As MDSAP deadlines draw near companies are asking how to prepare for the MDSAP audit. The most basic step for the success of any management system is to say what you do and do what you say. When the system as documented is captured to reflect the “As-Is” of how it is done then implanting the system leads to conformity at all levels.
Auditing Organizations (AOs) that will come to assess the conformity of the system will be using a process-based approach to the audit as also prescribed by ISO 13485 and ISO 19011. As such internal audit teams too should be trained to conduct process-based audits. This will ensure that the organization will be ready and familiar with the way the AO audit will be conducted. Process-based audits also allow a better look at how the system is working to meet objectives. In the aerospace industry PEAR diagrams are used to identify the inputs, resources and controls for each process to better understand the interrelation of them within the process, whether they are sufficient and how they interact with other processes.
In the process audits for MDSAP the AO will first start with an audit of the leadership (top management) to appreciate their commitment to the system as also their awareness of the risks impacting their system and the actions, they are taking to address them. At each level the auditors will be seeking evidence of competence, documentation and data control and monitoring and measurement being done.
Internal audit teams should use a grading system familiar to those used by MDSAP auditors and as prescribed by HTF/SG3/N19:2012. The grading system follows a scale of 1 to 5 with 5 being the most severe. This will enable a realistic look at the state of the system. Auditors will also focus on the design and development and production controls from a risk perspective. They will assess how well the outsourced providers are controlled and what risks were determined in assessing the type and extent of control to be applied.
As with all systems auditors will want to assess that a system exists to identify and deal with non-conformities including implementation of corrective action within the defined time frame. Internal audit personnel can gain a better understanding of MDSAP audits and how to prepare by enrolling in QMII’s suite of course offerings tailored to various levels of the organization. Keep in mind that MDSAP audits are longer in duration as the audit time is based on tasks and not the number of employees.
Should you start using the system only after it is fully documented
The word quality means different things to different people. To companies it often means delivering a conforming product/service to a customer aka meeting their requirements. To achieve this conformity consistently successful companies, implement quality management systems. Rather than re-invent the wheel, ISO 9001 is often selected as the standard to use to set up a quality management system (QMS) In addition, ISO 9001 training is provided to individuals at all levels within the company.
As companies start to implement the system ISO 9001 training can prove useful. Leadership is trained so they are aware of their role in the system and how they can positively contribute to its success. The personnel are trained so they are aware of their need to contribute and implication is they don’t. The project managers who own the project for implementing a QMS get training on the process to go about implementing the requirements of the standard as also their correct interpretation. Auditors are trained in an ISO 9001 training course designed to also teach the auditing requirements per ISO 19011.
So should personnel then start using the documentation as soon as it is complete or wait for the entire system to be documented and for the official launch date. If the system has been implemented correctly then the documented processes should reflect the way work is currently done and not a fictional process. It should not increase the burden for the users. As users start to use their newly documented processes, they can begin to provide feedback on its accuracy as well as the need for change. Personnel therefore should have to wait until the entire system is documented. Yes, organizations could however set an official launch date from which point forth records will be maintained. As such all data prior to the launch date is not then auditable nor is there a requirement to maintain it.
It should also be kept in mind that not every process needs to be documented as also that the organization can determine the extent to which to document the system. The extent to which to document depends on a number of factors including competency. ISO 9001 training is one way of increasing awareness of the requirements of ISO 9001 as also the system. Training may not always result in competency however.
At QMII a number of ISO 9001 training options are available and our training can be customized to meet the clients’ needs. The training is also available in an instructor-led virtual interactive format.
What are the functional requirements of the ISM code
The ISM Code was ratified and brought into effect to improve the safety of shipping. With this was ushered in new era for the maritime industry. The ISM code was launched with the intent of getting companies to self-regulate and proactively mange risks. Companies that have embraced the ISM Code and not solely viewed it as a paperwork burden have reaped the benefits of the ISM code. Companies with ISM certification that have a well implemented system are able to proactively manage risks and thus able to save costs from saving the costs on dealing with non-conformities.
To gain ISM certification an organization must demonstrate that they have met the intent of the code and inherent in this is meeting the following functional requirements of the ISM code:
• A Safety and Environmental Protection Policy – To attain ISM Certification in the form of a Document of Compliance or Safety Management Certificate for the vessel the company must demonstrate that a policy is in place that shows how the company will meet the safety objectives of the code. It must be implemented at both shore and vessel.
