ISO 45001:2018 is the occupational health and safety management system standard. It was published in 2018. In this exclusive piece, we have tried to present all the terms and definitions related to ISO 45001, with appropriate explanation with our consulting experience.
The 3rd clause of the standard ISO 45001:2018 defines terms and definitions. The term “organization” is defined in clause 3.1 as “Person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives.”
The clause further explains the concept of organization in following forms:
An illustration of part of an organization of a manufacturing firm is given in the below image.
An organization can be a combination from the above forms, and can be public or private. OH&S management system is implemented on these organizations discussed above. The standard uses the term organization as a whole at multiple places within the standard, thus the true concept should be understood and not misinterpreted.
3.2 Interested Party
Interested party is an important inclusion in the latest ISO 45001:2018 standard. It was not much considered in OHSAS 18001:2007 standard. The term is defined in clause 3.2 of the standard. The term is also referred as stakeholder as an admitted term in lieu of interested party.
The term is defined as “person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity.”
Examples of Interested parties for occupational health and safety management systems are employees, management and shareholders, external parties, contractors and service providers, manufacturing partners, government or legislative bodies, pressure groups, neighbors and trade unions, and the company insurers’ etc.
Learn the documentation required by ISO 45001:2018 on the concept of interested parties.
The inclusion of Interested parties have important role in occupational health and safety management system. The organization will be required to conduct analysis regarding it’s context in which interested parties and their needs and expectations will also be listed. Then organization will identify the significant needs and expectations and will plan actions against each significant need or expectations.
The standard ISO 45001 defines the term “worker” in clause 3.3 as “person performing work or work-related activities that are under control of the organization”.
The concept of worker in the standard is bit different than what is perceived in industries. The term worker in the standard also includes top management, managerial together with non-managerial staff. More the term also includes following under its domain as per standard:
- Workers of external providers
- Agency workers
- Other persons whose work-related activities are under control of the organization
All different factions of the term “worker” compose an important part of organization‘s interested party. Each faction may have their own needs and expectations related to the occupational health and safety management system. The standard also encourages workers’ participation and consultation in the decision making process on the organizations OH&S performance.
“Participation” is a term defined in the standard ISO 45001 in clause 3.4 as “involvement in decision making” regarding occupational health and safety management system. It includes the involvement of health and safety committees and workers’ representatives or by any other body of the organization.
The ownership of the health and safety system comes with the involvement of the worker and staff in decisions, thus the standard clearly defined this term as above. Participation is different as compare to consultation, in a way that it makes workers part of the decision making process however consultation just sought their views on the decision. In consultation, management may consider the views based on the weight and merit of views presented.
Check if there is any requirement of documentation for participation.
Participation is a democratic style of management where opinions found in an organization are directly considered in making occupation health and safety management related decisions. This actually means a more empowered role of workers in the management system, giving workers an increased level of ownership and involvement.
“Consultation” is defined in 3.5 clause of the standard ISO 45001 as “Seeking views before making a decision”. Consultation includes engaging health and safety committees and workers’ representatives in the decision making process as consideration of workers’ views.
It is related with the terminology of participation, but is limited to obtaining views of workers’ before making a decision. It is not necessary that the views become the major input of the decision process, it can be made on the basis of merit. However in participation, workers become part of the decision making process.
Check if there is any document required for consultation by the standard.
Consultation is also a style of management which is a consultative style of management, in which there is less liberty and involvement as compare to the democratic style. However consultative style offers more liberty than the autocratic style of management in which the top management directs what to be done and there is no view seeking. However consultative style is a balanced approach perceived by many experts compare with the autocratic and democratic styles of management.
Workplace is defined in the standard ISO 45001:2018 as “place under the control of the organization where a person needs to be or to go for work purposes.”
Workplace is important and is of-course a physical entity with defined periphery. Big Organization with bigger workplaces employ area managers as responsible for the area.
Check for mandatory documents for workplace in list of documents required by ISO 45001.
Moreover the scope of the occupational health and safety management system is also re-validated with the site visit of the workplace.
The organization‘s responsibility for a workplace is dependent on the level of control the organization has on the workplace. The area within the management of an organization has its direct control thus the workplace is completely under the control of the organization. If the workplace is at the contractor premises, then organization can only influence the contractor’s workplace but cannot control it solely.
