This page is set out as a Q&A page to answer common questions about implementing an OHSMS:
- What is an occupational health and safety management system (OHSMS)?
- Why do organizations implement management systems?
- Why use a management system standard when implementing an OHSMS?
- Which management system standard is best?
- Is third-party certification required?
- Must an organization use an accredited certification body?
What is an occupational health and safety management system (OHSMS)?
An occupational health and and safety management system is that part of the organization’s management system used to achieve the OH&S policy.
For all of the ISO standards, a management system consists of the elements of an organization used to establish policies and objectives and the processes to achieve those objectives. System elements include the organization’s structure, roles and responsibilities, planning, operation, performance evaluation and improvement.
Why do organizations implement management systems?
Actually, every organization already as a management system.
Every organization already has policies, objectives and processes in place. These may or may not be effective and they may or may not be documented but they always exist.
When this question is asked, what is typically being asked is why should an organization change its existing policies, objectives and processes to conform to a particular standard or management system approach.
Why use a management system standard when implementing an OHSMS?
There are two primary reasons who organizations use management system standards when implementing changes to their existing management system.
The first reason that an organization uses a management system standard is that they are addressing a legal or contractual obligation that requires them to do so. This could be a customer requirement set out in a contract or it could be a legal requirement set out in a law or regulation. This may include a requirement for third-party certification to one or more standards.
The second reason that an organization uses a management system standard is improving their overall approach to managing their business. Management system standards are seen as establishing a benchmark for best practices in addressing issues such as meeting customer expectations, protecting the environment and preventing worker injuries.
Which OHS management system standard is best?
It depends.
There is no one management system standard that is best for every organization to use.
Each OHS management system standard has its own pros and cons. The best standard is the one that provides the most benefit to your organization.
This may be an industry-specific standard. It may be the standard preferred by a particular regulatory agency. It may be a standard with national or international recognition.
An organization may have legal or contractual obligations to meet the requirements of a particular standard. This obligation can be open-ended as a contractual obligation to “establish an OHS management system” or as specific as a legal requirement to meet the OSHA process safety regulatory requirements set out in 29 CFR 1910.119.
In some cases, an organization may want to (or be required to) conform to more than one standard.
In instances where an organization has to meet the requirements of multiple standards, the organization should implement the management system processes that make sense for how it operates and put together a table that sets out how the requirements of each standard are addressed by the processes it has in place.
Is third-party certification required?
No.
Third-party certification is optional unless the organization has contractually agreed to third-party certification or there is a law or regulation specifying that certification is required.
ISO standards specifically state that organizations have options in showing their conformance to a standard including:
- No certification
- Self-declaration of conformance
- Certification by a third-party (which can be part of a particular accreditation scheme or not)
One caveat – Organizations need to be careful about publicly asserting conformance to a standard if they are not actually in conformance with the requirements set out in the standard. It is prudent for organizations to obtain an independent assessment even if they intent to utilize self-declaration of conformance.
Must an organization use an accredited certification body?
No.
ISO standards are voluntary and do not require that specific registrars be used.
Even if third-party certification is required, organizations are not required to use a particular certification body (i.e. registrar). They are also not necessarily required to use an accredited certification body. If certification is a contractual requirement, it all depends on what the contract states.
Although the International Accreditation Forum (IAF) is the dominant player world-wide in accredited certification to ISO standards, organizations do not have to use registrars accredited by IAF members. The advantage of using such registrars is global recognition and established accreditation and certification processes.