Keywords

Background

The development of traffic safety has in recent decades gradually moved from an individual road user approach to a more systems and stakeholder perspective (WHO 2004). One of the major steps was the strategies and classifications developed by Haddon (1970; WHO 2004) pointing at a more widespread set of countermeasures, many times towards organizations, technologies, and management. With the introduction of Vision Zero (Tingvall and Lie 2017; Lindberg and Håkansson 2017) in the mid-1990s, this development became even more pronounced. The “system designers and providers” were given a key role to develop and take responsibility for the provision of safety for the citizens. The methods they are supposed to use must be evidence-based and without compromising safety in return for other benefits. This was and still is a different and radical policy in comparison with earlier policies (Hauer 2016; Swedish Transport Administration 2019).

The gradually more pronounced importance of how organizations improve the safety for citizens, employed, and customers is becoming more explicit with the introduction of 2030 Agenda (or the United Nations Strategic Development Goals). Traffic safety is a global goal since 2015, and in 2020 the United Nations General Assembly (United Nations 2020) expressed that organizations, both public and private, should improve safety by “applying safe system principles to their entire value chain.” This is no doubt an expression emphasizing that organizations should apply a systematic approach to road traffic safety including employed, third parties, and customers in their attempt to eliminate road traffic deaths and serious injuries (in crashes). In doing so, the management standard ISO 39001 (ISO 2012) could be a valuable tool for the organization seeking to base its actions on sound principles and evidence-based solutions.

As part of the preparations for the 3rd Global Ministerial Conference on Road Safety, held in Stockholm in February 2020, the Academic Expert Group was formed by the Swedish Transport Administration. The “Academic Expert Group” recommendations (Swedish Transport Administration 2019) leading up to the Stockholm Declaration (2019) and the United Nations General Assembly Resolution (United Nations 2020) in 2020 stressed the importance of sustainability reporting for organizations that wish or must demonstrate progress regarding road traffic safety. Such sustainability reporting should preferably be based on known and standardized expressions of road safety goals, targets, performance, and results.

A key component in Vision Zero is the concept of shared responsibility. Every organization generating or having activities in the road transport system has an obligation to care for road traffic safety. As one cannot expect all of these organizations to have deep or even fundamental knowledge in the field of road traffic safety, support tools are essential. ISO 39001, “Road traffic safety (RTS) management systems,” is such a tool (ISO 2012).

The International Organization for Standardization (ISO) has extensive experience in developing international standards. In 2008, Sweden initiated the work to develop a management system standard for road safety, what came to be ISO 39001. The development work was coordinated by the Swedish Institute for Standards, and the Swedish Road Administration sponsored with a chairperson and extensive work. The first version of ISO 39001 was released in 2012.

At the time the ISO 9000 family for quality management standards and the ISO 14000 family for environmental management standards were widely used. The road traffic system standard for road safety was developed in the same structure as these at the time existing standards. The approach was strengthened as ISO during the process developed harmonized guidelines for all ISO management system standards. Today management standards from ISO have significant similarities making the use of more than one standard in any organization more straightforward.

Today in the year 2020 ISO 39001 is to some degree used even if it hasn’t been picked up to the same extent as the ISO management system standards for quality or environmental management.

Below some of the key components of ISO 39001 are described. They are chosen to have high relevance to Vision Zero. The complete standard can be acquired from ISO.

In the following we use organization to indicate any form of company, public or private, or any official body on national, regional, or local. ISO 39001 is usable for all of these.

ISO 39001 is a management system standard, the basis for the development of a management system. Like any management system standard, the aim of ISO 39001 is to set up a management system containing requirements that are documented and can be controlled. In a certification process, the organization should be able to confirm that it is living up to the demands in the standard and the management system they have developed. The certification can be done internally, or, in the most ambitious cases, the certification is performed by an accredited third party certification body.

The general structure follows the high-level structure of ISO management system standards starting with scope and terms/definitions. That is followed by sections on the context of the organization, leadership, planning, support, operations, performance evaluation, and finally continual improvements.

Terms and Definitions

ISO 39001 uses some essential terms and definitions that emphasize the close links to Vision Zero. The most important definition aspect is how road traffic safety is defined.

In the management standard, road traffic safety is defined as “conditions and factors related to road traffic crashes and other road traffic incidents that have an impact on, or have the potential to have an impact on death or serious injury of road users.”