• Instructions and procedures to ensure safe operation of ships and protection of the environment in compliance with relevant international and flag State legislation – These are essentially addressed by implemented SMS documentation meeting the requirements of clause 7 of the ISM code.
• Defined levels of authority and lines of communication between, and amongst, shore and shipboard personnel – The key words of between and amongst in this clause should not be missed. For the system to go beyond ISM certification the processes must work interactively to achieve the goals of the company and personnel must be clear on the expectations of them.
• Procedures for reporting accidents and non-conformities with the provisions of this Code – Identifying and addressing non-conformities plays a crucial role in the success of the system. With effective corrective action companies are able to ensure that the non-conformity does not occur again. This requirement is further amplified in clause 9 of the code.
• Procedures to prepare for and respond to emergency situations – ISM certification includes being able to demonstrate that a company can respond to emergencies at any time. To ensure this a designated person ashore is appointed who is available 24 x 7.
• Procedures for internal audits and management reviews – Internal audits and reviews to assess the effectiveness of the system must be conducted. Apart from the internal audits done by the company the Flag Administration conduct ISM certification audits prior issue of the interim SMC/ DOC as also prior the first full term certificate. Thereafter verifications are conducted at periodic intervals.
To learn more about how to implement and assess the effectiveness of implementation through audit enroll for QMII’s ISM Auditor class.
Can training solve the issue of human error at sea?
Those who have been employed in the maritime industry for even few months will have heard the term that 80% of the accidents incidents at sea can be attribute to human error. The solution for this is often quality maritime training for the personnel involved. However, training is perhaps the most easily reversible corrective action. System experts will even go so far as to say that when something goes wrong do not blame the individual but blame the system. Can it always only be the system fault. Surely human error does play some part.
With the onset of STCW, new rules were ushered in to ensure quality maritime training for all personnel at sea. Similar rules have been extended to those in the inland water towboat industry with the onset of Subchapter M. STCW required maritime training centers to have quality standards systems in place and for flags to provide oversight of the training institutions to ensure quality maritime training was indeed being delivered. So, with such well trained personnel why then do errors still take place?
Safety management system are truly only successful when a just culture for safety exists aboard the vessels. This means there is no fear of repercussion or reprimand for stopping someone performing an unsafe act or to report an unsafe condition. When human error does creep in, it can often be attributed to the dirty dozen of unsafe acts and conditions. When a non-conformity occurs, or a potential non-conformity is identified the corrective action identified must address the root cause(s) of the problem. Poor root causes analysis will lead to quick fixes but no long-term improvement. Identifying the root cause leads to systemic corrective action with solutions perhaps being newly identified competence, mistake proofing of the system, revised procedures and in some case training. However, this time the training is made systemic and so repeated at periodic intervals.
Quality maritime training is only the first step towards ensuring qualified mariners as required by the ISM code but they competent, qualified mariners need to have the support of the system. When human error, operator error, user error and the such are identified over time as root causes it may be possible that it is indeed such, but it may also signify a deeper root cause. Perhaps a poorly managed hiring process, or induction process, or onboard training program. Training may have some role to play in the success of a safety management system and the reduction of human error as a cause of incidents/ accidents. Quality maritime training may be a leading preventive tool, however, only when the issues are treated systemically will long term improvements be gained and safer operations as a result.
ISO 14001 Management System Certification – Cost versus Value
The most popular type of management systems used today often depends on the type of organization, and how they run their operations. ISO 9001:2015 Quality Management Systems is the most popular for companies selling products to the military, along with AS9000:2016 Rev D for aviation, space, and defense organizations. Food processors lean toward ISO 14001:2015 Environmental Management Systems (EMS) and ISO 45001:2018 Occupational Health and Safety (OH&S). The size of the organization can have a significant bearing on whether they get certified or claim to conform. It cost less to state you conform than to conduct the number of audits needed to become, and stay, certified.
Agricultural oriented small and medium enterprises (SMEs) will often opt for EMS. Vineyards, vegetable farms, and livestock farms like ISO 14001. Therefore, it depends a lot on the percentage of SMEs that are in those businesses. In many cases, the percentage of organizations conforming to ISO 14001 depends on the amount of local or government pressure to conform. In Europe and China, ISO 14001 is much higher than in the USA, in part due to government and environmentalist pressure.
