Planning an Occupational Health and Safety Management System (OHSMS)


Planning an OHSMS image

This is one in a series of articles about occupational health and safety management systems, or OHSMS. It's based on the ANSI/ASS Z10 standard, which we encourage you to buy.

In this article, we're going to take an extended look at Section 4, which is all about planning an OHSMS. That includes reviews, both initial and ongoing; assessments and prioritization of tasks; objectives; implantation plans; and allocation of resources.

In the sections below, we'll link you to all of the articles in this series, but for now, we'll dive right into this one.

And don't forget to download our helpful 10 Steps to Starting Safety Management infographic!

How "Planning" Fits Into the Big Picture of Occupational Health and Safety Management

So, we're going to talk about planning an OHSMS. Let's start by seeing how planning fits into the entire process.

Z10 was written to fit the familiar Plan-Do-Check-Act workplace management method (PDCA), which is often associated with Dr. W. Edwards Deming.

As represented in a somewhat simple illustration, section 4 of Z10 covers planning and also neatly maps to the "Plan" phase of PDCA. (The drawing below is modeled after a few similar ones within Z10 itself.)

Deming Plan Do Check Act (PDCA) for Safety Management Image

Because this is all part of a continuous improvement cycle, there's an initial planning phase and ongoing planning phases over time.

Planning the OHSMS

Now, let's take a deep-dive into what the standard says about planning an OHSMS.

We'll look at:

  • The purposes of planning: why you should do it
  • Review phase
  • Assessment and prioritization of issues
  • Objectives
  • Implementation plans and allocation of resources

Purposes of the Planning Process

Within the context of the management system, planning is done to identify the more strategic activities that help identify the best opportunities for continual improvement. Operational plans (by "operational," the standard means "tactical equipment/task level processes and issues rather than management system processes or issues") are addressed in Section 5.

Planning should be performed in an organized, sequential manner that involves the following steps:

  • Gather and review relevant information to identify OHSMS issues (as described in 4.1). In case you're wondering, "OHSMS issues" are defined as hazards, risks, management system deficiencies, and opportunities for improvement.
  • Prioritize the OHSMS issues identified during the review mentioned above (as described in 4.2)
  • Develop objectives for the OHSMS and for risk control based on the prioritized OHSMS issues (as described in 4.3)
  • Create implementation plan to accomplish the prioritized objectives above (as described in 4.4)

These steps are described further in the sections below.

As mentioned earlier, the planning process isn't something you do just once. Instead, it's an ongoing and recurring process. As a result, the planning process includes what's called an initial review and then later, periodic reviews.

The Review Phase of Planning

The organization must create a review process for performing the initial review and for the later, ongoing/periodic reviews.

The purpose of that review process is to create a "gap analysis." In general terms, a gap analysis is the difference between the current state and an ideal state. In specific terms related to an OHSMS, it's the difference between the organization's OHSMS and the requirements for an OHSMS that Z10 sets out. That difference is the gap, and the ultimate goal is to close the gap.

An organization begins the gap analysis by gathering and then reviewing information to identify OHSMS issues. This includes gathering and reviewing the information necessary to establish the OHSMS or, in later cycles, to improve the OHSMS.

During this process, you'll be gathering and reviewing information about:

Your organization should document the process for conducting the review and also document the review itself. After that, your organization should use the same documented process (or an updated version) to perform the ongoing, periodic additional reviews. The organization should always keep documentation of the most recent reviews.

In order to identify the OHSMS issues, it's important to review a broad spectrum of relevant information. Doing so will allow for identification of system and operational issues. Items to consider in the review are listed below.

Relevant Business Systems and Operational Processes

Reviews of business systems should focus on management system elements and not on specifics of operations. Examples include:

  • Determining resource levels and expertise
  • Effectiveness of communication and employee participation
  • Review of change management timelines and effectiveness

Remember to also review management systems that are not directly related to health and safety but may have an affect on health and safety. Examples of such management systems include procurement, engineering, performance, qualifications of employees carrying out OHSMS responsibilities, quality, environmental, and recognition systems.

It's also important--especially important--to direct attention to compensation systems.

All of these systems that are seemingly unrelated to safety and health can in fact have significant effects on safety and health in a positive or negative manner.

