What You Need to Know About ISO 45001

What You Need to Know About ISO 45001

Published February 22, 2023

6 minute read

Join us in this two-part blog series all about ISO 45001. In part one, you will learn what ISO 45001 is, as well as how it differs from OHSAS 18001. In part two, dive into how to become ISO 45001 certified. Let’s get started!  

ISO 45001 is an international standard. It provides a framework for organizations to implement effective Occupational Health and Safety (OH&S) management systems. Organizations can demonstrate their commitment to protecting the health and safety of employees by implementing this standard. Moreover, this will help to improve their business processes.  

Do you know the costs of work-related diseases and accidents in your organization?  

According to the International Labor Organization (ILO), over 7,600 people die each day from work-related accidents or diseases. This adds up to over 2.78 million every year! The human cost is vast, with the economic burden of poor occupational health and safety practices estimated at 3.94 per cent of global Gross Domestic Product each year. 

The bottom line: Implementing the ISO 45001 framework could help you protect your people and your business. 

This is how to do it.  

Download our whitepaper ISO 45001 Benefits and Pitfalls to Accreditation to learn how to successfully receive accreditation.  

Learn About and Understand the Standard: What is ISO 45001? 

If you want to manage health and safety well, you need to start with a systematic framework. The ISO 45001 Standard is an ISO international standard providing this framework. 

ISO 45001 helps any type of organization prevent work-related deaths, injuries, and illnesses. It also helps organizations stay compliant with legal requirements, systematically improve safety performance, and reach set OH&S objectives. 

Although an external audit of your safety management system is not mandatory, it is the only way to ensure certification. Alternatively, one can choose Self-Declaration of Conformance, to avoid the associated costs of Certification. Business partners may require or prefer suppliers and contractors who hold an ISO 45001 compliant OH&S certificate. 

The main objective of ISO 45001 is to ensure organizations are able to provide a safe and healthy working environment for their employees. The standard covers areas such as risk assessment, training, emergency preparedness, monitoring and measurement. 

It also provides guidance on how to design and implement effective OH&S management which aligns with applicable laws and regulations. To gain certification, organizations must demonstrate compliance with all of the requirements outlined in the standard.  

The standard uses the same high-level structure as the quality management standard ISO 9001:2015 and the environmental standard ISO 14001:2015, as defined in Annex L, formerly known as Annex SL. The high-level structure starts with three introductory information clauses. These clauses are followed by seven clauses based on the Plan – Do – Check – Act cycle as seen below. 

Introductory Information: 

Clause 1: Scope 

Clause 2: References (to associated guidelines, none) 

Clause 3: Terms and definitions 


Clause 4: Context of the organization 

Clause 5: Leadership and worker participation 

Clause 6: Planning 


Clause 7: Support 

Clause 8: Operation 


Clause 9: Performance evaluation 


Clause 10: Improvement 

The PDCA cycle ensures continual improvement of the management system. Read our EHS Management’s Continuous Improvement Guide to learn more about how to use continuous improvement as your competitive advantage.  

How does the new ISO 45001 differ from OHSAS 18001? 

ISO 45001 focuses on processes, the organization as a whole, and different stakeholders. It also emphasizes both risks and opportunities. OHSAS 18001 is procedure-based, does not consider interested parties outside the organization, and deals exclusively with risk. 

ISO 45001 requires organizations to identify the potential hazards in the workplace and then develop strategies to mitigate those risks. This includes assessing the risk level associated with each hazard. Additionally, procedures must be developed to reduce or eliminate that risk. 

Organizations that have achieved ISO 45001 certification will have improved processes for risk management. This will result in fewer accidents, injuries, and fatalities in the workplace.  

Interaction with the outside world 

The ISO 45001 standard contains a new requirement; the context of the organization (Clause 4) must be determined. The context of the organization refers to the issues that are relevant to the organization’s purpose. These issues can have a positive or negative impact on the intended results of your OH&S management system. 

Examples of issues include the legal, political or competitive environment, changes in this environment, suppliers, partners, new technologies and/or resources. Not only should the needs and expectations of workers be determined, but also the requirements of other interested parties such as clients, shareholders, suppliers, and people affected by the organization’s activities). Needs and expectations could become future legal requirements. 

Together with work related activities, products and services, the issues and requirements determine the scope of the OH&S management system. This scope must be documented. In practice, the ISO 45001 standard requires the organization to review its interaction with the outside world and the future. OHSAS 18001 focused more on the organization, its own site(s) people present there, and current legal requirements. 

Certification involves implementing the requirements outlined in the standard across all aspects of an organization’s operations. This includes identifying risks, training employees on safety protocols, and much more. Organizations must also have internal audits conducted periodically to ensure they remain compliant with the standard’s requirements over time. 

Legal Impact of Training Mismanagement

Worker's role 

While OHSAS 18001 focused in practice on the employees, contractors, and visitors at the workplace, ISO 45001 includes workers from external providers, contractors, agency workers, and others. This is to the extent the organization shares control over their work or work-related activities (Clause 3.3). 

Contractors, hired personnel, and even suppliers must be included in safety management as part of the scope. Top management is also included as workers.  

OHSAS 18001 required that employees only be informed about the organization’s safety policy, legal and other safety requirements, consequences, and their own role. ISO 45001 requires consultation and participation of non-managerial workers. Employers must take into account their needs and expectations. 

