Should Identified Hazards and Risks necessarily have Linkage with Legal Requirements?

S

samsung

#1
During a recent initial audit of OHSAS, the CB auditor insisted that the identified hazards and the associated risks must show linkage with the applicable legal/ regulatory requirements but I don't feel it's required by OHSAS 18001.

What's your opinion on this issue?

Thanks.
 
Elsmar Forum Sponsor

Stijloor

Staff member
Super Moderator
#2
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

During a recent initial audit of OHSAS, the CB auditor insisted that the identified hazards and the associated risks must show linkage with the applicable legal/ regulatory requirements but I don't feel it's required by OHSAS 18001.

What's your opinion on this issue?

Thanks.
Did the auditor cite a specific requirement?

Stijloor.
 
S

samsung

#3
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

Did the auditor cite a specific requirement?

Stijloor.
It was reported as a minor NC under clause 4.3.1 (i). We did have arguments over the requirements but the auditors didn't move. Finally we accepted the NC but under protest.
 

somashekar

Staff member
Super Moderator
#4
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

He is right from the planning angle of the OHSAS within the 4.3.1 i)
Depending on the hazard identified and risk assessed, certain type of incidents are reportable to the factories inspector in the prescribed format, and this control must be within the plan, if such risks are listed.
As I gather, a monthly return of accidents is to be submitted to the department, even if no accidents have occured (nil return) and perhaps this control can also be a part in the OHSAS planning as a part of legal obligation.
This again is a "shall"requirement as said in the 4.3.1
 
S

samsung

#5
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

He is right from the planning angle of the OHSAS within the 4.3.1 i)
Depending on the hazard identified and risk assessed, certain type of incidents are reportable to the factories inspector in the prescribed format, and this control must be within the plan, if such risks are listed.
As I gather, a monthly return of accidents is to be submitted to the department, even if no accidents have occured (nil return) and perhaps this control can also be a part in the OHSAS planning as a part of legal obligation.
This again is a "shall"requirement as said in the 4.3.1
In 14001, it's pretty clear that the applicable legal requirements need to be aligned with the identified significant aspects but as far as OHSAS matters, I'm not sure whether a similar requirement does apply.

Although our procedure (for Hazard Identification & Risk Assessment) does commit to take into account all the applicable legal requirements while carrying out the risk assessment and devising appropriate controls but so far we haven't linked those requirements to the identified hazards/ risks in much detail as expected by the auditor.

As you mentioned, incident reporting & submission of returns is addressed in compliance evaluation which the auditor found OK in terms of establishment of procedure as well as compliance in practice.
 

Paul Simpson

Trusted Information Resource
#6
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

He is right from the planning angle of the OHSAS within the 4.3.1 i)
Oh no he isn't. :nope: I'll cover this below with the excerpt from 18001. It is a common misconception and I have clashed with a few auditors who will swear blind that it is required. So - 'Show me the shall!'
Depending on the hazard identified and risk assessed, certain type of incidents are reportable to the factories inspector in the prescribed format, and this control must be within the plan, if such risks are listed.
This could indeed be the case but lets be clear: No legal obligation affects the identification of hazards and there is no requirement to cross refer to legisaltion in the hazard identification / risk control measures procedure (whether documented or not ;))
As I gather, a monthly return of accidents is to be submitted to the department, even if no accidents have occured (nil return) and perhaps this control can also be a part in the OHSAS planning as a part of legal obligation.
Again this may be a valid legal obligation and should be covered in the way the organization demonstrates it complies with legal reguirements (clause 4.5.2 of 18k)
This again is a "shall"requirement as said in the 4.3.1
OK, somashekar I'll be interested to see the shall! :)

18001 Clause 4.3.1. i said:
any applicable legal obligations relating to risk assessment and
implementation of necessary controls (see also the NOTE to 3.12);
So this requirement in clause 4.3.1 says that as part of the hazard identification and risk assessment process the organization needs to take into account the above. So if there is a legal requirement for risk assessment (as here in the UK) then your procedure (documented or not) must comply with that requirement.
 
S

samsung

#7
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

In principle, I agree with Boris :agree1:. 4.3.1 (i) does require that you take into account (planning stage) all the applicable "legal obligations relating to risk assessment & implementation of necessary controls". So if there is a legal requirement, e.g. for putting up an 'emergency shut off device' on a moving machine, you must specify it as one of the controls for minimizing the risk resulting from the moving machines.
 

somashekar

Staff member
Super Moderator
#8
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

Hi BorisS and Samsung.
No big disagreements with what has been explained. If you have indeed complied with your legal requirements, and the auditor has evaluated and agreed (as Samsung said : which the auditor found OK in terms of establishment of procedure as well as compliance in practice.)
Its perhaps for this the minor NC is written out as these are practised effectively, but do not appear in the planning. (Plan as I can see is the hazard and risk evaluation)
... and here is the "shall" ... in the OHSAS 18001:2007
4.3 Planning
4.3.1 Hazard identification, risk assessment and determining controls
The organization shall establish, implement and maintain a procedure(s) for the ongoing hazard identification, risk assessment, and determination of necessary controls.
The procedure(s) for hazard identification and risk assessment shall take into account:
 

Paul Simpson

Trusted Information Resource
#9
Re: Should the identified hazards/risks necessarily have linkage with legal requireme

Hi BorisS and Samsung.
No big disagreements with what has been explained. If you have indeed complied with your legal requirements, and the auditor has evaluated and agreed (as Samsung said : which the auditor found OK in terms of establishment of procedure as well as compliance in practice.)
Its perhaps for this the minor NC is written out as these are practised effectively, but do not appear in the planning. (Plan as I can see is the hazard and risk evaluation)
OK. As I understand it there is no non-compliance with the demonstration of compliance with legal requirements (4.5.2) but with the hazard identification and risk assessment process (4.3.1). So just for clarity it appears the auditor has misinterpreted 18k (as many do in my experience) to require a cross reference in the risk assessments to relevant legislation. There may be some benefit in doing so - up to the company to decide - but there is no NC with a requirment in the standard.

