ohsas 18001 self assessment checklist(1)

7/13/2019 OHSAS 18001 Self Assessment Checklist(1)

1/19

An NCSI PublicationS003/Issue 3/October 2012 Page 1

OHSAS 18001:2007

Self Assessment Checklist

S003, Issue 3, October 2012

This document restates the requirements of OHSAS18001:2007 for Occupational Health andSafety Management Systems (OHSMS) and has been developed to assist NCSI and its clients inthe assessment of for Occupational Health and Safety Management Systems for compliance withOHSAS18001:2007.

This checklist presents the requirements of OHSAS18001:2007 as questions and can be used asan effective tool for implementing the Occupational Health and Safety Management System andfor self-assessment of the system.


2/19

NCSI PublicationOHSASS003

Issue No. 3 Issue Date: October 2012


ISO 18001:2007 SELFASSESSMENT CHECKLIST

TABLE OF CONTENTS

4.1 GENERAL REQUIREMENTS - SCOPE OF CERTIFICATION ........................................1

4.2 OCCUPATIONAL HEALTH AND SAFETY POLICY........................................................2

4.3 PLANNING ......................................................................................................................3

4.3.1 Hazard Identification, risk assessment and determining controls. .............................3

4.3.2 Legal and Other Requirements .................................................................................5

4.3.3 Objectives & Programme(s) ......................................................................................6

4.4 IMPLEMENTATION AND OPERATION...........................................................................7

4.4.1 Resources, roles, responsibility, accountability & authority .......................................7

4.4.2 Competence, training and awareness .......................................................................9

4.4.3 Communication, Participation and Consultation ......................................................10

4.4.3.1 Communication ....................................................................................................10

4.4.3.2 Participation and Consultation..............................................................................10

4.4.4 Documentation System ...........................................................................................11

4.4.5 Control of documents ..............................................................................................11

4.4.6 Operational Control .................................................................................................12

4.4.7 Emergency Preparedness and Response ...............................................................13

4.5 CHECKING ....................................................................................................................14

4.5.1 Performance Measurement and Monitoring ............................................................14

4.5.2 Evaluation of compliance ........................................................................................14

4.5.3 Incident Investigation, Non-conformity, Corrective & Preventive Action...................15

4.5.3.1 Incident Investigation ...........................................................................................15

4.5.3.2 Non-conformity, Corrective & Preventive Action ............................................... ....15

4.5.4 Control of Records ..................................................................................................174.5.5 Internal Audit...........................................................................................................18

4.6 MANAGEMENT REVIEW ..............................................................................................19


3/19



OHSAS18001:2007 SELFASSESSMENT CHECKLIST


OHSAS 18001 REQUIREMENTS COMMENTS ON SYSTEM STATUS

4.1 GENERAL REQUIREMENTS - SCOPE OFCERTIFICATION

What is the scope of the Occupational Health andSafety management system and what scope is beingassessed for certification?

Does it include those hazards and risks which youcan control or over which you could be expected tohave an influence upon?

Is the scope of the OHS management systemdefined and formally documented within your

organisations OHS management system (OHSMS)documentation?

Are there activities that are excluded from the scopeof the OHS management system and are thereasons for exclusion acceptable?

4.2 OCCUPATIONAL HEALTH AND SAFETYPOLICY

Has top management defined and authorised yourorganisations OH&S policy?

. Is the policy consistent with the scope of the OH&S

management system?. Is the policy appropriate to the nature, scale andOH&S risks in your activities, products or services?

. What commitment does your policy maketo continual improvement?

. What commitment does your policy make to theprevention of injury and ill heath in the workplace?

. Does the OH&S policy include a commitmentto comply with applicable OH&S legislation andregulations, and with other requirements to whichyou subscribe that relate to your OH&S hazards(e.g. Industry sector guidelines)?

. Does the policy provide the framework forsetting and reviewing OH&S objectives?

. Is the OH&S policy documented, implementedand maintained?

. How is the policy communicated to all personsworking under the control of the organization?

. How is the policy made available to theinterested parties?

. Is the policy reviewed at regular intervals andwhat triggers will result in the review to beundertaken by the organisation?


4/19






4.3 PLANNING

4.3.1 Hazard Identification, risk assessment anddetermining controls.

Has your organisation established, implemented andmaintained a procedure for the ongoing identification ofhazards, assessment of their risk and determining thenecessary controls?

