There has been some confusion about the new "National Standard" for COR (Certificate of Recognition).  The "National Standard" claim by the CFCSA (Canadian Federation of Construction Safety Associations) is made especially misleading by the fact their website mentions that it is nationally trademarked, presumably by the association.

This "National Standard" applies only to the construction industry.  Certifying partners in other industries have been administering CORs for many years, and do not endorse the construction standard.  Enform, for example, publishes the audit protocol for the oil and gas industry, and have recently updated their requirements in 2011, which have little resemblance to the construction requirements.  Similarly, WorkSafe BC publishes large and small company COR audit protocols for a wide range of industries, and it too does not follow the "National Standard" [Note: the BC audit review instruments are also available in SafetySync].  And neither of these organizations makes any claims or references to trademarks.

Despite all this, the "National Standard" is certainly a good idea, even if it only applies to the construction industry.  It allows safety management systems like ours to design common functionality around a general set of expectations.  [The audit protocols are remarkably similar though, even between industries and across provinces.]  Despite the goal of having a single list of requirements for the construction industry across Canada, provincial organizations are creating work-arounds.  In Manitoba, for example, the CSAM has added a 14th section to the audit requirements covering specific topics such as Hearing Conservation, Lockout / Tagout and Working Alone.

The good news for our current and prospective clients construction industry is that our audit review component now has functionality to help HSE personnel compile and prepare for the CFCSA National Standard, and the CSAM Manitoba supplement (section 14).
 
Simply check the box next to the appropriate audit standard(s) within the administrator portal in SafetySync to start managing these or any other COR audit protocols.

Not according to Alberta Auditor General Merwan Saher in an April 2010 report.

“Half of those employers that persistently fail to comply with the Occupational Health and Safety Act also continue to hold a valid Certificate of Recognition, and continue to have elevated injury rates among their workers,” Saher wrote.

We run into this issue all the time when selling our online safety management system.  Executives believe that because they scored well on their most recent COR Audit, that they are compliant with regulations and insulated from possible litigation.  Only after an accident and subsequent investigation does it come to light that the typical safety program had deficiencies and that supervisors, executives and directors are potentially liable.

The reality is that safety audits are only snapshots, and compliance with safety regulations requires incredible diligence and constant attention.  A formal electronic system like SafetySync not only makes your COR audits go smoother, but helps ensure your safety program receives the constant attention your stakeholders (of which the Government is only one) expect.  Anyone telling you a Certificate of Recognition means that your safety program is adequate, is probably giving you bad advice.

Audit time can be stressful.  Like most safety managers you might be anxious about whether you have reviewed every element of a safety protocol, and whether you have  the systems in place or documentation to prove due diligence.  Or you could have the system in place, but may be lacking the "link" between each audit bullet (for some standards there are over 100 bullets) and the processes and records that satisfy the requirements. 

We have recently introduced a new SafetySync component that we call "Audit Preparation and Review".  This tool offers administrators the ability to select any number of standards (such as Enform Certificate of Recognition - COR or CSA Z1000) which they would like to prepare for and achieve.

Unlike other audit review software on the market, this SafetySync component is designed for safety managers and administrators for internal purposes only.  Essentially, it is meant to help organizations perform better on their external audits, and to perform internal audits in the interim.

Each audit protocol allows administrators to drill down to the bullet level (such as Enform COR 2010 D1.b in the example below).

For each bullet, you can:

1. Enter notes (what systems you have in place, progress being made, plans, explanations, etc.)
2. Update the status (as either "Compliant", "Not Applicable" or "Deficient")
3. Link to web pages (such as policies, training videos, certificates, compliance reports) in either SafetySync or other online systems
4. Upload documents (such as spreadsheets, Word or PDF documents) in the event you do not have an online system in place

Once you have all the appropriate links or documents in place to satisfy the bullet, change the status to "Compliant" (it will track the date and user for each entry).  Keep doing this for each subsequent bullet until you have every one covered, meaning you've either completed the internal audit, or you are ready for a 3rd party auditor to come in and check your work.

