When the ISO 45001 standard was first released in March 2018, one of the most noticeable changes from its predecessor was the introduction of a much more prescriptive process to define the scope of the management system. Whereas organizations were given considerable leeway in OHSAS 18001 in how they chose to define their management system’s “boundaries of applicability”, ISO 45001 levied two new requirements that businesses needed to adopt as inputs when defining their system’s scope.
Firstly, companies need to identify the organizational context of the enterprise. In other words, firms must identify all internal and external issues with the potential to impact their health & safety performance in either a positive or negative manner. This could include political, economic, social, regulatory, technological, and culture factors, but also the competitive landscape in which the organization resides. As Dan Markiewicz writes, “context thinking requires organizations to consider not only the effects of what they do, but also the effect on the organization’s objectives by what others do or don’t do.”
Secondly, ISO 45001 requires that organizations identify their interested parties, known more commonly as stakeholders, and consider their needs and expectations, along with the organizational context, to determine just how far beyond their physical borders the management system will (or should) reach.
And yet beyond setting the scope of the management system, a cursory review of the standard clearly shows that stakeholder interests are integrated at all stages of the Plan-Do-Check-Act cycle. Whether you’re identifying hazards, risks and opportunities, defining legal & other requirements, setting objectives, building communication channels or even evaluating performance, the needs and interests of those who may impact or be impacted by your business must be continually monitored, evaluated and considered when making decisions that could affect the management system and its outputs.
So how should organizations go about defining, and effectively managing stakeholder requirements in their ISO 45001 program? In this post we’ll walk through who to include in your ISO 45001 stakeholder list and how to assess and prioritize stakeholder interests.
Deciding Who to Include in Your ISO 45001 Stakeholder List
ISO 45001 defines an interested party as “any person or organization that can affect, be affected by, or merely perceive itself affected by a decision or activity related to the organization or its management system.”
For many, including those who may directly impact the business, or conversely be impacted by it, this make obvious sense. This would include your employees, contractors, customers, regulatory agencies and even the occupants of neighboring properties. But beyond those groups, according to the ISO 45001 standard, stakeholders can even include those who simply believe that they are affected. That could include anyone in the community in which the business operates, or perhaps those along an integrated supply chain providing goods or services but never stepping foot on your company property.
Annex A.4.2 of the standard reminds companies that some needs and expectations can be mandatory, and must be included in the management system scope, such as obligations from a regulator. But it can also include any expectations that the organization adopts voluntarily through its association, involvement or membership with a stakeholder group. This could include, for example, involvement in a community or industry initiative, or an incentive-based program like OSHA’s VPP.
When defining your stakeholder list, it’s best to leverage the expertise across your organization, including representatives from multiple departments and organizational levels, from executives right down to front-line staff. These individuals will bring broad perspectives and range of experience to the table which will be invaluable when deciding who makes your stakeholder short-list. If your business is currently certified to another standard, such as ISO 9001 or ISO 14001, the stakeholder lists curated for those systems are also a good place to start.
Assessing the Significance of Your Stakeholders
Since stakeholder interests will be a key input into other critical processes in the management system, your organization needs to develop a mechanism to continually assess, categorize and prioritize stakeholder interests to help inform future decisions on everything from risk mitigation and legal compliance to workforce consultation and management review.
But what’s the best way to do this? Let’s take a quick look:
1. Establish Assessment Criteria
To start, determine the criteria you’ll use to assess the priority of specific stakeholders (and their interests) against others. Since every company’s organizational context, needs and objectives are different, it’s best to select criteria that aligns to your company’s current and future strategic aims. Our partner, Trinity Consultants, offers some possible criteria for consideration:
Influence: What degree of influence does the stakeholder have on the activities and strategic ambitions of the organization? How might the stakeholder impact the company’s brand reputation that could affect their ability to secure necessary investment or attract top talent in a competitive market? If you’re seeking to expand the business, how might your ability to meet stakeholder needs influence approval of permits or other licenses to operate?
Business Reliance: This criterion seeks to understand how dependent your business is on that stakeholder. Does the stakeholder control or influence your access to raw materials, goods and/or services along the supply chain that are critical for your operations? Is the stakeholder an investor or institution that could impact your access to financial resources?
Relationship Strength: What’s the strength of the relationship with the stakeholder? Is there an existing relationship? Is the stakeholder cooperative and willing to engage, or are all communications funneled through legal counsel?
2. Prioritize Stakeholder Interests
Once you’ve mapped your stakeholders against each other using your defined criteria, it should make it easier to decide which stakeholders (along with needs and interests) must be prioritized in other key elements of the management system. Investing in improving relations with adversarial stakeholders might be a priority, especially if your firm is heavily dependent on them or business / operational risk is high.
3. Monitor Changes in Stakeholders & Their Needs
Your business and the context in which it operates will continuously evolve and change, as will who you consider your priority stakeholders. As a result, it’s essential that your organization adopts systems to allow it to easily monitor changes to stakeholders, and periodically re-evaluate and re-prioritize their needs and interests based on what direction your business, and your health & safety program, is shifting. In practical terms, it means you need to:
- Keep an accurate list of the key contacts within each stakeholder group you’ll need to engage with regularly to nurture the relationship
- Maintain an inventory of all communications with the stakeholder, especially to demonstrate to auditors that stakeholders are regularly consulted, kept apprised of key results and outcomes, and offered the opportunity to participate in activities impacting health & safety
- Keep a clear audit history of all changes made to the stakeholder records to demonstrate that their interests and needs are regularly reviewed, updated and considered in decisions that may affect the management system.
How Do You Manage ISO 45001 Stakeholders Without Creating an Administrative Nightmare?
Trying to sustain an effective stakeholder management program with paper, emails and simple spreadsheets is a losing ISO 45001 strategy. Recognizing how deeply stakeholders are intertwined in multiple areas of the management system, it isn’t difficult to imagine how a single change can cascade quickly, affecting other processes in short order. If that change creates negative effects, it could create real trouble in a very short period of time. Attempting to keep up with these changes manually with paper-based systems is not only inefficient, but opens up the potential for inadvertent errors and data loss that could impact the overall health of the management system, and your company’s ability to manage risk effectively. And the lack of real-time visibility into your stakeholder management program means you’re never sure if you should be staying the course, or shifting to correct and improve.
You Might Also Like: Improving Safety Culture: Where to Focus Your Attention for Maximum Impact
With EHS software solutions that help with ISO 45001 certification, organizations are able to automate many stakeholder management processes to reduce administrative burdens, freeing up staff to focus on other critical actions while reducing the chances of manual data entry errors that could impact downstream decision-making. These solutions offer tools to easily maintain a stakeholder registry, identify needs and expectations along with their significance, record communications between parties, and even create and assign corrective actions to address emerging stakeholder issues before they can explode into something more serious. With automated alerts, organizations can even ensure key stakeholder developments are immediately known and shared, enabling faster response that can ultimately lead to better relationship management. And as business intelligence and analytics capabilities continue to expand in enterprise EHS software, it offers companies powerful new tools to dive deep into their data, benchmark results across the enterprise, all while helping to uncover key trends, patterns, and actionable insights to drive better decisions on how to create strong, more sustainable performance over time.
Navigate Your ISO 45001 Journey with Ease
Implementing an ISO 45001 management system can be quite challenging and resource heavy. Don’t make it harder on yourself than it needs to be. Why not explore how software solutions can take some of the weight off your shoulders and give you some breathing room to focus on the next challenge along your ISO 45001 journey?
To learn more about how to effectively navigate your way to certification and build a management system that safeguards your employees and bottom line, download our ISO 45001 best practice guide: