ISO 45001 certification: is it right for your organisation?

Manager Worker Looking At Tablet
Back to all
Guide

By Laura Fitzgerald

June 25, 2026

Summary

ISO 45001 certification validates that an organisation’s health and safety management system meets international standards. It is issued by accredited third-party bodies, lasts three years, and is increasingly required by clients in high-risk sectors.

This guide covers whether certification is right for your organisation, the most common challenges, and the factors that determine success – told by safety professionals who have been through it before. 

Introduction

ISO 45001:2018 is the international standard for occupational health and safety (OHS) management systems. Since its publication in 2018, it has become the global benchmark for organisations that want to protect their people while meeting regulatory and commercial expectations.

ISO 45001 certification is a long process, requiring a significant time and admin investment. How do you know if it is the right move for your organisation? This guide will help to lay out the process for you, drawing from the experiences of other professionals in their certification journeys.

What is ISO 45001 certification? 

ISO 45001 certification is validation that an organisation has implemented the standard properly and that their safety management system is fully compliant.

While ISO 45001 is published by the International Organization for Standardization (ISO), it does not itself offer certification. Certification is usually provided by accredited 3rd party bodies.

The story so far (and why it still matters) 

Based on OHSAS 18001, ISO 45001 follows the same high-level framework as other ISO standards, including ISO 9001 and ISO 14001. That alignment makes it easier to integrate health and safety into existing management systems, rather than treating it as a separate compliance exercise.

The standard continues to evolve. Since it was first published in 2018, ISO 45001 has been expanded to include: 

  • ISO/ PAS 45005: 2020 – General guidelines for safe working during the COVID-19 pandemic
  • ISO 45003: 2021 – Psychological health and safety at work
  • ISO 45002: 2023 – General guidelines for the implementation of ISO 45001, with a focus on small to medium sized businesses
  • ISO 45006: 2023 – Guidelines for organisations on preventing, controlling and managing infectious diseases
  • ISO 45004: 2024 – Guidelines on performance evaluation
  • ISO/ DIS 45001 – revision currently under development, expected in 2027

The most recent ISO Survey in 2024 shows that 542,527 ISO 45001 certificates have been awarded worldwide, across 941,546 sites. Construction remains the most certified sector globally, reflecting both the level of risk and increasing expectations from clients and regulators. 

OHSAS 18001 was withdrawn in 2021. Organisations that did not migrate lost their certification. For those without any existing OHS standard, ISO 45001 can still feel like a significant undertaking.

To ground this guide in reality, we spoke with three safety leaders who have been through various ISO certification themselves:

Sarah Roper

Health, Safety & Environment Manager, ELG Utica Alloys. ELG Utica Alloys gained ISO 14001 and OHSAS 18001 under Sarah’s watch.

Declan McLogan

Director of SHEQ, McAleer & Rushe. McAleer & Rushe were one of the first wave of companies to gain ISO 45001.

Graham Wall

Quality Systems Manager at a global specialist coatings manufacturer.

Their experiences sit at the heart of this guide.

Do you need ISO certification? 

ISO 45001 certification is not mandatory. Some organisations are choosing to implement the standard themselves without undergoing the certification process.

However, for many organisations certification quickly becomes necessary.

You are more likely to need certification if you operate in a high-risk industry, work within regulated supply chains, or are asked by customers to demonstrate a certified safety management system as part of tendering.

Here are 3 common drivers for certification:

Driver 1: Knowing you are safer

Reducing harm is the most obvious reason to adopt ISO 45001. While safety outcomes are difficult to measure in isolation, studies of OHSAS 18001 – the direct predecessor to ISO 45001 – consistently show improved safety performance among certified organisations.

For Graham Wall, the decision was driven by a stark realisation:

“Our MD knew another MD who had a fatality on site. It opened his eyes to what could occur here. As a result, he raised the idea for OHSAS 18001.”

Beyond accident reduction, certification provides confidence.

“The big plus for us is knowing we are legally compliant. OHSAS 18001 helped us to demonstrate this – for ourselves, as well as for our auditors.”

