OHSAS 18001 vs ISO 45001: The 2026 Migration Guide (18001 Is Gone)
OHSAS 18001 was withdrawn and superseded by ISO 45001:2018. Here is the difference, why people still search for 18001, and how to migrate.

If you searched for "OHSAS 18001" or "18001 standard" and landed here, let's clear up the single most important thing first: OHSAS 18001 no longer exists as a current standard. It was withdrawn. The standard you actually want is ISO 45001:2018.
Here's the thing — people keep searching for the old name. "ohsas 18001," "18001 iso," "bs 18001," "45001 ohsas." I get why. For over a decade OHSAS 18001 was the occupational health and safety management standard. EHS managers built their careers around it. It's printed on old certificates hanging in reception areas. It's referenced in contracts signed in 2015 that nobody has reopened since. So when someone needs a refresher, they type the name they remember — and they remember 18001.
But the name they remember has been retired since September 2021. If you're running an OHSAS 18001 program today, or you've been asked to "get 18001 certified," this guide is for you. Let's sort out what changed, why, and what you actually need to do.
The Short Version
OHSAS 18001:2007 was a specification for an occupational health and safety (OH&S) management system, published by the British Standards Institution and a group of partners — not by ISO. It was widely adopted globally, but it was never a full international ISO standard.
ISO 45001:2018 is the real ISO standard that replaced it. It was published in March 2018. Organizations holding OHSAS 18001 certificates were given a three-year window to migrate, and that window closed in September 2021. After that, OHSAS 18001 was formally withdrawn and certificates against it stopped being valid.
So the practical answer to "is OHSAS 18001 still valid?" is no. If you want a certifiable OH&S management system in 2026, it's ISO 45001:2018 or nothing.
The good news: if you ran a decent OHSAS 18001 system, you already have most of the foundation. The migration is real work, but it's a renovation, not a teardown.
What OHSAS 18001 Actually Was
OHSAS stands for Occupational Health and Safety Assessment Series. The 18001 specification first appeared in 1999, with a significant revision in 2007 (hence OHSAS 18001:2007, the version most people held).
It gave organizations a framework to identify workplace hazards, control risks, comply with legal requirements, and continually improve safety performance. It followed the classic Plan-Do-Check-Act cycle and shared a lot of DNA with the old ISO 14001 environmental standard, which made integration possible — just not seamless.
The catch was governance. OHSAS 18001 was published by BSI together with national standards bodies and certification organizations. It was not an ISO standard, so it didn't carry the same international weight, and it didn't share a common structure with the ISO standards most companies were already running. That structural mismatch is exactly what ISO 45001 set out to fix.
What ISO 45001 Changed
ISO 45001 isn't OHSAS 18001 with a new number. It's a genuinely different document built on a more modern model. Five changes matter most.
1. Annex SL high-level structure
This is the big one. ISO 45001 adopts Annex SL, the standardized 10-clause structure that ISO now uses across its management system standards. That means ISO 45001 has the same skeleton as ISO 9001:2015 for quality and ISO 14001:2026 for environment. Clause 4 is context, clause 5 is leadership, clause 6 is planning, and so on — identical across all three.
If you're running multiple management systems, this is a gift. You can bolt them together into one integrated system instead of maintaining three parallel ones with mismatched structures.
2. Risk-based thinking (and opportunities)
OHSAS 18001 was primarily about hazard identification and risk control — find the dangerous thing, control it. ISO 45001 broadens this into risk-based thinking applied across the whole management system, and it explicitly asks you to consider opportunities to improve OH&S performance, not just threats to avoid.
3. Leadership and management accountability
OHSAS 18001 talked about top management commitment, but lightly. ISO 45001 puts leadership front and center in clause 5. Top management must take accountability for the OH&S system, integrate it into business processes, and actively demonstrate involvement. "We delegated it to the safety officer" is no longer a defensible posture.
4. Worker participation and consultation
This is one of the most significant shifts. ISO 45001 requires genuine consultation and participation of workers at all levels — not just a committee that meets quarterly. Workers (and where they exist, their representatives) must be involved in hazard identification, incident investigation, and decisions about the system. Safety stops being something done to the workforce and becomes something done with it.
