Scoping out IOSH – implementing ISO 45001

Why certify?

Working as an in-house safety professional at IOSH can sometimes be a daunting prospect.

On one hand we are the world’s only Chartered health and safety organisation, representing and supporting around 50,000 members in over 130 countries. And we, in turn, are supported by an amazing army of around 1,000 volunteers.

On the other hand we are a relatively low-risk business with around 240 employees headquartered at a pleasant office in rural Leicestershire in the heart of England.

I think it is safe to say that many organisations of a similar size and occupational safety and health (OSH) risk profile would not even entertain the thought of seeking ISO 45001 certification. If you're not familiar with it, this is the international standard for safety and health at work.

Here's the thing though: once you get to know the standard and how it is externally certificated, ISO 45001 is very flexible and proportionate to all types of business and risk profiles. 

Keeping it real

Hopefully you are already meeting legal requirements in terms of policy, risk assessment, arrangements and competence. So, at the start of your ISO 45001 journey, just capture what you already do and carry out a gap analysis against the standard to find where your shortcomings may be. 

Yes, the standard requires certain elements to be ‘documented information’ that you might not have in place already but they can be as simple or detailed as you need them to be. The key is to make them accessible, sensible and achievable so that you can demonstrate that they are actually implemented when you come to certification audit. 

There are useful ISO 45001 readiness checklists freely available on the internet that you can use to gauge your progress against the standard. Or, you can seek outside assistance with a gap analysis from a consultancy.

Scope it out

IOSH is a surprisingly diverse organisation – we're a membership body, a charity and are commercially active, which funds our charitable objects. When deciding on scope of certification, there was a temptation to exclude elements of the business that may be more troublesome to implement. But we felt this was not in keeping with the spirit of the standard. 

So, in the end, we covered everything in our scope. Have confidence in your organisation and include everything that’s relevant.

It’s okay to be immature

A common factor in certification throughout the various flagship ISO standards based around the Annex SL framework – such as ISO 9001 (quality), 14001 (environmental) and 27001 (information security) – is that your organisation’s maturity in the subject area will be taken into account against the standard. It recognises you are on a journey just the same as all the other organisations that are audited.

Absolute perfection in all areas of the standard is not required. However, leadership commitment, meeting and evidencing the key requirements of the standard, and a desire for continuous improvement are a must.

Just be brave and go for it

Looking back on our journey, my main piece of advice if you are contemplating certification is to just be brave and go for it. Once you have the basic framework in place and have given it time to embed where you have introduced new processes or activity, you will be ready.

Once your organisation achieves it, you may just kick yourself for waiting so long!