The Quality Hub Podcast
Listen Below. Learn More.
The ISO 14001 & 45001 Standards
Episode 27 – The ISO 14001 and 45001 Standards
The ISO 14001 and 45001 Standards
In this episode of The Quality Hub, host Xavier Francis interviews ISO experts Brian Smith and Norm Verbeck from Core Business Solutions, focusing on ISO 14001 (Environmental Management System) and ISO 45001 (Occupational Health and Safety). Norm emphasizes ISO 14001’s goal of sustainable development beyond regulatory compliance, while Brian highlights ISO 45001’s bottom-up approach, worker participation, and hierarchy of hazard controls.
Core Business Solutions publishes ISO Certification podcast episodes weekly. You can find more episodes here.
Episode 27 Key Content
Hello, everyone, and thanks for listening to the Quality Hub chatting with ISO experts. I’m your host, Xavier Francis. Today we’re here with Brian Smith, director of Consulting Services, and Norm Verbeck, consultant at Core Business Solutions. Thanks for being here today, guys.
It’s a pleasure.
Good to be here, Xavier.
Thank you and we’re glad you’re here. Over the next several weeks, we’re excited to explore a range of ISO standards beyond the well-known ISO 9001. At Core Business Solutions. Our ability to work with companies extends well beyond 9001. We support our customers with consulting, training, and software, and a comprehensive array of ISO standards. In addition, we support cybersecurity NIST and CMMC compliance and certification. Today we’re going to be talking about two different ISO standards 14,001, an environmental management system, and 45,001 an occupational health and safety standard. But before we begin, could you guys please share with us your experiences and journeys?
Well, I started with ISO 14,001 and 45,001, in about 2012. 45,001 at that point was a new standard to replace OSHA 18,001. 14,001 was in place, but I was the ops manager for an electronics recycling factory, and for one of the other standards we had to have 14 and 45 in place. So I was on the ground floor of 45 and 14. I worked with a little bit before that, but I got to execute both standards, which is a good way to learn them.
I’m sure it is. What about you, Norm?
Yeah, my primary experience was starting with 9001, of course, and 14. I first got introduced to that back in 2010. So that was again, with a larger company I worked for from the ground up implementing that entire system. My experience with 45 is a little bit newer. So it’s been since 2020. So the two tie very closely together with 9001, there are a lot of the same requirements. There are some differences and nuances between the two. But if you have a good overview of 9001, the other two will come along a lot easier. What’s the base knowledge of that one?
I do appreciate you guys being here. We’re going to start with Norm today and 14,001. The first question for you is how ISO 14,001 helps organizations improve their environmental performance and reduce their environmental impact.
So the main principle behind ISO 14,001 is that organizations need to end up moving beyond just regulatory compliance and moving towards sustainable development. So sustainable development is primarily defined as development that meets the needs of the present without compromising the ability of future generations to meet your own needs now.
So forward-thinking a bit.
That’s exactly right. So when implementing the environmental management system, the first level is to focus on implementation and certification. But once a basic EMC is in place, companies are then more focused on compliance and corrective action. As you end up maturing, you end up focusing that focus on improving regulatory compliance and reducing costs. And then once you have a mature EMS in place, the focus can then move on to improvement beyond compliance.
So it sounds like a well-thought-out process now as a company does dive into 14,001, what are the key requirements and elements of an effective 14,001 compliant EMS and how does that relate or compare to 9001?
The first portion gets into the development of environmental policy. So this is an addition to 9001. Some of it is similar to a commitment to continuous improvement meeting requirements, but it goes a little beyond that. Specifically, it has to commit to comply with legal requirements that are related to environmental aspects and the prevention of pollution.
So clearly it has requirements beyond the normal 9001.