5. Context of the organization
ISO 45001 introduces clause 4: understand the context of your organization and the needs and expectations of interested parties. You map out internal and external issues that affect your OH&S outcomes (your workforce, contractors, regulators, supply chain, neighbors) and you build your system around that reality, not a generic template.
OHSAS 18001 vs ISO 45001: The Comparison Table
| Dimension | OHSAS 18001:2007 | ISO 45001:2018 |
|---|---|---|
| Publisher | BSI and partners (not ISO) | ISO (full international standard) |
| Structure | Older, OHSAS-specific layout | Annex SL high-level structure (10 clauses) |
| Scope focus | Hazard identification and risk control | Risk-based thinking, plus opportunities |
| Leadership | Top management commitment (light) | Leadership accountability central (clause 5) |
| Worker participation | Limited; mostly consultation | Mandatory consultation and participation at all levels |
| Context of organization | Not addressed | Required (clause 4: context and interested parties) |
| Integration | Possible but structurally different | Designed to integrate with ISO 9001, ISO 14001 |
| Status in 2026 | Withdrawn (certificates expired Sept 2021) | Current and certifiable |
The Migration Checklist
If you're moving an existing system over — or building a new one because you discovered your "18001 certificate" lapsed years ago — here's the path that actually works. Treat it as a project, not a paperwork exercise.
1. Run a gap analysis. Map your current OHSAS 18001 system (or whatever you have) against the ISO 45001 clauses. The gaps cluster predictably: context of the organization (clause 4), leadership (clause 5), worker participation, and the broader risk-and-opportunity approach (clause 6). Everything else you probably already do in some form.
2. Lock in leadership. Before anything else, get top management to formally own the system. They need to understand they're accountable, not just supportive. Schedule the management reviews, assign responsibilities, and make the policy theirs. This unblocks every later step.
3. Determine context and interested parties. Document the internal and external issues affecting your OH&S outcomes, and list your interested parties (workers, contractors, regulators, clients) with their relevant needs. Keep it real and specific to your operation — auditors can spot a copy-pasted template instantly.
4. Build the risk and opportunity process. Extend your existing hazard identification into a documented process that addresses OH&S risks, OH&S opportunities, and the risks and opportunities to the management system itself. Tie it to your legal and other requirements.
5. Set up genuine worker participation. Establish how workers are consulted and how they participate — hazard reporting, incident investigation, design of controls, and review of the system. Document the mechanism, then actually use it. This is where many migrations stall, because it requires cultural change, not just a procedure.
6. Update your documentation. ISO 45001 uses "documented information" rather than the old "documents and records" split. Re-map your manual, procedures, and records to the new clause structure. You don't need a fat quality manual — you need the documented information the standard specifically requires, and evidence that it's working.
7. Run an internal audit and management review against ISO 45001. Audit the new system against the actual ISO 45001 clauses, not the old OHSAS checklist. Feed the findings into a full management review. Fix the nonconformities before your certification body ever sees them.
8. Book the transition/certification audit. Engage an accredited certification body for a Stage 1 (documentation readiness) and Stage 2 (implementation) audit. If you're transitioning a live system, your body may handle it during a surveillance or recertification visit — but since the OHSAS migration window has long closed, most organizations now treat this as a standard ISO 45001 certification rather than a transition.
Certification Reality: Timelines and Who Needs It
Let's be honest about the calendar. The official OHSAS-to-ISO 45001 transition period was 2018 to September 2021. That ship has sailed. So if you're reading this in 2026, you're not "transitioning" in the official IAF sense — you're either maintaining an existing ISO 45001 certificate, or you're a new applicant who happens to have an old OHSAS system in the background.
For a reasonably mature organization, a fresh ISO 45001 certification typically takes somewhere in the range of three to six months from serious start to certificate, depending on your size, how good your existing system is, and certification body availability. The gap-to-audit work is the slow part; the audit itself is quick by comparison.
