HSE Professionals

ISO 45001:2018
Download HSE Docs hseprof.com
OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE
50,000
CERTIFICATES
GLOBALLY
TRANSPARENT 90
> ISO 45001:2018

OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE
2 *UK and ISO

Ireland
45001:2018
only OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE
Contents
Introduction to the standard P04
Benefits of implementation P06
PDCA cycle P07
Risk based thinking / audits P08
Annex SL P09
SECTION 1: Scope P10
SECTION 2: Normative references P11
SECTION 3: Terms of definition P12
SECTION 4: Context of organization P14
SECTION 5: Leadership P16
SECTION 6: Planning P18
SECTION 7: Support P20
SECTION 8: Operation P22
SECTION 9: Performance evaluation P24
SECTION 10: Improvement P28
Get the most from your management P30
Next steps once implemented P32
How else can we assist P33
ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 3

INTRODUCTION
TO THE STANDARD
ISO 45001:2018 is a new International to prevention of accidents and long and short term
standard which provides a framework, ill health effects. The standard provides a platform to
develop a positive safety culture leading to worker
regardless of size, activity and geographical wellbeing.
location, to manage and continuously
Once the policy framework has been put in place,
improve Occupational Health and Safety
along with processes to facilitate the organization’s
(OH&S) within the organization. commitment, the standard then asks the organization
The risk-based approach standard introduces to audit, review and improve the system including
the common ‘Annex SL’ structure which provides assessment of compliance obligations. This
compatibility with other ISO standards including ISO approach provides the organization with both
9001 Quality, ISO 14001 Environment and ISO 27001 assurance and business continuity.
Information Security management systems. Standard requirements can significantly help the
By adopting a systematic approach including worker organization improve internally; by embedding a
participation, the organization can integrate OH&S culture of challenge and continual improvement.
within its business processes which will contribute
4 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

A Brief history of ISO 45001

OHSAS 18001:2007 (initial This was recognised and hence the Owing to this compatibility ISO
version OHSAS 18001:1999) is need to have a systematic structure for 45001:2018 should build on all the
the predecessor to the recently the management of the activities. ISO success of OHSAS 18001 and allow the
released ISO standard ISO 45001:2018 is an ISO standard and benefits to be enhanced and potentially
has been designed to have greater integrated in other generic management
45001:2018. The OHSAS standard
compatibility with existing ISO standard system standards.
was recognised internationally but
management system revisions including
it is not an ISO standard. ISO 9001:2015 and ISO 14001:2015. In 2021 OHSAS 18001 will be
withdrawn leaving ISO 45001 the
Over time it has become increasingly It uses the same management system primary international OHS management
apparent that too many workers are structure and reflects the requirements system standard.
suffering from OHS related illnesses, identified by the International Labour
injuries and deaths, placing an Organization guidance for OHS
unacceptable burden on people, their systems. It has been developed over a
families and with moral and welfare number of years by International bodies
costs to society overall. and industry experts.

BENEFITS OF
IMPLEMENTATION
With or without a formal OH&S management system, organizations have a moral and legal
duty to protect workers from accidents and ill health. This next section provides an overview
of a selection of positive benefits from implementation of ISO 45001. These positive benefits
are not exhaustive.
Adoption of the high-level structure of ‘Annex In addition to internal process controls,

SL’ enables organizations to integrate ISO the standard has provided requirements to
45001 with existing ISO 9001 Quality and assess procurement of products and services
ISO14001 Environmental management which may have influences on OH&S. For
systems. This approach has reduced the example, risk based structured management of
complexity of multiple clause requirements contractors. Such a process can in-turn provide
across different standards applications, saving controls to reduce both OH&S risk, promote
time and resources. positive safety culture and protect business.
The standard provides a systematic approach The standard provides a structure to monitor
for senior leadership to assess OH&S risk and review compliance obligations to ensure
and opportunities, monitor and review the organization is legally compliant including
safety performance and set objectives for products and services. It is important for an
continual improvement within the ‘context’ of organization to understand what it is to achieve,
organizational activities. This may include, for why it needs to achieve and if it has achieved –
example, worker health promotion campaigns this should be demonstrated within the system.
or the monitoring of the OH&S effects of
products and services provided. Both internal and external audit programmes
provide scrutiny and effectiveness of the OH&S
Implementation is a demonstration and management system including processes. The
commitment from senior leadership to internal programme promotes communication and
and external stakeholders (interested parties) participation of workers with identification of
of the intent to protect workers from accidents gaps leading to continuous improvement.
including short and long term ill health effects.
Of course, this may in-turn reduce downtime, With an emphasis on workers taking an active
lead to reduction or prevention of worker loss role in OH&S matters, this can have positive
time hours and potential prosecution. benefits on an organization’s reputation as a
safe place to work leading to staff retention,
This commitment also provides assurances to motivation and greater productivity.
the Board of Directors, Trustees or owners that
management controls regarding OH&S risks Implementation is also recognition for having
inherent within the organization. achieved an international standard benchmark
which may have positive influence on existing
The standard promotes worker participation and potential customers in fulfilling their own
when identifying hazards, elimination or social responsibility commitments.
reducing risk by implementation of controls
integrated with other business process. This
approach can improve safety culture, minimise
risk and embed best practice resulting in
increased productivity.
For further information on positive benefits of ISO 45001 standard implementation and its intended
outcome refer to section 1 ‘Scope’.

