Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo including content not in the forum - Search results with No ads.

ISO 45001:2018 - Occupational Health and Safety Management Standard

Hello !

I am retired from my company (a large French international company) and I can not speak for him anymore. But we had a prevention processus of psychosocial risks at work. In my company, these risks were not the object of conventional reactive indicators such as enumeration or frequency of accident or near-miss, but with more specific indicators.

On the other hand, our approach was more proactive: our occupational risk assessment processus incorporated a specific psychosocial risk assessment component to consider their primary prevention.

But it is certain that these risks are not treated as chemical risks or noise given their very nature and that we are less familiar with their treatment. And

Companies are "cautious" to address these risks because their management and their organization are in question. These psychosocial risks are collective et organizational (company level) while many managers prefer to think these risks are rather "personal" and "individual" (employees level).

We find the sources of risk in factors such as intensity and working time, emotional demands of work, lack of autonomy in the work, deteriorated social relations at work, conflicts of values, insecurity of the work situation, perceived or suffered by employees...

Last edited:
(other following)

Some lecture : Demand/Control Model: a Social, Emotional, and Physiological Approach to Stress Risk and Active Behaviour

Here the summary of the tool (document "evaluate PsychoSocial Risk factors, the PSR tool", see attachment to translate in your language... sorry) I used in my company to assess PsychoSocial Risk (PSR):

User Guide :
Who should fill in the evaluation grid? page 8
How to use the evaluation grid? p8
What to pay attention to during the exchanges? p9
Summary of the assessment of PSR factors by work unit p9
Psychosocial Risk Assessment Matrix per Unit of Work :
Intensity and complexity of work p13
Difficult work schedules p16
Emotional requirements p18
Low work autonomy p20
Worsened social relations at work p22
Conflicts of values p24
Job and working insecurity p25
Summary table of psychosocial risks factors assessment per unit of work p27

But here we are far from the general notion of OH&SMS according to ISO 45001 ... ;)



Last edited:


Starting to get Involved
Hello !

Blockbuster, to assess OH&S risks from identified hazards, "while taking into account the effectiveness of existing controls" means to assess the "current" risks, as assessed by today's reality of work situations "with" or "after" the prevention dispenses already in place and practiced... In other words, it is a question of assessing the real risks and not the "initial", "raw" or "theoretical" risks "without" or "before" the effectiveness of existing controls.

I try a trivial ilustration: I drive my car according to the regulation, it is consistent and in good condition, I drive on a highway in great weather, there is little traffic, I did not drink alcohol, etc. ... I will not start my assessment of risk of accident considering that my car has no brake and that its wheels are smooth, that I roll on a dirt track at too high speed, the weather conditions are bad and I am drunk, etc... to then "apply" fictional the goods points of the reality !

Another simpler but equally trivial example: I'm standing on a balcony on the tenth floor of a building to enjoy the view. I will directly consider (evaluate) that the risk of falling from the balcony is zero because there is a railing! That is to say, I will not evaluate this situation at first by considering the risk of crashing to the ground as if there were no railings (stupid gross risk!) ... to "apply" in a second time the already existing "guardrail" prevention measure and finally consider that I don't risk to fall into the void (current non-risk directly evaluable, otherwise I think I would not put myself in such situation on this balcony).

Other: if I want to measure which quantity of dangerous vapors I breathe (risk assessment) when I am on a workstation equipped with a vapor collection system. I will not stopping this aspiration (= not taking into account the effectiveness of existing controls) before ! I will do my measurement "while taking into account the effectiveness of existing controls" as said in ISO 45001 = I keep the vapor collection system running !

Ok ?
Thanks, I get all that. To get to the thrust of where I am coming from. Let's say that I have done everything required by (a) but without using a scoring matrix, then how can I then satisfy the requirements of (b) relating to defining what our 'methodologies' and criteria are if I don't use a numbering system?


Hello !

Blockbuster you "have done everything required by (a) but without using a scoring matrix", so what ? Examples : if you evaluate the risk of deafness in a work activity by measuring noise day exposure level, or if you approach the PSR with the kind of tool that I evoked in a previous message, etc... you are able to document methods and criteria of your OS&H risks assessment process in accordance with ISO 45001 requirements ... Anyway in this case your process is much relevant than with a so-called "probability x gravity scoring matrix" for example !!!!! (As I have said a few times here at Elsmar Cove, this kind of non-specific, unique, totally subjective, approximate, difficult to reproduce, and all-purpose tool is not professional)

In response to your questions here is my reading of Article

- paragraph a) requests to proceed evaluation of the OS&H risks for workers (as OS&H manager I am confortable because it is OS&H issues: electricty, chemicals, etc ...).