Agricultural businesses and those that are getting pressure from socially responsible groups are the types of organizations that become ISO 14001 certified. Meat packaging companies like Smithfield Ham in Virginia (now owned by a Chinese company), is ISO 14001 certified. Only four major Ports in the USA are ISO 14001 certified (Port of Virginia is one) but many countries require the certification. Partly due to all of the food coming into the Ports, but also due to the amount of pollution generated by boats, trains, and trucks that service the Ports. Ports are also now looking at ISO 50001 Energy Management Systems in conjunction with ISO 14001 certification.
One of the key drivers is the desire to meet ISO 14001 Standard requirements in the markets that they want to operate in or sell to. It is difficult to open facilities in most of Europe, the Middle East, and China without having an ISO 14001 certification. Environmental impact, energy efficiency, pollution reduction, and sustainability are considered by government permitting organizations. This is more important for large organizations, but many SMEs also want to sell internationally.
Like other ISO Standards, it takes about a year of internal audits to be ready to claim conformity or get certified to ISO 14001. SMEs, due to their smaller size, could take less time. Medium-size businesses, with multiple locations, may elect to just have their headquarters certified, and state conformity for branches and suppliers. An organization may elect to get its headquarters operation certified and use second-party audits to confirm that its other facilities and suppliers conform to the Standard.
The major cost of becoming certified involves training and multiple audits to get ready for certification. Once ready, a third-party audit is required. Most SMEs could be ready within a year. The actual cost would vary depending on the number of employees trained, and the number of audits conducted before certification.
With good training and responsible staff, most SMEs can become certified. All processes need to be in line with the goal of using environmental best practices. In some cases, the cost of changing current processes can become a barrier. Organizations can consider out-sourcing some processes in order to become more environmentally friendly. Internal and second party audits can help an organization determine what, if any, processes need to be modified or out-sourced.
There are many reasons why organizations decide to become certified, but over time, reasons have changed for both small and large organizations. With the new high-level-structure (HLS), EMS is now more similar to other standards. Organizations that use to be ISO 18001 are now considering ISO 45001, which has OSHA embedded in it. SMEs, like larger organizations, appreciate the value of being certified to popular standards and promote their conformity in their promotional material. Many companies that are certified to ISO 9001 have to get the certification to sell to government agencies. Many of the companies that get ISO 14001 certification, feel their end-users appreciate the company for having it.
To be sustainable, an organization needs to consider many factors. These factors typically fall into one of the three pillars of Sustainability – Social, environmental and economic categories. All organizations want to be socially responsible and do minimal damage to the environment, but they have to address the economics of operation. The key is to strike a balance and establish a management system with processes that can be defended in the light of internal and external audits.
– by Peter Burke
AS9100-Risk-Based Thinking in the Airline industry – It’s about time.
The airline industry statistically has one of the best safest records. AS9100 defines the framework for a quality management system for aerospace parts manufacturers across the globe. Over the past decade there have been several airline accidents however, that have brought the safety of airlines to the forefront. In a most recent case of the Boeing 737-max a software glitch was identified as the cause. As investigations proceed the general consensus is that this glitch should have been previously identified.
Risk generally is associated with ‘uncertainty’ or ‘negativity’. This changed with ISO 9001:2015 and the onset of risk-based thinking that now asks companies to consider the opportunities for improvement that may arise out of taking a ‘calculated’ risk. Further in AS9100, that is built on ISO 9001, there are requirements for consideration of strategic risks and operational risks and the need to take action to address each. The impact of coronavirus or a similar pandemic is a great example of a strategic risk that can affect business continuity.
Risk-based thinking in the AS9100 standard promotes customer focus within an organization. While risk-based thinking has been inherent in previous versions of the standard with preventive action, the new standards address risk at each stage of the PDCA cycle thus enabling the entire As9100 management system at each stage as a preventive tool.
The aerospace and automotive industry are leaders in the implementation of Failure mode and effects Analysis (FMEA) and the Plan-Do-Check-Act Cycle (PDCA) of process management. Originally adopted by the military in the 1950’s, FMEA later was embraced by the auto and aerospace industries. The FMEA process identifies risks that can then be addressed using mistake proofing and problem solving with a team approach. FMEA can be used for either product or process. When used properly it can be a very effective at addressing risks. FMEA is a great core tool that can be applied to address the AS9100 clause 8.1.1 operational risk requirements.
