The Golden Thread: How Hazards Connect Every Element of Your IMS

We've all experienced it: the call to "evacuate, evacuate, evacuate," or the sound of a horn signalling an evacuation drill. Usually, this happens once or twice a year to practice a fire drill. If you're fortunate, it might also include a small first aid exercise, but generally they are wrapped up in under 30 minutes. Then, so we think, we have completed our obligations for OH&S and/or for our ISO compliance. But have we?

At Dyadic Consultancy, we help organisations build management systems that don't just exist on paper but create tangible safety and efficiency improvements. One concept we emphasise is how everything should be connected. There is no point documenting something for the sake of it. In this example we will show how a risk assessment serves as the "golden thread" that weaves through every aspect of your Integrated Management System (IMS). Let's explore this interconnection through a practical example.

The Scenario: Overhead Crane Operations

Imagine walking through a manufacturing facility where an overhead crane transports heavy materials across the production floor. During a systematic risk assessment, your team identifies a critical hazard: the potential for a heavy object to fall and cause a catastrophic crush injury.

This single risk identification isn't isolated—it triggers a cascade of interconnected processes throughout your entire management system. Let's trace how this risk assessment flows through each element of your IMS, demonstrating the integration of ISO 9001 (Quality), ISO 14001 (Environmental), and ISO 45001 (Safety) standards.

Following the Risk Through Your IMS

Context of the Organization (Clause 4)

The identified crane risk directly influences your understanding of organisational context. The presence of overhead lifting operations becomes a crucial internal factor that affects your ability to deliver products safely and meet compliance obligations. This risk may also connect to external factors like industry accident statistics, regulatory focus areas, or insurance requirements.

Real integration example: Your organisation's risk register links this specific hazard to strategic business and ISO objectives which could be zero harm, production uptime targets, and customer satisfaction metrics.

Leadership (Clause 5)

Once identified, the crane risk demands leadership attention. Top management MUST allocate resources, assign responsibilities, and establish clear accountability for risk controls. This isn't just about safety leadership—the quality implications (potential product damage) and environmental considerations (spill risks from dropped materials) demand integrated leadership commitment.

Real integration example: Safety performance indicators related to crane operations appear on executive dashboards alongside quality metrics and environmental KPIs, with cross-functional oversight from operations, safety, and quality leaders (I'll touch on resources more in a moment).

Planning (Clause 6)

The crane risk drives planning activities across multiple functions. Teams plan maintenance schedules, develop training protocols, and production workflows that minimise exposure. This interconnected planning ensures risk mitigation is comprehensive rather than siloed.

Real integration example: Your preventive maintenance schedule for the crane is synchronised with production planning to minimise downtime while addressing both safety and quality objectives.

Support (Clause 7)

The identified risk shapes your support functions. Your training program requires specialised courses for crane operators, inspectors, and ground personnel. Communication channels need to convey crane safety procedures to all staff and visitors. Resource allocation must prioritise control measures like barrier systems, warning devices, and inspection equipment. Training Needs Analysis, qualifications, onboarding, knowledge retention, and TIME.

Real integration example: First aid training specifically includes crush injury scenarios with realistic moulage (simulated injuries), preparing responders for potential crane incidents while fulfilling compliance requirements.

Operation (Clause 8)

Operational controls stem directly from the risk assessment findings. Daily crane inspections, pre-lift checklists, and defined exclusion zones become standard operating procedures. These controls aren't just safety measures—they ensure product integrity (quality) and prevent environmental incidents from dropped materials.

Real integration example: Your operational procedures integrate quality checks of lifting equipment, environmental controls for potential spills, and safety protocols in a single crane operation standard rather than three separate documents.

Performance Evaluation (Clause 9)

Monitoring activities target the identified risk through multiple lenses: near-miss reporting for safety, process deviation tracking for quality, and incident analysis for environmental impacts. Management reviews examine crane safety performance alongside operational efficiency metrics.

Real integration example: Your audit program evaluates crane operations simultaneously against all three standards rather than conducting separate ISO 9001, 14001, and 45001 audits, looking at how controls address multiple objectives.

Improvement (Clause 10)

The ongoing focus on crane risks drives continual improvement across disciplines. Engineering improvements reduce hazards, procedural refinements enhance efficiency, and emergency response capabilities evolve based on drill findings.

Real integration example: After a crane near-miss, your corrective action process addresses not just immediate safety concerns but also examines quality implications of rushed operations and updates business continuity plans with lessons learned.

Beyond the Basics: Advanced Integration

True integration goes beyond the standard clauses to create a comprehensive approach to risk. Your emergency response procedures don't just address the immediate incident—they include:

• Business continuity protocols that activate if production is interrupted
• Media communication templates prepared for potential serious incidents
• Procedures for regulatory investigations from safety authorities
• Family support mechanisms if workers are injured
• Psychological support resources for witnesses to traumatic events

Does Management do Enough?

Given that Top Management MUST allocate resources and the organisation has identified crush injury as a major risk, how much time should be devoted to addressing it?

How much time does your organisation dedicate to significant risks annually?

As an auditor, I've observed that 30 minutes is quite generous for such scenarios. If an organisation with 100 employees spent 30 minutes solely on this risk, excluding evacuation requirements, it would equate to investing just 0.000208% of its resources in preparing to deal with the potential incident. Even adding daily pre-starts, toolbox talks, and dedicated training every year for every staff member, is likely only to move that needle to ~1% mark.

ISO requires organisations to perform and document specific actions, but this should go beyond merely checking a box. Interrogate your data, processes, and resource allocation thoroughly.

Most Likely vs Most Dangerous

Besides making me sound like bubble wrap popping when I get out of bed, my time in the Army taught me about the Most Dangerous and Most Likely courses of action (MDCOA and MLCOA). With resources limited and markets fluctuating due to US tariffs, it can be challenging to determine where to focus efforts.

This is where MDCOA and MLCOA come into play. If you identify the most dangerous potential incident for a staff member, it's crucial to allocate time to address it. However, most lost time often results from seemingly minor issues, like lifting a parcel, so attention should be given to those as well. Fortunately, ISO provides Top Management with dedicated time to discuss these matters during management meetings, so use that time well.

The Power of Integration

This example demonstrates how a single risk assessment finding influences every aspect of your management system. Rather than treating ISO standards as separate entities, an integrated approach recognises that:

• Quality risks often have safety implications
• Safety controls frequently impact operational efficiency
• Environmental hazards typically connect to both quality and safety concerns

At Dyadic, we specialise in building management systems where these interconnections are leveraged for maximum effectiveness. By treating risk as the common language across all system elements, organisations create more resilient, efficient, and compliant operations.

Ready to transform your approach to integrated management systems? Contact Dyadic to discover how we can help you build connections between risk assessment and every aspect of your business operations.