Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

IAFMD22 OHSMSPub 25012018

Download as pdf or txt
Download as pdf or txt
You are on page 1of 39

IAF MD 22:2018 International Accreditation Forum, Inc.

IAF Mandatory Document

Application of ISO/IEC 17021-1 for the


Certification of Occupational Health and
Safety Management Systems (OH&SMS)

Issue 1

(IAF MD 22:2018)

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 2 of 39


Occupational Health and Safety Management Systems (OH&SMS)

The International Accreditation Forum, Inc. (IAF) facilitates trade and supports
regulators by operating a worldwide mutual recognition arrangement among
Accreditation Bodies (ABs) in order that the results issued by Conformity Assessment
Bodies (CABs) accredited by IAF members are accepted globally.

Accreditation reduces risk for business and its customers by assuring them that
accredited CABs are competent to carry out the work they undertake within their scope
of accreditation. ABs that are members of IAF and the CABs they accredit are required
to comply with appropriate international standards and the applicable IAF application
documents for the consistent application of those standards.

ABs that are signatories to the IAF Multilateral Recognition Arrangement (MLA) are
evaluated regularly by an appointed team of peers to provide confidence in the
operation of their accreditation programs. The structure and scope of the IAF MLA is
detailed in IAF PR 4 – Structure of IAF MLA and Endorsed Normative Documents.

The IAF MLA is structured in five levels: Level 1 specifies mandatory criteria that apply
to all ABs, ISO/IEC 17011. The combination of a Level 2 activity(ies) and the
corresponding Level 3 normative documents is called the main scope of the MLA, and
the combination of Level 4 (if applicable) and Level 5 relevant normative documents is
called a sub-scope of the MLA.

 The main scope of the MLA includes activities e.g. product certification and
associated mandatory documents e.g. ISO/IEC 17065. The attestations made by
CABs at the main scope level are considered to be equally reliable.
 The sub scope of the MLA includes conformity assessment requirements e.g.
ISO 9001 and scheme specific requirements, where applicable, e.g. ISO TS
22003. The attestations made by CABs at the sub scope level are considered to
be equivalent.

The IAF MLA delivers the confidence needed for market acceptance of conformity
assessment outcomes. An attestation issued, within the scope of the IAF MLA, by a
body that is accredited by an IAF MLA signatory AB can be recognized worldwide,
thereby facilitating international trade.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 3 of 39


Occupational Health and Safety Management Systems (OH&SMS)

TABLE OF CONTENTS

0. INTRODUCTION ................................................................................................................ 6
1. SCOPE ............................................................................................................................... 7
2. NORMATIVE REFERENCES ............................................................................................. 7
3. TERMS AND DEFINITIONS ............................................................................................... 7
4. PRINCIPLES ...................................................................................................................... 7
5. GENERAL REQUIREMENTS ............................................................................................ 8
6. STRUCTURAL REQUIREMENTS ...................................................................................... 8
7. RESOURCE REQUIREMENTS .......................................................................................... 8
8. INFORMATION REQUIREMENTS ..................................................................................... 8
9. PROCESS REQUIREMENTS ............................................................................................ 9
9.1 Pre-certification Activities ............................................................................................ 9
9.2 Planning Activities ..................................................................................................... 10
9.3 Initial Certification...................................................................................................... 10
9.4 Conducting Audits ..................................................................................................... 10
9.5 Certification Decision ................................................................................................ 11
9.6 Maintaining Certification ............................................................................................ 11
9.7 Appeals ..................................................................................................................... 11
9.8 Complaints ................................................................................................................ 11
9.9 Client Records .......................................................................................................... 11
10. MANAGEMENT SYSTEM REQUIREMENTS FOR CERTIFICATION BODIES ............ 11
APPENDIX A (normative) - SPECIFIC KNOWLEDGE AND SKILLS FOR CERTIFICATION
FUNCTIONS IN OH&SMS ....................................................................................................... 12
APPENDIX B (normative) - DETERMINATION OF AUDIT TIME OF OCCUPATIONAL
HEALTH AND SAFETY MANAGEMENT SYSTEMS............................................................... 14
APPENDIX C (normative) - LEGAL COMPLIANCE AS A PART OF ACCREDITED OH&SMS
CERTIFICATION...................................................................................................................... 27
APPENDIX D (normative) - SCOPE OF ACCREDITATION.................................................... 31
APPENDIX E (normative) - WITNESSING ACTIVITIES FOR THE ACCREDITATION OF
OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS (OH&SMS)
CERTIFICATION BODIES ....................................................................................................... 37

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 4 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Issue No 1
Prepared by: IAF Technical Committee
Approved by: IAF Members Date: 28 December 2017
Issue Date: 25 January 2018 Application Date: 25 January 2018
Name for Enquiries: Elva Nilsen
IAF Corporate Secretary
Telephone: +1 613 454-8159
Email: secretary@iaf.nu

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 5 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Introduction to IAF Mandatory Documents

The term “should” is used in this document to indicate recognised means of meeting the
requirements of the standard. A Conformity Assessment Body (CAB) can meet these in
an equivalent way provided this can be demonstrated to an Accreditation Body (AB).
The term “shall” is used in this document to indicate those provisions which, reflecting
the requirements of the relevant standard, are mandatory.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 6 of 39


Occupational Health and Safety Management Systems (OH&SMS)

APPLICATION OF ISO/IEC 17021-1 FOR THE CERTIFICATION OF


OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS (OH&SMS)

0. INTRODUCTION

This document is mandatory for the consistent application of ISO/IEC 17021-1:2015 for
the accreditation of Certification Bodies providing certification of Occupational Health
and Safety Management Systems (OH&SMS). All clauses and Annexes of ISO/IEC
17021-1:2015 continue to apply and this document does not supersede any of the
requirements of that standard. This document not only applies for certification to
OHSAS 18001 but shall also be used for certification to other OH&SMS such as the
upcoming ISO 45001 and other standards. National legislation will prevail in case of
conflict with this document.

This document also includes five mandatory appendices which introduce specific
OH&SMS requirements to the following ISO, IAF and EA documents:

Appendices Source document


Appendix A - Specific Knowledge and Skills Annex A of ISO/IEC 17021-1:2015
for Certification Functions in OH&SMS
Appendix B - Determination of Audit Time of IAF MD5:2015
Occupational Health and Safety
Management Systems
Appendix C - Legal Compliance as a Part of EA-7/04 M:2017
Accredited OH&SMS Certification
Appendix D - Scope of Accreditation IAF-ID1:2014
Appendix E - Witnessing Activities for the IAF MD17:2015
Accreditation of OH&SMS Certification
Bodies.

This document follows the structure of ISO/IEC 17021-1:2015.

Specific criteria are identified by the letter ”G” followed with a reference number that
incorporates the related requirements clause in ISO/IEC 17021-1:2015.

In all cases a reference in the text of this document to "clause XX" refers to a clause in
ISO/IEC 17021-1:2015 unless otherwise specified.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 7 of 39


Occupational Health and Safety Management Systems (OH&SMS)

1. SCOPE

No additional requirement.

2. NORMATIVE REFERENCES

No additional requirement.

3. TERMS AND DEFINITIONS

G 3.3 Some specific services offered or provided in the field of Occupational


Health and Safety to clients certified or being certified for OH&SMS by the Certification
Body are considered as OH&SMS consultancy. These include, but are not limited to:

i) performing the role of Occupational Health and Safety coordinator,


ii) safety reporting,
iii) performing risk assessments,
iv) performing Occupational Health and Safety inspections and internal audits,
v) communication with regulatory authorities on behalf of the client,
vi) assistance in developing an organisation's Occupational Health and Safety
Management System, and
vii) accident and incident investigation.

