A Review of Improvement of Risk Management Principles in Occupational Health and Safety


The article describes the issues with the Plan, Do, Check, Act (PDCA) cycle implementation as prescribed in ISO 45001. The author identifies and builds the case for the lack of support and guidance the ISO 45001 standards provide for implementing the PDCA process. The argument is strongly made for the use of risk management risk assessment principles in the Plan phase of the PDCA cycle when applying the ISO 45001 framework.


The article discusses several factors relevant to joint or integrated management systems (JMS/IMS) and safety management systems (SMS). Although the author maintains that continuous improvement is the goal of every system, the author expresses some firm opinions about the effectiveness of the PDCA method in SMS. The stated problem is that ISO 45001:2018 does not have clearly defined guidelines or tools for implementing the Schuhart-Deming cycle (PCDA). Additionally, a literature review supports the conclusion that certification of systems does not improve performance. According to the author, the PDCA cannot be implemented in a complex SMS but is better suited to the most straightforward processes.

It is argued that Schuhart-Deming’s cycle does not provide precise conclusions about causation in SMS, causing an infinite loop of chasing “causes of dangers” (p95). Several case studies from the EU and Russian Federation were examined. In a survey of 5,000 Spanish organizations that had achieved ISO certification, it was found that certification had little to no effect on safety outcomes. Further explanation of ISO 45001 requirements and lack of guidance within the prescribed PDCA cycle was provided. There is an explanation of the application of the PDCA cycle described in ISO 31010:2019 to the ISO 45001 framework. The author suggests identifying negative factors and opportunities instead of “danger”. Qualitative and quantitative corrective measures should be implemented according to the organization’s financial resources. 

There is a reference to SMS being continuously monitored for compliance within the system and with regulatory requirements. This concept is not explained in detail. The author continues that the ISO 45001 standard is too vague and needs more specific guidance. No one method will address all problems or issues. The issue is that the ISO 45001 standard attempts to serve two purposes. Several formulas for calculating risk and other “negative factors” (p95) are provided and reviewed. These are still qualitative as they rely on the observation and judgment of the observer. An organization can only perform within its capabilities and with the resources available. It must determine its acceptable level of risk. The author supports the assertion that the ISO 45001 standard does not adequately address implementation. The sequence of implementation should provide clear guidance through the hierarchy of the PDCA cycle.

It identifies that ISO standards are meant to be integrative and stand alone. The information present in ISO standards can be used, even when not directly referenced, as guidance for other ISO standards. The “plan” step involves three main phases: identification of potentially negative factors, determining available resources, and risk analysis. The authors consistently relate where additional standards apply to the ISO 45001 standard. There is some discussion on the gap in Human Reliability Analysis in the ISO 45001 standard and implementation process. Making the point that human error or human factors are one of the leading causes of occupational incidents.

Even with limited mathematical models available for risk, the article suggests they can be expanded to be more helpful in identifying and mitigating complex risks. Additionally, the article refers to ISO 31010:2019 standard risk assessment and mathematical process. “In mathematical form, the direct task is defined as the problem of minimizing the function” (p100). The formulas and procedures presented in ISO 31010:2019 could be helpful to ensure adequate resources are available. This process is identified as a form of active management. Active management aims to ensure that the right resources are being deployed. In other words, how the organization responds matters. The author argues for using math to set the value for the PDCA method. Using mathematical models allows for continuous development of controls; examples and formulas are reviewed in the article.

According to the author, the ISO 45001:2018 standard is not designed to achieve the PDCA cycle’s stated objective. By combining ISO 31010:2019 and ISO 45001:2018, the stated objective can be achieved. The risk evaluation stage task sets such values of controlled parameters that ensure the condition r0 ≤ r. In addition, there are two types of risk evaluation: methodological and practical. Practically speaking, the main problem can be solved by automating the process of protecting against hazards.


A. Bochkovskyi


Study: https://web.archive.org/web/20201105022248/http://nvngu.in.ua/jdownloads/pdf/2020/04/04_2020_Bochkovskyi.pdf

DOI: 10.33271/nvngu/2020-4/094

LinkedIn: https://www.linkedin.com/pulse/review-improvement-risk-management-principles-health-todd-jerome/?trackingId=vm72U2psKbO3qYugGUdfvQ%3D%3D