Tue, May
19 New Articles

Why Standards

Special Reports

Everybody has standards that they work to, whether they realise it or not. With the introduction of ISO 45001 this year, the issue of standards is againin the news and people are asking which standards are right for them.

There is also considerable confusion about thepotential liabilities (civil and criminal) that peoplemay face if they fail to follow what the law requires.Your standards can aid you considerably in demonstrating what and how you intended to comply withthe requirements, or they could simply prove yourguilt if they were inadequately defined or notfollowed.

What is ISO 45001?

So where did IOS 45001 come from and what doesits origin tell us about the standards we need? Back in1991 the HSE issued “Managing for Health andSafety”, Health and Safety Guidance Note 65(HSG65). This was a book about the management ofhealth and safety, designed to accompany the (thendraft) Management of Health and Safety at WorkRegulations 1992 (which were replaced in 1999).Likewise other agencies around Europe were undertaking similar publications to introduce their versionsof the management regulations.

HSG65 was (and still is) a basic interpretation guidefor comply with the law with regards to the management of health and safety. If you really follow the approach set in the standard then you should manageto identify ways of complying with the law in yourworkplace.

In 2004 BSI introduced the new standard BS8800,which was a “Guide to occupational health and safetymanagement systems” and largely followed theHSG65 format. However, it also tried to introducesome elements of quality management to introducethe ideas of continual improvement. It was only aguide and did not provide accreditation. It was replaced in 2008 by the BS18004, which was part of theUK implementation of the ISO guidance documentOHSAS 18001. This introduced more emphasis onthe continual improvement of standards and tried toset the lead for the development of a true international standard. Now this has also been replaced withthe introduction of the first ever worldwide international health and safety management standard,ISO45001, which came into being in March 2018.

Now that the development cycle from small 'light'guidance notes to a full international standard is complete, the real question remains – What is a standard,and why should you follow one?

The Standard

Basically, the new standard simply describes the stepsto go through so that you can manage the process ofmanaging health and safety in an appropriate manner for your organisation. It does not actually set anylevels of compliance, only a process you should follow to be sure that you have set your own targets appropriately. It is also closely aligned with theinternational quality management standard 9001 andthe international environmental management standard 14001. At long last these three areas can bemanaged with a single interrelated set of proceduresthat will help enforce the systems and gain benefitsfrom a common approach.

But you still have to set your own levels of compliance and decide what you think is appropriate.

Suitable and Sufficient

The legal requirement placed on every company indeciding how to manage an activity is that the actionsthey decide to take must be “suitable and sufficient”to effectively manage the risk to people from their activities. The test is therefore one that you can apply toyour own decisions to decide if you have done“enough of the right stuff” to control the risks youhave identified. How you may then use the standardsthat you set to manage this is what this paper is questioning.

What Standards Do You Use?

So your decisions are key in the management of riskin your workplace. But what do you think is 'suitable'and 'sufficient' for the risk management in your workplace? This is a much more complex question than itappears at first.

You have many implicit standards, based on thecompany's safety culture. “The safety culture of anorganisation is the product of individual and groupvalues, attitudes, perceptions, competencies, and patterns of behaviour that determine the commitmentto, and the style and proficiency of, an organisation'shealth and safety management.” {source: HSEguidance on 'Human Factors'.}

Therefore, built into your safety culture are all theaccepted failings, such as the failure to wear protective equipment, the acceptance of short cuts, the badpractices taught by experienced workers to trainees,and so much more. These form part of your implicitstandards, things that if you accept and perpetuatewithout actually questioning, they rapidly become thenorm and form the standard that is worked to,whether you want this or not.

The explicit standards are those things which youspecifically state that you want to achieve, along withhow you are going to do this. Typically the standardoperating procedures, the permitting systems, etc.

Implicit v Explicit

Many organisations have a substantial conflictbetween their implicit and explicit standards. This isfrequently at the root of accidents, industrial disputes,productivity problems, quality issues etc. The solutionis often to address the problems with the implicit standards – where you have accepted 'bad practice' in thepast, and also to address the unrealistic expectationsin the explicit standards. If you expect something tobe done in a particular way, then it is beholden on themanagement to make that way the easiest way to dothe job. If you don't, then the implicit system will takeover very fast and people will short cut their way (andyour company) back to danger.