4. PRINCIPLES

G 4.1.2 In addition to both managerial and non-managerial permanent and


temporary workers, and their representatives, parties that have an interest in an
OH&SMS certification include, but are not limited to:

i) legal and regulatory authorities (local, regional, national or international),


ii) parent organizations,
iii) suppliers, contractors and subcontractors,
iv) workers’ organizations (trade unions) and employers’ organizations,

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 8 of 39


Occupational Health and Safety Management Systems (OH&SMS)

v) owners, shareholders, clients, visitors, relatives of workers, local community and


neighbours of the organization and the general public,
vi) customers, medical and other community services, media, academia, business
associations and non-governmental organizations (NGOs), and
vii) occupational health and safety organizations and occupational safety and health-
care professionals (for example doctors and nurses).

5. GENERAL REQUIREMENTS

G 5.2.3 (In note 2)

The key interests may include the additional parties mentioned in clause G.4.1.2.

6. STRUCTURAL REQUIREMENTS

No additional requirement.

7. RESOURCE REQUIREMENTS

G 7.1.2 (In the note)

For Occupational Health and Safety management systems, the term “technical area” is
related to commonalities of processes or services and their associated hazards which
can expose workers to OH&S risks.

8. INFORMATION REQUIREMENTS

G 8.5.3 The legally enforceable arrangements shall also require that the certified
client informs the Certification Body, without delay, of the occurrence of a serious
incident or breach of regulation necessitating the involvement of the competent
regulatory authority.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 9 of 39


Occupational Health and Safety Management Systems (OH&SMS)

9. PROCESS REQUIREMENTS

9.1 Pre-certification Activities

G 9.1.1 The information provided to the Certification Body by the authorized


representative of the applicant organisation on its processes and activities shall also
include the identification of the key hazards and OH&S risks associated with processes,
the main hazardous materials used in the processes, and any relevant legal obligations
coming from the applicable OH&S legislation.

The application shall contain details of personnel working on, as well as working away
from the organisation’s premises.

G 9.1.4 The audit time of OH&SMS audits shall be determined in accordance with
Appendix B of this document.

If the client provides services at another organisation’s premises, the CAB shall verify
that the client’s OH&SMS covers these offsite activities (notwithstanding the OH&SMS
obligations of the other organization). In determining the time to be spent for audit, the
CAB shall consider to audit periodically any organization site where these employees
work. Whether all sites shall be audited will depend on various factors such as OH&S
risks associated with the activities therein performed, contract agreements, being
certified by another accredited CAB, internal audit system, statistics on accidents and
near misses. The justification for such decision shall be recorded.

G 9.1.5 In the case of OH&SMS operated over multiple sites it is necessary to


establish if sampling is permitted or not based on the evaluation of the level of OH&S
risks associated to the nature of activities and processes carried out in each site
included in the scope of certification. The rationale of such decisions, the calculation of
the audit time and the frequency of visiting each site shall be consistent with the
requirements of clause B.10 in Appendix B, and shall be documented for each client.

Where there are multiple sites not covering the same activities, processes and OH&S
risks, sampling is not appropriate.

Although a site performs similar processes or manufactures similar products to other


sites, the CAB shall take account of the differences between the operations of each site
(technology, equipment, quantities of hazardous materials used and stored, working
environment, premises etc.).

When sampling is permitted the CB shall ensure that the sample of sites to be audited is
representative of processes, activities and OH&S risks that exist in the organization to
be audited.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 10 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Temporary sites covered by the organization's OH&SMS are subject to audit on a


sample basis to provide evidence of the operation and effectiveness of the management
system (see clause B.9 of Appendix B).

9.2 Planning Activities

G 9.2.1.2 b) For the determination of the ability of the management system to ensure
the client meets applicable statutory, regulatory and contractual requirements, the
approach described in Appendix C shall be applied.

G.9.2.1.3 The OH&SMS shall include activities, products and services within the
organization’s control or influence that can impact the organization’s OH&SMS
performance.

Temporary sites, for example, construction sites, shall be covered by the OH&SMS of
the organization that has control of these sites, irrespective of where they are located.

9.3 Initial Certification

No additional requirement.

9.4 Conducting Audits

G 9.4.4.2 The audit team shall interview the following personnel:

i) the management with legal responsibility for Occupational Health and Safety,
ii) employees' representative(s) with responsibility for Occupational Health and
Safety,
iii) personnel responsible for monitoring employees' health, for example, doctors
and nurses. Justifications in case of interviews conducted remotely shall be
recorded,
iv) managers and permanent and temporary employees.

Other personnel that should be considered for interview are:

i) managers and employees performing activities related to the prevention of


Occupational Health and Safety risks, and

ii) contractors’ management and employees.

G 9.4.5.3 The Certification Body shall have procedures detailing the actions to be
taken in the event that it discovers a non-compliance with relevant regulatory
requirements. These procedures shall include a requirement that any such non-
compliances are immediately communicated to the organization being audited.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 11 of 39


Occupational Health and Safety Management Systems (OH&SMS)

G 9.4.7.1 The organization representative shall be requested to invite the


management legally responsible for occupational health and safety, personnel
responsible for monitoring employees’ health and the employees' representative(s) with
responsibility for occupational health and safety to attend the closing meeting.
Justification in case of absence shall be recorded.

9.5 Certification Decision

No additional requirement.

9.6 Maintaining Certification

G 9.6.4.2 Independently from the involvement of the competent regulatory authority,


a special audit may be necessary in the event that the Certification Body becomes
aware that there has been a serious incident related to occupational health and safety,
for example, a serious accident, or a serious breach of regulation, in order to investigate
if the management system has not been compromised and did function effectively. The
Certification Body shall document the outcome of its investigation.

G 9.6.5.2 Information on incidents such as a serious accident, or a serious breach


of regulation necessitating the involvement of the competent regulatory authority,
provided by the certified client (see G 8.5.3) or directly gathered by the audit team
during the special audit, (G 9.6.4.2) shall provide grounds for the Certification Body to
decide on the actions to be taken, including a suspension or withdrawal of the
certification, in cases where it can be demonstrated that the system seriously failed to
meet the OH&S certification requirements. Such requirements shall be part of the
contractual agreements between the CAB and the organization.

9.7 Appeals

No additional requirement.

9.8 Complaints

No additional requirement.

9.9 Client Records

No additional requirement.

10. MANAGEMENT SYSTEM REQUIREMENTS FOR CERTIFICATION BODIES

No additional requirement.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 12 of 39


Occupational Health and Safety Management Systems (OH&SMS)

APPENDIX A (normative) - SPECIFIC KNOWLEDGE AND SKILLS FOR


CERTIFICATION FUNCTIONS IN OH&SMS

This is an Appendix to the mandatory Annex A of ISO/IEC 17021-1: 2015.

This Appendix will be superseded when the future ISO/IEC TS 17021-10 for OH&SMS
comes into force.

The following clauses A.1.n refer to the criteria of knowledge and skills listed in the first
column and specified under the letter X in the other columns of Table A.1, for each
certification function. Such criteria are explained in more detail with reference to the text
following the table referenced by the number in parenthesis.

A.1.1 Knowledge of business management practices:

 no additional guidance to § A.2.1.

A.1.2 Knowledge of audit principles, practices and techniques shall include ISO/IEC
17021-1:2015, guidance provided in this document:

 no additional guidance to § A.2.2 and A.3.1.

