The requirements for a safety management system closely match the requirements for a quality management system, albeit with a different focus. The same tools and processes you use to manage quality also apply to safety (and environmental) management systems – documentation and document control, incident/non-conformance reporting, maintaining records, managing training, maintaining equipment. (PS: QSToolbox is designed to manage it all!)
For both management standards, you must define the scope of what the management system will cover and both require a policy.
Each type of policy must be appropriate to the organisation, include a commitment to continual improvement, and be available and communicated to the people in your organisation. Having a safety policy that is “appropriate to the organisation” means that your policy reflects the type of hazards and risks associated with your activities. The safety policy must also declare a commitment to complying with relevant health and safety regulations.
In either case, the policy provides a basis for establishing objectives, and must be reviewed periodically to ensure it is still appropriate.
In terms of safety management, this means you have a process in place to identify and control risks and hazards, and you have process to identify legal requirements.
In a quality sense, the focus shifts to determining customer requirements for the product/service but regulatory requirements are also included in the quality planning process.
Setting objectives and targets and having a plan as to how to achieve them is common to both management standards. This is not surprising, since the process is common to setting and achieving other kinds of business goals. Targets need to specific and measurable so that you are able to monitor your progress in reaching them. Plans should also be specific as to who’s responsible and when these objectives should be achieved. Obviously both objectives and plans will need to be reviewed and updated regularly.
Both management systems refer to providing sufficient resources (financial, material, and human) to implement and maintain the management system. Roles, responsibilities and accountabilities for the safety and quality systems also need to be defined – typically in organisation charts and job descriptions. Each standard requires a management representative (could be the same person) who is responsible for implementing and maintaining the system and reporting back to “top management”.
Part of ‘implementation’ includes determining training needs, providing training (internally or externally) and managing training records. This includes safety related training, training for specific job tasks and also training for the management system itself. Similar requirements for training and competency are detailed under “resource management” in the ISO 9001 quality management standard.
Consultation is specifically listed in the safety management standard, requiring that employees be consulted in health and safety matters. Communication to internal and external parties are part of both quality and safety management and, consistent with its focus, the quality standard specifically refers to customer communication.
The safety standard lists specific reporting requirements: system performance (audits and reviews), incidents and non-conformance, hazard identification, risk assessment, preventive and corrective actions, and any statutory (legal) requirements. These are not so different to the input requirements for management review in the quality standard which include: audit results, customer feedback, process performance, product conformity, corrective and preventive actions, changes that affect the management system (including statutory changes), and improvement recommendations.
Both systems require that you document core processes and how they interact (e.g. with a process map). They also both require that there are systems/procedures in place for document control which cover document access, changes and approvals, version control, review, and preventing the use of obsolete information.
The safety standard requires an organisation to have emergency response procedures in place. In a quality system this could be considered equivalent to ‘control of non-conforming product’, i.e., what we do when things go wrong.
Again, the requirements are essentially the same, with a differing focus. AS4801 asks for measurement, monitoring and evaluation of hazards and, if necessary, health surveillance. For quality management the focus shifts to monitoring the processes and the product, with the same requirement for maintenance and calibration of measuring equipment.
Incident reporting, along with preventive and corrective actions can be found in both standards, as can the requirement for controlling records.
Management system representatives for either standard would be familiar with the requirement for auditing.
Finally, ISO 9001 and AS4801 both require that management take a look at their safety/quality system to evaluate whether it is adequate and effective, and to identify where change is needed.