Published: 31 Oct 2019

Bob Marshall, CQP MCQI, Secretary of the CQI Yorkshire branch, explains how health and safety must be considered when determining the needs and expectations of interested parties and providing a suitable working environment.

ISO 9001:2015 Quality Management Systems does not specifically mention safety, but to comply we must meet the safety requirements of interested parties, identify hazards and take action to reduce risks, and provide a safe work environment.

The clauses most relevant to safety are:

  • 4.2: Understanding the needs and expectations of interested parties. ISO 9000:2015 paragraph 3.2.3 defines interested parties as a person or organisation that can affect or be affected by an activity include customers, people in the organisation, suppliers, regulators, society.
  • 5.2.1: Establish the quality policy - c) include a commitment to satisfy applicable requirements
  • 6.1: Actions to address risks and opportunities. Determine the risks and opportunities that need to be addressed to prevent or reduce undesired effects, and achieve improvement.
  • 7.1.4: Environment for the operation of processes. Provide a suitable social, psychological and physical environment.

Clause 9.5 in ISO 9004:2018 Quality management – Quality of an organization – Guidance to achieve sustained success, provides further information on the work environment, including the statement: “the organisation should give appropriate consideration to health and safety rules and guidance”.

Health and safety rules and guidance

Each organisation must identify and comply with relevant safety requirements. The requirements of interested parties, and applicable requirements referred to in ISO 9001:2015 include safety requirements which employers must comply with. 

To meet the requirements of UK health and safety law it is necessary to:

  • Provide a safe working environment and safe systems of work, conduct risk assessments,
  • take action to remove hazards and reduce risk in accordance with the Management of Health and Safety at Work Regulations 1999;
  • Conduct risk assessments (and fire risk assessments) which consider the health and safety of persons who may be affected by the business, including risks to visitors and contractors, risks to neighbours (regulation 3 of the Management of Health and Safety at Work Regulations 1999);
  • Obtain a permit and conduct environmental impact assessments if business activities present a significant risk of pollution in accordance with the Environmental permitting (England and Wales) Regulations 2010;
  • Provide product which is safe to use, and can be safely disposed of in accordance with the EU General Product Safety Directive 2001/95/EC, and other directives relating to specific products, e.g. Machinery 2006/42/EC, or Medical devices 2007/47/EC.

Health and safety law in the UK are based on the following principles found under section 1, paragraph 1 of the Health and Safety at Work Act 1974 (HSWA): 

a) To secure the health safety and welfare of persons at work;

b) Protect persons other than persons at work against risks to health or safety arising out of or in connection with the activities of persons at work;

c) Control the keeping or use of explosives and other highly flammable or dangerous substances;

d) Control emissions into the atmosphere of noxious or offensive substances.

HSWA is not readable, however it is not a document which anyone needs to read. The Secretary of State issues regulations which implement the act. The Health and Safety Executive (HSE) publishes a series of legal documents and approved codes of practice, which list the regulations and describe how they are implemented. There are also guidance documents published by HSE providing suggestions about implementing the regulations.

There are six sets of regulations considered to be the top-level health and safety requirements:

  • The Management of Health & Safety at Work Regulations 1999, (see HSE document L21)
  • Manual Handling Operations Regulations 1992, (see HSE document L23)
  • Display Screen Equipment (DSE) Regulations 1992, (see HSE document L26) 
  • Workplace (Health, Safety and Welfare) Regulations 1992, (see HSE document L24)
  • Provision and use of Work Equipment Regulations 1998, (see HSE document L22)
  • Personal Protective Equipment (PPE) Regulations 1992, (see HSE document L25)

These regulations correspond to EU directives – they are often referred to as the EU 6-pack.

These are not the only regulations which employers must be aware of. There are many others which must be considered, including regulations relating to first aid at work, reporting accidents, consulting with employees, lifting operations, and lifting equipment. Each employer must review all the regulations relevant to their business to determine what they must do to apply the law. 

Helpfully, the HSE publishes the HSG268 Health and Safety Toolbox, which provides a summary of the regulations and guidance on reducing risk in the workplace. The document is aimed at small to medium-sized enterprises (SME), but it is relevant to any business which is starting up or reviewing its health and safety arrangements. It covers safety policy, provision of welfare facilities, first aid, risk assessments, fire risk assessments, consultation with personnel, and specific requirements for most common work activities. It also provides references to the regulations, approved codes of practice, and guidance documents which give more detailed information. 

Consultation with employees on matters relating to health and safety is a legal requirement in the UK, see Approved Code of Practice L146, and in the EU, see Directive 2002/14/EC. The consultation may be directly with workers or through their representatives (if there is a trade union they have a right to arrange the election of safety representatives). It is good practice to provide training for safety representatives to ensure they understand their role and they are aware of the safety issues relating to their workplace. If workers are involved in the arrangements for health and safety they are more likely to report problems and make suggestions for improvement. HSG268 Health and Safety Toolbox is a useful resource for safety representatives.  

Beyond compliance

UK safety regulations require each organisation to prepare (and maintain) a safety policy and risk assessments, and to comply with many regulations to ensure they provide a safe workplace. The HSE conduct random inspections to confirm compliance with rules. Insurance companies may also insist on regular inspection of the electrical system and lifting equipment. 

Some organisations choose to get their health and safety management system reviewed and approved by a third arty (against a recognised standard) to confirm:

  • Compliance with applicable legal requirements
  • Commitment to preventing injury and ill health
  • Continually improving safety management and safety performance. 

A standard for assessment of health and safety management systems, BS OHSAS 18001 Occupational Health and Safety, was developed by BSI and other certification bodies. In 2018 it was revised (to be consistent with ISO 9001), adopted by the International Standards Organization (ISO), and issued as ISO 45001 Occupational Health and Safety. 

ISO 45001:2018 requires an organisation to:

  • Establish a safety policy
  • Identify hazards
  • Identify legal requirements and requirements of interested parties
  • Plan actions to reduce risk
  • Set objectives for improvement
  • When establishing a health and safety management system it is important to remember that national law takes precedence over international standards. 

Safety policy

In the UK, the health and safety policy must comply with HSWA section two, paragraph three: “It shall be the duty of each employer to prepare, and as often as may be appropriate revise, a written statement of his general policy with respect to the health and safety at work of his employees and the organization and arrangements for the time being in force to carry out that policy, and to bring the statement and any revision of it to the attention of all his employees.”

The safety policy defined in ISO 45001:2018 clause 5.2 includes some additional requirements: provide a framework for setting the occupational health and safety (OH&S) objectives; include a commitment to eliminate hazards and reduce risks; and continually improve the OH&S management system, and a commitment to consult with workers. 

Risk assessment

In the UK (and also the EU) risk assessments must be conducted in accordance with section three of the Management of Health and Safety at Work Regulations 1999. It says every employer shall make a suitable and sufficient assessment of:

a)  Risks to the health and safety of his employees to which they are exposed at work; 

b)  Risks to the health and safety of persons not in his employment arising out of or in connection  with the conduct by him of his undertaking

A basic format for risk assessment is included in the safety policy template, examples are also provided. For each hazard it is necessary to consider who might be harmed, what are we doing to prevent it or reduce risk, what else do we need to do, who will do it, and when will it be completed? A fire risk assessment is also required.

Hazard identification and risk assessment is described in ISO 45001:2018 clause 6.1.2. This goes beyond the requirements of UK health and safety law. It is also necessary to set objectives for improving safety performance, and plan to achieve these objectives.