Regime change

Ruth Wilkinson, IOSH head of health and safety, discusses her lead in developing IOSH’s own occupational health and safety management system to compliance with ISO 45001.

IOSH is currently developing its occupational health and safety management system (OHSMS) in compliance with ISO 45001:2018. Our formal gap analysis and certification audits will take place later this year.

We have just under 200 employees, and we engage with approximately 1000 volunteers to support the delivery of our strategy, WORK 2022. We own one building, our headquarters at The Grange in Leicestershire. The majority of our employees are based here; however, a small proportion are contracted home workers, mobile workers, flexible workers and those who travel for business.

Our journey to implementation has highlighted both challenges and useful approaches along the way. 

1. Leadership and commitment – the buy-in

Senior management must demonstrate leadership and commitment. Within ISO 45001, there is a list of specific responsibilities that senior management must personally direct or be engaged in performing. For example, they must ‘lead and promote a culture’.

At IOSH, not all staff are health and safety professionals. Therefore, we have a role to play in supporting and enabling senior management to do this and evidence it.

One way we’ve approached the promotion of this culture is to make good health, safety and wellbeing practice one of our organisational values and behaviours. Likewise, we embedded health and safety into core business, demonstrating commitment and supporting changes in behaviours.

Providing training (including IOSH Leading Safely) to our senior management has also supplied clarity on responsibilities, the integration of health and safety into business management, and consideration of assurance measures, the maturity model and continual improvement.

We have taken a ‘whole person’ approach, with physical and mental health and wellbeing fully integrated into our OHSMS. I also work closely with our head of people to further develop and evolve our health and wellbeing agenda. 

2. Identifying the gaps

To start the journey to ISO 45001, I procured a copy of the standard and carried out a gap analysis. An action plan was then developed. This was a huge undertaking, so I recommend the use of project management tools and techniques such as Gantt charts.

3. Context

To comply with ISO 45001 and develop the OHSMS, there must be an understanding of the organisation and its context. This provides an understanding of the entire environment – internal and external – the organisation operates within. This goes back to the space IOSH inhabits as a professional body, charity, employer, collaborator, and so on.

To provide some structure, I initially applied the PESTLE (political, economic, social, technological, legal and environmental) and SWOT (strengths, weaknesses, opportunities and threats) analysis techniques.

In the interest of continual improvement, our analysis technique is now a STEEPLE-M (adding ‘ethical’ and ‘media’ to PESTLE). Involving key colleagues within this process is essential, as different parts of the business bring different pieces of knowledge, understanding, threats, opportunities and strengths.

One tip is to create a one-page overview of key findings – especially useful when presenting to senior management. 

4. Workers

Under ISO 45001, a worker is defined as one who undertakes work that an organisation controls: employees as well as non-employees, such as volunteers, contractors, self-employed and agency workers.

A worker for ISO 45001 purposes is not to be confused with a worker as defined in employment law.

IOSH volunteers make a valued contribution to our strategy and our wider membership. We engage with many volunteers who undertake a variety of roles, including networks, panel interviews, broad trustees and council members.

Colleagues within IOSH have developed a new volunteer agreement that details our commitments to volunteers and includes our duty of care for health and safety. Our OHSMS also includes a process for volunteer health, safety and wellbeing as well as guidance and risk assessment for volunteer activities. 

5. Competence

We are not an organisation made up solely of health and safety professionals. To ensure health and safety competence, a training needs analysis was undertaken.

This coincided with a review of our learning and development; therefore the health, safety and wellbeing training was embedded within the overall programme.

We used our own IOSH training products such as Working Safely, Managing Safely and Leading Safely and provided other training/learning outcomes.

I also delivered the IOSH course Managing Occupational Health and Wellbeing to all our managers; this focused on the management of health in the workplace, of both work-related and non-work-related ill health. I am also looking to introduce the new IOSH Corporate Governance course for senior management. 

6. Performance evaluation

Measuring and reviewing performance is vital, so we reviewed our existing key performance indicators and identified a list of new ‘workforce indicators’. The head of people and I developed these together to ensure a focus on personnel, with the indicators being a blend of leading and lagging indicators. This balance is really useful in demonstrating the benefits and outcomes of health, safety and wellbeing action, so it is worth reviewing your indicators to ensure you achieve a similar balance and focus on outcomes. IOSH’s The healthy profit can help support an argument for investment in health and safety and measuring its returns. 

7. Integration of OHSMS into business processes

Our approach at IOSH has been to actively integrate health, safety and wellbeing into core business activities such as procurement, travel, learning and development offerings, business continuity, values and behaviours and the volunteer agreement.

This has been aided by my membership on the Business Management Group, which is the operational decision-making body within IOSH.