Clearly a highly competent workforce will need lessdirection and will be able to identify their own standards in many cases. This is the case of the traditionalcraftsman working by hand with very sharp tools versus the modern factory worker who loads materialsinto a computer controlled machine before unloadinga completed item. But even in the most highly skilledworkforces there is still a need for explicit standardsto be defined.

Take the scaffolders constructing a large scaffold intown. They will be highly trained and competent, butthey will still have the design standards, the requirements for protective equipment, the need to controlthe space under the scaffold, the need to ensure thateverybody is working in the right way at any givenmoment. This is potentially dangerous work andneeds to be managed well. Implicit standards are included at every step of the process and in most of thelarger scaffolding companies these standards will havebeen made explicit, to aid communication, assist withprotecting trainees etc.

Compare this with the frequent abuse of small towerscaffolds, where erecting the scaffold is a much lowerrisk task, but frequently there is a lack of skill and appreciation of the danger by the people doing thework. This means that many small tower scaffolds arelethally dangerous to all involved. The lack of competency in the form of a working appreciation of thecorrect standards involved in erecting a tower scaffold is then at the root of many other failures.

In short – the less competent your people, or thehigher the risks involved – the more important it isto have defined explicit standards for work.

Audit – What Standards Do You Need?

It is not possible to audit (and to a lesser extent,inspect or investigate) without first asking what thestandards are. To set your standards it is importantto consider how do things get done (in the real world)and what is actually accepted in the workplace. It iseasy to generate a report that says there is 100% compliance with a specific test (this is done in many auditreports) but if the actual standards applied are notadequately considered, then the test may becomemeaningless and lead to a false perception of security.The construction company that says all workers usehard hats and are therefore safe will miss the realcauses of the head injuries – the falling bricks – because they did not look at the stacks that went overthe top of the scaffold protection, or the habitual forklifting over people's heads.

Since 1974 we have had to decide on our own standards, policies, procedures, practices etc. This is notnew. Since 1992 we have had to develop 'suitable andsufficient' risk assessments. Unfortunately, at the rootof all these are the rarely acknowledged (mostly implicit) standards that are accepted or enforced in theworkplace. Until these are addressed, openly, acknowledged and accepted by all involved, the accidents will continue. Adopting a 'strict regime' ofcontrol is rarely the solution if the implicit standardsare weak. And no audit will find the problem if thestandards are never considered. You have all heard ofthe phrase about assumptions. “Assume, makes an Assof U and Me”.

The enforcing authorities (including the police, HSEetc.) will look at the standards that you have set yourself. If you have simply taken and reproduced thelegal minimum, and then failed to meet it with youractions, then you are really easy for them to prosecute. If your standards were defined with consideration of the things that people may do wrong, and withchecks and balances included (so you can identifyproblems before they cause harm) then your standards may help keep you out of Court, even if something that you did not foresee happened. This isbecause you will be able to demonstrate managementof risk, using suitable and sufficient measures, andyou will have been able to demonstrate compliancebecause you will have been using your standards asthe basis for inspection and audit.

Strange as it may seem – it is not a crime to have anaccident. It is a crime to fail to manage your workplace so as to make the accidents less likely and if theydo happen less serious. Your standards demonstratethe thinking and management of this process.

Some Process Steps to establish your standards

When you are setting up your risk managementsystem all of the following actions should have beenincluded in devising your systems and setting yourstandards. If any of these steps are missing then youwill probably have a system that does not work.

• You do risk assessments on the activities involvedin your workplace. These identify the activities andspecific tasks that are most likely to cause harm.They also identify actions that need to take place (anearly step to identifying your standards).

• You identify what outcomes you want (qualityproduct, no accidents etc...) and so how much erroror failure you will accept. Now you know when totrigger non-conformance reporting.

• You consider how your people can work moresafely, remembering that they are people not machines. Consideration of the human factors isfrequently missing in the risk assessment to methodstatement production line.

• You consider how you are going to measure thatwhat you want is happening.

• You consider how to identify non-conformities,times when things are not going right so that youcan capture the failures before things go reallywrong.

