Ansi aiha asse z10 2012

Safety Management Peer-Reviewed

Z10-2012 An Overview of the Occupational Health & Safety Management Systems Standard

By Fred A. Manuele

On July 25, 2005, ANSI approved a newstandard titled Occupational Health andSafety Management Systems (OHSMS). Its designation was ANSI/AIHA ZlO-2005. That was a major development. For the first fime in the U.S., a national consensus standard was issued for a

I N B R I E F •The 2012 version of Z1Ü encourages employers to integrate safety-related systems within all other business processes. •While management commitment is stressed, the standard places particular emphasis on employee par- ticipation and the importance of their feedhack for improvement in systems and processes. •A significant "shall" addition to the standard requires that top management have systems in place to assess risk. •Safety issues to he recognized, prioritized and resolved are defined as hazards, risks and management system deficiencies.

safefy and health management system applicable to organiza- tions of all sizes and types.

Per ANSI requirements, stan- dards are reviewed every 5 years to be revised or reaffirmed. AIHA, then-secretariat, formed a commiftee to review ZIO. The outcome of its work was a revised standard approved on June 27, 2012. Its designafion was ANSI/AIHA ZlO-2012. Shortly after approval, secre- tariat was transferred to ASSE.

All persons who give coun- sel on occupational safety and health management systems should own a copy of this standard and be thoroughly famuiar with its content. The 2012 version refiects significant

changes and contains valuable support informafion in the advisory column and the appendixes.

• Fred A. Manuele, P.E., CSP, is president of Hazards Ltd., the company he formed after retiring from • Marsh & McLennan where he was a managing director and manager of M&M Protection Consultants. I His safetv' experience spans several decades. Manuele's books Advanced Safety Management: Focusing on " ZIO and Serious Injury Prevention, and On the Practice of Safety have been adopted for several graduate

and undergraduate safety degree programs. He is also author of Innovations in Safety Management: Ad- dressing Career Knotuledge Needs and Heinrich Revisited: Truisms or Myths and coeditor of Safety Through Design. He was chair of the committee that developed ANSI/ASSE Z590.3, Standard for Prevention Through Design—Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes. Manuele is an ASSE Fellow and received the Distinguished Service to Safety Award from NSC. He has served on the hoard of directors for ASSE, NSC and BCSP, which he also served as presi- dent. In June 2013, BCSP honored Manuele with a Lifetime Achievement Award.

4 4 ProfessionalSafety APRIL 2014 www.asse.org

The standard provides senior management with a well-conceived concept and action outline for a safety and health management system. As em- ployers make changes to meet fhe standard's re- quirements, it can be expected that occupational injuries and illnesses will be reduced.

To identify differences and to develop a pri- oritized improvement plan, SH&E professionals should conduct a gap analysis to compare the el- ements in existing safety programs, processes or systems with the requirements in ZIO. That com- parison should be followed by a priorifized acfion plan for confinual improvemenf.

Participation: Consensus More than 40 safety professionals served on the

committee that crafted the 2012 version of ZIO. They represented indusfry, labor, government, business associations, professional organizations, academe and persons of interest.

The ZIO committee adhered strictly to the due diligence requirements applicable to development of an ANSI standard. A balance of stakeholders provided input and open discussion, which resulted in the group vetfing each issue that was raised to an agreed-upon conclusion.

In crafting the current version of ZIO, the intent was to present management system requirements that when effecfively implemented would not only

achieve significant safety and health benefits, but also have a fa- vorable effect on productivity, fi- nancial performance, quality and other business goals. The stan- dard is built on the well-known plan-do-check-act (PDCA) pro- cess for continual improvement.

Many companies have issued safety policy statements in which they indicate their intent to com-

I Figure 1

I Plan-Do-Check-Act Concept ply with or exceed all relative laws and standards. Those employers, particularly, will want to imple- ment the ZIO provisions that are not part of their current safety and health management systems.

A Major Theme Throughout all sections of ZIO, from man-

agement leadership and employee participation through the management review provisions, a key theme is prominent: Processes for continual im- provement are to be in place and implemented to ensure that:

•hazards are identified and evaluated; •risks are assessed and prioritized; •management system deficiencies and opportu-

nities for improvement are identified and addressed; •risk elimination, reduction or control measures

are taken to ensure that acceptable risk levels are attained.

In relation to this theme, the following terms as defined by the standard are particularly applicable.

