This is one in a series of articles about occupational health and safety management systems, or OHSMS. It's based on the ANSI/ASS Z10 standard, which we encourage you to buy.
In this article, we're going to take an extended look at Section 4, which is all about planning an OHSMS. That includes reviews, both initial and ongoing; assessments and prioritization of tasks; objectives; implantation plans; and allocation of resources.
In the sections below, we'll link you to all of the articles in this series, but for now, we'll dive right into this one.
And don't forget to download our helpful 10 Steps to Starting Safety Management infographic!
So, we're going to talk about planning an OHSMS. Let's start by seeing how planning fits into the entire process.
Z10 was written to fit the familiar Plan-Do-Check-Act workplace management method (PDCA), which is often associated with Dr. W. Edwards Deming.
As represented in a somewhat simple illustration, section 4 of Z10 covers planning and also neatly maps to the "Plan" phase of PDCA. (The drawing below is modeled after a few similar ones within Z10 itself.)
Because this is all part of a continuous improvement cycle, there's an initial planning phase and ongoing planning phases over time.
Now, let's take a deep-dive into what the standard says about planning an OHSMS.
We'll look at:
Within the context of the management system, planning is done to identify the more strategic activities that help identify the best opportunities for continual improvement. Operational plans (by "operational," the standard means "tactical equipment/task level processes and issues rather than management system processes or issues") are addressed in Section 5.
Planning should be performed in an organized, sequential manner that involves the following steps:
These steps are described further in the sections below.
As mentioned earlier, the planning process isn't something you do just once. Instead, it's an ongoing and recurring process. As a result, the planning process includes what's called an initial review and then later, periodic reviews.
The organization must create a review process for performing the initial review and for the later, ongoing/periodic reviews.
The purpose of that review process is to create a "gap analysis." In general terms, a gap analysis is the difference between the current state and an ideal state. In specific terms related to an OHSMS, it's the difference between the organization's OHSMS and the requirements for an OHSMS that Z10 sets out. That difference is the gap, and the ultimate goal is to close the gap.
An organization begins the gap analysis by gathering and then reviewing information to identify OHSMS issues. This includes gathering and reviewing the information necessary to establish the OHSMS or, in later cycles, to improve the OHSMS.
During this process, you'll be gathering and reviewing information about:
Your organization should document the process for conducting the review and also document the review itself. After that, your organization should use the same documented process (or an updated version) to perform the ongoing, periodic additional reviews. The organization should always keep documentation of the most recent reviews.
In order to identify the OHSMS issues, it's important to review a broad spectrum of relevant information. Doing so will allow for identification of system and operational issues. Items to consider in the review are listed below.
Reviews of business systems should focus on management system elements and not on specifics of operations. Examples include:
Remember to also review management systems that are not directly related to health and safety but may have an affect on health and safety. Examples of such management systems include procurement, engineering, performance, qualifications of employees carrying out OHSMS responsibilities, quality, environmental, and recognition systems.
It's also important--especially important--to direct attention to compensation systems.
All of these systems that are seemingly unrelated to safety and health can in fact have significant effects on safety and health in a positive or negative manner.
Although the primary focus on this section is on the management system itself, it still pays to review these operational issues. That's because many operational issues are caused by deficiencies in the management system.
Operational issues may include hazards, health and disaster-related emergencies, as well as emergency events that may arise from the characteristics of materials, processes, and activities of the workplace or of neighboring activities.
If there are OHSMS issues that have been identified before, gather information about them (and/or confirm that the existing information about them is accurate and up-to-date).
Resources may be external or internal and include things like funding, personnel, equipment, mechanisms, and results of employee input into the OHSMS and data systems.
For more about risk assessments, see Section 5 and Appendices D and F of the standard.
Evaluations should include data such as:
If the organization hasn't yet completed a workplace inspection, it should do so as part of the review.
Gather all relevant information derived from employee participation in the OHSMS for this review. This is covered in section 3 of the standard.
Audits can provide information that's useful during the planning review process.
