Information
ISO 45001:2018 Internal Audit
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
-
Summary
4 Context of the organization
4.1 Understanding the organization and its context
-
Industry Type or Sector
4.2 Understanding the needs and expectations of workers and other interested parties
-
Determine relevant interested parties to OH&S management system
-
Determine relevant needs and expectations of interested parties
-
Determine which of these needs and expectations are added to applicable legal and other requirements
4.3 Determining the scope of the environmental management system
-
The OH&S management system scope considers the following:
-
Physical boundaries and applicability
-
External and internal issues relevant to its purpose and objectives
-
Relevant needs and expectations of interested parties
-
Work related activities
-
OH&S MS scope is documented and available to interested parties
4.4 OH&S management system
5 Leadership
5.1 Leadership and commitment
-
Top management is identified
-
Top management demonstrates leadership and commitment
-
Taking accountability for OH&S management system effectiveness
-
Ensures OH&S nonconformities and opportunities are identified and action is taken
-
Ensures work related hazards and opportunities are systematically identified, OH&S risks and opportunities are evaluated and prioritized and action is taken to achieve risk reduction
-
Ensures OH&S management policy and objectives are established and are compatible with strategic direction and context of organization
-
Ensures OH&S management is integrated into organization's business processes
-
Ensures resources are available
-
Ensures that processes are established for the consultation and active participation of workers (and, as applicable, their representatives) in the establishment, implementation, maintenance and continual improvement of the OH&S MS, identifying and removing obstacles or barriers to participation
-
Communicates importance of effective OH&S management and of conforming to its requirements
-
Ensures intended outcomes
-
Directing and supporting persons to contribute to the effectiveness of the OH&S management system
-
Promotes continuous improvement
-
Supports other relevant management roles to demonstrate their leadership as it applies to their areas of respsonsibility
-
Promotes and leads a positive culture with regard to the OH&S management system
5.2 Policy
-
Establish, implement and maintain an OH&S management system policy
-
Appropriate to the purpose and context of the organization, including the nature of its OH&S risk and opportunities.
-
Provides a framework for setting OH&S objectives
-
Includes a commitment to satisfy applicable legal and other requirements
-
Includes a commitment to the control of OH&S risks through hierarchy of control
-
Includes a commitment to continual improvement of the OH&S management system
-
Includes a commitment to worker participation and consultation
-
OH&S Policy shall be maintained as documented information
-
OH&S Policy shall be communicated within organization
-
OH&S Policy is available to interested parties
-
OH&S Policy shall be reviewed periodically to ensure that it remains relevant and appropriate
5.3 Organizational roles, responsibilities, accountabilities and authorities
-
Responsibilities and authorities for relevant roles are assigned and communicated within the organization
-
Assign responsibility and authority to ensure OH&S MS conforms to the ISO 45001:2017 standard
-
Assign responsibility and authority for reporting to top management the performance of the OH&S
5.4 Participation, consultation and representation
-
Process has been established to ensure effective participation and consultation by workers at all levels and functions of the organization
-
With the mechanisms, time and resources to participate in, at a minimum, the processes of the OH&S MS
-
With the mechanisms, time, training and resources necessary to be consulted in, at a minimum, the process of developing policy
-
With timely access to clear, understandable and relevant information about the OH&S management system
-
Identifying and removing obstacles or barriers to participation and minimizing those that cannot be removed
-
Encouraging timely reporting and response to work-related hazards, OH&S risks, OH&S opportunities, incidents and nonconformities
-
Ensure that relevant external interested parties are consulted, when appropriate, about matters pertinent to the OH&S management system
6 Planning
6.1 Actions to address risks and opportunities
6.1.1 General
-
Determine if organization has established, implemented and maintains a process and that its OH&S management system can achieve its intended outcomes, prevent (or reduce) undesired effects and achieve continual improvement
-
Has the organization determined risks related to hazards and opportunities
-
Has the organization determined risks and opportunities related to applicable legal and other requirements
-
Has the organization determined and assessed risk and opportunities related to the operation of the OH&S management system that can affect the achievement of the intended outcomes
-
Verify documented information
6.1.2 Hazard identification and assessment of OH&S risks
-
Verify process to determine and assess hazards and opportunities in the workplace and to workers that takes into account
-
Routine and non-routine activities and situations
-
Emergency situations
-
People (workers, contractors and visitors) who have access to or are in the vicinity of the workplace and their activities and for workers who perform work-related activities at a location not under direct control of the organization
-
Organization's operations and activities including the design of work areas, processes, etc., changes in knowledge of hazards, situations occurring in the vicinity of the workplace or not controlled by the organization
-
Actual or proposed changes in the organization, its operations, processes, activities and OH&S management system
-
Past incidents, internal or external to the organization, including emergencies, and their causes
-
