Risk assessment is a commonly used project management technique. The philosophical approach of risk assessment has been developing from North American experiences in the nuclear and aerospace industry since the 1950s and today it is a well-defined discipline, with facets ranging from mathematics to philosophy, and which finds its systematic and systemic application to the most diverse fields, from the process industry to health, from the construction of large infrastructures to insurance.
It should not be surprising to find references to risk assessment in a safety management system: already BS OHSAS 18001:2009 dealt with it in requirement 4.3.1 Hazard identification, risk assessment and determining control. Very predictably, because we find the same approach in the European directives that generated the current legislative landscape of European countries, the standard provided that anyone wishing to structure the management system of their organization, would have to prepare a procedure for identifying hazards and assess risks, which takes into consideration all factors with the potential to cause negative effects on the health and safety of people working under the organization’s control. And so the standard deals with physical agents as well as organizational ones, materials as well as work organization criteria: all this is consistent with the definition of danger and risk proposed by the standard and with the references. These are the legal requirements, and there is nothing to say here.
In defining the requirements recalled by the new ISO 45001:2018 standard, the organization and the level of its performance, combined with the identification of the parties that may be interested in my company, will bring to define the level of reputation I intend to achieve for my organization, towards the stakeholders that my company itself is… interested in satisfying. Reputation which basically means the ability to access the reference market for my organization: with a low reputation I will not receive orders or in the execution of the orders that I will be able to access I will be more subject to controls that also impact on my production capacity. With a high reputation I will have access to more business opportunities and will basically be left freer to conduct them as I know.
Now, over thirty years after the issue of Directive 89/391/CEE, it is not reasonable to argue that there is a technical deficit to be filled: the problem is necessarily of a cultural nature. And ISO 45001:2018 has prepared these and other tools to bridge the gap.
Originally published on HSE People.