Serious injury is defined as “injury with a long term health impact or non-minor harm caused to a person’s body or its functions arising from a road traffic crash.”

These definitions point out a very clear direction in line with Vision Zero; it is the negative outcome in the shape of death or long-term health impact that road safety should focus on. Minor harm or harmless incidents have second priority.

It is also of importance that road users are defined as “any person on the road.” Using this definition, organizations using ISO 39001 must take responsibility not only for their own staff and personnel but also for potential opponents in traffic that may be endangered by the operations of the organization. This responsibility includes the demand to follow up the effects on third party road users influenced by the operations of the organization.

Context of the Organization

There are not many organizations or companies that completely lack interaction with the road transport system. On the contrary, most organizations have many interfaces to road traffic safety. The understanding of these interfaces and interactions is essential when focusing road safety-related actions. Few organizations have a good understanding of their influence on road traffic safety in their entire value chain. This is why ISO 39001 demands a mapping of activities and actions the organization have in relation to the road transport system. It is also demanding a mapping of needs and exceptions on the organization that other actors may have. This includes the legal and other requirements related to road traffic safety to which the organization subscribes.

The context of the organizations should form the basis for the ways to focus traffic safety actions and how to define and measure the most traffic safety relevant progresses.

For all organizations it is essential to map how road traffic safety interacts with their complete value chain. It isn’t only about the organizations’ own use of the transport system; it is also about incoming and outgoing transports of goods and potentially passengers. Furthermore the commuting of personnel is an important element.

Understanding the extent of interaction with the road transport system is essential for all organizations that want to improve their performance in the field of road safety.

Leadership and Commitment

ISO 39001 is demanding a management system in which the top management (defined as: person or group of people who directs and controls an organization at the highest level) owns the highest responsibility. However, if the organization decides that the scope of the management system covers only a part of an organization, then the top management refers to those who direct and control that part of the organization.

There are high demands on the road traffic safety management system to be compatible with other strategies and actions in the organization. Further it should clearly state that elimination of death and serious injury in road traffic crashes is the long-term road traffic safety objective. Another fundamental basis is that the organization should develop strategic actions and select specific courses of action, building on the best available information.

It is the top management’s responsibility that the road traffic safety actions have high priority and that these actions are result-oriented.

One important role of the top management is to develop and manage a road safety policy for the organization. The policy should be appropriate to the purpose of the organization, include a framework for setting road traffic safety objectives and targets, further include commitment to satisfy applicable road safety-related requirements, and finally include a commitment to continual improvement of the road traffic safety management system.

Planning

ISO 39001, as most management system standards, are based on a plan-do-check-act procedure. The planning should be based on the understanding of the organization’s role in the road transport system and in line with the policy decided by the top management.

The organization shall follow a process that reviews its current road traffic safety performance, determines the risks and opportunities, and selects performance factors.

The road traffic safety performance factors are essential to ISO 39001. The safety performance factors are a set of predefined areas that are relevant to most organizations. It is not an all-inclusive list, but the purpose is to guide organizations into the most important factors for road safety. On these factors targets should be based and performance measured.

There are three types of performance factors in ISO 39001. The first kind is related to the exposure of the organization to road safety-related risks. They can be related to exposure factors such as travelled distance and road traffic volume, including vehicle and road user type, whether influenced or not directly influenced by the organization.

The second type of performance factors is outcome-oriented. They are called final safety outcome factors and relate to real outcome such as the number of deaths and serious injuries occurring in the complete sphere of influence of the organization.

As most organizations will have no or very few actual fatalities or even serious injuries, there are challenges in working only directly towards these final outcomes. ISO 39001 is therefore also containing “intermediate safety performance factors.” They are based on well-known and commonly used factors related to road traffic safety (Gitelman et al. 2014).

The concept behind the safety performance factors is that they should contain a known link between the factor and safety performance. By working towards improvements in the performance in the areas of the factors, real performance benefits will be generated. As the safety performance indicators are closer to operations than the final outcome, action can be better focused and followed.

ISO 39001 is presenting a set of predefined safety performance factors that organizations should choose from when developing their safety management system. Not all are relevant for all organizations, and there are organizations that potentially have a need to develop other safety performance factors, guided to their specific needs. The management system standard contains this possibility; however, the potential additional safety performance factors must be based on “best available informations” that is proven to be efficient in achieving the final outcome goals (fatalities and serious injuries).

