qudos gap analysis for ohsms · web viewsmt. sample consultation procedure, emails, consultation...

OHSMS Gap Analysis

Based on the requirements of ISO 45001 OHS management standard

CONTENTSClauses of the standard that specify requirements commence at 4.

4 CONTEXT OF THE ORGANIZATION

This document is intended to help identify gaps between current arrangements and the new ISO management system standards and commence the planning of an OHSMS (occupational health and safety management system). It is not a substitute for the standard or an exhaustive definition of its requirements. It is a ‘plain English’ summary of those requirements with notes. The standard is open to other interpretations. A draft copy of the standard may be obtained from ISO, your local standards authority, or other sources.

The analysis may be updated as the system is developed / updated. In completing the Gap Analysis, identify how the requirement will be addressed in your system.

This version of the Gap Analysis tool includes some hints for bridging any gaps – and highlights some of the most relevant resources in Safety Toolkit. These are identified as SMT.

Text may be copied / cut from the Notes sections and pasted into the controls sections as appropriate.

Use of this document is subject to the licence agreements of those products.

5 LEADERSHIP & WORKER PARTICIPATION6 PLANNING7 SUPPORT8 OPERATION9 PERFORMANCE EVALUATION10 IMPROVEMENT

OHSMS Gap analysis- SMT Copyright © 2018 Qudos Management Pty. Ltd. All rights reserved. of 17

Analysis for

Analysis by Date Notes / SummaryInitial analysis

Compliance against each clause of the standard is indicated in the Status field. A simple traffic light system for cell background shading may be used to provide that indication. As follows:

Considered to be fully compliant

Considered to be partially compliant – some fine-tuning, further controls, or full implementation requiredConsidered to be non-compliant – controls either not developed or not widely implemented

N/A Clause not applicable to the organization

? Not verified

Note: The analysis is the opinion of the person performing it – based on the evidence sampled at the time. Due to the sampling nature of the analysis, other compliance issues may be present that were not detected at the time.


Summary of requirements How currently addressed Improvements planned Status Notes

4 CONTEXT OF THE ORGANIZATIONISO 45001 Clause 4.1 - Understanding the organization and its contextConsider what factors can affect the organization’s strategy and ability to achieve its intended results.

Consider external issues: Political, Economic, Social, Technological, Environmental, Legal (PEST or PESTEL).

Consider internal issues such as culture and resources.

Business plan. SWOT (Strengths, Weaknesses,

Opportunities, Threats) analysis. Consider a periodic review.

SMT Situational analysis tools. Meetings documents for review of context e.g. as part of overall management review (also see 9.3).

ISO 45001 Clause 4.2 Understanding the needs and expectations of workers and other interested partiesEstablish which interested parties are relevant to the organization’s OHSMS.

Relevant interested parties are people and organizations that can affect the OHSMS or be affected by it. These steps may be carried out in tandem with 4.1.

Determine what their relevant requirements are.

Legal / obligations review. Customer survey. Employee survey. Expressed in contracts / SLAs

Determine if any requirements become a legal or compliance obligation

Legislation. Permits. Charters. Contracts / SLAs. Voluntary arrangements – such as

industry association guidelines. Consider a periodic review.

SMT Interested parties table as part of Overview documents. Meetings documents for review of interested parties and their relevant needs and requirements e.g. as part of overall management review (also see 9.3).



ISO 45001 Clause 4.3 - Determining the scope of the OH&S management systemDefine and document the scope of the OHSMS.

Scope statement. Availability on server / intranet / web site.

The above may be included in a compiled document such as an ‘OHSMS Overview’.

SMT Scope statement as part of Overview documents.

ISO 45001 Clause 4.4 - OH&S management system and your processesDevelop and operate an OHSMS - including any necessary processes.

Operational and support processes. Overall Process map.

Determine the characteristics and relationships of processes.

Overall Process map and individual Process plans.

From a project point of view, the requirements may already be addressed in Project plans.

Maintain documents to support operations, and keep records.

Document management system. Records management.

5 LEADERSHIP & WORKER PARTICIPATIONISO 45001 Clause 5.1 - Leadership and commitmentTop management demonstrate their leadership of - and commitment to - the OHSMS.

Attendance at management review and certification audits.

