"

Glossary

This glossary gives definitions of terms used in standards and handbooks published by ISO, IEC, Standards Australia, and Standards New Zealand. Some legal and other terms are also referenced.

Two important words distinguished

Many people (including lawyers and judges) confuse the words practical and practicable. Practicable is an important part of the reasonably practicable test in the Health and Safety at Work Act 2015 and, as an occupational health and safety professional, you should know the difference.

Practical means useful, concerned with practice, likely to be effective in real circumstances.
Practicable means feasible, able to be done, or able to put into practice successfully.

Example:

Jo is a practical OHS person and has devised a practicable solution for our machine guarding problem.

Definitions from standards and legislation

Audit is “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled”

Note 1: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).

Note 2: “Audit evidence” and “audit criteria” are defined in ISO19011.

Audit client is an “organisation or person requesting an audit”.

Audit conclusion is the “outcome of an audit, provided by the audit team after consideration of the audit objectives and all audit findings”.

Audit criteria are a “set of policies, procedures or requirements” and are used as a “reference against which audit evidence is compared”

Audit evidence is “records, statements of fact or other information, which are relevant to the audit criteria and verifiable”; it “may be qualitative or quantitative”

Audit findings are “results of the evaluation of the collected audit evidence against audit criteria” and “can indicate either conformity or nonconformity with audit criteria or opportunities for improvement”. It is essential the audit findings be evidence-based if they are to be relied on.

Audit plan is a “description of the activities and arrangements for an audit”.

Audit programme is a “set of one or more audits planned for a specific timeframe and directed towards a specific purpose”; it “includes all activities necessary for planning, organisation and conducting the audits”.

Audit scope sets out the “extent and boundaries of an audit”. It “generally includes a description of the physical locations, organisation units, activities and processes, as well as the time period covered”.

Audit team consists of “one or more auditors conducting an audit, supported if needed by technical experts”. Usually “one of the audit team is appointed as the audit team leader”.

Auditee is an “organisation as a whole or parts thereof being audited”.

Auditor is a “person who conducts an audit”.

Combined audit is an “audit carried out at a single auditee on two or more management systems”.

Commitment  is “The state or quality of being dedicated to a cause or policy” (Concise Oxford Dictionary).

Competence is “ability to apply knowledge and skills to achieve intended results”.

Conformity is “fulfilment of a requirement”

Consequence is the “outcome of an event affecting objectives”

Consultation is a “process by which the organisation seeks the views of the workers before it makes a decision” (ISO45001)

Continual improvement is “recurring activity to enhance performance”.

Contractor is an “external organisation providing services to the organisation at a workplace in accordance with agreed specifications, terms and conditions”

Note 1: Services may include construction activities.

Correction is “action to eliminate a detected nonconformity”.

Corrective action is “action to eliminate the cause(s) of a nonconformity or an incident and to prevent recurrence”.

Dependability is the “ability to perform as and when required” (IEC62508).

Documented information is “information required to be controlled and maintained by an organisation and the medium on which it is contained.

Note 1: Documentation can be in any format and media and from any source.

Note 2: Documentation can refer to

    • the management system, including related processes
    • information created in order for the organisation to operate (documentation)
    • evidence of results achieved (records)

Effectiveness is the “extent to which planned activities are realised and planned results achieved”.

Event is an “occurrence or change of a particular set of circumstances”

Human error is the “discrepancy between human action taken or omitted, and the action intended” (IEC62508).

Human factors are the “scientific discipline concerned with the understanding of interactions among human and other elements of a system that applies theory, principles, data and methods to design in order to optimize human well-being and overall system performance” (IEC62508).

Human reliability is the “capability of human beings to complete a task under a given condition within a defined period of time and within the acceptance limits (IEC62508).

Interested party (preferred term) or stakeholder (admitted term) is a “person or organisation that can affect, be affected by, or perceive themselves to be affected by a decision or activity”

Incident is “occurrence(s) arising out of or in the course of work that could or does result in injury and ill health” (ISO45001).

Note 1: An incident where injury and ill health occurs is referred to by some as an “accident.”

Note 2: An incident where no injury and ill health occurs but has the potential to do so may be referred to as a “near-miss”, “near-hit”, “close call”.

Note 3: Although there can be one or more nonconformities related to an incident, an incident can also occur where there is no nonconformity.

Joint audit is an “audit carried out at a single auditee by two or more auditing organisations”.

Legal requirements and other requirements are “requirements established by law that are applicable to the organisation, legally binding obligations of the organisation and requirements to which the organisation subscribes (ISO45001).

Note 1: For the purposes of this International Standard, legal requirements and other requirements are those relevant to the management system.

Note 2: Legally binding obligations may include the provisions in collective agreements.

Note 3 Legal requirements and other requirements include those that identify the persons who are workers’ representatives in accordance with laws, regulations, collective agreements and practice.

Likelihood is the “chance of something happening”.

Management system is a “set of interrelated or interacting elements of an organisation to establish policies and objectives and processes to achieve those objectives.

Note 1: A management system can address a single discipline or several disciplines.

Note 2: The system elements include the organisation’s structure, roles and responsibilities, planning, operation, etc.

Note 3: The scope of a management system may include the whole of the organisation, specific and identified functions of the organisation, specific and identified sections of the organisation, or one or more functions across a group of organisations.

Mandate is “an official order or commission to do something” (Concise Oxford Dictionary).