The Oil & Gas Inquirer recently had an excellent arcticle (Service Firms Plead for a Coordinated Safety Registry System) that highlights the controversy surrounding contractor registries, with a particular focus on ISNetworld.

Some of the more unflattering comments were:

    "...we're not really sure if there is a positive impact on the industry's safety performance."
    "It's an ongoing irritant to the contracting community."
          -  Wally Baer, President and CEO of Enform

    "You just don't need it here."
    "There is no value-added.  I don't think it assists the operator a whit in determining what is a safe rig."
          -  Don Herring, President of CAODC

    "ISNetworld is driving a proprietary standard that does not seem to support openness or data sharing..."
          -  Cal Fairbanks, President and CEO of Canadian HSE Registry

Personally, I feel that ISNetworld^TM is being judged on its ability to deliver improved safety performance, which isn't entirely justified.  Contractor registries really only do one thing well: manage risk for prime contractors.  I mean really... how can a registry improve safety when the workers play absolutely no part in getting a company green-lighted in ISNetworld?  All the work is being done by each company's safety department (or increasingly by consultants) to write new policies that satisfy RAVS^TM protocols.

By forcing contracting companies to write and submit more comprehensive safety policies, the prime contractors have satisfied their due diligence requirement.  What service companies may not realize is that the process exposes their companies to increased risk.  The sub-contracting firms must now adhere to the standard levels they've set for themselves in the policies.  This means service companies must properly communicate policies to employees, provide comprehensive awareness training, and so on.  If (and only if) the service companies do their part, and implement better safety management systems, will safety performance actually improve.

This is where Enform and their Certificate of Recognition can come in.  They actually send auditors to the service companies to review records and interview employees.  The COR process could either point out that the policy binders are simply collecting dust, or they could collect reports from a Safety Management System that demonstrates compliance.  This transformation is likely coming soon, so its probably best to invest in a Safety Management System like SAFETYSYNC and be prepared.

I had lunch today with my friend Murray Sunstrum. He recently started a new job with a major producer that is an owner-client of ISNetworld^TM. He responded to a couple of our blogs in the past about how ISNetworld^TM and the Certificate of Recognition programs can be complimentary… I was sceptical.

I spent years running an energy services company that had satisfied it’s COR requirements, I had not been a fan of the ISNetworld^TM system for the following reasons:

1. ISNetworld is making most of their money off of the service companies, who are being forced to use the software by their clients.  These subcontractors have little input into the process and usability of the ISN system.
2. The process for energy services clients to become compliant is a lot of work, and it may not even improve their safety program. There are questions in ISNetworld that often have nothing to do with a company’s business.
3. ISNetworld’s standards are not determined by the industry and are partly driven by their internal process. (Read the comments in our blog for more ISNetworld complaints)

A few things have happened in the last week that softened my stance about ISN.

Earlier in the week, I read an article about a young person who was killed the second day on the job, which reminded me why I am constantly driven to improve safety. Ten years ago my cousin died from injuries in a drilling rig accident after spending 10 days in a coma. Those 10 days changed my life.  I watched his family arrive at the hospital for the first time, and I will never forget the fear in his mother’s eyes.  It has always being my belief that his death could have been prevented if a better safety management system had been in place on his worksite.

Yesterday I was talking with the new CEO of the energy services business our family used to own.  Just a few months ago she had been frustrated at having to update their safety policies and answer the endless questionnaire.  Having now completed that exercise, she feels that ISNetworld will give her company a business advantage moving forward; their safety program is now getting recognized by producers. (In the past, we had always been frustrated that the work we had put into our safety program was not being acknowledged by our clients.)