- paragraph b) requests to identify and evaluate risks related to the OS&HMS functioning (I am less comfortable because it is not OS&H issues: weakness of our regulatory knowledge for some countries where we have interventions? very soon the only OS&H officer of the company will be retired? etc ... it's depends on your company).

- last paragraph requests to determine and document method(s) and criteria regarding OS&H risk assessment process (cf a)) but not regarding risks related to OS&HMS functioning (cf b)).

I confirme / your questions:
- a): no requirement to use any scoring matrix for OS&H risks assessment.
- b): no requirement of method, criteria or document for OS&HMS risks.
- But requirement to document methods and criteria regarding a) !

Other opinions ? Bye.
Last edited:


Starting to get Involved

Good afternoon to you. Thank you for your thoughts on .

Looking at this again taking into account your comments, the last paragraph of this clause when read against (a) talks about defining 'methodologies'.

Respectfully, you mentioned 'methods', which is slightly different. Methodology requires the application and involvement of qualitative and quantitative techniques, and therefore, the difficulty we had during our recent audit was that we could not demonstrate that we had defined these for the assessment of OH&S risks. Why? because we do not use a numbers-based system for assessing level of risk (i.e. nothing that is quantitative).

The approach to carrying out our risk assessments is based on experience on what we know are the main OH&S risks in the industry in which we operate, as well as knowledge of our operational processes - no more than that.

The auditor understood what we told him, but he then repeated that last paragraph and asked to see evidence of where we have defined the organisation's methodology and criteria for the assessment of OH&S risks with respect to their scope, nature and timing...... and this is where we struggled.


Hello !

Blockbuster, I don't speak the English language but ok, let's take exactly the terms of the standard : ISO 45001 requires "The organization’s methodology(ies) and criteria for the assessment of OH&S risks shall be defined with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way. Documented information shall be maintained and retained on the methodology(ies) and criteria.

I found différentes definitions of the term "methodology" in dictionaries :
- a set of methods used in a particular area of study or activity
- a system of ways of doing, teaching, or studying something
- a body of methods, rules, and postulates employed by a discipline
- a system of methods and principles for doing something
- etc...
I don't found your idea as "Methodology requires the application and involvement of qualitative and quantitative techniques"...

But your problem with your auditor is not the definition of the term "methodology", it is rather that "you could not demonstrate that you had defined these (methodologies) for the assessment of OH&S risks. Why? because you do not use a numbers-based system for assessing level of risk (i.e. nothing that is quantitative). But what is this "to use a numbers-based system for assessing level of risk" requirement ?

I reuse my previous examples: if I measured the daily noise exposure of a worker at 92 dB (A) ... I have a good assessment of his risk of deafness ; if all the psychosocial risks factors of a team of workers are very "strong" using the tool I already mentioned ... I have a good evaluation of its psychosocial risks. By documenting these methodologies (noise measurement, PSR tool) and their criteria I am compliant with ISO 45001 Yes or no ?



Starting to get Involved
^^ good mornings.

I think the definitions you have outlined above would involve measurement criteria being applied, and therefore, they fit with what I have previously said about using qualitative and quantitative techniques. Methodology would then require these techniques to be applied in a systematic way.

We couldn’t demonstrate that because, as I have said before, we simply used our experience and knowledge of the task being risk assessed. Nothing wrong with that under normal circumstances, but afraid not good enough to demonstrate compliance with the 45001 clause.

Noise measurement, however, is different because metrics are the main basis for assessment of noise levels. Therefore no problem in being able to demonstrate methodologies and criteria.

But what about all the other tasks, e.g. workplace transport, operation of a guillotine, etc?


Hello !

Ok Blockbuster, I am ok to consider "methodologies" use qualitative and quantitative elements*, but I say qualitative and/or quantitative because (cf same examples):
- It is obvious that when a risk factor is physically "measurable" (as noice level) we have a quantitative basis, ok.
- but with PSR factors, even if I convert "not concerned, weak, moderate, high" appreciations in numbers, sorry but it is not a more credible quantitative basis !

* I agree... even ISO 45001 does not speak of "qualitative and quantitative" about methodologies used for risks assessment.

I think your problem is a communication issu with your OS&HMS audit (and certification...) provider, not an OS&H prevention issu for workers in your company.

Thanks for this discussion.

Have a nice day.
Last edited:


Starting to get Involved
I'd appreciate some other view points on this, as I really did not understand Henria's last post.

In the end, show me an example of a risk assessment carried out on the operation of a band saw (for example) without using numbers to determine levels of risk for the hazards identified. Then provide a full explanation how you can demonstrate compliance with clause .


Top Bottom