ISO 45001 Occupational Health and Safety – Guide 

In May 2018, a revolutionary standard, ISO 45001 was introduced. Setting out the guidelines for best Occupational Health and Safety (OH& S) practices in the workplace, it is the first internationally accepted standard of its kinds. Compliance with ISO 45001 ensures that care you provide for your employees and visitors not only covers the legal requirements but also goes out to tackle issues as employee wellbeing and continues to improve constantly to maintain a world-class level of health and safety management within your organisation.  

Designed by a committee of health and safety management specialists, ISO 45001 is a health and safety management system that surpasses geographic, economic and political borders, as well as commercial and social limitations. This makes it the benchmark for any reputable international business, regardless of its size or purpose (profit or non-profit). 


What is ISO 45001 certification?

ISO 45001 certification is not mandatory, however, it is a significant quality marker and becoming ISO 45001 certified is a certain way to increase the reputation of your organisation. 

The system was designed on the basis of evaluating existing practices, such as ISO 9001 (quality standards) and ISO 14001 (environmental standards). Going beyond that, ISO 45001 incorporates the requirements of existing occupational health and safety standards (i.e. OHSAS 18001),  as well as the labour standards and safety norms outlined by the International Labour Organization (ILO)

With an ISO 45001 certification, a business owner demonstrates that the work environment they have provided is safe and that all steps to protect employees and visitors from factors that can cause harm, illness or even death have been addressed to the highest existing international standard. ISO 45001 is unique in that it incorporates all aspects of OH&S, including mental and emotional issues, as well as the risk of physical harm. 


What is the difference between OHSAS 18001 and ISO 45001?

Before ISO 45001 came into force, OHSAS 18001 was considered the OH&S benchmark. However, ISO 18001 has officially been replaced and is soon to lose its validity. The initial transition period given to companies to migrate from 18001 to 45001 was three years, ending in March 2021. Due to the COVID-19 pandemic, the deadline has been extended till September 2021. After that, the OHSAS 18001 will no longer be recognised. 

If your business was already OHSAS 18001 certified, you would need to understand the differences between the old and the new standards to be able to adapt your existing health and safety management system and practices. 

There are four main differences between ISO 45011 and OHSAS 18001:  

  1. First: ISO 45001 is exploring the effects of the interaction between the business environment and the organisation, which helps eliminate the risk of workplace hazards, whereas OHSAS 18001 was designed to manage hazards. 
  2. Second: ISO 45001 uses a process-based approach, as opposed to the procedure-based approach employed by OHSAS 18001. The new system is interested in identifying why hazards happen in order to prevent them, instead of just mitigating existing risks. 
  3. Third: Unlike OHSAS 18001, ISO 45001 is dynamic and looks for opportunities for improvement in the existing processes. It doesn’t just address OH&S hazards but also ensures that safety management increases productivity, efficiency and the overall working conditions. 
  4. Fourth: The final major difference between the two standards is that ISO 45001 takes into account the views of interested parties in an organisation, which gives it a much broader perspective than OHSAS 18001. 

As you can see, ISO 45001 changes the way OH&S is approached altogether. Under the new standards, health and safety management is viewed in its relation to the overall organisational structure, ensuring sustainable safety. 

This, however, does not mean that all the efforts you have put into achieving OHSAS 18001 compliance will be wasted. With some improvements in place, organisations that have had OHSAS 18001 certification are expected to make an easy transition to the new ISO 45001 system. 


Who is ISO 45001 suitable for? 

If you run an international organisation, be it profit or nonprofit, having ISO 45001 certification ensures that you are compliant with the international health and safety standards. It makes safety management compliance easy for cross-border operations.

ISO 45001 is suitable for organisations of all sizes, including SMEs and large businesses. It is also the applicable OH&S standard for charities, non-profit organisations, non-government organisations (NGOs) and public sector organisations. 

If you are currently using the OHSAS 18001 standard or a national standard, such as CAN/CSA-Z1000-14, ANSI/ASSE Z10 2012, or AS/NZS 48001:2001, upgrading to ISO 45001 is the natural progression for your health and safety management strategy. 


ISO 45001: What are the benefits?

In essence, ISO 45001 is a guide for top management on how to design and implement an efficient, best-in-class, health and safety management system in the workplace. As such, it has numerous benefits for any organisation that chooses to apply it. 

Creates a safer workplace
The ILO estimates the 2.7 million people die globally as a result of accidents at work every year. There are a further 374 million non-fatal injuries worldwide annually, with each leading to a minimum of four days of sickness-related absence on average. Having a ISO 45001 system in place is key to reducing those numbers significantly. 

Facilitates superior risk management
To prevent harm to employees, visitors and customers, it is important to identify potential hazards in the workplace and implement adequate controls and measures to reduce the risk. ISO 45001 provides the requirements, while risk management software tools help you implement those successfully. 

Reduces cost due to workplace injury
Whether it’s downtime due to injury, or it’s money spent on legal fees and compensations, a workplace incident can be costly for a business. Ensuring compliance with ISO 45001 limits the probability of such cost being incurred. 

Ensures international compliance
ISO 45001 is the globally recognised OH&S standard, therefore implementing a safety management system based on compliance with it, also ensures that your organisation is compliant with international statutory and regulatory requirements.

Builds trust in the business
Despite it not being a legal requirement, ISO 45001 certification is a sign of recognition that your organisation is compliant with the highest international standards. It can work as an endorsement to external parties, demonstrating your organisation’s commitment to ensuring OH&S best practices are maintained. 

Sustainability and development
As ISO 45001 is a self-renovating health and safety management system, following the standards will create sustainably OH&S levels across the organisation. As you develop better and newer safety practices, you can be confident that your organisation is in line with the current industry OH&S standards.