ISO 45001:2018 defines contractor in clause 3.7 as “External organization providing services to the organization in accordance with agreed specifications, terms and conditions”. The standard further says that services also include activities related to construction as well. Contractor is an interested party for the organization’s management system.
There are two types of circles i.e. circle of control and circle of influence. In organization’s circle of control, all contractors’ work is the responsibility of the organization. Outside the circle of control, the organization has to create an influence on contractors to work safely with necessary protocols.
Therefore the contractor working at the premises of organization has to follow all occupational health and safety related operational controls developed by the organization. However a contractor doing work outside and organizations scope will also be influenced to take necessary measures in order to control safety at any other place of contractors’ scope.
During the selection of contractors, their performance related to occupational health and safety should be considered, in addition to quality of the services they provide. It is pertinent that the terms related to occupational health and safety should be incorporated in the terms and conditions of the contract done with contractors. It will create a contractual binding for them to comply with.
The ISO 45001 defines the term “requirement” as “need or expectation that is stated, generally implied or obligatory”.
“Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is referred.
A specified requirement which is obligatory is one that organization clearly states in its management system with the help of a standard or a legal requirement. For instance the requirement of documented information. The standard has mandated documented information as requirement at number of places in different topics. The documented information required in different areas have been listed for help.
3.9 Legal Requirements and other requirements
The standard ISO 45001:2018 defines legal requirements as “legal requirements organization has to comply with”, whereas standard defines other requirements as “an organization has to or chooses to comply with”. Therefore it means legal requirements are mandatory to comply with, other requirements includes contractual obligations and other voluntary conditions the organization chooses to comply with.
For the purposes of this document, legal requirements and other requirements are those relevant to the occupational health and safety management system.
Check what documents are required for legal and other requirements.
“Legal requirements and other requirements” also incorporate the articles in mutual or group agreements Legal requirements and other requirements also incorporate those that determine the persons who are workers’ representatives in compliance with laws, regulations, collective agreements and common practices.
3.10 Management System
ISO 45001:2018 defines Management system as “set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives”.
A management system can address a single discipline or several disciplines. For example a management system can focuses on quality which is known as the quality management system, or it can also focus on environment and thus is known as environmental management system. In the case of ISO 45001, it is the occupational health and safety management system.
The system constituents incorporates the company’s organizational structure, roles, responsibilities and authorities. Moreover management system also comprises of planning part for operations, operation itself, evaluation of operational performance and of course the ultimate objective of management system is improvement.
See list of documents required by management system for ISO 45001:2018 and OHSAS 18001:2007
The scope of a management system may incorporate the complete or whole organization, particular and specified functions of the organization, particular and specified organization’s sections, or scope can be a singular or multiple functions around a group of organizations.
3.11 Occupational Health and Safety OH&S Management System
The standard ISO 45001 defines Occupational health and safety management system (which is also known as the OH&S management system) as “management system or part of a management system used to achieve the OH&S policy”.
The intended deliverable of the OH&S management system are to prevent injury and ill health in the workplace and to preserve and improve the health of workers. Furthermore the outcome of the system is to provide safe and healthy workplace.
The common terms used in industries are synonyms of each other. These terms are OH&S i.e. “occupational health and safety” and OSH i.e. “occupational safety and health”. Both terms have the same meaning.
OH&S policy defines the OH&S objectives of the organization. Thus a system designed to achieve and manage OH&S objectives is named as the OH&S management system.
3.12 Top Management
ISO 45001 explicates the terms “top management” as “person or group of people who directs and controls an organization at the highest level”.
Top management is the leadership of an organization who has the rights to delegate authority and offer resources within the organization. Top management is considered to be ultimately responsible for the OH&S management system.
If the scope of the management system comprises only one constituent of an organization, then top management refers to those who direct and control that part of the organization.
It is the top management who defines the OH&S policy of the organization. It is their leadership to translate the objectives sought from the policy to down the line. Top management has to make sure they take part in performance evaluation of the system by management reviews at defined frequency. It is their responsibility to examine results of internal audit.
The role of top management is a role of leadership, dedication and commitment towards the well being, safety of personals and improved workplace in an organization implementing OH&S management system. Without the support of top management, it is wisely said that OH&S management system cannot be maintained.
Standard ISO 45001 defines “Effectiveness” as “extent to which planned activities are realized and planned results achieved”.
Effectiveness is an important concept in ISO management systems like ISO 9001, ISO 14001, ISO 50001, ISO 45001 & other management system standards. Due to this concept the number of actions taken are verified in reality and the impact of actions are monitored.
