Quality Digest      
  HomeSearchSubscribeGuestbookAdvertise August 15, 2022
This Month
ISO 9000 Database
Web Links
Contact Us
Web Links
Web Links
Web Links
Web Links
Web Links
Need Help?
Web Links
Web Links
Web Links
Web Links
ISO 9000 Database
ISO 9000 Database

by Roderick A. Munro, Ph.D., and William J. Luka

OSHA and OHSAS 18001

During the development of this article, inquiries were sent to both the national and local levels of Occupational Safety and Health Administration to see if there is an official stance on OHSAS 18001. The general feeling among consultants is that OSHA is not happy with this British standard and would prefer that it not come to the United States or become part of the ISO body of standards.

Our initial contacts with OSHA gave us feedback that the OHSAS 18001 is not a recognized standard here in the United States. Neither e-mail requests nor subsequent phone discussions lead us to anyone who had even heard of the British standard. We were encouraged to simply use the many resources that are available here in the United States and not to worry about something coming out of Europe.

We were pointed to OSHA's Voluntary Protection Program. This process involves a large number of questions that an organization works through to ensure that they're meeting all governmental (local, state and national) regulations to promote employee safety. Unlike OHSAS 18001, VPP does have a set of minimum requirements that organizations must meet to become approved to VPP. For complete information on VPP, visit OSHA's Web site at www.osha.gov/dcsp/vpp.

One OSHA Web sites states: "In the VPP, management, labor and OSHA establish cooperative relationships at workplaces that have implemented a comprehensive safety and health management system. Approval into VPP is OSHA's official recognition of the outstanding efforts of employers and employees who have achieved exemplary occupational safety and health."

One of the spinoffs of OSHA's VPP process has been the formation of a professional society called the Voluntary Protection Program Participants' Association. A search of its Web site (www.vpppa.org) also resulted in no information on OHSAS 18001.

Thus, if your organization is considering using OHSAS 18001 or is being required to become registered by a customer or parent organization, you may have to work with your local OSHA contacts to help them understand the difference in focus and management systems being required by OHSAS 18001. Many companies with U.S. and international facilities utilize both OHSAS 18001 and VPP.

As anyone working in the United States knows, occupational health and safety is highly regulated in many industries. There are so many local, state, and national laws and regulations that it's difficult to keep them all straight. We even find conflicting compliance issues that are virtually impossible to resolve. This might be one reason why many Americans haven't heard much about the British Standards Institute's new standard, Occupational Health and Safety Assessment Series 18001. However, it will likely become important for any manager who's concerned about employee health and safety.

This article looks at OHSAS 18001 and its possible applications in the United States.

When talking about standards, we should be clear. In the true sense of the term, a standard isn't a regulation or law; however, many regulations are referred to as "standards." Thus, standards released by the American Society for Quality or the American National Standards Institute don't hold the stature of legal requirements.

When considering OHSAS 18001, we're dealing with a safety management standard. These standards don't usurp any local regulations concerning occupational safety and health issues but have been developed to ensure a system of managing the organization to reduce or eliminate risks to employees.

In many parts of the world, there's not nearly the number of regulations or laws affecting occupational health and safety as there are in the United States. OHSAS 18001, which is now being audited around the world, was developed for the many countries that didn't have clearly defined safety management standards. Here in the United States, we have many laws and various Occupational Safety and Health Administration agencies, although we, too, generally lack an overall management system. A plant manager who delegates all occupational health and safety responsibility to a safety manager might feel that somehow the plant operations group isn't involved in managing safety risks for employees. The issue for many managers working in the U.S. system is how to focus on continually improving a system that's heavily regulated and where one mistake can result in a citation or fine.

The BSI OHSAS standard
BSI is the current source of OHSAS 18001, which was developed jointly by a number of national standards bodies, certification bodies and specialist consultancies (primarily European) that represented approximately 80 percent of the world market for OHSAS-type management system certifications at the time.

OHSAS 18001 consists of the following two documents:

BSI-OHSAS 18001:1999 Occupational Health and Safety Management Systems--Specification

BSI-OHSAS 18002:2000 Occupational Health and Safety Management Systems--Guidelines for the Implementation of OHSAS 18001

OHSAS 18001 is the audited standard, and OHSAS 18002 is the guidance document. Together, they focus on how to prevent accidents to organizational staff within the work environment. With many organizations already having a global presence, and others striving for that goal, there's continuing customer demand for recognizable occupational health and safety management system standards that can be applied to plants in many countries.