•Hazard: A condition, set of circumstances or inherent property that can cause injury, illness or death. •Exposure: Contact with or proximity to a haz- ard, taking into account duration and intensity. •Risk: An estimate of the combination of likeli- hood of an occurrence of a hazardous event or exposure(s) and severity of injury or Illness that may be caused by the event or exposures. •Probability: The likelihood of a hazard causing an incident or exposure that could result in harm or damage for a selected unit of time, events, population, items or activity being considered. •Severity: The extent of harm or damage that could result from a hazard-related incident or exposure. •Risk assessment: Process(es) used to evalu- ate the level of risk associated with hazards and system issues. (ANSI/AIHA/ASSE, 2012)

The definitions are repeated in Appendix E, which provides guidance on risk assessment. Although ac- ceptabie risk is not a term included in the standard's definitions, it is made clear in several places that the goal is to achieve acceptable risk levels. Eor exam- ple. Section 6.4, Corrective and Prevention Actions, clearly states that an organization is to have process- es in place to ensure that acceptable risk levels are achieved and maintained. Appendix F states, "The goal of the risk assessment process including the steps taken to reduce risk is to achieve safe working conditions with an acceptable level of risk."

ZIO Is a Management System Standard ZIO is a management system standard, not a

specification standard. What is the difference? A management system standard provides process and system guidelines for a provision without specifying the details on how the provision is to be carried out. A specificafion standard contains those details.

ZIO Section 5.2B illustrates the difference: Section 5.2: Education, Training, Awareness and Competence. The organization shall estab- lish processes to:

Improve employee H&S

productivity satisfaction

Continual I Improvement

Reduce hazards

risks incidents

comp costs lost time

3.0 Policy Management Leadership & Employee Participation

B. Ensure through appropriate education, training or ether methods that employees and contractors are aware of applicable OHSMS re- quirements and their importance are competent to carry out their responsibilities as defined in the OHSMS. (ANSI/AIHA/ASSE, 2012)

That is the extent of the "shall" requirements for Section 5.2B. The explanatory part of the standard contains comments on subjects for which training should be given, such as safety design, incident in- vestigafion, hazard identificadon, good safety prac- tices and the use of PPE. However, those comments are advisory and not a part of the standard.

If ZIO were written as a specificadon standard, requirements comparable to the following might be extensions of 5.2B.

a) At least 12 hours of training shall be given ini- tially to engineers and safety professionals in safety through design, to be followed annually with a minimum of 6 hours of refresher materials.

b) All employees shall be given a minimum of 3 hours training annually in hazard identification.

c) All employees shall be given a minimum of 4 hours draining annually in the use of PPE.

d) All training activities conducted as a part of this provision shall be documented and records shall be retained for a minimum of 5 years.

Compatibility & Harmonization One goal of the ZIO committee was to ensure that

it could be easily integrated into any management system an organization has in place. That goal was met. As to structure, the standard is compadble and harmonized with quality and environmental man- agement system standards—the ISO 9000 and ISO 14000 series at the time of the approval of ZIO.

Employment Implications A brief verbal survey of safety degree program

professors was conducted to determine what quali- fications were being stressed by human relations personnel when they visited campuses to recruit. The survey found that they want candidates who are equipped with the knowledge and skill to give coun- sel on many of the provisions in ZIO. In that respect, safety professionals should give particular attention to certain provisions. Those provisions are in sec- tions: 4.0, Planning; 5.0, Implementadon and Op- eradons; and 6.0, Evaluadon and Corrective Action.

The Z10-2012 standard is built on the well-known plan-do-check-act process for con- tinual improvement. It provides senior management with a well-conceived concept and action outline for a safety and health manage- ment system.

www.asse.org APRIL 2014 ProfessionalSafety 4 5

4 6 ProfessionalSafety

In summary, those sections state that employers shall establish and implement processes to:

•Identify and control hazards in the design pro- cess and when changes are made in operations. This requires safety design reviews for new and altered facilities and equipment.

•Have an effective management of change sys- tem in place through which hazards and risks are identified and evaluated in the change process.

•Assess the level of risk for identified hazards for which knowledge of risk assessment methods will be necessary.

•Utilize a prescribed hierarchy of conh-ols in dealing with hazards to achieve acceptable risk lev- els for which the first step is to attempt to design out or otherwise eliminate the hazard.

•Avoid bringing hazards into the workplace by incorporating design and material specifications into procurement contracts for facilifies, equip- menf and materials.

