2 02.09.19

Content Content .............................................................................................................................................................. 2

1. Introduction ............................................................................................................................................... 3

2. Log in ......................................................................................................................................................... 3

3. MyPage ...................................................................................................................................................... 4

4. Administrator: setting up users ................................................................................................................. 6

5. Administrator: Setting up access to the Compliance module ................................................................... 7

6. Administrator: Setting up organisations ................................................................................................... 8

7. The Process Library and how to use it ....................................................................................................... 9

8. Getting started with the RISMAohs. ........................................................................................................ 10

9. How to fill out description and questionnaire......................................................................................... 11

10. How to fill out the gap analysis ........................................................................................................... 12

11. Dashboards .......................................................................................................................................... 15

12. Reports ................................................................................................................................................ 16

3 02.09.19

1. Introduction This is an introduction into using the RISMAohs tool to create, manage and document your organisations work with the ISO standard Occupational Health & Safety for ISO45001. The tool guides you through a structured process with data collection, evaluation of gaps and gap mitigations.

The logic built in to the questionnaire and gap analysis ensures that only relevant questions are visible, and that a report indicating the status can be drawn as soon as a set of questions has been answered. Your organisation can quickly and smoothly use RISMAohs to analyze and document where you are in compliance with the ISO45001, and if you identify areas with gaps, the tool can be used to set up policies, initiatives and controls to become and remain compliant.

2. Log in You will receive an e-mail with a link to the tool, your user name and a temporary password. Type the link into your preferred browser (we recommend Chrome, Firefox or Safari) and you will be directed to the following login page:

Type in your user name and your temporary password, and you will then be prompted to generate a new, personal password. After this procedure, you will have to log in again with your new password.

4 02.09.19

3. MyPage You will now be directed to your MyPage. It might look like this:

MyPage is an overview of all the tasks, initiatives and controls that you are directly involved in or responsible for.

To the left of the screen is a menu bar. You can open and close this by clicking the compass. Use the side menu bar to navigate to the different modules within the RISMA system. In the top half of the side menu bar you can select the relevant module. In the bottom half there is access to the administration module for administration users (as described in part 4 and 5). In the bottom you can select how you want to use the side menu bar.

You can send and receive notifications and chat with other users directly in the tool. In the top menu bar you can see a speech bubble icon which takes you to the “COMM module”. In the COMM module you can find all the system notifications or messages that you have received from other users. Unless you deselect this function (described below), you will also receive these notifications as e-mails.

5 02.09.19

Tailor your personal settings by clicking the small cog wheel in the top right corner by your initials. Here you can change your personal settings: password, picture, language as well as which notifications you wish to receive by e-mail.

6 02.09.19

4. Administrator: setting up users This next chapter is for users on the administrative level and guides you on how to set up new users. In the side menu bar, select “administration” in the bottom half. This will take you to the general administration page.

In the user list, you can see there is an ADM user and perhaps your own personal user. If you click the user name, you can edit user name, full name, password and e-mail. You can then add other users by clicking the “plus” symbol in the top righthand corner of the Users box.

Fill in user name, initials, password, full name and e-mail. Then select which user level the new user should have. There are four different user levels:

1) Administrator: access to everything

2) Super User: access to everything within a module

3) Privileged user: access to all activities within a given organisation

4) Regular user: access to all the activities for which they have been given responsibility

You can find a more detailed explanation of the user levels on the support site under FAQ: click on the “General” tab and then “Which user levels are there”.

Users can be added, overwritten or deleted as needed.

A user who has been assigned as responsible for initiatives or controls cannot be deleted.

In the standard package there are two default users, and it is possible to purchase further user licenses.

7 02.09.19

5. Administrator: Setting up access to the Compliance module

Once you have added the new user and selected their user level, you can give them access to the different Compliance Modules by clicking on “Click here to edit access to compliance projects”. In the Compliance administration tab “project user rights”, click on the box to the right of the user name indicating which module the user should have access to, and determine the user level:

8 02.09.19

In the Compliance Administration module, there is one further user level: the Supervisor level. The Supervisor level gives them a special dashboard overview, with an overview of all gaps, initiatives put in place and ongoing controls. The overview will allow the user to see the status of initiatives and controls, to see if the implementation plan is going as planned, or if the ongoing controls are actually being performed.

6. Administrator: Setting up organisations This next chapter is for users on the administrative level and guides you on how to set up organisations. After you set up users you can set up organisations so they reflect the structure of the departments in your company which manage ISO standards. This information is used to add the relevant departments to the tasks for which they are responsible, as well as to limit user access in the Actions and Controls modules. When setting up the organization, please be aware of the different user accesses you wish to build in RISMA. Each organisation is a way to divide the access of initiatives, controls and policies.

Once you have created a new organisation, you can add underlying organisational units if this is relevant.

