If you are implementing an Occupational Health & Safety Management System (OHSMS) using the ISO 45001:2018 standard requirements, you are likely considering having your OHSMS certified when implementation is done. If so, you may wonder what needs to be done to successfully prepare for the certification auditor after the OHSMS is implemented.
What is the difference between implementation and certification?
It would be helpful to quickly discuss the difference between implementation and certification. Implementation is the process you go through to create all of the rules, policies, processes and procedures needed to meet the requirements of ISO 45001:2018 Certification, and to meet the needs of your organization. These are then established by ensuring that everyone in your organization knows what they need to do.
Certification is separate from implementation. It comes as a bit of a surprise to many people to find out that there is not a requirement in ISO 45001:2018 to have a third-party certification body conduct an audit and confirm that the organization has successfully implemented the requirements of the standard. There are many good reasons to have a third-party auditor look at your system, including the benefit of having someone outside your organization identifying ways to improve. Below is what the certification auditors will expect of your OH&SMS before they perform their audit.
What is expected for certification?
If you have chosen to go through the certification process, there are a few things that will need to be completed before the auditors come to perform their final certification audit. The auditors will already have done their stage 1 documentation audit, where they have reviewed your documentation to ensure that it meets the requirements of the standard. After this, you will need also to take care that the following is ensured:
All processes implemented – As not all processes are documented, you will need to ensure that all the processes you need within the OHSMS are in place. It is expected that you have established each process (set the process rules), implemented each process (ensured the rules are known and are monitored) and are maintaining each process (making sure that when rules change people know, and new people are informed of the rules). It is not acceptable to have incomplete processes.
OHSMS settled – In order to audit you will need to have adequate records to demonstrate how your processes work. For this reason, certification auditors will want you to have used your OHSMS for a period of time to collect the records necessary to demonstrate this. This timeframe is different for each ISO 45001 certification body, but often ranges from a minimum of 4 months to 8 months with some as long as 12 months.
All processes audited – One of the key processes to evaluate your OHSMS performance is the internal audit. The certification auditors will expect that you have done this internal audit review for all of your processes before they come and do their audits.
Management review completed – Another important OHSMS evaluation is the management review. It is expected that you will have performed at least one management review of the OHSMS to verify effectiveness and efficiency and to assess resource allocation.
Corrective actions taken – It is very likely that you will have found nonconformities in the processes during this time through internal audits, management reviews and process monitoring. When these nonconformities are found, it is expected that you will have taken corrective actions to remove the nonconformity and prevent it from happening again.
Improvements demonstrated – What are you doing to make your OHSMS better? Corrective actions are one method of improvement, but you should also be able to demonstrate progress on your OH&S objectives and other ways of addressing opportunities for improvement in your OH&S processes.
Preparation is the key to certification success
As with many things in life, if you are not properly prepared you will have problems. The activities you need to do before certification are important because they ensure your OH&SMS is working before you bring in an outside party to verify your implementation. While these tasks take some time, they will help you to catch some problems that could prevent you from passing the certification audit and delay final certification. You don’t want the certification auditors to be occupied by finding issues you should have found yourself when they could be pointing out real problems you may not have noticed.
Since you are paying to have the certification audit, make sure it provides the best information possible to help improve the OHSMS.
Mandatory steps to finish implementation and get your company certified
Documenting and implementing the OH&SMS is not enough for the certification. You also need to be sure that it is both effective and compliant with the standard. The following steps are meant to ensure this and prepare your organization for the certification audit:
- Internal audit – The purpose of the internal audit is to determine the level of compliance of your OH&SMS with requirements of the standard. During the audit, the internal auditors will review the documents, records and processes to identify weaknesses and provide information on nonconformities.
- Management review – This is the ultimate review of the effectiveness of your OH&SMS, the top management needs to review the information on OH&SMS performance, results of the internal audits, achievement of the objectives and changes in context of the organization. All this information will enable the top management to make decisions on how to improve the existing OH&SMS.
- Corrective actions – Both the internal audit and management review are providing you with the information on what needs to be changed, corrected and improved. These corrective actions are the best tool for dealing with nonconformities. Corrective actions are taken to achieve full compliance with the standard.
The company certification process is divided into two stages:
Stage One (documentation review). This is the initial phase of the audit; the certification auditors will review your OH&SMS documents to get familiar with your organization and its processes prior to the main audit and to ensure your documents are compliant with requirements of ISO 45001.
Stage Two (main audit). The main audit is the most important part of the certification audit. During this phase, the certification auditors will make interviews with the top management and employees and observe your processes. Their goal is to determine the compliance of your OH&SMS not only to requirements of the standard, but also to the content to your documents examined during the first stage.
IAS Expertise in ISO 45001 Certification
IAS certification is an accredited certification registrar providing different types of certificate which include the ISO 45001 certificates for various organizations or companies. Our Organization (IAS) expertise in the industry is second to none as we boast of best hands that have gotten relevant experience in ISO 45001 Certification. Should you need to get ISO 45001 Certification in India, don’t hesitate to reach out to us at IAS Pvt. ltd. IAS mainly focusing to conduct audit and ensure everything is properly placed towards getting your ISO 45001 certification.