The Paradigm Shift in Standards Thinking;

Management Systems versus Specification

C. Gary Lopez CSP
Sr. Director of Safety & Risk Management
Ranger Construction Industries Inc.
West Palm Beach, Florida

Introduction
As the field of Safety and Health continues to mature there is a growing movement toward
using management systems approaches to safety, health and environmental (SH&E)
programs that reflect the success companies have realized with similar approaches to their
quality programs. One of the significant impacts of this shift to use of management systems
in SH&E has been new approaches in changing what we look at when managing the safety,
health and environmental issues to which an organization is exposed. The outcome has
been a shift from managing regulations, hazards and pure body count to the
implementation of managing the risk to which organizations are exposed. This shift in
thinking is leading SH&E professionals to think less in terms of zero accidents and
safety first and more in terms of the concept of Acceptable Risk. Obsession with
regulatory compliance is being replaced with assessing an organizations risk exposures.
While not ignoring compliance with regulations, regulatory compliance is now viewed more
as a basic minimum or given in an organizations approach to SH&E, but not the driving
force.
Recognizing that the old specification standards are no longer a benchmark for SH&E
professionals to use as guidance in their management efforts, management systems and
performance type standards for safety, health and environmental issues have begun to
spring up around the globe.

Birth of a Standard
Although most safety professionals do not realize it, most standards are born as a reaction
to an event rather then being proactive in nature. One can trace the history of standards
(and most of the safety and health organizations for that matter) and find that they follow a
series of serious accidents or single events so traumatic that a resulting standard is almost a
given. For example, after the Bhopal incident, process safety standards targeted at the
chemical industry were developed both voluntarily by the chemical industry thru the
Chemical Manufacturers Association (now the American Chemical Council) and
legislatively by the Occupational Safety and Health Administration. This pattern is
historical. Whether it be the Titanic disaster, the Triangle Shirt Factory fire, the Coconut

Grove fire, standards to prevent future occurrences of similar incidents quickly follow on
the heels of these events. In some instances the motivation is more chronic in nature. For
example, after consistent losses in confined space incidents, there was a clear need for a
standard to identify what the Standard of Care (more on this topic later) should be in
entering confined spaces.
For whatever the reason, the normal progress of standard development is as follows:
1. Someone decides (normally in reaction to reasons covered above) that a standard is
needed to address a particular risk.
2. An advocacy group is usually sought out to sponsor the standard. Typically this will
be organizations such as the American Society of Safety Engineers, American
Industrial Hygiene Association, National Safety Council or similar type
organizations.
3. Once convinced of the need for the standard, the advocacy group will petition a
standards organization such as the American National Standards Institute for a
project to create the standard.
4. Once approved by the standards organization the advocacy group becomes the
Secretariat to the proposed standard.
5. Although there are different methods of approving a standard, the consensus
approach is usually the most popular.
6. Committee members are selected from various interest groups with the standards
organization providing guidelines regarding what type of representation is required
on the committee for a fair balance.
7. The committee meets and develops a standard.
8. The standard once approved by the writing committee is put out for public
comment.
9. After public comments have been adequately addressed the committee has a final
vote on the standard and it is published.
10. The standard becomes live and must be reviewed on a periodic basis specified by
the standards organization to remain valid.
Although this progression sounds clean and academic, depending on the standard and the
chemistry of the committee, the process can be long, acrimonious and at times reach a point
where the committee can not agree on a final standard. An example of this would be the
failure of the NSC sponsored ANSI committee to reach agreement on an ergonomics
standard. No agreement could be reached on what would constitute acceptable standard
language. The standard was finally abandoned.