Communications to workers and others about the OHSMS.

Establishing policies. Allocation of resources. Other personal involvement.



ISO 45001 Clause 5.2 - OH&S policyTop management establish, review and maintain a suitable policy.

OHS policy. Will need at least a minor update to reflect

the new standards. Subsidiary and/ or related policies.

SMT Sample OHS policy – and subsidiary policies.

The policy is documented and communicated within the organization.

On display in premises, Intranet, Web site, part of induction. Verify understanding and implementation at internal audits.

SMT Master Documents List.

The policy is available to relevant interested parties.

Web site. Part of contractor induction. Visible to visitors.

SMT Sample induction checklist and presentations.

ISO 45001 Clause 5.3 - Organizational roles, responsibilities and authoritiesTop management ensure that people know their OHSMS responsibilities and authorities.

Org. chart, PDs, Delegation of Authorities, KPIs, Roles / Objectives in process plans. RACI Matrix.

SMT Sample PDs, process plans and Delegation of Authorities document. Master Documents List.

Responsibility and authority is specifically assigned to manage and report on the OHSMS.

PD for Compliance Manager.

SMT Example PD for the role.

ISO 45001 Clause 5.4 – Consultation and participation of workers



Arrangements for workers or their representatives to be consulted about and participate in OHSMS decisions.

OHS committee. OHS teams. OHS representative(s). Toolbox talks.Reporting mechanisms for hazards, incidents, and concerns.Wikis, collaboration software, Access to OHSMS / IMS software (issues / audits / risk database).

SMT Sample Consultation procedure, Emails, Consultation procedure, Change management plans, RACI matrix, Overview document (Communications section of clause matrix). Meetings documents for planning / agenda / records / Action points.

6 PLANNING ISO 45001 Clause 6.1 - Actions to address risks and opportunitiesDetermine the risks and opportunities that need to be addressed.

Overall Business LevelUse formal (e.g. Risk matrix, or Tie Line) or informal risk assessment process. The standard does not specify that this process must be documented.

Process / Project LevelRisk section in plans.

SMT Sample risk management procedure. Risk assessment forms.

ISO 45001 Clause 6.1.2 - Hazard identification and assessment of OH&S risksThere is a process for the identification of hazards.

Hazard identification procedure - how you will identify hazards from activities and facilities.

OHSMS software.

Qudos 3 Actions module.

ISO 45001 Clause 6.1.3 - Determination of legal requirements and other requirements



Consider what compliance obligations might apply in relation to OHS aspects.

Compliance / legal review.

Qudos 3 Meetings module.

Maintain documented information about them.

Compliance obligations register. Access to legislation. Standards watch / subscription services. Professional advice.

SMT Sample Legal Requirements Register.

Qudos 3 Master Documents List.

ISO 45001 Clause 6.1.4 - Planning actionPlan action to address legal requirements, other compliance obligations, risks and opportunities.

Overall Business LevelAction plans following on from SWOT analysis.

Process / Project Level Control section in plans.

SMT Sample Process Plans.

Qudos 3 Risk and Actions modules.

Integrate those actions into the business.

Overall Business LevelAction plans following on from SWOT analysis.

Process Level Process / Project LevelMonitoring / measurement sections in plans.

Qudos 3 Various modules including Objectives, Risk, Actions, Training Suppliers, Documents

Evaluate their effectiveness. Qudos 3 Various modules including Audits, Benchmark, Risk, and Meetings.



ISO 45001 Clause 6.2 - OH&S objectives and planning to achieve themEstablish measurable objectives. Document them – including the ‘who, what, when and how’.

At management review, planning meetings.

Objective Register / OHSMS software. KPIs. Records kept as hard copy, Word/PDF

files or in software application.

SMT Objective planning procedure.

Qudos 3 Objectives and Meetings modules.



7 SUPPORTISO 45001 Clause 7.1 - ResourcesDetermine and provide the resources needed for the OHSMS.

Agenda item at management review. PEST or PESTEL / SWOT analysis

(Internal capacity and capability). Gap analysis. Infrastructure / facilities. Work environment. Monitoring and measuring equipment /

resources. Resources section in Process Plans. Project Management Plans. QESH Management Plans. Knowledge retention / management

processes e.g. in the event of loss of key workers – might include apprenticeships, mentoring younger / less experienced workers, technical library, retreats, forums, conferences, wikis, collaboration software, OHSMS software (issues / audits / risk database).

