Closing existing gaps

The management system for safety and health at work (SGA-MS) ISO 45001:2018 is intended to ensure the prevention of work-related injuries and illnesses of employees and the provision of safe and healthy workplaces. The approach according to the proven Deming circle "Plan-Do-Check- Act" makes it possible to follow a systematic procedure.

Different starting positions of the companies
The requirement for a risk assessment has become increasingly important with all new management system standards such as ISO 9001:2015 (quality management system) and ISO 14001:2015 (environmental management system) and serves the purpose of prevention. Measures in the sense of prevention are taken on the basis of the identified risks. Companies that are already certified according to one of these management systems are less affected by this same requirement from ISO 45001 than those that have not yet introduced one of these management systems. The question also arises as to how thoroughly the company has dealt with the risk assessments. The starting position is therefore very different.

Implementation in the company on the basis of risk assessments
As far as implementation is concerned, according to Art. 6 VUV, employers are responsible for ensuring that all workers employed in their company "[...] are informed about the hazards occurring during their activities and are instructed about the measures to be taken to prevent them". In order to be able to implement this legal requirement, risk assessments are necessary. In practice, despite industry solutions in accordance with EKAS 6508, risk assessments are sometimes lacking, incomplete or outdated. On the one hand, in such cases, it is a matter of updating the risk assessments and, on the other hand, deriving the remaining system elements from them: for example, a risk analysis that allows an appropriate focus on the relevant hazards up to the level of the management and thus enables appropriate target formulations, measures and directives.

The change to the internationally recognized ISO 45001
Companies that have already introduced a management system in accordance with OHSAS 18001 will mainly experience selective adjustments as a result of the change to ISO 45001:2018. The situation is different for companies that have not yet fully implemented the EKAS Guideline 6508. In addition to the topic-specific additions to the management system, for these companies it is necessary to complete the management system itself, to place the risk assessment on the basis of the hazard determinations and to implement the whole thing in operation and monitoring.

Two examples are presented in the following list (see diagrams). Both companies are certified according to ISO 9001:2015 and ISO 14001:2015, but have different maturity levels in the SGA area. The scale 0-100 % shows the degree of compliance with the standard requirement, 75 % roughly indicates the certification maturity. The standard requirements are listed according to their chapter numbering.

Company with insufficient implementation of the industry solution in accordance with EKAS 6508
Gaps to ISO 45001 exist in the area of

(a) Context, interested parties
b)Management system
c) Leadership and commitment
d)Consultation and participation of employees
(e)hazard investigations
f)Competence and awareness
g)Operational planning and control
h)Management assessment (risk reference)
i)Corrective measures (risk reference)

Identified strengths are in the areas of resource availability, contingency planning, and

Company with certificate according to OHSAS 18001
Gaps to ISO 45001 exist in the area of

(a) Context, interested parties
b)Leadership and commitment, policy
(c) consultation and participation of employees
d)Resources, awareness
e)Operational planning and control
f)Corrective measures

Identified strengths are in the areas of organisation, communication, documentation, monitoring and measurement.

Conclusion
Based on the initial situation, a rough estimate can be made of the upcoming effort. In order to take into account the different strengths and gaps, it is also advisable to conduct a gap analysis with regard to the standard requirements of ISO 45001:2018.