Certification impiications Provisions in ZIO have a direct relationship to

the content of the CSP examinafions. Those exami- nations are reviewed about every 5 years to ensure that they are current with respect to what safety professionals actually do. In that review process, safety professionals are asked fo describe the con- tent of their work at the time the survey is made.

The author compared the content of the Com- prehensive Practice Examination Guide issued by BCSP in 2011 with that issued in 2006. Substan- tial changes were made in the later edifion, many of which relate to principle requirements of ZIO. For example, a domain in fhe sixth edition is de- voted entirely to hazard identification and analy- sis and risk assessment. It is the centerpiece of the examination. Knowledge requirements for safety through design and management of change are more extensive as well.

ZIO represents sound, current practice. Having knowledge of and experience with its provisions is required to pass the CSP examination.

Continuai improvement: The PDCA Concept ZIO is built on the well-known PDCA process

for continual improvement. Understanding this process is necessary to effecfively implement the standard. The introducfion to ZIO includes a chart based on the PDCA concept that emphasizes con- tinual improvement.

Throughout the standard, the words process, pro- cesses, systems and continual improvement are often repeated. ZIO emphasizes a continual improvement approach. As noted, the standard outlines the pro- cesses to be put in place to have an effecfive safety and health management system, not the specifics. Each organization must determine process specifics based on its unique hazards and risks.

A Review of the Standard's Provisions Brief comments are made here to provide an

overview of the standard's major sections. With respect to these remarks, keep in mind that ZIO is

APRIL 2014 www.asse.org

presented in two columns. The standard is in the left column; the explanatory and advisory material is in the right column—the E column.

As is common in ANSI standards, requirements are identified by the word shall. An organization that chooses to conform to the standard is expected to fulfill the shall requirements. The word should is used to describe recommended practices or give an explanation of the requirements.

Numerous recommended practices and advisory comments are included in the E column and in the appendices to assist in the implementation of the standard; they are not requirements.

Section 1.0 Scope, Purpose & Application Section 1.1 Scope defines the minimum require-

ments for OHSMS. According to the advisory data for the scope, the intent is to provide a systems ap- proach for continual improvement in safety and health management, and to avoid specifications. Furthermore, the writers recognized the unique- ness of the culture and organizational structures of individual organizations and the need for each entity to "define its own specific measures of per- formance."

Section 1.2 Purpose indicafes the primary pur- pose of the standard: To provide a management tool to reduce the risk of occupational injuries, ill- nesses and fatalities.

Section 1.3 Application states that the standard is applicable to organizations of all sizes and fypes. ZIO contains no limitations or exclusions by indus- try, business type or number of employees. The introduction and advisory column comments op- posite Section 1.3 state that the standard's structure allows integration with quality and environmental management systems. Doing so is a good idea.

Section 2.0 Definitions As is typical in ANSI standards, certain terms are

defined as used in the standard. Safety profession- als should become familiar with them.

Section 3.0 Management Leadership & Employee Participation

Section 3.0 is the standard's most important sec- tion. Safety professionals will surely agree with the premise that top management leadership and effective employee participation are crucial for OHSMS success. Top managemenf leadership is vital. An organization's safefy culture derives from decisions made at that level. And, continual im- provement cannot be achieved without effective direction from management. Key statements in the shall column of the standard follow:

3.1.1 Top management shall direct the organi- zation to establish, implement and maintain an OHSMS. 3.1.2 The organization's top management shall establish a documented occupational health and safety polioy. 3.1.3 Top management shall provide leadership and assume overall responsibility.

3.2 The organization shali esfablisii a process to ensure effective participation in the OiHSMS by its employees at aii ieveis.

As management provides direction and leader- ship, assumes responsibility for the OHSMS and ensures effecfive employee participation, it is im- portant to keep the standard's purpose in mind: To reduce the risk of occupational injuries, illnesses and fatalities. That will be best accomplished if person- nel understand that achieving acceptable risk levels is the desired outcome of every safety and health management process. Appendixes A, B and C pro- vide supporting data on policy statements, roles and responsibilities, and employee participation.

Section 4.0 Planning In the PDCA process, planning is the first step.

As would be expected. Section 4.0 Planning sets forth the planning process to implement the stan- dard and to establish improvement plans. The goal is to identify and prioritize issues within a safefy managemenf system that need improvement. Those issues are defined as hazards, risks and management system deficiencies. Throughout, the standard emphasizes having systems and process- es in place to identify hazards and assess their ac- companying risk and to identify the management deficiencies related to them.

