ATOL Articles

Explaining ISO 45001:2018 Clause 5.2 Policy

Written by Jackie Stapleton | 4 December 2022 11:30:00 PM

In this article, I’m going to cover Clause 5.2 OH&S Policy, which of course is all about the OH&S Policy. I’m going to break this clause down and turn it into something you can all understand. You will then be able to apply this to your own organization's system and understand what the requirements will look like for you. No more guessing! Keep on watching as I can show you just how easy this is!

 

Ok, let’s get started! You will note that this clause is in clause 5 Leadership, so it’s not something that is buried in the system. This means that Top Management is responsible. I’d better remind you who top management is then. The official definition for top management is … the person or group of people who directs and controls an organization at the highest level. I always say that top management is the decision-makers. Depending on the structure and size of the business, top management could be the owners, shareholders, board of directors, general manager, or even a project manager if the scope of the system is down to a project level only.

As mentioned previously it is top management who are responsible for establishing, implementing, and maintaining the OH&S policy. I always say that a policy is the high-level intent and commitment of the business. A policy isn’t supposed to tell you WHAT to do, it’s created to ‘set the standard’ of what the business is committed to achieving.

Before we move on, it is important to note that while it is not stated in this clause specifically, it is a requirement as per clause 5.4 that non-managerial workers are consulted when it comes to establishing the OH&S policy. So, their views are to be sought prior to any decision-making regarding the establishment of the policy. For more details be sure to check out the video for Clause 5.4 Consultation and participation on ATOL.tv.

The areas to be considered when establishing, implementing, and maintaining the OH&S policy are:

a) Includes a commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health and is appropriate to the purpose, size and context of the organization and to the specific nature of its OH&S risks and OH&S opportunities.

We determine the context of the organization in an earlier clause, Clause 4.1 – understanding the organization and its context. Be sure to check the video out for this on ATOL.tv if you need a reminder. This will help you to then align your OH&S policy with the context of the organization.

Now, this section also requires a commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health. Your policy can simply state this. This doesn’t mean just because you’ve mentioned it in your policy then you don’t need to do anything else of course! I would expect to see how you intend to meet this commitment throughout other areas in your OH&S management system. Like setting objectives, hazard identification, and then how you will eliminate or reduce these. This should filter all the way through your system and always be able to link back to this high-level commitment in your policy.

Then section b) states that the policy is to provide a framework for setting OH&S objectives. This is always a confusing one for most people. The requirement doesn’t mean that you have to list your objectives within the policy. All they are asking is for there to be a commitment or statement in the policy that demonstrates or documents the commitment to setting objectives. It could be as simple as stating...

We are committed to setting OH&S objectives that support our commitment to provide safe and healthy working conditions and are appropriate to the purpose, size and context of the business. The objectives are established, communicated, measured and reviewed at least annually or when changes to the business and system occur.

Something like that – You can see that this just simply explains the very high-level intention for the objective framework within your business.

Moving along to point c) now, where it states that the policy is to include a commitment to fulfill legal requirements and other requirements.

Further along in ISO 45001, there is actually a clause 6.1.3 Determination of legal requirements and other requirements. And then there is clause 9.1.2 Evaluation of compliance. Both of these clauses work together to identify what legal and other requirements are relevant, determine how they apply in the OH&S management system and then check whether they are being followed. You probably would have also identified which needs and expectations of workers and interested parties are or could become legal and other requirements way back in clause 4.2.

Moving along though, amongst these other clauses in the Standard, whatever requirements you identify and then action and check is more on the operational or DOING side. All the OH&S policy wants is a commitment to fulfill what you identify. It can be as simple a statement as ‘we are committed to fulfilling all legal requirements and other requirements identified as relevant to our activities, products, and services.'

Point d) states that the policy is to include a commitment to eliminate hazards and reduce OH&S risks.

Again, as the policy is a high-level intent it is quite acceptable to have a simple statement in your policy exactly along those lines – XYZ company is committed to eliminating hazards and reducing OH&S risks. Honestly, it can be as simple as that! You can even throw in an extra line that might give a brief overview of what this looks like which could be something like –

XYZ company is committed to eliminating hazards and reducing OH&S risks through a high level of consultation and participation with our workers aimed at continual improvement of our OH&S management system.

This leads me to the next point – point e) which states to include a commitment to continual improvement of the OH&S management systems. Look at what I’ve done in the previous point, I combined it all nicely together with the commitment to eliminating hazards and reducing OH&S risks, I’ve also thrown in consultation and participation all leading to continual improvement! Done!

And then the final point in establishing, implementing, and maintaining the OH&S policy is f) where it states to include a commitment to consultation and participation of workers, and where they exist, workers representatives. Sorry for repeating myself here but remember the example I gave you earlier (and above) – refer to that! I’ve combined this in one statement with the previous commitment requirements! 

Of course, it’s all well and good making all of these commitment statements. What you have to remember is that if you make the commitment then you have to back it up in your system. This isn’t about a warm and fuzzy policy being created and then forgetting about HOW you are going to demonstrate your commitment. Be very aware that ISO 45001 will throw more clauses at you where it WILL require you to figure out HOW you will meet these commitments. This is the brilliant thing about the Standard – every clause supports each other.

Now that you understand WHAT is included in the policy let’s look at HOW it is to be communicated and made available. The first point states that the policy is to be available as documented information.

Easy – write your OH&S policy up! It needs to be documented; we need to see it. It can’t just be in your head  Normally an OH&S policy is just one page. Remember it’s a high-level intent and commitment so there’s not a lot of detail or HOW to do things in the document. That’s why it is normally just one page.

Now the next point states that the policy is to be communicated within the organization. This is further backed up by clause 7.3 Awareness and 7.4 Communication further on in the Standard – be sure to check those out too. So once again this policy isn’t just documented to look pretty and create all warm and fuzzy feelings for you. It is required to be communicated – how, is up to you. The standard is not specific on this. Normally a policy is communicated within the organization by being displayed at the reception, on a noticeboard, and as a part of staff induction and training.

Next up the policy is also to be available to relevant interested parties, as appropriate

These interested parties are what you would have identified as a part of clause 4.2 Understanding the needs and expectations of interested parties. If you need a reminder of the requirements of clause 4.2 be sure to check the video out on ATOL.tv. We have already touched on this in the previous point when communicating within the organization, however, making the policy available to external interested parties could be managed by having the policy available on your company website or including it in tenders. It is up to the organization to determine the best method to make the policy available to interested parties based on what communication channels you already currently use with them.

Then finally the OH&S policy is to be relevant and appropriate. Interesting – relevant and appropriate to what? I would say, relevant and appropriate within the scope determined as part of clause 4.3 Determining the scope of the OH&S management system. If you need a reminder of the requirements of clause 4.3 be sure to check out ATOL.tv for a refresher. Just briefly the scope is the boundaries and applicability of your OH&S management system – so what activities, products, and services fall within your system? Therefore the OH&S policy inclusions should all be relevant and appropriate to the activities, products, and services determined as the scope of your OH&S management system. So basically, don’t download a random OH&S policy off the internet and think that it will work for your system.

Well – I think I’ve talked this one through. I know there’s a lot to take in and thanks for sticking with me till the end.

Learn even more by completing a qualification in one of our ISO 45001 courses.