PDCA CYCLE
ISO 45001 has adopted the four stage Plan-Do-Check-Act (PDCA) cycle for achieving continual
improvement. This is an inherent part of the systematic approach to determine workable
solutions, assessing the results, and implementing ones that have been shown to work.
The PDCA cycle can be applied not only to management systems as a whole, but also to each individual element to provide an
ongoing focus on continual improvement. At the core of each stage is ‘Top Management’ who are pivotal to ensure the OH&S
system is managed effectively.
In the context of ISO 45001, refer to the following PDCA cycle:
Plan: Do: Check: Act:

Understand the context of the Implement the Monitor, measure Take actions to
organization including OH&S processes as and evaluate OH&S continually improve to
risk and opportunities. Establish planned to including activities and including findings of
OH&S objectives, processes and worker participation, processes. incidents, addressing
resources required to deliver hazard identification non-conformance and
results in accordance with the and emergency audit findings.
organizations OH&S Policy. preparedness.
SCOPE OF THE OH&S MANAGEMENT SYSTEM (4.3/4.4)
CONTEXT OF THE
ORGANIZATION
SUPPORT &
(4)
OPERATION
(7, 8)
Plan Do
INTERNAL & INTENDED
LEADER OUTCOMES
EXTERNAL ISSUES PLANNING & WORKER PERFORMANCE OF THE
(4.1) (6) PARTICIPATION EVALUATION OH&S MS
(5) (9)
Act Check
NEEDS AND
EXPECTATIONS IMPROVEMENT
OF RELEVANT (10)
INTERESTED
PARTIES (4.2)
Establish OH&S objectives, processes and resources required to deliver results in accordance with the organizations
OH&S Policy
DO: CHECK: ACT:

Implement the processes as planned Monitor, measure and Take actions to continually improve to
to include worker participation, hazard evaluate OH&S activities including findings of incidents, addressing
identification and emergency preparedness. and processes. non-conformance and audit findings.

RISK BASED
THINKING/AUDITS
Any company that operates an OH&S management system must ensure there are effective
measures to evaluate performance which enables continual improvement internally. This section
outlines the different methodologies of auditing in relation to the OH&S system to ensure it is
effective at all levels of the organization and meets the requirements of the standard.
Risk Based Thinking Walk Through Audits

Risk Based Thinking (RBT) is a central tenet of ISO 45001. A less formal approach maybe adopted in addition to the audit
RBT requires the Management Team to continually assess the plan by conducting ‘walk through’ audits. This may be conducted
issues that affect OH&S aspects of an organization and ensure by senior leadership or at operational level to inspect areas of
that appropriate targets, resources and controls are in place. the organization to pre-determined questions. This is a further
RBT empowers organizations to make dynamic changes to opportunity to engage with workers, promote communication and
their objectives and focus, whilst at the same time ensuring build a positive safety culture within the organization.
that resources are in place to control changes and unforeseen
circumstances. In relation to OH&S, risk-based thinking extends
to areas outside of the organization which may influence safety.
2nd Party - External Audits
Second party audits are usually conducted by customers or
For example, procurement of products and services (including organizations on their behalf, however they may be conducted
contractors) and the impact of supplied products and services. by regulators to ensure the organization complies with legal
The organization must determine the methodology for risk-based requirements. External audits are a useful way to substantiate an
thinking with consideration of compliance obligations and the organization OH&S claim and to gather first-hand information and
participation of workers. For operational aspects the standard contact with workers prior to commitment to a formal business
clearly defines the hierarchy of control for hazard identification relationship. Second party audits may be planned; however,
and the reduction of risks with the involvement of workers. This notice may not be provided from regulators emphasising the
methodology requires the organization to reduce risks associated requirement to ensure OH&S organizational requirements
with hazards to a reasonably practicable level. are prepared.
1st Party - Internal Audit 3rd Party - Certification Audits

Internal audits are taken at a moment in time to determine if Third party audits are conducted by UKAS accredited certification
policies and practices are effective and achieving the intended bodies such as NQA in compliance of the ISO 45001 OH&S
aim. The internal audit is an opportunity to engage with workers standard. Depending on the number of employees, sites, risk
and to capture a true reflection of processes. Audits may identify and complexity of the organization, the certification body will
positive evidence of conformity including compliance obligations, determine the number of audit days required to cover the full
however through inspection and observation they may identify scope of the standard. Prior to certification, the organization
improvement opportunities and non-compliance in breach of the may consider a gap analysis conducted by either consultant or
management standard. certification body to identify gaps against the OH&S standard.
Audit Planning Certification is a demonstration to interested parties

Developing an audit plan does not have to be a complicated including workers, customers and regulators that
process. Through risk based thinking a series of audits can there is:
be scheduled to focus areas of higher risk and to engage
with identified groups of workers. It’s up to the organization to • A mechanism for regular assessment to monitor and
determine the frequency provided it is defined. In addition to implement compliance obligations
operational aspects the plan will cover core processes • Regular assessment to monitor and improve
including compliance obligations, management review and OH&S processes
documented information. • Identification of hazards and reduce OH&S risk
• Regular review and assessment of OH&S risk
and opportunities
• Worker participation in the decision-making process
to ensure a safe working environment, continuous
improvement and safety culture