Why is there a need to measure effectiveness? It is possible that the root cause of a non-conformity is defined incorrectly and the analysis is erroneous. Therefore the corresponding corrective action based on the root cause will also be wrong. Thus corrective action will not prevent the nonconformity occurring again. Therefore it is through Effectiveness analysis, a wrong corrective action and wrong root cause can be identified and evaluated and thus corrected.
Examine which document of non-conformity and corrective action require effectiveness.
Effectiveness analysis of actions taken is also applied on actions taken to achieve OH&S objectives. Effectiveness check is actually a performance evaluation tool for the corrective actions taken.
ISO 45001 defines the term “Policy” as “intentions and direction of an organization, as formally expressed by its top management”.
Policy is a top level document that shows the commitment of top management and Organization’s leadership regarding the performance of a management system. The policy dictates organization’s objectives, which will be worked upon by different departments of organization.
Is policy a mandatory document? Check in the mandatory list of documents for ISO 45001
Different management systems have different associated policies for showing their intend towards the management system outcome. As we know quality policy is made for quality management system, environmental policy for environment management system and occupational health and safety policy for OH&S management system. An organization can make integrated management system will have an integrated policy for multiple management system.
3.15 Occupational Health and Safety OH&S Policy
ISO 45001 defines “OH&S policy” as “policy to prevent work-related injury and ill health to workers and to provide safe and healthy workplaces”.
All attributes of policy applies to occupational health and safety policy i.e. commitment of top management regarding management system which is health and safety, source of defining OH&S objectives, a driver of continual improvement and the driver of company’s management system.
The occupational health and safety management system policy can be integrated with environmental policy and known as environmental health and safety i.e. EHS policy. EHS policy can also be integrated with quality policy and is called as quality, health safety and environmental policy i.e. QHSE.
Check OH&S Policy if it is in mandatory list of documents required by ISO 45001.
The integrated health and safety policy with other management system is also known as integrated management system policy.
ISO 45001 defines the term objective as “result to be achieved”. Objectives can relate to different disciplines for example financial, health, safety, and environmental goals. Objectives can be applied at different levels for example project, product, strategic, department, organization-wide and process).
The standard further clarifies that an objective can be on following domains:
It is the policy of organization that defines the organizational objectives. Objectives are therefore extracted from the policy of the organization.
Check if documented information is needed for organizational objectives.
An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an OH&S objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
3.17 Occupational Health and Safety OH&S Objective
ISO 45001 defines the term “OH&S objective”as “set by the organization to achieve specific results consistent with the OH&S policy”.
It means that the targets are set in the form of objectives and objectives are consistent with policy of occupational health and safety management system. Objectives are made so that specific results can be obtained from the activities taken in order to fulfill those objectives.
Objectives are usually founded on the notion of “SMART” i.e. specific, measurable, achievable, realistic and time bound. If objectives are made considering SMART principles it is likely for an organization to achieve those targets, since it will be easier for the people to follow for completion of different activities defined within that objective.
See if document of objectives is needed by ISO 45001 in mandatory list.
Examples of OH&S objectives includes zero accidents, reduction in loss time injury, increase safe working hours, decrease in number of reports for unsafe acts or unsafe conditions etc.
3.18 Injury and Ill Health
ISO 45001 defines “injury and ill health” as “adverse effect on the physical, mental or cognitive condition of a person”.
These adverse effects include occupational disease, illness and death. When we say occupational disease or occupational illness it means that the illness or disease is related or is an outcome of the work.
The term “injury and ill health” implies the presence of injury or ill health, either on their own or in combination. The whole occupational health and safety management system focuses to prevent injury and ill health due to work.
Organization is required to keep the records of injuries and ill health in incident reporting.
In-fact the recordable incidences related to injury and ill health is one of the performance monitoring criteria for the effectiveness of the system. Good companies try to target zero occupational injury and ill health as their OH&S objective.
ISO 45001 defines the term “hazard” as a “source with a potential to cause injury and ill health”.
Hazards can include sources with the potential to cause harm or hazardous situations, or circumstances with the potential for exposure leading to injury and ill health.
Hazards are existent due to unsafe conditions and unsafe work practices. Unsafe conditions poses a source of potential harm. Also unsafe act creates a situation of injury or damage.
As per ISO 45001, Hazards should be identified in risk registers and associated risk is calculated for actions.