How do the procedures for hazard identification and riskassessment:-

a) Take into account the routine and non- routineactivities of the organisation?

b) Take into account the activities of all persons

accessing the workplace including contractors andvisitors?

c) Take into account the human behaviour, capabilitiesand other human factors?

d) Take into account the identified hazards includingthose that may originate from outside the workplacethat are capable of adversely affecting the health andsafety of persons under the control of the organisationwithin the workplace?

e) Take into account the hazards created in the vicinityof the workplace by work-related activities under thecontrol of the organisation

(Note that these hazards may need to be

assessed as an environmental aspectrefer to theISO14001 checklist section 4.3.1)?

f) Take into account how the infrastructure, equipmentand materials at the workplace from all sources affectthe organisation?

g) Take into account the changes or proposedchanges to the organization, its activities or materials?

h) Take into account how modifications to the OH&Ssystem, whether they be temporary or not, impact onthe operations, processes and activities of theorganisation?

i) Take into account any applicable legal obligations

relating to risk assessment and the implementation ofcontrols?

j) Take into account the effects of the design of

work areas, processes, installations,machinery/equipment, operating procedures and workorganisations, including their adaptation to humancapabilities?


5/19






How is your organisations methodology for

hazard identification and risk assessmentdefined with respect to its scope, nature andtiming to ensure it is proactive rather thanreactive?How does the methodology provide for theidentification, prioritisation and documentation of therisks and the application of the controls to be used?

How does your organisation identify, for themanagement of change, the OH&S hazards andOH&S risks associated with the changes in theorganisation, the OH&S management system, orits activities, prior to introducing the changes?

How does your organisation ensure that the resultsof these assessments are taken into account whendetermining the controls to be used?

How do the controls determined, or when consideringchanges to existing controls, also taken into accountthe reduction of the risks using the hierarchy ofcontrols in the order of

a) elimination;b) substitution;c) engineering controls;d) signage/warnings and/or administrative

controls;e) personal protective equipment?

How does your organisation document and keep theresults of the identification of hazards, riskassessment and determination of controls up-to-date?

How does your organisation ensure that the OH&Srisks and determined controls are taken into accountwhen establishing, implementing and maintaining itsOH&S management system?


6/19






4.3.2 Legal and Other Requirements

Has a procedure been established and implementedto identify and access legal and other OH&Srequirements (e.g. State and Federal Acts andregulations, codes of practice, guidance notes,Australian/New Zealand and industry standards) thatare applicable to it?

How are these identified applicable legal and otherrequirements which your organisation subscribes to,taken into account when establishing andimplementing your OH&S management system (e.g.objectives, monitoring and measuring, training,auditing etc)?

How are the above procedure(s) maintained?

How does your organisation ensure the legal andother requirements are kept up-to-date?

How does your organisation communicate therelevant information on legal and other requirementsto persons working under their control and any otherrelevant interested parties? (i.e. to employees,contractors, visitors and any other interested person).

Note: it does not imply that these people are required

to have a legal qualification but a fundamentalunderstanding of their duty with respect to the areascommunicated to them by the organisation.


7/19






4.3.3 Objectives & Programme(s)

Has your organisation established, implemented andmaintained documented OH&S objectives?

Have these been established at relevant functionsand levels within the organisation?

Has your organisation established, implemented &maintained a programme(s) for achieving itsobjectives?

Are the objectives measurable (where practical) andconsistent with the OH&S policy includingthecommitments to:

prevention of injury and ill health?

compliance with legal and other requirements

including those it subscribes to?

continual improvement ?

When setting your objectives how do you take intoaccount:

legal and other requirements including those it

subscribes to?

its OH&S risks?

its technological options?

its financial, operational and businessrequirements?

the views of relevant interested parties?

Who is responsible and authorised at the differentlevels of your organisation for implementing theprogramme(s)?

What are the means and timeframes for achieving

the different objectives?

How does your organisation ensure thatprogramme(s) are amended as a result of newdevelopments, new or modified activities, productsand services?

Has your organisation set planned intervals to reviewand adjust the objectives so that they are achieved?


