Level 7 Diploma in Strategic Health & Safety Leadership and

Management
Unit 1 - Risk-Based Safety Management Systems

Complete all questions referencing supporting evidence in your narrative such as

photographs or documents for performance-based elements. Include evidence that shows
that you have engaged with the activity.
 
Aim for 100-200 words per question in your written narrative for performance-based
elements.
 
Knowledge Elements have been coloured in BLUE where an academic answer is required
and NOT work based evidence.
 
Aim for 4/500 words, as a guide, per Learning Outcome for the Knowledge elements.
 
Please refer to the ProQual document and unit guide.
 
Please complete the below box before completing this unit (if you don’t have an electronic
signature you can type your name in this section).
 
 
Candidate Name: ____________________________

I confirm that the evidence produced is as a result of my own work

Candidate signature (It is compulsory to

sign this document to prove its
authenticity):

Date:

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems

1) Develop and implement current ISO standards for occupational Health & Safety.
1.1 Evaluate the extent to which the processes of an OH&S management system links
to any ISO clauses.
The extent to which the processes of an OH&S management system link to ISO clauses can vary.
The specifics of the connection will depend on the particular OH&S management system being
used, and the specific ISO clause being referenced. For example, clause 4.4 of ISO 45001:2018
focuses on the organization’s OH&S management system and requires it to include the
processes necessary for addressing hazards and associated risks. Other clauses that relate to
OH&S management systems include 7.1 (Control of Documents), 7.2 (Control of Records), 7.3
(Internal Audit), 8.1 (Operational Control) and 8.5 (Emergency Preparedness and Response).

But generally speaking, OH&S management systems can be designed to be compliant with ISO
clauses, although the exact details will depend on specific implementations

Supporting Evidence EV 1 - Health and Safety Plan

1.2 Analyse any gaps to be bridged to satisfy the requirements of an ISO OH&S
management systems
To bridge any gaps to satisfy the requirements of an ISO OH&S management system, a gap
analysis should be conducted. This will involve reviewing the current OH&S systems to
identify any discrepancies or areas for improvement in relation to the requirements of the
ISO OH&S management system. Example of such gaps could include,
1. Lack of training and/or education of employees on process and procedures associated
with ISO OH&S management systems.
2. Inadequate documentation and record keeping.
3. Lack of standard operating procedures for OH&S management systems.
4. Inadequate risk assessment tools and techniques.
5. Lack of systems for reporting of incidents and corrective action.
6. 6. Insufficient communication about OH&S policies and procedures.
Once the gaps have been identified, a plan can then be implemented to plug those gaps and
ensure that the OH&S system meets the requirements of the ISO clauses.

Supporting Evidence EV 2 - HSE Policy

1.3 Evaluate the issues / challenges faced by an organisation while implementing an

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
ISO compliant, or other recognised OH&S management system(s).
Organizations may face several issues and challenges when attempting to implement an ISO
compliant, or other recognized, OH&S management system. Firstly, organizations may have
difficulty assessing the safety risks related to their specific circumstances and industry sector.
This may require the organization to hire outside consultants to help them identify risks.
Additionally, organizations will have to assess the necessary resources to properly implement
their OH&S management system. This may require the organization to invest in additional
personnel, training, and technology. Furthermore, organizations may encounter challenges
when integrating the OH&S management system into the existing operational processes of the
organization. Lastly, organizations should ensure the implementation of their OH&S
management system is accompanied by a culture shift to ensure employees understand and
comply with the system.

Supporting Evidence EV 2 - HSE Policy

1.4 Evaluate the importance of understanding the organisation and its context whilst
framing OH&S management systems.
Understanding the organization and its context is essential when framing OH&S management
systems. It provides insights into the unique risks and challenges the organization may face,
helping to ensure that safety policies and procedures are tailored to their particular needs. It
also helps to identify areas where processes can be improved, allowing for more effective OH&S
management. Overall, understanding the organization and its context helps to ensure that
OH&S systems are tailored to the organization's specific needs, relevant and effective, and does
not impose excessive restrictions on the organisation that may be unnecessary or impractical.

Supporting Evidence EV 1 - Health and Safety Plan

1.5 Analyse the external and internal issues that have an impact on the way an
organisation manages its OHSMS responsibilities.
External issues are those that are caused by factors outside the organization and have an effect
on its operations, such as changes in legislation or technological advancements. These types of
issues can affect an organization's ability to comply with OHSMS regulations and can also have
an impact on employee safety. For example, new regulations may require the organization to
implement new safety procedures or update existing ones.

Internal issues refer to those caused by factors within the organization, such as a lack of
resources or inadequate training for employees. These types of issues can also have an impact
on the organization's OHSMS responsibilities, as they may lead to employees not being aware

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
of safety protocols or not having access to the necessary resources to keep themselves safe
while working.