The road safety management system standard ISO 39001 is using this wording to describe the intermediate safety outcome factors: “these safety outcome factors are related to the safe planning, design and use of the road network and of the products and services within it, the conditions for entry and exit of those products, services and users, as well as the recovery and rehabilitation of road traffic crash victims.”

The following factors are presented:

  • Road design and safe speed

  • Use of appropriate roads

  • Use of personal safety equipment (i.e., seatbelts, child restraints, bicycle helmets, and motorcycle helmets)

  • Safe driving speed

  • Fitness of drivers (fatigue, distraction, alcohol, and drugs)

  • Safe journey planning

  • Safe vehicles (occupant protection, protection of other road users, road traffic crash avoidance and mitigation, roadworthiness, vehicle load capacity, and securing of loads)

  • Appropriate authorization to drive/ride the vehicle

  • Removal of unfit vehicles and drivers/riders from the road network

  • Post-crash response and first aid, emergency preparedness, and post-crash recovery and rehabilitation

In the management system standard, the intermediate safety performance factors are described at a relatively high level of abstraction. Some of them have to be further developed by the organization using the standard. One typical example is vehicle safety. In Europe the most relevant way to measure that is by using Euro NCAP stars or points. However, that Europe-centered specific rating system has low or no coverage or validity in other parts of the world.

For any organization the selection of safety performance factors, and the specific definition used and the way to measure status and progress, is very important and should be explained in the management system.

There are substantial differences in how different safety performance factors can be influenced, measured, monitored, and reported. Using seatbelt use as an example, activities can range from policy decisions, via surveillance/measurements, to the application of seatbelt reminders or even ignition interlocks. Today’s technologies can be extremely helpful in both monitoring and supporting proper behavior.

The safety performance factors, exposure-oriented, outcome-oriented, or indicative, are used to determine, monitor, and measure road traffic safety objectives and targets. There should be clarity in what should be done, what resources would be required, who in the organization holds responsibility, when will results be available, and how the results are to be evaluated.

Achieving results demands not only focus but also resources, competence, awareness in the full organization, and its value chain and communication, internally and externally.

ISO 39001 is demanding relevant documentation of the traffic safety management system being developed and used. However, the documentation demands should reflect the size of the organization and its type of activities, processes, products and services, the complexity of processes and their interactions, and the competence of persons in the organization.

Operations

The organization is expected to deliver towards the goals set up in the planning process – all in line with management system standards. However, ISO 39001 includes a demand concerning emergency preparedness and response when fatalities or serious injury happens.

Evaluating Performance

A key component in any management system is to evaluate performance in relation to the specified goals. In ISO 39001 the demand is worded as: “The organization shall establish, implement and maintain a process to periodically evaluate compliance with applicable legal road traffic safety requirements and other road traffic safety requirements to which the organization subscribes.” It is essential to note the importance of legal requirements.

One additional way to evaluate performance and initiate further development of the management system is to investigate and understand relevant crashes and road traffic incidents. As this could be very effort-consuming, ISO 39001 is only demanding such investigation of “road traffic crashes and other incidents in which it is involved that lead, or have the potential to lead, to death and serious injuries of road users.”

The organization should make audits to verify that it is conforming its own requirements and demands with ISO 39001. The audit can be internal or external. The results should be reported to relevant management levels.

Management Review

It is the top management that in the end holds responsibility for the delivery of improved road traffic safety. In the last phase of the plan-do-check-act cycle, they should consider if the traffic safety performance is in line with the plans and if needed take corrective action. This is done in the management review of management standards. The review should according to ISO 39001 contain:

  • The status of actions from previous management reviews

  • Changes in external and internal issues that are relevant to the road traffic safety management system

  • Information on the road traffic safety performance, including trends in nonconformities and corrective actions; monitoring; measurement analysis and evaluation of results, including the extent to which RTS objectives and road traffic safety targets have been met; and audit results and evaluations of compliance with legal and other requirements to which the organization subscribes

  • Opportunities for continual improvement, including consideration of new technologies

  • Relevant communication(s) from interested parties, including complaints

  • Road traffic crash and other road traffic incident investigation

The management review should be the basis for improvements, understanding of nonconformities, and corrective action. It is also the basis for continual improvements.

Conclusion

ISO 39001 is available and has been tested and used on the market around the world. It is structured in a way that makes parallel use with ISO 9000 and ISO 14000 straightforward. There are accredited certification bodies that can certify traffic safety management systems to ISO 39001. In short, the system is available and used in organizations with traffic safety ambitions.

