These days, a lot of people drive for work (some are even driven by work….). Some people always have done – like delivery drivers, sales representatives, repairmen, community nurses, traffic police and enforcement officers. But even if you aren’t one of these people, you probably do a little bit of driving – the odd client visit, usually in your own car (because it’s convenient) but sometimes a fleet vehicle or hire car.
Because there’s such a lot of it, companies have sometimes tried to manage it. You may not know, but someone else has tried to manage it too – or rather to manage the management of it. In 2012, a standard on the topic was published – ISO 39001: Road Traffic Safety Management Systems. Like all safety management systems – it’s just a tool to help you manage a specific area (the clue being in the name). Whilst this safety management system is compatible with all the other safety management systems out there, the focus on road traffic safety is justified based on the relatively large number of accidents and near misses out there on the roads. ISO 39001 tries to tell you what elements of good practice in this area look like. But it won’t suite everyone and, well, the structure can seem a bit weird if you’re just used to reading novels or comic books. But the idea is that instead of a whole load of random, reactive actions to control road traffic risk, you have a holistic, systematic approach, with tailored performance indicators (to focus your mind). Think of it like ‘well-being’ or ‘mindfulness’ for road traffic risk.
So what does it have to say?
As with many of these standards these days, ISO are keen to point out that you need to understand the “context of your organisation”. This is a mysterious phrase but in practice, means looking at where you are now (what do you already have in place) and understanding where you need to be. So, you look at the issues relevant to you (like – are you just a delivery business), what you have under control (or what you can control), and what you want to get out of it (which will also include what others might expect you to do, what the law says) and what you can afford to do (your resources). These questions then affect the scope (size, extent) of your system.
The standard then outlines a number of elements that you should have in place. Not surprisingly – first up is having a policy. This isn’t like a policy of a political party – a vague aspiration to get you elected and which you have no intention of following through. No, it’s supposed to be an indicator that top management (those people in charge, with the really big, expensive cars that they drive really, really fast) are committed to the whole venture. Coupled with this is assigning, to a specific individual, the job of implementing it all into a management system.
Implementing an RTSMS is then a series a of steps. Though it gives these as separate logical steps, to my mind, they could quite easily all be combined into a single risk assessment format anyway:
- Review your current performance – this helps you focus on significant issues to address in your risk assessment (this is formally next, but actually the risk assessment process helps you review where you are anyway, because it’s natural to note down what you already have in place and whether it’s OK or you need more).
- Assess your RTS risks (and opportunities) – risk assessment by another name.
- Select ‘RTS performance factors’ to work on improving first. It’s a strange phrase, but these are just elements of road traffic safety that are considered important to get right – like driver fitness and using seatbelts, for example. The standard contains a suggested list of these, but you need to select the ones to work on that are relevant to your organisation and the risks you already identified). This list is also handy to keep in mind as a checklist for your risk assessment (previous step).
- Then plan to fix them (objectives, targets, detailed plans) – this is the action plan to implement control measures.
In common with all other management systems of this type, the standard then goes on to describe monitoring, audit, management review and continual improvement. This is always the bit that people fall down on, in my experience. That’s because the thought of auditing is worse than doing it, so people can put it off or do audits which never find anything (or always recommend yet another procedure or an amendment to an existing one or adding a comma here and there – like that would solve the problem that people aren’t following the existing one, never mind the tweaked version).
So there you are – ISO 39001:2012 – now showing in all good cinemas (well, someone should make a film about it).
Dr David Towlson