ISO 45001: What is it, how does it work and why use it?

“What is ISO 45001?” Are you looking for a simple answer to this question?

This question arises very often and this overview is meant to provide you with information on the benefits of ISO 45001 as well as the requirements of the standard, its structure and the steps towards certification.

Origins of ISO 45001

ISO 45001, Occupational Health and Safety Management Systems – Requirements with guidance for use, is an ISO standard for occupational health and safety management systems that is recognized and implemented worldwide. This standard was published in 2018 in order to replace OHSAS 18001:2007.

Before the development of a management system standard by the ISO committee, a “Justification Study” was prepared in order to present a case for the proposed project. In relation to the development of ISO 45001, user needs are identified from the following:

1. User demands for the requirements of management system standards to be better aligned, or to enable “integration” into their organization’s management systems. This led to the development of a “High Level Structure” (often referred to as “Annex SL”) which provides a common clause sequence (structure), text, terms and definitions for its management system standards. This “High Level Structure” has been applied during the development of ISO 45001.
2. According to the OHSAS Project Group’s 2011 Survey of standards and certificates, there are now more than 90000 certificates issued in 127 countries. This fact demonstrates the need for an ISO standard for this discipline.

The “Justification Study” identified that ISO 45001 would need to:

• enable organizations to provide safe and healthy working environments
• be generic and relevant to all types and sizes of organizations, operating in any sector, and be able to accommodate diverse geographical, cultural and social conditions
• be capable of being applied to the widest possible range of organizations with varying degrees of maturity of their OH&SMS
• specify the essential components of an OH&SMS
• enable organizations to demonstrate conformity to the requirements
• enable organizations to identify, assess and control their OH&S risks and improve their OH&S performance
• align with other management system standards (in particular ISO 14001 for environmental management systems).

What is an Occupational Health & Safety Management System?

An Occupational Health & Safety Management System, often called an OH&SMS, defines the framework in which the organization cares for the occupational health and safety of its employees. It represents a set of rules, policies, processes, plans and practices for preventing occupational health and safety hazards and minimizes risks in the workplace. OH&SMS is unique for every organization and it must be adequate to the legal requirements, occupational health and safety hazards and business processes applied in the organization. ISO 45001 represents the best practices in establishing, implementing and maintaining the OH&SMS. Its requirements and guidelines help an organization to establish effective OH&SMS and to avoid missing important elements along this way.

Getting to the heart of why ISO 45001 is important

Mitigating occupational health and safety hazards and preventing injuries in the workplace is one of the most important challenges that companies face. Among the biggest benefits of implementing an OH&SMS is enhancement of company’s public image that comes with being ISO 45001 certified. Being certified against ISO 45001 demonstrates that your company belongs among those businesses that cares for its employees’ health and safety. This can bring better relationships with customers, the public, and the community, but it also brings other benefits.

Along with the good public image, many companies can save money through the implementation of an Occupational Health & Safety Management System. This can be achieved through reducing incidents resulting in injuries and being able to obtain insurance at a more reasonable cost. This improvement in cost control is a benefit that cannot be overlooked when you’re making the decision to implement an OH&SMS.

What does ISO 45001 actually look like?

The ISO 45001 consist of eleven sections. The first three sections represent an introduction to the standard, its scope and normative references, and the other seven sections contain the requirements for the Occupational Health and Safety Management System. Here is what the seven main sections are about:

Section 4: Context of the organization. This section requires the organization to determine its context in terms of the Occupational Health and Safety Management System, including interested parties and their needs and expectations. It also defines requirements for determining the scope of the OH&SMS, as well as general OH&SMS requirements.

Section 5: Leadership. This clause of the standard requires top management to demonstrate leadership and commitment to the OH&SMS, along with defining the occupational health & safety policy. The top management must also assign process owners with other roles and responsibilities.

Section 6: Planning. The planning section defines requirements for addressing risks and opportunities, and the requirements for occupational risk analysis. This clause also includes requirements for hazard identification and assessment, determining legal and other requirements, OH&S objectives and plans for achieving them.

Section 7: Support. This clause defines requirements for supporting processes and provisions of resources necessary for effective operation of the OH&SMS. It defines requirements for people, infrastructure, work environment, monitoring and measuring resources, competence, awareness, communication and documented information.

Section 8: Operation. This clause is focused on establishing operational controls to eliminate the occupational health and safety hazards, management of changes and emergency preparedness and response.

Section 9: Performance evaluation. The purpose of the requirements placed in this clause is to provide the organization with mechanisms to determine the effectiveness of the QMS. It contains requirements for necessary monitoring and measuring, including performance evaluation, compliance obligation, internal audit and management review.

Section 10: Improvement. The last section of the standard defines requirements for continual improvement of the OH&SMS, including requirements for managing nonconformities, incidents and corrective actions.

These sections are based on a Plan-Do-Check-Act cycle, which uses these elements to implement change within the processes of the organization in order to drive and maintain improvements within the processes.

Why is ISO 45001 a good idea for your organization?

There is no doubt that implementation of ISO 45001 brings benefits to the organization. As mentioned before, the number of organizations, both large and small, that have already implemented OHSAS 18001 (which is predecessor of ISO 45001) is already large and still growing. ISO 45001 brings all the benefits of OHSAS 18001, with addition of some new ones. Here are just a few of these benefits:

Improve your image and credibility. By assuring customers that you have a commitment to establish and maintain an occupational health and safety management system, you can enhance your image and market share by reducing the number of OH&S incidents on the workplace and sending a clear message that your organization takes care of its employees.