One potentially significant limitation of ISO 39001 is that the ambition level is defined by the organization itself. It is fully possible to work in a systematic way but with low ambition. The actual ambition level is not checked in a certification process. An organization can be certified but still have poor performance. This is important to bear in mind when/if ISO 39001 would be used on the market to further focus road traffic safety.

Discussion

The need for a systematic approach to road safety within organizations is growing, and in particular large corporations are expected to improve and report on their ambitions, performance, and results of their efforts. This concerns the entire value chains from sourcing for raw materials to the end user experience. The need for standardized universal road traffic safety management systems is therefore growing.

The United Nations General Assembly Resolution 74/86 from 2020 express that: “Calls upon businesses and industries of all sizes and sectors to contribute to the attainment of the road safety-related Sustainable Development Goals, including by applying safe system principles to their entire value chain….” To apply “safe system principles” is simply setting a zero death and serious injury target for the organization and its value chain.

Using ISO 39001 to get to grips with the road traffic safety impact and progress of an organization can lead to a systematic approach to the problem not only for the persons directly employed by the organization but also for those contracted and otherwise dependent to the organization’s processes and products. This is a radical step in the history of traffic safety and a strong complement to the traditional line of responsibility from the state/regulator to the individual driver of a vehicle.

The approach to traffic safety as defined by ISO 39001 is that the top management of the organization is responsible for road traffic safety performance and the way transports are conducted by the organization within their value chain. While the expression “value chain” is not used in ISO 39001, it is a relevant way to encapsulate what is the purpose of the wording in ISO 39001 like “context of the organisation.” A basic ISO 39001 requirement is that road rules are not violated. Such an expansion of the influence of an organization goes far beyond how road rules are normally defined and enforced. In general, they are directed towards the individual road user, even if the road user is an employed driver driving for duty at the time for a legal offense.

Road traffic safety is only to a limited degree considered by occupational health and safety regulation. If a crash with personal injuries to a professional driver normally would be seen as a matter for the occupational and health legislation, an injury to a third party would not. And an equivalent event for a contracted organization would be even less relevant in this respect. ISO 39001 as well as the way “value chains” are defined would on the other hand include all such events as relevant for the organization wishing to adopt the principles of ISO 39001. Furthermore, it is even a requirement for the organization to monitor and correct non-compliance of road rules occurring within the value chain for the organization. This is a true and radical difference to the society’s view of legal traffic-related offenses and who should be fined or otherwise subject to a legal or administrative intervention.

It is also a requirement within ISO 39001 to include and consider the traffic safety effects related to the customers of the organization, if relevant. Vehicle production and transports of goods and passengers and other products are subject to the responsibility of an organization. The definition of a value chain has the same basic inclusion criterion. This is a real challenge for a vehicle manufacturer that would have to keep track of the “safety footprint” of their vehicle production in terms of fatalities and serious injuries to their customers and third parties (Rizzi et al. 2019). The same would apply to all kinds of vehicle production like cars, trucks, buses, motorcycles, and bicycles. Statistical information based on police reports or hospital records would be complicated to use for collecting information classified by value chain. In most cases where someone has been killed or seriously injured, the value chain classification would fall into several value chains. This is an area where much efforts should be spent in order to support the introduction of ISO 39001 and other road traffic safety management systems.

One of the most striking characteristics of modern quality management is that the delivering of products and services also includes control of defects and non-compliance (and nonconformity). Sustainability reporting also includes reporting of unwanted events and negative impacts on the society, environment, etc. and also includes how such impacts will be managed and eliminated in the future. This is no doubt very different from most legal frameworks within the road transport systems where a fault, offense, or non-compliance are subject to the society’s ability to show that the offense has occurred and that someone can be judged guilty in relation to regulation. A traffic safety-related offense seen through ISO 39001 is a matter for the top management and must be handled as a non-compliance, and the organization must act to eliminate further such offenses.

The high demands and complexity of ISO 39001 might detract large organizations to comply and certify the entire organization and its value chain to ISO 39001. The step for many organizations to move from the current viewpoint that the safety of transports for an organization is mainly an issue for the individual driver to that it is the organization’s duty to secure that all transports are safe is too big. And the availability of data will be quite problematic for a large organization to gather in a short timeframe.

