In this article, I’m going to cover clause 6.1.1 generously called General which falls under clause 6.1 Actions to address risks and opportunities. I’m going to break this clause down and turn it into something you can all understand. You’ll then be able to apply this to your own organization's system and understand what the requirements will look like for you. No more guessing!
Ok, let’s get started! Clause 6.1.1 General under Actions to address risks and opportunities in the first clause in the Planning section of ISO 45001. I know that the clause title of GENERAL doesn’t really explain much does it? What on earth does a clause titled “General” mean?
To be honest I don’t know what the ISO 45001 technical committee was thinking when they named quite a few clauses throughout the standard as General. I can see that clauses called General are always the first clauses in a sub-clause section which sort of explains it a bit, I guess? A general clause normally explains an overall expectation of what’s coming up.
Now, there are quite a few different elements to this subclause so I will break them down into smaller chunks and explain each part as I go.
This is an interesting clause as I think it’s actually pulling everything that you’ve learned and applied in two previous clauses to now take action – you know, do something about it. It also looks forward to what you will learn in clauses that are still coming up in Clause 6. ISO 45001 isn’t just all talk and no action!
The subclause 6.1.1 starts off with stating that:
When planning for the OH&S management system, the organization shall consider the issues referred to in 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its OH&S management system) and determine the risks and opportunities that need to be addressed.
I want to reflect back on exactly what this statement is saying. What I do want to point out, is that this is referring back to clause 4.1 Understanding the organization and its context, clause 4.2 Understanding the needs and expectations of interested parties and clause 4.3 Determining the scope of the OH&S management system. Now of course before you can action any of these requirements you should have implemented the requirements for clauses 4.1, 4.2, and 4.3 so you DO have an understanding of the requirements identified. I’ve covered these requirements in previous videos so be sure to check these out on ATOL.tv if you need a refresher!
As a result of completing the requirements for clauses 4.1, 4.2, and 4.3 you will have identified risks and opportunities to the business and to the quality management system.
So now clause 6.1.1 wants you to recognize those risks and opportunities and put some actions in place to manage them (as per the rest of this clause).
The next section states ...
- a) give assurance that the OH&S management system can achieve its intended outcomes.
- b) prevent, or reduce, undesired effects
- c) achieve continual improvement.
These actions we put in place are so we can improve our performance within the OH&S management system and manage risks to mitigate any impacts but also leverage the opportunities all the while moving towards continual improvement.
This clause then goes on to state that When determining the risks and opportunities for the OH&S management system and its intended outcomes that need to be addressed, the organization shall take into account:
- - Hazards (see 6.1.2.1)
- - OH&S risks and other risks (see 6.1.2.2)
- - OH&S opportunities and other opportunities (see 6.1.2.3)
- - Legal requirements and other requirements (see 6.1.3)
This is now saying that not only will you have identified risks and opportunities as a result of the output from clauses 4.1 context and 4.2 interested parties, it is expected that you will identify more risks and opportunities as a result of working through the requirements of these clauses that you’re yet to come across in the standard – clauses that follow this one, which are – and I’ll repeat them for you:
Now I’m not going to go into the requirements of these clauses here, but you can certainly take a look at ATOL.tv to find out what I have to say about each of these clauses.
All of these risks and opportunities that you identify as a result of actions from other clauses in ISO 45001 now need actions to address them. These actions may look like new processes, new equipment, training, new technology, setting objectives, and putting on new team members or contractors. Whatever is needed to action these risks and opportunities will just be a part of your business and OH&S system.
This clause then goes on to state that
The organization, in its planning process(es), shall determine and assess the risks and opportunities that are relevant to the intended outcomes of the OH&S management system associated with changes in the organization, its processes or the OH&S management system.
Now, remember that the higher risks should get the most attention from you. The opportunities that have the potential for the biggest growth or improvement of the system should get the most attention from you.
It is then stated in this clause that:
In the case of planned changes, permanent or temporary, this assessment shall be undertaken before the change is implemented (see 8.1.3).
And 8.1.3 is Management of change. Be sure to check out clause 8.1.3 to understand the full picture of managing change in your OH&S system. The key thing that stands out to me in this section is that they are referring to permanent and temporary changes, so if your business or its activities do change an assessment is to be undertaken BEFORE the change is implemented. This is proactive hazard identification and risk assessment.
I wonder where we find this in ISO 45001? I know – Clause 6.1.2.1 Hazard identification, clause 6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system and never forget opportunities – clause 6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system. Be sure to check those clauses out to find out more!
Now to finish off this clause it is stated that:
The organization shall maintain documented information on:
- - risks and opportunities
- - the process(es) and actions needed to determine and address its risks and opportunities (see 6.1.2 to 6.1.4) to the extent necessary to have confidence that they are carried out as planned.
Which leads me to ask the question What would this look like in your OH&S management system? Now that I’ve broken this clause down, what are we looking for in this documented information requirement?
I mentioned some of these actions earlier on as examples which were:
- new processes
- new equipment
- training
-new technology
- setting objectives
- putting on new team members or contractors
So as auditors, we would see these actions as documented or visible evidence as part of the audit.
Now, is that normally all that you would see? To be honest no. What is quite common to see is a risk register of some description. The risks and opportunities identified as part of the output from clause 4 and clause 6 (all of the clauses referenced so far) could be documented in the risk register and then a risk assessment completed in the register followed by the planned actions. I did mention a risk assessment earlier so that you could define the highest risks and the most productive opportunities to focus your time and effort on.
Now that I’ve explained all of these requirements, can you see more clearly how you could action and demonstrate these actions in your management system?
Most importantly - keep it real. Follow a process that aligns most with how your business works currently.
Learn even more by completing a qualification in one of our ISO 45001 courses.