ISO 45001 specifies in detail where consultation and participation of workers is required: see clause 5.4. of the standard. 


OHSAS 18001 only covers negative risks. Risk in OHSAS 18001 is defined as the combination of probability and consequences of a hazardous event. ISO 45001 defines risk as the effect of uncertainty, which can be both positive and negative. 

That’s why ISO 45001 introduces the term occupational health and safety opportunity. This term includes circumstances that can lead to improvement of occupational health and safety performance. 

Find out more about how to drive safety performance with proper OHS reporting in our whitepaper: Speaking OH&S Truth to Power.  

Outside the scope 

ISO 45001, like OHSAS 18001, does not include product safety, property damage or environmental impact. These elements are beyond the risks to workers and other relevant interested parties. The focus in ISO 45001 remains on occupational risks and opportunities.  See clause 1 of the standard. 

The following are some new or considerably modified clauses in ISO 45001 compared to OHSAS 18001:  

Clause 4: The context of the organization 


Clause 4.1: Understanding the organization and its context 

Employers must identify all relevant internal and external issues. These issues influence the organization’s ability to achieve it’s intended performance of the OH&S management system. See Annex A.4.1 for a large list of examples. 

There are several methods to identify those, such as a SWOT analysis  (SWOT: Strengths, Weaknesses, Opportunities and Threats), or a PESTLE analysis (PESTLE: Political, Economic, Social, Technological, Legal, and Environmental), using e.g. workshops. 

Clause 4.2: Needs and expectations of workers and other interested parties 

The organization shall identify in addition to the workers, the other interested parties relevant to the organization’s OH&S management system. Interested parties can be defined as people or organizations that can affect, be affected by, or even perceive themselves to be affected by a decision or activity (Clause 3.2). Next, identify the needs and expectations of the workers and those parties. Additionally, existing or potential future legal requirements related to those needs and expectations need to be identified. This results in a set of requirements. 

 Clause 4.3: The scope of the OH&S management system 

The next thing required is documentation. This documentation should include products, services and work-related activities (operations) that can impact the organization’s OH&S performance. Based on the issues, requirements, and operations, the actual scope of the OH&S management system must be documented. The scope must be factual and representative of the organization. 

business documents on office table with smart phone and laptop computer and graph financial with social network diagram and three colleagues discussing data in the background

Clauses 5.1, 5.2 and 5.3: Leadership 

Senior management commitment to OH&S management is still more emphasized in the new ISO 45001 standard compared to the OHSAS 18001 standard. A list of senior-management duties can be found in clause 5.1. It is summarized as follows: 

  • Accept responsibility and accountability for providing safe and healthy workplaces and prevention of work-related injury and illness. 
  • Establish an OH&S policy (see Clause 5.2) and related OH&S objectives in line with the organization’s strategy and the standard’s requirements. 
  • Ensure the OH&S management system achieves its objectives. 
  • Promote continual improvement (PDCA cycle). 
  • Integrate the OH&S management system into the organization’s business processes. 
  • Make sure competent resources are available to develop and maintain the OH&S management system. Assign responsibility to help ensure the OH&S management system aligns with the standard, and to ensure its performance is reported to the top management (see Clause 5.3). 
  • Support managers in demonstrating leadership. 
  • Build an organizational culture that supports the OH&S policy and objectives. 
  • Protect workers from retaliation when reporting incidents and hazards. 
  • Communicate the importance of effective OH&S management to workers and other interested parties, as well as the importance of following OH&S management system requirements. 
  • Ensure processes for consultation and participation of workers, and functioning health and safety committees. 

Top management must be able to provide evidence these duties are fulfilled by showing documentation. 

Clause 5.4: Consultation and participation of workers 

A culture of open communication shall be created by top management and supported by middle and lower management. A combination of leadership training, new processes and tools, as well as the removal of barriers to participation will help people in the organization achieve an open and secure safety culture.  

This creates an environment where workers can express their views freely, and their input is appreciated. Timely and easily accessible clear information about the OH&S management system must be guaranteed. 

This clause sets out a separate list where consultation of employees and worker participation is required. Items where employees might have specific knowledge or experience, which directly affects others, requires their participation. Examples of such items include identifying hazards, investigating incidents, determining control measures, or determining training needs. 

The needs and expectations of interested parties, the OH&S policy, organizational roles, etc. (see Clause 5.4) also require consultation of non-managerial workers. 

Want to learn more about modified clauses and steps to become ISO 45001 certified? Read part two of this two-part series: How to Become ISO 45001 Certified 

Author Dina Adlouni

Dina is a Content Marketing Manager at EcoOnline. She has been a content writer for eight years and has been writing about health and safety for the past three years. 

Our related posts

| Health & Safety
Manufacturers managing their COSHH Controls

Despite economic turbulence in recent years, UK manufacturing is in a buoyant mood. Industry body Make UK’s latest...

| Health & Safety
4 Chemical/EHS legislation updates you need to know about

2023 is already shaping up to be a busy year for chemical and EHS legislation in Europe. Several initiatives stemming...

| Health & Safety
COP27 – Three Key Takeaways for Business

Commentators have offered mixed reactions now that the dust has settled on COP27. Where the Loss and Damage (L&D)...