It does. So a company must also maintain a process to identify a company’s environmental aspects. Those are the things that we do or make that could interact with the environment and then determine which aspects have or could have a significant impact. And those are the ones that could change the environment in a significant way. In addition, identification. Environmental compliance reviews must be periodically conducted to evaluate compliance with regulatory and other requirements. So that’s additional to 9001. And then maintaining a process to identify the legal and other requirements that apply to the organization. Maintaining access to the most up-to-date requirements and then defining how those requirements apply to the organization’s environmental aspects.
And that’s an important point. As far as requirements and regulations, they do seem to change often, especially with the environment. It seems like whenever we have a new elected official, it seems like policy flip-flops right now. So you have to pay attention to that kind of thing.
Yes, it’s important to have a mechanism in a lot of states and even the federal government has automatic updates where you can sign up to be notified when those things are changing.
I guess it’s probably going to be something more that if it becomes more stringent, then less.
Typically. Yes. In addition, a company must set document environmental objectives and targets at relevant levels and functions of the business. So this, you know, make sure that it kind of flows down from not just top management, all the way down through focus on the production floor as well or in the service organizations. So additional goals or targets. This is primarily what’s an additional 9001, You’re going to have your quality objectives, a 9001.
Now you’re going to have environmental goals and targets to go along with those. So identification of potential accidents in emergencies, and situations and development of appropriate responses to prevent and mitigate any adverse impacts that may result. Additionally, emergency preparedness and response is an additional requirement, and this must be periodically reviewed, including after accidents or emergencies. So they must be periodically tested. That’s another requirement within the standard. So what your prepared plan response is and how do those plans come to fruition whenever something does happen?
Right. And you want to make sure that your employees are prepared for that emergency if it’s a spill or some other environmental issue. I mean, that’s imperative that they know what they’re doing, and what steps they need to take, even if it is only internal. How does it affect people around you?
Definitely. It’s a key aspect. And lastly, you have to have a process to identify, nonperformance and implement corrective actions when those come up. So this is equivalent to 9001. Performing internal audits of your system, which is also equivalent to 9001, and then conducting your management review. That’s additionally very similar to 9001. I know a lot of companies will integrate, you know, instead of having separate management reviews or internal has to have an internal audit plan, schedule manager review schedule that accommodates both standards.
Right. So another thing to say when you say you have to test these things. So during those tests, you may find something that is, oh, we didn’t conform the way we should or we didn’t think about this aspect. Now you’re talking management. How do we deal with this? So you’re looking at corrective actions to your plan as well?
Absolutely. So, you know, if you have fire response fire drills, you know, you say your goal or target is to be evacuated within 3 minutes, again, that’s your plan or target. So if you’re not hitting that, you know, what prevented you from hitting that? And what corrective actions do you need to take to try to get back on track with your performance should be.
Now and some of that might be adjusting your time. There’s just no way we can be what people out in 3 minutes. Maybe we need to move it to 5 minutes?
Potentially.
Or maybe create another exit or something.
Yep. Or whenever you’re kind of investigating, you might find that there is a section of the building where maybe the fire alarm wasn’t sounding out of that speaker, so people just didn’t hear it, so they didn’t evacuate within a timely manner. So again, that’s kind of identifying that root cause. And then, of course, corrective action is to get that repaired and fixed.
Absolutely. Well, these show the additional requirements of 14,001 and what they are, but their importance is extremely valuable. If a company wants or needs to show its responsibility when it comes to its environmental impact. So, Norm, how can an ISO 14,001 certification benefit an organization in terms of reputation, customer trust, and business opportunities?
So you just mentioned, that corporate reputation and image, there are important considerations for all businesses. Customer goodwill could be permanently damaged with just a single incident if something happens. So a properly designed EMS should lower the risk of environmental accidents. Many large companies now require suppliers to be ISO 14,001 certified, so obtaining that certification can open new markets for a company.
That would make sense.
And then the real economic benefits arise from environmental improvement projects that are undertaken as part of the organization’s commitment to continual improvement efforts. And then, of course, prevention of pollution.
