A debate on issues regarding the new ISO 45001:2018 standard adoption

The paper presents a debate on the implications of the ISO 45001 framework for management systems addressing occupational health and safety. The aim is to provide a comprehensive approach based on the ISO 45001 on safety culture and much more, for the nurture and development of the preventive one. First, the paper establishes a theoretical foundation for this initiative together with some practical considerations for implementation. Second, there will be presented an early feedback collected through a survey developed with managers from different companies located in the West Region of Romania about ISO 45001 implementation. The research conclusions underline that there is a lot of wisdom tucked away in the standard and that have been not yet understood and valorised; the results identify a new approach of what should be considered for the quality safety program and culture (as training and consultancy activities).


Introduction
Occupational health and safety (OHS) activity has started to be an emerging one in the context of sustainable health and safety concept development [1]. Furthermore, safety culture has evolved to the new concept of preventive safety culture (or prevention culture) which require a great effort of all levels managers to implement the safety regulations and standards for risk mitigation accompanying by a participatory management of OHS. The new OHS organizational practices are more focuses on employees' heath and quality of life, and to intense prevention of all known risks and the precaution application when a specific identified new or unknown risk (or hazard) [1,2]. Overall, it has been over two decades since the idea for an ISO standard on an OHS management system standard first arises. In 2018, after three failed attempts, the international community, has voted to develop what many consider is the most significant health and safety standard in the past 50 years. ISO 45001 is the result of five years effort which began in 2013 and end in 2018 with the standard approval and publication [3]. Practitioners, trainers, consultants and researches in the field of OHS have started an intensive debate about the new ISO standard. They continue to dialogue about the impact of the standard, global supply chain initiatives, and how voluntary standards such as ISO 45001 will play a significant role in creating solutions that cross borders organizations. While debate continues about the implications and properly application of the standard, there appears to be a strong consensus in the research and consultancy community that this is a real opportunity for the ISO 45001 to play an important role in addressing compelling global occupational safety and health issues [3,4,5,6].
In this context, the paper presents a debate on the implications of the ISO 45001 framework for management systems addressing occupational health and safety. The aim is to provide a comprehensive approach based on the ISO 45001 on safety culture and much more, for the nurture and development of the preventive one. First, the paper presents a theoretical foundation for this initiative. Second, there will be presented some practical considerations for ISO 45001 implementation. Third, there will be presented an early feedback collected through a survey developed with the support of some managers from different organizations located in the West Region of Romania about ISO 45001 implementation.

The theoretical foundation of the ISO 45001
The new ISO 45001 standard represents an important step for defining a unique OHS management system by integrating other management systems approaching, such as quality and environment, which are defined by ISO 9000, respectively by ISO 14000. It has been developed based on the British Standard BS OHSAS 18001, which is already popular for many organizations in Europe. The new standard has changed considerably the BS OHSAS 18001 by considering the issues of leadership and worker participation in OHS, being aligned with to the requirement of European legislation as the OHS Framework Directive 89/391/EEC. The standard uses the same management system structure and reflects the requirements identified by the International Labour Organization (ILO) guidance for OHS systems. Owing to this compatibility ISO 45001:2018 should build on all the success of OHSAS 18001 and allow the benefits to be enhanced and potentially integrated in other generic management system standards. It is plan that in 2021, OHSAS 18001 will be withdrawn leaving ISO 45001 the primary international OHS management system standard.
The main difference between ISO 45001 and the (ILO) guidelines on OHS management systems or most other standards is that employers cannot get a certificate that confirms that they comply with them. In Europe there are already existing national standards, some industries also have their own frameworks and certain standards (e.g., machinery standards) do have some semi-legal status but ISO 45001 has no legal status at all. The standards also do not guarantee that the employer is complying with health and safety regulations, or any other legal requirements and an employer cannot rely on achieving ISO 45001 certification as a way of automatically fulfilling their legal obligations. Employers must ensure that they follow the requirements of all national laws and collective agreements as well as the Framework Directive and all regulations made under it. In consequence, ISO 45001 is considered a supplementary standard which an employer may use to try to raise standards.
The proposed requirements and the operational principles of ISO 45001 can be applied directly in the workplace to support the management system, which is formed of processes for meeting its requirements, including risk management, provision of resources, performance measurement, and measurement, analysis and continual improvement. The ISO 45001 adoption is much easier if the organization has an existing ISO Management System (as ISO 9001 or ISO 14001), because some common processes will be in place. ISO 45001 is based on the PDCA cycle (Plan-Do-Check-Act cycle defined by Deming in 1950) which is common to many management systems and treats health and safety management as an integral part of good management generally, rather than a stand-alone system For a better understanding of the new OHS context of the management system development and implementation In Table 1 are summarized the ISO 45001 standard's chapters with some critical observations [4,5,6,7,8]. For the purpose of the present research there have been presented only few clause or chapters which has been subject of some questions in the experimental research. Table 1. Brief presentation of the ISO 45001 standard.

