Rank: Super forum user 
|
Anyone else come across this?
Risk assessments that state under 'Existing Controls' that a policy is in place regarding the particular issue.
I couldn't disagree more. A policy is just a communication tool that summarises the risk and types of systems/controls that are available to be utilised locally.
Leaves me apoplectic (try that one, Phil) when I try and explain this to the manager. They seem to think that policies are a onestop shop for their risk management needs.
|
|
|
|
|
|
Rank: Super forum user 
|
If the policy states you must follow instructions and those instructions state; do this or don't do that, then these are behavioural controls so to that end I would say yes a policy can be a control measure. However, behavioural controls are rarely sufficient on their own and always decay. So yes they can be a control but should not be the only one.
|
|
|
|
|
|
Rank: Super forum user
|
Safetyamateur.
Do they mean a policy or a “safe system of work”?
If some one had a documented comprehensive safe system of work for something I would not expect them to reproduce all the steps etc in that in a risk assessment as I could ask to look at the safe system.
Brian
|
|
|
|
|
|
Rank: Super forum user 
|
I'll go with the blue man, the hierarchy of control recognises management processes - its not at the top, but it is there.
Smurf like Steve
|
|
|
|
|
|
Rank: Super forum user
|
Pro-points taken but the policy itself (yes, they mean the corporate policy) is not a control in my book. It may contain information on controls but it's unlikely to reflect what happens locally.
|
|
|
|
|
|
Rank: Super forum user 
|
It's surely a control even if it's not a very good one. Look at it the other way round - a risk assessment on a topic might find that there was no policy where there should be one, and recommend that one be developed.
|
|
|
|
|
|
Rank: Super forum user 
|
Kate's bang right, a policy is a written control, and if you think HSG65, to demonstrate compliance a policy is needed,
John
|
|
|
|
|
|
Rank: Super forum user 
|
I agree with Steve G & Smurf. It is a control, it is in fact listed in Schedule 1 of the Management Regs as referred by Reg 4 under: Quote:(g) developing a coherent overall prevention policy... But like Kate implies, it's way down the list - under controls (a) to (f) in fact.
|
|
|
|
|
|
Rank: Super forum user
|
safetyamateur wrote:Anyone else come across this?
Risk assessments that state under 'Existing Controls' that a policy is in place regarding the particular issue.
I couldn't disagree more. A policy is just a communication tool that summarises the risk and types of systems/controls that are available to be utilised locally.
Leaves me apoplectic (try that one, Phil) when I try and explain this to the manager. They seem to think that policies are a onestop shop for their risk management needs. I think I know what you mean though. If an organisation has a policy of "not sticking fingers in unguarded machines" but hasn't actually guarded their unsafe machines, then IMO they are more guilty than an organisation that has genuinely omitted to guard their machines through ignorance. Would you agree with the above?
|
|
|
|
|
|
Rank: Super forum user
|
The term "policy" is used in so many different contexts that unless one clearly refers it to a specific "document", it is meaningless if it is supposed to be a part of the control measures in a risk assessment.
A Health and Safety Policy has 3 parts. The first two are the "Staement of Policy and the Organisation. The third part are the "arrangements" other wise known as procedures/ processes etc.
This third part can be a control measure(s) for a risk assessment.
|
|
|
|
|
|
Rank: Super forum user
|
Hmmm, looks like I'm in the minority here too. Nevertheless.
A corporate policy on, say, COSHH would include reference to the fact that assessments must be done, waste must be collected, PPE is available from....blah, blah, whatever.
My point is: why on earth would that document appear in a local/departmental risk assessment? Its purpose is to inform local controls and decisions. It's not a control in itself.
My understanding of HSG65 is that risk assessment and risk control is very much part of the Planning & Implementation element of the system; not Policy.
Of course a local policy would encapsulate local controls into one docuent that could be used for all sorts of things (e.g. local induction) - it would be a weak control as noted above - but a corporate document? Expecting staff to read it and work out what they should do from there? Nah.
|
|
|
|
|
|
Rank: Super forum user
|
Yossarian wrote:safetyamateur wrote:Anyone else come across this?
Risk assessments that state under 'Existing Controls' that a policy is in place regarding the particular issue.
I couldn't disagree more. A policy is just a communication tool that summarises the risk and types of systems/controls that are available to be utilised locally.
Leaves me apoplectic (try that one, Phil) when I try and explain this to the manager. They seem to think that policies are a onestop shop for their risk management needs. I think I know what you mean though. If an organisation has a policy of "not sticking fingers in unguarded machines" but hasn't actually guarded their unsafe machines, then IMO they are more guilty than an organisation that has genuinely omitted to guard their machines through ignorance. Would you agree with the above? That's pretty much my point, Yoss. That document means nowt to the local operative, it's for the local manager to know and use to implement those standards (SFAIRP etc.).
|
|
|
|
|
|
Rank: Super forum user
|
OK, look, there's controls and controls. There's physical controls, such as guards, trips, locks and so on. There's procedural controls such as SSOWs and risk assessments. Then there's written controls. Which is most imoprtant depends on where you are standing and what you are trying to achieve. They are all important, and as I said above, if we are talking about safety management systems then without the first P in POPIMAR, HSG65 would imply that you can't manage H&S at all.