Boost employee morale
Demonstrating active engagement in ensuring the highest standards of workplace safety can increase employee motivation level and productivity, resulting in better mental health and wellbeing overall. 

In summary, ISO 45001 is a health and safety management system with major benefits both for the organisation itself and people within it. It ensures superior OH&S standards are sustained, productivity is increased and strategic goals are met, all at the same time. 


What are the requirements for ISO 45001? 

To get ISO 45001 certified you must ensure that the regulations and requirements set out in the document are implemented correctly within your OH&S risk management system. However, if you haven’t worked with a similar standard before, understanding what is required may be a challenge.

Below you’ll find a summary of the seven main requirements (clauses) for ISO 45001 compliance

1.Organisational context
You are required to explore your organisation in its ever-changing context to determine what factors could impact your OH&S system. As part of that, you have to take into consideration the needs, requirements and expectations of both employees and interested third parties. With the organisational context in mind, you must determine whether the OH&S management system is applicable and sustainable, as well as its scope.

2. Management & leadership
ISO 45001 is aimed at top management and as part of the requirements, the leadership team must show commitment to establishing the best OH&S management system. This involves the implementation of H&S policies, as well as defining the roles and responsibilities in the management of health and safety. Also, the leadership must ensure that all employees who are involved in the designing, implementation and maintenance of the OHSMS have had their input.

3. Planning
All OH&S risks and opportunities that have been identified need to be addressed and actions for mitigating them should be suggested and implemented. To do that, you must have a reliable system of identifying, assessing, classifying and managing hazards in the workplace. In addition to an effective risk management strategy, the plan must also include all legal requirements that are applicable to be listed and accessible in their most current form. They should be kept up-to-date at all times. As part of the planning, OH&S goals and objectives have to be identified, along with suggestions for how to achieve them.

4. Support & Resources
For the success of your OH&S to be attainable, you must provide sufficient resources for implementation, maintenance and on-going improvements of the system. This includes resources you offer to increase awareness within the business, as well as the methods you are planning to use to communicate OH&S related information and documentation to all internal and external parties involved.

5. Operational planning and control
This is the part where your strategic planning is solidified as an actionable plan and is being implemented as such. All processes required as part of the OH&S management system implementation have to be outlined, implemented and controlled. This also applies to risk management and risk response processes. Those can include hiring contractors, outsourcing risk assessment, as well as the steps to take in case of an emergency.

6. Performance Evaluation
Once your plan has been implemented and all processes have been controlled and monitored, you have to evaluate the performance of the OH&S management system. From management review and internal audits to ensuring compliance with legal requirements, every part of the system must be evaluated and points. Any points of improvement must be outlined.

7. Improvement
If the performance evaluation has come up with non-conformities out there has been an incident at work, it is your organisation’s responsibility to manage the implementation of the relevant corrective actions. Enhancing the performance of your OH&S system ensures that it is always adequate, effective, compliant and sustainable.


How to get ISO 45001 certification? 

If you would like your business to be ISO 45001 certified, there are 8 steps to follow:

  • Step 1. Familiarise yourself with ISO 45001 and its requirements to establish how those apply to your organisation 
  • Step 2. Identify the gaps in your existing OH&S management system and perform a Risk Assessment to identify hazards, assess risks and implement relevant controls
  • Step 3. Plan the steps needed for your organisation to achieve ISO 45001 compliance
  • Step 4. Ensure all employees are given adequate training on your new 45001 system
  • Step 5. Design and document all OH&S procedures. This will include reworking your existing OH&S manual to fit with the new standard. Then you will need to document these procedures in Step 6. Use your new OHSMS for at least three months and collect records of its performance
  • Step 7. Perform internal audits to determine if the system is working 
  • Step 8. Achieve conformity via internal efforts, self-declaration of conformity and a formal registration audit by a verified third party 

During the registration audits, your OH&S will be evaluated to confirm it is compliant with all ISO 45001 requirements. If some areas fail during the audit, they will be documented as non-conformities. It will be your responsibility to adjust your system and rectify the non-conformities. Following the initial registration audit, surveillance audits will be carried out once or twice a year.


ISO 45001: FAQ

To sum up, let’s look at the most commonly asked questions in regards to the ISO 45001. You can refer to this section for a quick recap whenever you need it. 

What does ISO certified mean?
Obtaining ISO certification for your business demonstrates that your organisation’s OH&S management system is compliant with the latest international standards. 

Is ISO 45001 certification mandatory?
No, ISO 45001 certification is not a legal requirement. However, ensuring the health and safety of everyone at work is a legal responsibility of the business owner and conforming with the ISO 45001 norms ensures that.

Does ISO 45001 replace OHSAS 18001?
Yes, OHSAS 18001 certification will no longer be valid from September 2021. Yout must migrate to ISO 45001 before then to ensure compliance.

What is the purpose of ISO 45001?
ISO 45001 is an international standard for occupational health and safety designed to reduce the number of preventable, work-related injuries and deaths worldwide.  

What are the requirements for ISO 45001?
ISO 45001 requires organisations to design, plan, implement and document an effective OH&S management system. All processes must be regularly evaluated and improved to ensure that the system is always adequate, sustainable, effective and compliant with legal requirements. 

How do I get ISO 45001 certified?
You will need to learn about 45001 and evaluate your current system before developing and implementing a plan for a new safety management system. You will also need to evaluate and improve your system before having it certified during official external audits. 

Are there any tools to help me with ISO 45001 compliance?
Yes, a risk assessment and risk management software tool, such as RiskMach, can be an invaluable asset when completing the Plan-Do-Act-Check (PDCA) cycle, as it offers an effective way to streamline the entire risk management process and ensure compliance.