Requirements under OHSAS 18001 for the Control of Risks

[OzDave]

Hi there good folk. This site is a trully amazing site, so many people sharing their knowledge and experience - great to see.

I've trolled through the site trying to find an answer to what is probably a pretty simple question about 18001.

Clause 4.3.1 requires the identification of hazards, assessment of risks and determination of controls.

Clause 4.4.6 require the identification of operational controls.

As both of these clauses require the identification of controls, what's the difference between them (assuming there is a difference)?

Thanks

Dave

 

[Jen Kirley]

Re: Requirements under 18001 for the control of risks

Welcome to the Cove! You are among friends.

In the simplest of terms, 4.3.1 asks us to identify the hazards, and 4.4.6 asks us to define the controls to address the risks we identified as per 4.3.1.

Does this help?

 

[OzDave]

Re: Requirements under 18001 for the control of risks

Thanks Jennifer, I could understand the requirements if the standard said what you have suggested. Where I'm having some difficulty is that 4.3.1 doesn't just require the identification of hazards it also requires risk assessment and, more importantly to me at the moment, risk controls to be identified which appears to duplicate the requirements of 4.4.6.

The way I can rationalise it inside my own confused mind is that 4.3.1 requires the need for a control and the nature of the control (based on the hierarchy of controls) to be identified and 4.4.6 requires the details of the controls to be specified. Does that make sense to anyone else and would that be a correct interpretation of the standard?

 

[Randy]

Re: Requirements under 18001 for the control of risks

Thanks Jennifer, I could understand the requirements if the standard said what you have suggested. Where I'm having some difficulty is that 4.3.1 doesn't just require the identification of hazards it also requires risk assessment and, more importantly to me at the moment, risk controls to be identified which appears to duplicate the requirements of 4.4.6.

The way I can rationalise it inside my own confused mind is that 4.3.1 requires the need for a control and the nature of the control (based on the hierarchy of controls) to be identified and 4.4.6 requires the details of the controls to be specified. Does that make sense to anyone else and would that be a correct interpretation of the standard?

You've stumbled across why it is called a "System", one element helps to meet the requirments of another and or others

There is nothing confusing here...Identify hazards, determine risks associated with them, develop controls to manage the risks...

In the good old US of A quite a bit has already been done for ya by OSHA and it's free. Examples:

Use chemicals in the workplace?...Hazcom Program - 29CFR1910.1200
Hazardous waste handling?....Hazwoper - 29CFR 1910.120
Forklifts?.....Powered Industrial Trucks - 29CFR1910.170
so on and so forth....

Just follow the yellow brick road or this link..http://www.osha.gov/law-regs.html

The OSHA regs will tell you exactly what needs to be in your "controls" and OSHA even provides downloadable "controls" that you can freely adapt to your use

Nothing mystical here or complicated until you get a bunch of non-safety professionals providing advice

 

[somashekar]

Re: Requirements under 18001 for the control of risks

Thanks Jennifer, I could understand the requirements if the standard said what you have suggested. Where I'm having some difficulty is that 4.3.1 doesn't just require the identification of hazards it also requires risk assessment and, more importantly to me at the moment, risk controls to be identified which appears to duplicate the requirements of 4.4.6.

The way I can rationalise it inside my own confused mind is that 4.3.1 requires the need for a control and the nature of the control (based on the hierarchy of controls) to be identified and 4.4.6 requires the details of the controls to be specified. Does that make sense to anyone else and would that be a correct interpretation of the standard?

Yaa....4.3.1 is your planning and 4.4.6 is your implementation and operation of that planning .
You are going in the right order of the PDCA.

 

[OzDave]

Re: Requirements under 18001 for the control of risks

Thanks for the replies.

Somashekar, thanks for the confirmation I am going down the right track.

Randy, you're going to have to try a little harder if condescension is your aim.

Regards

Dave

 

[Paul Simpson]

Re: Requirements under 18001 for the control of risks

<snip>Randy, you're going to have to try a little harder if condescension is your aim.</snip>

Now, Dave you're just going to have to get used to l'il old Randy. His bark is worse than his bite but he just forgets that not everyone recognizes his 'tell it like it is' style and some may find it a bit condescending.

In his post there were a couple of gems that should help in your investigation.

• Randy mentioned the fact we are talking about systems. Now this is often difficult to describe in a standard but is totally appropriate when discussing O H & S and how an organization manages its risks.
• There are lots of interrelationship of elements (clauses) of a standard. So the purpose of going through a process of identifying hazards is to assess risks and identify controls to be implemented through a management system. So 4.3.1 has to link through to Objectives and programmes (4.3.3), Roles and responsibilities (4.4.1), Training needs (4.4.2), Communication (4.4.3), Documentation (4.4.4), Operational Control (4.4.6), Emergency response (4.4.7) etc.
• This results in a little duplication across the standard but reduced risks of people missing key requirements if they focus just on operational control (for example)

Hope this helps.

 

[OzDave]

Re: Requirements under 18001 for the control of risks

Thanks Paul, I am no stranger to H&S management systems having developed, implemented, monitored and maintained them in one form or another for more than 25 years. This, however, is the first time I have used the 2007 version of 18001 and I struggled and am still struggling with the duplication of requirements across different clauses and particularly those described in the initial post.

So just to clarify, I know what a HSMS is, how to develop one, how to integrate one, how to maintain one. I know how performance standards work having used a number of them. I am just a little confused over some asepects of this one (18001) because of the duplicated requirements.

Regards

Dave

 

[Randy]

Re: Requirements under 18001 for the control of risks

Thanks Paul, I am no stranger to H&S management systems having developed, implemented, monitored and maintained them in one form or another for more than 25 years. This, however, is the first time I have used the 2007 version of 18001 and I struggled and am still struggling with the duplication of requirements across different clauses and particularly those described in the initial post.

So just to clarify, I know what a HSMS is, how to develop one, how to integrate one, how to maintain one. I know how performance standards work having used a number of them. I am just a little confused over some asepects of this one (18001) because of the duplicated requirements.

Regards

Dave

Didn't really change from the 1999 revision or BS 8800 for that matter

Within your Australian regs you'll find stuff just like our OSHA (even better in some cases)

Didn't realize you weren't from the states... My Aussie mates from the '69-71 era were laid back