Sarah Roper saw the same need for certainty following acquisition:

“We had pretty low accident rates already, and the workforce had been with us for some time. However, when the sites were taken over by ELG Utica they needed certainty that we were compliant with health and safety, and environmental legislation. Working towards OHSAS 18001 and 14001 was a way of achieving that certainty.”

A joint working paper from Harvard Business School and Duke University in 2021 found that safety accreditation (in this case OHSAS 18001) did lead to safer workplaces.

The paper also acknowledged that “ISO 45001, as the direct successor to OHSAS 18001, will ‘also prove effective in distinguishing safer workplaces’.”

Driver 2: Sales, reputation, and productivity

Certification also supports commercial outcomes. Research links accredited safety systems with improved productivity, reduced downtime, and increased customer confidence.

For Declan McLogan, reputation and the ability to attract clients played a role:

“We already had the safety benefits of certification to OHSAS 18001. When 45001 was published, it was easy to see we were pretty much there already.

There was no reason not to go for 45001, when if we were quick off the mark we could be amongst the first.”

For other businesses, certification is a requirement that comes first from clients. BMW’s standard terms and conditions for suppliers of automotive components includes the requirement that sellers must be able to prove that they have “a certified occupational health and safety management system in accordance with OHSAS 18001 or ISO 45001.”

Graham sees customer expectations first-hand:

“I complete questionnaires on a regular basis which ask if we have 18001 (or 45001- which we are aiming for in May 2019). It increases customer confidence when we can show up-to-date evidence.”

Driver 3: Starting from the right place

Organisations that succeed tend to build on what they already do well.

Declan highlights the role of worker involvement:

“When we looked at the differences between 18001 and 45001, one that was highlighted was worker involvement. We have a really collaborative culture here, and we’d been using software for accident and incident reporting for a couple of years.

Along with our risk assessments, which document which staff have been consulted during their preparation, this meant we already had the evidence to show worker involvement.”

Sarah took a structured approach:

“I started by reviewing everything we had in place at ELG Utica Alloys and comparing it with the standards. By identifying the gaps, I could prioritise what needed to be done.”

So, with motivation to get accreditation, how do you get the project going?

Top 5 ISO implementation challenges 

According to an analysis by Professor Olivier Boiral of the University of Laval, implementation pitfalls fall into 5 main categories:

A graph showing the top 5 pitfalls identified by Boiral

Challenge 1: Inappropriate or excessive documentation

Too much paperwork quickly undermines engagement. It’s often seen as a necessary evil, rather than a way to safeguard good practice.

Sarah focused on consolidation:

“By getting documents from all sites onto the same system, we could identify the gaps and overlaps and see where documents could be shared.”

Declan reinforced the need to reduce duplication:

“We constantly ask project managers and site managers if it’s possible to remove duplication. Having streamlined procedures for reporting through an app helps with that.”

 For Graham, technology was a key part of avoiding this pitfall “Having all the risk assessments online and being able to clone existing risk assessments to produce new tailored risk assessments, while maintaining control over versions has been a great benefit.”

Challenge 2: Lack of follow-up and system continuity

Systems that only come alive at audit time rarely deliver value. If implementation is too superficial or too fast, businesses that were compliant during certification may not remain so afterwards. Audits should be regular to sustain momentum and capitalise on engagement.

Sarah explains how regular audits became routine:

“Regular, quick audits keep us compliant all year around and allow any issues to be identified early and nipped in the bud.” “I’m not worried when a client or our external auditor is coming into audit – it’s business as usual for our staff.”

Challenge 3: Chasing certification for the wrong reasons

The search for certification must go beyond marketing for prospective clients. Boiral refers to organisations that: “were tempted to pay lip service to the rhetoric of ISO certification without really trying to improve or question their internal practices.” Certification alone does not improve safety.

Declan is clear:

“Don’t jump into it for the sake of having it – we were ready, but if you’re not ready it’s a lot of work.”

Challenge 4: Insufficient resources

According to Boiral, a lack of “human, financial and temporal resources” can lead to cursory completion and employee resistance. 

For Declan resources were never a problem.