In the confinual improvement process, informa- tion that defines opportunities for furfher improve- menf in the OHSMS and, thereby, risk reduction, is fed back into the planning process for additional consideration.

Section 4.1 requires that a company conduct a comprehensive review to identify the differences between existing systems and the requirements of the standard. The review shall encompass: business and operational processes that are relative to the standard's requirements; operational issues men- tioned in the planning section (hazards, risks and management system deficiencies); and allocation of the resources necessary to achieve and maintain an acceptable risk level; applicable regulafions and standards; content of risk assessmenfs made; man- agement system audits; and, as emphasized in the standard, the means established for employee par- ticipation and contribution.

Section 4.2 sets forth the requirements for as- sessment and prioritization.

The organization shaii establish a process to as- sess and prioritize OHSMS issues on an ongoing basis. The process shali:

A) Assess the impact on health and safety of OHSMS issues, and assess the ievel of risk for identified hazards;

B) Estabiish priorities based on factors such as the level of risk, pofenfiai for system im- provement, standards, regulations, feasibiiity and potenfiai business consequences;

C) identify underlying causes and other con- tributing factors related to system deficiencies that lead to hazards and risks.

Eollowing are excerpts from selected explanatory notes in sections 4.2A and 4.2B.

At E4.2A, the standard's writers offer advice on risk assessments and the factors that they should include, such as potential hazards and exposures; frequency of exposure; human behavior; controls in place and their effectiveness; and the potential severity of hazards (emphasis added for the last point).

At E4.2B, it is made clear the business results that may relate to fhe standard's application may include either increased or decreased productivity, sales, net income or public image.

Thus, employers need processes to identify and analyze hazards, assess the risks deriving from those hazards, and establish mifigation priorifies which, when acted on, will attain acceptable risk levels. Appendix D provides guidance on assess- ment and priorifizafion.

4.3 Objecfives, says: "The organizafion shall establish a process to set documented objectives, quantified where practicable, based on issues that offer the greatest opportunity for OSHMS im- provemenf and risk reduction."

4.4 Implementation Plans and Allocation of Re- sources follows logically in accord with a sound problem-solving procedure. After hazards, risks and shortcomings in safety managemenf systems have been idenfified and objectives have been out- lined, a documented plan must be established and implemented to achieve the objectives.

Item B in Section 4.4 says that an employer must assign adequate resources to achieve the objectives outlined in the implementation plans. It is an ab- solute fhat if adequate resources are not provided, acceptable risk levels cannot be maintained.

Section 5.0 Implementation & Operation This section defines the operational elements

that are required for implementation of an effective OHSMS. These elements provide the backbone of an OHSMS and the means to pursue the objectives from the planning process. Note the phrase "the backbone of an OHSMS."

5.1 OHSMS Operafional Elements are to be in- tegrated into the management system. A new and important addifion to ZIO appears in this section.

Section 5.1.1 Risk Assessment "The organization shall establish and implement

a risk assessment process (es) appropriate to the nature of hazards and level of risk."

Adding this shall provision reflects a worldwide trend emphasizing the importance of risk assess- ments. Appendix E provides a six-page overview of risk assessment and includes data on several techniques. Having knowledge of preliminary haz- ards analysis, what-if/checklist analysis, and failure modes and effecfs analysis and how they are ap- plied will satisfy most needs of safety professionals as they give counsel on risk assessment.

In applying hazard analysis and risk assessment techniques, SH&E professionals may use qualita- tive and quantitative methods. Mathematical cal- culafions required will not be extensive.

Appendix E also gives an example of a risk as- www.asse.org APRIL 2014

The standard emphasizes having systems and process- es in place to identify hazards and assess their accompany- ing risk and to identify the management deficiencies related to them.

ProfessionalSafety 4 7

sessment matrix. Most risk assessment matrixes set forth incident probability categories, severity of harm or damage ranges, and resulfing risk levels. Such a matrix can serve as a valuable instrument when working with decision makers to set risk lev- els and prioritize corrective actions. Variations in published risk assessment matrixes are substantial. A safety professional should customize the matrix to the organization's needs.

Section 5.1.2 Hierarchy of Controls Provisions for the use of a specifically defined

hierarchy of controls are outlined. The organiza- tion shall apply the methods of risk reducfion in the order prescribed. This is how the standard and the explanatory comments read.