Benchmarking across sites / business units.

SMT Gap analysis tool, management review agenda / minutes.

Qudos 3 Meetings module.

ISO 45001 Clause 7.2 - CompetenceDetermine the necessary levels of competence (for work that affects performance).

Training needs analysis. Position Descriptions.

SMT Sample PDs.



Ensure that the people doing that work are competent.

Training, education, experience, induction (company and site-specific).Training budget and programme.

Qudos 3 Training module.

Where applicable, take actions to acquire the necessary competence, and evaluate their effectiveness.

Training budget and programme. Assessment of competence.


Retain appropriate records. Training records. IDP / Performance review records.


ISO 45001 Clause 7.3 - AwarenessPeople working under the organization’s control shall be aware of:

OHSMS policies. Objectives that are relevant to

their role. How they contribute to the

effectiveness of the OHSMS. The implications of them NOT

conforming with requirements.

KPIs. Intranet Document management software. Awareness session – perhaps as part of

management / staff meetings / Toolbox talks.

Correspondence with suppliers / subcontractors.

SMT Induction checklist presentations.

Qudos 3 Meetings and Documents modules.



ISO 45001 Clause 7.4 - CommunicationWith regards to the OHSMS, determine what to communicate, with whom, when, and how.

What: News of certification and milestones, major successes.How: Intranet, Web site, Blogs, Newsletters, Emails.

SMT Sample Consultation procedure, Emails, Consultation procedure, Change management plans, RACI matrix, Overview document (Communications section of clause matrix).

Qudos 3 Meetings / Actions modules for planning / agenda / records / Action points.

ISO 45001 Clause 7.5 - Documented informationThe OHSMS includes documented information required by standard and otherwise considered necessary.

Scope, Policy, Objectives. IMS Overview. Records of various events.

SMT Various sample documents..

Ensure appropriate identification, description, format, media, review and approval.

Document control procedure. Corporate style guide.

Qudos 3 Documents module.

Information Security: Ensure the CIA triad (confidentiality, integrity, availability), and proper use of documented information.

Information security policy. Data privacy policy. Information security training, awareness

sessions, internal audits. Arrangements to ensure relevant docs.

are accessible to workers or their representatives.

Qudos 3 Documents module and InfoSec Policy Toolkit.



Exercise control over documents / records.

Backup procedures. Document control procedure. OHSMS / IMS software.

SMT Document management procedures.

Qudos 3 Documents module.

8 OPERATIONISO 45001 Clause 8.1 - Operational planning and controlISO 45001 Clause 8.1.1 - GeneralManage the processes needed to meet OHS requirements, and to implement those actions determined in Clause 6.

Procedures / process plans. Project Plans. QESH Management Plans.

SMT Sample Process Plans.

ISO 45001 Clause 8.1.2 – Eliminating hazards and reducing OH&S risksEliminate hazards and reduce risks using the specified hierarchy of controls.

a) Eliminationb) Substitutionc) Engineering controls and

reorganising workd) Administrative controlse) PPE

Hierarchy of controls in procedure / IMS overview / other document(s).

Training.

SMT Sample Risk Management procedure.

ISO 45001 Clause 8.1.3 - Management of changeIdentify hazards and risks associated with change prior to them being made. Manage changes.

Consider the impacts of unplanned changes, and act to mitigate risk / take the opportunities they pose.

Safety in design. Project planning / management. Document control. Change management procedure. Also relates to emergency preparation

and response clauses below.

SMT Sample Change Management procedure.



ISO 45001 Clause 8.1.4 - ProcurementIdentify appropriate controls prior to procuring goods and services.

Delegation of authority.Procurement policy / Purchasing procedures.SLA’s with suppliers / contractors.

SMT Sample Purchasing procedures etc.

Qudos 3 Supplier module.

Ensure that processes, products, and services from external providers meet requirements and are controlled.

Project plans.

Put in place checking or other verification activities.

Contractor induction / verification, Inspection & Test, Certification.

Ensure that specified requirements are adequate, and communicate them to external providers

Review of P.O’s, Contracts, Tender documents, SLAs.