For example, the standard notes that "internal audits can check whether the risk assessments performed reflect the actual workplace conditions and practices."
Management system audits are explained in more detail in 6.3. The review of audits performed for Section 4 (planning) does NOT replace the audit process set out in Section 6.3.
According to the standard, other relevant activities to review for issues may include things like contractor activities, maintenance, and non-routine operations.
Once the information has been gathered and reviewed, and once the issues are identified, it's time to assess the issues and prioritize them for action on an ongoing basis.
This takes place in four phases:
You should select the method of assessment based on the type of issue, the nature of the risk, or operations. For example, Z10 says: "...system issues such as lack of a Management of Change process or a non-conforming Management Review process may be assessed using multiple methods that consider level of risk imposed, financial impact, and regulatory compliance."
Setting priorities may require judgements based on several factors, such as:
For more on assessment and prioritization, see Appendices D and F of the standard.
Once the process has been established, define and document the process so you can use it periodically to help identify new objectives. Once a prioritized list of OHSMS issues has been created, document the list. See Section E5.4 for more on this.
Let's look at each of the aspects in more detail.
Assessment of risk should include factors such as:
Although you'll be making assessments for this section, remember that they're only for prioritizing occupational health and safety issues and they're likely not complete or sufficient to determine appropriate hazard controls. You can see 5.1.2 for more on the hierarchy of controls.
For more on risk assessment methodologies, see Appendices F and O.
You should establish the priority for addressing concerns based on a number of considerations, including:
Underlying causes that may be related to system deficiencies and that can contribute to hazards and risks could include things like the following:
The next step is to then create a process for setting objectives based on the identified and prioritized OHSMS issues and, of course, to create those objectives.
The objectives should be based on the OHSMS issues that offer the best chances for risk reduction and OHSMS improvements. When possible, the objectives should be expressed in a quantifiable manner.
The number and content of the objectives should be:
You should measure progress toward achieving these objectives when possible and appropriate. In addition to setting the objectives, you should review and modify them at appropriate time intervals to reflect the efforts of the continuous improvement cycle. Objectives should be modified when information changes and/or when conditions that impact the schedule or possibility of meeting the objectives change.
According to the standard, an organization isn't required to set an objective for every OHSMS issue they identified. But the organization SHOULD set enough objectives to reduce risk and improvement health and safety in the workplace in a measureable manner. Focusing on objectives that provide the greatest improvement in employee health and safety is an effective way to do this. Organizations may find that focusing on the critical objectives often is associated with improvements in organizational performance.
It's not necessary to create objectives (or later, implementation plans) for "find and fix" issues that can be quickly resolved. Just take care of them.
Once you've created the objectives, it's time to plan for putting this all into action. And that's why the final part of Z10, Section 4 deals with implementation plans and allocation of resources.
There are three basic aspects of this, as explained below.
The organization may choose to create a documented implementation plan for each objective or a single plan that addresses multiple objectives.
The implementation plan should determine and define:
The first important thing is that you'll have to assign enough resources to perform the work in the time frame the implementation plan calls for.
It will be necessary to review the implementation plan on a periodic basis and updated the plan if necessary.
Changes in any of the following may call for a corresponding revision in the implementation plan:
That's our look at the process of planning an OHSMS system and at Section 4 of Z10's guidelines for doing so.
If you'd like to read all of the articles in this series on OHSMS, here they are:
In addition, know that OSHA has released their own Recommended Practices for Safety and Health Programs. We recommend you check that out or read our Safety Management Best Practices article, which is based on the OSHA guidelines. And of course, we've all learned that 45001 is now final and will be released soon, so watch for that as well.
Earlier in this series of articles, we mentioned that the standard comes with a very nice series of Appendices. Until this article, however, we haven't mentioned them much. Within Section 4, however, Z10 calls out a few of these Appendices in particular, so we thought we'd call them out here as well.
Also, Section 4 itself calls out various other Sections of the standard a few times as well. These are listed here for you:
Hope you found this all interesting and helpful! See you a few articles down the line for the continuation of this series, in which we look at implementation and operation.