Yeah, those are really good points. And the benefits one can gain by implementing 14,001. Great insight. I know that we’re in a different world now where a lot of individuals are concerned about their environmental impact. And I’m sure that even gaining employees from a perspective of having an EMS in place, you’re forward thinking about protecting our environment as well as also a benefit.
Absolutely.
That’s great, Norm. I appreciate it. Okay. So we’re looking at your insight, Brian. Four 45,001 And let’s start with how can a safety management system that conforms to the ISO 45,001 requirements help organizations create a safer working environment and reduce workplace injuries and accidents.
Well, it’s interesting you framed the question like that, because everybody has to have a safety management system. In the smallest office up to the biggest manufacturing facility, because OSHA requires it, it’s very, very regulatory driven. But ISO 45,001 gives you a structure. A structure for continual improvement and a structure for worker participation.
So it’s more of a bottom-up approach.
Yeah, it is a bottom-up approach, which can be cliche, but it’s worker-driven. And the other key element to 45,000 that was absent before, even from 18,000, is the hierarchy of controls. So when we do hazard assessment, whether it’s an action to an issue or just a review a time review, it’s driving you to look at the better way to address or control the hazard. So in the old days, we used to throw gloves, glasses, and PPE at it and say, we’re done.
We even went so far as to call that protective equipment analysis. Now, it’s it’s all about how they give you the hierarchy. So if you’re if you have engineering things in place like guards, they want you to take consideration of substituting that activity for something less harmful or less dangerous. So you don’t even need guards.
Right. So eliminating is,
That’s the best you can reach, is eliminating the hazard.
Right. What are some of the key elements and requirements for an effective 45,001-performing occupational health and safety management system?
Well, top management commitment, is one of the requirements and we talk about requirements of the standard and tangible requirements for a good safety system. And the requirements I’m going to go over are requirements of the standard. But some of them, you know, you can’t have a safety system without.
Right. And it’s pretty obvious that way.
Management commitment. If you know, that your management isn’t committed to worker safety, you’ve got bigger problems.
That’s for sure.
So with ISO, though, you’re going to have to prove to an auditor, you’re going to have to be able to show and prove where in the past they left management alone during the audits. Now, you’re probably going to be the first interview. And, you know, like I mentioned before, worker participation. And that is a new twist for a lot of companies. It isn’t just hey, we asked them, you know, you’re talking about a safety committee now where a worker that has their hands on that process has to be involved in the hazard analysis and the whole process of of improvement. So, you know, if you have forklifts in your factory, there better be a forklift driver on your safety committee.
Gotcha. Right.
You have to do a detailed job hazard assessment. So that’s a documented, methodical, process-driven approach to assessing the dangers and the risks for your activities. And that’s the essence, really, of the risk mitigation in 45,001.
Right. Well, it changes the target of what it used to be. Like you said you used to throw PPE at it. Now that’s the lowest. The last thing you want to do. Okay. That’s the only way we can protect somebody is to get PPE. You initially want to do what, through those hierarchies?
Well, you know, as you said before, you can say that all day, but now you’re going to have to document that you actually considered the better controls and not just stop at PPE. So the next level up would be administrative controls, which is generally training. And there can be some other things there. The next level up in the hierarchy of control is engineering. And a lot of people are familiar with over the last 25 years how many different things we’ve seen, like with a defect saw,
You can’t even activate it until you push two buttons at the same time. That’s completely removed. Your hands are removed from any danger area. That’s engineering. One of the most interesting ones I’ve seen lately is a bigger company and they have you have an employee card. If you’re not currently cleared to drive a forklift, you’re not going to because you have to get on that thing. Put your card into a slot. And they manage it with a computer. So if you’ve been suspended or you’re out of your training, that machine won’t work with your card in it.
So that’s even bigger than having to plug into a safety fob or whatever.
They won’t even start if you’re not qualified through personnel. That’s one of the best ones I’ve seen. The next level up is a substitute. An example of that is if we have forklifts running everywhere, there are inherent dangers for everybody in that place. You can substitute that with a conveyor belt system. Which has a few dangers, but not as many as five forklifts running constantly. That’s the substitution and elimination is eliminating the hazard.
