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 113/125

Once the OHSMS is implemented, the PDCA model requires permanent checking of the system as well as periodic reviews to improve its operation: 1. Monitoring and measuring OH&S performance on a regular basis; 2. Periodically evaluating compliance with applicable legal requirements and with other requirements to which the organization subscribes; 3. Recording, investigating and analyzing incidents, as well as dealing with actual and potential nonconformity(ies) and taking corrective and preventive action. 4. Maintaining records as necessary to demonstrate conformity to the requirements of its OH&S management system and of OHSAS 18001 5. Ensuring that internal audits of the OH&S management system are conducted at planned intervals. Note: each of these actions must be documented and recorded.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 114/125

Internal audits are used to assess the level of fulfillment of the requirements of the standard relating to the management system. Regular internal audit activities allow assessing continuously the effectiveness of the management system and identifying opportunities for improvement. The organization must implement an internal audit program to determine if the management system reaches the defined objectives of the organization, remains conform to the standard as well to other internal, legal, regulatory and contractual requirements and is kept up-to-date in an efficient manner. The audit program shall, as a minimum, contain: 1. Definition of the criteria, the scope, the frequency, the methods and the audit procedures; 2. Definition of the roles and responsibilities of the internal auditors; 3. Documentation ensuring the objectivity and impartiality of the audit process (examples: audit chart, work contract, code of ethics of internal auditors, etc.); 4. Planning of audit activities; 5. Follow-up activities to audit the business actions following the detection of non conformities; 6. Procedure to keep the records of audit activities and safekeeping of records. Note: The implementation and management of an internal audit program will be explained during Day 4 of the training.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 115/125

Management reviews allow the management of the organization to periodically review the level of performance (relevance, appropriateness, effectiveness and efficiency) of the management system in place. These reviews allow the organization to adapt or refocus quickly and efficiently the management system towards internal or external changes. A management review shall be organized at least once a year.

Management reviews must be documented. They should then be distributed to all review participants.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 116/125

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 117/125

Continual improvement: The organization shall establish, document, implement, maintain and continually improve an OH&S management system in accordance with the requirements of this OHSAS Standard and determine how it will fulfill these requirements. OHSAS 18001 - Definitions 3.14. OH&S objective: OH&S goal, in terms of OH&S performance, that an organization sets itself to achieve. 3.15. OH&S performance: Measurable results of an organization’s management of its OH&S risks. 3.18. Preventive action: Action to eliminate the cause of a potential nonconformity or other undesirable potential situation. 3.4. Corrective action: Action to eliminate the cause of a detected nonconformity or other undesirable situation.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 118/125

A corrective action is an action taken to eliminate the root causes of a non-conformity or of any other undesirable existing event and to prevent its recurrence. A corrective action is thus a term that includes the reaction to a system process problem, to incidents, to gaps in reaching objectives, to non-conformities, etc. The corrective action process should include: 1. Identification and documentation of the non-conformity: The initial step in the process is clearly to define, document the non-conformity and analyze its impacts on the organization. 2. Analysis of the causes: Determine the source of the non-conformity and analyze the root causes. 3. Evaluation of options: A list of possible corrective actions is developed and different action plans are evaluated. At this stage, if the problem is significant or if the likelihood of re-occurrences is high, temporary corrective actions can be set in place. 4. Selection of solutions: One or more corrective actions are selected to correct the situation and the contemplated improvement objectives are determined. The selected solution must correct the problem and should also be able to avoid a re-occurrence. 5. Implementation of corrective actions: The corrective action plan that was approved is implemented and all the actions described in the plan are documented. 6. Follow-up of corrective actions: One must check that the new corrective controls are in place and effective. The follow-up is usually performed by the person responsible for the project and the audit department. 7. Review of corrective actions: To perform a review of the effectiveness of the corrective actions we periodically evaluate whether the organization is accomplishing its OH&S objectives, based upon the defined corrective actions and whether those actions remain effective over time.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 119/125

A preventive action is any action taken to eliminate the causes of a non-conformity or any other potentially undesirable event and to prevent their re-occurrence in future. A preventive action is taken to prevent a potential problem from occurring. Monitoring and adequate controls must be implemented within the OHSMS to ensure that the potential problems are identified and eliminated before they occur.

It is to be noted that an action aiming at preventing non-conformities is often more cost-effective than a corrective action. An organization should aim for cost/effectiveness balance between the implementation of corrective and preventive actions.

The preventive actions process is similar to the corrective actions process: identifying a potential problem, evaluating solutions, choosing solutions, implementing preventive actions, follow-up and review of preventive actions.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 120/125

Section summary: 1. An Occupational Health and Safety Management System (OHSMS) is the part of the global management system based on a risk based approach to establish, implement, operate, monitor review, update and improve health and safety at workplace. 2. The OHSMS is used to ensure a selection of adequate and proportionate controls that protect the health and safety of workers and bring assurance to other stakeholders. 3. Controls are used to ensure that the conduct of business processes is performed in a secure manner in terms of health and safety. These OH&S processes and controls are dependent of business processes because they are integrated to them. 4. An organization that requests certification must be conform to all the clauses defined in Clause 4 of ISO 18001. 5. OH&S objectives and controls themselves must be selected and implemented to meet the requirements identified by the hazard identification and risk assessment process. This selection must take into account the acceptable risk as well as the legal, regulatory and contract requirements. 6. The organization must continually improve the effectiveness of its OHSMS through its policy and objectives, its internal audits as well as by the preventive and corrective controls initiated by management reviews.

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 121/125

For each risk identified in the preceding exercise, provide the appropriate controls which allow elimination or reduction of risks. Complete the matrix and be ready to debate the controls you selected. Duration of exercise: 20 minutes Comments: 20 minutes

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 122/125

Homework 1: General controls Determine how you would verify each of the following controls. You must provide examples of evidence you would look for to reasonable assurance that the control has been effectively implemented. State at least two elements of proof for each. 1. 2. 3. 4. 5.

Occupational health and safety policy document Emergency preparedness Controls against hazardous substances Worker participation in OH&S Evaluation of compliance

Duration of homework: 30 minutes

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 123/125

Page for Note Taking

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 124/125

Page for Note Taking

Licensed to Mohamed Bousaada Amri ([email protected]) ©Copyrighted material PECB®. Single user license only, copying and networking prohibited. Downloaded: 2019-03-08 125/125