Group 1 Group 2 Group 3

ISO 45001 Training Module 2 - Terms & Definitions

Acceptable risk

A risk is acceptable to a specific organisation if it has been reduced to a level that it can tolerate given its obligations, its policies, and its basic purpose.

 

Audit

An audit is a systematic evidence gathering process. Audits must be independent and evidence must be evaluated objectively to determine how well audit criteria are being met. There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits while second and third party audits are external audits.

Organizations use first party audits to audit themselves. First party audits are used to provide input for management review and for other internal purposes. They're also used to declare that an organization meets specified requirements (this is called a self-declaration).

Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has an interest in an organization. Third party audits are external audits as well. However, they’re performed by independent organizations such as registrars (certification bodies) or regulators.

ISO also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it's called a combined audit; and when two or more auditing organizations cooperate to audit a single auditee organization it's called a joint audit.

 

Competence

Competence means being able to apply knowledge and skill to achieve intended results. Being competent means having the knowledge and skill that you need and knowing how to apply it. Being competent means that you’re qualified to do the job.

 

Conformity

Conformity is the "fulfillment of a requirement". To conform means to meet or comply with requirements and a requirement is a need, expectation, or obligation. There are many types of requirements including customer requirements, quality requirements, quality management requirements, management requirements, product requirements, service requirements, contractual requirements, statutory requirements, and regulatory requirements.

 

Consultation

When organizations engage in consultation it means that they seek and receive the views and opinions of others before making decisions. In the context of OH&S, organizations often consult managers, workers, health and safety committees, and workers' representatives before they make decisions that could affect the health & safety of these groups.

Consultation is not the same as participation. While consultation means receiving the views and opinions of others before decisions are make, participation means getting people involved in the actual decision making process itself.

 

Context of the organization

An organization’s context is its business environment. It includes all of the internal and external factors and conditions that affect its products and services, have an influence on its OHSMS, and are relevant to its purpose and strategic direction.

An organization’s external context includes all of the needs and expectations of interested parties, as well as its social, cultural, legal, technological, regulatory, and competitive environment. An organization’s internal context includes its values, culture, knowledge, and performance.

 

Continual improvement

Continual improvement is a set of recurring activities that are carried out in order to enhance OH&S performance. Continual improvements can be achieved by carrying out internal audits, self-assessments, and management reviews. Continual improvements can also be realized by collecting data, analyzing information, setting objectives, and taking corrective actions.

 

Contractor

A contractor is an organization that provides services to another organization in accordance with an agreed set of terms, conditions, and specifications.

 

Corrective action

Corrective actions are steps that are taken to eliminate the causes of existing nonconformities in order to prevent recurrence. The corrective action process tries to make sure that existing nonconformities and incidents don’t happen again.

 

Documented information

The term documented information refers to information that must be controlled and maintained and its supporting medium. Documented information can be in any format and on any medium and can come from any source.

Documented information includes information about the management system and related processes. It also includes all the information that organizations need to operate and all the information that they use to document the results that they achieve (aka records).

 

Effectiveness

Effectiveness refers to the degree to which a planned effect is achieved. Planned activities are effective if these activities are actually carried out and planned results are effective if these results are actually achieved.

 

Hazard

A hazard is any situation, substance, activity, or event, that could potentially cause human injury or ill health.

Hazardous situations can cause injury or ill health. Examples of potentially hazardous situations include slippery or uneven walking surfaces, cramped working conditions, badly ventilated areas, high altitudes, noisy locations, poorly lit areas, and confined spaces.

Hazardous substances can cause injury or ill health. Examples of potentially hazardous substances include corrosive and toxic chemicals, flammable and explosive materials, dangerous gases and liquids, radioactive substances, particulates, poisons, bacteria, and viruses.

 

Hazardous activities can cause injury or ill health. Examples of potentially hazardous activities include dangerous tasks, unnatural movements and postures, heavy lifting, repetitive work, interpersonal conflicts, bullying, and intimidation.

Hazardous events can cause injury or ill health. Examples of potentially hazardous events include explosions, implosions, collisions, vibrations, fires, leaks, releases, chemical reactions, electric shocks, falling objects, loud noises, structural breakdowns, software failures, equipment malfunctions, and unscheduled shutdowns.

Hazards can also be classified as follows:

Chemical hazards Biological hazards Thermal hazards Electrical hazards Structural hazards Acoustical hazards Mechanical hazards Radiological hazards Psychological hazards

 

Hazard identification

Hazard identification is a process that involves recognizing that an OH&S hazard exists and then describing its characteristics.

 

Injury or ill health

An injury or ill health is an adverse effect on someone's physical, mental, or cognitive condition. Adverse effects include disease, illness, and death.