In order to effectively manage their OHSMS responsibilities, organizations should be aware of

both external and internal issues that could affect their operations. They should conduct regular
assessments of their policies and procedures and take steps to ensure they are in compliance
with regulations and up to date with any changes in technology or legislation. Additionally, they
should provide adequate resources and training for their employees so they can stay safe while
performing their duties.

Supporting Evidence EV 1 - Health and Safety Plan

1.6 Assess the way in which the activities of sub-contractors, 3rd parties might have a
negative impact on an organisation’s OH&S systems.
Sub-contractors and third parties can have a significant impact on an organisation’s OH&S
systems. For example, if sub-contractors are not familiar with the organisation’s safety
guidelines and procedures, then this could lead to accidents and injuries in the workplace. Sub-
contractors may also introduce different materials, equipment or processes that could be
dangerous if not handled correctly. Additionally, if third parties are not provided with adequate
training or resources to perform their tasks safely, this could have serious implications for
employee health and safety. Finally, poor communication between the organisation and its
subcontractors or third parties may lead to issues such as incorrect use of protective equipment
or lack of supervision when working with hazardous materials.

Supporting Evidence EV 1 - Health and Safety Plan

1.7 Differentiate between the various recognised OHS standards.

There are various recognised OH&S standards, such as the International Labour Organisation's
Occupational Health and Safety Management Standards (OHSMS) and the Occupational Health
and Safety Assessment Series (OHSAS). Additionally, different countries and industries may have
their own OH&S standards and requirements. Generally speaking, these standards will be similar
in terms of the contents, with an emphasis on proper risk assessment, accident prevention, and
creating an overall safe and healthy working environment for employees. However, there may be
some differences in the approaches taken, such as the scope and requirements of the standards
and the methodologies used to evaluate and monitor OH&S performance.

1.8 Ensure the alignment of the OHSMS with an organisation’s strategic goals and that it
meets legal, regulatory and compliance requirements.

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
In order to ensure the alignment of the OH&S management system with an organization's
strategic goals, it is essential that the system is tailored to the particular needs and circumstances
of the organization. This includes assessing the risks and hazards associated with the
organization's operations and selecting the necessary control measures and training needed to
ensure that all employees are aware of their responsibilities. Additionally, the OH&S system needs
to be integrated into the everyday operations of the organization to ensure that it is seen as an
essential part of running the business. Finally, it is important to ensure that the OH&S system
meets all relevant legal, regulatory and compliance requirements. This can involve regularly
reviewing and updating the system, as well as conducting regular internal and external audits to
ensure that it is being properly implemented and adhered to.

Supporting Evidence EV 1 - Health and Safety Plan

2) Be able to Evaluate strategic risks to an organisation through the

implementation of a quantifiable risk assessment system(s).
2.1 Evaluate the role of suitable leadership and management in the organisational
risk reduction system(s).
Good leadership and management play an essential role in the organizational risk reduction
system, as they are responsible for providing the necessary direction and guidance for the
organization. Leadership should be committed to creating a culture where safety is a top
priority, and where all staff members have the necessary knowledge and resources to
effectively carry out their tasks. Management should ensure that the risk reduction system is
properly designed and implemented, and that it is regularly reviewed and updated.
Additionally, management should ensure that everyone in the organization is aware of their
OH&S responsibilities and is properly trained to carry out their roles. Management should also
incentivize staff to actively participate in the risk reduction system and ensure that there are
adequate checks and balances in place to address any issues or risks that may arise.

2.2 Analyse the value of the of accident causation in managing the impact of risk(s)
identified.
Accident causation is a very valuable tool in managing the impact of identified risk. Accident
causation seeks to identify the root cause0s of an incident and can be used to inform future
safety management decisions. By understanding why, the incident occurred, organizations can
develop strategies to prevent future incidents from happening. For example, if an accident was
caused by a piece of machinery not being properly maintained, then steps can be taken to

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
ensure better maintenance and inspection protocols are implemented. Additionally, accident
causation can be used to identify potential hazards that are not immediately visible and assess
their impact on safety. This helps organizations anticipate and plan for potential risks before
they arise.

Supporting Evidence EV 3 - Injury Investigation Report

2.3 Analyse the requirements of performing fault tree, event tree analysis to show
fact-based decisions.
Fault Tree Analysis (FTA) is a deductive diagnostic technique used to analyse the system failures
and identify the root cause. It graphically shows the hierarchy of events that contribute to a
system failure, starting with the top event and tracing down through intermediate events and
their associated causes. By using FTA, you can identify all potential causes for a specific system
failure in order to determine corrective actions.

Event Tree Analysis (ETA) is a deductive analysis technique used to analyse the effects of an
initiating event on a system or process. It is similar to Fault Tree Analysis but starts from an
initiating event and traces down through logical possibilities in order to identify potential
outcomes. By using ETA, you can identify all potential outcomes of an event in order to
determine corrective actions that can prevent undesirable outcomes from occurring.