A.1.3 Knowledge of specific management system standards/normative documents


shall include, but not be limited to:

 OH&S terminology,
 OH&S legislation valid in countries where the Certification Body is conducting
audits,
 applicable standards for OH&S management system certification (such as
OHSAS 18001, upcoming ISO 45001 or other standards),
 methods for monitoring, measurement, analysis to evaluate the OH&S
performance, and the conformance of the OH&S management system,
 surveys and other evaluation tools, and
 OH&S risk assessments methodologies and guidance.

The level of knowledge shall be sufficient to fulfil the different requirements specified in
§ A.2.3, A.3.2 and A.4.1 for each certification function.

A.1.4 Knowledge of the Certification Body's processes:

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 13 of 39


Occupational Health and Safety Management Systems (OH&SMS)

 no additional guidance to § A.2.4, A.3.3 and A.4.2.

A.1.5 Knowledge of client business sector shall include:

 specific OH&S risks and controls relevant to the business sector.

The level of knowledge shall be sufficient to fulfil the different requirements specified in
§ A.2.5, A.3.4 and A.4.3 for each certification function.

A.1.6 Knowledge of client products, processes and organization shall include:

 applicable country-specific OH&S laws and regulations, in each technical area of


the organisation to be certified, and
 risks of accidents, incidents and occupational diseases (not exhaustive):
physiological, psychological and social aspects; ergonomic aspects; chemical and
biological factors; physical factors (e.g. vibration, noise, electricity, fire and
explosion, exposure to radiation and magnetic fields); working environment
(lighting, temperature, humidity); equipment, devices, machinery; and technical
systems.

The level of knowledge shall be sufficient to fulfil the different requirements specified in
§ A.2.6 and A.4.4 for each certification function.

A.1.7 Language skills appropriate to all levels within the client organization:

 no additional guidance to § A.2.7.

A.1.8 Note-taking and report-writing skills:

 no additional guidance to § A.2.8.

A.1.9 Presentation skills

 no additional guidance to § A.2.9.

A.1.10 Interviewing skills

 no additional guidance to § A.2.10.

A.1.11 Audit-management skills

 no additional guidance to § A.2.11.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 14 of 39


Occupational Health and Safety Management Systems (OH&SMS)

APPENDIX B (normative) - DETERMINATION OF AUDIT TIME OF OCCUPATIONAL


HEALTH AND SAFETY MANAGEMENT SYSTEMS

This Appendix is mandatory for the consistent application of the relevant clauses of
ISO/IEC 17021-1:2015 and the additional requirements of IAF-MD5:2015 for audits of
occupational health and safety management systems.

In this Appendix, no clauses of ISO/IEC 17021-1:2015 are superseded.

IAF MD5 applies with the amendments herein detailed:

 all clauses herein amended incorporate all relevant existing requirements of the
related clauses of IAF-MD5:2015, and
 all clauses not amended are not included in this Appendix unless needed to
ensure a better understanding of the related amended clauses (e.g. clauses B.5
and B.6 referred by amended clause B.3.2).

B.1 DEFINITIONS

B.1.9 Effective Number of Personnel

The effective number of personnel consists of all personnel (permanent, temporary, and
part-time) involved within the scope of certification including those working on each
shift. When included within the scope of certification, it shall also include
contractors/subcontractors personnel performing work or work-related activities that are
under the control or influence of the organization, that can impact on the organization’s
OH&SMS performance.

B.1.12 Complexity category based on OH&S risk

For OH&SMS, the provisions specified in this document are based on three primary
complexity categories based on the nature, number and severity of the OH&S risks of
an organization that fundamentally affect the audit time (See Table OH&SMS 2).

B.2 APPLICATION

B.2.2 Audit Day(s)

B.2.2.1 Table OH&SMS 1 presents the average audit time of OH&SMS


certification audits calculated in audit days on the basis of 8 hours per day. National
adjustments on the number of days may be needed to comply with local legislation for
travel, lunch breaks and working hours to achieve the same total number of days of
auditing of Table OH&SMS 1.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 15 of 39


Occupational Health and Safety Management Systems (OH&SMS)

B.2.3 Calculation of the Effective Number of Personnel

B.2.3.1 The effective number of personnel as defined above is used as a basis for
the calculation of audit time for OH&SMS. Considerations for determining the effective
number of employees include part-time personnel, those working on shifts,
administrative and all categories of office staff, and similar or repetitive processes (see
B.2.3.4). “In case of seasonal operations (e.g. harvesting activities, holiday villages and
hotels, etc,) the calculation of the effective number of personnel shall be based on the
personnel typically present in peak season operations.” Reductions due to employment
of large numbers of unskilled personnel shall not be made without consideration of the
associated risk (see B.2.3.6).

B.2.3.4 Similar or repetitive processes within scope

a) When a high percentage of personnel perform certain activities/positions that are


considered similar or identical because they expose personnel to similar OH&S risks
(e.g. cleaners, security, sales, call centres, etc.) a reduction in the number of
personnel which is coherent and consistently applied on a company to company
basis within the scope of certification may be permitted.
b) For groups of workers performing repetitive jobs which can reduce attention, and
raise the associated level of OH&S risk (e.g. mounting, assembling, packaging,
sorting, etc.), the methods incorporated for possible reductions shall be documented
to include the assessment of the OH&S risk of any activities/positions of workers.

B.2.3.5 Shift work employees

The CAB shall determine the timing of the audit which will best assess the effective
implementation of the OH&SMS for the full scope of the client activities, including the
need to audit outside normal working hours and various shift patterns. This shall be
agreed with the client.

The CAB should ensure that any variation in audit time does not compromise the
effectiveness of audits (see also clause B 3.7).

B.2.3.6 Temporary unskilled personnel

This issue normally only applies in countries with a low level of technology where
temporary unskilled personnel may be employed in considerable numbers to replace
automated processes. Under these circumstances, a reduction in effective personnel
may be made for other certification schemes (QMS, EMS). This reduction is in principle
to be regarded as not applicable to OH&SMS since the employment of temporary
unskilled personnel can be a source of OH&S risks. If, in exceptional cases, a reduction
is made the justification for doing so shall be recorded and made available to the AB at
assessment.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 16 of 39


Occupational Health and Safety Management Systems (OH&SMS)

B.3 METHODOLOGY FOR DETERMINING AUDIT TIME OF OH&SMS

B.3.1 The methodology used as a basis for the calculation of audit time of OH&SMS
for an initial audit (Stage 1 + Stage 2) involves the understanding of tables of Annex C
of Appendix B. Annex C is based upon the effective number of personnel (see Clause
B.2.3 for guidance on the calculation of the effective number of personnel) and the
category of OH&S risk associated with the business sector of the organization and does
not provide a minimum or maximum audit time. Table OH&SMS 2 shows the linkage
between business sectors and OH&S complexity categories based on OH&S risks.

Note: Normal practice is that time spent for Stage 2 exceeds time spent for Stage 1.

B.3.2 Using a suitable multiplier, the same table and figure may be used as the base
for calculating audit time for surveillance audits (Clause B.5) and recertification audits
(clause B.6).

B.3.3 The CAB shall have processes that provide for the allocation of adequate time
for auditing of relevant processes of the client. Experience has shown that apart from
the number of personnel, the time required to carry out an effective audit depends upon
other factors for OH&SMS. These factors are explored in more depth in clause B.8.

B.3.4 This mandatory document lists the provisions which should be considered when
establishing the amount of time needed to perform an audit. This and other factors need
to be examined during the CAB’s application review process, and after Stage 1 and
throughout the certification cycle and at recertification for their potential impact on the
determination of the audit time regardless of the type of audit. Therefore the relevant
tables OH&SMS 1 and OH&SMS 2 which demonstrate the relationship between
effective number of personnel and OH&S risk categories cannot be used in isolation.
These tables provide the framework for further audit planning and for making
adjustments to audit time for all types of audits.