 

Incident

An incident is a work related occurrence or event during which injury, ill health, or fatality actually occurs, or injury, ill health, or fatality could have occurred.

An accident is a type of incident. It is a work-related event during which injury, ill health, or fatality actually occurs. It is a type of incident.

A close call, near miss, or near hit is also a type of incident. It is a work-related event during which injury, ill health, or fatality could have occurred, but didn’t actually occur.n.

 

Interested party

An interested party is anyone who can affect, be affected by, or believe that they are affected by a decision or activity. An interested party is a person, group, or organization that has an interest or a stake in a decision or activity.

 

Legal requirements and other requirements

In the context of this ISO 45001 2018 standard, a requirement is an OHSMS need, expectation, or obligation. It can be stated or implied by an organization, its customers, or other interested parties.

Legal requirements are compulsory. Organizations must comply with them. Other requirements, may be compulsory or voluntary; organizations may be forced to comply with them or they may choose to comply with them.

 

Management system

A management system is a set of interrelated or interacting elements that organizations use to formulate policies and objectives and to establish the processes that are needed to ensure that policies are followed and objectives are achieved. These elements include structures, programs, procedures, practices, plans, rules, roles, responsibilities, relationships, contracts, agreements, documents, records, methods, tools, techniques, technologies, and resources.

There are many types of management systems. Some of these include quality management systems, environmental management systems, financial management systems, information security management systems, business continuity management systems, emergency management systems, disaster management systems, food safety management systems, risk management systems, and, of course, occupational health and safety management systems.

The scope or focus of a management system could be restricted to a specific function or section of an organization or it could include the entire organization. It could even include a function that cuts across several organizations.

 

Measurement

Measurement is a process that is used to determine a value. In most cases this value will be a quantity.

 

Monitoring

To monitor means to determine the status of an activity, process, or system at different stages or at different times. In order to determine status, you need to supervise and to continually check and critically observe the activity, process, or system that is being monitored.

 

Nonconformity

Nonconformity is a nonfulfillment or failure to meet a requirement. A requirement is a need, expectation, or obligation. It can be stated or implied by an organization or interested parties.

 

Objective

An objective is a result you intend to achieve. Objectives can be strategic, tactical, or operational and can apply to an organization as a whole or to a system, process, project, product, or service. Objectives may also be referred to as targets, aims, goals, or intended outcomes.

OH&S objectives are generally based on or derived from an organization’s OH&S policy and must be consistent with it.

Occupational health and safety management system (OHSMS) OHSMS is either a standalone management system or one part of a larger management system. It is a set of interrelated or interacting elements that organizations use to implement their OH&S policies, to achieve their OH&S objectives, and to manage their OH&S processes.

These elements include structures, programs, procedures, practices, plans, rules, roles, regulations, responsibilities, relationships, contracts, agreements, documents, records, methods, tools, techniques, technologies, and resources.

Occupational health and safety objectives OH&S objectives are specific OH&S results that organizations set for themselves and wish to achieve. Your organization’s OH&S objectives should be both measurable and consistent with its OH&S policy.

Occupational health and safety opportunity An OH&S opportunity is a circumstance or a set of circumstances that could lead to the improvement of OH&S performance.

 

Occupational health and safety performance

OH&S performance is all about results and effectiveness. Whenever organizations prevent injury and ill health and provide safe and healthy workplaces, they are achieving good results and being effective.

 

Occupational health and safety policy

An occupational health and safety (OH&S) policy statement should express top management's commitment to the prevention of work-related injury and ill-health and to the provision of a safe and healthy workplace. It should also make a commitment to the implementation, maintenance, and improvement of the occupational health & safety management system (OHSMS). And it should allow workers to set OH&S objectives and it should encourage action..

 

Occupational health and safety risk

ISO 45001 defines OH&S risk as the “combination of the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and the severity of injury or ill health that can be caused by the event(s) or exposure(s).”

ISO 45001 accepts the more traditional definition of risk and rejects the newer ISO 31000 definition (discussed below) when it defines OH&S risk. The more traditional definition of risk combines three elements: it starts with a potential event and then combines its probability with its potential severity. A high risk event would have a high likelihood of occurring and have a severe impact if it actually occurred.

 

Organization

An organization can be a single person or a group that achieves its objectives by using its own functions, responsibilities, authorities, and relationships. It can be a company, corporation, enterprise, firm, partnership, charity, association, or institution and can be either incorporated or unincorporated and be either privately or publicly owned. It can also be an operating unit that is part of a larger entity.

 

Outsource

When an organization makes an arrangement with an outside organization to perform part of a function or process, it is referred to as outsourcing. To outsource means to ask an external organization to perform part of a function or process normally done inhouse. While an outsourced organization is beyond the scope of your QMS, the outsourced process or function itself falls within your scope.

