As an organization committed to sustainability, we want to ensure that occupational health and safety is maintained to the best of our ability. Thus, we're proud to announce that our commitment to the health and safety of our employees and stakeholders has recently been acknowledged with the ISO 45001:2018 certification. This certification is more than just a stamp of approval; we see it as a testament to our belief that prioritizing the welfare and safety of our teams is a fundamental responsibility.
This achievement has been a result of a remarkable team effort, led by Brian Acheson (Senior Quality Manager at Cambi), and with the invaluable contributions of many others throughout our organization. Brian sat down to discuss this remarkable milestone.
ISO 45001:2018 is one of the ISO’s management system standards. ISO 45001:2018 specifically relates to how an organization manages health and safety. The others in the same suite include the standard for quality – ISO 9001:2015, and the standard for environmental management – ISO 14001:2015, both of which we already have in place and have been certified.
From the point of view of getting certified, ISO 45001 was the last piece of the jigsaw. We saw going through the processes of getting the ISO 9001 and ISO 14001 certifications as an advantage, as it meant we had already set up systems we could build upon to meet the new criteria. Since the standards are written in the same structure, they gave us a way of looking at our context, as well as internal and external issues. In practice, this means that we conduct management reviews and internal audits, and we capture information from nonconformances, accidents, incidents, and near misses. Of course, some things are specific to the respective standards, but a big portion of the framework is common.
It’s valid for three years. Within this three-year cycle, the auditors will do what they call a surveillance visit every year, during which they will look a sample of the requirements of the standard. While they won’t look at everything during each audit, the visits are structured so that over the course of three years, all aspects are covered. Then, in the expiry year, a detailed audit is conducted.
At the same time, we do our own part by following internal processes, which include continuous internal audits, management review, objective setting, etc. This fits with the external evaluation, as the auditors can look at all these elements and have confidence that their sampling is based on a good example.
Given our accumulated experience with standards, we identified six main areas to zoom in on:
The external audit is in two parts. The first part was conducted at the end of August this year, when our documentation and procedures were revised. The second part of the audit was a search for evidence that we do what we say we do, and where people were interviewed.
For example, the first part of the audit looked at if we’ve implemented a procedure for risk assessment. In the second part, the auditor required us to show our risk assessment, the risks we’ve considered, and how we’ve dealt with them.
The standard overall is a very good checkpoint, as it requires us to look at all the requirements, legal and otherwise, that apply to our organization, then assess whether we do comply or not. We’ve created a register of all the Norwegian health and safety legislation, contractual obligations, landlord obligations on us, etc. From now on, we’ll do a compliance check. This formal process and recording are useful, as it showed us a couple of areas where we need to investigate a bit more deeply.
The main advantage is that it's independent, someone outside the organization who looks at how we do things. We want to mitigate the danger of missing something that’s important, and having an outside view could help us spot things that we’ve accepted and gotten used to.
Clients expect us to take health and safety seriously. In this, we share a goal of reducing occupational injuries and diseases, as well as promoting physical and mental health. An ISO 45001:2018 certification provides us with a common language and way of communicating what we are doing, while enabling us to demonstrate how we manage risk. In the end, we all want our employees to be safe at work.
We’ve now set the bar quite high and want to make sure we keep meeting it by maintaining the system. Ideally, we would like to have people report more hazards and near misses. These are early signs – if we can address and investigate them, then we can reduce the risk of them happening again. We want this structure to help us reduce the risk of somebody being hurt, injured, or suffering ill health.
Want to join Cambi on our journey of continuous improvement? Check out our career pages for job openings.
13 November 2023
Register for the Cambi Academy to receive webinar and event updates.