ISO 45001 mandates implementing organizations to carry out hazard identification analysis of the workplace so as to carry out risk analysis. Together the process is known as hazard identification and risk assessment i.e. HIRA.
ISO 45001 defines the term “risk” as “the effect of uncertainty”. The standard further explains that the effect is a deviation from the expected. This effect can be positive or negative.
Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. Risk is often characterized by reference to potential “events” and “consequences” or a combination of these.
See if it is necessary to maintain documented information on risk in ISO 45001.
Risk is often expressed in terms of a combination of the severity and consequences of an event (including changes in realities) and the related likelihood or occurrence. Therefore risk is commonly a multiple of severity and occurrence and given by;
Risk = Severity x Occurrence
The joint terminology of “risks and opportunities” is utilized in ISO 45001, which means OH&S risks, OH&S opportunities and other risks and other opportunities for the management system.
3.21 Occupational Health and Safety OH&S Risk
ISO 45001 defines “Occupational Health and Safety i.e. OH&S Risk” as the “combination of the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and the severity of injury and ill health that can be caused by the event(s) or exposure(s)”.
It means OH&S risk is also a risk but is related to hazards existent in the workplace and not other business and financial risks. The standard specifically defines OH&S risks as the combination of probability of occurrence, and the severity of the hazard.
See if OH&S Risks’ documented information is requirement of ISO 45001.
Occurrence is the frequency of the happening that is expected regarding that issue or hazards, where as the severity is the impact of the hazard if it occurs. Severity in OH&S perspective can be fatal, disability, first aid case, or near miss.
Organizations has to bear financial and reputation losses for OH&S risks that are not avoided in the form of accidents where they have to compensate the workers financially with lost reputation.
3.22 Occupational Health and Safety OH&S Opportunity
ISO 45001 defines the terms “Occupational health and safety OH&S opportunity” as “circumstance or set of circumstances that can lead to improvement of OH&S performance”.
Opportunities are inverse impact of risk where there is ample opportunity for the organization to improve instead of a negative impact, it is a positive vibe for the organization.
Opportunity can be rated in subjective basis and can be converted on corresponding numeric if the criteria is developed in an organization.
See the document for opportunity you have to maintain for ISO 45001 implementation.
The purpose of considering OH&S opportunity in the OH&S management system is the fact that organization should take into account positive prospects in order to maximize them in favor of the organization.
ISO 45001 defines “competence” as “the ability to apply knowledge and skills to achieve intended results”.
Competence is different from awareness and knowledge. For example a person is giving awareness on how to drive a car. Just by getting knowledge of car driving is not enough to drive a car until the person is able to apply that knowledge appropriately. This ability of driving a car correctly comes with the exercise, experience, skills and basic knowledge. This ability of driving a car is known as competence.
Does ISO 45001:2018 requires any documented information on competence? Find out.
Competence comes with experience of doing some specific job, it is the art of doing the work right, skillfully and with dexterity. Therefore the work of production management, supervision, training, operating a machine are all areas of competence where just awareness and knowledge is not enough to lead and perform the job.
Competence is important in occupational health and safety management. It is because a competent operator can drive the machine safely and will ensure health and safety at workplace. A competent fork-lifter operator knows the safety issues within fork-lifter driving. This is the reason competence requirement is one of the primary requirements of ISO 45001.
3.24 Documented information
ISO 45001 defines “documented information” as “information required to be controlled and maintained by an organization and the medium on which it is contained”.
Documented information can be in any format and media, and from any source. Documented information can refer to following:
- The management system, including related processes
- Information created in order for the organization to operate documentation
- Evidence of results achieved i.e. records
Documented information is the blood of management system, it is the flow, accessibility and legibility of information that makes a management system robust. A management system having a sluggish retrieval of information cannot yield desired outputs.
See list of documented information, organization has to maintain for ISO 45001:2018 conformance and fulfillment.
Documented information should be controlled by the management system department. It should have a valid approval system recognized by the organization. It should be available at point of use. Retention period of records should be defined and thus records should be maintained accordingly.
ISO 45001 defines “process” as “a set of interrelated or interacting activities which transforms inputs into outputs”.
Process approach is considered an important part of the management system standards of ISO. It is through a process approach, elements of a complex process are simplified, analyzed and improved.
The processes needed to address risk and opportunities in the health and safety management systems needs to be documented. See the list of mandatory documents required by ISO 45001.
