“What’s the best way of doing this? The answer to this question is the fundamental reason why the International Organization of Standards (ISO) was founded”[1].
When I took over EHS compliance at one company, I realized that the policies, programs, and compliance were significantly lacking. At the time I felt that our priority should be fixing these systems and an EHS management system was an extra program that we could not afford to spend time on until we made other improvements. In hindsight, I realize this was a significant mistake on my part. After we had improved our EHS, we implemented an EHS management system and I realized that, instead of addressing our deficiencies in an ad hoc manner, the EHS management system would have helped us prioritize the issues and focus our attention where it was needed the most.
13.1 What Are Management Systems
EHS management systems are policies and programs designed to help you address EHS issues (e.g., compliance with regulatory requirements, reducing worker injuries and impact to the environment) in a proactive and systematic manner.
Common general elements of an EHS Management System include:
- Getting leadership buy-in
- Establishing a policy
- Communicating the policy
- Evaluating risks
- Setting objectives and targets
- Program evaluation and improvement
If you conduct a web-search for EHS management systems, the results will likely include software systems. These software systems may not be EHS management systems, but instead are EHS task management systems that can help track audits, inspections, permits, preventive maintenance, sustainability measures and training. Although useful, this section is not discussing these systems.
The EHS Management systems that I am familiar with typically follow the plan, do, check model of continuous improvement which involves the last three items in the bulleted list above. Figure 13.1-1 Compliance Management System Flowchart illustrates a plan, do, check model for compliance (e.g., compliance with EHS regulations).
Figure 13.1-1 Compliance Management System Flowchart
I think this is a great process to evaluate your EHS policies and programs and identify areas for improvement. I provide an example in the following sections.
13.1.1 Plan
Once a year, and just prior to budget requests, we would compile results from:
- Audit findings including repeat findings and associated corrective actions
- Incidents and associated investigations and corrective actions
- Inspections by regulatory agencies
- Internal inspections and preventive maintenance
Once compiled, we would review this information for high-risk issues as well as common issues and attempt to identify ways to address those issues. If the proposed solutions required money, we would request for it in the budget. We would try to time this phase so we would be able to make an immediate budget request, if needed: We did not want to identify an issue and wait for half a year before addressing it.
13.1.2 Do
Once the proposed solution is approved or you receive the money, you implement it. This could be a quick-to-implement solution or something that might take years to implement.
13.1.3 Check
The complexity of the check phase could vary depending upon the issue you are trying to address. You could verify that it worked immediately, or it could take years to evaluate the effectiveness and if it meant to address a lagging indicator, you may not be able to every truly evaluate the effectiveness (e.g., it can be difficult to differentiate when you have numerous issues that could affect the lagging indicator).
13.2 Why Implement an EHS Management System
13.2.1 Better Management of EHS Programs
Having a management system can improve EHS program performance by assisting with the following:
- Defining responsibility for EHS requirements.
- Setting EHS goals
- Improving recordkeeping and reporting measures
- Auditing EHS programs
- Demonstrating management commitment
- Providing consistency throughout your company
- Improving our ability to integrate new acquisitions[2]
Some studies have even shown that implementation of an EHS management system will improve your overall business performance[3].