ANNEX SL
Prior to the introduction of Annex SL (previously known as ISO Guide 83), organizations who
implemented ISO 9001 Quality, ISO 14001 Environmental and ISO 27001 Information Security
standards had difficulty integrating management systems. Based on different clause structures
and terms of definition, the absence of Annex SL could lead to potential gaps between
management systems an unnecessary burden on resources. The introduction of Annex SL
including ISO 45001 has enabled multiple standards to adopt the same high-level structure to
harmonise 10 core clauses, making it easier to integrate common management standards.
High Level Structure The first three clauses provide a background to the standard with
useful information including terms of definition. The rationale of
‘Context of the Organization’ (clause 4) is that the system focuses on
Annex SL consists of 10 processes and requirements needed to achieve organizational policy
core clauses: objectives. This is achieved by understanding the organization and
the context in which it operates. The Clause sets out the requirements
1. Scope for the organization to define the ‘Scope’ of the system, and the
subsequent planning of the system.
2. Normative references
3. Terms of definition Clause 5 to 10 are common to all management system standards, ISO
45001 specifically relates to occupational health and safety issues.
4. Context of organization So, whilst there is commonality, there are OH&S processes to be
5. Leadership established, implemented and maintained including understanding
6. Planning of the policy framework, identification of hazards, management
control of risks and worker participation. A successfully deployed
7. Support Annex SL enables an integrated management system (IMS) which
8. Emergency preparedness simultaneously handles the requirements of ISO 45001, ISO 9001 and
ISO 14001. Typically, this would include a harmonised documented
9. Performance evaluation
information, procurement, audit and management review process
10. Improvement without the necessity of duplication.
Annex SL Clause Overview

PLAN DO CHECK ACT
4 9
5 6 7 8 10
Context of the Performance
Leadership Planning Support Operations Improvement
organization evaluation
4.1 9.1 Monitoring, 10.1

6.1 Actions to 8.1 Operational
Understanding 5.1 Leadership measurement, Nonconformity
address risks and 7.1 Resources planning and
the organization commitment analysis and and corrective
opportunities control
and its context evaluation action
4.2 6.2 ISO 45001 8.2 Emergency 10.2 Continual

Understanding 5.2 Policy objectives and 7.2 Competence 9.2
preparedness improvement
the needs and planning to Internal audit
expectations of achieve them
workers and 5.3
other interested Organizational 9.3
parties 7.3 Awareness
roles, Management
responsibilities review
4.3 Determining and authorities
the scope of
the ISO 45001 7.4
management Communication
system
4.4 ISO 45001 7.5 Documented

management information
system

SECTION 1:
SCOPE
For registration all clause requirements must be applied. This section sets the intent and
parameters within which the ISO 45001 OH&S management standard can be used to attain
its intended outcome.
The intended outcome of the OH&S management system is for the organization to:
• Provide a safe and healthy workplace(s)
• Prevent work related injury and / or ill health
• Proactively monitor and improve OH&S performance
• Eliminate hazards and minimise OH&S risks (including system deficiencies)
• Take advantage of OH&S opportunities and address management system non-conformities associated with its activities
• Fulfil legal and other requirements
• Achieve OH&S objectives
• Integrate other aspects of health and safety including worker wellness / wellbeing
This section makes it clear that the standard does not address issues such as product safety, property damage or environmental
impacts beyond the risks they present to workers and other relevant interested parties.

SECTION 2:
NORMATIVE
REFERENCES
Reference to ‘normative references’ are common across all management system standards
however in the case of ISO 45001 there are no normative references.
If applicable to a standard, normative references are essential

documents used for the application of the document. In other
words, the reference document is considered essential for the
application of the referenced standard.
ISO 45001 provides a bibliography with further information

including associated ISO management standards.

SECTION 3:
TERMS AND
DEFINITIONS
ISO standards are written in such a way that their meaning can be open to interpretation. As
with all standards, this interpretation can lead to confusion. To assist the user section 3 of
the standard provides prescriptive terms of definition to prevent the wrong interpretation.
It is highly recommended that persons responsible for

implementation of the standard clarify and have a clear
understanding of words described in this section. Annex A Guidance
‘Annex A’ of the standard provides useful clarification
For example, ‘worker’ may be interpreted without guidance as of selected concepts in relation to OH&S to avoid
an operator who works in a factory, when in reality a worker misunderstanding. Concepts including:
covers many different occupational aspects including agency,
contractors, all employees including Top Management and
external provider staff.
• Continual
• Ensure
Each term is listed in accordance with the hierarchy of
concepts reflecting the sequencing of the introduction of • Interested party
the standard. • Documented information
In addition to the term or definition, notes provide further If the organization requires the use of specific industry
information and clarity. related terms and their meanings relative to the OH&S
If an electronic version of the standard has been purchased system, these terms can be used, however they must
the definitions are hyperlinked to other definitions so that their still conform to the ISO 45001 document.
interrelationships can be seen.