Similarly in the analyzation of process where inputs, activities and outputs are identified and their interaction and interrelation is studied out. The hazards related to inputs, activities, and interrelation of the elements can be easily identified. It is the reason that the process approach is given due important in the OH&S system as well.
Procedure is defined in ISO 45001 as “a specified way to carry out an activity or a process”.
The standard further explains that procedures may be documented or not. The procedure is essential for organizations so to avoid variations in their processes and standardize the way of doing a work or an activity.
When we say procedure is a standard way of doing a work or a process it means that the specific way has been validated by the organization as best for the purpose of delivering intended results.
See the list of mandatory documents required by ISO 45001, where documented procedures can be developed.
Thus the concept of procedure is important for occupational health and safety system since in many processes safe way of doing the work or activity should be defined by the organization as a procedure which can or cannot be documented depending on the reality of the organization i.e. the understanding, capability, and skill of the labor and the expertise involved in doing the processes.
3.27 Performance – Measurable result
ISO 45001 defines “performance” as a “measurable result”.
The standard further explains that Performance can relate either to quantitative or qualitative findings. Therefore the corresponding results can be determined and evaluated by both qualitative or quantitative methods.
The standard further clarifies that performance can relate to the activities management, processes, services and products, systems or organizations.
See if there is any documented required under the clause 9 i.e. Performance evaluation of ISO 45001.
The basic purpose of all management system standards is a desired outcome, an increased effectiveness and a better performance. All outcomes, results of effectiveness is monitored through performance evaluation. Thus Performance is an important concept almost in all management system standards and thus ISO 45001 also incorporates this concept in it’s management system evaluation cycle.
3.28 Occupational health and safety OH&S performance
ISO 45001 defines “occupational health and safety performance” as “the performance related to the effectiveness of the prevention of injury and ill health to workers and the provision of safe and healthy workplaces”.
As already explained, performance is an important concept incorporation in the standard. The ninth chapter of the standard ISO 45001 talks on performance evaluation. There are three major clauses within that i.e. monitoring measurement analysis and performance evaluation, internal audit, and management review.
With the standard giving so much importance on performance which is the check part of the PDCA cycle of management system standard, it is evident that all constituents of the management system is designed so as to improve the performance of the OH&S management system.
After chapter ninth i.e. performance evaluation, the standard talks on improvement. It means that after the evaluation of current performance it is mandatory for the organization to improve the existing performance with a continual approach towards improvement.
Standard ISO 45001 defines “outsource” as “making an arrangement where an external organization performs part of an organization’s function or process”.
The standard further clarifies that an external organization doing the outsource work is outside the scope of the management system, although the outsourced function or process is within the scope.
It is clearly evident from the explanation of standard on the term of outsource that the outsource work does not limit the liability of the organization rather organization has to make arrangements where necessary protocols are taken care of considering the occupational health and safety issues.
See if there is any document mandatory by ISO 45001 on outsource processes.
Outsource processes and activities thus can be controlled in way of making a such a contract where the external organization is binded by the contract to follow protocols so as to ensure the health and safety of personals involved. The extend of the protocol depends on the type, magnitude and complexity of the work carried out externally.
ISO 45001 defines the term “monitoring” as “determining the status of a system, a process or an activity“.
The standard further explains that if anyone needs to determine the status, there may be a need to check, supervise or critically observe, therefore monitoring is needed.
Monitoring involves continual checking, and critically observing along with supervision. It is done so as to examine change of the performance level against what is required or needed. The role of most of the managers involves monitoring as key part of their jobs.
Does ISO 45001 demands any document on monitoring or not?
Examples of monitoring are interviewing personals, reviews on documents, and observations on work. The basic motive behind monitoring is the same i.e. to improve performance of the process, activities and systems.
ISO 45001 defines “measurement” as“process to determine a value”.
OH&S management system defined by ISO 45001, incorporates measurement as an important concept, since it is a numeric value for a parameter. Measurement is very important in quality management system and so it is needed in occupational health and safety management system as well.
Measurement is the source of quantitative data, and in the occupational health and safety management system it is the number of record-able incidences, level of exposure to a hazardous substance by a calibrated measuring instrument, and the minimum distance to be maintained from a hazard as safety distance etc.
Check if ISO 45001:2018 requires documented information on measurement.
Thus measurement is an important tool of performance evaluation phase of the management system as it is the foundation for numeric data that helps the management to take appropriate decisions at the right time.