Finally, after I got back from lunch with Murray, I got a phone call from my brother-in-law.  He owns a small energy services company (5 employees) that also happens to contract to Murray’s company. He has no safety background and little safety education, except Enform’s Safety Program Development course that is required to initiate the COR process.  At different times over the last few months I had encouraged him to move forward with his safety program development. Although he is concerned about the safety of his employees, other pressing issues of a new company indirectly caused safety to get pushed to the back burner. Today, he was in a panic because he needs to get his company ISNetworld compliant before June 30!  We quickly mapped out a plan to get his company SECOR compliant, which I am confident from the fear in his voice he will complete. (He decided to go with SAFETYSYNC… good choice!)

[Note: If I didn’t know better, I would have thought Murray set my brother-in-law up to phone me to reinforce his point at lunch.]

Safety should be a business’ highest priority, at least equal to all other activities.  But we all know that important tasks, like safety, are often put off at the expense of urgent tasks, like making sales or processing payroll.  ISNetworld provides a system for prime contractors to track their service companies’ safety system, which results in an incentive (remaining on the vendor list in this case) for the service company to get serious about safety. If it is going to force companies to implement or improve their safety programs, which will make worksites safer and prevent accidents like the one that caused my cousin’s death… maybe ISNetworld^TM is a good thing after all.

*SafetySync is in no way endorsed, sponsored, approved by, or otherwise affiliated with ISNetworld^TM.

...probably not.

Organizations spend countless hours preparing, editing, distributing and reviewing policies, yet they rarely get read.  Most employees will admit after some prompting that they really didn't read through the policy manual they were handed on their first day with a new company.  This is because:
    1.  There can be an awful lot of policies to read through.
    2.  The policies are long and often very dry.
    3.  Many of the policies do not seem to apply to the employee.
    4.  Employees have more pressing things to do.
    5.  Nobody seems to care whether they read the policy anyway.

Let's face it, many companies create policies simply to satisfy regulatory requirements or to obtain a safety Certificate of Recognition.  So what ends up happening is countless policy binders get printed, only to collect dust on bookshelves.  This creates a culture of indifference toward policies that will ultimately hurt the company when a policy violation leads to a compromising situation for the company.

For example, imagine that a company implements a speeding policy.  The stated objective is to reduce the risk of an accident, but more likely than not, it is at the request of a customer or industry group.  According to the new policy, management is required to monitor speeding in company vehicles and discipline employees accordingly.  Yet employees, indifferent to the policy, speed regularly while driving company vehicles.  Managers, vaguely aware of the policy, are more interested in getting workers to the job site on time than in preventing speeding.  Then the unthinkable happens; an employee is involved in a serious accident, and speed is determined to be a contributing factor.  Will the fact the company had a speeding policy help their defense in court?  Or will it expose them to additional risk, for not exercising the care and attention the policy required?  My guess is the latter.

Policy binders are about to get much larger too.  Many large energy and construction companies in the US (and now Canada) require their contractors to join ISNetworld and comply with the safety policy Review and Verification Service, or RAVS for short.  The policy requirements are based on Occupational Health and Safety regulations in each jurisdiction.  Here in Alberta, there can be as many as 39 different protocols, depending on the type of work a company performs.  And it's not enough to have a policy, it must match the criteria set out in the regulations.  The policies are so complex in fact, that consulting companies (like Workforce Compliance Safety here in Calgary) do a fine business simply helping their clients through the process of becoming RAVS compliant.

Policies are an integral part of a company Health and Safety Program, but we're "improving" them to the point that they're becoming almost ineffective.  I am writing this post to open a dialog on how to increase the size and complexity of policies, while still keeping them relevant and interesting for employees to read.

My personal opinion is that the largest challenge lies in effectively disseminating the policies to employees.  We've created a policy management tool that allows safety administrators to load their policies into our portal, then assign the policies to various positions within the company.  As employees log onto the SafetySync safety management system, they are prompted to individually review and accept (or decline) the various outstanding policies.  The tool has been designed to track and manage minor and major modifications.  Major changes are saved as a new version, which employees are required to accept a second time in order to remain "compliant".  The policy component is in Beta testing at the moment, so clients are encouraged to try it out and provide feedback.

If you don't have an account, feel free to sign up for our software and try it out (as well as the other safety management components we offer).