SECTION 4:
CONTEXT OF THE
ORGANIZATION
The rationale of this clause is that the system focuses on the processes and requirements needed to
achieve the OH&S policy objectives. This can be achieved by understanding the organization and the
‘context’ in which it operates. Clause 4 also sets out the requirements for the ‘Scope’ and the system
to be defined, and the subsequent high-level planning of the system to achieve the objectives.
Understanding the context of the organization is usually These four requirements follow a sequence:
conducted by senior leadership with information about • In 4.1: Clarification of the strategic aims of the organization
the business and activities gathered at every level of the and determine any issues that could affect these aims
organization. Discussion points focus on internal and external being achieved.
issues which have an impact on the OH&S system. • In 4.2: Consideration of the interested parties (Stakeholders)
including workers to the organization and how they can affect
Clause 4 has four sub-clauses that each set out an element of how the organization operates.
what is needed to define the Context of the Organization, and to • In 4.3: Setting the scope of the OH&S Management System
design the OH&S management system. from the information discussed and considered in 4.1 and 4.2
• In 4.4: Laying out a design for the OH&S management system
and the high-level planning around it
Clause 4.2
Clause 4.1 Clause 4.3 Clause 4.4
Understand the needs and
Define the organization and Scope what you want to Design the sequence
expectations of workers and
what can affect it include in the system of processes
other interested parties
4.1 Understanding of the organization and context

Clause 4.1 requires the provision of a high-level understanding of key issues that can affect OH&S both positively and negatively
within the organization. Using this information will help develop an understanding of internal and external issues and the
interaction of activities to help plan and develop controls within the system.
WHAT ARE INTERNAL AND EXTERNAL ISSUES?

Internal and external issues are circumstances, characteristics and changes which can positively or negatively influence the
OH&S management system. ‘Annex A’ of the standard has been developed to provide examples of internal and external
issues. Below are typical examples, however each issue will be focused on the individual organization:
External issues Internal issues

• Cultural, social, political, legal, financial, technological, • Governance, organizational structure, roles and
economic and natural surroundings including the accountabilities
environment in which the organization operates • Policies, objectives and the strategies in place to achieve
• Who the competitors are and any contractors, them
subcontractors, suppliers, partners and providers • Resources (including human), knowledge and competence
• National and international law • OH&S culture within the organization and the relationship
• Industry drivers and trends which have influence on the with workers
organization • Process for the introduction of new products, materials,
• The organization products and services and their influence services, tools, software, premises and equipment
on occupational health and safety • Working conditions
With the information that is gathered during discussions at all levels of the organization to determine context, it is
recommended this information is placed into a report. The benefit of this is it provides a cohesive explanation and a good
reference to support present and future business strategy. (For review of context refer to section 9).

4.2 Understanding Interested parties can be documented in the form of a map:
the needs and
expectations of
workers and other
interested parties
‘Interested parties’ is the
CUSTOMERS
preferred term introduced by ISO
however commonly referred to as
‘Stakeholders’. Unlike other common EMERGENCY
WORKERS
standards this clause introduces SERVICES
the term ‘Workers’ which is a broad
term as described in section 3 of the
standard ‘Terms and definitions’.
This section requires the

determination of, in addition to
workers, interested parties that GEOGRAPHICAL
REGULATORS SUPPLIERS
can influence OH&S positively LOCATION
and negatively. Once it has been
decided which interested parties are
relevant and significant, their needs
and expectations within the OH&S
management system should be
addressed.
CONTRACTORS 3RD PARTIES
Remember when considering
interested parties, some needs and
expectations are mandatory and
INSURERS
incorporated into law and regulatory
requirements therefore must be
considered.
Having defined who your Interested

Parties are, ISO 45001 requires that
you determine their potential and
actual effects.
4.3 Determining the scope of a statement. This will ensure that they send the correct auditor
with experience in your industry sector. For example:
the OH&S management system ‘The Manufacture and Sales of Dishwashers’
From the context information gathered in 4.1 and
Using this example, you can see that the main process
understanding of needs and expectations of workers and
is manufacturing which will incorporate many processes
interested parties in 4.2 the ‘scope’ can be developed.
including workers, machinery, regulatory requirements,
The Scope sets out the areas of the business that are going to external providers, customers (end users) and competence
be managed in the OH&S Management System. which will be audited.
Usually, this will include the key processes and activities that
are engaged in the service or production of goods, including
4.4 OH&S management system
any customer facing activity and post-delivery warranty work. From the information gathered in 4.1, 4.2 and 4.3 the standard
requires the design and integration of processes within the
Where an organization is complex, the scope is used to ring-
management system to satisfy the requirements of ISO 45001.
fence only the activities or locations where the system is being
This may include such processes as design and development,
used. This can be referred to as ‘boundaries of applicability’.
procurement, marketing and manufacturing.
However, areas of the business cannot be excluded from the
scope to avoid OH&S processes or evade legal compliance.
When the application to NQA is made to have the system

audited for certification, it is necessary to declare the scope in

SECTION 5:
LEADERSHIP
Critical to the success of the OH&S management system is leadership and commitment
from ‘Top Management’. The expectation on leaders within an organization is to become
champions of the system and provide the necessary resources to protect workers from harm.
This section provides the tone and expectation on senior