AS9100 asks top management to take accountability for the quality of products and services produced by their organization; keeping a customer focus at the core of all they do. The influence of end users, customers and the companies marketing department on the product’s design needs to be constantly reviewed. At each stage of the requirements gathering, design & development and manufacturing stages of the AS9100 system there are potential risks. As such doing a single FMEA may not be sufficient but may require a review of the FMEA at periodic intervals as a change in inputs to the process/product may change the associated risks or identify new ones.
Management wants to encourage continuous improvement and innovative recommendations by all stakeholders, but changes must be reviewed. Whenever a change is made to a AS9100 certified product or service, that change should follow the PDCA Cycle approach, the same way it was done when the product was first introduced. This will reduce the number of recalls, and the risk of injuries to end users of the products.
A single non-conforming product that goes out of the organization into the market results in an intangible loss for no value can be put on the loss of reputation. It only takes a single incident! Starting with risk appreciation at the Plan stage of the PDCA cycle and then throughout the rest of the cycle, with a focus on customer satisfaction, will help the aerospace industry improve by preventing non-conformities before they occur as well as hopefully, improve their As9100 certified products.
ISO 14001-Benefits for Maritime Companies
Environmental accidents in the maritime industry get quick media attention. ISO 14001 does not guarantee that maritime accidents will not happen. It does, however, get organizations to consider their operations from a life cycle perspective of minimizing the impact of their operations on the environment.
The maritime industry has for a while now been governed by the requirements of MARPOL. MARPOL has 6 annexes and as of date all six annexes are in force. The six annexes cover the requirements for prevention of pollution of the marine environment by oil, noxious liquid substances, harmful substances in packaged form, sewage, garbage and air. However, MARPOL does not address the lifecycle operations of the shipping business. From an ISO 14001 perspective this would need to encompass the need for recycling of ships once they are done with their life.
The French Aircraft carrier Clemenceau is a good example of a vessel that faced major issues with being scrapped. Having sailed all the way to Alang, India it was denied entry and had to transit back to French Waters. It was denied access to Alang owing the Asbestos used on the vessel and the potential harm it would have on the scrap workers at Alang. MARPOL also does not address the operations as managed from operations ashore and the environmental impact of the operations of supporting the ships.
ISO 14001 encompasses the entire operations of the company if within scope and encourages organizations to look at all their operations from a lifecycle perspective. This essentially means that when designing office spaces and building ships companies need to start thinking about how they will dispose of waste from the processes in a responsible manner to the environment. Environmental sustainability is a new buzzword and demonstrating commitment to the environment, to stakeholders, through implementation of an internationally recognized standard ISO 14001.
ISO 14001 need not run independent of the existing management system that most maritime companies have conforming to the ISM Code. The requirements of ISO 14001 as with the MARPOL requirements get incorporated into the one management system on which the company operates. ISO 14001 as with other ISO standards is a voluntary standard. As such companies must choose to implement an environmental management system conforming to ISO 14001. Many leading maritime companies have already done so. QMII’s ISO 14001 training is delivered in multiple formats such as executive overviews, internal auditor and lead auditor. The training is also provided in an instructor-led online format and QMII’s instructors, having a maritime background, bring a unique skill set to the class in connecting the requirements of the standard through real life experiences.
Eight steps for a successful internal audit program
Internal audit programs play an important role in ensuring the success of the system. ISO standards such as ISO 9001, ISO 14001, ISO 45001 provide the framework for management systems to function using a process-based approach, to achieve customer and other stakeholder’s requirements. Organizations certified to ISO standards, strive to be compliant, efficient and remain certified. Successful systems have Top Management (TM) / Leadership that are committed to and engaged with the system. They ensure regular internal audits and conduct management reviews (MR) to assess the continuing suitability, adequacy and effectiveness of the system. They further ensure that their decision-making process uses the inputs from the MR to ensure objective resourcing and support for efficiency.
External third-party audits too add value to this system, provided the auditors remain objective throughout the audit. Over the years QMII has come across instances where Non-Conformities (NC) were issued without the requirement being clearly stated or the evidence did not substantiate the requirement not met. However, these NCs are rarely challenged by organizations for “fear” of upsetting the auditors. Changes are further implemented to the system as a part of corrective action based on these findings. At times when the management is disconnected from the working system they often are surprised by the NCs presented at the closing meeting.
