During a recent audit, it happened that a lapse within an organization’s OSHA compliance was observed. When I say “observed”, I don’t mean to imply it was an observation – it became a non-conformance.
This is a particularly good company, by the way – they do better than most with much of their process. But I’m here with the requirements of ISO 9001 in one hand, and the snapshot of what is happening in their company at that moment in the other.
OSHA does a fair amount of enforcement themselves – they audit companies too. So, where does the management system auditor come in?
And quickly, particularly for those of you in other countries, OSHA is short for “Occupational Safety & Health Administration”. The meat of their mission is to assure safe working conditions by setting and enforcing standards.
An OSHA finding by an ISO 9001 Auditor??
And that’s the question. It often takes the client by surprise when I spring the HazCom card on them, and nobody likes surprises – particularly not I. It isn’t good for business – and it isn’t nice.
“How can you write me up for OSHA in 9001? This isn’t 18001! I just had my OSHA guy in last week and he found nothing.”
It’s an emotional activity sometimes; this business of poking holes in someone else’s presumably good pie. We all take pride in what we do.
Two Hooks
First, what’s the requirement? How exactly do you find the OHSA in 9001? That’s a two-parter; one is the OSHA regulation and the other is the ISO clause that hooks into it.
OSHA CFR
OSHA has its Code of Federal Regulation and it is, in a word, beastly. It is divided into 50 titles that represent broad areas subject to federal regulation. It is close to 180,000 pages, including a 1,000-plus page index. For comparison, all the books in Game of Thrones total just over 4200 pages – though I think more people die in Game of Thrones.
The OSHA citation is 29 CFR 1910.1200(f).
Except for some exceptions that will rarely apply, it parses to:
“…the employer shall ensure that each container of hazardous chemicals in the workplace is labeled, tagged or marked with the following information:
(i) Identity of the hazardous chemical(s) contained therein; and,
(ii) Appropriate hazard warnings, or alternatively, words, pictures, symbols, or combination thereof, which provide at least general information regarding the hazards of the chemicals, and which, in conjunction with the other information immediately available to employees under the hazard communication program, will provide employees with the specific information regarding the physical and health hazards of the hazardous chemical…”
Secondary Containers
The real issue is usually around “secondary containers”. These are not the containers that a chemical comes in – those are often correctly labeled from the manufacturer – it is the container that is used either to transport the chemical to the point of use, or the container it is temporarily stored in, or refilled into, that wasn’t originally used to store the chemical.
What kinds of chemicals are we talking about? Well, everything from water to cleaning agents to MEK (methyl ethyl ketone – unpleasant stuff). In most facilities I find various oils, alcohols of all kinds, acetone occasionally, solder flux, coolants.
Usually the more dangerous items have been taken care of – though lack of diligence or awareness in one area, can bleed into others.
Globally Harmonized System (GHS)
Because it was recently implemented as a change to how chemicals are labeled, I will cover it here. When OSHA adopted the Globally Harmonized System (GHS) in 2012, it wasn’t immediately clear how changes to labeling rules would affect the workplace.
The latest guidance from OSHA shows that the general requirements for workplace labeling have not changed. When it comes to secondary container labeling, OSHA said organizations can proceed as usual as long as they are adequately informing employees about hazardous chemicals.
OSHA said this in a recent briefing.
“If an employer has an in-plant or workplace system of labeling that meets the requirements of HazCom 1994, the employer may continue to use this system in the workplace as long as this system, in conjunction with other information immediately available to the employees, provides the employees with the information on all of the health and physical hazards of the hazardous chemical,”
What Labeling is Acceptable?
According to OSHA, as long as employees have immediate access to all information about the hazards of the chemical, and as long as secondary container labels do not conflict or confuse GHS pictograms or signal words, employers can use a workplace labeling system that includes any of the following labeling methods:
- Signs
- Placards
- Process sheets
- Batch tickets
- Operating procedures
- Other written materials to identify hazardous materials
The generally accepted approach to this is the HazCom label, but some combination of the above works as well. Let the resident expert tell you what they do to satisfy the regulation – if there is one (there should be).
The placard option is one I’ve seen that works well in many organizations. Essentially a largish laminated HazCom label hung in the area where the containers would be found, possibly also attached to a work surface. This is going to be more effective when the chemicals are of low risk (oils, for example).
This is really up to the company to define, but it has to be established – and that brings us to the 9001:2008 requirement.
The OSHA within 9001
OSHA requirements fall into the category of “statutory and regulatory requirements” which are referenced in several places – feel free to skip to “The Best Place…” below, for my take on it.:
1.1 General
This International Standard specifies requirements for a quality management system where an organization a) needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
1.2 Application
… Where exclusions are made, claims of conformity to this International Standard are not acceptable unless these exclusions are limited to requirements within Clause 7, and such exclusions do not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable statutory and regulatory requirements.
Translation: You can’t exclude yourself from an OSHA Requirement in your Scope of Registration on your Certificate.
5.1 Management commitment
Top management shall provide evidence of its commitment to the development and implementation of the quality management system and continually improving its effectiveness by
-
a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements…
7.2.1 Determination of requirements related to the product
The organization shall determine … c) statutory and regulatory requirements applicable to the product…
7.3.2 Design and development inputs
Inputs relating to product requirements shall be determined and records maintained (see 4.2.4). These inputs shall include … b) applicable statutory and regulatory requirements…
The Best Place (ymmv) to find OSHA within 9001
For myself, the “go to” clause to find OSHA within 9001 is the one in 5.1, specifically the “communicating to the organization the importance of meeting customer as well as statutory and regulatory requirement”. And that is a responsibility of management.
The salient point being that if the requirement were effectively communicated, then it would not be an issue. By placing it there I believe it addresses the likely root cause and can help an organization solve the entire problem; helping them look at all of their applicable statutory and legal requirements and how those are implemented in the workplace.
One of the other clauses above may in some cases work better, particularly the one with regard to design input, but frankly, this pre-supposes a familiarity with the product that an auditor can’t be expected to have.
The Last Word(s)
The OSHA requirements, the common ones and some of the not-so-common ones, have almost certainly been seen in many different organizations, particularly by an auditor with some seasoning.
HazCom as described above is the most common place to find OSHA within 9001. Occasionally there is also forklift or Powered Industrial Truck (PIT) safety. The regulation for that is fairly complicated as well. I may cover that in another post but basically, there is a law that all PIT’s be given a safety inspection every day, and before each shift. Typically this means forklifts, but there are other hand-carts that are powered that fall into this category.
This often is done in a company, but no records are kept of it because the OSHA requirement for record keeping is less clear. For 9001, since the action stems from a specified requirement – there needs to be a record of it.
The auditor is cautioned, however, not to “second guess” any local authority on the subject. You are being paid for your management system auditing expertise, not your OSHA compliance acumen. If they have a system in place; someone with the proper credentials (see the requirements in 6.2) then hear them out – you may learn something.
Thanks for your attention.
And now a word from our sponsor: