6.1 Address Risk & Opportunity

ISO Navigator Pro

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret the fundamentals of ISO 9000:2015 to help understand, and better implement, the requirements of ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007. The ISO Navigator Pro™ database divides the requirements into four sequential stages; Plan, Do, Check and Act.

If you're looking for integrated ISO 9001:2015 and ISO 14001:2015 EQMS documentation, please click here.


Step 3Plan: Planning. Planning for the management system. Define objectives and plan for the effects of and change. Assess impacts, hazards and risks. Deploy and monitor plans that adapt to changing circumstances.


6.1.3 Occupational Hazards

Hazard identification and risk assessment form the core of the management system’s drive for control and improvement. What is important at this stage; is to understand the terms hazard and risk; these terms are commonly used, interchangeably in everyday conversation.
OHSAS 18001:2007 defines hazards as those things which have the potential to cause harm, and risks as those things which relate to the potential for harm to actually arise. A simple example might be to consider the electrical supply in a building. Electricity itself represents a hazard and provided the supply is live, the risk of electric shock remains. These hazards and risks are best identified by understanding your business processes, identifying the tasks and activities where they arise and listing the inputs and outputs from each activity. The key features of this clause are:

  1. A procedure for identifying occupational hazards appropriate to a task;
  2. Evaluating the consequent risks and deciding which are significant;
  3. Identifying a level of risk which the organization considers to be tolerable;
  4. Using this as a basis for setting objectives for improvement;
  5. Keeping the risk assessments and any improvement objectives up to date.

These can represent a wide range of issues, but it is essential they are all considered because your whole EHQMS will be focused on the output of this identification process and ranking for significance. Auditors will test the process and its outputs for content, repeatability, accuracy, records, and later on, for the use of its outputs in focusing the direction and delivery of the management system.

  1. Look for hazards;
  2. Decide who might be harmed and how;
  3. Evaluate the risks and decide whether current controls are adequate;
  4. Record your findings;
  5. Review risk assessments and revise if necessary.

Review and revise the risk assessment when there is any significant change (e.g. new hazards arise due to new machines, substances and processes). Regularly review the risk assessment to check that the precautions for each hazard still adequately control the risk and, if necessary, reassess the risk.

Having identified all hazards and associated risks which could impact on occupational health and safety, the process of rating the risks for significance can be carried out. This crucial process, together with a thorough knowledge of legal and other similar requirements, provide the foundations of the management system.

This assessment process is vital in determining the need for controls aimed at either reducing risk to levels deemed to be tolerable, or meeting the requirements of legislation. The significance level (or risk rating) should then be used to prioritise actions. Remember that the importance of this process cannot be overestimated. If you get this process wrong, the whole system will be suspect.

Demonstrating compliance

Regular reviews are essential to ensure that hazards and risk are being appropriately managed, and that the relevant data about them remains accurate and reliable. Your organization should repeat the hazard and risk assessment process every 2 years or when site conditions change, when new tasks are added or when new workers join the crew, in order to prevent the development of unsafe working condition. Objective evidence could be in the following various forms:

  1. Risk assessements;
  2. Training records;
  3. Breifing records;
  4. COSHH assessments;
  5. Planning, analysis and evaluation activities;
  6. Corrective actions;
  7. Non-conformance reports.

Management system templates

Our range of ISO 9001 quality manual templates and integrated manual templates offer an easy way to document and communicate risk management policies and targets to ensure effective implementation of risk and opportunity management principles. The EHQMS integrated manual templates include the 'Control of Occupational Hazards' procedure that defines the health and safety hazard indentification and risk assessment process, and a 'Health & Safety Risk Assessment' that captures and records the identification and evaluation process of each hazard.


6.2 System Objectives & Planning
6.3 Planning for Change

Free internal audit checklists

Check out our free internal audit checklists. The audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.

Client list

Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.