Chapter
Critical aspects and observations

Scope
It does not state specific criteria for OHS performance, nor is it prescriptive about the design of an OHS management system; poor OHS outcomes are not automatically a barrier to certification, so long as the management system is compliant. It does not address issues such as product safety or impact in the environment.

5
Leadership and worker participation Top management must take overall OHS responsibility and must be accountable if things go wrong (e.g., protect workers against reprisals for reporting incidents or near misses, support the establishment and functioning of OHS committees, make sure that everyone knows their roles and responsibilities, define OHS policy which must include a commitment to consultation and participation of workers and, where they exist, workers representatives). The standard has much stronger emphasis on "consultation and participation of workers" than the previous OHSAS 18001:2007 standard. The organisation must provide any time-off, training and resources necessary to ensure consultation, participation and must provide all relevant information about the management system; must remove any barriers to participation. The organisation cannot achieve ISO certification without full workforce involvement. The requirements to consult and to provide resources, training and information only covers the OHS management system and not all health and safety issues as the welfare one. There is no requirement to provide the training free or during working time; this could be a barrier to consultation and participation.

6
Planning It requires the organisation to determine the risks and opportunities for OHS and the management system, based on a pro-active process for hazard identification (e.g., including workload, working time, harassment, bullying etc.). Hazard identification must look at how work is done, not how it should be done, and learning from past incidents and be aware for potential emergencies are mandatory. The management system also must cover the risks to anyone who has access to the workplace, including contractors and the public. A risk assessment process must be defined and implemented. It is not mention how this is to be done and the organisation needs to define their methods and criteria depending on the hazards associated with their activities; limited details are given as guidance in the Annex. The clause talks a lot about "risks and opportunities", without clear mentioning if these are risks to the organisation or the management system, not to the workers or the public although risks and hazards for workers are also included in this section.
10 Improvement There is a requirement on the organisation to always seek to improve its performance and to keep documented information that shows they are doing this. They must promote the participation of workers on this and let workers and their representatives know the results of their continual improvement. To gain certification, an organisation must do more than legal compliance and demonstrate that they are continually improving their OHS management system and their performance. However, the detail on how it needs to be done is rather vague. What will be crucial is how this is measured in the audits, but it is important that workers and their representatives to emphasise the need for continual improvement to the management and ensure that they are fully complying.
The main role of the new standard is to serves as a useful tool to enable an organization to proactively improve its OHS performances. Considering the requirements of the standard clauses, an efficient implementation needs very good knowledge and compliance with all legal and normative requirements, a complete and up-dated risk assessment and a strong safety culture inside the organization. In implementation of the ISO 45001, the organization should not start from zero, but it should put in value the achievements that have been already attend, in term of OHS performance.
In brief, for the ISO 45001 standard implementation there have been suggested five action steps, as following [4][5][6][7]: (1) Perform an analysis of the organization's context that is relevant to OHS (e.g., SWOT or PESTLE analysis, stakeholders' interest analysis, gap analysis) by identifying and characterizing internal and external factors that might impact the business processes (on medium and long term); (2) Establish the scope of the system, considering what you would like your management system to achieve. This activity must be developed in a collaborative manner by the organization management team (consists of managers from all hieratical levels) and the external consultants or experts on OHS problems; (3) Establish the organization's OHS policy and objectives; (4) Define the time frame in which the organization's management wish to implement the new system and plan how to achieve this process in detail (Gantt graph, responsibilities and resources allocation, time scheduling, action plan including measures to be develop and implement etc.); (5) Determine any competence and/or resource gaps that need addressing before the standard implementation starts. This last step describes a permanent activity of the implementation team in the organization which is responsible to collect the gap and to elaborate measures for their elimination.

