BS OHSAS 18001 for Small to Medium Sized Enterprises? (SMEs)
Introduction
The British Standard OHSAS 18001:2007 Occupational Health and Safety Management Systems is an internationally used standard that sets out the minimum requirements for a best practice occupational health and safety management system. It is a more quality system-based approach than HSE’s own standard HSG 65 Successful Health and Safety Management. It is also readily compatible with other quality standards such as BS EN ISO 9001:2008 (for quality management) and OHSAS 14001 (environmental management systems).
The general perception is that it is more suited to large, international organisations but can it also help SMEs?
Occupational health and safety can be seen purely in terms of legal compliance, or it may be implemented with a wider management system with goals, targets and the desire for continual improvement. This is where something such as BS OHSAS 18001:2007 (which we will refer to as “18001”) can be beneficial. However, there needs to be a clear set of reasons why a small to medium-sized enterprise (SME) decides to go down this route. This article will explain some of the issues that need to be considered.
More than just compliance
18001 is not yet an International Standard but it was adopted as a British Standard in 2007. It was based on an earlier assessment specification, so 18001 in one shape or form has been around since the late 1990s. Those organisations that first adopted it tended to be large businesses working in higher-risk sectors such as chemicals and construction, although this has gradually extended to a wider mix of both sizes and sectors.
18001 has close links to ISO 9001:2008 Quality Management System, with which many SMEs are familiar. It may be tempting to think that if one has achieved ISO 9001 certification it will only be a small step to add 18001 to an SME’s achievements. However, this may not always be the case.
There are some similarities to ISO 9001, eg the need for a documented management system; records and document control; and management review meetings. 18001 is also based on a “Plan-Do-Check-Act” cycle — commonly referred to as PDCA. This is often shown as a circular process model, where each of the four PDCA elements continually feed into one another. For an SME this is likely to mean that policies, processes and procedures should be kept under regular review and continual improvement will flow from this cycle.
However, there are some significant differences with 18001, even with some familiar terms the reader may recognise from ISO 9001:2008.
More than legal compliance
First, to achieve 18001 certification more than legal compliance is needed. An organisation can be fully legally compliant in respect of health and safety but still not meet all 18001 requirements. In a management system such as 18001, there needs to be a clear policy statement with a commitment to occupational health and safety. This should not be a “cookie cutter” statement culled from other sources simply because it sounds “about right”. An SME, in particular, should be deciding at the outset why it wants to have a management system for occupational health and safety. It should then be able to define the goals it intends to achieve with it, identify the budget to do this and consider how it will maintain it over the coming years.
For example, if the business wants to improve something specific, such as occupational health monitoring of its staff, or meet a key customer’s health and safety expectations, then these could be valid starting points. However, an effective policy is more likely to come from deciding how health and safety can be related to competitive advantage, i.e. improving efficiency and the cost base.
Is safety a cost or benefit?
The cost of safety is sometimes seen as an overhead, but, of course, that may not be so. A safe system of working is only achieved by keeping working methods under continual review, then amending or refining them as necessary, as well as periodically monitoring their ongoing performance (including the human beings involved with them) — that is, a PDCA. Some would say a safe system of work leads to an efficient system, too. Efficient, safe systems of work should be more cost effective and will potentially provide a business with more capacity to undertake further work. If an SME does not agree with this view then implementing 18001, let alone having it assessed by a certification body, could be an uphill struggle.
Second, there needs to be a clear acceptance that risk needs management. To explain this, one can look at “risk appetite”. This simply means that organisations have different levels of risk acceptance. Those that are risk adverse will be prepared to spend more resources in treating risks either to minimise the likelihood of occurrence or any subsequent impact. Others prefer to take more of a gamble, albeit a considered and measured one. However, the risk of being prosecuted, the risk of being sued, the risk of having liability insurance withdrawn and the risk of losing working time due to occupational injury or ill health is unacceptable to any SME — typically it will not have the resources to manage these scenarios without enormous relative cost and disruption. If an SME chooses to say something like “we have never had any accidents and probably never will”, that might suggest that it could be trying to assess risk but is failing to manage it.
Another requirement of 18001, which seems to have similarities with ISO 9001, relates to objectives and programmes. However, with occupational health and safety these need to be quite specific targets that the SME can consistently deliver on and monitor. Briefing staff on how to identify and report on near misses, or improving working at heights training, could be examples. However, again, these objectives cannot be “one size fits all” solutions. They will cost time and, therefore, money to implement and monitor, so they need to be concerning things that are important to the business.
More straightforward for SMEs
For 18001 certification, it is not enough for an organisation to consider itself as meeting all legal, regulatory, trade and any specific customer expectations for health and safety. There needs to be a system in place that enables these compliances to be monitored and maintained. For an SME this can be more straightforward than for larger businesses, where extensive auditing and reporting will need to be undertaken due to the size, complexity and volume of activities.
There are some other aspects of 18001 that may be more straightforward for an SME to implement. Emergency preparedness and response requirements relate to how an organisation risk-assesses any safety emergencies that could occur during normal business operations, and how these would be responded to, including testing the resources identified for emergency response. This could include additional staff training.
For a large organisation this can be complex, but with many SMEs it can be straightforward. First-aid provision and appropriate fire safety activities, including drills, may be sufficient. However, if the SME conducts work at height or in confined spaces, then implementation may prove more complicated. However, SME employers could first ask themselves when they last checked if matters such as first aid or fire safety provision were still adequate — compliance wise — and whether they still meet expectations. The results may be surprising.
As with other 18001 requirements, reviewing straightforward matters can often lead to simple but crucial fixes, just as much as looking into anything that seems more complex.
18001 – yes or no?
This article aims to give a realistic view of what implementing 18001 can involve. It does not attempt to cover all 18001 requirements. Nor does it aim to support or negate 18001 because, like all management systems, it can be very powerful or, in the worst case, it can simply become something to be worked around. With an SME, 18001 can be a springboard to focus on achieving more effective systems of work, as well as better trained and motivated employees, especially in sectors where safety has a high profile.
The key message is that 18001 should not be seen as a badge-hunting expedition. If the 18001 policy and objectives cannot be lived, then an SME should be looking at other ways of refocusing its improvement goals.