Below we’ll list the four main reasons you should consider implementing ISO for your organisation.

Why pick us as your ISO 45001 consultant?

Get an ISO 45001 Quotation

What is the difference between OHSAS 18001 and ISO 45001

OHSAS 18001 was not a full ISO standard.  It was a specification that had recognition by some accreditation bodies only.  ISO 45001 has the full status of an ISO management system standard.  Additionally, ISO 45001 focuses on the interactions of an organisation and the business environment in which it operates.  OHSAS 18001 was more internal-focussed with an emphasis on controlling workplace hazards and other internal matters.  Other distinctions between ISO 45001 and OHSAS 18001 include:

• ISO 45001 is process based; OHSAS 18001 was procedural
• ISO 45001 focuses on risk and opportunities; OHSAS 18001 focused only on risk
• ISO 45001 requires the organisation to consider interested parties and their requirements; OHSAS 18001 did not have any similar requirement

What does ISO 45001 cover?

ISO 45001 is built on a common framework for ISO management standards known as ISO Annex SL (also known as Annex L from the 2019 edition) which sets out the common headings for ISO standards to follow.  The main headings contained in this and other ISO standards are:

Sections 4 to 10 contain the main provisions for organisations to implement when setting up, maintaining and continually improving their Occupational Health and Safety Management System.  The following provides a breakdown of sections 4 to 10 and what is required:

What are ISO 45001 requirements?

From the 10 sections within ISO 45001, Sections 4 to 10 contain the requirements for an occupational health and safety management system to fulfil for certification.  The requirements of sections 4 to 10 include:

4. Context of the organisation

The organisation must identify internal issues and external issues that affect its ability to achieve its health and safety objectives.  The organisation must also identify the various stakeholders, the relevant requirements of these stakeholders, and which of these requirements are or may become compliance requirements.  The standard refers to stakeholders as “interested parties”.

5. Leadership

Top Management must demonstrate their leadership and commitment to the Occupational Health and Safety (OH&S) Management System by developing an OH&S policy and OH&S objectives, providing the necessary resources, integrating the OH&S management system into the organisation’s business processes, ensuring the system achieves its intended outcomes, and ensuring the organisation establishes and implements a process for consultation and participation of workers.  Top Management is defined within ISO 45001 as the “person or group of people who directs and controls an organization at the highest level”.

6. Planning

Planning the Safety Management System requires consideration of internal and external issues and stakeholder requirements identified under section 4, and determining risks and opportunities to be addressed to ensure the OH&S management system achieves its intended outcomes, to prevent undesired effects, and achieve continual improvement.

There must be a process for the identification of hazards and assessment of risk which takes account of various factors including: organisation of work, routine and non-routine activities, past incidents, potential emergencies, people who may be affected (employees, contractors, visitors etc), and changes in knowledge of hazards.

There must be a process for identifying ongoing legal and other requirements, determining how these apply to the organisation and for taking these requirements into account when setting up and maintaining the safety management system.

The organisation must define its occupational health and safety objectives, and must determine what will be done, what resources are required, who is responsible, when it will be completed, how the results will be evaluated and how the actions to achieve the objectives will be integrated into the organisation’s business processes.  The objectives and the plans to achieve them must be documented.

7. Support

Organisations must provide the necessary resources for the establishment, implementation, maintenance and continual improvement of the Occupational Health and Safety Management System.

Organisations must also determine the necessary competence of workers that affect or can affect OH&S performance.  The organisation must ensure workers are competent and, where applicable, take actions to acquire or maintain competence, evaluate such actions and maintain records as evidence of competence.

Persons working under the control of the organisation must be made aware of the OH&S policy, relevant objectives, their contribution to the effectiveness of the safety management system and the implications of not conforming to requirements.  Additionally, organisations must determine what will be communicated, when (under what circumstances and within what time constraints), to whom, and how such communications will be carried out.  The organisation’s communications processes must take account of aspects of diversity including gender, language, culture, literacy and disability.

Document control is a core aspect of any formal management system.  Therefore, when creating and updating documentation, the documentation control processes must provide for appropriate identification, description, format, media, and review and approval for suitability and adequacy of all relevant documentation.  Document control must address additional points such as: distribution, access, retrieval and use, storage and preservation, control of changes, and retention and disposition.  Document control processes must also address documentation of external origin.

8. Operation

The organisation must determine, implement, control and maintain the processes needed for its OH&S management system.  In doing so, the organisation must establish criteria for the processes, implement control of the processes, maintain and retain records to the extent necessary to have confidence that its OH&S processes have been carried out as planned, and adapt work to its workers.

Organisations must take account of the hierarchy of controls in their processes for the elimination of hazards and reduction of risk, and must manage and control changes within the OH&S management system.

ISO 45001 requires that procurement, extending to coordination with contractors regarding hazards and risks associated with the organisation and their effect on contractors, and vice versa.  Outsourced or subcontracted processes must be controlled, ensuring that they are consistent with legal requirements.  The type and degree of control to be applied must be defined within the OH&S management system.

The organisation must prepare for potential emergency situations, taking account of the needs of relevant interested parties.  Plans and procedures for emergencies must be developed, communicated and periodically tested.  Training must be provided for emergency responses, and relevant information must be provided to all workers.  Emergency plans must be documented and records on the results of any emergency drills should be retained as evidence of testing such plans.

9. Performance evaluation

ISO 45001 requires organisations to establish, implement and maintain a process for monitoring, measurement, analysis and performance of its OH&S management system.  Specifically, there is a requirement to determine what needs to be monitored and measured, the methods for monitoring and measuring, the timing of such monitoring and measuring, the criteria against which it will evaluate its OH&S performance, and when the results of monitoring and measuring will be analysed, evaluated and communicated.

Monitoring and measuring equipment must be calibrated, used and maintained as applicable.  The results of monitoring and measurement, and calibration of equipment must be retained.

Having already identified applicable legal and other compliance requirements, the organisation must periodically evaluate its compliance in these areas and retain records of its findings.

Organisations must audit their safety management system, and must plan, establish, implement and maintain an internal audit programme based on the importance of the processes and the results of previous audits.  The selection of auditors must ensure objectivity and impartiality.  Audit results must be reported to relevant managers and workers and their representatives (safety representatives and/or safety committees), and other interested parties.

Management must hold an annual review of the quality management system to ensure its ongoing suitability and effectiveness.  Topics to considered and reviewed include: changes in issues identified under section 4, the extent to which the policy and OH&S objectives were met, trends in incidents, non-conformities, corrective actions and continual improvement, results of monitoring and measuring, results of evaluation of compliance, audit results, consultation and participation of workers, adequacy of resources, relevant communications with interested parties, and opportunities for continual improvement.  The results of the management review must be documented and retained for future reference and audit.

10. Continual improvement

Organisations implementing ISO 45001 must develop, implement and maintain processes for reporting, investigating, and taking action in relation to incidents and nonconformities.

The organisation must determine the causes of the incident or nonconformity, implement the necessary actions, assess risks associated with new or changed hazards prior to taking action, review the effectiveness of corrective actions, and make changes to the OH&S management system where required.  These steps are commonly managed through incident investigation and reporting, and nonconformity and corrective action processes.

Organisations must continually improve the suitability, adequacy and effectiveness of their safety management system.

ISO 45001 FAQ’s