The organization shali establish a process for achieving feasibie risk reduction based upon the following preferred order of controis:

A) elimination; B) substitution of less hazardous materials, processes, operations or equipment; C) engineering controls; D) warnings; E) administrative controis; F) personal protective equipment.

Sound l-nanagement principles shall be applied as decisions are made with respect to the hierar- chy of controls. Decision makers should consider the nature of the hazards and their accompanying risks; scope of risk reduction that must be achieved; necessity to adhere to applicable standards and regulations, both external and internal; what is considered good practice in the industry; available technology; and cost effectiveness.

A hierarchy is a sysfem of persons or things ranked one above the other. The hierarchy of confrols in ZIO provides a systematic way of considering sfeps in a ranked and sequential order to select the most effective means of eliminafing or reducing hazards and their risks. Acknowledging the premise that risk reducfion measures should be considered and taken in a prescribed order represents an important step in the evolution of the practice of safety.

Appendix G provides a pictorial and verbal dis- play of the hierarchy of controls listed in 5.1.1 with application examples for each elemenf.

Secfion 5.1.3 Design Review & Management of Change

The following excerpts indicate what ZIO requires for design reviews and managemenf of change. To repeaf for emphasis, these are shall provisions.

The organization shall establish a process to identify, and take appropriate steps to prevent or otherwise control hazards at the design and redesign stages, and for situations requiring management of change to reduce potential risks fo an acceptable level. The process for design and redesign and management of change shali include:

A) identification of tasks and related health and safefy hazards;

B) recognition of hazards associated with hu-

4 8 ProfessionalSafety APRIL 2014 www.asse.org

man factors including human errors caused by design deficiencies;

C) review of applicabie regulations, codes, standards, and internal and external recognized guidelines;

D) application of controi measures (hierarchy of controls. Section 5.1.2);

E) a determination of the appropriate scope and degree of fhe design review and manage- ment of change;

F) employee participation.

The Design Process The aufhor and others have long professed fhat

fhe mosf effective and economical way to achieve acceptable risk levels is to have the hazards from which the risks derive addressed in the design pro- cess. That is what this standard requires. It is an exceptionally important element in this standard. Impact of its application can be immense.

Management of Change Employers must have processes in place to identi-

fy and prevent or otherwise control hazards and re- duce the potential risks associated with them when existing operations, products, services or suppliers change. Getting effective management of change procedures in place is not easy.

The author's research shows that for all occupa- fions many incidents that result in serious injury occur when out-of-the-ordinary situations arise, particularly when unusual and nonroufine work is being performed and when sources of high energy are present (Manuele, 2008, p. 51; 2012, p. 166). Safety professionals should sfudy thoroughly the standard's management of change requirements to determine how they might promote the culture change necessary for their implementation. Apply- ing change management methods will be iiecessary.

Note that sections 5.1.3.1 and 5.1.3.2 are exten- sions of 5.1.3 Design Review and Managemenf of Change.

Section 5.1.3.1 Applicable Life Cycle Phases The provision in Section 5.1.3.1 says that an or-

ganization must consider the entirety of the life cycle of the subject being designed or redesigned.

At E5.1.3.1, the standard's writers advise that the design process may apply in all or some of the following: concept stages; preliminary design; detailed design; build or purchase process; com- missioning, installing and debugging processes; production and maintenance operations; and de- commissioning activity.

Section 5.1.3.2 Process Verification The organization shall have processes in place fo verify that changes in faciiities, documenta- tion, personnei and operations are evaluated and managed to ensure safety and healfh risks arising from these changes are controlled.

Section 5.1.4 Procurement Although the requirements for procurement are

plainly stated and easily understood, they are brief

in relation to the enormity of what will be required to implement them. An interpretafion of the re- quirements could be: "Safefy practitioners, you are assigned the responsibilify to convince manage- ment and purchasing agents that, in the long term, it can be very expensive to buy cheap." This is how the standard and fhe explanafory dafa read.

The organization shaii estabiish and implement processes to:

A) Identity and evaluate the potential health and safety risks associated with purchased products, raw materiais, and other goods and reiated services before introduction into the work environment;

B) Estabiish requirements for suppiies, equip- ment, raw materiais, and other goods and re- iated services purchased by the organization to control potentiai heaith and safety risks;

C) Ensure that purchased products, raw ma- teriais, and other goods and related services conform to the organization's health and safety requirements.

