EcoOnline Blog | Stay One Step Ahead with EcoOnline’s EHS Blog for Safety Professionals

What you need to know about ISO 45001

Written by Dina Adlouni | 04. December 2023

Join us in this two-part blog series all about ISO 45001. In part one, you will learn what is ISO 45001, as well as how it differs from OHSAS 18001. In part two, dive into how to become ISO 45001 certified. Let’s get started with part 1 below!  

Do you know the costs of work-related diseases and accidents in your organisation? According to the International Labor Organisation (ILO), over 7,600 people die each day from work-related accidents or diseases. This adds up to over 2.78 million every year! The human cost is vast, with the economic burden of poor occupational health and safety practices estimated at 3.94 per cent of global Gross Domestic Product each year. 

So, what is ISO 45001? ISO 45001 is an international standard that can help you reduce the number of accidents in your organisation. It provides a proven framework to implement effective Occupational Health and Safety (OH&S) management systems. Organisations demonstrate their commitment to protecting the health and safety of employees by implementing this standard. As an added bonus, this will also help to improve your business processes (and who wouldn’t want to be more efficient!).    

The bottom line: Implementing the ISO 45001 framework could help you protect your people and your business. 

And this is how to do it.   

Learn About and Understand the Standard: What is ISO 45001? 

Let’s start at the very beginning. If you want to manage health and safety well, you need to start with a systematic framework. The ISO 45001 Standard is an ISO international standard providing this framework.  

ISO 45001 helps any type of organisation prevent work-related deaths, injuries, and illnesses which is every health and safety professional’s top priority. It also helps organisations stay compliant with legal requirements, systematically improve safety performance, and reach set OH&S objectives.  

Although an external audit of your safety management system isn’t mandatory, it’s the only way to ensure certification. Alternatively, you can choose Self-Declaration of Conformance, to avoid the associated costs of certification. But it’s important to note, business partners may require or prefer suppliers and contractors who hold an ISO 45001 compliant OH&S certificate.  

The main objective of ISO 45001 is to ensure organisations can provide a safe and healthy working environment for their employees. The standard covers areas such as risk assessment, training, emergency preparedness, monitoring and measurement, and more!  

It provides guidance on how to design and implement effective OH&S management which aligns with applicable laws and regulations. To gain certification, organisations must demonstrate compliance with all the requirements outlined in the standard.   

The standard uses the same high-level structure as the quality management standard ISO 9001:2015 and the environmental standard ISO 14001:2015, as defined in Annex L, formerly known as Annex SL. The high-level structure starts with three introductory information clauses. These clauses are followed by seven clauses based on the Plan – Do – Check – Act cycle as seen below. The PDCA cycle ensures continual improvement of the management system. 

Introductory Information
Plan Do Check Act

Clause 1: Scope

Clause 4: Context of the organisation

Clause 7: Support

Clause 9: Performance Evaluation

Clause 10: Improvement

Clause 2: References (to associated guidelines)

Clause 5: Leadership and worker participation

Clause 8: Operation

   

Clause 3: Terms and definitions

Clause 6: Planning

   

 

 

 

How does the new ISO 45001 differ from OHSAS 18001? 

You might be wondering how ISO 45001 is different from OHSAS 18001. ISO 45001 focuses on processes, the organisation as a whole, and different stakeholders. It also emphasises both risks and opportunities, while OHSAS 18001 is procedure-based, does not consider interested parties outside the organisation, and deals exclusively with risk. OHSAS 18001 was also retired in 2021, so most organisations follow ISO 45001 regulations.  

ISO 45001 requires organisations to identify the potential hazards in the workplace and then develop strategies to mitigate those risks. This includes assessing the risk level associated with each hazard. Additionally, procedures must be developed to reduce or eliminate that risk.  

Organisations that have achieved ISO 45001 certification will have improved processes for risk management. This will result in fewer accidents, injuries, and fatalities in the workplace.   

Interaction with the Outside World 

Clause 4 of the ISO 45001 standard contains a requirement related to the context of the organisation. The context of the organisation refers to the elements that are relevant to the organisation’s purpose. These elements can either positively or negatively impact the intended results of your OH&S management system.  

Examples of these elements include the legal, political or competitive environment, changes in this environment, suppliers, partners, new technologies and/or resources. Not only should the needs and expectations of workers be determined, but also the requirements of other interested parties such as clients, shareholders, suppliers, and people affected by the organisation’s activities.  

Certification involves implementing the requirements outlined in the standard across all aspects of an organisation’s operations.  

This includes:  

✔ identifying risks 

✔ training employees on safety protocols 

✔ and much more.  

Internal audits must be conducted periodically to ensure the organisation remains compliant with the standard’s requirements over time.  