Improve cost control. One improvement that all organizations are looking for is a reduction of costs. The OH&SMS can help with this by increase rating at insurance companies, while reducing occupational health and safety incidents that may lead to lawsuits and deterioration of the organization’s image.

Use evidence-based decision making. By ensuring that you are using accurate data to make your decisions on what to improve, you can greatly increase the chances that your improvements will be successful the first time, rather than having several unsuccessful attempts. By using this data to track your progress, you can correct these improvement initiatives before they go “off the rails,” which can save costs and time.

Create a culture of continual improvement. With continual improvement, you can work toward better processes and reduced occupational health and safety hazards in a systematic way, in order to improve your public image and potentially reduce your costs. When a culture of improvement is created, people are always looking for ways to make their processes better, which makes maintaining the OH&SMS easier.

Engage your people. Given a choice between working for a company that shows care and concern for occupational health and safety and one that does not, most people would prefer the first one. By engaging your employees to reduce your occupational health and safety hazards, you can increase theirs focus and retention.

In addition to the above-mentioned benefits, the transition from OHSAS 18001 to ISO 45001 brings:

• more clarity on OH&SMS issues
• enhanced leadership involvement and worker participation in the OH&SMS
• risk-based thinking for the OH&SMS, as well as for OH&S risks
• alignment of the OH&S policy and objectives with the strategic direction of the organization
• integration of the OH&SMS into the business processes of the organization
• simplified language, common structure and terms.

What are the practical steps to become ISO 45001 certified?

What does it mean to be ISO 45001 certified? The answer to this question depends on the type of the certificate you want to attain. Organizations can get their Occupational Health and Safety Management System certified by certification bodies while individuals can get certified, for example, as ISO 45001 internal and lead auditors. This section provides information on the steps towards the ISO 45001 certification for organizations.

In order to get certified, the organization needs to implement Occupational Health and Safety Management System compliant with requirements of ISO 45001. Once the system is in place, the organization can hire certification body to perform the certification audit to determine whether the organization is compliant with the standard. After the successful audit they need to provide the certificate which testifies to the organization’s compliance with requirements of the standard.

Implementing ISO 45001 standard is a challenging task and the first step is to get the management support for such endeavor. With the top management on board, you can start identifying legal requirements regarding occupational health and safety, define the scope of the OH&SMS and OH&S policy and objectives, identify risks and opportunities and OH&S hazards and define operational controls. There are several mandatory processes that need to be included, and others to be added if the organization finds them necessary.

As part of ensuring consistency of your OH&SMS, you will need to document many procedures and policies that will communicate to the employees what you expect from them in regard to the OH&SMS. The documents can be created internally, or you can seek for external help in form of consultant or documentation templates. To see samples of documentation, visit this free ISO 45001 downloads page.

After the organization establishes the processes and necessary documented information, the system will need to operate for some time to determine whether the system is set up properly and whether some changes are necessary. By operating the OH&SMS, the organization will produce records that will demonstrate that the activities are carried out as planned. These records are necessary for auditing and reviewing your system and to achieve certification.

Mandatory steps to finish implementation and get your company certified

Documenting and implementing the OH&SMS is not enough for the certification. You also need to be sure that it is both effective and compliant with the standard. The following steps are meant to ensure this and prepare your organization for the certification audit:

1. Internal audit – The purpose of the internal audit is to determine the level of compliance of your OH&SMS with requirements of the standard. During the audit, the internal auditors will review the documents, records and processes to identify weaknesses and provide information on nonconformities.
2. Management review – This is the ultimate review of the effectiveness of your OH&SMS, the top management needs to review the information on OH&SMS performance, results of the internal audits, achievement of the objectives and changes in context of the organization. All this information will enable the top management to make decisions on how to improve the existing OH&SMS.
3. Corrective actions – Both the internal audit and management review are providing you with the information on what needs to be changed, corrected and improved. These corrective actions are the best tool for dealing with nonconformities. Corrective actions are taken to achieve full compliance with the standard.

The company certification process is divided into two stages:

Stage One (documentation review). This is the initial phase of the audit; the certification auditors will review your OH&SMS documents to get familiar with your organization and its processes prior to the main audit and to ensure your documents are compliant with requirements of ISO 45001.

Stage Two (main audit). The main audit is the most important part of the certification audit. During this phase, the certification auditors will make interviews with the top management and employees and observe your processes. Their goal is to determine the compliance of your OH&SMS not only to requirements of the standard, but also to the content to your documents examined during the first stage.

What ISO 45001 training and certification is available if you’re an individual?

ISO 45001 Lead Auditor Course. This is the most demanding course. It takes four or five days and provides you with knowledge and understanding of the requirements of ISO 45001 as well as the auditing techniques, sampling records and getting evidence during the audit. If the course is accredited, it enables you to perform certification audits on behalf of the certification body.

ISO 45001 Internal Auditor Course. This course usually takes two or three days. Unlike the Lead Auditor course, it doesn’t include a competency test and is the most appropriate for persons who want to perform internal audits within their own organizations.

ISO 45001 Awareness and Implementation Course. There are several courses that provide knowledge of ISO 45001 and how to implement it. These kinds of courses can vary in the length and amount of information provided. They can last from one to five days and include various learning materials, such as e-learning sessions, as a method of teaching the material. Courses like this are the most beneficial for persons who want to get an overview of ISO 450001, or those who will be involved in the implementation or maintenance of the OH&SMS within an organization. Such a course can be more cost-effective than investing in the lead auditor course for those who are involved at this level. There are a number of accredited training organizations around the world where you can gain individual qualifications in ISO 45001.

To learn more about ISO 45001 implementation, please visit our ISO 45001 Free download page. You’ll find a host of helpful resources.