Voluntary versus Mandatory

In the United States, only government (OSHA) standards are mandatory by law. However,
OSHA and the states will from time to time incorporate voluntary standards by reference,
giving these standards the force of law. But for the most part, historically ANSI, NFPA,
ISO, ILO and other such standards were written with the idea that they were to be used as
voluntary consensus standards. Increasingly however, the line between voluntary and
mandatory standards is beginning to blur.
In the case of incorporating voluntary standards by reference OSHA has actually created
the problem of the referenced standard quoted being out of date and in some instances

obsolete. For example, if OSHA references ANSI Z89.1 1989, and the most recent edition of
the standard is ANSI Z89.1 2005, which is an organization to use? The problem arises in
that OSHA does not reopen their standards (for obvious reasons) every time an ANSI
standard is updated. By ANSI bylaws all of their standards must be updated every five
years. The outcome is a quandary that all organizations face and in some instances makes
literal compliance impossible.
A second and probably more serious issue is that due to the increasingly litigious nature of
our society the concept of Standard of Care earlier referenced is creeping into the safety
professionals lexicon.

Standard of Care
The term Standard of Care defines a concept that a standard exists that has been agreed
upon by peers in your field, organization group and or society in general that defines that
type of behavior that would constitute acceptable risk regarding a particular issue. This
concept in a sense implies that if there is a voluntary standard that addresses risks in your
organization, and yet you ignored or did not use such a standard as your benchmark, you
have left yourself open to the question of if you have paid proper due diligence to risk
mediation measures. Considering these factors, in todays highly litigious world no
organization is going to ignore the more recent standard and be satisfied complying with an
older version of the standard. This would be setting oneself up for a potential lawsuit by not
meeting a Standard of Care.
The outcrop of this is that many of the voluntary consensus standards have become
anything but voluntary. No organization wants to find itself in a position of not complying
with the latest Standard of Care in terms of safety and health regulations. No organization
wants to find itself mounting their defense on a 25 year old standard and on the stance of
because OSHA says so in a court of law. The end result is that voluntary standards are
fast becoming voluntary in name only.

Safety Management Systems are Born

As the SH&E field has matured so has the way it is managed. Thirty years ago the
approach was the 3 Es of safety; Education, Engineering and Enforcement. This gave way
to the program approach in which the various elements of what constituted a good SH&E
program were broken out and implemented. The next wave was the Technocrat
approach in which it was thought that all ills could be cured with a specification standard
for the topic. This was followed by the rebirth of the Human Behavior phase in which it
was decided that since human factors were responsible for 80 to 90% of all incidents, if we
could only control the people all would be well with the world. Through this entire
transition the programmed standards driven approach was the main thrust of the
initiatives.
Then ISO 9000 hit and the whole world went process improvement crazy. Naturally this
has spread to the SH&E field making a management system standard based on the ISO
9001 process almost inevitable.

Z10 Arrives
On July 25th, 2005 ANSI did what the Occupational Safety and Health Administration had
not been able to do in two decades. ANSIs version of a safety programs standard was
published as ANSI Z10 Occupational Health and Safety Management Systems Standard. It
is this writers opinion that in the future safety and risk management students will study this
as a seminal event in our field. For the first time a standard was made available that
covered how you should manage your safety and health efforts in an organization. The first
effect of this systems thinking is that through the planning stage of the process an
organization if forced to think beyond the simple concepts of zero accidents and body
count type injuries and illnesses. The focus is on risk and what constitutes acceptable risk
to an organization. Interestingly enough, nothing new was invented for the writing of this
standard. In simple terms what was done was many of the modern management
approaches in managing risk in an organization were for once incorporated in one
document. The focus and businesslike approach that this document promotes regarding
methods of seeking out the degree of risk associated with hazards and then turning that into
the best systems to address these risks should result in dramatic lowering of catastrophic
type losses and all loss in general. This new approach of review the risks to which an
organization is exposed, prioritize these risks, develop measures to address the risks
according to the prioritization and then auditing your success or failure with the intent of
improving your management process is both beautifully simple yet highly effective.
The irony of this approach is that it is bringing the Safety field closer to a distant cousin
that has used a similar approach for years, the insurance industry. Why the two fields have
not merged years ago and pooled their resources is a subject for another time, but clearly
they are working off the same page more and more.
At any rate, what will change dramatically is that the current world of managing safety by
compliance with specification standards and accident rates will change substantially to a
world driven by risk assessment and measures taken to address the risks of an organization.