ISO 45001 defines “audit” as a “Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled”.
An audit can be of following types on the basis of auditee and auditor relationships:
- An internal audit known as first party audit
- An external audit known as second party (customer audit) or third party (regulatory body or auditing organization)
- Combined audit (combining two or more disciplines). An internal audit is conducted by the organization itself, or by an external party on its behalf.
Learn about audit techniques in an online free course.
Internal Audit is part of performance evaluation and one of the most important tool to check the health and effectiveness of the management system. Third party audit and customer audits are done to assess subscription to voluntary standards and contractual obligations respectively.
Check what documented information is required for internal audits.
For ISO 45001, companies has to go through a third party voluntary audit in order to conform themselves against the requirements of ISO 45001. Thus if your organization has to certify themselves against the standard, one has to go through third party audit by a registrar accredited from UKAS or IAF.
ISO 45001 defines “conformity” as a “fulfillment of a requirement”.
This is the state and status of a management system which all ISO 45001 implementing organizations will yearn for.
Conformity means that your organization fulfill a requirement. If your organization fulfill all requirements of ISO 45001 then you can go for a third party audit for certification.
Conformance is also a word expressed for same status that is requirement fulfillment. ISO 45001 conforming organization is the one who meets all requirements of the standard.
All documented information is maintained to show conformity against ISO 45001 requirements.
The opposite of conformity is non-conformity which is a fearful word in an audit, since it is an expression of non-fulfillment of a requirement.
ISO 45001 defines “Nonconformity” as “a non-fulfillment of a requirement”.
Nonconformity relates to requirements in this document and additional OH&S management system and the requirements that an organization establishes for itself.
Non-conformity is the opposite of conformity. As much as conformity is desired and important for management system, what is more required for an organization is to understand it’s non-conformities through internal audits and to address it’s root cause followed by a resolution in the form of corrective action.
Check the list of mandatory documents whose absence can cause a non-conformity.
A non-conformity in an external audit of ISO 45001:2018 can withhold the conformance of the organization until the nonconformity has been resolved and corrective action has been taken. In extreme cases, a nonconformity can lead to withdrawal or cancellation of a certificate and is termed as major non-conformance. Therefore organizations really work hard to avoid non-conformity in an external certification and third party audit.
ISO 45001 defines the term “incident” as “occurrence arising out of, or in the course of, work that could or does result in injury and ill health”.
Some of the examples of incidences are accidents and near Miss reports.
An incident where injury and ill health occurred is called as accidents. Within accidents there are fatalities, disability, asset damage, first aid cases and injuries etc.
An incident where no injury and ill health occurs, but has the potential to do so, may be referred to as a “near-miss”, “near-hit” or “close call”.
Although there can be one or more non conformities related to an incident, an incident can also occur where there is no nonconformity.
3.36 Corrective action
ISO 45001 defines the terms “corrective action” as “action to eliminate the cause(s) of a nonconformity or an incident and to prevent recurrence”.
It is an important concept of all management system standards and it should not be confused with preventive action of a potential non-conformity.
Corrective action is taken on the root cause analysis done on a nonconformity. There are different methods used for root cause analysis for example 5 why analysis, fish bone analysis, and Pareto Analysis etc.
It should be made clear when a non-conformity has occurred the action taken to prevent it happening again is corrective action and shouldn’t be named as preventive action. On the other hand preventive action is an action taken on a potential non-conformity to prevent it happening in first place. Therefore it is said that corrective action avoid re-occurrence of non-conformity and preventive action avoid occurrence in the first place.
Check what documented information has to be maintained for ISO 45001 compliance.
In ISO 45001, preventive action has been replaced by risk based thinking and risk management approaches. OHSAS 18001 used the philosophy of preventive actions, however in ISO 45001, risk management will suffice or exceeds the gap of preventive action.
3.37 Continual improvement
ISO 45001 defines the terms “continual improvement” as “recurring activity to enhance performance”.
The standard further goes on explaining that in OH&S system enhancing performance corresponds to the application of the OH&S management system so as to attain improvement in overall OH&S performance consistent with the OH&S policy and OH&S objectives.
Continual never mean continuous, so the activities does not require to take place all the time or in all regions simultaneously. It is a systematic activity to gradually improve towards a better way of doing work.
Check if documented information is required for continual improvement.
The whole chapter 10 of ISO 45001 i.e. continual improvement discusses the requirements for an organization to continually improve their OH&S management system.