Appendix I provides guidance on the procure- ment process. Adding an element to an OHSMS designed to prevent bringing hazards into the workplace could have startling positive results in reducing the frequency and severify of hazardous incidents and exposures.

Section 5.1.5 Contractors Section 5.1.5 Contractors requires that an orga-

nization have processes in place to avoid injury and illness to its employees from activities of contrac- tors and to the contractor's employees from the organization's operations. Many enfities have such procedures in place.

One of the shall provisions indicates that the process is to include "contractor health and safety performance criteria." That implies, among other things, vetfing a contractor with respect to its previ- ous safety performance before awarding a contract.

Section 5.1.6 Emergency Preparedness To meet the requirements of the provision in sec-

fion 5.1.6, an organizafion must have processes in place to "to idenfify, prevent, prepare for and/or re- spond to emergencies." Also, an employer should conduct periodic drills to test the emergency plans, which are then updated.

Section 5.2 Education, Training, Awareness & Competence

An organizafion is required to determine the knowledge needed to achieve competence; en- sure that employees are aware of the OHSMS re- quirements; remove any barriers to participafion in education; ensure that training is ongoing and is delivered in a language trainees understand; and ensure that trainers are competent. This sec- fion has six alpha-designated provisions, three of which contain the words competence or competent. Thus, competence is emphasized. Employees and contractors are to be competent to fulfill their re- sponsibilifies. Trainers are to be competent to train.

These provisions are also applicable to contrac- tors. Interesfingly, both safety design and procure- ment are mentioned in the examples of training that should be given. This is how item E5.2A reads.

E5.2A: Training in OHSMS responsibilities should include, for example, training for: engineers in safety design (e.g., hazard recognition, risk as- sessment, mitigation, etc.); those conducting incident investigations and audits for identifying underiying OHSMS nonconformances; procure- ment personnel on impact of purchasing deci- sions; and others invoived with the identification of OHSMS issues, methods of prioritization and controis.

Section 5.3 Communication An organizafion is to insfitute processes to: com-

municate informafion about the progress being made on its implementation plan; ensure prompt reporfing of incidents, hazards and risks; promote employee involvement so that they make recom- mendations on hazards and risks; inform con- tractors and relevant external interested parties of changes made fhaf affect them; and remove barri- ers to all of the foregoing. With respect to contrac- tors, item E5.3D provides guidance as follows:

E5.3D: The work activities of contractors can pose additional hazards for both employees and others in the workpiace. Processes estabiished for consultation with contractors shouid ensure risks will be appropriateiy addressed using good OHS practices. This consuitation shouid include discussion and resoiution ot issues of mutual concern.

Section 5.4 Document & Record Control Process The standard specifies documentation require-

ments for certain systems in several places. Tliese processes should fit the requirements of the OHSMS in place. The advice given in the infor- mafional column at E5.4 is that the documentation procedures put in place should be commensurate with the size of an organization as represented by the number of employees, the complexity of opera- fions and its inherent hazards and risks.

Documents shall be updated as needed, legible, adequately protected against damage or loss, and retained as necessary.

Section 6.0 Evaluation & Corrective Action This section outlines the requirements for pro-

cesses to evaluate the performance of the safety management system, to take corrective action when shortcomings are found and to provide feed- back to the planning and management review pro- cesses. Communicafions on lessons learned are to be fed back into the planning process. The expecta- fion is that new objectives and acfion plans will be written in relafion to what has been experienced.

Section 6.1 Monitoring, Measurement & Assessment

The organization shaii estabiish and impiement a process to monitor and evaiuate hazards.

The most effective and economi- cal way to achieve acceptable risk levels is to have the hazards from which the risks derive addressed in the design process. That is what this standard requires.

www.asse.org APRIL 2014 ProfessionalSafety 4 9

r

I I

ZlO-2012 Table of Contents The ZlO-2012 table of contents provides a base for review and comparison with the safety management systems with which safety practitioners are faiTiiliar.

