Many companies want to “do the right thing regards health and safety”, but you don’t have to be certified to OHSAS 18001 for this. Guidance in publications like “The Printers Guide to Health and Safety ” lead the way. However, having third-party assessment of your health & safety practices, which is what you get with certification to OHSAS 18001, gives you a status which is recognised by many clients and other interested parties such as insurance companies.

Available from HSE Books

So what is OHSAS 18001 and how do we go about getting certification?

OHSAS 18001 is a health & safety management standard. Note that it is management standard, not a performance standard. So it is not a just matter of doing the right thing; it is also how you approach that in an auditable, sustainable and improving way.
Essentially there are two steps to gaining certification:

Setting up and implementing management systems to cover the clauses in the OHSAS 18001 standard.
Being audited by a certification body. This requires initial certification visits and then repeat visits to maintain certification.

Note that 18001 is not quite like 9001 and 14001 where UKAS controls certifying bodies, though it is moving that way.

So how do I go about setting up and implementing management systems?

Before we go any further, I’d just like to recommend that your documentation should be implementation-based. What I mean by this is that it should be written from the perspective of the users of the different systems and not look like semi-legal documents. I recommend the following:

Use flowcharts wherever possible. A system comprising a couple of pages of flowcharts is far more understandable that multiple pages of, “The Production Manager, on receipt of ……”. Flowcharts are just as acceptable to the certification body.
Where text is necessary, write it in the form of an instruction to whoever is carrying out the action and possibly in tabular form. So, in one column you may have “Health & safety Co-ordinator” and in the next “File emergency lighting test results”
Avoid text like “The Health & safety Co-ordinator shall ….”. Sometimes it’s unavoidable, but minimise it.
Be concise. You are not being judged on your weight of documentation, just that it covers the relevant OHSAS 18001 clauses and how well it is implemented.

OHSAS 18001 shows the structure to the right. Note that you'll probably write your policy out of this sequence; if you haven't identified the concerns, how can you write a policy to cover them?

Initial Status Review and Planning

These two overlap, because both enable you to identify the actual or potential health & safety impacts and to plan how you will control them.

Initial Status Review

Whilst risk assessments are really part of the planning stage, unless you have carried out some initial assessments, you cannot know what to put in your policy.

Planning

All your risk assessments come under planning. These need to include general risks, fire risks, CoSHH, manual handling, etc. Risk assessments must be suitable and sufficient and must have action plans arising as a result of the assessments. In my opinion, the action plans should include:

Legal Register

OHSAS 18001 states that you must maintain a register of all applicable legislation. I recommend that you create a table with the following columns:

Title of the legislation

Brief description

Applicable to your company?

Cross-reference to your system if it is applicable

This can be a weighty document (typically 15 pages to cover environmental and health and safety legislation) as it covers all health & safety legislation, only some of which will apply to your company. It breaks the implementation-based rule, but most people do not need to refer to it. Companies for whom SSS have provided the certification support and therefore the legal register will receive updates should legislation change.

Objectives

One of the requirements of OHSAS 18001 is to have, and to manage health & safety objectives. Probably, the initial objectives will arise because of the risk assessment/legal register process. In later years, other objectives will arise.
Each objective must have some way of assessing if you have met the objective and a target completion date. If you use INTACT (see below) then the individual actions towards meeting each objective are linked to the objective and shows the complete story; very handy when it comes to your certification visits.ImplementationKey topicsKey areas you will probably need to address are:

Electrical Equipment: systems and records of tests for portable and fixed equipment
Noise Control: assessments, control, etc.
Vehicles: both site vehicles and road vehicles
First Aid: provisions to cover all shifts
Fire management: Testing of alarms, extinguishers, etc., fire drills
Statutory testing: lifting equipment, pressure equipment, guillotines, gas boilers, etc.

People’s time

By far the most important part is getting the right people on board as early as possible. You will need someone to take the role of health & safety co-ordinator; don’t worry, it should not take up this person’s time much but it is important to have someone who keeps things ticking over.
Secondly, management must be committed to the process. You will need to have the occasional management meeting, but dependant upon the scale of your operations, this may be as little as one every 6 months.

Training

Many companies fall down when it comes to training records. People may be competent through experience or training, but you need a system to record this. I suggest that this system allows for both conventional training courses and an assessment of competence by somebody in authority in the company; you don’t necessarily have to attend a course to become competent but you need some record that somebody has assessed that person for competence.

Checking and corrective action

This is an essential part of the feedback loop that ensures that your system continues to run. You need two parts to this:Incident reportingSet up a system so that all health & safety incidents are reported, investigated and followed up. Encourage people to report near-misses.

System effectiveness reviews

This is referred to in OHSAS 18001 as auditing, but this term means different things to different people and I therefore avoid it. You need to review each systems to determine:

Is it fit for purpose? What are its objectives and will it achieve them if implemented properly?
Is it being implemented properly? Are people aware of it? Is there an unofficial alternative system being followed? (What I call the parallel universe syndrome.)

You will need a schedule of effectiveness reviews and people competent to carry them out. Some certification bodies require a full set of reviews to have been carried out before certification. Whilst this may be excessive, you will certainly have to have reviewed all the key systems before certification.
You should also plan to review the operations at any of your key suppliers, say your supplier of hazardous waste treatment services.

Management Review

OHSAS 18001 requires you to have periodic management reviews and actually states the topics to be included. In the initial stages these may be quite frequent but it may be possible to reduce the frequency later. I would not recommend have a frequency any longer than every 6 months. Some companies like to hold them every month.Making it all palatableWithout a doubt, the stages of setting this up from scratch require quite some effort and companies take one of two routes:

Appoint someone internally and they work on this full-time
Use external sources to set up the systems and carry out most of the initial work and then use internal people to run the system in additional to their prime role

If route [1] is taken, then it is probably acceptable to have systems that require some effort to track any data. However, most companies do not have the luxury of having such a person.
If route [2] is taken, then provided that a sensible approach is taken to data management, the tasks to run the system should not be at all onerous.
Where SSS have provided the service to set up the system, then a computerised action management system called INTACT comes as an inclusive part of the package. Options within INTACT enable is to be used to manage QA, environmental, health and safety and training records.Essentially, INTACT replaces the majority of the paperwork and all other systems such as spreadsheets and word-processed documents to form an integrated action management system. All of the data, such as aspects and impacts, system effectiveness reviews, objectives, management meeting minutes are logged within INTACT. In addition, analysis of data can be done at the click of a button

Go to Home Page

Actions to be taken to maintain existing control measures, eg guard interlock checks
Actions to introduce new control measures, eg introduce vehicle:pedestrian segregation
Actions to minimise risks that cannot be otherwise controlled.