Last reviewed 25 October 2018

Is it time for a review of your health and safety management system? Mike Sopp explains how you go about it.

The health and safety management system

A well-developed health and safety management system will be cyclical in nature, adopting the basic principles of the Plan-Do-Check-Act cycle.

A key element of the Act stage is the review of performance which, according to HSG65 Managing for Health and Safety, will “establish whether the essential health and safety principles… have been embedded in the organisation”.

The top management of any organisation should take ultimate responsibility for occupational health and safety (OHS). As part of this, there should be a process in place that enable management to review health and safety performance.

Purpose of management reviews

Reviewing health and safety performance closes the loop in the process and will inform the organisation whether it is effectively controlling risks and if the management system remains fit for purpose.

According to the old BS 18004:2008 Guide to Achieving Effective Occupational Health and Safety Performance (superseded by BS 45002-0), there are two performance review processes. The first is a “status review” that is carried out “at an appropriate level in the organisation” and is defined as a “formal evaluation of the OHS management system”.

The second process is known as the “management review”, which, interestingly, BS 18004 does not define.

However, BS 45002-0 Occupational Health and Safety Management Systems. General Guidelines for the Application of ISO 45001 notes that a management review is “critical to ensure continual improvement” and will enable “top management to undertake a strategic and critical evaluation of the performance of the OHS management”.

Management reviews are an integral part of any formal system. Indeed, ISO 45001 Occupational Health and Safety Management Systems. Requirements with Guidance for Use states that “top management shall review the organisation’s OHS management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness”.

Focusing on the key words, the various standards available note the review should check that the system is:

  • suitable, in terms of whether the system is appropriate to the organisation, its operations, culture and risk profile

  • adequate, in terms of addressing the organisation’s policy and objectives and is therefore appropriate and sufficient

  • effective, in terms of whether the system is achieving the desired outcomes or results.

The Health and Safety Executive (HSE) takes a slightly more simplified approach and suggests that the purpose of the review is to establish whether the principles of strong and active leadership, worker involvement, and assessment and review have been embedded in the organisation.

Whatever the purpose, a management review, like other functions, will require thought and planning to achieve the necessary outcomes of the review process.

Undertaking management reviews

As the phrase suggests, management reviews must be led by top management and as such, the executive holding responsibility for health and safety should have the authority and remit to undertake the management review.

Key to the success of the management review process is ensuring the right inputs in terms of information and data. According to ISO 45001, this will be based around the elements of the management system and will include:

  • the status of actions from previous management reviews

  • changes in external and internal issues including stakeholder expectations, legal requirements and risks

  • the extent to which policy and objectives have been met

  • performance data on incidents, non-conformities, audits, compliance and worker participation

  • resource adequacy to maintain the system (financial, personnel and material)

  • communication with stakeholders

  • opportunities for continual improvement and risk management.

In addition, the HSE publication INDG417 suggests that a management review should examine whether:

  • the health and safety policy reflects the organisation’s current priorities, plans and targets

  • risk management and other systems have been effectively reported to the board.

Similarly, BS 18004 makes recommendations as to inputs into the management review process including any organisation-specific leading and lagging performance indicators. It also suggests the following be considered.

  • The state of preparedness for emergencies (including reports on actual incidents and exercises).

  • The performance of contractors and/or supplied goods and services.

  • The suitability, adequacy and effectiveness of current hazard identification, risk assessment and risk control processes.

It further suggests that “reports from individual managers on the effectiveness of the system can be also considered”.

From the above, it is clear that the management review will require planning to be effective so that the appropriate information and documentation is acquired, reviewed and analysed.

Interestingly, HSG65 — although not specifically referring to management reviews — does recommend that those undertaking a review “have the necessary training, experience and good judgement to achieve competence in this task”.

In addition, it may be advisable to benchmark the review against current best practice within the industry area. By its nature this may require external support to complete the review, which may have the additional benefit of providing a level of independence to the review process.

Outcomes and actions

There will be outcomes from any management review process. Both ISO 45001 and BS 45002 state that the management review should draw a conclusion as to the continuing suitability and effectiveness of the occupational health and safety management system.

Outcomes should include decisions related to:

  • need for changes to the management system

  • continual improvement opportunities

  • resource needs

  • implications for the strategic direction of the organisation.

Changes required will clearly be organisation-specific and can address any element of the management system including changes to the H&S policy, revised objectives, increased need for competency, etc.

One of the key purposes of a cyclical management system is to take opportunities for continual improvement. This can be influenced not just by identified shortfalls in performance against benchmarked best practice, but also by identifying where new technologies, for example, can reduce risks that do not exceed excessive costs. Other improvements could relate to ensuring the system is fully aligned as an integral part of the business.

Any change or improvement may have resource implications and the management review should identify what these resource implications are. The process for managing change will depend on the types of outcomes from the review process.

The outcomes of the management review should be communicated and where necessary consulted on with relevant stakeholders both internal and external to the organisation.

However, it may be the case that the outcomes and recommendations may require top management review and approval prior to being released into the public domain and implemented. This will very much depend on the sensitivity of the outcomes and the organisation culture.

Adequate records also need to be kept that ensure the findings of the review process are available to relevant parties such as enforcing authorities, staff representatives, those undertaking future management reviews, insurers, etc.

BS 18004 recommends that the outputs should be “incorporated within performance reports for communication to their various stakeholders”. This could include annual reports to investors, corporate governance and social responsibility statements.

Finally, where the management review indicates areas of good performance or even performance beyond the objectives set, top management may wish to celebrate this and recognise/reward those responsible for good performance levels.


  • Management reviews of the health and safety management system are a key element in the overall cycle of a formal system.

  • They should ensure the system and its elements are fit-for-purpose and that the system reflects organisational policy, objectives and risks.

  • Ownership of the management review process must remain with the appointed executive but he or she may have to seek additional competent support either internally or externally.

  • The review process should have the necessary level of independence so that a true and honest picture of performance can be sought. It may also be useful to benchmark against best practice.

  • The review process requires appropriate planning so that practical procedures enable the relevant documentation and information to be collected, collated, reviewed and analysed.

  • The outcomes of the management review process should be made available to relevant stakeholders and be included in the relevant reports and statements of the organisation.

  • Any changes including those relating to improvement should be detailed and the resources required to implement them identified.

Further Information

The following are available from the British Standards Institution.

  • BS 45002-0:2018 Occupational Health and Safety Management Systems. General Guidelines for the Application of ISO 45001

  • ISO 45001:2018 Occupational Health and Safety Management Systems. Requirements with Guidance for Use.

The following are available from the Health and Safety Executive.

  • HSG65 Managing for Health and Safety.

  • INDG417 Leading Health and Safety at Work.