What is ISO45001?

This guide provides a quick overview of the ISO45001 standard and the main stages to implementing an Occupational Health and Safety Management System.

The links below are to our free ISO45001 resources to assist your OHSMS implementation further. These sample documents, blogs and downloadable guides have been created to provide even more guidance on the subject and make compliance easy.

Free ISO45001 Resources Links:

• ISO45001 Implementation Guide
• ISO45001 Toolkit Sample Document 
• ISO45001 Requirements Checklist
• ISO45001 Blogs 

What is ISO45001?

The ISO45001 international standard for “Occupational health and safety (OH&S) management systems– Requirements with guidance for use” was published by the ISO in 2018.

ISO45001 sets the minimum standard for workplace health and safety best practice. It provides a framework for organizations to improve their safety, reduce risks and enhance overall well-being in the workplace. It can be implemented by organizations of all sizes and industries, and can be integrated into an existing management system – fitting the same high-level structure as other ISO standards, such as ISO9001 and ISO14001.

There is no obligation to go for certification to ISO45001 and many organizations choose to simply use the standard as a set of good practice principles to guide them along the way to running their business in a safety-conscious way.

How can implementing a OH&S standard benefit your organization?

There are several benefits to implementing an OH&S management system. It allows organizations of all sizes to manage risks better and improve performance with effective policies and processes.

Other benefits include:

• Improved reputation with customers, clients and stakeholders.
• Reduction of workplace incidents by creating a safer working environment.
• Improved worker morale, and reduced absences and staff turnover – resulting in increased productivity.
• Safely meeting legal and regulatory requirements within your industry.
• Less claims can reduce the cost of insurance premiums.

The contents of the ISO45001 standard

The ISO45001 standard consists of several major headings which will be common across other standards (because they are the “Annex L” headings).

These are:

0. Introduction
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership and Worker Participation (in other standards just “Leadership”)
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

Sections 0 to 3 do not contain any requirements and so an organization would not be audited against those. They are worth a read however as they provide some useful
background to what the standard is about and how it should be interpreted.

Sections 4 to 10 set out the requirements of the standard. Requirements are often referred to as the “shalls” of the standard because that is the word usually used by ISO to show that what is being stated is compulsory if an organization is to be compliant. So the (internal and external) auditing process is basically an exercise to check whether all of the requirements are being met by the organization.

Requirements are not optional and if they are not being met then a “nonconformity” will be raised by the auditor and the organization will need to address it to gain or keep their certification to the standard.

The implementation process:

Once you have decided that ISO45001 is the right path for your organization, your implementation journey will be as follows:

1. Perform a gap analysis to see where your processes meet the requirements already and where you will need to embed new processes.
2. Implement new policies, procedures and processes across the organization that meet the requirements outlined.
3. Once you have worked through the requirements that are relevant to your organization, you can either just benefit from the improved processes or become certified to confirm your compliance.

It’s important to note when going for certification, the auditor will want to see evidence. This can take many forms and until recently was defined as a combination of “documents” (evidence of intention such as policies, processes and procedures) and “records” (evidence that something has been done). In the new versions of the standards the term “documented information” is generally used instead to cover anything that is recorded (the official definition is “information required to be controlled and maintained by an organization and the medium on which it is contained”).

This is often a major culture change in many organizations. Just doing something is no longer enough; you must be able to prove that you did something. This means keeping records in areas you maybe do not keep records now; a good example often being meeting minutes. Meetings happen, things are discussed, and decisions are made, but the auditor will not just accept your word for it. The auditor will want to see the minutes. Other examples could be training records – who was trained to do what and when? Emergency response tests – what was tested, by whom, when and what was the outcome?

The certification process:

There’s no obligation to go for certification to ISO45001 and many organizations choose to simply use the standard as a set of good practice principles to guide them to creating a safer work environment. However, certification helps show others you’re taking your health and safety management seriously.

For certification, the steps to are similar of all the ISO standards, and involve:

1. Implementing procedures and methods as requirements of the standard.
2. Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
3. The final external audit to achieve certification is by an accredited Registered Certification Body (RCB). This is in two stages. Stage one is basically a review of how ready you are for the main event, the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organization will become certified and can advertise the fact to anyone with an interest.

Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-issued certification.

How can CertiKit help?

Our ISO 45001 toolkit contains 100 documents, including template policies and procedures, checklists and guides to make your implementation journey simple and effective. With unlimited email support, document reviews and a lifetime update subscription, CertiKit ensures your compliance journey is made easy.

We also offer ISO45001 consultancy and internal auditing services to organizations in the UK, EU and +/- five hours of the UK time zone. So if you need a bit of extra help with implementation, or your internal audit requirements need meeting, click the links to see how we can help.