And again, we can talk about that all day. But one of the examples I use is if we have a process and a manufacturer. And so, you know, a manufacturing process where we have a lot of near-misses, a lot of hand cuts and minor injuries, and a lot of potential for bigger injuries. And we know a place down the road that has a new machine that you don’t even have to stick your hands in. And we outsource that down the road. Now, there’s a caveat to that. We can’t push our hazards down the road, but what we’ve done here is eliminate the hazard for us because they have a completely safe machine and our antiquated technology has some issues.
So issue elimination wouldn’t be like, well, we’re going to move the danger to them. Like, okay, because we’ve had too many fingers removed because of this saw. So we’re going to outsource it to somebody who has the same saw, but we just want them to absorb the hazard. It has to be they have a way to eliminate it.
Exactly. Yeah. We have to care about their fingers, too.
Right. Right. So what are some other key requirements?
One of the big requirements is communication and awareness. More so. You know, the 9001 and even the 14,001. Communication and awareness are everything with this.
Oh, my gosh. With Hazard. Absolutely. If you don’t know about it, how can you mitigate it?
And, you know, when you’re audited for quality, they’re going to go out and talk to the workers, see if they know the quality objectives and the policy and things like that. But this is where they’re going to talk to the workers, find out what they know about safety, and especially how they feel about their ability to remove themselves from a dangerous situation. They’re going to take them off to the side alone. And so if you have a if you have a situation where production or not, if they feel like they’re in danger, they can get themselves away from that and know how to do it.
That is important when it comes to communication.
So legal and regulatory compliance, it’s the same as what Norm was talking about. You have to know what they are and you have to have a system in place to evaluate your compliance.
And we should probably be it’s primarily OSHA.
It’s primarily OSHA. And NFPA comes into it, but there’s some local and state stuff too you do have to be aware of and emergency preparedness. Same as an environment for a spill. You know, if you have a spill, there’s an environmental risk to that. And there’s there’s there’s people risk to that, too. But a lot of places have, you know, fire escape plans and first aid plans, contacts. Everybody needs to know what happens when a tornado warning is issued. And, you know, I would encourage anybody that’s doing an emergency plan, even if you’re not 14,000 or 45,000, to take both into account when you’re doing your emergency planning, which is really what people do most of the time.
Well, that’s helpful. Now, you’ve kind of gone through the key requirements and some of the things we need to do. And you gave us some examples of that. What are some of the benefits of 45,001 certification for businesses in terms of legal and compliance risk reduction? We talked about a little bit and maybe some overall organizational performance.
The things that we covered earlier are the benefits, to you, you know, yourself and your workers as far as your health and safety, which is the most critical part of it.
Absolutely.
But, there are a few things that aren’t talked about a lot when you’re talking about compliance obligations, your legal statutory, regulatory, the requirement of the standard is pretty stringent and it gives you a good process to make sure that you know about new requirements, knew it, know about changes, and periodically evaluate your compliance to the requirements. You’re talking about legal compliance with statutory, regulatory, and outside of injuries and illnesses by not following them. We all know what the other consequences and it’s fines. And they’re big. So it can be it can destroy a business. Having an injury not why we go into safety management is not often talked about, but it’s a reality.
We’re doing it to keep people safe. But the government says you have to keep them safe. And if you don’t meet this requirement, we’re going to fine you.
Exactly.
45,001 is going to give us the benefit of having a framework to put those things in place to make sure that we are compliant.
Exactly. You know, I said a follow-up on a couple of things Norm said there. And this is one of them in today’s marketplace. You know, the job market scenario we have where everybody’s having trouble getting. People having a good safety program and having a good environmental protection program is attractive to the younger generation. And I’ve seen candidates interview employers to find out where you are with their environmental sustainability and things like that. But safety is more of a retention.