Table of Contents

Foreword

1.0 Scope, Purpose & Application 1.1 Scope 1.2 Purpose 1.3 Application

2.0 Definitions 3.0 Management Leadership & Employee Participation

3.1 Management Leadership 3.1.1 Occupational Health and Safety Management System 3.1.2 Policy 3.1.3 Responsibility and Authority

3.2 Employee Participation 4.0 Planning

4.1 Initial and Ongoing Reviews 4.2 Assessment and Prioritization 4.3 Objectives 4.4 Implementation Plans and Allocation of Resources

5.0 Implementation & Operation 5.1 OHSMS Operational Elements

5.1.1 Risk Assessment 5.1.2 Hierarchy of Oontrols 5.1.3 Design Review and Management of Change 5.1.4 Procurement 5.1.5 Contractors 5.1.6 Emergency Preparedness

5.2 Education, Training, Awareness and Competence 5.3 Communication 5.4 Document and Record Control Process

6.0 Evaluation & Corrective Action 6.1 Monitoring, Measurement and Assessment 6.2 Incident Investigation 6.3 Audits 6.4 Corrective and Preventive Actions 6.5 Eeedback to the Planning Process

7.0 Management Review 7.1 Management Review Process 7.2 Management Review Outcomes and Follow Up

Appendixes A) Policy Statements (Section 3.1.2) B) Roles and Responsibilities (Section 3.1.3) C) Encouraging Employee Participation (Section 3.2) D) Planning-Identification, Assessment and Pricritization (Section 4.0) E) Objectives/Implementation Plans (Section 4.3 and 4.4) F) Risk Assessment (Section 4.1 and 5.1.1) C) Hierarchy of Control (Section 5.1.2) H) Management of Change (Section 5.1.3) I) Procurement (Section 5.1.4) J) Contractor Safety and Health (Section 5.1.5) K) Incident Investigation Guidelines (Section 6.2) L) Audit (Section 6.3) M) Management Review Process (Section 7.1 and 7.2) N) Management System Standard Comparison (Introduction) O) Bibliography and References

New appendixes in the 2012 version are: E) Risk Assessment; I) Procurement; J) Contractor Safety and Health; M) Management of Change; N) Management System Standard Comparison. While the appendixes are not part of the standard, they can be helpful to those with implementadon responsibility.

risks and their controls to assess OHSMS per- formance. These processes shall include some or all of the following methods, depending on the nature and extent of identified hazards and risks: workplace inspections and testing; as- sessments of exposures; incident tracking; mea- suring performance in relation to legal or other requirements; or other methods selected by the organization. Results of the monitoring process- es shall be communicated as appropriate.

Section 6.2 Incident Investigation The standard says:

The organization shall establish a process to re- port, investigate and analyze incidents in order to address OHSMS nonconformances and other factors that may be causing or contributing to the occurrence of incidents. The investigations shall be performed in a timely manner.

One advisory comment highlights the value in feeding lessons learned from invesdgations into the planning and corrective action processes.

Section 6.3 Audits An organizadon shall:

Have audits made periodically with respect to application of the provisions in the OHSMS; en- sure that audits are made by competent persons not attached to the location being audited; doc- ument and communicate the results; have audi- tors communicate immediately on potentials for serious injuries or illnesses and fatalities sc that swift corrective action can be taken.

Audits are to measure the organizadon's ef- fecdveness in implemendng the OHSMS ele- ments. Thus, audits are to determine whether the management systems in place effectively identify hazards and control risks. Although many safety professionals are familiar with safety audit pro- cesses, they should review what the standard re- quires and determine whether it will be beneficial to revise their audit systems. Appendix E is helpful in this respect; it contains a sample audit protocol that matches all of the secdons of̂ ZlO.

In the advisory column, the standard's writers make clear that audits are to be system oriented rather than compliance oriented.

Also, and importantly, E6.3B comments on the independence of auditors. Whue it says that "au- dits should be conducted by individuals indepen- dent of the acdvities being audited," it also says that "this does not mean that audits must be con- ducted by individuals external to the organization."

Section 6.4 Corrective & Preventive Actions Revisions made in the 2012 version of ZIO are

substandal in this secdon. It defines what the or- ganizadon shall do to fulfill the provisions of this secdon.

The organization shall establish and implement corrective and preventive action processes to:

A) Address nonconformances and hazards that are not being controlled to an acceptable level of risk.

5 0 ProfessionalSafety APRIL 2014 www.asse.org

B) Identify and address new and residual haz- ards associated with corrective and preventive actions that are not being controlled to an ac- ceptable level of risk.

C) Expedite action on high-risk hazards (those that could result in fatality or serious injury/ill- ness) that are not being controlled to an accept- able level of risk;

D) Review and ensure effectiveness of correc- tive and preventive actions taken.

It is made clear that organizations must identify hazards, risks and shortcomings in management systems, and take corrective action to achieve ac- ceptable risk levels. Furthermore, the standard says that organizations are to expedite appropriate ac- tions on high-risk hazards.