... and here is the "shall" ... in the OHSAS 18001:2007
4.3 Planning
4.3.1 Hazard identification, risk assessment and determining controls
The organization shall establish, implement and maintain a procedure(s) for the ongoing hazard identification, risk assessment, and determination of necessary controls.
The procedure(s) for hazard identification and risk assessment shall take into account:
Again thanks for these but there is nothing in there that says risk assessments must refer to relevant legislation. :nope:
 
Thread starter Similar threads Forum Replies Date
S Severity of 9 or 10 should be identified as Special characteristic? FMEA and Control Plans 10
J UDI-DI how should we interpret Device version or model to determine if a new UDI-DI is needed? EU Medical Device Regulations 0
Sidney Vianna Interesting Discussion Should ISO 9004 be changed from a guidance standard to a requirements standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A Should I take an online course for a career in Occupational Health and Safety? Career and Occupation Discussions 2
J Should a Class 1 medical device with an option to measure body weight be considered Class 1m? EU Medical Device Regulations 0
K Should APQP/PPAP has its own section in a QM? Quality Management System (QMS) Manuals 1
S What should i choose for "testing procedure" characteristics? (N95) General Information Resources 0
P Should eIFU link per ISO 15223-1:2016 be added to labels out of scope of Reg 207/2012? EU Medical Device Regulations 1
S Which Sampling Plan(s) Should I Use? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
A Document release vs its related training. Which should come first? ISO 13485:2016 - Medical Device Quality Management Systems 18
S Which department should prepare the control plan? could you show me a standard regarding to this matter. FMEA and Control Plans 17
J Help settle a disagreement: Should external providers of preventive maintenance be on your ASL? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
N Master Samples - What should we be keeping? IATF 16949 - Automotive Quality Systems Standard 9
G Supplier delivered recent PPAP, should he deliver yearly layout inspection? IATF 16949 - Automotive Quality Systems Standard 4
John Broomfield Vote - Should ISO9004 Become a Requirements Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
A Capability Study - in the beginning of your career what should you have known about the tool Quality Tools, Improvement and Analysis 11
J Should Loading and Unloading be Included in Cycle Times? Lean in Manufacturing and Service Industries 14
E Manufacturers should develop a testing device for covid19 Service Industry Specific Topics 0
T 510(k) submission - Which name should I use in the submission? Other US Medical Device Regulations 3
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G Should I perform Gage R&R only at the beginning of a new project? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
DuncanGibbons Should the requirements FAA/EASA Part 21 be addressed within the QMS and AS9100D quality manual? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
M Should 510(k) Predicates be Actively Listed Devices? Other US Medical Device Regulations 12
B Why the Greek god Hephaestus should have done a design FMEA (DFMEA) on his giant robot APQP and PPAP 1
J On PFMEA for danger labels - Label always should be assigned severity 10 ? FMEA and Control Plans 3
H Who should be listed as the manufacturer/distributor on the box? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
M MDR, RED and LVD - Should our device comply with them? EU Medical Device Regulations 3
BeaBea How Many Processes should be created for each Department? Process Maps, Process Mapping and Turtle Diagrams 5
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
S Should safety checks be included in the Control Plan? IATF 16949 - Automotive Quality Systems Standard 5
M Which incubation condition should be selected to recover both bacteria and fungus effectively Miscellaneous Environmental Standards and EMS Related Discussions 3
D Is there a specific location for PPE such as safety glass holders and glove dispensers should be mounted Occupational Health & Safety Management Standards 10
Robert Stanley Which Registrar Should I Choose for ISO 9001:2015 registration? Registrars and Notified Bodies 10
M Who should receive the bills from suppliers and vendors, account payable or procurement? Consultants and Consulting 4
V IATF 16949 8.4.1 Control of externally provided processes, products and services - Should the CB be on our Approved Supplier List? IATF 16949 - Automotive Quality Systems Standard 10
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
E Received a Major finding during IATF Surveillance audit for loss of BIQS Level 3 (more than 6 SPPS in 6 months)...how should we address SYSTEMIC CA? IATF 16949 - Automotive Quality Systems Standard 11
J Organization merger. Should we keep two separate ISO 13485 certificates? ISO 13485:2016 - Medical Device Quality Management Systems 6
S Companies that maintain your machine should be in ASL? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Use of "Shall" versus "Should" in Procedures ISO 13485:2016 - Medical Device Quality Management Systems 26
D Class II medical device - When should a complaint be closed? Customer Complaints 6
Sidney Vianna IATF 16949 News Presentations from the latest IATF Stakeholder Event - Expectation that IATF 16949 certification should equate with product quality. Misguided? IATF 16949 - Automotive Quality Systems Standard 7
L Clause 0.4 of ISO 9001 and EHS - Where should I stop the inclusion of EHS in my QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Ed Panek Part 11 Self Certify Memo - What else should it cover? Qualification and Validation (including 21 CFR Part 11) 5
H Should I mention machine/Equipment password In SOP? Qualification and Validation (including 21 CFR Part 11) 4
D How long should we keep the spare parts available for our medical device, after we have stopped the production? ISO 13485:2016 - Medical Device Quality Management Systems 0
H Statistical Techniques Procedure - What should be included Document Control Systems, Procedures, Forms and Templates 4
Q How should I analyze measurement correlation between me and customer? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 12
Sidney Vianna Interesting Discussion ISO 9001:2024 - What should be changed in the next Edition of ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 113

Similar threads

Top Bottom