Certification
Perhaps the word that can cause feelings from the sublime to the painful is certification. No
matter what side of the fence you fall on or how you view the value of certification it is here
with us and impacting the way we do business in some parts of the world. The term
certification covers a lot of territory in the standards world, so for purposes of this
discussion we will limit it to certifying a management standard such as ISO 9001 or ISO
14001.
Typically the way certification works is that an organization decides they want to become
certified to a standard and embark on a program of putting all of the standard elements
in place. This usually involves developing the management systems, the paper trail and
whatever other measures for which the standard calls. Once this is completed the
organization typically will go to an outside certification agency and ask them to come in and
pronounce them certified to whatever. The first step is usually a paper audit and then
this is followed with the real deal.
In some countries certification to standards such as 14001 has become a requirement of
doing business. In other instances some businesses will not use you as a contractor or

vendor is you cannot demonstrate you are certified to whatever standard they require. The
cost of such certification is not cheap and in some instances can get into the six figures to
certify and maintain per location. For this reason many companies are rightly concerned
about where the certification mania is leading. Especially as it begins to proliferate from
quality to environmental and on to safety and health standards. The nightmare scenario is
that you have an entire department that does nothing but walk around certifying the
businesses activities.

Whats in a Systems Standard?

Currently there are several Systems Safety and Health standards floating around.
Interestingly enough they are very similar in content. Most contain the following elements:
1.
2.
3.
4.
5.

General Requirements/Policy
Planning and Organizing
Implementation and Operation
Evaluation/Corrective Actions/Audit
Management Review/Improvement

Anyone familiar with the ISO Quality standard will see the obvious similarity in the
outlines. As a matter of fact, anyone familiar with basic Business Administration 101 will
see an obvious pattern. One could argue why it took so long for the obvious to be applied in
the safety and health field, but a simple stroll down history lane of the safety profession
explains this failure of logic. Complicating matters is that the Safety and Health field is still
a field searching for an identity.
Returning to the topic at hand, a closer examination of the standards that are currently out
there reveals that the basic outline has little variance.
To see a comparison of the various standards please refer to the table below.
ANSI Z10

ILO
OSHAS 18001 ISO 14001
MEOSH 2001

Mgt Lead &

Employ Part

Policy

General
General
Requirements Requirements

Planning

Organizing

Policy

Policy

Implement & Planning &

Operations
Implement

Planning

Planning

Eval/Correct
Actions

Implement & Implement &

Operation
Operation

Evaluation

Management Action for

Check &
Review
Improvement Correct Act.

Check &
Correct Act.

Management Management
Review
Review

The content of these standards are built along the lines of the Plan, Do, Check, Act found as
the basis of the ISO 9000 quality standards. The first three standards listed are safety and
health standards, ISO 14001 is a Environmental Management Systems Standard.
The beauty of these systems standards is that they are highly adaptable to almost any
organization. The downside to these standards is that they are not self explanatory. They
do require the presence of SH&E professionals to implement a meaningful plan. As with all
program non specification type standards the upside is their flexibility but the downside
(if you view it as that) is their lack of direction to the novice.
Of interest is that the ANSI Z10 Occupational Health and Safety Systems Standard started
as a standard that was to address the needs of the small business. But as the standard
matured it was clear to even the casual observer that what was being written was a model
standard by which all large corporate SH&E programs were run. To expect Ma & Pa
Plumbing to pick up the standard and understand half of the content and more to the
point how to implement it, would be wishful thinking at best.

Is there a need for a ISO Safety & Health Standard?

At this time the International Standards Organization (ISO) is moving steadily toward
developing an international safety and health standard. It is too early to predict the final
look of such a standard, but the logic behind the need for such a standard is irrefutable.
Getting back to what it would look like, if one were to take the predominant systems
standards in use now, (ILO MEOSH 2001, ANSI Z10, ISO 14001, OSHAS 18001) as stated
above they are remarkably similar in outline. Part of this is clearly attributed to the fact
the writers did not want to swerve too far from what was already out there. A greater part
is that you can only make the wheel so round. By the nature of the process, the
performance language will not allow to great of a level of detail, consequently the
standard will more or less lead you down a trail to the goal of the exercise. How many ways
can you say Plan, Do, Check, Act? Considering the similarity one has to ask the obvious
question, why do we need so many standards saying the same thing?

