REDUCING FIRE RISK THROUGH EFFECTIVE MANAGEMENT WITH BS 9997
BS 9997 ALL YOU NEED TO KNOW Currently within the UK, there are organizations taking limited responsibility to understand their liabilities towards fire safety and maintaining knowledge of the processes and controls used to manage them. Additionally, there can be an over reliance on external providers to fulfill these obligations and with that, trust given without due diligence too these providers on the assumption they have the required competence and/ or knowledge. Coupled with a “race to the bottom” mentality and to minimize impact on other operations, corners are being cut.
The end result are gaps within organizational knowledge, areas where safety measures are not deployed correctly, poorly maintained or even completely removed. Increased risk of avoidable incidents and additional work correcting mistakes, leads to financial loss, reputational damage and worse. Unsurprisingly, in the last few years there has been a significant increase in pressure across all sectors to ensure buildings are built and maintained to an acceptable standard. Big change is coming, with higher standards and more stringent enforcement. Organizations – and individuals within those organizations - are realizing their role and responsibilities in these areas, and demand for safer buildings has never been higher.
The tools and knowledge are there to access, understanding of context and what measures to employ does require effort and resource but there are no excuses.
CONTENTS
BM TRADA
•
Introduction to Fire Risk Management
•
How it Works
•
Four Cornerstones of Fire Risk Management
•
Annex SL
•
Achieving Certification
•
Auditors Perspective
•
Conclusion
INTRODUCTION TO FIRE RISK MANAGEMENT A large number of organizations have liability in case of fire, whether that be to protect people, property or business operation. There is a vast variety of considerations to comply with these, like appropriate safety measures, building standards, various legislations divided by jurisdictions, the list goes on, but given the right consideration, they all can be managed effectively using the right processes and controls. Based on the context of each organization and its individual risks, a system can be created to manage these risks and given time, slowly improved. Done correctly, not only will this reduce risk, but can also lead to improvements in the way a business operates and even cost saving through reduced incidents or mistakes. BS 9997 is the only standard that offers a system that fulfills all of the above. Created by experts and designed to work alongside existing standards and industry practices, it provides a one stop shop for any organization. Having also been written in the Annex SL format and operating under the “plan, do, check, act” model, it will integrate into systems such as those under ISO 9001 for Quality and ISO 45001 for Operational Health and Safety, greatly reducing the operational impact for those organizations either operating or looking to implement these systems. Certifying an organization to BS 9997 will demonstrate to all stakeholders the organization has considered, committed and effectively implemented a system to manage their liabilities to fire safety.
but will be individual and specific to the organization, seamlessly integrating these into the day to day operations and instilling them as part of the culture is the goal. An effective FRMS will work alongside other processes ensuring fire risk is considered the appropriate points, appropriate actions are taken at the right time and that safety is maintained as an ongoing process. As the organization continues to operate, appropriate monitoring must be determined and maintained, impartial audits conducted aiming not at determining fault but at understating effectiveness of the system. With data collated, decisions maker will analyze the outcomes on a regular, review the system as a whole and determine if changes are required, what they will be and creating actions to address them. The FRMS will become a living system, constantly improving and changing as the organization does.
The four cornerstones of any Fire Risk Management system are: FIRE RISK ASSESSMENT PROGRAM Fire risk assessments are usually mandated by legislation but for them to be effective, it must be determined when and where they will be needed, how they are processed then reviewed and creating actions to address their outcomes.
HOW IT WORKS Creating a Fire Risk Management System (FRMS) starts with first understanding what your organization needs, what are its individual obligations, interested parties, risks and opportunities. The context of the organization will have a significant impact on how a system will be developed as not all are the same and will have to include nuances. Next will be a commitment from the organization and its management, a fire policy specific to them and their goals. No system will be effective unless backed fully, as an ongoing process with fluctuating need for resource, the ship must have a steady hand to avoid deviation from its journey. Having this in place, a list of objectives to achieve this fire policy will need to be created. As part of a system, these will be maintained, monitored and reviewed on a regular basis, giving direction for the controls and processes to follow. Support required to achieve these objectives must be determined and gathered, this covers elements such as communication, organizational awareness and infrastructure but also technical items such as organizational knowledge and competence required. This completes the “planning” stage and leads onto the “do” by establishing the processes and controls needed to achieve the above. These will fall into specific categories as mentioned later
BM TRADA
MAINTENANCE AND TESTING PROGRAM What fire safety systems are in place within the organization, how are they maintained, what competence is required and how is this recorded.
EMERGENCY PLANNING What happens in the case of fire, have the emergency services been briefed on any nuances of the organization, responsibilities been allocated to the right personnel, suitable training but also has the aftermath been considered in terms of environmental impact, displaced residents, personal property, business continuity etc.
