EHS managers's hands are full this spring with ISO 45001 and GDPR. Can your EHS software cope with the changing EHS regulations?
Spring has officially sprung. According to the meteorological calendar, spring lasts from March 1 till May 31. The current winter weather, on the other hand, has other ideas. However, for EHS professionals, slippery conditions aren't the only thing to think about.
New data protection laws (aka GDPR) come into force on May 25. Before that, the ISO 45001 standard took the stage on March 12.
Here's what you need to know about both regulations, and how to prepare for them.
New EHS regulations: GDPR and ISO 45001
These two spring milestones require a fair amount of preparation. Achieving compliance and changing processes doesn’t happen overnight. For instance, organizations need relevant processes and systems in place guaranteeing data management, categorization, sharing, output and retention.
Since GDPR and ISO 45001 have been widely covered topics that you have likely read about, I won’t dwell on the details. Instead, we will look at the expectations and requirements the changing regulatory environment puts on your EHS software.
Flexibility of your software
To deal with every EHS regulation, you need flexible software.
Different regulatory bodies have different reporting and documentation requirements. As a result, this is why EHS forms capturing the required information for different agencies is a major plus point. For example, US OSHA and UK HSE ask for specific - and different - documentation on work-related injuries and illnesses.
UK and US requirements
The US OHS Act requires companies to prepare and maintain records of serious occupational injuries and illnesses, using the OSHA 300 Log. On the other hand, in the UK, a RIDDOR report (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) is completed for a work-related accident.
Thus, your EHS system must maintain accurate records and support the documentation and reporting required by the diverse EHS regulations. No wonder flexibility is a top criteria for EHS software buyers.
A user-friendly system is key. To clarify, meeting the regulatory requirements is not enough.
For example, one method of creating a user-friendly system is to integrate EHS software into your existing company-wide software. Deploying EHS software on SharePoint benefits from the familiar and easy to understand interface. Since the system leverages your existing Microsoft Office programs, your employees can quickly adapt.
Single sign on
An EHS system integrating with existing central IT facilitates Single Sign On (SSO). So, with SSO, users access the EHS system without entering re-enter their password every time.
SharePoint Single Sign On is facilitated by Active Directory (AD), which holds all accounts within your Microsoft IT infrastructure. Secondly, Security permissions are controlled by AD, and assigning appropriate security groups is crucial for GDPR compliance.
Furthermore, dashboard display is driven by a user's AD profile. For example, a Detroit operation supervisor may only see local EHS information; but the Regional Manager for North America accesses data collected across the whole continent.
Essentially, managing permissions with Active Directory is a huge advantage when preparing for the new GDPR. Collection and management of personal data is at the law's core.
SharePoint restricts and allows access to personal information, like health records, which may or may not be relevant for processing.
To sum up, it is wise to invest in technologies your workforce are already familiar with and contain user profiles for security permissions.
In a nutshell, automated processes save management’s time, encourage workers to report and improve visibility across the business. Adhering to many deadlines and gathering information in different formats can be time consuming. However, automated processes together with customized forms, reports and dashboards eases the burden and helps you stay compliant with distinct EHS regulations.
Access on multiple devices
Your EHS software should also function on multiple devices. Importantly, so there are no restrictions to by whom and where the application is being accessed.
Anyone should be able to report an injury, hazard or an incident, whether they are part of the staff, a contractor, or just visiting the site. Subsequently, this means you do not need a system account to fill in certain forms, particularity useful for the construction industry.
In short, remote access helps organizations better determine hazards and risks, eliminating them or minimizing their potential effect. This is also part of the ISO 45001’s objectives to improve organizations’ OH&S performance.
The trend of hiring temporary workers and contractors, although cost effective, has raised questions about safety in the workplace. According to The EHS State Of The Nation survey, “temporary worker safety” is a medium to high impact risk for organizations. So, temp workers taking part in safety initiatives is a step forward.
Out of the box vs. tailored solutions
The EHS software market is divided into two types of solutions: ‘Out-of-the-box’ systems, a ready system with no configuration, and ‘tailored’ systems, when the software is fit to specific needs.
Out of the box solutions are less extendable. On the other hand, Tailored solutions are more flexible and configurable. Of course, applications falling in the latter category require more client input and consideration for implementation. However, they meet changing regulatory requirements.
Here are the main arguments for out of the box vs. tailored.
Out of the box pros and cons
Out of the box pros [icon name="check-circle-o" class="" unprefixed_class=""]Out of the box cons [icon name="times-circle-o" class="" unprefixed_class=""]
|Faster implementation||Lack flexibility for changes going forward|
|Can be cheaper than complex tailored systems||Price can rise quickly if charged on a per user basis|
|Easier for the vendor to support and upgrade||User adoption hindrance if it deviates from common practice|
|Align with what the vendor deems as best practice in their experience||Clients may have to change internal processes to match the system's abilities|
Tailored pros and cons
Tailored pros [icon name="check-circle-o" class="" unprefixed_class=""]Tailored cons [icon name="times-circle-o" class="" unprefixed_class=""]
|Performs the way you want it to||Must have internal policies and processes already enshrined|
|Develop a close relationship with the vendor in a partnership||Implementation can take longer|
|Improved user adoption levels||Price rises if configuration is complex|
|Flexible for changes going forward||More effort for the vendor to support and upgrade|
|Existing internal processes need not be changed|
Every business operates differently. What works for some will not work for others. However, the EHS software marketplace caters for both solutions.
EHS software on SharePoint – both configurable and user-friendly
HSEQ Innovate from Pro-Sapien is deployed over SharePoint. The user experience is seamless whether filling in a form, assigning actions or creating a report. Importantly, to the end-user, the system is just another part of SharePoint.
Pro-Sapien’s HSEQ Innovate enables you to:
- Have a single central store for all EHS information
- Reduce time spent navigating numerous systems
- Standardize processes across the global business
- Produce output for various standards
- Control versioning and approval with full audit trails
- Create your own real-time reports and dashboards
Although regulatory obligations are challenging, a flexible EHS system allows your organization to use it over an extended period. That is to say, even when new EHS regulations are published. Whether it is the new GDPR or ISO 45001, flexibility helps you cope.
Pro-Sapien HSEQ Innovate Brochure
Fill in this short form to download the Pro-Sapien Software brochure now.