ISO 45001:2018
Occupational health and safety management systems — Requirements
Standard Introduction
ISO 45001:2018 is the world's first international standard for occupational health and safety (OH&S) management systems, published in March 2018 to replace OHSAS 18001:2007. Developed by ISO with input from 70+ countries, ISO 45001 provides a framework for organizations to proactively improve OH&S performance, prevent work-related injury and ill health, and provide safe and healthy workplaces. The standard follows the ISO High Level Structure (HLS), enabling seamless integration with ISO 9001 (quality) and ISO 14001 (environmental) management systems. ISO 45001 applies to any organization regardless of size, type, or industry, from small businesses to multinational corporations across manufacturing, construction, healthcare, and service sectors.
ISO 45001 introduces key concepts including 'context of the organization' requiring analysis of internal and external OH&S issues, enhanced 'leadership and worker participation' emphasizing top management commitment and worker consultation, and a strengthened 'risk-based approach' covering both risks and opportunities. The standard requires organizations to establish OH&S objectives, implement operational controls, prepare for emergencies, and monitor performance through audits and management reviews. Migration from OHSAS 18001 was required by March 2021. Certification involves Stage 1 (documentation review) and Stage 2 (implementation audit) assessments by accredited certification bodies. According to ISO Survey data, over 400,000 certificates have been issued worldwide. Implementation benefits include reduced workplace incidents (studies show 20-40% reduction), lower insurance premiums, improved regulatory compliance, enhanced employee morale, and competitive advantage in tenders requiring OH&S certification.
Worker Participation
Places strong emphasis on worker consultation and participation in all aspects of OH&S management — from hazard identification to policy development.
High-Level Structure
Uses the ISO Annex SL framework, making it easy to integrate with ISO 9001, ISO 14001, and other management system standards.
Hierarchy of Controls
Requires application of the hierarchy of controls: elimination, substitution, engineering controls, administrative controls, and PPE — in that order of preference.
list_alt Core Clauses (4-10)
- Context and interested parties (workers, regulators, unions)
- Leadership, worker participation, and OH&S policy
- Hazard identification and risk/opportunity assessment
- OH&S objectives and planning to achieve them
- Competence, awareness, and communication
- Operational planning and control
- Emergency preparedness and response
- Performance evaluation, internal audit, and management review
Who Needs to Comply?
Any organization seeking to improve worker safety, reduce workplace injuries, and demonstrate commitment to occupational health and safety. Especially relevant for construction, manufacturing, mining, oil & gas, and logistics.
Key Requirements
Hazard Identification & Risk Assessment
Proactively identify hazards arising from work activities, work environment, equipment, and human factors. Assess OH&S risks and determine controls using the hierarchy of controls.
Worker Consultation & Participation
Establish mechanisms for worker consultation on OH&S policy, objectives, and changes. Non-managerial workers must participate in hazard identification, incident investigation, and control determination.
Operational Controls
Establish processes to eliminate hazards and reduce OH&S risks. Manage change including new products, processes, and work conditions. Control outsourced and contractor activities.
Incident Investigation
Investigate incidents, near-misses, and nonconformities to identify root causes, determine corrective actions, and share lessons learned across the organization.
Implementation Roadmap
Prepare scope, leadership and objectives
Define the occupational health and safety management system scope across workers, contractors, workplaces, legal obligations, hazards, and operational activities. Confirm leadership accountability, interested parties, legal and contractual obligations, policy commitments, and measurable objectives before detailed control work begins.
Gap analysis and risk assessment
Assess current practices against ISO 45001 requirements and the organization's risk context. Review hazard identification, worker consultation, legal compliance, hierarchy of controls, incident investigation, and OH&S performance improvement, then prioritize gaps by compliance exposure, customer impact, operational risk, and audit readiness.
Implement processes, controls and records
Deploy or improve the required processes, operating controls, responsibilities, training, monitoring, documented information, and corrective-action workflows. Build evidence around hazard registers, legal registers, consultation records, risk assessments, incident reports, training records, inspections, and management reviews.
Audit, review and continually improve
Run internal audits, management reviews, performance monitoring, and corrective actions before the certification audit. Keep the system current after incidents, process changes, customer feedback, regulatory changes, or audit findings.
Compliance Checklist
checklist Scope and governance
checklist Operational controls and evidence
checklist Performance and improvement
Penalties & Enforcement
No direct legal penalties — ISO 45001 is voluntary. However, certification demonstrates due diligence which can reduce legal liability. Underlying OH&S laws carry their own penalties including criminal prosecution for serious safety failures.
Frequently Asked Questions
Who needs ISO 45001?
expand_more
ISO 45001 is relevant for organizations that need a disciplined occupational health and safety management system covering workers, contractors, workplaces, legal obligations, hazards, and operational activities. It is often adopted because customers, regulators, procurement teams, or market expectations require demonstrable controls and repeatable performance.
Is ISO 45001 certifiable or auditable?
expand_more
Yes, organizations can normally pursue a certification audit against ISO 45001 where certification or accreditation infrastructure exists. Even when certification is not the immediate goal, the standard can be used as an internal operating and assurance framework.
How long does implementation take?
expand_more
A focused implementation often takes several months, depending on scope, maturity, number of sites, process complexity, and evidence quality. Organizations with mature processes can move faster, while multi-site or regulated environments usually need more time.
What is the most important first step?
expand_more
Start with clear scope, leadership accountability, and an honest gap assessment. Without a stable scope and process ownership, teams usually create documents that do not match how work is actually performed.
What evidence do auditors expect?
expand_more
Auditors look for operating evidence, not just policy documents. Useful evidence includes hazard registers, legal registers, consultation records, risk assessments, incident reports, training records, inspections, and management reviews, plus proof that findings are reviewed and improved over time.
How often are internal audits needed?
expand_more
Internal audits should be performed at planned intervals based on risk, process importance, prior findings, and changes. Many organizations audit the full system annually and use targeted audits after incidents or major changes.
How does continual improvement work?
expand_more
Continual improvement uses performance data, audit findings, incidents, customer feedback, management review decisions, and corrective actions to strengthen the system. Improvement should be visible in objectives, controls, and measurable outcomes.
Can it be integrated with other standards?
expand_more
Yes. ISO 45001 can usually be integrated with other management-system standards by sharing governance, document control, internal audit, corrective action, risk management, and management review processes.
Official Documentation
ISO 45001:2018 Standard
PDF • ISO • Occupational Health and Safety Management Systems
ISO 45001 Resource Hub
External Link • iso.org • Implementation Guidance & Resources
OH&S Migration Guide
PDF • ISO • Migration from OHSAS 18001 to ISO 45001