Operational Issues such as Hazards, Risks, and Controls

Although the primary focus on this section is on the management system itself, it still pays to review these operational issues. That's because many operational issues are caused by deficiencies in the management system.

Operational issues may include hazards, health and disaster-related emergencies, as well as emergency events that may arise from the characteristics of materials, processes, and activities of the workplace or of neighboring activities.

Previously Identified OHSMS Issues

If there are OHSMS issues that have been identified before, gather information about them (and/or confirm that the existing information about them is accurate and up-to-date).

Allocation of Resources

Resources may be external or internal and include things like funding, personnel, equipment, mechanisms, and results of employee input into the OHSMS and data systems.

Risk Assessments and Evaluations

For more about risk assessments, see Section 5 and Appendices D and F of the standard.

Evaluations should include data such as:

If the organization hasn't yet completed a workplace inspection, it should do so as part of the review.

Processes and Mechanisms for Employee Participation

Gather all relevant information derived from employee participation in the OHSMS for this review. This is covered in section 3 of the standard.

Results of Audits

Audits can provide information that's useful during the planning review process.

For example, the standard notes that "internal audits can check whether the risk assessments performed reflect the actual workplace conditions and practices."

Management system audits are explained in more detail in 6.3. The review of audits performed for Section 4 (planning) does NOT replace the audit process set out in Section 6.3.

Other Relevant Activities

According to the standard, other relevant activities to review for issues may include things like contractor activities, maintenance, and non-routine operations.

Assessment and Prioritization of Identified Issues

Once the information has been gathered and reviewed, and once the issues are identified, it's time to assess the issues and prioritize them for action on an ongoing basis.

This takes place in four phases:

  • Assess impact
  • Assess level of risk
  • Establish priorities
  • Identifying underlying causes and contributing factors

You should select the method of assessment based on the type of issue, the nature of the risk, or operations. For example, Z10 says: "...system issues such as lack of a Management of Change process or a non-conforming Management Review process may be assessed using multiple methods that consider level of risk imposed, financial impact, and regulatory compliance."

Setting priorities may require judgements based on several factors, such as:

  • Issues that require immediate attention
  • Issues with the greatest potential for risk reduction or improvement
  • Issues with the highest severity or greatest impact
  • Issues related to organization, resource, participation, or accountability or other conditions that are fundamental to improvement in other areas

For more on assessment and prioritization, see Appendices D and F of the standard.

Once the process has been established, define and document the process so you can use it periodically to help identify new objectives. Once a prioritized list of OHSMS issues has been created, document the list. See Section E5.4 for more on this.

Let's look at each of the aspects in more detail.

Assess the Impact and Risk of OHSMS Issues on Health and Safety

Assessment of risk should include factors such as:

  • Exposure to risk
  • Human behavior, capabilities, and other human factors
  • Identification of potential hazards
  • Measurement data
  • Potential severity of hazards--consider not only high-probability hazards but high-severity hazards, even if they're not likely to occur
  • Sources and frequency of exposure
  • Types of measures used to control hazards

Although you'll be making assessments for this section, remember that they're only for prioritizing occupational health and safety issues and they're likely not complete or sufficient to determine appropriate hazard controls. You can see 5.1.2 for more on the hierarchy of controls.

For more on risk assessment methodologies, see Appendices F and O.

Establish Priorities for Addressing/Correcting Issues

You should establish the priority for addressing concerns based on a number of considerations, including:

  • The feasibility of addressing the issue
  • The level of risk
  • The potential business consequences. These may include things such as effect on productivity, revenue, sales, and/or profit; public image; and similar considerations.
  • The potential for system improvements
  • Standards and regulations that may apply

Identify Underlying Causes and Other Contributing Factors Related to System Deficiencies that Lead to Hazards and Risks

Underlying causes that may be related to system deficiencies and that can contribute to hazards and risks could include things like the following:

  • Human resource issues, including staffing, culture, capability, training, and/or job demands
  • Issues related to the facility and work environment, including layout, ventilation, and lighting
  • Issues related to machines, processes, or equipment, such as the lack of a process for assessing machine guarding maintenance, hazardous material controls, or design
  • Issues related to management, including measurements, supervision, accountability, communication, or participation
  • Job methods including rules, practices, or procedures


The next step is to then create a process for setting objectives based on the identified and prioritized OHSMS issues and, of course, to create those objectives.

