Our experience so far
One year ISO 45001:2018
Eckehard Bauer, MSc
Executive Vice President Business Development Risk and Safety, Security, Business Continuity, Transport
About one year ago, ISO 45001:2018 was published and Quality Austria was the first certification body in Austria who obtained the corresponding accreditation. During this first year, Quality Austria has certified more than 200 companies according to ISO 45001.
As it turned out, the greatest challenge was not found in ISO 45001, which is strongly aligned with ISO 9001 and ISO 14001, but rather in meeting the stringent requirements of IAF MD 22:2018 (a mandatory document, published by the international accreditation forum, which must be implemented by certification bodies).
The following three issues arose in the framework of ISO 45001 audits or specific ISO 45001 trainings and were particularly challenging for our clients:
Especially the term „WORKER” is often equated with the term employee. However, in ISO 45001, a „worker” is defined as any “person performing work or work-related activities that are under the control of the organization“. This also includes workers employed by the organization, workers of external providers, contractors, individuals, agency workers etc.
It is not required that certified organizations modify their established terms, which are aligned with the respective national law. It is sufficient to note in a documented information, that the term „worker“ not only refers to own employees but also to workers of external providers, contractors etc. performing work or work-related activities on behalf of the organization.
Leadership and „WORKER PARTICIPATION”, Clause 5 in the Standard, refers to the various elements of consultation and participation of workers. It can be distinguished between workers employed by the organization, workers of external providers or contractors.
A key element of worker participation in organizations with more than 100 workers is, for example, an employee protection committee (in Austria: ASA). The Standard does not require that the management now has to decide together with workers on the company strategy, but to „consult” their workers when taking a decision on relevant OH&S topics.
The definition of the term „INCIDENT” is broader than the one of an accident, as it refers to an „occurrence arising out of, or in the course of, work that could or does result in injury or ill health”. Occurrences that could or do result in ill health must be taken into account! (These include, for example, the exposure to chemicals or working conditions that result in occupational illness etc. and must be considered!).
IAF MD 22:2018
In the following, the key requirements for implementing IAF MD 22 are summarized:
Prior to making an offer, Quality Austria is obliged to review the facts on basis of a corresponding document, in addition to the qualityaustria General Terms and Conditions, specific OH&S Terms and Conditions have to be agreed with the customer, containing information about legal enforceability of the requirements placed by IAF MD 22 (for example, reporting obligation in case of incidents / legal infringements).
The organization shall inform the certification body, without delay, of the occurrence of serious incidents or breach of regulation necessitating the involvement of the competent regulatory authority. Note to the vague formulation of MD 22:
All these topics may only refer to „Occupational Health and Safety” (for example, a serious incident with reporting obligation acc. to Railway law is not relevant – but there must be „information on incidents such as a serious accident, or a serious breach of regulation related to occupational health and safety” for which the certified organization is responsible.
The Labor Inspectorate is a relevant „competent regulatory authority“.
Our current definition for serious incident that requires notification to the regulatory authority is „Accident > 24 days or fatal accident“ or equivalent serious breach of regulations „more than 5.000 Euro in fine” Attention: only in relation to Occupational Health and Safety.
Notification by the certified organization
The certified organization shall inform the certification body without delay, as soon as it has clarity on the extent of the incident or breach of regulation.
This information must be entered in the respective qualityaustria document or in an internal document showing „what has happened” and whether „the management system has seriously failed”.
The information must be sent to office(at)qualityaustria.com.
Quality Austria then decides together with the auditor and the auditee and in accordance with the requirements of MD 22 on the further procedure. However, this decision is based on facts valid for legal purposes; (assessing whether the breach of regulation has an impact on the occupational health and safety management system can only be taken after a recognized judgment)
In the course of the next audit, the auditor will review and discuss the “incident / breach” and record it accordingly in the audit documentation.
The topic of occupational health and safety must be discussed during the opening meeting.
Audit partner – audit interview
Planning interviews (if relevant) outside of regular office hours (e.g. shift work).
Note: It is not necessary to audit night shifts. If regular working time is, for example, from 9:00 am to 2:30 pm, the company inspection tour should be planned so that auditing of production can be done before 9:00 am or after 2:30 pm.
- Contact persons obliged to participate in the audit and in the closing meeting (*)
- Management with legal responsibility for Occupational Health and Safety (e.g. manager in terms of commercial law, responsible representatives such as fire prevention officers etc.)*
- employee’s representatives with responsibility for Occupational Health and Safety (e.g. safety representative, safety expert, member of the works council etc.)*
- personnel responsible for monitoring employees‘ health (for example occupational physician, emergency response officers, first aiders etc.)*
- managers and permanent and temporary employees;
Note: The persons marked with an asterisk (*) must also participate in the closing meeting.