leadership to take an active part in the OH&S system and
OH&S Policy
generation of a positive health and safety culture within the An OH&S Policy is a ‘Statement of Intent’ or ‘Mission
organization. Statement’ which sets out the framework to manage the
Occupational Health and Safety Management System. The
The following are examples of how leadership can be
OH&S policy is approved by senior leadership and will drive
demonstrated within the OH&S management system:
the controls that are in place and the actions that are carried
• Take overall responsibility and accountability for the
out to improve it.
prevention of work related injury / ill health, as well as the
provision of a safe and healthy work environment The standard specifically requires that the OH&S policy
• Facilitating positive culture and continual improvement should include commitments to:
• Ensure the OH&S system is integrated within business • Provide a framework for setting objectives
processes • Provide safe and healthy working conditions for the
• Promote communication internally and externally and at all prevention of work related injury and / or ill health
levels (cascading from the top) • Eliminate hazards and reduce OH&S risks
• Protect workers from reprisal when reporting incidents, • Continual improvement of the OH&S system
hazards, risk and opportunities • Consultation and participation of workers and where they
• Provision and support for safety committees exist worker representatives
• Fulfilment of legal and other requirements
For an external audit the expectation is for senior leadership to
be at the heart of the OH&S management system with a clear Once the OH&S policy has been approved it must be
demonstration of understanding the system. communicated to stakeholders including workers. The policy
must be available to interested parties, which will include
customers and external providers on request.
In addition, periodically the OH&S policy must be reviewed by

senior leadership to ensure it remains applicable to the context
of your organization.

Organizational roles, Here is a selection of suggested methods of promoting
consultation and participation of workers:
responsibilities and authorities • Periodic meetings with senior leadership to discuss
This section requires the organization to define clear roles, processes including OH&S issues
responsibilities and authorities throughout the organization. • Safety committee with worker representatives
It is recognised that overall responsibility for the OH&S (where required)
management system falls to ‘Top Management’ however • Identification and elimination of hazards (risk assessments)
individuals must take account of their own health and safety • Development of training Tool Box Talks and presentations
and that of others. (This may include training tools for workers outside of your
organization such as visiting contractors)
Consider documenting roles, responsibilities and authorities • Development of Safe Systems of Work and Work Instructions
within high-level and localised organizational charts. Individual • Cross communication between sites within the organization
policies and work instructions may also include responsibility • Near miss reporting schemes with follow up actions
and authority however competence must be considered. including root cause analysis
• Site tours
Consultation and participation • Open door policy to talk to a safety or HR representative
• OH&S suggestion boxes
of workers • Communication – Notice boards, newsletters, email, blogs,
health promotion campaigns
A key factor for the success of an OH&S system is to ensure
there are clear lines of communication, consultation and Once a selection of methods of consultation and participation
participation of workers with sufficient allocation of time of workers has been chosen, consider documenting the
and resources. This section requires the development of methodologies within a process. This will enable the
processes to ensure information that has an impact on OH&S organization to periodically check the process within your audit
is communicated at all levels of the organization. programme to ensure any identified requirements have
been fulfilled.
This can be achieved in many different ways depending on the
scope and scale of your organization.

SECTION 6:
PLANNING
Planning is one of the key components of any management system. ISO 45001 is based on
the ‘Plan-Do-Check-Act’ cycle, where planning is used to set the actions in motion for how the
system will work.
Planning occurs at several points in the framework for OH&S • Changes in work pattern including increase or decrease
management system. In order to set out the management in productivity
system planning is required using information gathered in • Noise, cold, heat
clause 4. At various points in time there will be the need to • Legal requirements and mechanism to adapt to changes in
‘plan’ again; this includes the periodic planning for achieving legal requirements
objectives that are set and reviewed, and also in the event of a • How the risk assessment will be communicated and
‘change’ which could arise from a planned or unplanned event. subsequent worker training of control measures
• Emergency situations such as unplanned events including
The requirements are to: fire and loss of power
• Plan the actions based on risk assessment to manage risks • Availability of resources to ensure hierarchy of controls can
and opportunities in the prevention of undesired effects be applied to risk assessment findings
including work related injury or ill health
• Manage events and continually determine risk and
opportunities for both workers and the OH&S system
• Establish and manage objectives
Hierarchy of Controls
• Plan and manage changes to the system and re-evaluate Most Effective
once change has been made Elimination

Physically remove
• Consider relationships and interactions between activities the hazard
• Define a methodology for hazard identification

Replace the
• Define the methodology for identification and management Substitution
hazard
of legal and other requirements
• Understand the knowledge within the organization to Engineering Isolate people
Controls from the hazard
manage activities safely
Administrative Change the way
Hazard Identification Controls people work
PPE Protect the worker

Hazard identification is fundamental in the planning process to with Personal
prioritise actions to address risks and opportunities. Using the Protective
Equipment
‘Hierarchy of Controls’ (see illustration opposite) the standard Least Effective
requires the organization to conduct risk assessment based
on internal and external activities. Hazard identification will
enable the organization to recognise and understand hazards Using the hierarchy of controls, the organization needs to
in the workplace. It will also allow workers to assess, prioritise determine the methodology in which the findings are recorded
and eliminate hazards or to reduce OH&S risks. Hazards as documented information and communicated to workers and
can appear in many different circumstances and conditions other interested parties. Typically, the competent person would
including physical, chemical, biological, psychosocial, conduct a risk assessment and score the findings based on
physiological, mechanical, electrical, or those based on the likelihood of the event based on the severity of harm with
movement and energy. an applied risk score. This methodology would be consistently
applied and be based on the legal / regulatory requirement,
Consideration must also be given to the types of activity type and circumstances of the activity, I.e. noise, fire, vibration,
including the following: height risk assessment etc.
• Groups of workers exposed to the hazard
• Shift work, hours of activity, lone working, supervision It is recommended that risk assessment conducted by a
• Human factors including demanding physical activities competent person(s) starts at the design phase of any activity
• Design of the workplace, for example segregation of traffic and involves the workers who are or will be directly involved in
and pedestrian routes the process.