8/19






4.4 IMPLEMENTATION AND OPERATION

4.4.1 Resources, roles, responsibility,accountability & authority

How does your organisation demonstrate that theultimate responsibility for OH&S and the OH&Smanagement system lies with the TopManagement?

Does the Top Management demonstrate itscommitment by:

a) ensuring that resources essential toestablishing, maintaining and improving the

OH&S Management system are available?Do these resources include:

human resources?

specialised skills?

organisational infrastructure?

technology?

financial resources?

b) How are the roles, responsibility,accountabilities and authorities defined,documented and communicated in order toachieve effective OH&S management?

Has your organisation appointed a member(s) fromTop Management with specific responsibilities anddefined roles and authority for :

a) ensuring that the OH&S managementsystem is established, implemented andmaintained in accordance with theOHSAS18001 standard?

b) ensuring that reporting on the performanceof the OH&S management system ispresented to Top Management for reviewand used as the basis to identifyimprovements to the OH&S managementsystem.

Note: That the Top Management appointee(undersome circumstances) may delegate someof their OH&S duties to subordinate managementrepresentative(s), but cannot delegate the OH&Saccountabilities.


9/19






How is the identity of the Top Management

appointee made available to all persons workingunder the control of your organisation?

How do all those with management responsibilitydemonstrate their commitment to continualimprovement of the OH&S performance?

How does your organisation ensure that persons inthe workplace take responsibility for the aspects ofOH&S over which they have control, includingadhering to the organisations applicable OH&Srequirements?


10/19






4.4.2 Competence, training and awareness

How does your organisation ensure that all personsworking for them, or under their control (e.g. staff,contractors, shift workers, casual staff, labour hireetc), are competent to undertake the tasks that canimpact on OH&S?

Note: Assessment of competence can be on thebasis of appropriate education, training and/orexperience.

Has your organisation retained competencyassociated records?

How does your organisation identify training needs

associated with its OH&S risks and its OH&Smanagement system?

Has training, or other actions required to meet theseneeds been delivered, the effectiveness of thetraining evaluated and associated records retained?

Has a procedure(s) been established, implementedand maintained to ensure that the people working for,or under the control of your organisation are awareof:

a) the OH&S consequences, actual or potential,

of their work activities, their behaviour andthe OH&S benefits of improved personalperformance?

b) their roles and responsibilities andimportance of conforming to the OH&Spolicy, procedures and to the requirementsof their OH&S management systemincluding emergency preparedness andresponse requirements?

c) do they understand the potentialconsequences if they deviate from thespecified procedures?

Do the training procedures take into accountdifferent levels of:

i. responsibility?

ii. ability?

iii. language skills?

iv. literacy?

v. risk?


11/19






4.4.3 Communication, Participation and

Consultation

4.4.3.1 Communication

As relevant to its OH&S risks and OH&SManagement System, has your organisationestablished, implemented and maintainedprocedure(s) for:

a) internal communication between the variouslevels and functions of your organisation?

b) communication with contractors and othervisitors to the workplace?

c) receiving, documenting and responding torelevant communication from externalinterested parties?

4.4.3.2 Participation and Consultation

Are workers informed about the arrangement of theirparticipation and who is their representative(s) onOH&S matters?Note: In Australia and New Zealand the variousstates and territories have specific legislativerequirements for the election, training andrepresentation of members on the consultativeOH&S process.

Has your organisation established, implemented andmaintained procedure(s) for:

a) the participation of workers and has thistaken into account -

i. their involvement in hazard identification,risk assessments and determiningcontrols?

ii. their involvement in incidentinvestigations?

iii. their involvement in the development and

review of the OH&S Policies andobjectives?iv. that they be consulted where there are

changes that effect their OH&S?v. that they have representation on OH&S

matters?

b) the consultation with contractors where thereare changes that affect their OH&S?

How does your organisation ensure that, whenappropriate, the relevant external interested partiesare consulted about pertinent OH&S matters?


12/19






4.4.4 Documentation System

Does your organisations OH&S managementsystem documentation include:

the OH&S policy, objectives?

a description of the scope of the OH&S

management system?

a description of the main elements of the OH&S

management system, their interaction andreference to related documents?

documents and records required by the

Standard?

Documents, including records, necessary for the

effective planning, operation and control ofprocesses related to its OH&S risks?