 

Participation

When people are involved in decision making, it's called participation. Workers, workers' representatives, and health and safety committees are often asked to participate in organizational decision making.

Participation is not the same as consultation. While consultation means receiving the views and opinions of others before decisions are make, participation means getting people involved in the actual decision making process itself.

 

Performance

According to ISO, the term performance refers to a measurable result. It refers to the measurable results that activities, processes, products, services, systems and organizations are able to achieve. Whenever they perform well it means that acceptable results are being achieved and whenever they perform poorly, unacceptable results are achieved.

 

Policy

A policy is a general commitment, direction, or intention and is formally stated by top management. A quality policy statement should express top management's commitment to the implementation and improvement of its quality management system and should allow managers to set quality objectives.

 

Procedure

A procedure is a way of carrying out a process or an activity. Procedures may or may not be documented.

 

Process

A process is a set of activities that are interrelated or that interact with one another. Processes use resources to transform inputs into outputs. Processes are interconnected because the output from one process often becomes the input for another process.

While processes usually transform inputs into outputs, this is not always the case. Sometimes inputs become outputs without transformation.

Organizational processes should be planned and carried out under controlled conditions. An effective process is one that realizes planned activities and achieves planned results.

 

Requirement

A requirement is a need, expectation, or obligation. It can be stated or implied by an organization, its customers, or other interested parties. A specified requirement is one that has been stated (in a document for example), whereas an implied requirement is a need, expectation, or obligation that is common practice or customary.

There are many types of requirements. Some of these include customer requirements, quality requirements, quality management requirements, management requirements, product requirements, service requirements, contractual requirements, statutory requirements, and regulatory requirements.

 

Risk

According to ISO 45001, “risk is the effect of uncertainty”. This cryptic definition is based on a similar definition of risk found in the ISO 31000 risk management standard. According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected. Both definitions are essentially the same. The following will explain what this definition means.

ISO 31000 recognizes that all of us operate in an uncertain world. Whenever we try to achieve an objective, there’s always the chance that things will not go according to plan. Every step has an element of risk that needs to be managed and every outcome is uncertain. Whenever we try to achieve an objective, we don't always get the results we expect. Sometimes we get positive results and sometimes we get negative results and occasionally we get both.

The traditional definition of risk combines three elements: it starts with a potential event and then combines its probability with its potential severity. A high risk event would have a high likelihood of occurring and a severe impact if it actually occurred.

While ISO 31000 defines risk in a new and unusual way, the old and the new definitions are largely compatible. Both definitions talk about the same phenomena but from two different perspectives. ISO thinks of risk in goal-oriented terms while the traditional definition thinks of risk in event-oriented terms. These two definitions can and do co-exist. They’re two different ways of talking about the same phenomena.

ISO provides a conceptual definition of risk while the traditional formulation operationalizes this general definition: it explains how to quantify risk. It argues that the amount or level of risk can be calculated by combining probability and severity.

ISO 45001 actually rejects this ISO 31000 definition of risk when it defines OH&S risk. Instead of accepting the ISO 31000 definition, ISO 45001 defines OH&S risk as the “combination of the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and the severity of injury or ill health that can be caused by the event(s) or exposure(s).

 

Risk assessment

Risk assessment is a process that is made up of three separate processes: risk identification, risk analysis, and risk evaluation. Risk identification is a process that is used to find, recognize, and describe the risks that could affect the achievement of objectives. Risk analysis is a process that is used to understand the nature, sources, and causes of the risks that you have identified and to estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that exist. Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable.

 

Risk criteria

Risk criteria are terms of reference and are used to evaluate the significance or importance of your organisation's risks. They are used to determine whether a specified level of risk is acceptable or tolerable. Risk criteria should reflect your organisation's values, policies, and objectives, should be based on its external and internal context, should consider the views of stakeholders, and should be derived from standards, laws, policies, and other requirements.

 

Top Management

The term top management normally refers to the people at the top of an organisation. It refers to the people who provide resources and delegate authority and who coordinate, direct, and control organisations.

However, if the scope of a management system covers only part of an organisation, then the term top management refers, instead, to the people who direct and control that part of the organisation.

 

Worker

The term worker is defined as anyone who performs work or work-related activities that are under an organisation's control. Workers include both managers and non-managers and include both employees and non-employees (i.e., contractors, agency workers, and external product and service providers). They could be permanent or part-time, regular or temporary, and paid or unpaid; all of these people are defined as workers.

 

Workplace

A workplace is a place where an organisation's work is performed. A place is an organisation's workplace only if it is under its control, at least to some extent. How much responsibility an organisation has over OH&S depends on how much control it has over its workplace.