Experimental research
In the next section there will be briefly summarized an early feedback collected through a survey developed with the support of some managers from different organizations located in the West Region of Romania about ISO 45001 implementation (investigating if Romanian organizations are ready to adopt the new standard and if they recognized the benefits for their long-term development). The research has been developed in 2018, after the standard publication.
The research sample consists of 91 persons (46 directors, general managers, CEO) and 45 quality and OHS managers from companies that has an ISO certificates). The designed questionnaire has 13 close questions and the answers (respondents' opinions) of each were ranked using a Likert scale with four points (1 -I do not know; 2 -less; 3 -much; 4 -very much); in addition five questions were dedicated to demographic characterization of the subjects (gender, management position, age, dimension of the company where they operate and its industrial field of activity). The subject of the questionnaire refers to aspects regarding the impact of the new standard on companies' activity and the possibility to adopt it in the nearest future (questioning if they are already prepared to do it). The summary of the most relevant questions/responds, that have been processes with the SPSS software, are presented in Table 2 -6. Related to the data presented in Table 2, after excluding the responders that chose "I do not know" choice, no significant differences were found between management position regarding the improvement expectancy of professional competences related to current job, p=0.373. As can be seen in Table 2, most of the respondents (52.75%) know less about the content of the ISO 45001. Thus, external knowledge, training and consultancy are needed, or information materials provided by standardization and certification organizations. Probably, much knowledge will be gained from the partners in the supply chain, considering that most of the companies have international activity being part of the automotive industry supply chain.  Table 3. Opinions about the level of OHS risk-based thinking in companies -research results. The investigated aspect, shown in Table 3, is of main important for the implementation of ISO 45001 and it is part of the safety culture and the internal approach of defining and applying of a coherent risk management and systematic audits. As it can be seen from the results in Table 3, almost all the top managers express believe that risk-based thinking is very much implemented in their companies (86.96%), but the other managers opinion is less optimistic (71.11% much implemented). No significant differences were found between management positions regarding the level of OHS risk-based thinking in companies, p=0.112.

Responses by research sample structure Top managers Other managers Total
The results presented in Table 4 show different opinions between the two categories of managers when they appreciate the already implemented OHS activities in your company as: leadership, workers implication, existing and application of specific procedure, regular, specific trainings, emergency plan: 80.44% of top managers support the idea that these are "much" and "very much" implemented in their companies, but the 73.33% of the other managers from the operational level of quality and OHS said that the aspects are "less" implemented in the companies. No significant differences were found between management positions regarding the already implemented following OHS aspects in your company, p=0.632. As it can be seen in Table 5, almost half of the respondents (42 that means 46.15% of the research sample) believe that ISO 45001 will be adopted, mostly because of the companies' position in international supply chains in the automotive industry. After excluding the responders that chose "I do not know" choice, no significant differences were found between management positions regarding their opinion about ISO 45001 adoption in the companies from the West Region of Romania, p=0.676. Based on the research results about the ISO 45001 possible implementation in companies located in the West Region of Romania, there have been underlined that the biggest reason for top managers is the need of maintain the companies' position in international supply chains. The OHS and quality managers and personnel should learn more about ISO 45001 adoption to make sure they will be able to support the adoption process and their own careers developing in the next years. The safety professional who ignores the concepts of ISO 45001 are not prepared for the future and may find that his/her career will suffer for it.

Conclusions and final remarks
The OHS management system is one of the main elements of any organization's general management system and its implementation should be made in an integrative manner (taking into consideration other management systems as quality, environment or social responsibility). ISO 45001 provides the new normative framework of the holistic perspective for defining and implementing an efficient and effective management system. Even if different support organizations (as standardization organization, consulting companies, unions, professional organizations and researchers from academia) have provided materials and guides for the ISO 45001 adoption, organizations are not ready to do it. Even the Romanian companies (as those that have been part of the experimental research described in the article) have already gained a valuable knowledge and experience on implementing this type of management systems, using OHSAS 18001, but they are not yet prepared for a rapid and coherent adoption of the ISO 45001 standard. Companies need to take in consideration new key elements for a successful implementation of the OHS management system and this is a main difficulty in the adoption process.
The presented survey and the results achieved are limited to the research sample. The research results are important for all managers, but also for trainers and consultants in the West Region that could provide valuable knowledge for ISO 45001 adoption. The conclusions of the study underline that there is a lot of wisdom tucked away in the standard and supporting appendix. It is also the new global definition of what goes into a quality safety program and safety culture. Managers and professionals who want to keep up with industry best practices and advance their careers must understand what is in ISO 45001 and why it is there. They must start thinking like the top managers, because that is who will ultimately lead the company safety culture that comes out of ISO 45001. Future researches will be on identifying the main difficulties for the new standard adoption for companies of each industry and that are located ibn the West Region of Romania (the most developed one like the Bucharest-Ilfov Region).