CHAPTER 7: PLANNING ACTIONS

Consistent with its PDCA approach, ISO 45001 requires an organisation to plan to:

•Address identified hazards, risks and opportunities;

•Address compliance with legal and other requirements;

•Prepare for and respond to emergency situations;

•Determine ways to integrate the above actions into its OHSMS; and

•Determine ways to evaluate the effectiveness of these actions.

7.1 Planning for risks and opportunities (ISO 45001:2018 Clause 6.1.4)

Clause 6.1.4 (a) of the Standard requires an organisation to plan how it will address the identified OH&S hazards, risks and opportunities. This requires plans for addressing issues such as:

a.What are the ‘controls’ needed to eliminate or reduce the determined OH&S risks?

b.Has consideration been given to the ‘hierarchy of controls’ in planning for reducing or eliminating OH&S risks?

c.Have resources required to procure, install or apply these ‘controls’ been identified and provided?

d.Have responsibilities been assigned to those who will implement the planned tasks?

e.Has the training, space, equipment and human resources needed to install or apply these ‘controls’ been identified?

f.Has the time period required to execute or apply these ‘controls’ been estimated?

g.Has the impact on other processes been considered in making these plans?

h.Does the plan include the method of determining effectiveness of ‘controls’ once they have been implemented?

i.What maintenance/monitoring/inspections would be necessary to ensure that the applied ‘controls’ will continue to remain effective?

j.Will new OH&S objectives be made to include new risk reduction measures, and if so, have they been defined?

Figure 2 provides a summary of planning controls for addressing OH&S hazards and risks.

7.2 Planning to address legal and other
requirements (ISO 45001:2018 Clause 6.1.4)

How does an organisation plan to address legal and other applicable requirements? The first step is to know its legal and other relevant obligations. The second step is to keep them updated by creating a process of accessing the sources (such as the regulatory bodies) for the latest laws. Having taken these measures, an organisation must:

•Determine the laws and other applicable requirements to which it complies and also those to which it does not comply;

•Carry out planning for actions, responsibilities, resources and the time frame to accomplish compliance to those requirements that are currently not being met by the organisation;

Figure 2: Summary of planning for implementing OH&S controls

•Create OH&S objectives to achieve the required level of compliance; and

•Create a system of measuring and monitoring to periodically re-assess and re-confirm that the organisation continues to remain in compliance with all its legal and other applicable obligations. This may involve testing, checking, measuring, monitoring and auditing.

7.3 Planning to ‘prepare for’ and ‘respond to’ emergency situations (ISO 45001:2018 Clause 6.1.4)

OH&S hazard identification and risk assessment highlights not just the existing risks, but also those that an organisation may encounter in emergency situations. Emergency situations may arise because of operational mishaps, failure of existing controls, human errors, external disorders or natural calamities. An organisation is not likely to be able to effectively respond to an emergency situation unless it has taken adequate measures to cope with such situations in its early planning stages. These measures are:

a. Identifying potential emergency situations that may be faced by an organisation.

b. Making plans that will keep the organisation ready or prepared to handle the identified potential emergency situations., including:

Preparing emergency procedures and plans;

Providing emergency training to all employees;

Having sufficient quantities of emergency equipment, such as fire extinguishers, smoke detectors, first aid facilities, etc.;

Defining and preparing emergency assembly areas;

Defining head count procedures;

Making emergency response teams and allocating emergency responsibilities;

Establishing fire hydrants and training firefighters and first aiders;

Identifying and highlighting emergency exit pathways;

Making arrangements for internal and external communication during emergency situations. This may range from loud speaker announcements to phone calls and press releases;

Planning how and when to carry out emergency drills, and defining how to monitor, measure and analyse the results of the drills to simulate various emergency situations; and

Communicating emergency procedures, responsibilities and expected responses to all concerned persons.

7.4 Planning to integrate actions and evaluate their effectiveness (ISO 45001:2018 Clause 6.1.4)

OH&S risks, regulatory requirements and emergency situations are not standalone events or issues for an organisation. They are deeply interlinked with almost every other process of the organisation’s OHSMS. Hence an organisation must plan to integrate these important issues with its OHSMS as well as its broader business processes. Here are some examples to explain how the OH&S risks, regulatory requirements and potential emergency situations are deeply linked with different processes of the OHSMS:

•The quality of hazard identification and risk assessment is deeply linked to experience, knowledge and competence of the risk assessment team. Hence the hazard identification and risk assessment process should cater for and be integrated with the training and development function within an organisation.

•The output of the risk assessment becomes a natural input for a number of other OH&S processes, such as selection of operational controls, measuring and monitoring, maintenance of plant and equipment, internal audits, OH&S objectives and management review.

•Operational controls resulting from the risks determined by an organisation may require purchase of new equipment and services. Hence the need to integrate the output of risk assessment with processes such as purchase, contractors, selection of suppliers and inspection of incoming materials.

•Risk assessment is a critical input to any task performed by contractors at an organisation’s premises. Besides hazards and risk assessment, the staff working on behalf of a contractor will typically also need awareness on issues such as OH&S policies, OH&S controls, legal requirements, job hazard analysis, emergency procedures and measuring and monitoring processes.

•Almost every individual in an organisation needs to be involved and made aware of the organisation’s OH&S policy, objectives, emergency procedures, potential hazards, safety precautions, incident reporting and consultation processes.

•The linkage between OH&S risks, OH&S objectives and planning for OH&S objectives cannot be over emphasised.

•Processes such as hazard identification, risk assessment, emergency preparedness, training, OH&S objectives and regulatory requirements often form the core of consultation and participation processes of an organisation. The above examples help explain why planning and creating linkages between various processes are essential for an effective OHSMS.