B.3.6 For an OH&SMS audit it is appropriate to base audit time on the effective
number of personnel of the organization and nature, number and severity of the OH&S
risks of the typical organization in that industry sector. Tables OH&SM 1 and OH&SM 2
provide a framework for the process that should be used for planning. The audit time of
management systems should then be adjusted based on any significant factors that
uniquely apply to the organization to be audited.

B.3.7 The starting point for determining audit time of OH&SMSs shall be identified
based on the effective number of personnel, then adjusted for the significant factors
applying to the client to be audited, and attributing to each factor an additive or
subtractive weighting to modify the base figure. In every situation, the basis for the
establishment of audit time of OH&SMSs, including adjustments made, shall be
recorded. The CAB should ensure that any variation in audit time does not compromise

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 17 of 39


Occupational Health and Safety Management Systems (OH&SMS)

the effectiveness of audits. Where product or service realization processes operate on a


shift basis, the extent of auditing of each shift by the CAB depends on the processes
done on each shift, taking into consideration the associated OH&S risks, and the level
of control of each shift that is demonstrated by the client. To audit effective
implementation, at least one of the shifts inside and one outside of regular office hours
shall be audited during the first cycle of certification. During surveillance audits of the
subsequent cycles, the CB may decide not to audit the second shift based on the
recognised maturity of the organization’s OH&SMS. Adjustments for delaying the
starting time of audit are recommended whenever possible, in order to cover both shifts
within the 8 hours audit time. The justification for not auditing the other shifts shall be
documented taking into account the risk for not doing so.

B.3.8 The audit time of OH&SMSs determined using the tables of this Appendix shall
not include the time of “auditors-in-training”, observers or the time of technical experts.

B.3.9 The reduction audit time of OH&SMSs shall not exceed 30% of the times
established from Table OH&SMS 1.

B.4 INITIAL OH&SMS CERTIFICATION AUDITS (STAGE 1 PLUS STAGE 2)

B.4.2 Table OH&SMS 1 provides a starting point for estimating the time of an initial
audit (Stage 1 + Stage 2) for OH&SMS.

B.4.5 Certification audits may include remote auditing techniques such as interactive
web-based collaboration; web meetings, teleconferences and/or electronic verification
of the client’s processes. These remote activities, which shall be limited to reviewing
documents/records and to interviewing staff and workers, shall be identified in the audit
plan. The time spent on these activities may be considered as contributing to the total
duration of management systems audits. If the CAB plans an audit for which the remote
auditing activities represent more than 30% of the planned on-site duration of
management systems audits, the CAB shall justify the audit plan and maintain the
records of this justification, which shall be available to an Accreditation Body for review
(see IAF MD4). Activities and OH&S risk controls cannot be remotely witnessed this
way.

Note 1: Duration of management system audits refers to the duration of management


system audits allocated for individual sites. Electronic audits of virtual or remote sites
are considered to be remote audits, even if the electronic audit is physically carried out
on the client organization’s location (physical or virtual).

Note 2: Regardless of the remote auditing techniques used, the client organization shall
be physically visited at least annually where such a physical location exists.

Note 3: It is unlikely that a Stage 2 audit will take less than one (1) audit day.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 18 of 39


Occupational Health and Safety Management Systems (OH&SMS)

B.5 SURVEILLANCE

During the initial three year certification cycle, audit time for surveillance audits for a
given organization should be proportional to the audit time spent on the initial
certification audit (Stage 1 + Stage 2), with the total amount of time spent annually on
surveillance being about 1/3 of the audit time spent on the initial certification audit. The
CAB shall obtain an update of client data related to its management system as part of
each surveillance audit. The planned audit time of a surveillance audit shall be reviewed
at least at every surveillance and recertification audit to take into account changes in the
organization, system maturity, etc. The evidence of review including any adjustments to
the audit time of management systems audits shall be recorded.

Note: It is unlikely that a surveillance audit will take less than one (1) audit day.

B.6 RECERTIFICATION

The audit time for the recertification audit should be calculated on the basis of the
updated information of the client and is normally approximately 2/3 of the audit time that
would be required for an initial certification audit (Stage 1 + Stage 2) of the organization
if such an initial audit were to be carried out at the time of recertification (i.e. not 2/3 of
the original time spent on the initial audit). The audit time of management systems shall
take account of the outcome of the review of system performance (ISO/IEC 17021-1).
The review of system performance does not itself form part of the audit time for
recertification audits.

Note: It is unlikely that a recertification audit will take less than one (1) audit day.

B.7 INDIVIDUALIZED SECOND AND SUBSEQUENT CERTIFICATION CYCLES

Not applicable for OH&SMS.

B.8 FACTORS FOR ADJUSTMENTS OF AUDIT TIME OF OH&SMS

B.8.1 The additional factors that shall be considered include but are not limited to:

i) Increase in audit time of OH&SMS:

a. complicated logistics involving more than one building or location where work
is carried out. e.g., a separate Design Centre shall be audited,
b. staff speaking in more than one language (requiring interpreter(s) or
preventing individual auditors from working independently),
c. very large site for the number of personnel (e.g., a forest),

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 19 of 39


Occupational Health and Safety Management Systems (OH&SMS)

d. high degree of regulation (e.g. aerospace, nuclear power, refinery and


chemical industry, fishing vessels, mining, food, drugs, etc.),
e. system covers highly complex processes or relatively high number of unique
activities,
f. activities that require visiting temporary sites to confirm the activities of the
permanent site(s) whose management system is subject to certification,
g. views of interested parties,
h. rate of accidents and occupational diseases higher than average for the
business sector,
i. if the members of the public are present on the organization’s site (e.g.
hospitals, schools, airports, ports, train stations, public transport),
j. the organization is facing legal proceedings related to OH&S (depending on
the severity and impact of risk involved),
k. the temporary large presence of many (sub)contractors companies and their
employees causing an increase in complexity or OH&S risks (e.g. periodical
shutdowns or turnaround of refineries, chemical plants, steel manufacturing
plants and other large industrial complexes),
l. Where dangerous substances are present in quantities exposing the plant to
the risk of major industrial accidents, in accordance with the applicable
national regulations, and/or risk assessment documentation,
m. organization with sites included in the scope in other countries than the mother
site country (if legislation and language are not well known).
ii) Decrease in audit time of OH&SMS:
a. maturity of the management system,
b. prior knowledge of the client organisation’s management system (e.g. already
certified in another voluntary OH&SMS scheme by the same CAB),
c. client preparedness for OH&S certification (e.g. already subject to periodical
audits by the National Authority for a mandatory governmental OH&SMS
scheme),
d. very small site for number of personnel (e.g. office complex only).

All attributes of the client’s system, processes, and products/services should be


considered and a fair adjustment made for those factors that could justify more or less
auditor time for an effective audit. Additive factors may be off-set by subtractive factors.

Any decision taken in relation to the requirements of this clause shall be recorded.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 20 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Note 1: Subtractive factors may be used once only for each calculation for each client
organization.

Note 2: Additional factors to consider when calculating the audit time of integrated
management systems are addressed in IAF MD 11.

B.9 TEMPORARY SITES

B.9.2 Temporary sites could range from major project management sites to minor
service/installation sites. The need to visit such sites and the extent of sampling shall be
based on an evaluation of the risks of failure of the OH&SMS to control OH&S risks
associated with the client's operations. Sites included in sampling should represent the
client’s scope of certification, sizes and types of activities and processes, type of
hazards involved and associated OH&S risks, and stages of projects in progress.