£
£
Determination of legal and introduction of control measures must be within the framework
of the OH&S management system.
other requirements Control measures may be either integrated into existing quality
The organization needs to be confident that during the risk system work instructions or based on risk and developed into
assessment process it is adhering to the latest applicable legal a dedicated Safe Systems of Work. Tasks may be delegated
and other requirements. The legal and other requirements by senior leadership individually or as a collective group.
process of assessment will vary depending on the complexity Tasks will be allocated to persons based on competency
of the business. with consideration as to how any training will be delivered to
different groups of workers.
Sources of information may be gathered in many
ways including:
• Subscription to publisher legal update newsletters
Objectives
• Membership of trade associations It is a requirement of the standard to set achievable OH&S
• Research via reputable government websites objectives with the means to periodically measure progress,
• Use of competent consultants demonstrating continuous improvement. Often objectives are
• Competent employee membership of occupational health set and reviewed at management review (see clause 9.3) or
and safety institutes locally at departmental or committee meetings. Once set, there
• Employee attendance of occupational health and safety must be the means to communicate objectives throughout the
training courses organization to support and generate a positive OH&S culture.
Following the initial assessment of compliance obligations, the If many requirements have been identified the organization
organization may consider placing the relevant information in a may consider developing a documented Occupational Health
document. A spreadsheet may be useful for this purpose. and Safety Strategic Plan. The plan should be agreed by
senior leadership and include risk rating tasks, in order of
A live document may include the following information and priority, and the alignment with senior leadership responsible
be referenced within individual risk assessments: for overseeing the task.
• Name and reference number of regulation / requirement
• Revision status A strategic OH&S plan is a live document and periodically
• Date the regulation was last reviewed should be reviewed to monitor progress to achieving
• Competent person responsible for reviewing the requirement objectives and continuous improvement.
• Area of the organization the requirement impacts including
a short description of activity and associated documented The document may include:
information • Strategic prioritised topic
• A hyperlink or description of the source of information • Action, this could be conducting assessments according to
• Name and customer / external provider contact details if compliance obligations such as a noise assessment
relevant to ‘other requirement’ • Method in which the action can be achieved
• Next review date • Resources required to achieve the action. For example
human, equipment, financial and external provider expertise
Planning Action • The key performance indicator to demonstrate achievement

of the action
• General responsibility
Following the hazard identification process, the organization
• Top Management responsibility
should plan actions in order of priority to reduce risk. These
• Timescale
should consider the consequences of these actions before
• Risk rating (order of priority)
the actions are introduced. Planning actions and including the

SECTION 7:
SUPPORT
This section looks at the requirements which underpin the OH&S management system to
ensure it runs effectively.
Resources The organization must also consider the competence of

external providers including the procurement of contractors
Resources will be required to fulfil the requirements identified conducting tasks on site. The organization’s procurement
during the planning stages of the system to maintain process may provide the structure for management of external
continuous improvement. These include human, natural, providers; including evidence of capability, competence and
infrastructure (buildings, plant, equipment, utilities, emergency on site, this may be supported with site induction training.
containment systems) technological and financial resources.
Either internally or externally, the organization’s Top
It is essential that allocation of resources has the full support Management must be confident that mechanisms are in place
from Top Management, under the requirements of Clause 5, to to provide workers with suitable and sufficient competency
drive the maintenance of a safe and healthy work environment. based OH&S training.
As part of identifying resources, the organization needs to look
at the information produced in Section 6 to acknowledge the Awareness
risk, opportunities and resulting objectives. They then need to
allocate sufficient resources to mitigate or manage them. Awareness of the requirements of the OH&S system is critical
to both internal and external workers. There must be a clear
Competence understanding of the organization’s H&S Policy including the
requirement for individuals to protect themselves and others
An organization working effectively and efficiently must have from exposure to hazards. Awareness training starts before
competent workers. In terms of OH&S it is essential that work commencement for both internal and external workers
workers have access to information and have been suitably and may include:
trained to prevent accidents or ill health to themselves and
• OH&S Policy and requirements
others. Competence can include consideration for:
• Hazards associated with the environment and processes
• Capability to fulfil the task based on defined job roles and • Means to report incidents and receive information following
clear understanding of the required OH&S aspects investigation
• Defined methods of recruitment with consideration for • Means to report near misses or safety critical defects
temporary or agency workers • Structure of supervision
• Awareness of hazards associated with the environment and • Provision of information including Safe Systems of Work or
processes Work Instructions
• Legal requirements • Clear understanding that there are no recriminations for
• Individual capabilities including experience, language skills, reporting hazards or precautionary removal of individuals
literacy and diversity from exposure to harm which is life threatening. This must be
actively encouraged as part of a positive safety culture
The diversity of activities within the organization will determine
the level of training required to fulfil competence. Training gaps It is recommended there is evidence of awareness training.
are usually identified with the development of new processes, This is outlined within the ‘competence’ section of Section 7.
for example the introduction of new machinery or in achieving
compliance with regulatory requirements.
No matter how big or small the organization is, training records

are essential as reference and evidence of the fulfilment of
competence. Consider an overview training matrix identifying
fulfilled training gaps including refresher training dates. In
addition, consider individual training records with signatory
evidence from the worker to acknowledge completion and
understanding of training including hazard awareness.