“Leadership commitment means I get resources when I need them. The MD and the leadership team have been behind us from the start, and provided the budget for the software, and for the audit process.”

Sarah involved the workforce early:

“As everyone could access the software for producing and reviewing risk assessments, procedures and so on, everyone could be involved, with the system chasing actions.”

If resources are an issue, a longer timescale for implementation is recommended.

Challenge 5: Externalising ownership

Systems fail when ownership sits outside the organisation. Leaving the certification process to external consultants can sometimes lead to management systems that seem to tick all the boxes but are not adapted to the organisations unique needs.

A dedicated EHS software or tool can give businesses the power to keep their certification process in-house.

Graham reflects:

“Having a software solution meant we could do smaller, more frequent audits, to get better insights on which to build the system.”

Top 5 ISO 45001 implementation success factors

Boiral identified the following 5 success factors:

A graph showing the top 5 success factors identified by Boiral

Success factor 1: Showing leadership commitment

Sarah never lacked support:

“I always had support from the directors. They left me to get on with the job, but if there were any challenges in the organisation, they’d back me up.”

Some organisations drum up involvement by encouraging ‘management by walking about’ (MBWA). For this to be effective, management must know the right questions to ask and dedicate enough time to get the right answer. This shows clear leadership commitment to the certification process and acknowledges the importance of employee engagement. 

A quick perusal will not be enough!

Success factor 2: Explaining the purpose clearly

It’s important that employees understand the purpose and benefits of the certification process. 

Boiral states that: “You have to sell the idea that ISO will improve their work and that they will benefit from it. It has to be presented as an improvement process and not as a punishment.”

Graham reflects on communication:

“Communication was something we had to work at. The management walk rounds helped. We then pulled employees into H&S meetings.”  

Success factor 3: Mobilising employees

It’s vital that employees are provided with training and that they are involved in ISO implementation. Sarah was pleased with the enthusiastic buy-in from most of the staff involved.

“The staff were brilliant! They could see the commitment and involvement from managers and supervisors and knew that things were going to change.

We needed their knowledge of how things were done to do suitable and sufficient risk assessments, and to produce operating procedures.”

Declan highlights the impact of hazard reporting:

“With the app, everyone can get involved in identifying and fixing hazards, and we have the data to identify trends and to make visible improvements to safety.”

Success factor 4: Adapting the standard to fit the organisation

The standard should be adapted to the organisation, not the other way round. This reduces the possibility of the ISO system becoming a purely academic or administrative exercise, totally removed from the day-to-day reality. See if your existing policies and procedures can be repurposed.

Sarah explains that having all documentation in one place made this easier

“When I started, I couldn’t access the policies from one site and another site only a few miles away. Now I can access the UK policies even when I’m at a site in South Africa!”

Success factor 5: Aligning with core goals

For all our contributors, preventing harm to employees and anyone else affected by their work is one of their fundamental goals.

For Graham, building an accredited OHS management system, supported by a software solution has led to tangible results:

“Manual handling risk has been reduced; we now have better segregation between pedestrians and traffic.”

Declan explains how ISO 45001 has been good match for another priority in McAleer & Rushe.

“ISO 45001 places more emphasis on worker participation, and that’s always been part of the way we do things here.”

Case Study: McAleer & Rushe

Find out how McAleer & Rushe increased employee safety engagement with the help of EcoOnline’s easy reporting.

Always improving – going beyond maintenance 

ISO 45001 is designed to drive continual improvement.

Declan encourages organisations to view auditors not as “someone to hoodwink”, but as:

“An extra pair of eyes to identify opportunities for improvement, and to avoid complacency inhouse.”

Sarah agrees:

“I wanted to know how we could improve, and our current auditor pushes us more, to get real benefits.”

Graham believes the standard will outlive the major organisational changes his business is going through. “We have been taken over in March this year (2019) by a very large American paint manufacturing company. Health and safety was a high priority for them, and one of the first things they wanted to check with us. We can pull off KPIs on accidents and incidents, as well as data on audits, risk assessments and training very easily from the system.

They relaxed as soon as they saw what we were able to do.”