B.9.3 Typically on-site audits of temporary sites would be performed. However, the
following methods could be considered as alternatives to replace only those parts of on-
site audits not related to witness the operational control and other OH&SMS activities:

i) interviews or progress meetings with the client and/or its customers in person
or teleconference,
ii) document review of temporary site activities,
iii) remote access to electronic site(s) that contain records or other information
that is relevant to the assessment of the OH&SMS and the temporary site(s),
iv) use of video and teleconference and other technology that enable effective
auditing to be conducted remotely.

B.10 AUDIT TIME OF A MULTI-SITE OH&SMS

B.10.1 In the case of an OH&SMS system operated over multiple sites the CAB
shall establish if site sampling is permitted or not, based on the evaluation of the level of
OH&S risks associated with the activities and processes carried out in each site
included in the scope of certification. Records of such evaluations and rationale of
decisions taken shall be made available to the AB at assessment.

B.10.2 The requirements for OH&SMS multiple site certification, both when
sampling is permitted and when sampling is not permitted, are covered in more detail by
the different scenarios provided in the new IAF MD 1 document for auditing and
certification of a management system managed by a multi-site organization, in which all
references to IAF MD5 requirements shall be understood as amended by this Appendix
B.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 21 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Until its coming into force, the respective requirements of IAF MD 1:2007 and MD
19:2016 continue to apply.

The proportion of the total time spent on each site shall take into account situations
where certain management system processes are not relevant to the site.

B.10.3 Combined with clause B.10.2

B.11 CONTROL OF EXTERNALLY PROVIDED FUNCTIONS OR PROCESSES


(OUTSOURCING)

B.11.1 If an organization outsources part of its functions or processes, it is the


responsibility of the CAB to obtain evidence that the organization has effectively
determined the type and extent of controls to be applied in order to ensure that the
externally provided functions or processes do not adversely affect the effectiveness of
the OH&SMS, including the organization’s ability to control its OH&S risks and
commitments to comply with legal requirements.

B.11.2 The CAB will audit and evaluate the effectiveness of the organization's
OH&SMS in managing any supplied activity and the risk this poses to OH&S
performance of its own activities and processes and conformity requirements. This may
include gathering feedback on the level of effectiveness from suppliers, based:

 on the criteria applied by the organization for the evaluation, selection, monitoring
of performance and re-evaluation of these external providers based on their ability
to provide functions or processes in accordance with specified requirements, in
compliance with the legal requirements, and
 on the risk that the external providers can adversely affect the organization’s
ability to control its own OH&S risks.

B.11.3 Even if auditing the complete provider’s management system is not


required, the CAB shall consider those processes or functions included within the scope
of the organization’s OH&SMS, which have been outsourced to external providers to
plan and accomplish an effective audit.

B.11.4. The CAB should be able to establish this during the preparation of the
certification programme and further verify it during the initial audit, and before every
surveillance and recertification audit.

Annex A - Quality Management Systems

Not applicable.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 22 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Annex B - Environmental Management Systems

Not applicable.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 23 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Annex C to Appendix B – OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT


SYSTEMS
Table OH&SMS 1 – Occupational Health and Safety Management Systems

Relationship between Effective Number of Personnel,


Complexity Category of OH&S Risk and Audit Time
(Initial Audit only – Stage 1 + Stage 2)

Effective Audit Time Effective Audit Time


Number of Stage 1 + Stage 2 Number of Stage 1 + Stage 2
Personnel (days) Personnel (days)
High Med Low High Med Low
1-5 3 2.5 2.5 626-875 17 13 10
6-10 3.5 3 3 876-1175 19 15 11
11-15 4.5 3.5 3 1176-1550 20 16 12
16-25 5.5 4.5 3.5 1551-2025 21 17 12
26-45 7 5.5 4 2026-2675 23 18 13
46-65 8 6 4.5 2676-3450 25 19 14
66-85 9 7 5 3451-4350 27 20 15
86-125 11 8 5.5 4351-5450 28 21 16
126-175 12 9 6 5451-6800 30 23 17
176-275 13 10 7 6801-8500 32 25 19
276-425 15 11 8 8501-10700 34 27 20
426-625 16 12 9 >10700 Follow progression
above

Note 1: Audit time is shown for high, medium and low OH&SM risk audits.

Note 2: The numbers of personnel in Table OH&SMS 1 should be seen as a continuum


rather than a stepped change. If drawn as a graph, the line should start with the values
in the lower band. The starting point of the graph should be personnel of 1 attracting 2.5
days as above. If after the calculation the result is a decimal number, the number of days
should be adjusted to the nearest half day (e.g.: 5.3 audit days becomes 5.5 audit days,
5.2 audit days becomes 5 audit days).

Note 3: See also clause B.1.9 and B.2.3.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 24 of 39


Occupational Health and Safety Management Systems (OH&SMS)

TABLE OH&SMS 2 - Examples of linkage between business sectors and


Complexity Categories of OH&S Risks
Complexity
category of Business sector
OH&S risk
 fishing (offshore, coastal dredging and diving)
 mining and quarrying
High
 manufacture of coke and refined petroleum products
 oil and gas extraction
 tanning of textiles and clothing
 pulping part of paper manufacturing including paper recycling processing
 oil refining
 chemicals (including pesticides, fabrication of batteries and accumulators),
and pharmaceuticals
 manufacturing of fibreglass
 gas production, storage and distribution
 electricity generation and distribution
 nuclear
 storage of large quantities of hazardous material
 non-metallic processing and products covering ceramics, concrete, cement,
lime, plaster, etc.
 primary productions of metals
 hot and cold forming and metal fabrication
 manufacturing and assembly of metal structures
 shipyards (depending on the activities could be medium)
 aerospace industry
 automotive industry
 manufacturing of weapons and explosives
 recycling of hazardous waste
 hazardous and non-hazardous waste processing e.g. incineration etc.
 effluent and sewerage processing
 industrial and civil construction and demolition (including building completion
with electrical, hydraulic and air conditioning installation activities)
 slaughter houses
 transport and distribution of dangerous goods (by land, air and water)
 defence activities/crisis management
 healthcare/hospitals/veterinary/social works
 aquaculture (breeding, rearing, and harvesting of plants and animals in all
types of water environments)
Medium
 fishing (offshore fishing is high)
 farming/forestry (depending on the activities could be high)
 food, beverage and tobacco – processing
 textiles and clothing except for tanning
 manufacturing of wood and wooden products including manufacturing of

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 25 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Complexity
category of Business sector
OH&S risk
boards, treatment/impregnation of wood
 paper production and paper products excluding pulping
 non-metallic processing and products covering glass, ceramics, clay, etc.
 general mechanical engineering assembly
 manufacturing of metallic products
 surface and other chemically based treatment for metal fabricated products
excluding primary production and for general mechanical engineering
(depending on the treatment and the size of the component could be high)
 production of bare printed circuit boards for electronics industry
 rubber and plastic injection moulding, forming and assembly
 electrical and electronic equipment assembly
 manufacturing of transport equipment and their repairs - road, rail and air
(depending on the size of the equipment, could be high)
 recycling, composting, landfill (of non-hazardous waste)
 water abstraction, purification and distribution including river management
(note commercial effluent treatment is graded as high)
 fossil fuel wholesale and retail (depending on the amount of fuel, could be
high)
 transport of passengers (by air, land and sea)
 transport and distribution of non-dangerous goods (by land, air and water)
 industrial cleaning, hygiene cleaning, dry cleaning normally part of general
business services
 research & development in natural and technical sciences (depending on the
business sector could be high). Technical testing and laboratories
 hotels, leisure services and personal services excludes restaurants
 education services (depending on the object of teaching activities could be
high or low)
 corporate activities and management, HQ and management of holding
companies
Low
 wholesale and retail (depending on the product, could be medium or high,
e.g. fuel)
 general business services except industrial cleaning, hygiene cleaning, dry
cleaning and education services).
 transport and distribution - management services with no actual fleet to
manage
 engineering services (could be medium depending on type of services)
 telecommunications and post office services
 restaurants and campings
 commercial estate agency, estate management
 research & development on social sciences and humanities
 public administration, local authorities
 financial institutions, advertising agency