Applicable legal and other requirements
-
Effectiveness of existing controls
-
Consideration of the hierarchy of controls
-
Opportunities to eliminate or reduce OH&S risks and to adapt work to workers
-
Verify documented information
6.1.3 Determination of legal and other requirements
-
Verify process to identify and have access to up-to-date legal and other requirements that are applicable to its OH&S risks and management system
-
Determine how to apply and meet these requirements
-
Verify maintained and retained documented information
-
Applicable legal and other requirements, ensuring this documented information is updated to reflect changes
-
To show how compliance with its applicable legal and other requirements is achieved
6.1.5 Planning to take action
-
Organization shall plan actions to address its risks and opportunities
-
Organization shall plan actions to address applicable legal and other requirements
-
Organization shall plan actions to prepare for, and respond to, emergency situations, how to integrate and implement the relevant actions, including the determination and application of controls, into the OH&S management system
-
Organization shall plan how to evaluate the effectiveness of these actions and respond accordingly
6.2 OH&S objectives and planning to achieve them
6.2.1 OH&S objectives
-
OH&S objectives determined at appropriate levels and take into account the organization's significant environmental aspects and associated compliance obligations
-
OH&S objectives shall be:
-
Consistent with the OH&S policy
-
Measurable (if practicable)
-
Take into account applicable legal and other requirements
-
Take into account the result of any consultation with workers
-
Monitored
-
Communicated
-
Updated as appropriate
-
Verify the organization considered best practices, technological options, financial, operational and business requirements
-
Verify the organization arranged for the participation of workers
-
Verify documented information
6.2.2 Planning actions to achieve OH&S objectives
-
Organization shall determine:
-
What will be done
-
What resources will be required
-
Who will be responsible
-
When it will be completed
-
How the results will be evaluated
-
How the actions to achieve OH&S objectives will be integrated into the organization's business processes
-
Verify retained documented information on the OH&S objectives and plans to achieve them
7 Support
7.1 Resources
-
Organization determined and provide needed resources
7.2 Competence
-
Organization shall determine necessary competence of person(s) doing work under its control that affects its OH&S performance
-
Organization shall ensure that person(s) are competent on the basis of education, training, qualification or experience
-
Organization shall, where applicable, take actions necessary to acquire the necessary competence, and evaluate the effectiveness of the actions taken
-
Verify organization retains appropriate documented information as evidence of competence
7.3 Awareness
-
People doing work under the organization's control are aware of
-
the OH&S policy
-
their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance
-
the implications of not conforming with the OH&S management system requirements, including the consequences, actual or potential, of their work activities
-
information and lessons learned concerning relevant incidents
7.4 Information and communication
-
Verify internal and external communication process (what, when, with whom and how to communicate)
-
Verify how organization defines the intent to be achieved by informing and communicating, and shall evaluate whether the objectives have been met
-
Verify how the organization takes into account diversity (i.e language, culture, literacy, disability), where they exist, when considering its information and communication needs
-
Verify how it receives, maintains documented information on and responds to relevant communications
7.5 Documented information
-
Verify documented information is identified and described
-
Verify appropriate format (i.e language, software version, graphics) and media (i.e. paper, electronic)
-
Verify documented information is reviewed and approved
-
Verify documented information is available, suitable for use and is adequately protected
-
Verify documented information's distribution, access, retrieval and use
-
Verify documented information's storage and preservation
-
Verify retention and disposition
-
Verify access for workers
-
Verify control of changes
-
Verify documented information of external origin is identified and controlled
8 Operation
8.1 Operational planning and control
-
Determine organization has established operating criteria for the process(es)
-
Determine process controls that have been implemented
-
Verify processes to verify effective implementation of controls
-
Verify documented information about controls to have confidence that the processes have been carried out as planned
-
Verify covering situations where the absence of documented information could lead to deviations from the OH&S policy and the OH&S objectives
-
Verify process for achieving reduction in OH&S risk using the following Hierarchy of Controls
-
Elimination of hazard
-
Substitute with less hazardous material, process, operations or equipment
-
Use engineering controls
-
Use administrative controls including safety signs, markings, warning devices and safe system of work
-
Use personal protective equipment
8.2 Management of change
-
Plan and manage temporary or permanent changes to the OH&S management system do not have a negative impact by
-
Verifying the resolution of incidents and nonconformities
-
Verifying new products, processes or services at the design stage or re-design stage
-
Verifying changes in knowledge or information about hazards
-
Verifying changes to work processes, procedures, equipment, organizational structure, staffing, products, services, contractors or suppliers
-
Verifying developments in knowledge and technology
-
Verifying changes to applicable legal and other requirements
-
Verify process for implementation and control of planned changes.