Taking the approach of ISO 39001 in steps might therefore be a successful way forward. The FIA (Federation Internationale de l’Automobile) has presented a “Road Safety Index” (FIA 2020) aimed at valuing and rating an organization’s value chain in relation to traffic safety. In this valuation, ISO 39001 is the main building block together with the definitions of workforce, etc., from the GRI (Global Reporting Initiative). The valuation divides the performance of an organization into “commitment, footprint, plans, monitoring, and safety culture.” The headings represent different parts of ISO 39001, and each part builds on the former part, so that the last step, safety culture, in reality means that the organization operates under the entire requirements of ISO 39001. In short, the FIA Road Safety Index is a stepwise ISO 39001, not only encapsulating the data-driven parts of the management standard but also valuing the overarching safety culture of an organization. This is an important characteristic for any safety management approach

The main purpose of the FIA Road Safety Index is to standardize road safety sustainability reporting for large organizations in relation to the financial market. By introducing a standardized benchmark and ranking system, large corporations can strive for progress to show both the financial market and the wider society. This is a double function of the FIA Road Safety Index. Building on the definitions, content, and requirements of ISO 39001 is an important characteristic and helps organizations to apply a systematic approach to traffic safety, well in line with other management systems and principles. The most complex issue seems for both value chain safety footprint and the application of ISO 39001 to an organization to define the precise range of a value chain. How many layers of suppliers and contracted parties that should be included in the value chain and “interested parties” would be a matter for the organization to define. No doubt those that are directly influenced through contracts with the organization are relevant, even if their main service or product delivered to the organization is not a mobility service, logistic task, or a vehicle. It could, as an example, be the transport of a component or the travel of a maintenance staff to a facility controlled by the organization. How many tiers this should cover to be a relevant inclusion in a value chain and seen as an interested party might be a matter of common practice rather than defined in a systematic way. In any case, there needs to be a clarification.

The possibilities to use technology for monitoring and quality assurance of vehicles, drivers, and driving were limited at the time of the development of ISO 39001. This has rapidly changed, and to have vehicles connected in real time is almost unlimited today, across the globe. It is also possible to control vehicles, for example, their speed, geographically and also depending on time, etc. This kind of geofencing is a step forward in quality assurance and would from a management system perspective mean that a certain aspect of performance is guaranteed. For an organization, this would be quite attractive as less resources can be spent on monitoring and detection of non-compliance and nonconformity as well as corrective actions. Speed, fitness to drive, non-aggressive driving styles, etc. could all be controlled and seen to be quality assured.

Vehicle technology is also developed rapidly, at least for passenger cars. As there does not seem to be a matter of high costs for mass produced cars to have advanced driving assistance systems (ADAS), there is no obvious reasons not to have the highest standards prescribed within an organization, not even for low- and middle-income countries. What seems to be problematic is that car manufacturers sometimes do not offer vehicles they produce with the highest standard to all parts of the world. Furthermore, trucks and in particular buses do not have the latest standard of safety equipment available. This is something that could be stimulated by more organizations using ISO 39001. In any case, there are no legitimate expressions that accept a lower safety standard of vehicles and associated products or services in different parts of the world.

A systematic approach to road safety for organizations would also be relevant for procurement, in particular public procurement. While there does not seem to be a widespread use of safety requirements for public procurement, it is one of the nine recommendations of the Expert Group for the 3rd Global Ministerial Conference on Road Safety to do so. It is estimated that 10–20% of the global GDP is related to public procurement, and this could form a massive economic incentive for improving road safety. The principles of ISO 39001 would fit well with the general concept that it is the provider of a product or service that control the quality and that the transport of the product and service is included in this quality requirement. This would mean that in public procurement, it is an obligation to comply with road rules without any specific clause or contract specifying what road rules that must be followed.

In general terms, the gains in applying a systematic approach to road safety, with evidence-based solutions and treatments to a fixed set of factors, are large and sustainable. The safety factors in ISO 39001 are shown to have a major impact on traffic safety (Krafft et al. 2007; Gitelman et al. 2014). With traffic safety policies more related to organizations, it is natural to seek for management systems and standards that are widely accepted. And with the 2020 United Nations General Assembly Resolution explicitly pointing towards the role and expectations on businesses and industries and their entire value chains, the need for standardized practices and reporting will grow. It seems also natural that when organizations through the financial sector will be asked to publish their safety footprint, there will be an increased demand for action.