13.2.2 Avoiding Willful Blindness
Some organizations prefer not to expend time and effort on EHS programs including EHS management systems. However, these organizations may not be afforded protection from violations and criminal prosecution: Willful blindness is a legal doctrine that can be used during enforcement actions to punish organizations and individuals that intentionally ignore EHS and other compliance requirements[4]. If a regulatory agency issues a citation or a notice of violation, if an employee injury occurs or a chemical is spilled or released, the company or individual company employees can be found guilty of:
- Not knowing EHS requirements
- Failing to implement EHS compliance programs
- Ignoring known deficiencies and violations[5]
13.2.3 Protection from Criminal Prosecution
The Department of Justice’s existing and proposed organizational sentencing guidelines consider compliance programs, such as EHS management systems[6]. To protect an organization, including, directors and officers, from potential criminal prosecution, the company should establish an effective compliance program, which includes:
- Oversight by high-level personnel
- Due care in delegating substantial discretionary authority
- Effective communication to all levels of employees
- Reasonable steps to achieve compliance, which include systems for monitoring, auditing, and reporting suspected wrongdoing without fear of reprisal
- Consistent enforcement of compliance standards including disciplinary mechanisms
- Reasonable steps to respond to and prevent further similar offenses upon detection of a violation[7]
An EHS Management System that follows a standard (e.g., International Organization of Standardization (ISO) 14001 Environmental Management Systems, 45001 Occupational Health and Safety Management Systems) is likely to establish these compliance programs. Without these compliance programs, individuals within a company can not only be found guilty of criminal offenses, but risk longer or more severe sentences and penalties[8].
The Responsible Corporate Officer Doctrine is also a risk to a company’s leadership. One of a limited number of defenses against the Responsible Corporate Officer Doctrine is implementing a comprehensive compliance program[9].
13.2.4 Unavoidable Employee Misconduct Defense
Imagine one of your employees is into Parkour and instead of climbing down several flights of stairs and up a ladder, they decide they want to try jumping from an elevated catwalk onto a tank. They slip and fall sustaining a significant injury requiring hospitalization that is required to be reported to Occupational Safety and Health Administration (OSHA)[10]. This could be an example of “unavoidable employee misconduct” which is a defense a company can use for an Occupational Safety and Health Administration (OSHA) citation[11]. However, it is not enough to simply claim unavoidable employee misconduct: You must prove the following:
- The company had safety and health programs, or rules related to alleged violation
- The company effectively trained the employee on that program or rule
- The company enforced the programs or rules including disciplining employees who violate the rules
- The company could not have foreseen the alleged violation[12]
The EHS management system will also serve to protect a company in enforcement proceedings in the event of employee misconduct. Part of an EHS management system is an audit process, which is one of the requirements needed to establish the employee misconduct defense (i.e., the company has taken steps to discover violations)[13].
13.2.5 Improved Company Image
Having an EHS management system can improve a company’s image with regulatory agencies as well as potential domestic and international customers and partners. Additionally, having an EHS management system in place will allow companies to implement International Organization for Standardization (ISO) more easily 14000 (Environmental Management Systems) and the Occupational Health and Safety Standard (OHSAS) 45000 (Occupational Health and Safety Management Systems): Some companies require the businesses that they work with to have these certifications.
13.2.6 Improved Company Evaluation
Even if a company achieves compliance with Environmental Protection Agency (EPA) and Occupational Safety and Health Administration (OSHA) regulations, without an organized EHS management system, you may fail to demonstrate effective compliance (i.e., the files may lack organization and we will struggle to provide compliance documentation).
An EHS management system will reflect positively on a company from the viewpoint of other companies and organizations that evaluate your company, such as our insurance carriers. You may see reductions in our insurance rates as a result. Some branches of regulatory compliance agencies (i.e., Environmental Protection Agency (EPA)) allow reduced penalties in enforcement actions for companies with effective EHS management systems (e.g., they conduct audits)[14].
13.3 EHS Management Programs
As discussed, the International Organization of Standardization (ISO) has EHS management standards that can be used to develop a program. The American National Standards Institute (ANSI) and American Industrial Hygiene Association (AIHA) also has an American National Standard for Occupational Health and Safety Management Systems (ANSI/AIHA Z10-2005). Unfortunately, you must pay for these standards. Several other options exist for developing a management system that are free including:
- Environmental Protection Agency’s (EPA) Environmental Management Systems (EMS)).
- Recommended Practices for Safety and Health Programs[15]
13.4 International Organization for Standardization
I had a meeting with the environmental department of a company that had just acquired our organization and they asked me why we had not gotten certified on the International Organization of Standardization (ISO) 14001 Environmental Management Standard (i.e., we had the system in place, but not requested a conformity assessment or certification that we were complying with the standard). I responded that our customers and others had not requested that we be certified. One of the new owner representatives responded: “Good! It’s expensive”.