How did we get in this mess?

One has no further to find the enemy then to look in the mirror. In a perfect world when
the ISO 14001 standard was being written, instead of an Environmental Management
System Standard, it should have been a Safety, Health and Environmental System
Standard. Ironically, this very issue was brought up when the committee that drafted ISO
14001 first met. But several factors weighed heavily against this approach.

The infamous Rosemont meetings

In 1995 it became obvious that the committee that was drafting the ISO 14000 standards
was not going to take on safety and health as part of the standards. To discuss this omission
and the growing movement in Europe to recommend a project for an ISO safety and health
standard a meeting was held in Rosemont, Illinois at which many of the larger corporations
in the country sent their best and brightest minds to discuss the topic of an international
safety and health standard. The outcome of the meeting was a rousing there is no need for
such a standard. The instructions were sent to ANSI to vote No on a proposed project

for an ISO safety and health standard. ANSI did so. A few viewed the outcome of this
meeting as a bury your head in the sand approach to the direction of safety and health.
All of this is a moot point. The ISO 14001 standard re write in 1998 came out, without a
safety and health component and the ISO project for a standard was voted down so that
settled that. Or at least everyone thought.
It is a fact of science that nature abhors a vacuum and that surely something will come
along and fill it. Into the vacuum left by the Rosemont meetings jumped first ILO, then
OHSAS, then ANSI. So instead of one standard on the topic of how a SH&E program
should be structured and managed that could be used internationally, we now have two
international and one national standard, (note: although the ILO and OHSAS documents
are guidelines and specifications respectively, this is merely semantics, for all intents
and purposes they are used as standards). Adding to the avalanche of what was judged to
be unnecessary standards is a resurgence of the movement for the ISO Safety and Health
standard.
One can look back at the Rosemont meetings in absolute disbelief and ask how could we
have not seen this coming? The simple truth is that the thinking was parochial in nature.
From a US standpoint we had enough safety and health standards. Although the
international marketplace was getting ready to take off, it hadnt launched to the level of
today. But probably the greatest fear was the proliferation of certification standards. One
can also ask what members of ISO 14000 were thinking. Couldnt they just add the words
safety and health in most of language of the 14001 Environmental Management Standard
and saved us from all of this? Unfortunately Technical Advisory Group (TAG) 207 which
was formed to write the ISO 14000 environmental standards was composed of mostly
environmental folks. They clearly saw their mandate as to write an environmental
standard only. In defense of the original drafters of the standard, I am sure they viewed
going beyond this was not their remit, nor did they want to complicate the writing of the
standard by throwing safety and health into the mix. Calling this short sighted in thinking
is water under the dam as this point. But simply put, it was short sighted. At any rate the
bottom line was you had two separate groups rationalizing why the ISO safety and health
standard was not needed from both sides of the ditch. In short we were setting ourselves up
for the obvious, a vacuum into which others would charge with international safety and
health standards, plural.

What now?
The logic for the standard is not as clear as it was before it had challengers, but ISO is the
pre-eminent standards organization for international standards, and in our international
marketplace of the 21st Century, they are the perfect venue for the safety and health
standard.
This case if furthered by the fact that many of the international corporations operating in
various countries struggle with how to develop a world class safety and health
management system in which the playing field is level. The need is clearly there.
However the path for an ISO standard is far from clear despite the logic of such a standard.
An example of this is that one of the current standards organizations is objecting to a
proposal for a project to a ISO safety and health standard. Their argument is, we already
wrote an international standard, what do you need another one for? This is not an

inconsequential argument. One has to believe that when and if the ISO Safety & Health
standard comes out, that most of the other safety and health system standards will become
no more then historical footnotes in the final act of this process. What will the final act be?
At some point someone will raise the question why dont we just combine the ISO 14001
EMS and whatever the new ISO safety and health standard will be. Or it will play out as a
separate committee. Whichever the case we will first have to bear more turf battles and let
the obvious struggle down its evolutionary path.
After all, you just cant rush Mother Nature or Safety, Health and Environmental people
fighting the obvious.