If I get into a factory as a new employee and you know, it’s a it’s a death trap, I’m not going to be there long. The more constant and the bigger opportunity that you have is to set a culture. I like 45,001. You know, in 2023 we can say we can talk about standards and say how much we like them because in the past there was a lot of stuff in there as standards that didn’t do us any good. We did it because the standards said so. I don’t see any of that in 45,000 by following it and by showing commitment and showing worker participation, you’re setting up a culture, And that’s what you need. If you’re going to have a safe environment, it has to be culturally driven. And the people who put the standard together knew it and put the requirements in there to set you up for that.
That makes sense.
So it’s even if you’re not going to get certified, it’s a great standard to conform to.
Okay. So, Norm, do you do you have anything you want to add? Maybe something on other business benefits?
No. I mean, that’s, again, what Brian said, kind of just helps instill that culture just because a lot of all the standards, you know, it is very culturally based to make sure not just you comply with regulations, but they have a good safety culture in place as well.
The requirement for worker participation is probably the biggest improvement to the standard.
It’s unique to 45,000 that I know of. The standards that I that I am familiar with. They don’t get into the requirement for worker participation like this one does. The concept of worker participation will not change it will bleed over into your other disciplines like quality. I’ve seen it. But one of the places I went right after 45,000 came out didn’t have a safety committee. Everything was being driven from the top, which is the way quality is supposed to be. So we put a safety committee together and it just became evident. While that safety Committee was meeting with management, management was in the safety committee. Some of them quality things started coming up. And you know, I’ve just seen lines of communication open up between management and line staff or workers through a safety program like this with worker participation.
So compared to 9001, where it says you need to reach out, you need to communicate with your employees, you need to make sure everybody is involved. Yeah, we’re doing that. But when you have a safety committee that’s coming to you saying you need to handle this, it brings more of that culture of communication between the two levels, if you will, than you might have not had before.
Sure. And you know, the safety committee. Well, a well-run safety committee isn’t them. Come into management, and say, hey, we need this. The committee feels like they’re driving the safety management system and management’s there to provide the resources that they need. When I set one up for a company that is not familiar with the safety committee format, one of the first things I tell the highest manager that’s going to be in that meeting is not to set it to the end of the table like you always do.
Let the chairman of the committee sit there to make a point. This is their committee. I’m here to support it. You hear it all the time throughout this podcast culture. If you don’t have a culture, then you’re not going to have a decent safety program. It’s a cultural thing. And if you have it, you know what I’m talking about. If you don’t have it, it’s a struggle. But 45,001 can give you the framework to head in that direction.
Well, that’s a great story, You know, showing how you get that communication open up by having that safety committee. Norm, do you have anything from 14,001 that you might want to share as far as a story or anything?
No, I mean, 45,001 includes the workers, you know, at all levels of the company. And that will trickle into 14,001 with environmental. Again, you know, the people who are doing the work kind of help identify some of those hazards. They exist are some of those negative impacts that, you know, other aspects could have on the environment. But it does kind of flow into it starting with 45,001 because it is more worker, it is more focused on worker participation than the other standards, but it will trickle into those other standards as well.
So the bottom line is everybody has to have a safety management system. If I had a manufacturing facility, I’d be using 45,001, even if I didn’t need to get certified, and that would be my structure.
Yep.
Just because it’s the best, it is good. Is it? You’re crazy for not using it.
Definitely.
Appreciate it you guys, given your experience, and your stories, but especially telling us about these different types of standards that they’re different than 9001, but they can be really important and extremely helpful. I appreciate it.
Good to be here.
Yep. Glad to be here.
We want to thank everyone here who’s listened to our podcast today. We hope it’s been informative for you and your business. If you’re looking for more information about Core Business Solutions and how we can help you with ISO certifications or cybersecurity, please email us at info@thecoresolution.com And if you haven’t already followed us on your favorite podcast platform, be sure to do so. That way you won’t miss the next Quality Hub podcast when it’s released next week. Thanks for being here and have a great day.