Section 6.5 Feedback to fhe Planning Process Section 6.5 is a communication provision pertain-

ing to all shortcomings in the safefy management system. Its purpose is to provide a base for revision in the planning process. The standard says that the communication process established shall ensure a proper flow of fhe information developed in fhe monitoring and measurement systems, audits, in- cident investigations and in the corrective actions taken to those involved in the planning process to achieve continual improvement endeavors.

Section 7.0 Management Review This section requires that OHSMS performance

be reviewed periodically and fhat management take appropriate actions in response. The management review section and extensive advisory comments pertaining to it are must reads. As noted, the Man- agement Leadership and Employee Participation section is the most important in ZIO. The section on management review is a close second. Periodically reviewing management system effectiveness is an important part of the PDCA process.

Section 7.1 Management Review Process The organization shall establish and implement a process for top management tc review the OHSMS at least annually, and to recommend improvements to ensure its continued suitability, adequacy and effectiveness.

E7.1: Management reviews are a critical part of the continual improvement of the OHSMS.

Some subjects must be reviewed at least annually: progress in reducing risk; effectiveness of processes fo identify, assess and prioritize risk and system de- ficiencies; effectiveness in addressing underlying causes of risks and system deficiencies; the extent to which objectives have been met; and performance of the OFISMS in relation to expectations.

Section 7.2 Management Review Outcomes & Follow-Up

Section 7.2 requires that management determine whether changes need to be made in "the orga- nization's policy, priorities, objectives, resources or other OHSMS elements to establish the future direction of the OHSMS."

In accord with good man- agement procedures, se- nior management is expected to give direction to imple- ment the changes needed in OHSMS and processes to continually reduce risks. The standard requires that "results and action items from the management reviews shall be documented and communi- cated to affected individuals, and tracked fo completion." This provision gives the needed importance to the management review process. Action items are to be recorded, communicated to those affected, and fol- lowed through to a proper conclusion.

Advisory Content & Appendices ZIO provides exceptionally valuable explanatory

and supportive data in the advisory column and in the appendixes. Alpha-numerical pages 1 through 29 pertain to the standard's requirements and the advisory material. Pages 30 through 88 are devoted to the appendixes. That is about a 65% increase in the space devoted to appendixes compared to the 2005 version. A safety professional musf have a copy of the standard to appreciate the value of the guid- ance material and the appendixes.

Conciusion This revision to ZIO is important work. Prudent

safety professionals will sfudy the standard's re- quirements to determine whether additional skills and capabilities are needed and take steps to ac- quire those skills. Having done so, they will be equipped to guide on implementing safety man- agement system elements that may not exist in the organizations to which they give counsel. PS

References

ANSI/AIHA/ASSE. (20f 2). Americim national stan- dard for occupational health and safety management systems (ANSI/AIHA/ASSE ZlO-2012). Fairfax, VA: AfHA; Des Plaines, fL: ASSE.

ANSI/ISO/American Society for Quality (ASQ). (2000). American national standard for quality manage- ment systems—requirements (ANSI/ISO/ASQ Q9001- 2000). Milwaukee, Wf: American Society For Quality.

BCSP. (2011, Apdl). Tlie comprehensive practice exami- nation guide (6th ed.). Champaign, fL: BCSP.

Christensen, W.C. & Manuele, F.A. (Eds.). (1999). Safety tiiroiigh design. Itasca, IL: NSC.

International Organization for Standardization (ISO). (2004). Environmental management systems— requirements with guidance for use (ISO 14001:2004). Ceneva, Switzerland: Author.

Manuele, F.A. (2008). Advanced safety management: Focusing on ZIO and serious injury prevention. Hoboken, ^ NJ: John Wiley & Sons.

Manuele, F.A. (2012). On the practice of safety (4th ed.). Hoboken, NJ: John Wiley & Sons.

OSHA. (1992). Process safety management of highly hazardous chemicals (29 CFR 1910.119). Washington, DC: U.S. Department of Labor, Author.

ANSI/AIHA/ASSE ZlO-2012 Occupational Health and Safety Management Systems

ASSE is secretariat of the ZlO-201: standard. Learn more at www .asse.org/shoponline/products/ Z10_2005.php.

www.asse.org APRIL 2014 5 1

Copyright of Professional Safety is the property of American Society of Safety Engineers and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.