For all three contributors, the greatest value comes after certification – using the system to learn, adapt, and protect people as work changes.

Using software to ease your ISO 45001 journey

If you’ve decided that pursuing ISO 45001 certification is for you, the good news is that you don’t need to go it alone.

As the 3 safety professionals in this guide have shown, having all of your safety data in one central location is an enormous benefit when it comes to the certification process.

EcoOnline’s EHS software reduces reliance on slow, manual processes while ensuring your workers have all the safety information they need to hand. Having easy access to all of your risk assessments, audit records, detailed incident investigation reports and other documentation supports you efforts to establish a strong safety management system.

Want to see how the system works? Check out our quick video below:

Calendar Icon

Glossary of ISO standards and their descriptions

Standard name Description

ISO 45001

Occupational Health & Safety Management Systems

First published in 2018. Provides an internationally agreed standard for occupational health and safety management systems, with the same high-level structure as other aligned standards.

ISO 45002

Occupational Health & Safety Management Systems

First published in 2023. It provides guidance for small to medium size businesses on how to implement ISO 45001.

ISO 45003 

Psychological health and safety at work

First published in 2021. Provides guidelines for managing psychosocial risk in systems based on ISO 45001.

ISO 45004

Occupational Health & Safety Management Systems

Guidelines on performance evaluation.

ISO/ PAS 45005

Occupational Health & Safety Management Systems

General guidelines for safe working during the COVID-19 pandemic.

ISO 45006

Occupational Health & Safety Management Systems

Guidelines for organisations on preventing, controlling and managing infectious diseases.

OHSAS 18001

Occupational Health & Safety Assessment Series

First published in 1999. Developed by representatives from certification bodies in 15 countries across three continents and has been applied internationally. Withdrawn in 2021.

ISO 9001

Quality Management Systems

First published in 1979 as BS 5750. Through the next 30 years the standard evolved through ISO 9000 to ISO 9001. Last revised in 2015.

ISO 14001

Environmental Management Systems

First published in 1996. The most recent version was published in 2015, with an increased focus on leadership and communication.

Frequently asked questions

How do I get ISO 45001 certified?

Organisations are usually certified by an accredited 3rd party certification body. The International Organization for Standardization does not provide ISO 45001 certification itself.
 
3rd party certification bodies can include the likes of the British Safety Institute (BSI) in the UK and the National Standards Authority of Ireland (NSAI).
 
The 3rd party certification process typically includes:
 
1. Application to certification body of choice
2. Detailed gap analysis
3. Preliminary assessment – stage 1
4. Registration assessment – stage 2
5. Surveillance and reassessment
 
The above may differ depending on the 3rd party certification body that you choose. For more information on the internal steps you can take on the lead up to certification, see our blog: How to become ISO 45001 certified.

You can also download a free ISO 45001 audit checklist from our health and safety compliance toolkit.

How long is ISO 45001 certification valid for?

ISO 45001 certification is valid for 3 years. Remember that certification can be revoked if it is found that an organisation has failed to maintain compliance with the standard. Many 3rd party certification bodies conduct surveillance in the years following an ISO 45001 certification being issued.
 
When it comes to recertification, it is advisable for organisations to begin the reassessment process in good time, to ensure continual compliance and avoid delays.

What is the difference between ISO 45001 and OHSAS 18001?

ISO 45001 replaced OHSAS 18001 as the international standard for occupational health and safety management systems. The core purpose is the same, but ISO 45001 introduced a stronger emphasis on worker participation, leadership commitment, and the integration of OHS into broader organisational strategy.

How much does ISO 45001 certification cost?

The cost of ISO 45001 certification varies depending on the size and complexity of your organisation, your chosen certification body, and how much preparatory work is required. For an accurate estimate, contact an accredited certification body directly.

What are the benefits of software for ISO 45001 certification?

Using software for health and safety management can have enormous benefits for your ISO 45001 certification journey. EHS software can reduce your reliance on slow, ineffective manual processes and aid you in encouraging (and maintaining) active employee safety engagement.

Need a little more convincing? Check out our demo video library and ROI calculator.