Is there, as a result, a case for preparing the organization for both internal audits and external audits? In well-functioning systems the organization should never have to prepare for an internal audit. The systems are designed to drive success and not for auditors or to get through audits without any NCs. NCs are, after all, an opportunity for continual improvement of the system and should be embraced, provided they are objective and not subjective to an auditor’s experience or opinion. An organization can and must respect a good NC and use it to drive correction and corrective action (CA). After all CA is NC driven. The organization/ auditee should be happy to receive a NC for risk(s) not appreciated.
I do however think that there are steps organization can take to build employee confidence in the system, including the confidence to challenge the auditor when a NC is not clear or incorrectly given. Here are eight steps an organization can do to have its employees get that confidence for internal audit and subsequently for external audits:
- Conduct orientation on the process-based management system (PBMS) approach in general, and introduction to the highlights of the specific standard (e.g. ISO 9001:2015). This ensures that the basics of system approach and the internal management system are clear to all personnel.
- All TM must do a short training to be aware of the ISO standard, the main clauses and the benefits of the management system. This awareness leaders workshop (ALW) brings the confidence in the system, its implementation and continual improvement. This leadership awareness further encourages engagement of all personnel to use the system and increases buy-in.
- On regular basis, in day to day work and meetings refer to the management system. Ensure Quality, environment, safety, security, social responsibility, compliance are topics of discussion at periodic intervals. Even the middle and lower management e.g. supervisors should be encouraged to use the system and engage others to do so. Management may have to support others in their roles of leadership at relevant levels.
- More than just following processes, all personnel must feel free and confident to challenge the process, make suggestions, raise NCs and submit innovative ideas. A participatory approach to system implementation is very cost effective. Let employees voice their concerns. Once they confident of their process and their system (with the fundamentals of the ISO Standard/other requirements built-in) the fear of audits will reduce.
- Put in place an aggressive internal audit program. When an outside (third party) auditor raises a NC, the organization does RCA (Root Cause Analysis) of the NC, but rarely does it challenge its Internal system and ask how the internal audit program missed the NC raised by the third party? Internal audits must be objective and strict and must raise all NCs.
- NCs must be tracked diligently and addressed within the time frame the organization has set for itself. TMs must stay involved by asking on the progress to the CA process. Overdue NCs must be investigated and TM must ask during the MR why the concerned department did not address it in time. Encourage PSW (Problem Solving Workshops) so teams can look at complex, inter-departmental NCs. Encourage use of tools as Causal Analysis and FMEA (Failure Mode Effect and Analysis).
- Creating a lesson learned data base has many advantages. It acts as a historic record for new joiners to learn of past occurrences. Additionally, it has great participatory value connecting each future task as a driver of improvement based on the past. The collective intelligence of the organization is available to the organization and does not vanish when individuals leave the organization.
- Some additional points for ISO 9001/ ISO 45001/AS9100 audit preparation:
- Answer audit questions to the point. Do not volunteer information not sought.
- Do not be reluctant to ask for your manager/ supervisor to support you if you are not clear on the question.
- Have the confidence in your professionalism to ask the auditor for the requirement based on which the auditor is planning to raise a NC.
- Be aware of risks associated with their process and actions taken to address them.
- Explain the risks in the context of the organization and the context of what the employee does to them.
ISO 9001 certification decline – Does quality still matter?
ISO 9001 certification have seen a decline in the past two years per data from ISO. Some say that the standard has gotten too complicated with the introduction of organizational context, risk-based thinking and the removal of mandatory documented procedures. Even a few of QMII’s clients had considered letting their certification lapse as conformity to the new standard was perceived as too complex.
To certify or not
Let us begin by looking at the purpose of ISO 9001. ISO 9001 provides a framework for organizations looking to put in place a system that will enable them to consistently deliver products/services to customers that meet their requirements and enhance customer satisfaction. ISO 9001 certification is external validation that the system meets the requirements of ISO 9001. However, ISO 9001 allows organizations to use the standard and self-declare conformity without incurring the cost of certification. Many argue that there is no value in doing this. This is probably correct if you are implementing a system to meet a contractual or customer requirement. In these cases, certification is a requirement.
Waning trust in the system
Organizations that implement ISO 9001 for the benefits it will deliver in improved productivity, reduction in process waste and management of risks have seen the bottom line improve with time [1]. If implementing the standard enables consistent quality, why then the reluctance? Perhaps the trust in the ISO 9001 certification process has declined over time. Often have we heard from quality managers of the challenges faced when they raise non-conformities in internal audits. These are often viewed as “finger pointing” exercises since the certification body has already audited and “cleared” (certified) the system.
