ISO 45001 – Complicated, despised and rejected, but also loved

You may have heard about ISO 45001.  You may already be bored by it and started looking awkwardly at your shoes.  You may have started biting your nails or hitting yourself.  You can get help for that, but apparently ISO 45001 doesn’t have as many friends as it thought it had – a bit like your online friends that you’ve never met.  ISO 45001 is a safety management system standard that is meant to be a global replacement for similar standards such as the elderly BS OHSAS 18001 and ILO-OSH 2001.  It clearly takes some cues from ISO 31000 (guidelines on risk management).  You may wonder why it’s needed given the popularity of OHSAS 18001.  But when has that ever stopped anyone?

In the fast and furious world that is ISO (International Organisation for Standardisation), protocol is followed.  An initial draft is produced and published, which is supposed to stimulate public debate (I use ‘public’ in the narrow sense of only the public who happen to be interested).  It’s called a DIS (Draft International Standard).  And DIS ISO 45001 has been out for a while (since January 2016) and, well, stimulated debate.  Whilst it was generally accepted (around 70% of the voters on the committee), it’s ultimately been rejected because a significant minority (over a quarter of voters) didn’t like what they saw (‘could do better’ I guess).  That’s committee rules for you.  This means we’re unlikely to see ISO 45001 until early 2017 as they work through the thousands of suggested amendments.


But currently, all we’ve got to go on, in terms of basic shape and content, is the ISO DIS.  This standard follows the newer management system standard structure (described in Annex SL, but you’ll notice that ISO 9001 (Quality) and 14001 (Environmental) now have this).  This is unlikely to change as there is a view that consistency and integration is beautiful and there’s already too much ugliness in the world (obviously not everyone views an integrated EU like this….).  They  all have 7 core topic areas (Chapters) with ever so interesting titles  – Context of the organisation, Leadership and worker participation, Planning, Support, Operation, Performance Evaluation, and finally Improvement.

Like all of the management systems, there is a passing reference to the Plan-Do-Check-Act approach at the beginning, which is then never mentioned again.  Not sure why they feel they have to mention it , as it’s just a standard problem solving approach originating from quality management, but maybe it’s suppressed guilt.

One of the strangely controversial things that has been raised in this is the definition of risk.  I’ve talked to a few people (well, more than one) and they seem upset about that.  So, it must be a big deal.  It seems a small thing (trivial in fact) but definitions are definitions….and they can be divisive.  You’d expect a standard to nail definitions.

The definition used in OHSAS 18001 and ILO-OSH 2001 is of course that familiar to safety people – traditionally phrased in terms of likelihood and severity of something bad happening.  It’s focus is on the negative (avoid or minimise risk).  ISO 45001, taking its cue from ISO 31000, we see, firstly a rather alien version of the definition as “the effect of uncertainty” (which sounds more like someone selling insurance or other financial product).  This brings in the idea of positive and negative, which is a wider business meaning.  Health and safety people everywhere can find that alien, because they are brought up on the negative  – but regardless of how it is defined, the idea of positively taking risks (albeit through managing calculated risks) is a good and healthy one.  At the very least it stops you from being too risk averse.  Being too risk averse means you miss opportunities.  The idea of taking risks is certainly not alien to society – we regularly take on higher levels of risk which, although we’re not entirely happy with, we tolerate because we see there are benefits worth having for society as a whole (like cars, oil exploration and refining, chemical and pharmaceutical manufacture).   OK, we may still work on reducing that risk (unless you’re into complacency) but we accept it isn’t going to be as low as we’d like.

Not all risks are worth taking obviously – and some certainly need avoiding (I for one would like to avoid that comet striking the earth in my lifetime).  I do wish I wouldn’t worry so.

ISO45001 is not of course dead in the water.  There’s a lot that people liked about it.  They liked the font and, well, the font size.  So, there’s a lot to be thankful for.

Dr David Towlson