Protect your business with our ISO 45001 consultants

At ISOexcellence, our ISO 45001 consultants work hard every day to make our clients’ information security goals a reality.

ISO is the international standard for organisational information security published by the International Standardisation Organisation (ISO). These standards determine how information in a company should be managed to protect information and privacy.

The standards of ISO 45001 compliance can be applied to any business, large or small. ISO standards require sound methods and robust information security management. ISO 45001 was designed by the world’s top experts in the field of information security. ISO certified firms signal to their customers that they have taken the necessary steps to implement effective information security.

Why does ISO matter? In the last couple of years, ISO 45001 has become the most trusted information security standard in the world, with a growing number of companies certified.

    Below we’ll list the four main reasons you should consider implementing ISO for your organisation.


    Legal compliance

    The implementation of ISO 45001 is a reliable way to ensure compliance with laws, regulations and contractual requirements. Get ahead of future regulations by proactively boosting your organisation security.


    Risk Management

    Protect your brand with robust security. Data breaches and perceptions of lax security can be a nightmare for your company’s reputation. ISO helps prevent data breaches from occurring, maintaining your customers’ trust in your company.



    With concern over data protection at an all-time high, you can use ISO certification to win over clients by emphasising your company’s robust security. Customers care deeply about the protection and security of their data.



    ISO compliance will save you money in the long run. Data breaches are expensive to resolve. By investing in information security, you can avoid costly security breaches. ISO 45001 is specifically designed to prevent incidents before they occur.

    Why pick us as your ISO 45001 consultant?

    Experience you can trust

    The biggest factor in choosing a consultant is experience. We boast a long history of serving clients across a variety of industries with their information security needs. Our expertise puts us miles ahead of the competition.

    A solid reputation

    We let our track record speak for itself. With positive client feedback and consistent satisfaction, we’re confident in our ability to serve you. Take a look at our reviews and testimonials to find out what makes us different.

    Individualised treatment

    At ISOexcellence, we can help you get ISO 45001 certified by understanding your needs and dedicating special attention to your company. Our committed professionals want to help your organisation grow, protect your brand, and keep your stakeholders safe.

    ISO 45001

    Get an ISO 45001 Quotation

      What is the difference between OHSAS 18001 and ISO 45001

      OHSAS 18001 was not a full ISO standard.  It was a specification that had recognition by some accreditation bodies only.  ISO 45001 has the full status of an ISO management system standard.  Additionally, ISO 45001 focuses on the interactions of an organisation and the business environment in which it operates.  OHSAS 18001 was more internal-focussed with an emphasis on controlling workplace hazards and other internal matters.  Other distinctions between ISO 45001 and OHSAS 18001 include:

      • ISO 45001 is process based; OHSAS 18001 was procedural
      • ISO 45001 focuses on risk and opportunities; OHSAS 18001 focused only on risk
      • ISO 45001 requires the organisation to consider interested parties and their requirements; OHSAS 18001 did not have any similar requirement

      What does ISO 45001 cover?

      ISO 45001 is built on a common framework for ISO management standards known as ISO Annex SL (also known as Annex L from the 2019 edition) which sets out the common headings for ISO standards to follow.  The main headings contained in this and other ISO standards are:

      1. Scope
      2. Normative references
      3. Terms and definitions
      4. Context of the organisation
      5. Leadership
      6. Planning
      7. Support
      8. Operation
      9. Performance evaluation
      10. Improvement
      IS0 45001

      Sections 4 to 10 contain the main provisions for organisations to implement when setting up, maintaining and continually improving their Occupational Health and Safety Management System.  The following provides a breakdown of sections 4 to 10 and what is required:

      What are ISO 45001 requirements?

      From the 10 sections within ISO 45001, Sections 4 to 10 contain the requirements for an occupational health and safety management system to fulfil for certification.  The requirements of sections 4 to 10 include:

      4. Context of the organisation

      The organisation must identify internal issues and external issues that affect its ability to achieve its health and safety objectives.  The organisation must also identify the various stakeholders, the relevant requirements of these stakeholders, and which of these requirements are or may become compliance requirements.  The standard refers to stakeholders as “interested parties”.