As we've seen in ISO 9001 or ISO 14001, OHSAS 18001 defines what should be done by an organization to manage occupational health and safety but doesn't dictate how to do it. That's left up to individual organizations to determine. It's important, however, to get the entire organization, not just one person or a small group of inspectors, focused on continual improvement. Note that compliance with this standard in and of itself doesn't confer immunity from legal obligations.

Scope of OHSAS 18001
The standard has three objectives:

Minimize risk to employees and others

Improve business performance

Assist organizations in establishing a responsible image within the marketplace

OHSAS 18001 states that it "is applicable to any organization that wishes to:

a) Establish an occupational health and safety [OH&S] management system to eliminate or minimize risk to employees and other interested parties who may be exposed to OH&S risks associated with its activities;

b) Implement, maintain and continually improve an OH&S management system;

c) Assure itself of its conformance with its stated OH&S policy;

d) Demonstrate such conformance to others;

e) Seek certification/registration of its OH&S management system by an external organization;

f) Make a self-determination and declaration of conformance with this OHSAS specification."

When dealing with the language of OHSAS 18001, there are several terms that you should be familiar with. The standard lists 17 terms to be aware of, which include these verbatim items:

Hazard: source or situation with a potential for harm in terms of human injury or ill health, damage to property, damage to the workplace environment or a combination of these

Hazard identification: recognizing and defining existing hazards

Risk: combination of the likelihood and consequence(s) of a specified hazardous event occurring

Risk assessment: overall process of estimating the magnitude of risk and deciding whether the risk is tolerable


All employees should know how to identify a hazard and/or risk to the organization. These responsibilities are often delegated to an individual or a small group.

Basic elements
The structure of OHSAS 18001 is similar to the model found in ISO 14001. In OHSAS 18002, each clause lists the OHSAS 18001 requirement, intent of the standard, inputs to the process, a generic process description and typical outputs of the process. Let's look at the intent of each clause of OHSAS 18001:

4.0 Occupational Health and Safety Management Systems

4.1 General Requirements--To establish and maintain a management system that ensures conformance to the standard. This should lead to the organization meeting regulatory concerns.

4.2 OH&S Policy --In the vernacular of OHSAS 18001, the policy is meant to establish an overall sense of direction and define the principles of action for an organization. A policy should set objectives, identify responsibility, establish targets for performance and demonstrate formal commitment. As with ISO 9001 and ISO 14001, the process approach should be applied.

4.3 Planning

4.3.1, Planning for Hazard Identification, Risk Assessment and Risk Control --The organization must identify, determine and control risks associated with identified and unintentional hazards.

4.3.2, Legal and Other Requirements--The organization must understand and be aware of any regulatory responsibilities affecting its operations. Relevant personnel must be kept informed.

4.3.3, Objectives--The organization must set measurable OH&S objectives and track results in all relevant locations.

4.3.4, OH&S Management Program(s)--The organization must ensure that OH&S objectives and the processes by which they're tracked are monitored, reviewed, updated and recorded as needed. Plans and strategies should be in writing, followed and updated as needed by the organization.

4.4 Implementation and Operation

4.4.1, Structure and Responsibility--The organization must establish roles, responsibilities and authorities, and ensure that these are defined, documented and communicated as appropriate.

4.4.2, Training, Awareness and Competence--The organization must have effective procedures ensuring that personnel assigned to tasks are competent.

4.4.3, Consultation and Communication--The organization should encourage participation and support of its OH&S practices, policies and objectives from anyone who might be affected by the operations (both internally and externally).

4.4.4, Documentation --The organization must ensure that the OH&S management system is adequately understood and that personnel can execute the system effectively and efficiently.

4.4.5, Document and Data Control--The organization must identify and control related documents and information to ensure effective OH&S operations.

4.4.6, Operational Control --The organization must be prepared to control risk, fulfill policy and objectives, and conform to legal and other regulations.

4.4.7, Emergency Preparedness and Response --The organization should actively review possible accident and emergency responses, have plans to meet these possibilities and conduct dry-run drills to test the system's readiness.

4.5 Checking and Corrective Action

4.5.1, Performance Measurement and Monitoring--The organization must have key performance parameters from all parts of the organization to monitor the OH&S management system. At a minimum, measures are needed for achieving policies and objectives; risk assessment; lessons learned; effective awareness, training and communication; and other information deemed useful.