How is this maintained?Note: the level of documentation will depend on thecomplexity, hazards and risks in your organisation inorder for the system to be effective and efficient.

4.4.5 Control of documents

Has your organisation established, implemented andmaintained a procedure(s) for controlling alldocuments required by this OHSAS 18001 standard?

Does the procedure address:

(a) Who approves the documents for adequacybefore they are issued?

(b) how they are periodically reviewed, updated andre-approved as necessary?

(c) how changes and the current revision status areidentified?

(d) How current versions of relevant documents aremade available at points of use?

(e) How the legibility and identification of thedocuments is ensured?

(f) How external documents, as determined by theorganisation to be necessary for the planningand operation of the safety management systemare identified and their distribution controlled?

(g) How to prevent obsolete documents againstunintended use, and apply suitable identificationto them if they are retained for any purpose?


13/19






4.4.6 Operational Control

How has your organisation determined theoperations and activities that are associated with theidentified hazard(s) and implementation of controls isnecessary to manage the OH&S risk(s).Has the management of change been included(4.3.1)?

From the identified hazard(s) and OH&S risk(s) hasyour organization implemented and maintained:

a) operational controls, as applicable toyour organisation and its activities?

b) integrated operational controls into itsOH&S management system?

c) controls related to purchased goods,equipment and services?

d) controls related to contractors andother visitors to the workplace?

e) documented procedures, to cover situationswhere their absence could lead todeviations from the OH&S policy and theOH&S objectives?

f) stipulated operating criteria where theirabsence could lead to deviations from theOH&S policy and OH&S objectives?

How are the above procedure(s) maintained?


14/19






4.4.7 Emergency Preparedness and Response

Has your organisation established, implemented andmaintained a procedure(s):

a) to identify the potential emergencysituations?

b) and to response to such emergencysituations?

Does the procedure(s) cover how your organisationwill respond to actual emergency situations?

Does the procedure(s) cover how your organisationwill prevent or mitigate the associated adverse OH&Sconsequences?

How does your organisation plan its emergencyresponse and does it take into account the needs ofrelevant interested parties?(Note: this can include emergency services,neighbours, visitors, media crews, delivery vehicles,electricity, gas and water suppliers, etc)

How does your organisation test these procedure(s)to be able to respond to these emergency situationsand, where practicable, do you involve relevantinterested parties? (see above for some interestedparties).

Is this testing, above, periodically undertaken and atwhat intervals?

Does your organisation periodically review, reviseand update its emergency preparedness andresponse procedure(s) after the completion of thescheduled test and after the occurrence of anemergency situation, where necessary? (see 4.5.3).


15/19






4.5 CHECKING

4.5.1 Performance Measurement andMonitoring

Has your organisation established, implemented andmaintained a procedure(s) to monitor and measureOH&S performance, on a regular basis and does theprocedure(s) provide for

(a) both qualitative and quantitative measures, asappropriate for your organisation needs?

(b) monitoring of the extent to which your

organisations OH&S objectives are met?(c) monitoring the effectiveness of controls for both

health and safety?

(d) proactive measures of performance that monitorthe conformance with your OH&Sprogramme(s), controls and operational criteria?

(e) reactive measures of performance that monitor illhealth, incidents, accidents, near misses,potential incidents, etc and other historicalevidence of deficient OH&S performance?

(f) recording of data and results of monitoring andmeasurement sufficient to assist in the analysis

of corrective and preventative action(s).

How is monitoring and measuring equipmentcalibrated or verified and maintained (procedure)?

Are calibration or verification records retained?

4.5.2 Evaluation of compliance

Has your organisation established, implemented andmaintained a procedure(s) for periodically evaluatingits compliance with the applicable legal and otherrequirements identified in clause 4.3.2 of thisstandard?

Has your organisation evaluated its compliance withother requirements identified in clause 4.3.2 of thisstandard?

Are the records of the results of these periodicevaluations maintained?

Note: the frequency of the periodic evaluation mayvary for legal and other requirements which yourorganisation may subscribe to.


16/19






4.5.3 Incident Investigation, Non-conformity,

Corrective & Preventive Acti

on

4.5.3.1 Incident Investigation

Has your organisation established, implemented andmaintained a procedure(s) to record, investigate andanalyse incidents:

a) in order to determine any underlying OH&Sdeficiencies and other factors that might becausing or contributing to the occurrence ofincidents?

b) in order to identify the need for correctiveaction

c) in order to identify opportunities forpreventative action and continualimprovement

d) in order to communicate the results of theinvestigation.