Both FTA and ETA provide fact-based decision making by providing complete visibility into
potential outcomes associated with a given event or system failure so that corrective actions
can be taken in order to reduce risk or improve performance.

2.4 Analyse the relevance, validity and value of different data sources and
information to implementing a quantified risk assessment model.

The relevance, validity, and value of data sources and information for a quantified risk
assessment model depend heavily on the industry, type of workplace, and the organization’s
size and scope. For instance, larger organizations may have access to more detailed safety and
health data from external sources, such as government agencies or industry associations. This
data can provide valuable insights into workplace hazards, as well as insight into existing
policies and procedures. Additionally, organizations should assess their existing safety data to
determine its relevance and validity, and to assess the value the data provides in the
assessment model. This includes evaluating data from workplace inspections, near misses, and
other incidents in order to help identify risks and identify areas that may require additional
control measures. Additionally, data should be used to ensure compliance with applicable laws
and regulations, as well as any standards for the particular industry the organization is
operating in. Ultimately, organizations should evaluate the data sources, validity of data, and

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
the overall value of data to determine its impact in helping to implement a quantified Health
and Safety risk assessment model.

Supporting Evidence EV 4 - Incident Management Register

2.5 Evaluate the internal and external factors influencing the selection of different
risk quantification methods.
When selecting a risk quantification method, it is important to consider both internal and
external factors. Internal factors include the organization's goals, resources, and risk appetite.
External factors include the industry and regulatory landscape, competition, and market
conditions.

In terms of internal factors, an organization should consider its goals for identifying, managing,
and mitigating risk. Different risk quantification methods have different capabilities in terms of
identifying potential risks as well as measuring their likelihood and impact on the organization.
Additionally, organizations should evaluate the resources available for implementing a risk
quantification method - such as budgeting for software or hiring specialized personnel - as well
as their overall risk appetite.

External factors can also influence an organization’s choice of a risk quantification method. The
industry or sector in which an organization operates may have specific regulatory requirements
that must be followed when assessing and managing risks. Additionally, competition and
market conditions can shape an organization’s risk assessment strategy - such as when
launching a new product or service in a highly competitive space.

2.6 Develop practicable action plans that improve controls to reduce strategic risks
and present them at director / board level.
The first step is to identify the risk, assess the risk likelihood, and evaluate the potential impact
of the risks to the organization. Once the risks and potential impacts have been identified, the
next step is to develop action plans that can be implemented to address the risks. The plans
should include objectives, strategies, measurable goals, and timeframe for implementation.
This can be done by establishing a risk register.

This risk register can then be presented to directors/board level for approval, feedback, and
discussion in order to ensure the organization takes appropriate action to reduce risk and
improve control.

Finally, regular monitoring of current risks should take place, as well as reviews of new or
emerging risks, in order to identify any changes or trends which may have an impact on the
organization’s operations or finances. This will enable the organization to address any issues

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
quickly and efficiently, thereby reducing the likelihood of strategic risks occurring in the future.

Supporting Evidence EV 5 - Risk Register

2.7 Develop practicable strategies on the ways in which an organisation can assess
hazards and risks following changes in an organisation’s management, processes and /
or equipment.
1. Develop a risk assessment plan by listing the changes that have been made to the
organisation’s management, processes and/or equipment. Identify potential hazards associated
with each change and rate them according to their severity.
2. Use existing records of risk assessments to identify any existing risks that may have been
overlooked or underestimated due to the changes made in the organisation’s management,
processes, and/or equipment.
3. Consult relevant stakeholders, such as employees to gain insight into potential risks associated
with the changes made in the organisation’s management, processes and/or equipment. This will
help you gain a comprehensive view of all potential hazards and risks.
4. Review all data related to safety or health incidents resulting from the changes made in the
organisation’s management, processes and/or equipment. This will help you identify emerging
trends or patterns related to potential hazards and risks that need to be addressed promptly.
5. Develop appropriate control measures for identified hazards and risks associated with changes
made in the organisation’s management, processes, and/or equipment in order to reduce their
severity or likelihood of occurrence in future operations of the organisation.
6. Monitor risk mitigation activities closely on a regular basis in order to ensure that all identified
hazards and risks are managed efficiently by implementing appropriate control measures as
needed on an ongoing basis.