Identify and communicate the hazards relating to contractors.

Evaluate and control the OHS risks relating to contractors.

Could relate to contractor’s own activities, or other activities that might affect contractors.

ISO 45001 Clause 8.2 - Emergency preparedness and response



Prepare for and respond to emergencies.

Potential emergencies should have been identified in addressing clause 6.1.

Review of emergency response plans should particularly take place after an emergency has occurred – performance can then be evaluated and plans improved as necessary.

Interested parties might include neighbours, workers, contractors, visitors, government bodies, emergency services, health care organizations, media etc.

SMT Sample Emergency Response Procedure.

Qudos 3 Documents module (to make documents available), Actions module (to plan and record test responses), Meetings and Audits module (for reviews).

9 PERFORMANCE EVALUATIONISO 45001 Clause 9.1 - Monitoring, measurement, analysis and evaluationEstablish a process for monitoring and measurement, analysis and evaluation.

Procedures. Process / project plans. Checklists. SWMS.

Evaluate the performance, compliance and the effectiveness of the OHSMS.

Internal audit. Compliance evaluation. Health surveillance. Benchmarking. Data analysis.

Qudos 3 Audit, Benchmark, and Meetings modules.



Ensure that verified or calibrated equipment is used as appropriate.

Calibration procedure and records.

SMT Sample Calibration Procedure.

Qudos 3 Audit module (to plan / record calibration).

Retain appropriate records. Internal audit. Compliance evaluation.

Qudos 3 Various modules.

ISO 45001 Clause 9.1.2 Evaluation of complianceEvaluate the organization’s OH&S compliance with legal and other requirements

To include the frequency and method of evaluation and maintaining knowledge and understanding of compliance status. Reference back to Legal / compliance register.

SMT Sample Legal Requirements Register.

Qudos 3 Audit, Injuries, Documents, Benchmark, and Meetings modules.

ISO 45001 Clause 9.2 - Internal auditConduct internal audits at planned intervals.

Audit schedule / OHSMS software.

SMT Sample audit procedure.

Qudos 3 Audit module.

The audit programme takes into account objectives and risks.

Adjust frequency / scope of individual audits as required.

Establish criteria and scope for each audit.

Audit checklist.

Ensure the impartiality and objectiveness of auditors.

People should not audit their own work.



Ensure that the results of the audits are reported to relevant management.

Provide initial report ASAP. Agenda item at management review.

Take necessary correction and corrective actions without undue delay.

Retain records. Maintain audit records as hard copy, Word/PDF files or in OHSMS software application.

ISO 45001 Clause 9.3 - Management reviewTop management review the OHSMS at planned intervals – considering specified inputs or agenda.

Agenda.

SMT Sample Management Review procedure.

Qudos 3 Meetings module. Applies to all items below.

There are decisions and actions related to improvement opportunities, and any need for changes to the OHSMS.

Minutes and action points.

Retain records. Maintain Management review records as hard copy, Word/PDF files or in OHSMS software application.

10 IMPROVEMENTISO 45001 Clause 10.1 - GeneralDetermine opportunities for improvement and take actions to achieve OHS aims.

Mechanisms for suggestions. OHSMS / IMS software e.g. Qudos 3

Actions module.

SMT Sample Procedures.

Qudos 3 Actions module / Dashboard. Applies to all items below.



ISO 45001 Clause 10.2 - Incident, nonconformity and corrective actionWhen an incident or nonconformity occurs, take action to deal with the immediate issue.

Emergency response. First aid. Engineering controls. Action Forms / NC report / OHSMS / IMS

software.Consider any similar nonconformities that might exist.

Note in Action Forms / NC report / OHSMS / IMS software.

Take action to identify and address the root cause(s), and any make any necessary changes to the OHSMS.

Root Cause Analysis. Cause and effect diagrams. Brainstorming.

Retain records.

Records kept as hard copy, Word/PDF files or in OHSMS / IMS software application.

ISO 45001 Clause 10.3 - Continual improvementContinually improve the suitability, adequacy, and effectiveness of the OHSMS

Agenda item at management review.

Analyse data to confirm if there are opportunities for improvement.

Data could come from various forms of evaluation or management review.OHSMS / IMS software action history / dashboard.
