“should” which is often used in guidelines. Use of shall, means that the issue at hand is required, versus the use of should that means that the issue at hand is a recommendation or good idea.
Standards rarely have the force of law unless specifically adopted by a regulatory agency or legislative body. Thus, most standards are voluntary until referenced by regulation or judicial process. However, the line between voluntary and required begins to blur as more organizations adopt these standards and begin requiring conformity by their suppliers. For example, few governments require ISO 9001 or ISO 14001 certification but it is almost impossible to be a global supplier without them. Third‐party certification to the standards such as these has become a de facto requirement in many markets.
3.2 ISO's High‐Level Management System Structure (MSS)
In an effort to bring uniformity to its management system efforts, ISO's Technical Management Board (TMB) formed the ISO Ad Hoc Group on Management System Standards shortly after ISO 14001:1996 was published. This group published Guidelines for the Justification and Development of Management System Standards (ISO Guide 72) in 2001 (26). This guide presented common MS elements as:
1 Policy;
2 Planning;
3 Implementation and operation;
4 Performance assessment;
5 Improvement; and
6 Management review
These elements followed the structure of ISO 14001:1996 and were found in many nation‐specific approaches at that time.
In the early 2000s, the Ad Hoc Group on Management System Standards recommended the formation of the Joint Technical Coordination Group (JTCG) to work on establishing consistency between ISO's various management system standards; the TMB subsequently formed the JTCG on MSS. This group developed ISO Guide 83, High Level Structure, Identical Core Text and Common Terms and Core Definitions for use in MS Standards (27). This document was never formally adopted, but was issued in December 2011. In it was the recommendation to establish what is often referred to as ISO's “high‐level MSS structure.” These recommendations where subsequently adopted, and published in 2013, in Annex SL of ISO's Directives (also referred to as the ISO Supplement). Annex SL formally presented the new high‐level and generic MSS that all revisions and future ISO MSSs were required to follow (28). This high‐level MSS structure has 10 sections, these are:
1 Scope;
2 Normative references;
3 Terms and definitions;
4 Context of the organization;
5 Leadership;
6 Planning;
7 Support;
8 Operation;
9 Performance evaluation; and
10 Improvement
ISO 45001:2018 follows this outline as have all ISO MS standards since 2013, including ISO 14001:2015 and ISO 9001:2015.
4 FOUNDATIONAL CONCEPTS
At their most basic level, systems are typically described as having four elements: input, process, output, and feedback. The relationship between these four elements is depicted in Figure 2.
A question that often comes up when talking about an OH&S management system is “what is the difference between a system and program?” One way to describe this difference is in terms of an information feedback loop, that is, feedback in a system is essential and an integral component of the system. Conversely, this is not the case with programmatic approaches where feedback is not necessarily part of a structural design.
A system can be further characterized as being either open or closed. In the case of open systems, there are identifiable pathways whereby the system interacts – exchanging information with and gaining energy – from its external environment. This phenomenon is readily observed in biological systems. Conversely, closed systems do not have such pathways, and thus limit their ability to adapt or respond to changing external conditions.
ISO's guidelines on the development of management system standards defines a management system as a “system to establish policy and objectives and to achieve those objectives” (26). This ISO guideline states that
FIGURE 2 Basic system depiction.
“management systems are used by organizations to develop their policies and to put these into effect via objectives and targets, using: an organizational structure with roles, responsibilities, authorities, etc., of people defined; systematic processes and associated resources to achieve the objectives and targets; measurement and evaluation methodology to assess performance against the objectives and targets, with feedback of results used to plan improvements to the system; and, a review process to ensure problems are corrected and opportunities for improvement recognized and implemented when justified” (26).
ISO 45001:2018 defines a management system (§3.10) as a “set of interrelated or interaction elements of an organization to establish policies and objectives and processes to achieve those objectives” (14). Comments related to this state that: “a management system can address a single discipline or several disciplines; the system elements include the organization's structure, roles, and responsibilities, planning, operation, performance evaluation and improvement; and, the scope of the management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of the organization.” Given ISO 45001 refers to an OHSMS, the developers of this standard sought further clarification by adding a definition of an OH&S management system as a “management system or part of a management system used to achieve the OH&S Policy” as set by the organization.
4.1 Conformity Assessment
Conformity assessment refers to the activities associated with determining (formally and informally) whether an implemented management system conforms to a formal OHSMS standard, such as ISO 45001, or a protocol unique and internal to an organization. A common definition for conform assessment is “the determination of whether a product or process conforms to particular standards or specifications. Activities associated with conformity assessment include testing, certification, and quality assurance” (29). Conformity assessment deals with the activities associated with determining how well a given system approach has been implemented in an organization, this primarily includes auditing and the certification activities.
It is important to understand and consider conformity assessment issues and how they relate to MS as they are central to strategic considerations regarding the rational for implementing and auditing a management system. A common misconception about MS is that third‐party certification must be pursued. This is not the case. While many organizations do pursue certification, many do not.
Conformity assessment frameworks typically have three levels.