      5. Leadership

      Top Management must demonstrate their leadership and commitment to the Occupational Health and Safety (OH&S) Management System by developing an OH&S policy and OH&S objectives, providing the necessary resources, integrating the OH&S management system into the organisation’s business processes, ensuring the system achieves its intended outcomes, and ensuring the organisation establishes and implements a process for consultation and participation of workers.  Top Management is defined within ISO 45001 as the “person or group of people who directs and controls an organization at the highest level”.

      6. Planning

      Planning the Safety Management System requires consideration of internal and external issues and stakeholder requirements identified under section 4, and determining risks and opportunities to be addressed to ensure the OH&S management system achieves its intended outcomes, to prevent undesired effects, and achieve continual improvement.

      There must be a process for the identification of hazards and assessment of risk which takes account of various factors including: organisation of work, routine and non-routine activities, past incidents, potential emergencies, people who may be affected (employees, contractors, visitors etc), and changes in knowledge of hazards.

      There must be a process for identifying ongoing legal and other requirements, determining how these apply to the organisation and for taking these requirements into account when setting up and maintaining the safety management system.

      The organisation must define its occupational health and safety objectives, and must determine what will be done, what resources are required, who is responsible, when it will be completed, how the results will be evaluated and how the actions to achieve the objectives will be integrated into the organisation’s business processes.  The objectives and the plans to achieve them must be documented.

      7. Support

      Organisations must provide the necessary resources for the establishment, implementation, maintenance and continual improvement of the Occupational Health and Safety Management System.

      Organisations must also determine the necessary competence of workers that affect or can affect OH&S performance.  The organisation must ensure workers are competent and, where applicable, take actions to acquire or maintain competence, evaluate such actions and maintain records as evidence of competence.

      Persons working under the control of the organisation must be made aware of the OH&S policy, relevant objectives, their contribution to the effectiveness of the safety management system and the implications of not conforming to requirements.  Additionally, organisations must determine what will be communicated, when (under what circumstances and within what time constraints), to whom, and how such communications will be carried out.  The organisation’s communications processes must take account of aspects of diversity including gender, language, culture, literacy and disability.

      Document control is a core aspect of any formal management system.  Therefore, when creating and updating documentation, the documentation control processes must provide for appropriate identification, description, format, media, and review and approval for suitability and adequacy of all relevant documentation.  Document control must address additional points such as: distribution, access, retrieval and use, storage and preservation, control of changes, and retention and disposition.  Document control processes must also address documentation of external origin.

      8. Operation

      The organisation must determine, implement, control and maintain the processes needed for its OH&S management system.  In doing so, the organisation must establish criteria for the processes, implement control of the processes, maintain and retain records to the extent necessary to have confidence that its OH&S processes have been carried out as planned, and adapt work to its workers.

      Organisations must take account of the hierarchy of controls in their processes for the elimination of hazards and reduction of risk, and must manage and control changes within the OH&S management system.

      ISO 45001 requires that procurement, extending to coordination with contractors regarding hazards and risks associated with the organisation and their effect on contractors, and vice versa.  Outsourced or subcontracted processes must be controlled, ensuring that they are consistent with legal requirements.  The type and degree of control to be applied must be defined within the OH&S management system.

      The organisation must prepare for potential emergency situations, taking account of the needs of relevant interested parties.  Plans and procedures for emergencies must be developed, communicated and periodically tested.  Training must be provided for emergency responses, and relevant information must be provided to all workers.  Emergency plans must be documented and records on the results of any emergency drills should be retained as evidence of testing such plans.

      9. Performance evaluation

      ISO 45001 requires organisations to establish, implement and maintain a process for monitoring, measurement, analysis and performance of its OH&S management system.  Specifically, there is a requirement to determine what needs to be monitored and measured, the methods for monitoring and measuring, the timing of such monitoring and measuring, the criteria against which it will evaluate its OH&S performance, and when the results of monitoring and measuring will be analysed, evaluated and communicated.