 

What's the Worker's Role 

The definition of workers in OHSAS 18001 and ISO 45001 also differ. While OHSAS 18001 focused in practice on the employees, contractors, and visitors at the workplace, ISO 45001 includes workers from external providers, contractors, agency workers, and others. This is the extent the organisation shares control over their work or work-related activities (Clause 3.3).  

Contractors, hired personnel, and even suppliers must be included in safety management as part of the scope. Top management is also defined as workers in the standard.   

OHSAS 18001 required that employees only be informed about the organisation’s safety policy, legal and other safety requirements, consequences, and their own role. ISO 45001 requires consultation and participation of non-managerial workers. Employers must consider their needs and expectations as well.  

ISO 45001 specifies in detail where consultation and participation of workers is required: see clause 5.4. of the standard. 

 


What Opportunities Exist?
 

OHSAS 18001 only covers negative risks. Risk in OHSAS 18001 is defined as the combination of probability and consequences of a hazardous event. On the other hand, ISO 45001 defines risk as the effect of uncertainty, which can be both positive and negative.  

That’s why ISO 45001 introduces the term occupational health and safety opportunity. This term includes circumstances that can lead to improvement of occupational health and safety performance.  


Outside the Scope
 

ISO 45001, like OHSAS 18001, doesnt include product safety, property damage or environmental impact. These elements are beyond the risks to workers and other relevant interested parties. The focus of ISO 45001 remains on occupational risks and opportunities. (See clause 1 of the standard.)  

The following are some new or considerably modified clauses in ISO 45001 compared to OHSAS 18001:  

Clause 4: The context of the organisation 

 

Clause 4.1: Understanding the organisation and its context 

Employers must identify all relevant internal and external issues. These issues influence the organisation’s ability to achieve its intended performance of the OH&S management system. See Annex A.4.1 for a large list of examples.  

Clause 4.2: Needs and expectations of workers and other interested parties 

The organisation shall identify in addition to workers, the other interested parties relevant to the organisation’s OH&S management system. Interested parties can be defined as people or organisations that can affect, be affected by, or even perceive themselves to be affected by a decision or activity (Clause 3.2).  

Next, identify the needs and expectations of the workers and those parties. Additionally, existing or potential future legal requirements related to those needs and expectations need to be identified. This results in a set of requirements.  

Clause 4.3: The scope of the OH&S management system 

The next thing required is documentation. This documentation should include products, services and work-related activities (operations) that can impact the organisation’s OH&S performance. Based on the issues, requirements, and operations, the actual scope of the OH&S management system must be documented. The scope must be factual and representative of the organisation 


Clauses 5.1, 5.2 and 5.3: Leadership
 

Senior leadership commitment to OH&S management is still more emphasised in the new ISO 45001 standard compared to the OHSAS 18001 standard. A list of senior leadership duties can be found in clause 5.1.  

It is summarised as follows:  

  • Accept responsibility and accountability for providing safe and healthy workplaces and prevention of work-related injury and illness.  
  • Establish an OH&S policy (see Clause 5.2) and related OH&S objectives in line with the organisation’s strategy and the standard’s requirements.
  • Ensure the OH&S management system achieves its objectives 
  • Promote continual improvement (PDCA cycle) 
  • Integrate the OH&S management system into the organisation’s business processes.  
  • Make sure competent resources are available to develop and maintain the OH&S management system. Assign responsibility to help ensure the OH&S management system aligns with the standard, and to ensure its performance is reported to the top management (see Clause 5.3).  
  • Support managers in demonstrating leadership.  
  • Build an organisational culture that supports the OH&S policy and objectives.  
  • Protect workers from retaliation when reporting incidents and hazards.  
  • Communicate the importance of effective OH&S management to workers and other interested parties, as well as the importance of following OH&S management system requirements.  
  • Ensure processes for consultation and participation of workers, as well as functioning health and safety committees.  

Top management must be able to provide evidence these duties are fulfilled by showing documentation.  

Clause 5.4: Consultation and participation of workers 

A culture of open communication should be created by top management and supported by middle and lower management. A combination of leadership training, new processes and tools, as well as the removal of barriers to participation will help people in the organisation achieve an open and secure safety culture 

This creates an environment where workers can express their views freely, and their input is appreciated. Timely and easily accessible clear information about the OH&S management system must be guaranteed.  

This clause sets out a separate list where consultation of employees and worker participation is required. Items where employees might have specific knowledge or experience, which directly affects others, requires their participation. Examples of such items include identifying hazards, investigating incidents, determining control measures, or determining training needs.  

The needs and expectations of interested parties, the OH&S policy, organisational roles, etc. (see Clause 5.4) also require consultation of non-managerial workers.