Add organisations by clicking the plus in the top right corner

Overwrite organisations by opening the relevant organisation, clicking on the title and overwriting it

Delete organisations by opening the relevant organisation, and clicking the “delete organisation” button

9 02.09.19

7. The Process Library and how to use it Before or as you begin your work with RISMAohs, you will either already have a number of processes and policies or need to get these in place. The Process Library contains a registry where you can attach and describe your processes and policies. This makes it possible to fetch the relevant policy in to any relevant gap in the ISO45001 Analysis, Initiative or Control as needed as well as gain an overview of your processes and policies. In the process library you can assign responsibles, organisations, and the relevant initiatives and controls.

To get to the Process Library: In the left side menu bar, navigate to RISMAcompliance. Then select “Process Library” in the top menu bar.

The OHS node will contain separate nodes for policies, procedures and other related issues. You can add, delete, rearrange and modify the nodes as needed to match your organisation.

To work with your processes and policies, open the node. Here you can describe the policy in question, attach a file or link, assign responsibles and organisations as well as link directly to the systems, initiatives and controls which the policy applies to.

10 02.09.19

Here is an example of a policy with added responsibles and links to systems, controls and initiatives.

8. Getting started with the RISMAohs. After filling out all the background information and scope, you are now ready to begin the analysis of your ISO45001 work.

11 02.09.19

From MyPage click on RISMAcompliance in the side menu bar. This takes you to the front page of the Compliance module, where all your different compliance projects will be listed in the top menu bar, if you have access to more than OHS. To get to the OHS module, just click on the top menubar OHS, this takes you to the page below.

The most normal approach is to make one analysis of the entire organisation at once. If the organisation consists of several different legal entities, you can map your organisation by legal entities. In case you have several legal entities, begin by creating one node, then copy out the nodes and name them. If you have subsidiaries in several countries with different procedures, you can create a node per country.

Each node contains a description, a questionnaire and a gap analysis. This is where most of the data collection will be done.

9. How to fill out description and questionnaire After creating the relevant number of analysis nodes, click on the first one.

On the front page, you can write a short description, fill out the purpose and process status box and see an overview of how many questions have been answered. In the grey box, you can assign an owner, an organisation, and see an overview of Controls and Initiatives attached.

12 02.09.19

In the questionnaire, you will be guided through a brief number of questions related to the scope of the analysis and perhaps certification. These questions are aimed at capturing and mapping how the organisation complies today. You will have the option of adding additional descriptions and/or attaching further documentation to each section of the questionnaire.

10. How to fill out the gap analysis The gap analysis is structured according to the chapters in the ISO 45001. When you have assessed all the areas listed in the gap analysis, this will become the foundation for your compliance profile.

In the gap analysis, you will be guided through the different areas of the ISO 45001 and then assess how well your organisation complies with these. You can read a short description of each assessment and make an analysis of the current situation, with a free text field and the option of setting a traffic light indicating

the current status.

13 02.09.19

The traffic light has six options ranging from not set (grey) over no gap (green), small gap (blue), larger gap (yellow), critical gap (red) and not applicable (stop sign). The not applicable/stop sign collapses the assessment and hides it from view. To reopen a not applicable assessment, click the small down arrow next to the title and select a different traffic light.

Below the general analysis box is a box where you can make a general analysis of which controls or initiatives are necessary to become or remain compliant.

14 02.09.19

Next to the assessment in question, you can link to different activities by clicking the plus on the grey box reading “add links to activities”. In the screenshot below, you can see an example where there is a link to an initiative from the RISMAactions module, and you can link to a policy in the Policy Library and to a control in the RISMAcontrols module.

You can create a new initiative or control directly by clicking the plus next to the initiatives and the controls headline, and afterwards you will be able to find your new initiative in the RISMAactions module and the new control in the RISMAcontrols module. All linked activities are clickable and will take you straight to the activity in question.

15 02.09.19

After going through the gap analysis you will have a complete overview of your ISO 45001 compliance. See this overview in the dashboard and reports module.

If you have supervisor access rights, you will also be able to select reporting at this level.

11. Dashboards The OHS dashboard shows the level of compliance in different graphic presentations.

When wanting an overview of the gaps – go to dashboard and you will be able to see how the gap colors are distributed across the areas of the ohs standard. Click on the red part of the dashboard to see a list of the red gaps, or filter by deselecting the irrelevant gaps below the diagram. You can also filter by node, organisation or user.

The dashboard gives you an overview of the areas that you need to look more into and where to set actions to become compliant.

All diagrams can be annotated and are exportable in four different picture formats.

16 02.09.19

12. Reports In the report module you can create and export reports and keep an overview of your initiatives and controls related to your ohs compliance work.

Under reports you can create reports by nodes, questionnaires and gaps. The most useful report in the RISMAohs is the gap report. It is possible to make a complete list of gaps – or just the red gaps as needed. The list will show you all connected mitigating actions (Controls, policies and initiatives) or all risk analyses.

The report module contains an option for two different views. In the default view, you can see the linked activities, in the collapsed view, you can see the risk analysis connected to each assessment. The default view:

17 02.09.19

The collapsed view: