An international standard that specifies requirements for an occupational health and safety (OH&S) management system, ISO 45001:2018—“Occupational health and safety management systems–requirements” replaces OHSAS 18001 as the primary OH&S standard used internationally. It follows other management system approaches, including ISO 14001 and ISO 9001, and can help organizations develop a framework that improves safety, reduces workplace risks, and creates safer working conditions.

The growing globalization and fragmentation of supply chains has increased the levels of OH&S risk for multinational organizations because their business functions, and those of their suppliers and customers, cross multiple geographic boundaries. Without the assurance of a robust OH&S across that supply chain, an organization may be unwittingly exposed to substantial legal, financial, and reputational damage.

Developing a robust OH&S management system should be viewed as an opportunity, rather than a financial and administrative inconvenience. Certification to ISO 45001, delivers a competitive advantage by formally declaring that your organization takes risk management at all levels seriously. Not only will this positively impact buyer appeal, improved working conditions help an organization to become more agile, supporting both business growth and competitiveness.

ISO 45001: A new OH&S approach

Published on March 12, 2018, ISO 45001 marks a significant step in the overall effort to improve OH&S standards worldwide. The standard sets out the requirements for an OH&S management system and includes an implementation guide, enabling organizations to proactively improve OH&S performance, as well as provide a safe and healthy working environment that prevents work-related injury and ill health.

ISO 45001 emphasizes a proactive and preventive approach to risk control factors by identifying and assessing the likelihood of hazards in the workplace. It can be implemented by any size of organization in any industry, and can be integrated into other health and safety programs.

Understanding the requirements

High-level structure
ISO 45001 uses ISO's “high level structure” (HLS), so that it has a common framework with other management systems, such as ISO 9001 and ISO 14001. This uniform structure and the use of consistent definitions and terminology make it easier for organizations to pool their certifications within an integrated management system.

Aligning health and safety in a form that integrates with other management systems delivers significant cost savings because it improves application, simplifies implementation, and eliminates duplication.

Plan do check act
The plan-do-check-act (PDCA) cycle is outlined in ISO 45001, and will help organizations to continually improve performance because it can be applied to individual processes and to the OH&S management system as a whole:

Plan
• Determine and assess OH&S risks and opportunities, alongside other risks and opportunities
• Establish OH&S objectives and processes that support the organization's OH&S policy

Do
• Implement the relevant OH&S processes as planned
• Eliminate hazards and reduce OH&S risks
• Prepare for and respond to potential emergency situations

Check
• Monitor and measure activities and processes against the OH&S policy and report the results
• Evaluate compliance
• Review the organization's OH&S management system

Act
• Take actions to continually improve the OH&S performance to achieve the intended outcomes
• Report, investigate, and take action to manage incidents and nonconformities

Requirements

Requirements are described in sections 4–10 of ISO 45001. These are briefly described below.

Clause four: Context of the organization
ISO 45001 requires organizations to identify external and internal issues that will affect the intended outcomes of their OH&S management systems. This includes understanding the needs and expectations of personnel performing work or work-related activities that are under the control of the organization—not just employees. The scope of the OH&S management system must be agreed on so that its clear how far the system will apply—for example, if it is part of a larger parent organization.

Clause 5: Leadership and worker participation
Top management is required to demonstrate leadership and commitment to the organization's OH&S management system. The clause lists 13 specific requirements, including having overall accountability for the protection of workers, and spearheading a culture that supports the OH&S management system. A key requirement is to establish, implement, and maintain an OH&S policy. The consultation and participation of workers are also required.

Clause 6: Planning
The planning phase must be considered alongside the outputs of the work done to meet the requirements of clause 4. The first part of clause 6 covers actions taken to identify and address hazards, risks, and opportunities. The second part looks more specifically at how planning should be implemented to accomplish OH&S objectives. Action shall be planned to address risks and opportunities, legal and other requirements, and preparation and response to emergency situations.

Clause 7: Support
This section lays out requirements for ensuring that the OH&S plan is implemented by competent people and supported by the appropriate financial and infrastructure resources. There is a requirement to retain evidence of how workers’ competence could affect OH&S performance. Appropriate education and training, as well as raising awareness about OH&S issues, must be ensured.

A communication process must be established that makes workers aware of the OH&S policy as well as the hazards, and risks that relate to them. There must be a process for communicating information relevant to the OH&S management system, both internally and externally. Documented evidence of these practices is also required, similar to those set out in OHSAS 18001, for document control.

Clause 8: Operation
This clause covers how plans and processes, as outlined in the previous clauses, should be executed. This includes processes that eliminate hazards and reduce OH&S risks using the standard's “hierarchy of controls.” Clause 8 also includes managing change, procurement processes, and preparedness for responding to emergency situations. Procurement activities must cover the control of contractors, as well as outsourced processes and activities.

Clause 9: Performance evaluation
Organizations must ascertain what must be measured and monitored, by whom, and with what frequency, to indicate how the OH&S management system is performing. Documented evidence pertaining to this must be retained. Top management is responsible for reviewing the organization's OH&S management system.

Clause 10: Improvement
The organization must identify opportunities for improvement and take action to support the intended outcomes of the OH&S management system. Emphasis is on reporting and investigating incidents, accidents, and nonconformities. ISO 45001 contains detailed corrective action requirements. This includes determining whether similar incidents or nonconformities might occur elsewhere in the organization.

ISO 45001 vs. OHSAS 18001

Companies that have already implemented an OH&S management system in accordance with OHSAS 18001 can expect a smooth transition to ISO 45001. Nevertheless, there are some fundamental differences between the two. ISO 45001 is based on the interaction between the organization and its external business environment, as opposed to purely risk-based thinking. Overall, the perception of OH&S has shifted from procedure-based to process-based thinking, thereby recognizing workplace safety as a prerequisite for the long-term success of any organization.

How to get started

The success of an OH&S management system relies on top management's commitment. Once your organization has that, it is ready to start the ISO 45001 implementation process. Before a certification audit can take place, your organization will need to implement the management system and document its effectiveness and compliance to the standard requirements. When the management system's effect can be thoroughly proven, the certification process can be initiated.

Third-party certification

An internationally accredited certification body such as TÜV SÜD will assess your organization to the requirements of ISO 45001. During a certification process, independent and qualified auditors apply the following techniques:

Document review: Evaluation of the organization's requirements and/or documentation to ensure the systematic control of all processes relevant to ISO 45001.

On-site audit: Verification, in the form of interviews and on-site inspections, that the requirements of ISO 45001 are being implemented effectively. This includes checking processes based on records kept by the organization, such as available measurement results, minutes of meetings, training and qualification records, complaints management and records, and the resulting improvement projects instigated by the organization.

Why certify to ISO 45001?

Organizations worldwide recognize the commercial and strategic benefits of using ISO 45001 to control and improve health and safety performance.

By emphasizing a proactive approach to risk-control, certification to ISO 45001 demonstrates a strategic commitment to continuous improvement of OH&S, which in turn improves staff morale, minimizes costs, and strengthens market reputation. Third-party certification against the standard's requirements sends a strong signal to both internal and external stakeholders that your organization is committed to safe and secure business operations.