Supporting Evidence EV 5 - Risk Register

2.8 Analyse the pitfalls in any risk transfer.

The following are common pitfalls when transferring risk:

1. Not involving all stakeholders: Make sure all relevant stakeholders are involved when
transferring risk.
2. Not sufficiently analysing the risks involved: Make sure you thoroughly understand the risks and
potential consequences of transferring them.
3. Not acknowledging the legal implications: Ensure you familiarise yourself with the legal

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
requirements that must be met before any transfer of risk.
4. Not adequately assessing the value of the risks: Be prepared to properly evaluate the value of
the risks associated with the given situation before making a risk transfer decision.
5. Not understanding the potential consequences: Consider the potential consequences of
transferring risk and recognize that there may be unexpected complications that arise.
6. Not accurately documenting the risks: Make sure that any transfer of risk is accurately
documented, to protect all parties involved.

2.9 Analyse the different types and categories of strategic and dynamic risks.

Strategic risks refer to risks associated with the company's strategies and objectives such as
overall strategy and the execution of that strategy. They are difficult to predict and can potentially
have a major negative effect on the success of the company. Examples of strategic risks include:

• Market Risk: Being unable to adapt to changes in the industry.

• Regulatory Risk: Being unable to comply with relevant legal obligations or industry
standards.
• Technology Risk: Being unable to stay abreast of rapidly changing technology.
• Financial Risk: Being unable to manage short and long-term risks associated with
finance.

Dynamic risks refer to risks that arise from changes in the environment surrounding the business.
These can be strategic and operational risks. Examples of dynamic risks include:

• Human Resource Risk: Being unable to meet the demands of the workforce.
• Technology Risk: Being unable to keep up with technological advancements.
• Political Risk: Being exposed to changes in the political landscape.
• Reputational Risk: Being unable to maintain an acceptable public image.
• Environmental Risk: Being unable to anticipate and manage changes in the natural
environment.

3) Be able to Articulate risk communication strategies in various situations.

3.1 Develop practicable strategies for risk communication for a range of situations that
take stakeholders’ requirements and legal requirements into consideration.
Practical strategies for risk communication that take stakeholders’ requirements and legal
requirements into consideration include:

• Establishing Open Communication: Establishing open and transparent communication

lines between managers and stakeholders helps to ensure that risks are identified and

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
communicated in a timely and effective manner.
• Risk Education: Risk education is an important part of risk communication, and it involves
providing stakeholders with the necessary knowledge and understanding of the risks at
hand. This can include providing training, educational materials, and carrying out regular
risk assessments.
• Risk Analysis & Monitoring: Regular risk analysis and monitoring helps to identify potential
risks and create strategies for mitigating them. This helps to ensure that risks are
managed effectively.
• Developing Appropriate Risk Controls: Developing appropriate risk controls helps to
ensure that risks are managed and controlled effectively. This includes implementing a
comprehensive risk management program and ensuring that stakeholders are aware of
the risks and how they are being managed.

Supporting Evidence EV 7 - Incident Reporting and Investigation Procedure

3.2 Assign ownership and accountabilities and gain agreement from managers /
directors and the workforce for strategic and dynamic risks.
Managers and directors should be involved in the risk management process and should be
responsible for developing a comprehensive risk management strategy for the organization. The
workforce should be involved in the process as well and should be given clear instructions on how
to identify and manage risks. Additionally, it is important for all stakeholders to come to an
agreement on what ownership and accountabilities should be assigned to each stakeholder. This
agreement should be documented in a risk management plan which outlines the procedures for
identifying, measuring, and mitigating risk.

Supporting Evidence EV 6 - Signed Leadership Chatter

3.3 Evaluate the importance of effective communication and consultation in a risk

management process.
Effective communication and consultation are an essential part of a successful risk management
process. Communication helps to ensure that all relevant stakeholders are aware of the risks and
are actively involved in the process. Consultation, on the other hand, helps to identify potential
risks by gathering information from stakeholders and providing a platform for discussion.

Communication helps to ensure that everyone is aware of their role and responsibilities in the risk
management process, while consultation ensures that all stakeholders have a voice in
determining what risks should be taken into consideration and how they should be addressed.

L7 Health & Safety. Issue .1 November 2020

 Level 7 Diploma in Strategic Health & Safety Leadership and
Management
Unit 1 - Risk-Based Safety Management Systems
Overall, effective communication and consultation help to ensure the success of a risk
management process by providing stakeholders with a platform to discuss and develop solutions
for potential risks.

3.4 Analyse the way in which a crisis communication could differ from a risk
communication.
A crisis communication is an attempt to control any negative impacts of a serious, unexpected
event that is outside of an organization’s control. It focuses on conveying facts, presenting the
organization in the most favourable light, and minimizing the damage to the organization’s
reputation. By contrast, a risk communication focuses on how to communicate information about
risks associated with a particular practice, or issue, as part of an organization’s overall risk
management strategy. Risk communication is typically centred on either motivating people to
take the necessary steps to reduce their risk or reassuring the public that an organization is doing
all it can to protect the public’s safety.

Supporting Evidence EV 7 - Incident Reporting and Investigation Procedure

L7 Health & Safety. Issue .1 November 2020