Who actually needs it? Nobody is legally required to hold ISO 45001 — it's a voluntary standard, not legislation. But "voluntary" is doing a lot of work in that sentence. In construction, manufacturing, logistics, energy, and oil and gas, ISO 45001 is routinely demanded in tenders and supply chain qualification. If your customers are asking for "18001," what they almost always mean is "show us you have a credible, certified OH&S system" — and today that means ISO 45001. Organizations that also run ISO 14001:2026 for environment and ISO 9001 for quality often add ISO 45001 to complete the trio and run all three as one integrated management system, which is far cheaper to audit and maintain than three separate ones. Some energy-intensive operations even stack ISO 50001 on top for energy management.
FAQ
Is OHSAS 18001 still valid? No. OHSAS 18001:2007 was officially withdrawn and replaced by ISO 45001:2018. The migration period for existing certificates ended in September 2021, so no OHSAS 18001 certificates remain valid today. If you need an occupational health and safety management standard, ISO 45001:2018 is the one to use.
What is the difference between OHSAS 18001 and ISO 45001? ISO 45001 uses the modern Annex SL high-level structure shared with ISO 9001 and ISO 14001, adds a strong focus on leadership and worker participation, requires you to understand the context of your organization, and shifts from hazard control toward risk-based thinking that also considers opportunities. OHSAS 18001 was a BSI-published document with an older structure and lighter leadership requirements.
When did ISO 45001 replace OHSAS 18001? ISO 45001 was published in March 2018. Organizations holding OHSAS 18001 certificates were given a three-year migration window, which ended in September 2021. After that date OHSAS 18001 was fully withdrawn.
Do I need to re-certify from scratch to get ISO 45001? Not necessarily. If you already had a working OHSAS 18001 system you can migrate it rather than rebuild it, but the migration is a real project. You need a gap analysis, new clauses such as context and worker participation, updated documentation, and a transition audit by an accredited certification body.
Is ISO 45001 mandatory? ISO 45001 is a voluntary standard, not a law. However, many clients, tenders, and supply chains require it, and it helps demonstrate that you meet your legal occupational health and safety duties. In practice it is often effectively mandatory if you want to win certain contracts.
Can I integrate ISO 45001 with ISO 9001 and ISO 14001? Yes, and this is one of the main reasons ISO 45001 exists. Because all three standards share the Annex SL structure, you can run a single integrated management system covering quality, environment, and health and safety with shared policies, audits, and management reviews.
The Bottom Line
OHSAS 18001 did its job for two decades, and then ISO retired it for something better aligned with how modern organizations actually manage risk. If you remember 18001, you remember a real standard — it's just not the current one anymore.
The move to ISO 45001 isn't cosmetic. The leadership accountability, worker participation, and context requirements change how the system runs day to day, not just what's in the binder. But if you already had a functioning OHSAS program, you're renovating, not starting over. Run the gap analysis, get leadership genuinely on the hook, bring your workers into the process, and book an accredited audit.
And if someone hands you a contract demanding "OHSAS 18001 certification" in 2026? Gently let them know the standard moved on five years ago — and that what they actually want is ISO 45001:2018.
References
- ISO 45001:2018 — Occupational health and safety management systems — International Organization for Standardization
- ISO 45001 introduction and overview — ISO
- Migrating to ISO 45001 — guidance — ISO publication
- The IAF and ISO 45001 transition planning guidance — International Accreditation Forum
- ISO 9001:2015 — Quality management systems — ISO
Related Topics
Related Standards
Related Articles
How Midea Conquered Europe: A Compliance Playbook from CE Marking to the R290 Switch
Midea's success in Europe rests on systematic EU compliance — from CE marking and ErP energy efficiency to the R290 natural-refrigerant pivot driven by the F-Gas Regulation. Here's the regulatory framework, the key standards, and the compliance practices behind it.
CBAM Compliance Guide: The EU Carbon Border Tax in 2026
CBAM is the EU's carbon border tax. As of 2026 it moves from reporting to a definitive regime with certificates. Here's who must comply and how to report.
cGMP Compliance Guide: FDA Current Good Manufacturing Practice in 2026
What cGMP means, the FDA regulations behind it (21 CFR 210/211/117/820), and a practical readiness checklist. Your cGMP guidelines FDA explainer.
China Compulsory Certification (CCC Mark): The Complete Guide for 2026
What the CCC mark is, which products need China Compulsory Certification, the step-by-step process, costs, timelines, and how CCC differs from CE and FCC.