Mastering Documentation in ISO 45001:2018
- Home
- Blog
Categories
Latest Post
ISO 14001 Lead Auditor Course
ISO 14001 Foundations Course
ISO 14001 Internal Auditor Course
ISO 14001 Lead Implementer Course
Mastering Documentation in ISO 45001:2018
Many people consider documentation to be the hardest step in implementing a management system like ISO 45001, the standard for Occupational Health and Safety Management Systems. While preparing documentation can indeed be demanding and time-consuming, it’s not the hardest part. Using a structured approach makes it straightforward. The bad news? The tougher steps come after the documentation. But let’s focus on the good news for now.
Two Types of Documents
The ISO 45001 standard follows the Plan-Do-Check-Act model. Clauses are broadly arranged into these four sections. There are two types of documentation you need to know about.
First, there is the “documented information” that must be “maintained.” These are ordinary documents subject to review, revision, and update. They are mostly found in the Plan clauses (clauses 4, 5, and 6). Examples include the policy statement, responsibilities, authorities, OH&S objectives, and registers of risks, opportunities, legal, and other requirements.
Second, there is documented information that must be “retained.” These are records providing evidence of activities performed. They document the planned actions, carried-out actions, and results. Most are generated under the Check and Act sections (clauses 9 and 10), and some in the Do section (clauses 7 and 8).
Two Categories of Documents
Documentation (whether documents or records) falls into two categories. First, those required by the standard. Second, those the organization determines necessary for effective operation (Clause 7.5.1 Documented information, General). Most of the latter will be at the operational level, like standard operating procedures and work instructions. This would be in clause 8 (Operation) and some of clause 7 (Support).
Structure of the Documentation
Documentation can be said to exist on four levels:
Level 1: Policy Information
Top management communicates policy information. This provides the basis of the Occupational Health and Safety Management System. It must align with the strategic direction of the organization. This level has the least amount of content but is the most important. It is the parent of the system because all other documented information arises from the commitments made here. Level 1 will refer to Level 2 documentation for further details.
Level 2: Risks and Opportunities
This level details the OH&S risks and opportunities faced by the organization. It includes actions to eliminate or mitigate the risks and leverage opportunities. This includes action plans incorporated into day-to-day business processes as operating criteria or OH&S objectives. Additionally, for potential OH&S emergencies, an emergency plan must be documented. This details actions for each specific emergency.
Action plans are implemented at different functions and levels where they apply to maintain and improve the system. Different departments get documentation appropriate to their functions. This is more likely in large organizations with complex processes. However, ensure controls are applied seamlessly across processes and functions. Hazards, risks, opportunities, objectives, and legal requirements are typically captured in cross-referenced registers. Smaller organizations with fewer processes can compile these into a single document.
Level 3: Detailed Work Instructions
This level consists of detailed work instructions where necessary. They are referenced from Level 2 documentation and apply to specific operations. Necessity is determined by factors like risk level, complexity, competence, or legal obligation. Incorporate these actions into the organization’s normal business processes.
Level 4: Records
This level consists of records generated from the planned actions. Most result from performance evaluation processes. This includes monitoring and measuring operational controls, compliance with legal requirements, achieving OH&S objectives, and internal audits. Also, records of incidents, nonconformities, and actions taken are included.
Closing the Loop
Level 4 records are essential inputs into the management review process, a performance evaluation done by top management. During the review, top management examines system performance and reviews changes, especially in the organization’s context. The output is an action plan aimed at improving the effectiveness of the OH&S system. This action plan, plus evidence of its implementation, shows committed top management and a robust system.
By using a structured approach to documentation, you can set up a solid foundation for your OHSMS. It makes the demanding task of documentation more manageable and paves the way for tackling the harder steps that follow.