The objectives should be based on the OHSMS issues that offer the best chances for risk reduction and OHSMS improvements. When possible, the objectives should be expressed in a quantifiable manner.

The number and content of the objectives should be:

  • Based on the priorities just developed (above)
  • Focused on making system-level improvements to eliminate or control underlying causes and contributing factors associated with risk
  • Consistent with the organization's occupational health and safety policy in general

You should measure progress toward achieving these objectives when possible and appropriate. In addition to setting the objectives, you should review and modify them at appropriate time intervals to reflect the efforts of the continuous improvement cycle. Objectives should be modified when information changes and/or when conditions that impact the schedule or possibility of meeting the objectives change.

According to the standard, an organization isn't required to set an objective for every OHSMS issue they identified. But the organization SHOULD set enough objectives to reduce risk and improvement health and safety in the workplace in a measureable manner. Focusing on objectives that provide the greatest improvement in employee health and safety is an effective way to do this. Organizations may find that focusing on the critical objectives often is associated with improvements in organizational performance.

It's not necessary to create objectives (or later, implementation plans) for "find and fix" issues that can be quickly resolved. Just take care of them.

Implementation Plans and Allocation of Resources

Once you've created the objectives, it's time to plan for putting this all into action. And that's why the final part of Z10, Section 4 deals with implementation plans and allocation of resources.

There are three basic aspects of this, as explained below.

Establish and Implement a Documented Implementation Plan

The organization may choose to create a documented implementation plan for each objective or a single plan that addresses multiple objectives.

The implementation plan should determine and define:

  • Resources
  • Responsibilities
  • Measurements of progress
  • Intermediate steps
  • Time frames

Assign Resources to Achieve the Objectives of the Implementation Plan

The first important thing is that you'll have to assign enough resources to perform the work in the time frame the implementation plan calls for.

Periodically Review and Update the Implementation Plan

It will be necessary to review the implementation plan on a periodic basis and updated the plan if necessary.

Changes in any of the following may call for a corresponding revision in the implementation plan:

  • Policies
  • Objectives
  • Activities
  • Products
  • Services
  • Operating conditions

Conclusion: Following ANSI Z10 to Plan an Occupational Health and Safety Management System (OHSMS)

That's our look at the process of planning an OHSMS system and at Section 4 of Z10's guidelines for doing so.

If you'd like to read all of the articles in this series on OHSMS, here they are:

In addition, know that OSHA has released their own Recommended Practices for Safety and Health Programs. We recommend you check that out or read our Safety Management Best Practices article, which is based on the OSHA guidelines. And of course, we've all learned that 45001 is now final and will be released soon, so watch for that as well.

Earlier in this series of articles, we mentioned that the standard comes with a very nice series of Appendices. Until this article, however, we haven't mentioned them much. Within Section 4, however, Z10 calls out a few of these Appendices in particular, so we thought we'd call them out here as well.

  • Appendix D, Planning-Identification, Assessment, and Prioritization, page 38 (mentioned in E4.1F, E4.2)
  • Appendix F, Risk Assessment, page 47 (mentioned in E4.1F, E4.2, E4.2A)
  • Appendix O, Bibliography and References, page 78 (mentioned in E4.2A)

Also, Section 4 itself calls out various other Sections of the standard a few times as well. These are listed here for you:

  • Section 3, Management Leadership and Employee Participation (mentioned in 4.1)
  • Section 5, Implementation and Operation (mentioned in 4.1, E4.0)
  • Section 6, Evaluation and Corrective Action (mentioned in 4.1)
  • Section 7, Management Review (mentioned in 4.1, E4.1A)
  • Section 6.4, Corrective and Preventive Actions (mentioned in E4.0)
  • Section 5.1.1, Risk Assessment (mentioned in E4.1F, E4.2)
  • Section 6.3, Audits (mentioned in E4.1H)
  • Section 4.3, Objectives (mentioned in E4.2)
  • Section E5.4 (mentioned in E4.2)
  • Section 5.1.2, Hierarchy of Controls (mentioned in E4.2A)

Hope you found this all interesting and helpful! See you a few articles down the line for the continuation of this series, in which we look at implementation and operation.

Want to Know More?

Reach out and a Vector Solutions representative will respond back to help answer any questions you might have.