4.5.2, Accidents, Incidents, Nonconformances, and Corrective and Preventive Action --The organization should have procedures that strive to prevent the occurrence and/or reoccurrence of incidents. These procedures should allow for root cause analysis and timely reporting.

4.5.3, Records and Records Management --The organization should keep evidence that the OH&S is operating effectively.

4.5.4, Audit--The organization should review and continually monitor the effectiveness of its OH&S management system. The internal audit program should follow ISO 19011 and be conducted at planned intervals.

4.6 Management Review--Top management should conduct reviews of the OH&S management system. This includes assessing the system for continual improvement opportunities.


Case study: Applying OHSAS 18001 in the United States
A large, OHSAS 18001-registered European corporation directed its U.S. satellite company to pursue OHSAS 18001 registration. The U.S. company employs approximately 355 employees, is ISO 9001-registered and has an established safety program with a core safety team in place. The safety and environmental manager is responsible for the safety program and reports to the senior vice president of operations. The task of obtaining OHSAS 18001 registration was assigned to the director of quality.

The director of quality was immediately confronted with the task of modifying a system that met industry standards and was working well but didn't meet the formal requirements outlined in OHSAS 18001.

An in-depth audit checklist was developed, and a formal audit was conducted according to the requirements of both of ISO 9001 and OHSAS 18001. The audit confirmed that the current system met the intent of the health and safety requirements but lacked the formal system requirements referenced in the ISO and OHSAS standards manuals. Nonconformances were documented and action plans developed to address all audit findings.

Emphasis was also placed on the area safety audits conducted by the safety team. A more comprehensive audit was developed that included root cause analysis and systemic corrective actions. The safety team had previously focused on correcting specific issues (i.e., symptoms), which resulted in repeat issues in other areas of the plant during subsequent audits.

A companywide training and awareness program was launched that emphasized plant safety and each employee's responsibility with respect to safety, as well as the consequences of not following procedures. The training program was expanded to include new-employee orientation and periodic refresher training on major issues such as safe working practices, plant evacuation drills, and accident and/or injury reporting and corrective measures.

A quarterly management review was established to instill a higher level of management commitment to and awareness of the implementation process, and to develop communication channels for continual improvement and support of the system following the registration audit.

The company established an OHSAS 18001 system that promoted continual improvement and a systemic method of corrective actions. Preventive measures were developed from the enhanced area safety audits.

Resulting benefits include:

The number of incident reports was reduced for three consecutive quarters, from 21 to 15 to four. The number of lost workdays was reduced in the same three quarters, from 34 to 11 to zero.

The company initiated a $50 rebate for each employee each year for the purchase of safety shoes. An ear protection policy was put in place in selected areas of manufacturing.

Procedures were updated to reflect current practices; these procedures served as the basic training format for all employees. Records were maintained on standardized forms, which resulted in a standardized reporting system and more meaningful data.

The quarterly management review meeting served as a means of informing management of the status of the health and safety program and resulted in immediate attention to the current plant issues. Personal safety equipment such as gloves, welding aprons, welding sleeves and respirators were enhanced.

The entire workforce has been trained and/or retrained, and training has been extended into the new employee orientation program. Evacuation drills were held as well as specialized training in CPR, proper fire-extinguisher use, spill cleanup, pollution prevention, and conservation of energy and resources.

An already low turnover rate has decreased by an additional 1.3 percent during the last six months.


OHSAS 18001 has been established by the leading safety management systems organizations from around the world. You'll need to check with your registrar to see if it's qualified to assist you with third-party registration to OHSAS 18001. Otherwise, your organization could make a self-determination and declaration of conformance with the OHSAS specification. Either way, the new standard represents a continuation of the ISO 9001 and ISO 14001 standards and can be integrated into existing management systems to help ensure the safety of employees and the organization.

About the authors
Roderick A. Munro, Ph.D., is an ASQ Fellow, CQE, CQA, CQMgr, IQA Fellow and IRCA lead auditor. He's a business improvement coach with RAM Q Universe Inc., which provides coaching, training, and consulting services to manufacturing and service industries.

William J. Luka, MBA, is an ASQ Fellow, CQE, CQA, CQMgr and RAB lead auditor. Luka is a director of quality for Rittal Corp., which provides enclosures for electronic systems, thermal management power distribution components, data communication components and security systems. He also has more than 12 years of experience as a director and vice president of quality in the automotive industry.