ISO 45001 OH&S

Understanding ISO 45001:2018 Clause 5.3 Organizational roles, responsibilities & authorities

Jackie Stapleton 11 December, 2022

Understanding ISO 45001:2018 Clause 5.3 Organizational roles, responsibilities and authorities

In this article, I’m going to cover clause 5.3 Organizational roles, responsibilities, and authorities. I’m going to break this clause down and turn it into something you can all understand. You’ll then be able to apply this to your own organization's system and understand what the requirements will look like for you. No more guessing! Keep on reading as I can show you just how easy this is and what I think the keyword is in this clause! Without this keyword, the requirements can be challenging to meet.

Ok, let’s get started, the overarching or leading statement in this clause is Top Management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated at all levels within the organization.

There are those words again ‘Top Management’ – let me remind you who this is. The official definition of top management is …

The person or group of people who directs and controls an organization at the highest level. I always say that top management are the decision makers. Depending on the structure and size of the business, top management could be the owners, shareholders, board of directors, general manager or even a project manager if the scope of the system is down to a project level only.

Now that we’re clear with who top management is again let’s look back at what this clause says – it says that the responsibilities and authorities for relevant roles are assigned – so delegated, given to someone who has responsibility for them – communicated – so this could mean that these responsibilities and authorities are shared within the organization so everyone is aware who is responsible for what. This communication could be part of induction and training, or it could simply be available to view within the business like in position descriptions or organizational charts.

Now it is interesting that this clause does state that these responsibilities and authorities are to be maintained as documented information. This is quite different from ISO 9001:2015 and ISO 14001:2015 where they don’t stipulate that documented information is required to be maintained for this clause.

This does mean that you do have to have something documented to demonstrate these responsibilities and authorities. Remember though that this clause doesn’t say ‘you shall maintain position descriptions and organizational charts’ – it just says to assign and communicate and document. I’ve just given you an idea of what I normally see out there that businesses put together to meet this requirement – and that is position descriptions and organizational charts.

The leading paragraph also states that Workers at each level of the organization shall assume responsibility for those aspects of the OH&S management system over which they have control. Therefore, it may be beneficial to define the areas of control for workers at their different levels and roles – again, this could be documented in their position descriptions, couldn’t it? Just so it is clear where their responsibilities are. Responsibilities may also be documented in the Safe Work or Operating Procedures. Wherever is most relevant to the type of work and the system that you have in place.

There is then a note added right in the middle of this clause stating that While responsibility and authority can be assigned, ultimately top management is still accountable for the functioning of the OH&S management system. Absolutely! Yes, top management can delegate responsibilities and even authority however they still need to be aware of the effectiveness of the OH&S management system and be on top of what’s going well and what’s not going so well. Also getting involved in improvements and changes. This leads nicely to the last section of this clause where it DOES talk about assigning the responsibility and authority for certain ‘tasks’ you could say.

This section states that Top management shall assign the responsibility and authority for:

a) ensuring that the OH&S management system conforms to the requirements of this document (meaning the Standard itself).

Now, this just means that there is to be someone responsible and with authority to monitor and check that the system is being followed. This could be through internal audits or scheduled operational reviews. Whatever the business determines the monitoring and evaluation requirements are and how these will be performed.

And then there is point b) which states that there is also to be reporting on the performance of the OH&S management system to top management.

This makes sense as obviously if you are monitoring whether the OH&S management system conforms to the standard then there would have to be some objective reporting provided to top management to demonstrate the status of the system – is it conforming? Is it not? Where are the areas that it can improve? And so on.

Now, to finish off I wanted to point out that the other thing that stands out for me with this clause is the word authority. Yes, this is the word I mentioned was key to these requirements. You may have noted that the clause mentions responsibilities but in each instance, it also mentions ‘authority’.

You can have responsibility without the authority, however, when it comes to a management system and being responsible for conformance, maintenance, integrity, and reporting – without the authority to do this, it becomes very difficult to gain traction and most importantly implement change and improvement. I have seen this so many times in businesses. They have given this responsibility to a team member however they do not have the responsibility to issue findings or put forward changes and reinforce these changes with other workers. They are just scoffed at and taken far too lightly.

When this happens, nothing changes and the system stagnates or even declines. When you are looking at delegating and giving others responsibilities, also look at the authority you are giving them. This is the important part to ensure is assigned and communicated within the organization as well as externally where it is relevant.

Learn even more by completing a qualification in one of our ISO 45001 courses.