-
Verify responsibilities and authorities for managing changes and their associated OH&S risks are identified
-
Verify the organization reviews the consequences of unintended changes and takes action to mitigate any adverse effects, if necessary
8.3 Outsourcing
-
Verify outsourced processes affecting its OH&S management system are controlled
8.4 Procurement
-
Verify controls for procurement, i.e. products, hazardous materials or substances, raw materials, equipment or services, conform to its OH&S management system
8.5 Contractors
-
Verify the organization's process to identify and communicate on the hazards, and to evaluate and control the OH&S risks, arising from the:
-
contractor's activities and operations to the organization's workers
-
organization's activities and operations to the contractor's workers
-
contractor's activities and operations to other interested parties in the workplace
-
Verify process where the requirements of the OH&S management system, or at least the equivalent, are met by the contractors and their workers (including criteria for selection of contractors)
-
Verify process for coordinating relevant portions of the OH&S management system with other organizations for multi-employer workplaces
8.6 Emergency preparedness and response
-
Verify the organization has established, implemented and maintained a process(es) for potential emergency situations
-
Verify the organization
-
identifies and plans for potential emergency situations
-
the preparation of a planned response to emergency situations
-
periodic testing and exercise of emergency response capability
-
periodically reviews and revises the process(es) and planned response actions, in particular after the occurrence of an emergency situation or test
-
provision of relevant information to all members of the organization, at all levels, on their duties and responsibilities
-
provision of training for emergency prevention, preparedness and response
-
communication of information to contractors, visitors, relevant emergency response services, government authorities and the local community
-
Organization shall take into account at all stages of the process the needs and capabilities of relevant interested parties and ensure their involvement
-
Verify documented information
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
-
Verify organization is monitoring and measuring its operations with identified hazards and OH&S risks and opportunities, operational controls and progress towards meeting OH&S objectives
-
Verify that calibrated or verified monitoring and measurement equipment is used and maintained, as appropriate
-
Determine what criteria against which the organization evaluates its OH&S performance
-
Verify how the organization analyzes, evaluates and communicates results
-
Verify when the monitoring and measuring shall be performed
-
Verify workers participate in these activities
-
Verify organization evaluates OH&S performance, determines the effectiveness of the OH&S management system and uses information during its evaluations
-
Verify process for evaluating compliance with applicable legal requirements and other requirements to which the organization subscribes
-
Verify how the organization determines frequency and method(s) by which compliance will be evaluated, evaluates compliance and takes action, if necessary, and how it maintains knowledge and understanding of its status of conforming with legal and other requirements
-
Review retained appropriate documented information
9.2 Internal audit
-
Verify audits are conducted at planned intervals
-
Verify organization has established, implemented, and maintains an internal audit program
-
Verify the importance of the environmental process, changes affecting the organization and the results of previous audits are considered
-
Verify audit criteria and scope are created for each audit
-
Auditors are objective and impartial
-
Audit results reported to relevant management
-
Review retained documented information
9.3 Management review
-
Verify management reviews EMS at planned intervals
-
Verify management review includes:
-
status of actions from previous management reviews
-
changes in external and internal issues relevant to the OH&S management system
-
changes in applicable legal and other requirements
-
changes in the organization's OH&S risks, risks and opportunities
-
the extent to which OH&S policy and objectives have been met
-
information on the organization's OH&S performance, including trends in
-
incidents, nonconformities, continual improvement and corrective actions
-
worker participation and consultation
-
monitoring and measurement results
-
audit results
-
results of evaluation of compliance
-
OH&S risks, risks and opportunities
-
relevant communication(s) from interested parties
-
opportunities for continual improvement
-
adequacy of resources
-
Outputs of management review shall include:
-
conclusions on the continuing suitability, adequacy and effectiveness of the OH&S management system
-
decisions related to continual improvement opportunities
-
decisions related to any need for changes to the OH&S management system, including resources needs
-
actions, if needed, when OH&S objectives have not been achieved
-
any implications for the strategic direction of the organization
-
Verify outputs of management review are communicated to its workers
-
Verify retained documented information
10 Improvement
10.1 Incident, nonconformity and corrective action
-
Verify how organization reacts to and incident or nonconformity by evaluating actions taken to control and correct it and how the organization deals with the consequences
-
Determine what actions are taken to prevent nonconformity from recurring
-
Verify participation of workers in the determination of root causes
-
Verify implemented actions and their effectiveness
-
Verify retained documented information that provides evidence of the nature of the nonconformity and any subsequent actions taken and the results of any corrective actions
-
Verify documented information communicated to relevant workers and relevant interested parties
10.2 Continual improvement
-
Verify process of how the organization continually improves
-
Verify workers are consulted in continual improvement process
-
Verify results of continual improvement is communicated to its workers
-
Verify retained documented information