EHS Management

Safety Management Systems — Which Is Right for You?

It can be tough to navigate all the safety management systems available. They range from voluntary guidelines to international industry consensus standards with formal certification processes.

Safety management systems

Shinonome Production /

There’s the Occupational Safety and Health Administration’s (OSHA) original 1989 safety and health management program guidelines, OSHA’s voluntary protection program (VPP) “Star” criteria from 2008, and 2016 recommended practices for safety and health programs. There’s an industry consensus standard, the American National Standards Institute’s (ANSI) Z10 occupational health and safety management system, originally developed with the American Industrial Hygiene Association and since updated and maintained by the American Society of Safety Professionals (ASSP). There are international standards like the International Labour Organization’s (ILO) Guidelines on Occupational Safety and Health Management and the International Organization for Standardization’s (ISO) new ISO 45001, which became final in 2018.

ISO 45001 has had the greatest impact on the field. An earlier British standard, OHSAS 18001, was withdrawn as standards-setting authorities in the United Kingdom adopted ISO 45001. ANSI and ASSP have adopted ISO 45001 and revised Z10 to adapt the standard to conform with certain elements of ISO 45001.

While there is a California Injury and Illness Prevention Program (IIPP or I2P2) standard, there is no federal workplace safety and health management program regulation. OSHA’s criteria, guidelines, and recommendations are all voluntary.

OSHA Criteria, Guidelines, Recommendations

OSHA began support for safety and health management programs in the Reagan/Bush era with its Voluntary Protection Program (VPP), which recognized employers with exemplary safety and health performance. The agency issued voluntary guidelines on January 26, 1989, for employers who chose not to participate in the VPP. OSHA argued then that comprehensive safety and health programs helped reduce employers’ costs for workers’ compensation insurance.

The agency pointed out that VPP participants had lost-workday case rates one-third to one-fifth of the rates at non-VPP sites.

Employer commitment and employee involvement, worksite analysis and evaluation, hazard prevention and control, and safety training are the major elements of the voluntary program guidelines.

Worksite analysis includes both initial hazard identification and an on-going evaluation of working conditions and processes. New hazards may occur with changes in equipment, methods, and workflows.

Hazards identified in worksite analysis can be addressed through a traditional hierarchy of industrial hygiene controls—elimination or substitution, engineering controls, administrative controls, and then personal protective equipment (PPE) as a final barrier to workplace hazards.

The agency issued updated guidelines in the waning days of the Obama administration. OSHA Administrator David Michaels released the “Recommended Practices for Safety and Health Programs” on October 18, 2016, at the National Safety Council’s annual Congress & Expo.

The 2016 guidelines stress worker participation more heavily than the 1989 guidelines. The agency suggested employers need to encourage workers to report safety and health concerns to management, fully participate in planning and implementing their employer’s safety and health management program, and give workers unrestricted access to safety and health information.

Since multiemployer worksites have become more common than they were in 1989, the 2016 guidelines also encouraged communication and coordination between host and contract employers. The agency also hoped an “easier-to-use” format would encourage small- and medium-size businesses to use its recommendations.

The 2016 recommendations retain many of the elements of the 1989 guidelines— employer commitment, hazard identification and controls, and safety training —presented in a slightly different format. The safety and health program criteria for Star VPP participants includes the same elements but also requires program documentation.


The ASSP recently updated its industry consensus standard for safety and health management programs. The American Industrial Hygiene Association (AIHA) first began work on an occupational safety and health management program standard in 1999, issuing the ANSI/AIHA Z10 standard in 2005.

The Z10 standard, since the beginning, has included many of the same elements as the OSHA 1989 voluntary guidelines, such as employer commitment, hazard identification, a hierarchy of hazard controls, and safety education and training. It also is similar to the ILO Guidelines on Occupational Safety and Health Management Systems (ILO-OSH 2001).

Unlike the OSHA voluntary guidelines, the Z10 standard includes provisions for internal audits and management review.

AIHA relinquished its role as secretariat for the ANSI standard following the 2012 revision. This year, the ASSP released an update, ANSI/ASSP Z10.0-2019, to synchronize the standard with the high-level structure of ISO 45001. Changes included:

  • Addition of a “Context of the Organization – Strategic Considerations” section for organizations that need to consider both external and internal issues in their safety and health management systems;
  • Replacing “employee” with “worker,” since not all workers at an organization’s worksite will be its own employees;
  • Addition of a “Support” section covering communication, competence, document process control, education, and training; and
  • Conversion from a two-column format to a single-column format for employers that use electronic access.

