This guide provides a quick overview of the ISO45001 standard and the main stages to implementing an Occupational Health and Safety Management System.
What is ISO45001?
The ISO45001 international standard for “Occupational health and safety (OH&S) management systems– Requirements with guidance for use” was published by the ISO in 2018.
ISO45001 sets the minimum standard for workplace health and safety best practice. It provides a framework for organisations to improve their safety, reduce risks and enhance overall well-being in the workplace. It can be implemented by organisations of all sizes and industries, and can be integrated into an existing management system – fitting the same high-level structure as other ISO standards, such as ISO9001 and ISO14001.
There is no obligation to go for certification to ISO45001 and many organisations choose to simply use the standard as a set of good practice principles to guide them along the way to running their business in a safety-conscious way.
How can implementing a OH&S standard benefit your organisation?
There are several benefits to implementing an OH&S management system. It allows organisations of all sizes to manage risks better and improve performance with effective policies and processes.
Other benefits include:
Improved reputation with customers, clients and stakeholders.
Reduction of workplace incidents by creating a safer working environment.
Improved worker morale, and reduced absences and staff turnover – resulting in increased productivity.
Safely meeting legal and regulatory requirements within your industry.
Less claims can reduce the cost of insurance premiums.
The contents of the ISO45001 standard
The ISO45001 standard consists of several major headings which will be common across other standards (because they are the “Annex L” headings).
These are:
0. Introduction
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organisation
5. Leadership and Worker Participation (in other standards just “Leadership”)
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
Sections 0 to 3 do not contain any requirements and so an organisation would not be audited against those. They are worth a read however as they provide some useful
background to what the standard is about and how it should be interpreted.
Sections 4 to 10 set out the requirements of the standard. Requirements are often referred to as the “shalls” of the standard because that is the word usually used by ISO to show that what is being stated is compulsory if an organisation is to be compliant. So the (internal and external) auditing process is basically an exercise to check whether all of the requirements are being met by the organisation.
Requirements are not optional and if they are not being met then a “nonconformity” will be raised by the auditor and the organisation will need to address it to gain or keep their certification to the standard.
The implementation process:
Once you have decided that ISO45001 is the right path for your organisation, your implementation journey will be as follows:
Perform a gap analysis to see where your processes meet the requirements already and where you will need to embed new processes.
Implement new policies, procedures and processes across the organisation that meet the requirements outlined.
Once you have worked through the requirements that are relevant to your organisation, you can either just benefit from the improved processes or become certified to confirm your compliance.
It’s important to note when going for certification, the auditor will want to see evidence. This can take many forms and until recently was defined as a combination of “documents” (evidence of intention such as policies, processes and procedures) and “records” (evidence that something has been done). In the new versions of the standards the term “documented information” is generally used instead to cover anything that is recorded (the official definition is “information required to be controlled and maintained by an organisation and the medium on which it is contained”).
This is often a major culture change in many organisations. Just doing something is no longer enough; you must be able to prove that you did something. This means keeping records in areas you maybe do not keep records now; a good example often being meeting minutes. Meetings happen, things are discussed, and decisions are made, but the auditor will not just accept your word for it. The auditor will want to see the minutes. Other examples could be training records – who was trained to do what and when? Emergency response tests – what was tested, by whom, when and what was the outcome?
The ISO45001 certification process:
There’s no obligation to go for certification to ISO45001 and many organisations choose to simply use the standard as a set of good practice principles to guide them to creating a safer work environment. However, certification helps show others you’re taking your health and safety management seriously.
For certification, the steps to are similar of all the ISO standards, and involve:
Implementing procedures and methods as requirements of the standard.
Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
The final external audit to achieve certification is by an accredited Registered Certification Body (RCB). This is in two stages. Stage one is basically a review of how ready you are for the main event, the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organisation will become certified and can advertise the fact to anyone with an interest.
Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-issued certification.
How can CertiKit help?
Our ISO 45001 toolkit includes a comprehensive set of templates and guides, and an expert support package to ensure your compliance journey is made easy.