Does your organisation undertake theseinvestigations in a timely manner?(Note: You may also want to define what yourorganisation considers timely).

Does your organisation use the Non-conformity,Corrective & Preventive Action system to deal withany actions? (see 4.5.3.2).

4.5.3.2 Non-conformity, Corrective & PreventiveAction

Has your organisation established, implemented andmaintained a procedure(s) for :

(a) dealing with actual and potential non-conformities, and

(b) corrective and preventive action?

Do your procedures define requirements for:

(a) identifying and correcting non-conformities andtaking action to mitigate the resulting OH&Sconsequences?

(b) Investigating the non-conformities, determiningtheir causes and take action to avoid theirrecurrence?

(c) Evaluating the need for actions to be taken toprevent non-conformities, and implementingappropriate actions?

(d) Recording the results of corrective andpreventive actions taken?

(e) Reviewing the effectiveness of corrective andpreventive actions?


17/19






When your organisations corrective and preventative

action system identifies new or changed hazards andcontrols, does your procedure require yourorganisation to undertake a risk assessment prior toimplementation (of the actions)?

How do you decide that the action(s) taken toeliminate the causes of actual and potential non-conformities are appropriate to the magnitude of theproblem(s) and proportional to the OH&S risk(s)encountered?

How do you ensure that changes (if any) are made inthe OH&S management system documentation?

4.5.4 Control of Records

Has your organisation established, implemented andmaintained procedures for the identification, storage,protection, retrieval, retention and disposal of OH&Srecords?

How are these updated?

Do these records include those that are necessary todemonstrate conformity to the requirements of thestandard and include (for example), records of:

(a) competence, training & awareness?

(b) communication?

(c) evaluation of compliance with legal and otherrequirements?

(d) monitoring and measurement?

(e) corrective & preventive action?

(f) Internal audits?

(g) Management review?

Are the records legible, identifiable and traceable?

How do you store the OH&S records in order thatthey are readily retrievable and protected againstdamage, deterioration or loss?

Do you have a backup procedure for electronicrecords?


18/19






4.5.5 Internal Audit

Has your organisation planned, established,implemented and maintained a programme andprocedure(s) for periodic internal audits to beconducted?

Do these internal audits determine whether or not theOH&S management system:

(a) conforms to planned arrangements forOH&S management including therequirements of this standard, and

(b) has been properly implemented and maintained?

(c) is effective in meeting your organisations policy

and objectives?

How does the audit programme take into account theOH&S risk assessments of your organisationsconcerns, and the results of previous audits?

How does your organisation provide information onthe results of audits to management?

Does the audit procedure cover:

(a) the responsibilities, competencies, and

requirements for planning and conducting audits,reporting results and retention of associatedrecords?

(b) The determination of audit criteria, scope,frequency and methods?

How is the competency of the OH&S auditors useddetermined?

How does the selection of auditors and the conductof audits ensure objectivity and impartiality of theaudit process?


19/19





4.6 MANAGEMENT REVIEW

Has your organisations top management (atplanned intervals) reviewed the OH&S managementsystem, to ensure its continuing suitability, adequacyand effectiveness?

Does the review include assessing opportunities forimprovement and the need for changes to the OH&SManagement System, including the OH&S policy anOH&S objectives?

Do the inputs to management review include:

(a) results from internal audits and evaluations ofcompliance with legal and other requirements?

(b) the results of participation and consultation?

(c) relevant communication from external parties,including complaints?

(d) the OH&S performance of your organisation?

(e) the extent to which the objectives have beenmet?

(f) the status of incident investigations, correctiveand preventive actions

(g) follow-up actions from previous managementreviews

(h) changing circumstances, including developmentsin legal and other requirements related to OH&S,and

(i) recommendations for improvement?

Do the outputs from the management review includedecisions and actions related to possible changes tothe OH&S policy, objectives, resources, OH&Sperformance and other elements of the OH&Smanagement system, and consistent with thecommitment to continual improvement?

Are the records of the management reviews retainedand made available for communication andconsultation?