• You measure everything that you have identifiedthat is likely to indicate that things are not right. Be it hard hats on site or product being madewrongly (frequently an indication that there may bea safety issue hiding in the process).

• You consider every non-conformance report (accidents, near misses etc. included) and go back todecide if this is demonstrating an underlying failurein the system (whether it is a worker not followingthe system, a manager not allowing sufficient time,or a change in the materials that you are using thathad not been identified when it should have been).

• You act on your findings, and record what youhave done, and update people on changes to yourstandards.

There are many formal ways of expressing the aboveprocess issues, HSG65, ISO45001 and other systemsgive you the skeleton to do this and have others comeand look to see if you have blind spots.

One of the key skills in standards specification is nevertrusting you have it right.

Standard Summary!

Safety management is critical to any organisation(whether they realise it or not). At the base of this isthe identification of the standards that are to be applied. If you do not consider the implicit as well as theexplicit standards the system will fail, regardless of theofficial 'method' you follow.

You set your own standards, best done collaborativelyand transparently, and then the safety culture of theworkplace itself becomes the implicit enforcer of yourstandards. Once you know what your actual standards are, you can measure them and learn to improve. If you never state them, then they cannot bemeasured and you will continue in blissful ignorance,until the accident inevitably happens. Or even worserepeats.

Further information

• HSE website. http://www.hse.gov.uk/

• HSG65, “Managiong Health and Safety” 3rd Edition pub 2013,www.hse.gov.uk/pubns/priced/hsg65.pdf

• BS8800, BSI's now obsolete “Guide to occupational health and safety management systems”www.tsoshop.co.uk/bookstore.asp?FO=1159993&DI=521476

• BS OHSAS 18001, “Occupational Health andSafety Management” www.bsigroup.com/en-GB/ohsas-18001-occupational-health-and-safety/

• HSE Human Factors sub site www.hse.gov.uk/humanfactors/index.htm

• ISO announcement of publication for 45001www 45001www.iso.org/news/ref2272.html

• BSI shop for BS ISO 45001 www.shop. bsigroup.com/ProductDetail/?pid=000000000030299985

• PASMA – the prefabricated access suppliers andmanufacturers association – provide excellent guidance on the standards for erection of tower scaffolds. https://pasma.co.uk/

About Safety 4 HEd LLP

Safety 4 HEd Limited Liability Partnership was established in 2010 to provide specialist health andsafety advice to the HigherEducation (University) sector,including research companiesetc. Since then it has expanded the operationsundertaken to include many other sectors, and addedtraining and expert witness services to the moreconventional consultancy work.

Although based just outside Newcastle-upon-Tyne,Safety 4 HEd operates nationally and has undertakenwork for small companies, technical start-ups andcharities, through to Blue Chip, Multinational companies and universities with international reach.

About the Author.

Vincent Theobald-Vega has nearly three decades as ahealth and safety professional and also took on thechallenges of fire protection. During his time in University safety, he undertook many fire risk assessments for high hazard locations and assisted in theredesign of buildings to cope with increased occupancy.

Lawyer Monthly Expert Witness Awards 2018

Global Awards 2018 – Corporate Live Wire – Best

Health & Safety Expert (UK)

Lawyer International – Legal 100, 2018 Awards –

Health and Safety Expert of the Year (UK)

Lawyer Monthly Expert Witness Awards 2017

Health and Safety Expert Witness Award 2016

Award of excellence for services to the health andsafety industry 2015.

Vincent's accreditations include the following:

FIIRSMFellow of the International Institute of Riskand Safety Management.

FRSPH - Fellow of the Royal Society of Public Health.

CMIOSH - Chartered Member of the Institution ofOccupational Safety and Health.

MISTR- Member of the Institute for Safety in Technology and Research.

EurOSHM - European Network of Safety and HealthProfessional Organisations.

Member of the Health and Safety Lawyers Association.

Associate Member of the Institute of Ergonomics andHuman Factors.

OHSCR- -Listed on the Occupational Health andSafety Contractors Register.

If you want to know more visit the website atwww.safety4hed.co.uk.

Sign up via our free email subscription service to receive notifications when new information is available.