For the past several years, the use of third parties in occupational health and safety (OHS) has been an issue in legislative and policy debates, OSHA policy discussions and the OHS community in general. We, as an OHS profession, need to understand that all third-party auditor proposals for OHS inspections must include a strong conformance-assessment system for these legislative and policy proposals to be acceptable.
What Is a "Third-Party Audit"?
Let's start with the issue of "parties." An audit can be performed by auditors who have the designation "first," "second" or "third" party.
A "first-party" audit is one in which an organization audits itself. That is, the auditor is employed by the organization that he is auditing.
First-party audits have been the preferred mode of operation for organizations. Industrial hygienists, especially those who work for large, well-funded departments within companies, have always had this role. There is a great advantage in using first-party auditors. Those auditors, by virtue of their being part of the organization, have a unique, high degree of access and understanding that might not be available to auditors who are hired from the outside.
A "second-party" audit is one in which a customer is auditing a supplier or contractor.
To me, the second-party audit is the most powerful weapon in our arsenal. The power that a customer has over a supplier or contractor is extraordinary. A customer who includes occupational health and safety requirements for being a responsive and responsible bidder on a contract can clearly define the level of protection of the worker for the jobs that need to be done. The financial impact of such specifications can be far greater than the impact of a citation given by OSHA.
A "third-party" audit commonly refers to the use of qualified individuals or entities whose services are usually paid for by the organization that is to be audited.
Third-party audits have been used in the practice of occupational and environmental health for many years. OSHA uses special governmental employees to help with Voluntary Protection Program inspections. AIHA uses members to perform audits of accredited laboratories. NSF International inspects and certifies all bottled drinking water in the United States All of these use third-party processes and audits. It is a common and well-proven mechanism.
Why Be Interested?
Third parties are being used throughout the OHS field. With third-party audits, the application of existing standards, regulations or other structures to the registration or certification of OHS programs or management systems is complex.
The elevation of the third-party issue can be attributed to three factors:
1. Proposed OSHA-reform legislation in recent sessions of Congress has contained requirements for the use of third parties in activities traditionally performed by OSHA.
2. The conformity-assessment structure developed by the International Organization for Standardization (ISO), as reflected in the ISO 9000 "quality assurance management system" and ISO 14000 "environmental management system."
3. The reference in the National Performance Review (NPR) of 1993 to the potential use of third parties in the Department of Labor. The NPR recommended that "the secretary of labor issue new regulations for work-site safety and health, relying on private inspection companies or nonmanagement companies." Such approaches are usually presented as a means of meeting legislated mandates in the face of diminishing resources and in response to calls for increased industry-government cooperation.
What Is "Conformity Assessment"?
Conformity assessment is "the determination of whether a product or process conforms to particular standards or specifications." Independent third parties have played a significant role in numerous conformity-assessment models in various sectors of the economy for many years. Conformity assessment includes a wide range of approaches applicable to sampling, testing, inspection, evaluation, verification and assurance of conformity, as well as to the certification of quality system assessment and registration, including various combinations of these procedures.
The command-and-control conformance structures of OSHA and EPA have been in prominent use for 30 years. Assessment of conformance with OSHA standards is defined in Sections 8, 9 and 10 of the OSH Act and in OSHA's Field Inspection Reference Manual. Conformance assessment and enforcement interpretations are also impacted by decisions of the Occupational Safety and Health Review Commission and the outcomes of judicial review. Noncompliance with OSHA standards and regulations is determined by OSHA inspectors.
How does OSHA use "thirdparties"? In the case of OSHA programs that use some form of third-party activity, the agency does not delegate its enforcement responsibility. Rather, these programs establish criteria that third parties must meet to be permitted to perform the verification function. OSHA staff oversee the performance of the certification to ensure that the third parties meet these criteria.
One of the criticisms of failed OSHA-reform legislation, especially related to the third-party issue, was that the bills would have severely limited OSHA's traditional enforcement capabilities without establishing a conformity assessment program.
The origins of numerous existing and evolving EHS conformity-assessment structures can be traced to activities of ISO. That is, if you are a third-party ISO auditor, there is a fail-safe program in place to see to it that you are doing your job. This fail-safe program includes auditing of the auditor and of the company that hires the auditor. This system is routinely performed in a uniform fashion on a worldwide basis. This is the conformity assessment system.
In 1995, the National Research Council's (NRC) Science, Technology and Economic Policy Board published a report, "Standards, Conformity Assessment and Trade." The NRC report presents a generic conformity-assessment model that can be applied to manufacturing, service delivery or quality management systems. (For more information read: "Analysis of Third-Party Certification Approaches Using an Occupational Health and Safety Conformity-Assessment Model," AIHA J. 59: 802-812 (1998).)
The question has been raised: "If an audit system conformity assessment structure is required, does that mean that all industrial hygienists and safety professionals must be certified to become first-, second- or third-party auditors, even if they all are CIHs or CSPs?" The answer is "yes" and "no." The answer is "yes" when the audit is performed for a specific purpose that requires a specific certification. For example, a certification is required for EHS professionals who perform ISO 14000 audits. Otherwise, no additional certification is necessary.
All audit systems need a conformity assessment system in place to ensure that audit, inspection, certification, registration, accreditation and workplace compliance inspection systems work. For all systems that are in place and working, this is true. For all systems that are proposed, this must be true. There can be no exceptions.
Critical features of a robust conformity assessment structure must include:
- A standard against which assessments are made;
- A way to perform the assessment, an agreed upon measurement method; and
- A strong accreditation mechanism whereby first, second, and third parties can be certified to perform assessments.
- A QA/QC mechanism whereby assessor performance is evaluated and modified as needed -- a means where affected parties can register complaints.
If we, as an OHS profession, work to ensure that all proposals for the use of third-party auditors for OHS inspections include a strong conformance-assessment system, then, and only then, will we have an assurance that the system will work. By "work," we mean it will help to ensure that every working man and woman has a safe and healthy workplace.
Contributing Editor Steven P. Levine, Ph.D., CIH2 (Comprehensive Practice & Chemical Aspects) is president-elect of the American Industrial Hygiene Association. He is a professor of environmental health sciences and co-director of the University of Michigan WHO Collaborating Center for Occupational Health, and adjunct professor at the Institute for International Health of Michigan State University. Charles F. Redinger, Ph.D., CIH, co-authored this article.
The opinions expressed in this column have not been debated nor endorsed by the AIHA Board of Directors.