RRC Technical Update

HSG65: Managing for Health and Safety,

3rd Edition, 2013

RRC Technical Update - HSG65: Managing for Health and Safety, 3rd Edition, 2013

HSG65: Managing for Health and Safety, 3rd Edition, 2013

HSG65 is a UK management system model that is
more than 20 years old. It is well known (in safety
circles at least) both in the UK and internationally.
The new, 3rd edition, published in 2013, has an
apparently radically revised structure. But for those of
you who were familiar with the previous editions, it is
worth first taking a look at how the old and new relate.
The previous editions were based around POPMAR:
Policy, Organising, Planning and Implementing,
Measuring Performance, Auditing, and Review (see
Figure 1). These elements are recognisable in any
management system.

Figure 1 (Based on original image from HSG65: Managing for Health and Safety, 2nd Edition, 1997
http://www.hseni.gov.uk/hsg65_successful_h_s_management.pdf)

RRC

RRC Technical Update - HSG65: Managing for Health and Safety, 3rd Edition, 2013

The current edition is arranged around the wellestablished business improvement cycle model - Plan,
Do, Check, Act (PDCA) (see Figure 2).

Risk
profiling

Planning

Organising
Policy

Learning
lessons

PLAN

DO

ACT

CHECK

Reviewing
performance

Implementing
your plans

Measuring
performance

Investigating
accidents /
incidents / near
misses

Figure 2 (Based on original image from HSG65: Managing for Health and Safety, 3rd Edition, 2013
http://www.hse.gov.uk/pubns/priced/hsg65.pdf)

RRC

RRC Technical Update - HSG65: Managing for Health and Safety, 3rd Edition, 2013

The iterative continuous improvement loop (going

round multiple times) is considerably more obvious
in the PDCA cycle, but the underlying framework
for managing health and safety has not been
radically altered. Just a different lens has been used.
For example, it is easy to spot the key elements of
POPMAR appearing in the outer wheel of PDCA (see
Figure 3).

The move to PDCA reflects the greater emphasis on

integrated business management systems in more
recent times the core framework of management
is the same whatever you are managing, though the
detail will vary. The new structure apparently makes
it easier to see the parallels with other management
systems like those for Quality and Environment and,
indeed, general business management. These all make
reference to PDCA in their respective introductions
(and then promptly ignore it in what follows).

Risk
profiling

Planning

Organising
Policy

Learning
lessons

PLAN

DO

ACT

CHECK

Reviewing
performance

Implementing
your plans

Measuring
performance

Investigating
accidents /
incidents / near
misses

Figure 3 (Based on original image from HSG65: Managing for Health and Safety, 3rd Edition, 2013
http://www.hse.gov.uk/pubns/priced/hsg65.pdf)
RRC

RRC Technical Update - HSG65: Managing for Health and Safety, 3rd Edition, 2013

Good Things Come in Threes

The 3rd edition of HSG65 is in three main parts - a sort
of trilogy (there is a fourth part, but this is simply a
list of resources, references and links). This takes you
neatly from the theory, to reviewing existing systems,
to full implementation.

Part 1: Core Elements of Managing

Health and Safety
Part 1 is a succinct overview, looking at the core
elements of health and safety management. In effect,
this can be distilled down to needing leadership
and management, worker involvement, and
competence. Much of this is recognisable as aspects
of safety culture - the behaviour and attitudes of
people. In the old POPMAR model, developing a
positive safety culture was seen as the core activity
of the Organising section and was summarised as
the 4Cs - Control, Co-operation, Communication
and Competence. In the new model, this has been
largely captured and replaced by these themes of
leadership and management, worker involvement and
competence.
The point is that people are key to its success. Systems
are developed, implemented and maintained through
people. If you dont organise and manage your people
properly, the system will just be a pile of self-serving
paperwork.
Risk profiling and legal compliance are also in
the mix as underpinning elements. Risk profiling is
essential in helping a business to understand the
risks it faces (present and future) and helps devise
effective and realistic systems to manage them. Legal
compliance is an obvious minimum standard for a
business to achieve.
These then are the core elements of health and
safety management, but delivering them consistently
requires a systematic approach. This is where the
PDCA structure can help. All these core concept
elements are used repeatedly in the parts that follow,
as a focus for targeted advice.

Part 2: Are You Doing What You Need

To Do?
Part 2 begins by again stressing the underlying
importance of risk profiling. This contextualises an
organisations threats and opportunities, prioritises
actions and helps the organisation select cost-effective
solutions, and is a feature of standards like ISO 31000.
The rest is effectively a job aid for evaluating the
state of your current systems, setting out questions
and identifying typical evidence to look for related
to the system elements. This is perhaps an obvious
first step in management system implementation,
but is all too frequently forgotten. It is essentially an
initial review or initial audit, which is a common
step in implementing other, more formal management
systems. There is an implied recognition that
organisations are likely to have at least some systems,
processes and procedures in place (however informal),
otherwise they would not be in business. There are
definite benefits in keeping what is already working,
instead of re-inventing everything.
Part 2 takes you through the issues of leadership and
management, competence, and worker involvement
explained in Part 1, providing criteria against which
you can assess your current systems, processes and
procedures. It also distinguishes between some
different sizes and types of organisations, recognising
that things may be far less formal in small businesses.
In the leadership area, for example, it indicates what
youd be looking for in a leader. Many of the criteria
are expressed as questions to ask yourself (assuming
you are a leader). Granted, some of the questions are
pitched at a high level and are more involved, but the
use of both good and bad examples helps to clarify
them. For example, flouting your own site safety rules
is in there as a negative indicator, and the presence
of ISO 9001 (formally a quality management system)
is included as a positive indicator. This reinforces
the approach that management principles are
transferrable, and that all businesses that are managed
effectively and work towards a common business
goal should, by definition, already have integrated
processes. The evidence criteria are also set out in
tables to show you what management elements look
like when they are done well and, importantly, what
they look like when they are done badly or not at
all.

RRC

RRC Technical Update - HSG65: Managing for Health and Safety, 3rd Edition, 2013

Part 3: Delivering Effective

Arrangements
Part 3 is by far the longest section and is aimed at
implementers and improvers, greatly expanding on
Part 2. The idea is that you find out where youre
not doing so well from Part 2 and look to Part 3 for
ideas on what to do about it. It references the PDCA
diagram (see Figure 2) to formulate actions in a logical
flow through the PDCA process - commencing in the
top-left quadrant and moving clockwise. Alternatively,
the process can be represented as in Table 1.
Table 1 (Based on original table in HSG65: Managing for
Health and Safety, 3rd Edition, 2013)

Plan
Do

Check
Act

Formulate POLICY
Profile your health and safety risks
ORGANISE your health and safety
IMPLEMENT your plan
MEASURE performance
Investigate accidents and incidents
REVIEW performance
Learn lessons

Whilst, like the previous version of this model, it has

plenty of woolly management terms and sentences
that are instantly forgotten, its single most important
feature is the use of very clear action lists, collected
together in boxes after each sub-topic. This is on the
whole direct and helpful in practice. For example:

Make a statement of intention. Say what you will do

to keep a safe and healthy work environment for your
workers and anyone else who could be affected by
your activities.
That directness is refreshing and difficult not to like.

RRC

Summary
The 3rd edition of HSG65 presents a revised model,
but one which is still familiar. The PDCA cycle makes
strong links back to general business improvement
processes, making the case for greater integration of
health and safety within business risk management.
The document is organised in three main parts,
delivering the basic concepts, a practical gap analysis
tool and an implementation toolbox. It is reassuring
to note that good management is good management
whatever it is aimed at.