The Z10 standard has not been completely harmonized with ISO 45001. The two standards are not interchangeable. Implementing a program that conforms to Z10 requirements will not ensure ISO 45001 certification.

The Z10 standard implements certain advancements in safety and health management, such as emphasis on occupational health information and organizational learning and feedback and the integration of safety and health management systems with overall business systems.

ILO Guidelines

The ILO is an agency of the United Nations that sets international labor standards and promotes workers’ rights. It released its Guidelines on Occupational Safety and Health Management (ILO-OSH 2001) as part of its mandate to promote “decent work,” arguing poverty should not justify a disregard for workers’ safety and health.

The ILO guidelines include both policy guidelines providing a model for national laws and regulations requiring safety and health management systems and organizational guidelines for implementing safety and health management systems. The guidelines include many of the same elements as other guidelines and standards such as employer commitment and organizational policy, worker involvement, initial and ongoing hazard identification, prevention, control, and emergency planning, audits and management review, as well as continual improvement.

Both AIHA and OSHA participated in meetings during the development of the ILO guidelines.

Waldemarus / iStock / Getty Images Plus / Getty Images

ISO 45001

ISO 45001 is an international consensus standard for workplace safety and health management programs. Other ISO standards include ISO 9001 for quality management systems and ISO 14001 for environmental management systems. Some corporations will only contract with ISO 9001 or ISO 14001-certified vendors and may add ISO 45001 certification to their contract requirements.

Much of ISO 45001 is based on an earlier British standard, OHSAS 18001. The British Standards Institute (BSI) canceled OHSAS 18001 with the adoption of ISO 45001.

BSI and ISO have a framework for OHSAS 18001-certified companies to migrate to ISO 45001. ANSI and ASSP have adopted ISO 45001 as an American national standard but are not withdrawing Z10. ANSI and ASSP offer both, catering to the needs of a wide variety of American employers.

Like the OSHA voluntary guidelines and recommendations, an ISO 45001- compliant safety and health management system includes employer commitment and worker participation, hazard identification, and controls, and training. The ISO 45001 standard, however, also includes provisions for monitoring and measurement, management review, and system improvement. The context provisions cover understanding the expectations of workers and external interested parties of an organization’s safety and health management system. Interested parties are stakeholders that could be affected by an employer’s decisions in safety and health management.

ISO 45001 also covers outsourcing and procurement.

California IIPP

California requires employers to establish written IIPPs. Unlike the OSHA guidelines and recommendations, IIPP is codified in the state’s Labor Code (Title 8, CCR Section 3203).

Under California regulations, every employer in the state must establish, implement, and maintain a written injury and illness prevention program. The IIPP standard typically is the most frequently cited California standard followed by the heat illness prevention standard and construction industry IIPP standard.
Employers must designate a manager with responsibility for the IIPP. Like OSHA’s voluntary guidelines, California’s mandatory IIPP includes requirements for identifying and controlling hazards and providing worker safety education and training.

The IIPP also contains recordkeeping requirements for employee training and scheduled and periodic workplace inspections similar to the internal audit requirements of international standards. An IIPP also must cover the employer’s procedures for investigating employee injuries and illnesses.

The California Division of Occupational Safety and Health (Cal/OSHA) does offer a sample model IIPP employers can adapt in developing their own program. However, the agency cautions employers the model program is not an “OSHA-proof” boilerplate. The written program regulations also require employers to adopt certain practices like providing employee training and conducting regular inspections to identify unsafe conditions and work practices.

An effective IIPP must have a designated person with authority and responsibility for the program, to recognize employees for complying with safe work practices, discipline employees for noncompliance, communicate hazards, train employees in safety and health procedures, and investigate incidents and correct hazards.

Benefits of Implementing a Program

Government, academic, and private-sector researchers have thoroughly investigated the benefits of implementing a safety and health management program. The most obvious benefits are regulatory compliance assurance and reduction in the number of employee injuries and illnesses and workers’ compensation costs.

Programs also can produce gains in worker productivity and reduce employee turnover, offering a return of investment for employers that decide to adopt a program.

Choosing a safety and health management program system to adopt can depend on:

  • Location—if you are an employer in California, you must establish and maintain an IIPP under California regulations;
  • Goals—if you simply wish to achieve injury and workers’ compensation cost reductions, following one of OSHA’s voluntary guidelines may yield the results you seek; and
  • Business situation—if you already have ISO 9001 (quality) or ISO 14001 (environmental management) certifications or seek to pursue certain contracting or procurement opportunities, then ISO 45001 certification may make the most sense for your business.