ISO 45001:2018 certification - our health and safety pledge

As an organization committed to sustainability, we want to ensure that occupational health and safety is maintained to the best of our ability. Thus, we're proud to announce that our commitment to the health and safety of our employees and stakeholders has recently been acknowledged with the ISO 45001:2018 certification. This certification is more than just a stamp of approval; we see it as a testament to our belief that prioritizing the welfare and safety of our teams is a fundamental responsibility.

This achievement has been a result of a remarkable team effort, led by Brian Acheson (Senior Quality Manager at Cambi), and with the invaluable contributions of many others throughout our organization. Brian sat down to discuss this remarkable milestone.

What is ISO 45001:2018?

ISO 45001:2018 is one of the ISO’s management system standards. ISO 45001:2018 specifically relates to how an organization manages health and safety. The others in the same suite include the standard for quality – ISO 9001:2015, and the standard for environmental management – ISO 14001:2015, both of which we already have in place and have been certified.

From the point of view of getting certified, ISO 45001 was the last piece of the jigsaw. We saw going through the processes of getting the ISO 9001 and ISO 14001 certifications as an advantage, as it meant we had already set up systems we could build upon to meet the new criteria. Since the standards are written in the same structure, they gave us a way of looking at our context, as well as internal and external issues. In practice, this means that we conduct management reviews and internal audits, and we capture information from nonconformances, accidents, incidents, and near misses. Of course, some things are specific to the respective standards, but a big portion of the framework is common.

How long is the ISO 45001:2018 certification valid for?

It’s valid for three years. Within this three-year cycle, the auditors will do what they call a surveillance visit every year, during which they will look a sample of the requirements of the standard. While they won’t look at everything during each audit, the visits are structured so that over the course of three years, all aspects are covered. Then, in the expiry year, a detailed audit is conducted.

At the same time, we do our own part by following internal processes, which include continuous internal audits, management review, objective setting, etc. This fits with the external evaluation, as the auditors can look at all these elements and have confidence that their sampling is based on a good example. 

What was our focus for ISO 45001?

Given our accumulated experience with standards, we identified six main areas to zoom in on:

1. Looking inwards and outwards at what we're trying to achieve. From a health and safety point of view, we need to consider the risks and opportunities that we are facing. While this includes the risks to the health and safety of our workers, we are also looking at other stakeholders who might be affected by what we do - subcontractors, canteen facilitators, people cleaning, people that work for us, neighbours, etc.
2. Leadership in the organization. Leaders commit to take care of health and safety, while employees get consulted and participate in things that could affect their own health and safety.
3. We have a framework to assess and avoid risks, as well as clear objectives.
4. Supporting employees to be safe. While this particularly revolves around having the right resources, we also look at having the right levels of training and communication.
5. Eliminate health and safety risks in practice.
6. Management has clear criteria to review our performance. After conducting audits to determine whether we're performing, we can determine how to improve, and what the improvement processes look like going forward.

What were the main questions we were required to answer in the interview?

The external audit is in two parts. The first part was conducted at the end of August this year, when our documentation and procedures were revised. The second part of the audit was a search for evidence that we do what we say we do, and where people were interviewed.

For example, the first part of the audit looked at if we’ve implemented a procedure for risk assessment. In the second part, the auditor required us to show our risk assessment, the risks we’ve considered, and how we’ve dealt with them.

What is an example of ISO 45001 policy that we are keen to put into practice?

The standard overall is a very good checkpoint, as it requires us to look at all the requirements, legal and otherwise, that apply to our organization, then assess whether we do comply or not. We’ve created a register of all the Norwegian health and safety legislation, contractual obligations, landlord obligations on us, etc. From now on, we’ll do a compliance check. This formal process and recording are useful, as it showed us a couple of areas where we need to investigate a bit more deeply.

What is the value of a 3^rd party’s opinion on safety?

The main advantage is that it's independent, someone outside the organization who looks at how we do things. We want to mitigate the danger of missing something that’s important, and having an outside view could help us spot things that we’ve accepted and gotten used to.

What is the end value to the client?

Clients expect us to take health and safety seriously. In this, we share a goal of reducing occupational injuries and diseases, as well as promoting physical and mental health. An ISO 45001:2018 certification provides us with a common language and way of communicating what we are doing, while enabling us to demonstrate how we manage risk. In the end, we all want our employees to be safe at work.

What's in store for the future?

We’ve now set the bar quite high and want to make sure we keep meeting it by maintaining the system. Ideally, we would like to have people report more hazards and near misses. These are early signs – if we can address and investigate them, then we can reduce the risk of them happening again. We want this structure to help us reduce the risk of somebody being hurt, injured, or suffering ill health.

Want to join Cambi on our journey of continuous improvement? Check out our career pages for job openings.