CONTROL OF WORK ON SITE What day to day operations on site will add significant risk or those that may need to happen on a less regular basis. What competence and knowledge is required to make sure these are completed to the right standards. These operations are key to managing the organizational risk day to day, using the process of the ‘plan, do, check, act’ model, they can be integrated into an organizations existing processes and controls.
ANNEX SL As with all ISO management systems, BS 9997 follows Annex SL, which follows a high-level structure (HLS). This champions leadership, worker participation and engagement, and crucially, requires input from every level of the business. Annex SL consists of 10 core clauses.
ANNEX SL
HIGH LEVEL STRUCTURE OF CLAUSES
3
4
1
2
SCOPE
NORMATIVE REFERENCES
5
6
TERMS AND DEFINITIONS
CONTEXT OF THE ORGANIZATION
LEADERSHIP
SUPPORT
7
8
9
10
PLANNING
OPERATION
PERFORMANCE EVALUATION
IMPROVEMENT
The Annex SL link also aligns BS 9997 with other ISO management systems which some businesses may already have in place, such as, quality management (ISO 9001), occupational health and safety (ISO 45001) and environmental (ISO 14001). This streamlines processes and delivers efficiencies, saving organizations time and money.
THE BENEFITS Most importantly keeping people and premises safe from fire risks is sufficient reason for operating an FRMS, but being certified to BS 9997 can also have many more benefits for organization. Some of the key ones include: Meeting legislation: Implementing an FRMS aligned to BS 9997 helps to ensure that legislative requirements are met; that changes are correctly assessed to avoid unnecessary costs; and demonstrates a commitment towards fire safety to all stakeholders. Business development: BS 9997 certification provides assurance to customers, employees, stakeholders and the wider industry, that an organization takes fire safety seriously, and that it is being managed to the correct standard. This can be a significant benefit in terms of business retention and development. Risk management: If an incident does occur, having an implemented FRMS is a significant benefit. The organization’s response is already defined, communicated, trained, and tested so the best possible outcomes can be achieved. As well as escape from the property, emergency procedures cover things like liaising with emergency services, emergency accommodation, and business continuity – among others. This will greatly diminish the risk and impact during and after the event. BM TRADA
Business culture: Rather than acting as a ‘tick box’ exercise, BS 9997 demands continual improvement and buy-in from the senior management team, which must be cascaded throughout the business. All employees are expected to understand and follow the policies and procedures, which leads to a much more risk-aware team and a much safer environment for all stakeholders. Business security: Certification helps organizations demonstrate their willingness to comply with legal obligations, as well as potentially preventing fines, legal repercussions, individual prosecution and reputational damage resulting from legislative breaches. Systematic approach: The framework provided by a BS 9997 management system can be applied across multiple buildings, giving organizations an opportunity to understand their risks across the whole of their portfolio and a centralized approach to addressing them. Improved efficiencies: As the standard is written in the same way as an ISO standard, it can link with other management systems in the business, which makes it easier to implement within experienced management teams and offers simpler integration with existing systems, along with a recognized audit process. It is also accepted across multiple industries and can improve the procurement process, saving time, effort and money.
ACHIEVING CERTIFICATION The BS 9997 certification process should be straightforward and easily understood. It includes a detailed gap analysis, training sessions, risk assessment and two audits. All areas of the organization need to be considered, so working with the right certification body is essential to make the process manageable and easy to understand.
1 . C E R T I F I C AT I O N The initial certification process is carried out in two distinct stages. The first planned visit is a review of the documented system where it formally evaluates against the requirements of the standard. This Stage One audit acts as a gap analysis, checking whether the framework has been established and the mandatory policies, management review meetings and internal audit have taken place. This helps to establish readiness for the Stage Two audit and highlights any areas of non-compliance that may require attention. Following the assessment, a detailed written report is presented to the organization which includes any findings. Stage Two is a sample-based audit. A site assessment is carried out to verify that the system has been successfully implemented; that it is being followed by the entire team; and that the requirements of BS 9997 are being met in practice. This can be demonstrated through a review of records and by interviews with staff. It is expected that the auditor may be engaging with all levels of employee from top management down. Upon completion of a successful audit, the company will receive another formal report and a recommendation for certification will be made.
2 . R E - C E R T I F I C AT I O N
3 . E V A L U AT I O N
As with other management standards, BS 9997 is a three-year audit lifecycle, with two surveillance audits to ensure continuing compliance – one after 12 months and one after 24 months, followed by recertification.
A vital part of the BS 9997 implementation is evaluation. As part of the process, the senior management team must determine how to monitor the implementation and its success (or lack of success). Objectives need to be set, and systems should be measured over time to show how effective it is.
The aim of the three-year cycle is to cover all elements of the management system over the cycle, so if something were missed at the first surveillance, it would be looked at during the second one. Detailed audit programs are recorded to map out what will be looked at over the three-year cycle. At the first surveillance audit, the auditor will ask if there have been any significant changes or incidents in that time. Some samples will be taken, and the auditor will check that the organization is still on track and that mandatory checks are still being done. The second surveillance audit fills in any blanks before re-certification takes place. At the re-certification, the auditor will analyze trends and investigate any causes for concern.