Communication Documented information
– internal and external As with all management systems the extent of documented
information will vary depending on the size, scope and
Defined channels of communication is key for the success complexity of processes within the organization. A practical
of the OH&S management system. It is recommended that approach to development and control of documented
there is clear policy on communication endorsed by Top information will assist in business protection as well as
Management identifying the process of communication. The providing sources of information for workers relating to hazard
organization will need to determine: identification. Consider a risk-based approach to the level of
documented information required including consideration
for literacy and language. Documented information is not
Question Examples restricted to hard copy and will appear in a variety of media
including electronic format, emails and web based. Below is a
selection of the variety of documented information:
What will be OH&S Policy, site rules
communicated? including personal
Internal / Type Use
responsibilities, hazards, External Sources
risk assessments, Work
Instructions, minutes from External Regulatory Government website instructions
and leaflets, codes of practice

committee meetings,
investigation results, External Information External Provider material safety
organizational structure, data sheets, certificates of
conformity
performance
External Information External Provider machinery
installation instructions and
When Recruitment permanent technical specifications
communication or temporary, induction
External Information Risk assessments and method
internally and externally,
occurs? morning briefing, safety
statements
committee meetings, External Certificates Fire system, fixed wiring service

records, liability insurance
pending legal requirements documents
External Training Certificates of competence (Fork
Who will information Workers including agency, Lift Truck, OH&S awareness)
be communicated contractors, external
Internal Training Induction presentations, tool
providers, product end users
to? and other interested parties
box talks
Internal Training Individual training records
Internal Work Safe Systems of Work
How will information Notice boards, tool box
Work Instructions
be communicated? talks, email, website,
newsletters, supervision Internal Inspections Evidence of maintenance and
routine inspections
Methods of controlling • Develop a spread sheet identifying the reasons why previous
revisions have been updated
Documented Information • Determine the method of issue for documented information
with consideration for recovery of pre-modified documented
It’s essential to have a robust but simple system of control for information and communication
documented information. This will ensure workers are always • Archive in electronic format previous revisions of documents
aware of the latest requirements relating to OH&S. In support based on risk ensuring there is a means of backing up and
of the latest revision of documented information there must recovering data
be the means to communicate the latest policies, practices • Determine and identify in the spread sheet the intended
and work instructions. As previously indicated documented document retention timescale. This may be based on legal
information will come from internal and external sources. requirements such as insurance documentation
Below are suggested means of controlling both internal and
external documented information: External
• Determine what should be communicated and retained
Internal based on risk
• Develop a document reference system within the header • Consider scanning to reduce reliance on paper
or footer e.g. Maintenance Procedure No. 1 – MP01, • Maintain the integrity of archived documentation
Maintenance Form 01 – MF01 etc
• Identify the revision status, revision date and author within Remember to create a simple system to use for all to
the document footer understand and access accordingly. Consider supporting the
• Use the same document control methodology for electronic chosen method with an instructional procedure with
documents and data applicable training.

SECTION 8:
OPERATION
Once processes within the organization have been identified (see clause 4.4) and planned,
the method in which the business will operate (see Clause 6.0), the company needs to plan
and control each process within the OH&S management system.
Operational Planning and Control is the method in Management of Change

which the organization determines what is required for
It is recognised that accidents can occur when processes
each process and the method in which requirements
deviate from defined established control measures. This may
are controlled to ensure workers are protected from
include changes in competent supervision and workers or the
harm. Operational Planning and Control is achieved by
introduction of new materials, machinery and processes.
identifying the criteria for each process which may include:
The organization must define and implement a process which
• The boundaries of each process and how considers change throughout the business. This may be a
they interact written policy which accounts for different scenarios based on
• What resources are required to manage the process risk and opportunity. The change process may be supported
including leadership, equipment, time, human by a documented system to acknowledge issue and receipt of
(competency and training aspects) and financial the notification to ensure it is communicated and understood.
Notification of change may be supported by training and
• What documented information is required to aid competence requirements. Change process could incorporate
management of the process including procedures a mechanism to assess and prevent the introduction of new
and safe systems of work hazards. Examples of events where management of change
• The method in which changes to the process are might be necessary include but this is not exhaustive:
planned and controlled including unintended events
• Application of legal and other requirements or
Change event Method of management
manufacturer’s instructions for equipment
Loss of Organization of re-training of existing
• Engineering controls, for example interlocked guards
knowledgeable member of staff supported with an
and exhaust systems
competent external provider until the employee is
The organization must also consider the adaptation of the member of staff competent.
work environment to ensure it is suitable and sufficient for
First aider Temporarily train staff in alternative
all workers. Adaptation in broad terms may be induction
absent means of receiving first aid treatment
of new workers or ergonomically changed processes to
including neighbouring businesses and
protect workers from harm and improve process efficiency.
emergency services.
Introduction of Appoint a Project Manager to

a new piece of coordinate implementation including
Eliminating hazards and machinery risk assessment, instruction, training,
supervision. Provision of risk assessment
reducing OH&S risks and installation method statement
from external provider. Development
Having chosen the methodology for risk assessment of control documents based on
determined in clause 6.0, the organization will use the manufacturers recommendations.
‘Hierarchy of Controls’ outlined in section 6 to eliminate or
reduce hazards to the lowest practicable risk. It is essential that Flood within a Appointed competent representative to
when conducting risk assessment workers, including external building conduct risk assessment and coordinate
providers, are competent. On completion of risk assessment relocation of staff to a safe environment.
results should be communicated with those workers directly
Introduction of Project management coordination,
affected within the operation and to aid the development of
new software presentations and toolbox talks,
control measures. Workers need to be included in the process
competence and awareness training.
of assessment and other system elements.

