H&S standards: changing of the guard19 December 2022

ISO 45001, occupational health and safety (OH&S), management is intended to help develop a framework to improve safety, reduce workplace risks and create safer working conditions. It has supplanted OHSAS 18001 since March 2021. By David Goodfellow, UK business assurance manager at global product testing and certification organisation TÜV SÜD

To survive in today’s competitive global marketplace, organisations must proactively manage all types of risk to the business, and operational health and safety is no exception. The consequences of poor OH&S management are far-reaching, resulting in loss of experienced people, extended absences, business interruption, legal action and rising insurance premiums. The physical and mental integrity of an organisation’s workers are therefore central to its reputation and commercial performance.

Furthermore, all organisations have both a moral and legal responsibility to ensure the health of their employees by providing them with a safe working environment. This includes either minimising their exposure to hazards or equipping them with the appropriate understanding and tools to mitigate risk. Developing a robust OH&S management system should therefore be viewed as an opportunity, rather than a financial and administrative inconvenience.

ISO 45001 is the first international standard to provide a comprehensive framework for management systems addressing OH&S issues. The standard sets out the requirements for an OH&S management system and includes an implementation guide. This enables organisations to proactively improve OH&S performance, as well as provide a safe and healthy working environment that prevents work-related injury and ill health. By providing a comprehensive management system targeted at mitigating negative effects of the physical, mental and cognitive condition of employees, contracted employees, leased personnel and visitors, ISO 45001 also assists an organisation to fulfil its legal requirements.

ISO 45001 is designed to place a proactive and preventative emphasis on risk control factors, by identifying and assessing the likelihood of hazards in the workplace. It can be implemented by any size of organisation in any industry, and can be integrated into other health and safety programmes. ISO 45001 certification formalises and documents a comprehensive and effectively implemented system, to prove that an organisation has taken appropriate measures to mitigate hazardous situations.

ISO 45001 uses the ‘high level structure’ (HLS), so that it has a common framework with other management systems, such as ISO 9001 and ISO 14001, and can be integrated with other management systems already in operation. This makes it easier for organisations to pool their certifications within an integrated management system, delivering significant cost savings as it improves application, simplifies implementation and eliminates duplication (see box).

ISO 45001 requires the organisation to identify the external and internal issues that will have an impact on the intended outcomes of the OH&S management system. This includes understanding the needs and expectations of both workers and other interested parties. The term ‘workers’ means personnel performing work or work-related activities that are under the control of the organisation – not just employees. At this stage, the scope of the OH&S management system must be agreed so that its boundaries are clear in terms of how far the system will apply, for example if it is part of a larger parent organisation.


The leadership and worker participation clause relates to the involvement of top management and how they must demonstrate leadership and commitment to the organisation’s OH&S management system. A key requirement for an organisation is to establish, implement and maintain an OH&S policy. The consultation and participation of workers is also required.

The first part of the planning clause covers action that should be taken to identify and address hazards, risks and opportunities. The second part looks more specifically at how planning should be implemented to accomplish OH&S objectives. Action must be planned to address risks and opportunities, legal and other requirements, as well as preparation and response to emergency situations.

The OH&S plan must be actioned by a competent people who is supported by the appropriate level of resource. There is also a requirement to retain evidence of workers’ competence in terms of how it could impact OH&S performance, while ensuring appropriate education and training, as well as raising awareness about OH&S issues. A communication process must make workers aware of the OH&S policy and the hazards, alongside risks that relate to them. It must also have a process for communicating information relevant to the OH&S management system, both internally and externally. Documented evidence of these practices is also required.

The ‘operation’ clause covers how plans and processes outlined in the other clauses should be executed. This includes processes that eliminate hazards and reduce OH&S risks using the standard’s ‘hierarchy of controls’ (pictured at left). This clause also includes managing change, procurement processes and preparedness for responding to emergency situations. Procurement activities must cover the control of contractors, as well as outsourced processes and activities.

To give an indication of how the OH&S management system is performing, organisations must ascertain what must be measured and monitored, by whom and with what frequency. Documented evidence must be retained, and top management is responsible for reviewing the organisation’s OH&S management system. Also, the organisation must identify opportunities for improvement. Emphasis is given to the reporting and investigating of incidents, accidents and nonconformities. ISO 45001 also contains detailed corrective action requirements. This includes taking action to correct incidents or nonconformities and determining whether similar incidents or nonconformities have the potential to occur elsewhere in the organisation.

ISO 45001 VS OHSAS 18001

Although ISO 45001 is a completely new standard, its foundations already exist within OHSAS 18001. Nevertheless, there are some fundamental differences. While OHSAS 18001 focused on managing internal issues and OH&S hazards, ISO 45001 is based on the interaction between the organisation and its external business environment. Furthermore, ISO 45001 includes the consideration of opportunities, as opposed to the purely risk-based thinking of OHSAS 18001. On an overall level, the perception of OH&S has shifted from procedure-based to process-based thinking, thereby recognising workplace safety as a prerequisite for the long-term success of any organisation.

The success of an OH&S management system largely relies on the commitment of the organisation’s top management. Before a certification audit can take place, the organisation must have implemented and documented the effectiveness of the management system and compliance to the standard requirements. When the management system has matured sufficiently and its effect can be thoroughly proven, the certification process can begin.

BOX: Plan-do-check-act

The PDCA cycle is outlined in ISO 45001 and will help organisations to continually improve performance, as it can be applied to individual processes and to the OH&S management system as a whole. It is described below.


  • Determine and assess OH&S risks and opportunities, alongside other risks and opportunities
  • Establish OH&S objectives and processes that support the organisation’s OH&S policy
  • Do

  • Implement the relevant OH&S processes as planned
  • Eliminate hazards and reduce OH&S risks
  • Prepare for and respond to potential emergency situations
  • Check

  • Monitor and measure activities and processes against the OH&S policy and report the results
  • Evaluate compliance
  • Review the organisation’s OH&S management system
  • Act

  • Take actions to continually improve the OH&S performance to achieve the intended outcomes
  • Report, investigate and take action to determine and manage incidents and nonconformities
  • David Goodfellow

    Related Companies
    TUV SUD Ltd

    This material is protected by MA Business copyright
    See Terms and Conditions.
    One-off usage is permitted but bulk copying is not.
    For multiple copies contact the sales team.