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 26 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Complexity categories of OH&S risks

The provisions specified in this document are based on three primary complexity
categories of OH&S risks based on the nature and severity of the OH&S risks of an
organization that fundamentally affect the auditor time. These are:

 High – OH&S risks with significant nature and severity (typically the construction
industry, heavy manufacturing or processing type organizations),
 Medium – OH&S risks with medium nature and severity (typically light
manufacturing organizations with some significant risks), and
 Low – OH&S risks with low nature and severity (typically office based
organizations).

Table OH&SMS 1 covers the above three complexity categories of OH&S risks.

Table OH&SMS 2 provides the link between the three complexity categories of OH&S
risks above and the industry sectors that would typically fall into that category.

The CAB should recognize that not all organizations in a specific sector will always fall
in the same OH&S risk category. The CAB should allow flexibility in its contract review
procedure to ensure that the specific activities of the organization are considered in
determining the complexity categories of OH&S risks.

For example, even though many businesses in shipbuilding should be classified as


“high risk”, an organization which would have only small boats of carbon fibre with lower
complexity activities could be classified as “medium”.

The CAB shall document all cases where they have lowered the complexity category of
OH&S risks of an organization in a specific business sector.

Note: The complexity category of OH&S risk of an organization may also be associated
with the consequences of a failure of the OH&SMS to control the risk:

 High – where failure to manage the risk could put life at risk or result in serious
injury or illness,

 Medium – where failure to manage the risk could result in injury or illness, and

 Low – where failure to manage the risk may result in minor injury or illness.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 27 of 39


Occupational Health and Safety Management Systems (OH&SMS)

APPENDIX C (normative) - LEGAL COMPLIANCE AS A PART OF ACCREDITED


OH&SMS CERTIFICATION

C.0 INTRODUCTION

C.01 Considering the various viewpoints, the following definition for “legal compliance”
is used: “Conformity with the law, in such a way that the intended outcome is realised.”

While certification of an OH&SMS against the requirements of the applicable OH&SMS


standard is not a guarantee of legal compliance (neither is any other means of control,
including government or other type of control and/or legal compliance inspections or
other forms of certification or verification), it is a proven and efficient tool to achieve and
maintain such legal compliance.

It is recognised that accredited OH&SMS certification shall demonstrate that an


independent third-party (Certification Body) has evaluated and confirmed that the
organisation has a demonstrably effective OH&SMS to ensure the fulfilment of its policy
commitments including legal compliance.

Ongoing or potential non-compliances with the applicable legal requirements might


show a lack of management control within the organisation and its OH&SMS and the
conformity with the standard should be carefully reviewed.

C.02 This Appendix is intended to extend to OH&SMS the applicability of selected


requirements of document EA-7/04 M: 2017 “Legal Compliance as a part of Accredited
ISO 14001:2015 certification”, rev.03 May 2017. Such requirements describe the
relationship between an organisation's accredited OH&SMS certification and that
organisation's degree of compliance with applicable OH&S legal requirements.

C.1 HOW SHOULD A CERTIFICATION BODY AUDIT AN OH&SMS WITH


RESPECT TO LEGAL COMPLIANCE

C.1.1 Through the certification assessment process, a Certification Body shall evaluate
an organisation's conformity with the requirements of an OH&SMS standard as they
relate to legal compliance and shall not grant certification until conformity with these
requirements can be demonstrated.

After certification, the subsequent surveillance and reassessment audits conducted by


the Certification Body shall be consistent with the above audit methodology.

C.1.2 With respect to the balance between review of documents and records and the
evaluation of the OH&SMS implementation during operational activities (e.g. tour of
facilities and other work sites), the Certification Body shall ensure that an adequate
audit of the effectiveness of the OH&SMS is undertaken.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 28 of 39


Occupational Health and Safety Management Systems (OH&SMS)

C.1.3 There is no formula to define what the relative proportions should be, as the
situation is different in every organisation. However, there are some indications that too
much of the audit time being dedicated to an office-based review is a problem that
occurs with some frequency. This could lead to an inadequate assessment of the
effectiveness of the OH&SMS with respect to legal compliance issues, and potentially to
poor performance being overlooked, leading to a loss of stakeholder confidence in the
certification process.

The Certification Body shall, through an appropriate surveillance program, assure that
conformity is being maintained during the certification cycle, normally three years. The
Certification Body auditors shall verify the management of legal compliance based on
the demonstrated implementation of the system and not rely only on planned or
expected results.

C.1.4 Any organization failing to demonstrate their initial or ongoing commitment to


legal compliance, shall not be certified or continued to be certified as meeting the
requirements of an OH&SMS standard by the Certification Body.

C.1.5 Deliberate or consistent non-compliance shall be considered a serious failure to


support the policy commitment to achieving legal compliance and shall preclude
certification or cause an existing OH&SMS standard certificate to be suspended, or
withdrawn.

C.1.6 If the facilities and work areas are subject to closure the OH&S risks change, as
there may no longer be the same risks to employees, but there may be new risks
applicable to members of the public (e.g. in case of lack of suitable maintenance and
surveillance activities). The Certification Body shall verify that the management system
continues to meet the OH&SMS standard and to be effectively implemented in respect
of the closed facilities and work areas, and, if not, suspend the certificate.

C.2. COMPLIANCE CRITERIA FOR THE CERTIFICATION DECISION

C.2.1 Full legal compliance is expected by stakeholders and interested parties of an


organization claiming conformity with an OH&SMS standard. The perceived worth of
accredited certification in this field is closely related to the achieved satisfaction of the
interested parties in relation to legal compliance.

C.2.2 The organisation shall be able to demonstrate that it has achieved compliance
with the legal OH&S requirements that are applicable to it through its own evaluation of
compliance prior to the Certification Body granting certification.

C.2.3 Where the organization may not be in legal compliance, it shall be able to
demonstrate it has activated an implementation plan to achieve full compliance within a
declared date, supported by a documented agreement with the regulator, wherever

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 29 of 39


Occupational Health and Safety Management Systems (OH&SMS)

possible for the different national conditions. The successful implementation of this plan
shall be considered as a priority within the OH&SMS.

C.2.4 Exceptionally the Certification Body may still grant certification but shall seek
objective evidence to confirm that the organization’s OH&SMS:

a. is capable of achieving the required compliance through full implementation of the


above implementation plan within the due date,
b. has addressed all hazards and OH&S risks to workers and other exposed personnel
and that there are no activities, processes or situations that can or will lead to a
serious injury and/or ill-health, and
c. during the transitional period has put in place the necessary actions to ensure that
the OH&S risk is reduced and controlled.

C.2.5 Through the requirements of ISO/IEC 17021-1, clause 9.4.8.3 a) and the
intended outcomes being explicitly stated in the applicable OH&SMS standard, the
Certification Body shall ensure that its audit reports contain a statement on the
conformity and the effectiveness of the organization’s OH&SMS together with a
summary of the evidence with regards to the capability of the OH&SMS to meet its
compliance obligations.

