notes are described by the word “should.” It requires an organization to establish a risk assessment process as part of an OHSMS.
In section 6.2 of ANSI Z10, it states that “the organizations shall establish a process to assess, prioritize and address its OHSMS issues on an ongoing basis …” The standard goes on to state that organization shall do this by “establishing priorities based on factors such as hazards identified, level of risk, potential for system improvements, fatal and serious injury and illness potential, standards, regulations, feasibility and potential positive and negative business consequences, and identifying causes and contributing factors related to system deficiencies and that lead to hazards and risks” (ANSI Z10.0 2019).
Section 8.3, Risk Assessment specifically states that an organization “shall establish and implement a risk assessment process(es) appropriate to the OHSMS issues identified in Section 8.2 to determine the level of risk and enable prioritization for appropriate actions” (ANSI Z10.0 2019). The standard outlines requirements for identifying and documenting high‐risk jobs and activities and recommends the use of well‐defined qualitative and quantitative methods appropriate for the organization. Annexes E6.2, Assessment and Prioritization and E8.3 Risk Assessment provide informative sections on the risk assessment process and select risk assessment methods.
ANSI Z10 is a consensus standard, meaning that ANSI has verified that the requirements for due process, consensus, and approval criteria have been met in the development of this standard. The use of consensus standards is voluntary; however, they are often incorporated into regulatory compliance standards and citations. ANSI Z10 is an important reference for the safety professional defining the minimum requirements for a health and safety management system with its primary purpose to reduce the risk of occupational injuries, illnesses, and fatalities.
2.7 ISO 45001
In 2018, the International Organization for Standardization (ISO), a global federation of national standards bodies released ISO 45001, Occupational Health and Safety Management Systems – Requirements with Guidance for Use. The standard was adopted by ANSI as ANSI/ASSP/ISO 45001 also in 2018.
Similar to ANSI Z10, ISO 45001 is a management systems consensus standard based on the continual improvement process of plan‐do‐check‐act. In the standard’s “Planning” section, it includes requirements for hazard identification and assessment (6.1.2). Section 6.1.2.1 Hazard identification requires an organization to “establish, implement, and maintain a process(es) for hazard identification that is ongoing and proactive.” In the following section (6.1.2.2) the standard states requirements for assessing risks to include “methodology(ies) and criteria for the assessment of OH&S risks shall be defined with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way.” (ANSI/ASSP/ISO 45001 2018)
Other related elements addressed by the standard include: eliminating hazards and reducing OH&S risks using the hierarchy of controls; MOC; procurement; contractors; outsourcing; and emergency preparedness and response.
2.8 ISO 31000 and ISO 31010
The American National Standard, ANSI/ASSP/ISO 31000‐2018 Risk Management standard and ANSI/ASSP/ISO 31010‐2019 Risk Management – Risk Assessment are fundamental consensus standards for the practice of managing risk. Specifically, ANSI/ASSP/ISO 31000 provides guidance on the principles, framework, and process for risk management (as shown in Figure 2.1), while ANSI/ASSP/ISO 31010 is a standard for current good practices in risk assessment as part of the risk management process (shown in Figure 2.2).
Figure 2.1 Risk Management Principles, Framework and Process.
Source: Adopted from ANSI/ASSP/ISO 31000‐2018.
Figure 2.2 The Risk Management Process.
Source: Adopted from ANSI/ASSP/ISO 31000‐2018.
The ISO risk management standards were first published in 2009. These standards were nationally adopted by ANSI in 2011 and include:
ANSI/ASSP Z690.1‐2011, Vocabulary for Risk Management
ANSI/ASSP Z690.2‐2011, Risk Management Principles and Guidelines
ANSI/ASSP Z690.3‐2011, Risk Assessment Techniques
ISO 31010 Risk Assessment standard was first approved in 2011 by the American Society of Safety Professionals (ASSP) in the United States as ANSI/ASSP Z690.3. The standard has since been revised by ISO in 2019 and adopted in the United States as ANSI/ASSP/ISO 31010 Risk Management – Risk Assessment.
ISO 31010 is exclusively about the assessment of risk within the framework and process established in ISO 31000. The risk management perspective on risk assessment is generally broader and higher level than the occupational health and safety perspective. However, the process is essentially the same. ISO 31010 provides guidance on the risk assessment phase of the overall risk management process. The purpose is to provide evidence‐based information and analysis to make informed decisions on how to treat particular risks.
ISO 31010 states that the risk assessment process provides decision‐makers and stakeholders a better understanding of risks that could impact an organization’s business objective, and the efficacy of controls in place, so that the organization can better manage its operational risks. In essence, the risk assessment process provides a basis for decisions to be made regarding the most appropriate risk‐control measures to achieve an acceptable risk level. Without proper risk assessment, risks remain unknown and cannot be adequately managed. The ISO standards on risk management should be an important reference for the safety professional, especially those who work in the risk management and insurance business.
2.9 ANSI/ASSP Z590.3, Prevention Through Design
The ANSI/ASSP Z590.3, Prevention through Design, Guidelines for Addressing Occupational Hazards and Risks in the Design and Redesign Processes was first published in 2011 and reaffirmed in 2016. The standard was the result of a number of years of efforts by the ASSP, National Safety Council (NSC), and National Institute of Occupational Safety and Health (NIOSH). The standard was developed to provide consistent procedures for conducting hazard analysis and risk assessment in the design and redesign process.
Risk assessment is a major component of the Prevention through Design (PtD) process as outlined in ANSI Z590.3. A significant portion of the standard is dedicated to applying risk assessment throughout the life cycle of a system. Section 7, The Hazard Analysis and Risk Assessment Process covers the following steps on risk assessment.
Communication and direction
Establish risk criteria
Establish the context
Anticipate/Identify risk sources
Consider the failure