We have also heard from clients of certification bodies and auditors wanting to view documented evidence of organizational context, stakeholder needs and risks. The standard however does not require these to be documented and leaves it up to the organization to determine the risk of not doing so. Some auditors, however, struggle with auditing undocumented systems and auditing to the new standard [2]. As a result, organizations start documenting their system for the auditors and certification bodies resulting in a system tailored for auditors and forced down on the organization by auditors. The auditors were to provide inputs to TM (top management) to make better decisions, instead now the auditors and audits have become the product. The system must be designed for the employees not for the auditors. The intent of the standard to act as a preventive tool gets lost in this compliance process.
Supplier audits
Over the past two decades there have been several mergers and acquisitions leading to larger multi-site organizations and perhaps as a result a reduction in certifications. As these organizations have grown, and maybe in part owing to the declining trust in the certification system, they have decided to conduct their own supplier audits. As such suppliers have chosen to let their certification lapse since they are nevertheless being audited by the customer and that is the audit that really counts for them.
Supplier audits are more focused on the customer contractual requirements. Organizations who perceive ISO 9001 as a documentation burden will then only document the parts of the system to meet contractual requirements rather than document the system to meet the organization’s requirements based on ISO 9001. They fail to see that ISO 9001 leaves the extent of system documentation up to the organization and often perceive it as everything needs to be documented.
Conclusion
While quality does matter and customers are still looking to receive a quality product, oft incorrect interpretation of the standard leads many to choose against ISO 9001 certification. At times other certification requirements like CE marking may be more desired and certification to two standards be burdensome. Also methodologies like Six Sigma and Lean have gained prominence. So, ISO 9001 certification gets the boot.
Those looking to gain the benefits of a quality management system need not re-invent the wheel. ISO 9001 provides the framework that essentially reflects business 101. If you do not need ISO 9001 certification then you can self-declare and let the doubters come and assess for themselves. In the meantime, you will still gain from a well implemented management system. Remember, you already have a system that has brought you thus far, align ISO 9001 to your system and not your system to ISO 9001.
[1] Guasch, Luis J.; Racine, Jean-Louis; Sanchez, Isabel; Diop, Makhtar. 2007. Quality systems and standards for a competitive edge (English)
[2]Quality Progress October 2017, Article: The results are in…
ISO 45001 Transition: Change is coming to health and safety
Organizations currently certified to BS OHSAS 18001 have until March 21, 2021 for their ISO 45001 transition. Those who are currently implementing management system conforming to BS OHSAS 18001 will notice some similarities and some differences. Those who are certified to other ISO standards such as ISO 9001 will notice the similarities in the standard owing the use of the High-Level Structure in the new ISO 45001 transition standard. This article discussed the key changes to the standard over the BS OHSAS 18001 requirements. It also highlights certain key aspects for those undertaking an ISO 45001 transition.
Keeping with the High-Level Structure, ISO 45001 in clause 4.1 and 4.2 asks organization to consider the context of their organization or the aspects of their business environment that may impact their operations. The business environment includes both internal and external issues such as new regulatory requirements, new technologies, cultural issues and company values to name a few. Companies need to consider the needs of different relevant stakeholders that may impact their system including the needs of their workers. Organizations are asked to have workers participate in the system development as they complete their ISO 45001 transition.
ISO under the high-level structure has removed the need for preventive action as now the entire standard is designed as a preventive tool. Further to support this is the introduction of risk-based thinking’ both from a strategic perspective and from an operational health and safety perspective. Risk-based thinking and the awareness of personnel of this is key to ISO 45001 transition. There is now a stronger stress of leadership’s role in the system. Leaders must take accountability for the effectiveness of the system and cannot wash their hands of the system. Leaders must not only engage in the system themselves but also engage others as the ISO 45001 transition takes place.. The Clauses under 5 also have a requirement for the consultation and participation of workers. They have to remove the barriers to participation and include even non-managerial workers.
Documents and records are not controlled under the common clause for control of documented information and based on the risk-based thinking there is more freedom allowed with the documentation. Outsources contractors will also need to be controlled within the scope of the system.
Organizations undergoing an ISO 45001 transition, will need to incorporate all these aspects into their system. Care must be exercised when setting up the system to design it around the user and not around the auditor or certification body for the system to be useful in the long run and to drive continual improvement.