Material is “significant; important” (Concise Oxford Dictionary); “having real importance or great consequences” (Merriam Webster online).

Measurement is a “process to determine a value”.

Monitoring is “determining the status of a system, a process or an activity”.

Note 1: To determine the status there may be a need to check, supervise or critically observe.

Nonconformity is “non-fulfilment of a requirement”

Organisation is a “person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives”.

Note 1: The concept of organisation includes but is not limited to sole trader, company, corporation, firm, enterprise, authority, partnership or institution, or part of combination thereof, whether incorporated or not, public or private”.

[See also definition of person having control of a business or undertaking in HSWA, and company in the Companies Act]

Objective is a “result to be achieved”

Note 1: An objective can be strategic, tactical, or operational.

Note 2: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organisation-wide, project, product and process.

Note 3: An objective can be expressed in other ways, eg, as an intended outcome, a purpose, an operational criterion, as an XXX objective, or by the use of other words with similar meaning (eg, aim, goal, or target).

Note 4: In the context of management systems, objectives are set by the organisation, consistent with the policy, to achieve specific results.

Objective evidence is “data supporting the existence or verity of something”.

Observer is an “individual who accompanies the audit team but does not act as an auditor”.

Outsource (verb) is to “make an arrangement where an external organisation performs part of an organisation’s function or process”.

Note 1: An external organisation is outside the scope of the management system, although the outsourced function or process is within the scope.

Participation is the “involvement of workers in decision-making process(es) in the OH&S management system” (ISO45001).

Performance is “measurable result”

Note 1: Performance can relate either to quantitative or qualitative findings. Results can be determined and evaluated by qualitative or quantitative methods.

Note 2: Performance can relate to the management of activities, processes, products (including services), systems or organisations.

Performance-shaping factors are the “characteristics of the external environment, of the task and of humans that shape individual performance”(IEC62508).

Policy is “intentions and direction of an organisation as formally expressed by its top management”.

Probability is the “measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility and 1 is absolute certainty”.

Process is a “set of interrelated or interacting activities that use inputs to deliver an intended result”.

Requirement is the “need or expectation that is stated, generally implied or obligatory”.

Note 1: “Generally implied” means that it is custom or common practice for the organisation and interested parties that the need or expectation under consideration is implied.

Note 2: A specified requirement is one that is stated, for example in documentation.

Review is “an activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives”.

Note 1: Review can be applied to a risk management framework, risk management process, risk or control”

Note 2: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

Risk is the “effect of uncertainty on objectives”.

Note 1: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities or threats.

Note 2: Objectives can have different aspects and categories and can be applied at different levels.

Note 3: Risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood.

Risk assessment is “overall process of risk identification, risk analysis and risk evaluation”.

Risk financing is a “form of risk treatment involving contingent arrangements for the provision of funds to meet modify the financial consequences should they occur.

Risk management framework is a “set of components that provide the foundations and organisation arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation”.

Risk management is the “coordinated activities to direct and control an organisation with regard to risk”.

Risk management process is “systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk”.

Risk owner is “person or entity with the accountability and authority to manage a risk”.

Risk treatment is a “process to modify risk”.

Note 1: risk treatment can involve:

    • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
    • taking or increasing risk in order to pursue an opportunity
    • removing the risk source
    • changing the likelihood
    • changing the consequences
    • sharing the risk with another party or parties (including contracts and risk financing)
    • retaining the risk by informed decision

Requirement is the “need or expectation that is stated, generally implied or obligatory”.

Note 1: “Generally implied” means that it is custom or common practice for the organisation and interested parties that the need or expectation under consideration is implied.

Note 2: A specified requirement is one that is stated, for example, in documented information.

Situational awareness is the “human perception of the elements in the environment within a volume of time and space, the comprehension of their meaning and the projection of their status in the near future”(IEC62508).

System is a “set of interrelated or interacting elements”(IEC62508).

Technical expert is a “person who provides specific knowledge or expertise to the audit team”. “Specific knowledge or expertise is that which relates to the organisation, the process or activity to be audited, or language or culture”. “A technical expert does not act as an auditor in the audit team”.

Top management is “person or group of people who directs and controls an organisation at the highest level”.

Note 1: Top management has the power to delegate authority and provide resources within the organisation provided ultimate responsibility for the management system is retained.

Note 2: If the scope of the management system covers only part of an organisation, then top management refers to those who direct and control that part of the organisation.

Worker “means an individual who carries out work in any capacity for a PCBU, including …” (HSWA section 19).

Worker is a “person performing work or work-related activities that are under the control of the organisation”(ISO45001).

Note 1: Persons perform work or work-related activities under various arrangements, paid or unpaid, such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis.

Note 2: Workers include top management, managerial and non-managerial persons.

Note 3: The work or work-related activities performed under the control of the organisation may be performed by workers employed by the organisation, or other persons, including workers from external providers, contractors, individuals, and situations where the organisation has some degree of control over the workers such as agency workers.

Workplace is a “place under the control of the organisation where a person needs to be or to go by reason of work”(ISO45001).

Note 1: The organisation’s responsibilities under the OH&S management system for the workplace depends on the degree of control over the workplace.

Licence

Icon for the Creative Commons Attribution-NonCommercial 4.0 International License

Achieving acceptable certainty in the workplace Copyright © 2025 by Te Herenga Waka—Victoria University of Wellington is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.

Share This Book