BM TRADA
Evaluation is crucial in order to check that the system is achieving what is expected of it. Using a quantitative measure can be particularly effective, so that results can be seen over time. This not only helps organizations to demonstrate its value, but also cements the buy-in throughout the business, as the benefits of the system are clear to see. An annual management review is required, with mandatory topics for discussion. As the meetings must all be minuted, this enables auditors to look at outputs which demonstrate continual improvement and a focus on evaluation. Key to the evaluation process is breadth of correction and preventative actions. This includes the handling of non-conformities and root cause analysis; determining why problems were able to happen and what the reason was for them; and implementing corrective action.
AN AUDITOR’S PERSPECTIVE When it comes to the certification process, there are certain things that the auditors are looking for. Kieron Rafferty, Head of Audit Resources at BM TRADA. He gives his top tips for making the process as straight-forward as possible:
1. LEADERSHIP BUY IN
2. CULTURE CHANGE
One of the most important things for BS 9997 is leadership buy-in. I look for top management involvement and how they endorse the FRMS. Without endorsement, staff working under these managers will be unlikely to take the process seriously. I specifically look for examples of leadership involvement, such as how they explain the benefits to staff, and how they ensure the appropriate resources are available.
What I look for on an audit, is how successfully BS 9997 and its procedures have been ingrained into the culture and everyday life within an organization. As part of this, I will talk to staff – often at random - and expect them to know the basic strategy; the rationale behind why they’re being audited, and how it applies to them. I don’t expect staff to know about every policy, but they should understand why best practice is important and why it is being certified. A sign of a weak system is when people don’t know why they’re doing something, and they just see it as an extra level of bureaucracy.
3. ALLOCATE APPROPRIATE RESOURCE
4. CREATE A GOOD PERCEPTION OF AUDITS WITHIN THE BUSINESS
The process can be a time-intensive one, but ideally everyone in the business should play a part. Some organizations will bring in consultants to support, but it doesn’t need to be costly and can be managed internally – in fact, doing it internally is often more beneficial, as it allows everyone to get involved in a standard that will impact them and aids understanding of the rationale. I would recommend that businesses ensure sufficient resource is available, but that the load is spread throughout – a mixture of backgrounds and personalities can add significant value. Ideally it should be a diverse team with appropriate skill sets and the authority to influence and make change.
Make sure that the audit is seen as an opportunity for enhancement of process, and that any actions raised are taken as learning opportunities. If the audit is perceived by the team as a chore and a negative task, you won’t get the same level of involvement or success. If the team sees that it’s a way to drive positive change in the business and really buys into it, it can make the process much easier.
5. TAKE FINDINGS SERIOUSLY AND ACT ON THEM QUICKLY
6. SHARE BEST PRACTICE AND POSITIVE OUTCOMES
It is worth ensuring the correct personnel are involved to direct and update information and communicate out to the wider business as soon as possible. Don’t let all the hard work go to waste – it undermines the process and demotivates the team, which in turn reinforces the negative perception of audits for the next time. Ensure that those working on the findings close out are given as much team assistance as possible - look to work collectively and collaboratively.
Seeing the results and change borne from the process is the best way to motivate staff to keep it up and to appreciate the value. It’s also the reason why the work is done in the first place, so don’t forget to complete the circle and share the rewards.
BM TRADA
CONCLUSION Awareness of the responsibility organizations have to keep their property, operations and people safe from fire has never been higher. Legislative changes and industry reforms are on the way if not already in place in some jurisdictions, the demand for better compliance is well underway. Any organization should be running some form of system to manage their fire risk, those who don’t have an exposure to risk that is not sustainable. Those who currently don’t operate sufficient systems through to those who do have mature operations, the advantages using such a comprehensive standard created with an internationally recognized model should be obvious. Implementing now will have an immediate impact on any organization, saving resource, reducing the likelihood of an emergency and lessening the impact if there is. Achieving certification will reduce risk of poor implementation, secure existing relationships and open further opportunities.
BM TRADA
ABOUT BM TRADA Part of the Element Group, we specialize in providing a comprehensive range of independent testing, inspection, certification, technical and training services. We help organizations to demonstrate their business and product credentials and to improve performance and compliance. Our team has many decades of experience and provides a certification process that is thorough and robust, striving to provide clarity and support along the way. And, using a UKAS-accredited certification body like us ensures the BS 9997 certification will be readily accepted by many regulators, suppliers and purchasers across the world. We exist to help our customers to make certain that the management systems, supply chain and product certification schemes they operate are compliant and fit for purpose.
To find out more contact: cert.admin@bmtrada.com +44 1494 569 750
bmtrada.com BM TRADA