So if you wany to stop somebody sticking their fingers into a press, write a policy that says 'thou shalt not stick thy fingers through this ere ole'; develop a SSOW based on RA that says 'don't try and fiddle the guard, we've seen it all before and we know what you're doing'; and comply with PUWER by buying a press with an interlock guard. Oh, and then monitor, audit and review. The first three are all necessary parts of the prevention regime, and all types of control.
BTW, I've always felt that Schedule 1 to the management regs was odd in respect of the coherent overall prevention policy coming last in the hierarchy; that flies in the face of HSG65 and every other risk assessment based management system,
John
|
|
|
|
|
|
Rank: Super forum user
|
safetyamateur wrote:Hmmm, looks like I'm in the minority here too. Nevertheless.
A corporate policy on, say, COSHH would include reference to the fact that assessments must be done, waste must be collected, PPE is available from....blah, blah, whatever.
My point is: why on earth would that document appear in a local/departmental risk assessment? Its purpose is to inform local controls and decisions. It's not a control in itself.
My understanding of HSG65 is that risk assessment and risk control is very much part of the Planning & Implementation element of the system; not Policy.
Of course a local policy would encapsulate local controls into one docuent that could be used for all sorts of things (e.g. local induction) - it would be a weak control as noted above - but a corporate document? Expecting staff to read it and work out what they should do from there? Nah.
From the sound of it I think a lot would depend on the size and structure of the company. SME's are unlikely to have corporate policies as well as local policies so it's not inconceivable that their policies would list prohibitions and instructions (which are controls).
|
|
|
|
|
|
Rank: Super forum user
|
jwk wrote:BTW, I've always felt that Schedule 1 to the management regs was odd in respect of the coherent overall prevention policy coming last in the hierarchy; that flies in the face of HSG65 and every other risk assessment based management system,John Thanks for the comments, John, but I can't get with the importance of the paper. I want the controls in first and I'll worry about the paper after. I do appreciate the HASAWA legal requirements but if I ain't got workplace controls, I'll take the risk on not having a policy. However, when we're talking about management systems and leadership and standards, agreed, it's crucial.
|
|
|
|
|
|
Rank: Super forum user
|
From a nuts and bolts perspective I agree,
John
|
|
|
|
|
|
Rank: Forum user 
|
A policy is a statement of intent - it is not in-of-itself a control measure. Below the policy there must be procedures that turn the statement of intent into something that can be implemented, and finally the measures in the procedures must be put into practice. This requires leadership, management, provision of resources, as well as people, at all levels from workers to board level. with the knowledge, skills and who practice the required behaviours to safeguard themselves and others.
One of the fundamental flaws of the health and safety at work act was to require health and safety policies. This was based on the finding by the accident investigation unit that good organisations have health and safety policies; policies do not produce good organisations - good organisations produce policies as part of active leadership.
Regards
|
|
|
|
|
|
Rank: Super forum user 
|
Safetyamatuer: Have you seen the document they refer to?
A procedure (or some might call it a "policy") can itself form the basis for a formal risk assessment.
I have seen some "Procedure" and arrangements documents which are very effective in describing the essential elements of a Risk Assessment (Hazards, risk groups and residual risks identified and quantified, control measures (physical, behavioural, competencies etc) all identified, along with responsibilities.
Only thing missing is the 5th (monitor/ review) step of risk assessment.
Where all the other elements of the R/A are already described elsewhere, AND there are no outstanding matters for further risk reduction still to be addressed, then why not simply cross-reference as opposed to copying it all out again in a different format. Perhaps the referenced document actually fits the bill?
|
|
|
|
|
|
Rank: Super forum user
|
akwatson wrote:A policy is a statement of intent I'd disagree with that. In my mind the Statement of Intent is only a small part of the overall policy that only specifies a companies general aims in respect of health and safety and puts down on paper the level of commitment that the company is prepared to make. However, I agree that differing use of the words policy and procedure can lead to misunderstanding. As an example, a company decides to ban the use of bleach as a cleaning agent to prevent the accidental mixing of incompatible products. In my mind not using bleach is company policy as opposed to a procedure. The minutia of what cleaning chemicals to use should not be detailed in the statement of intent but should be included in the policy or a sub-policy depending on the nature of the business.
|
|
|
|
|
|
Rank: Super forum user
|
I see from above posts that it has already been confirmed that you are talkning about an overarching policy statement- in which case, I agree that this does not consitute a control measure.
Nevertheless, I still maintain that an adequate procedure, already containing key elements of R/A, can be identified as a related document and may avoid a duplication of effort.
|
|
|
|
|
|
Rank: Forum user 
|
Isnt a 'policy' just a statement of intent. It doesnt do anything else apart from connect 'focus' areas that the company wishes to follow. But, a control would be a site rule, procedure (yes, the one lying in the cupboard) or even signage (excl those who become sign-blind).
Just a thought
|
|
|
|
|
|
Rank: Forum user
|
I know i am coming to this debate a bit late and the answer has been given but is a little dis-jointed. In my opinion a good system will start with the policy, this will then generate a RA and if necessary a MS or SSOW dependant on the complexity of the task. This process would only be necessary in a large organisation.
A SME would proberby not use a policy for each risk and jump straight to RA/MS etc. This in my view is a case of one system does not fit all and each company will use the that which it need to comply.
Risk V time trouble and money
|
|
|
|
|
|
Rank: Forum user
|
PS
Last few words above should read "that which it needs to comply"
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.