C.3 SUMMARY

C.3.1 Accredited certification of an organization's OH&SMS indicates conformity with


the requirements of the applicable OH&SMS standard and includes a demonstrated and
effective commitment to compliance with applicable legal requirements.

C.3.2 The control of legal compliance by the organisation is an important component of


the OH&SMS assessment and remains the responsibility of the organization.

C.3.3 It should be stressed that Certification Body auditors are not inspectors of the
OH&S regulator. They should not provide "statements" or "declarations" of legal
compliance. Nevertheless, they can "verify the evaluation of legal compliance" in order
to assess conformity with the applicable OH&SMS standard.

C.3.4 Accredited certification of an OH&SMS as fulfilling the requirements in an


OH&SMS standard cannot be an absolute and continuous guarantee of legal
compliance but neither can any certification or legal scheme guarantee ongoing legal
compliance. However, an OH&SMS is a proven and effective tool to achieve and
maintain legal compliance and provides top management with relevant and timely
information on the organisation's compliance status.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 30 of 39


Occupational Health and Safety Management Systems (OH&SMS)

C.3.5 An OH&SMS standard requires a commitment to comply with legal requirements.


The organisation shall be able to demonstrate it has achieved compliance with its
applicable legal requirements through its own evaluation of compliance prior to the
Certification Body granting certification.

C.3.6 Certification of an OH&SMS as fulfilling the requirements in an OH&SMS


standard confirms that the OH&SMS has been shown to be effective in achieving its
policy commitments including fulfilment of legal compliance obligations and provides the
foundation and support for an organization's continued legal compliance.

C.3.7 In order to maintain the confidence of interested parties and stakeholders in the
above attributes of the accredited certification of an OH&SMS, the Certification Body
shall ensure that the system has demonstrated effectiveness before granting,
maintaining or continuing certification.

C.3.8 The OH&SMS can act as a tool for dialogue between the organisation and its
OH&S regulators and form the basis for a trusting partnership, replacing historical
adversarial "them and us" relationships. OH&S regulators and the public should have
confidence in organizations with an accredited OH&SMS standard certificate and be
able to perceive them as being able to constantly and consistently manage their legal
compliance.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 31 of 39


Occupational Health and Safety Management Systems (OH&SMS)

APPENDIX D (normative) - SCOPE OF ACCREDITATION

D.1 The accredited scope of an OH&S Certification Body shall be expressed in terms
of one or more elements from the list of economic activities reported in the Annex of the
Document IAF-ID1:2014, as amended for OH&SMS in the following table.

Model for OH&SMS Accreditation Scopes

OH&SMS Accreditation Scope


No Description of economic NACE – Division Examples of Common OH&S
sector/activity /Group/Class hazards (1)
(rev.2)
1 Agriculture, forestry and 01, 02, 03 Exposure to pesticide, biological and
fishing chemical hazards, farm mobile
vehicles and equipment, machinery,
work at height, manual handling,
respiratory disease, zoonoses,
noise, repetitive stress, etc.
2 Mining and quarrying 05, 06, 07, 08, 09 Rock fall, fire, explosion, mobile
vehicles, machinery, falls from height,
entrapment and electrocution, noise,
vibration, exposure to radon,
crystalline silica exposure, coal dust,
hazardous chemicals, working in
confined spaces, etc.
3 Food products, beverages 10, 11, 12 Exposure to pesticide, biologic and
and tobacco chemical hazards, mobile vehicles
and equipment, tools, machinery,
cold areas (freezer), hot media,
repetitive stress, etc.
4 Textiles and textile 13, 14 Machinery and equipment, exposure
products to dyes and chemicals, wool and
flock dust, fire, explosion, weight
loading and unloading, noise, etc.
5 Leather and leather 15 Exposure to chromium and other
products hazardous chemicals, machinery,
pressure equipment, unsafe
workplace, weight loading and
unloading, noise, etc.
6 Wood and wood products 16 Exposure to hazardous chemicals,
wood dust, various machinery and

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 32 of 39


Occupational Health and Safety Management Systems (OH&SMS)

OH&SMS Accreditation Scope


No Description of economic NACE – Division Examples of Common OH&S
sector/activity /Group/Class hazards (1)
(rev.2)
tools, fire, explosion, etc.
7 Pulp, paper and paper 17 Exposure to hazardous chemicals,
products plant and pressure equipment,
machinery, fire, explosion, unsafe
workplace (heat radiation, dust),
noise, etc.
8 Publishing companies 58.1, 59.2 Video Display Terminal (VDT), body
posture, lighting, repetitive stress,
etc.
9 Printing companies 18 Exposure to hazardous chemicals,
machinery, noise
10 Manufacture of coke and 19 Exposure to hazardous chemicals,
refined petroleum products machinery, plant and equipment ,
pressure equipment, fire, explosion,
working in confined spaces, working
at height, noise, explosion, coal dust,
etc.
11 Nuclear fuel 24.46, 20.13 (only Exposure to radiation/radioactivity,
in scope of exposure to hazardous chemicals,
radioactive plant and equipment, etc.
material)
12 Chemicals, chemical 20 (except scope Exposure to hazardous chemicals,
products and fibres of radioactive machinery, plant and equipment,
material) pressure equipment, fire, explosion,
working in confined spaces, working
at height, noise, explosion, dust, etc.
13 Pharmaceuticals 21 Exposure to biological and chemical
hazards, exposure to radiations, plant
and pressure equipment, fire,
explosion, working in confined
spaces, etc.
14 Rubber and plastic 22 Machinery, plant and pressure
products equipment, exposure to chemical
hazards, fire, explosion, noise etc.
15 Non-metallic mineral 23, except 23.5 Machinery, plant and pressure
equipment, electricity, fire, explosion,

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 33 of 39


Occupational Health and Safety Management Systems (OH&SMS)

OH&SMS Accreditation Scope


No Description of economic NACE – Division Examples of Common OH&S
sector/activity /Group/Class hazards (1)
(rev.2)
products and 23.6 hazardous chemicals, noise, paint
and coatings, etc.
16 Concrete, cement, lime, 23.5, 23.6 Ground works and excavations work
plaster etc. at height, mobile plant and
machinery, manual handling, noise,
vibration, dust, electricity, fire,
explosion, etc.
17 Basic metals and 24 except 24.46, Machinery, plant and equipment,
fabricated metal products pressure equipment, fire, explosion,
25 except 25.4,
hazardous chemicals, working at
33.11 height, noise, paint and coatings,
radiation, etc.
18 Machinery and equipment 25.4, 28, 30.4, Machinery, plant and equipment,
33.12, 33.2 pressure equipment, hazardous
chemicals, paint and coatings, noise,
vibration, manual handling, fire,
explosion, etc.
19 Electrical and optical 26, 27, 33.13, Machinery, plant and equipment,
equipment pressure equipment, electricity,
33.14, 95.1
radiation, hazardous chemicals,
noise, vibration, manual handling,
etc.
20 Shipbuilding 30.1, 33.15 Machinery, plant and equipment,
pressure equipment, hazardous
chemicals, noise, vibration, manual
handling, working at height, working
in confined spaces, fire, explosion ,
radiation, paint and coatings, etc.
21 Aerospace 30.3, 33.16 Machinery, plant and equipment,
pressure equipment, hazardous
chemicals, paint and coatings, noise,
vibration, radiation, manual handling,
fire, explosion, etc.
22 Other transport equipment 29, 30.2, 30.9, Machinery, plant and equipment,
pressure equipment, hazardous
33.17
chemicals, paint and coatings, paint
and coatings, noise, vibration,