      Monitoring and measuring equipment must be calibrated, used and maintained as applicable.  The results of monitoring and measurement, and calibration of equipment must be retained.

      Having already identified applicable legal and other compliance requirements, the organisation must periodically evaluate its compliance in these areas and retain records of its findings.

      Organisations must audit their safety management system, and must plan, establish, implement and maintain an internal audit programme based on the importance of the processes and the results of previous audits.  The selection of auditors must ensure objectivity and impartiality.  Audit results must be reported to relevant managers and workers and their representatives (safety representatives and/or safety committees), and other interested parties.

      Management must hold an annual review of the quality management system to ensure its ongoing suitability and effectiveness.  Topics to considered and reviewed include: changes in issues identified under section 4, the extent to which the policy and OH&S objectives were met, trends in incidents, non-conformities, corrective actions and continual improvement, results of monitoring and measuring, results of evaluation of compliance, audit results, consultation and participation of workers, adequacy of resources, relevant communications with interested parties, and opportunities for continual improvement.  The results of the management review must be documented and retained for future reference and audit.

      10. Continual improvement

      Organisations implementing ISO 45001 must develop, implement and maintain processes for reporting, investigating, and taking action in relation to incidents and nonconformities.

      The organisation must determine the causes of the incident or nonconformity, implement the necessary actions, assess risks associated with new or changed hazards prior to taking action, review the effectiveness of corrective actions, and make changes to the OH&S management system where required.  These steps are commonly managed through incident investigation and reporting, and nonconformity and corrective action processes.

      Organisations must continually improve the suitability, adequacy and effectiveness of their safety management system.

      ISO 45001 FAQ’s

      What does ISO 45001 certified mean?

      ISO 45001:2018 is an international standard published by the Organization for Internal Standards for occupational health and safety management systems.  It’s full title is “ISO 45001:2018 Occupational health and safety management systems”.  The standard sets out the requirements an organisation must fulfil to achieve certification.

      What is the current ISO 45001 standard

      The current standard is ISO 45001:2018

      What are the benefits of ISO 45001?

      Benefits associated with ISO 45001 include being able to demonstrate to stakeholders that an organisation meets internationally recognised requirements for occupational health and safety management systems.  Benefits can include reductions in accidents, improved health and wellbeing of workers, and to reduce risk.
      In many cases, achieving ISO 45001 certification is a requirement for tendering for certain projects.

      What are the primary requirements of ISO 45001?

      The main requirements are to develop an occupational health and safety management system which is in line with the detail of the standard, to operate it and continually improve it, and to maintain records of its implementation.  Further information is provided in the outline of sections 4 to sections 10 above.

      Who provides ISO 45001 certification?

      Strictly speaking, anyone can provide certification to this or any other management system standard.  However, the International Accreditation Federation is the worldwide body for Conformity Assessment Accreditation Bodies.  These are the national bodies who provide accreditation and official recognition of Certification Bodies who actually provide the certification to organisations.
      When choosing a Certification Body, it is important to select a Body which has official recognition for the certification of the relevant management systems.  This reduces the risk for your organisation when seeking to become certified.

      How much does ISO 45001 certification cost?

      There is no requirement to implement ISO 45001 or other similar safety management systems.  However, employers should be aware of their statutory duty to manage work activities, provide a safe place of work, safe plant and machinery, safe access and egress, systems of work that are planned, organised, performed, maintained and revised as appropriate etc.  Implementing a formal health and safety management system can help employers in meeting their legal requirements.

      Is ISO 45001 mandatory

      There is no requirement to implement ISO 45001 or other similar safety management systems.  However, employers should be aware of their statutory duty to manage work activities, provide a safe place of work, safe plant and machinery, safe access and egress, systems of work that are planned, organised, performed, maintained and revised as appropriate etc.  Implementing a formal health and safety management system can help employers in meeting their legal requirements.

      Request a Quote