These International Organization of Standardization (ISO) are recognized systems that some companies want their suppliers, and other companies that they do business, to comply. To verify that a company is following the International Organization of Standardization (ISO), you can have a conformity assessment conducted by an outside consultant[16]. The conformity assessment verifies that you are complying with your International Organization of Standardization (ISO) management system. It is important to note that passing a conformity assessment does not mean that you follow EHS regulations.
13.5 References
[1] “Benefits of Standards” International Organization for Standardization webpage, accessed August 12, 2022 (https://www.iso.org/benefits-of-standards.html)
[2] “Learn About Environmental Management Systems” Environmental Protection Agency Website accessed August 12, 2022 (https://www.epa.gov/ems/learn-about-environmental-management-systems#costs)
[3] “Environmental Management Systems As A Source of Competitive Advantage”, by Robert P. Sroufe Steven A. Melnyk, Gyula Vastag, Department of Marketing and Supply Chain Management, Michigan State University, September 1998.
[4] Willful Blindness legal definition from U.S. Legal.com website accessed August 12, 2022 (https://definitions.uslegal.com/w/willful-blindness/)
[5] Willful Blindness example case study from Findlaw website accessed August 12, 2022 (https://corporate.findlaw.com/human-resources/willful-blindness.html)
[6] United States Sentencing Commission, Organizational Guidelines Chapter 8 Effective Compliance and Ethics Program Section 8B2.1(b)(2) (https://www.ussc.gov/guidelines/2021-guidelines-manual/annotated-2021-chapter-8)
[7] Ibid
[8] States Sentencing Commission, Organizational Guidelines Chapter 8 Effective Compliance and Ethics Program, Introductory Commentary (https://www.ussc.gov/guidelines/2021-guidelines-manual/annotated-2021-chapter-8)
[9] “The Resurgence of the Responsible Corporate Officer Doctrine” by Michelle Gustavson on June 14, 2012 Hawley-Troxell Attorneys and Counselors (http://www.hawleytroxell.com/2012/06/the-resurgence-of-the-responsible-corporate-officer-doctrine-2/)
[10] 29 Code of Federal Regulations (CFR) 1904 Subpart E Reporting Fatality, Injury and Illness Information to the Government
[11] “Unavoidable Employee Misconduct?” No.” by Jordan Barab, May 8, 2017, Confined Space – A Newsletter of Workplace Safety and Labor Laws (https://jordanbarab.com/confinedspace/2017/05/08/unavoidable-employee-misconduct-not-likely/)
[12] “How to Create Unavoidable Employee Misconduct Defense to Occupational Safety and Health Administration (OSHA) Citations“ by Mark A. Lies II, SeyFarth Shaw Attorneys LLP, Optimum Articles (http://www.oshasafetymanagement.com/wp-content/uploads/2015/05/mark_a_lies_-_unavoidable_employee_misconduct_defense_to_osha_liability_-_ch1-11013557-v1.pdf)
[13] “Unavoidable Employee Misconduct?” No.” by Jordan Barab, May 8, 2017, Confined Space – A Newsletter of Workplace Safety and Labor Laws (https://jordanbarab.com/confinedspace/2017/05/08/unavoidable-employee-misconduct-not-likely/)
[14] “EPA’s Audit Policy” Environmental Protection Agency website (https://www.epa.gov/compliance/epas-audit-policy), accessed April 4, 2021
[15] “Recommended Practices for Safety and Health Programs” Occupational Safety and Health Administration’s (OSHA) website accessed August 13, 2022 (https://www.osha.gov/safety-management)
[16] “Certification and Conformity, International Organization of Standardization (ISO) website, accessed August 13, 2022 (https://www.iso.org/conformity-assessment.html)
I am always open to your thoughts and suggestions, but I cannot promise I will respond to all comments. You can contact me using the button below.