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 34 of 39


Occupational Health and Safety Management Systems (OH&SMS)

OH&SMS Accreditation Scope


No Description of economic NACE – Division Examples of Common OH&S
sector/activity /Group/Class hazards (1)
(rev.2)
manual handling, etc.
23 Manufacturing not 31, 32, 33.19 Machinery, plant and equipment,
elsewhere classified pressure equipment, hazardous
chemicals, noise, vibration, manual
handling, paint and coatings etc.
24 Recycling 38.3 Traffic, machinery, exposure to
chemical and biological hazards,
slips, trips, falls, radiation, repetitive
stress, noise, fire, explosion, etc.
25 Electricity supply 35.1 Plant and equipment, electricity,
exposure to electro-magnetic fields,
machinery, hazardous chemicals,
noise, vibration, work at height, etc.
26 Gas supply 35.2 pressure equipment, machinery, fire
and explosion associated with loss of
containment of gas, toxicity, noise,
vibration, work in confined spaces,
work at height, etc.
27 Water supply 35.3, 36 Plant and equipment, machinery,
exposure to chemical hazards, noise,
vibration, work at height, work in
confined spaces, legionella, etc.
28 Construction 41, 42, 43 Ground works and excavations, work
at height, mobile equipment
accidents, falls from height, tower
cranes, mobile plant and machinery,
temporary works, manual handling,
noise, vibration, dust, paint and
coatings, electricity (overhead
electric lines and underground
cables), fire, etc.
29 Wholesale and retail trade; 45, 46, 47, 95.2 Machinery, tools, hazardous
Repair of motor vehicles, chemicals, noise, vibration, manual
motorcycles and personal handling, chemicals, etc.
and household goods
30 Hotels and restaurants 55, 56 Slips and trips, hot objects, cold

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 35 of 39


Occupational Health and Safety Management Systems (OH&SMS)

OH&SMS Accreditation Scope


No Description of economic NACE – Division Examples of Common OH&S
sector/activity /Group/Class hazards (1)
(rev.2)
areas (freezers), sharp objects,
chemicals, biological waste,
legionella, etc.
31 Transport, storage and 49, 50, 51, 52, 53, Traffic, speed, overturning, crash,
communication being hit by a moving vehicle, falls
61
from vehicles, manual handling, slips
and trips
32 Financial intermediation; 64, 65, 66, 68, 77 VDT, body posture, lighting, repetitive
real estate; renting stress, etc.
33 Information technology 58.2, 62, 63.1 VDT, body posture, lighting, repetitive
stress, etc.
34 Engineering services 71, 72, 74 except VDT, wide variation in function of the
specific service.
74.2 and 74.3
35 Other services 69, 70, 73, 74.2, Wide variation in function of the
specific service.
74.3, 78, 80, 81,
82
36 Public administration 84 VDT, body posture, lighting,
ergonomics, wide variation, etc.
37 Education 85 VDT, lighting, ergonomics, stress,
noise, etc.
38 Health and social work 75, 86, 87, 88 Exposure to biological hazards,
radioactivity, disease contamination,
weight handling, etc.
39 Other social services 37, 38.1, 38.2, 39, Machinery, exposure to chemical and
59.1, 60, 63.9, 79, biological hazards, slips, trips, falls,
90, 91, 92, 93, 94, repetitive stress, noise, wide
96 variation in function of the specific
service.

Note 1: Examples of common hazards are not supposed to be included in the scope of
accreditation.

Note 2: No risk level has been assigned for each IAF code. Each AB would be
responsible to define the risk level of each scope taking into account the local
legislation, the OH&S hazards and the requirements defined in Appendix B.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 36 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Note 3: Sections T and U from NACE Rev 2 including the NACE codes 97, 98, and 99
are not included in the table.

Note 4: The use of OH&S scopes to describe “technical areas” for an OH&SMS, as
referred to in ISO/IEC 17021-1:2015, clause 7.1.2., is limited. While scope 11 “Nuclear
Fuel” might constitute a legitimate descriptor for a technical area, few of the other
headings would do so.

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 37 of 39


Occupational Health and Safety Management Systems (OH&SMS)

APPENDIX E (normative) - WITNESSING ACTIVITIES FOR THE ACCREDITATION


OF OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS (OH&SMS)
CERTIFICATION BODIES

Consistent with IAF MD 17 (which is fully applicable), this Appendix specifies the
witnessing to be performed in Occupational Health and Safety Management Systems
(OH&SMS).

All the IAF codes (see IAF ID1) have been merged into a series of technical clusters for
OH&SMS deemed relevant for the purpose of this document.

The specific approach for sampling of scopes is detailed in section 4 of IAF MD17.

Technical IAF Description of economic sector/activity, Critical


cluster code according to IAF ID1 code(s)
Agriculture,
forestry and 1 Agriculture, forestry and fishing 1
fishing
3 Food products, beverages and tobacco
Food 3
30 Hotels and restaurants
17 Limited to “Fabricated metal products”
18 Machinery and equipment
19 Electrical and optical equipment
Mechanical 20 and 21
20 Shipbuilding
21 Aerospace
22 Other transport equipment
7 Limited to “Paper products”
Paper 8 Publishing companies 9
9 Printing companies
28 Construction
Construction 28
34 Engineering services
4 Textiles and textile products
5 Leather and leather products 4 (with
Goods
tanning) and
production 6 Wood and wood products 5 or 6
23 Manufacturing not elsewhere classified
7 Limited to “Pulp and paper manufacturing”
10 Manufacture of coke and refined petroleum products 7 and 10 and
Chemicals 12 Chemicals, chemical products and fibres 12 and 13
13 Pharmaceuticals and 16 or 17
14 Rubber and plastic products

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 38 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Technical IAF Description of economic sector/activity, Critical


cluster code according to IAF ID1 code(s)
15 Non-metallic mineral products
16 Concrete, cement, lime, plaster, etc.
17 Limited to “Base metals production”
Mining and
2 Mining and quarrying 2
quarrying
25 Electricity supply
Supply 26 Gas supply 25 or 26
27 Water supply
31 Transport, storage and communication 31 (limited to
24 Recycling dangerous
goods), and
Transport &
24 or 39
Waste
(limited to
management 39 Other social services NACE 37,
38.1, 38.2,
39)
29 Wholesale and retail trade; Repair of motor vehicles,
motorcycles and personal and household goods
32 Financial intermediation; real estate; renting
33 Information technology 29 or 35
Services
or 36
35 Other services
36 Public administration
37 Education
Nuclear 11 Nuclear fuel 11
Health 38 Health and social work 38

Each AB can decide to designate different critical codes within each technical cluster,
according to national regulations, local market conditions and effective use.

The technical justification for these modifications shall be recorded.

End of IAF Mandatory Document Application of ISO/IEC 17021-1 for the Certification of
Occupational Health and Safety Management Systems (OH&SMS)

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018


IAF MD 22:2018 International Accreditation Forum, Inc.

Issue 1 Application of ISO/IEC 17021-1 for the Certification of Page 39 of 39


Occupational Health and Safety Management Systems (OH&SMS)

Further Information:

For further Information on this document or other IAF documents, contact any
member of IAF or the IAF Secretariat.

For contact details of members of IAF see the IAF website: http://www.iaf.nu

Secretariat:

IAF Corporate Secretary


Telephone: +1 613 454-8159
Email: secretary@iaf.nu

Issued: 25 January 2018 Application Date: 25 January 2018 IAF MD 22:2018 Issue 1

© International Accreditation Forum, Inc. 2018

You might also like