General Documented Information
The purchase of goods and services is a requirement for any The standard requires the organization to maintain
business to function. The standard requires the organization documented information relating to the procurement of
to put controls in place to ensure those purchased goods and products and services including contractor arrangements.
services do not introduce hazards and expose workers to harm Below is a list of examples of documented information
including contractors. considered for retention:
Procurement • Risk assessment and method statements between the

organization and contractor
• Material safety data sheets
A robust procurement process is essential to control product
• Email exchanges relating to safety aspects
and services inputs into an organization. Inputs may include
• Certificates of conformity – Harnesses, guarding, emergency
raw materials for products, equipment including machinery,
stops, PPE
consumables such as cleaning products and workers
• Contractor permits and licences
conducting maintenance as part of a service agreement. The
• Completed external provider questionnaires
organization is required to develop a process which should
• Worker training records
include an assessment of the impact on safety of products
and services prior to purchase. This may include obtaining
product or material safety data from an external provider or Emergency preparedness and
by conducting a risk assessment. Risk assessment with an

external provider may be considered during activities such as response
the purchase and installation of machinery. The assessment
Planning for unexpected events is a good all-round
would identify potential hazards and suitable control measures
organizational discipline. The risk assessment process, for
to protect both organizational workers and contractors.
ISO 45001 identification of hazards, may have highlighted
Within the process, consider the delivery of products to potential emergency situations with possible catastrophic
ensure they are inspected against specified requirements consequences. Therefore, it is necessary to put control
prior to release. Consideration must also be made to ensure measures in place to mitigate for these potential events.
those products and services are legally compliant. This may
Once emergency situations have been identified, which may
be through the assessment of material safety data sheets,
involve workers at every level of the organization, a plan
declarations of conformity or business registration with trade
needs to be formulated and tested. Check that emergency
associations. Personnel who are responsible for procurement
preparedness and response have been tested within the
must ensure they utilise competent workers to assist with
internal audit plan.
assessments and to communicate safety information relating to
product or service. Health and safety information may include Testing emergency response plans are critical to raise
material safety data sheets, training, competence requirements awareness of potential events and ensure control measures
and instructions for use. function including supervision, individual responsibilities,
suitability of training and communication. Below are some
Contractors and Outsourcing examples of when emergency plans will be required:
Many businesses use the services of contractors (external

providers) to fulfil gaps in processes and to complete tasks Event Recommendation
requiring specialist knowledge. The standard requires the
organization to conduct an assessment on those contractors Provision of Testing of first aid response, consider
including due diligence competency checks. The organization first aid shift patterns, availability of equipment
may consider the use of contractor selection criteria to ensure and competent staff etc.
services are within scope of the task.
Evacuation drill Method of raising the alarm, contacting
The organization must be satisfied there is a process to protect the emergency services, accountability
contractors (workers) and other workers who may be exposed of workers, staged evacuation, changes
to hazards due to their activities. During the procurement in building layout etc.
process written agreements may be established between
Bomb threat Raising the alarm, what to do with
the organization and contractor specifying the organizations
workers – stay put or evacuate to a
rules. This may be supported by risk assessments and method
safe area, keeping away from windows,
statements conducted by both parties with communication of
controlled method of raising the alarm.
results.
Chemical Raising the alarm, evacuation,
It is key that necessary checks have been made to ensure spillage containment, availability of Material
contractors are competent and may, in some circumstances, Safety Data Sheets.
require confirmation of compliance to legal requirements. For
example, certification to work on electrical switch gear or to
work on a gas boiler.
Once the plan has been tested it is important to provide
Once the procurement process has been completed it is good workers with feedback to learn from experience. Again, there
practice to support site activities with an induction programme. is a requirement to have suitable information and records as
This will provide contractor workers with an understanding documented information.
of the rules including any specific requirements, for example,
site hazards, authorised areas, near miss reporting processes,
safe walking routes, emergency action plans, supervision and
required permits to work.

SECTION 9:
PERFORMANCE
EVALUATION
Performance evaluation is a constructive process that aims to improve an organization’s

operation and is crucial to the ‘Plan, Do, Check and Act’ model prescribed by ISO 45001.
These processes should help achieve and support organizational strategy and goals.
Monitoring, measurement, analysis and evaluation

An organization should check, review, inspect and observe its planned activities to ensure they are occurring as intended. An
organization must make sure they have determined the appropriate processes, so they can evaluate how well they are performing
based on risk and opportunities. Monitoring generally indicates processes that can check whether something is occurring as
intended or planned.
The tables below provide examples of monitoring and specific control measures:
Event Local Exhaust Ventilation System (LEV)
Monitoring Appointed person to weekly inspect airflow of an LEV system to safely remove fumes from a process.
Measurement Use of a calibrated meter to check the airflow at two inspection locations of the system according to a specified
Work Instruction. (Employee is trained and competent to use the equipment).
Analysis Review of recorded data determining the airflow efficiency of the system to ensure workers are safe. This may
include trends. This would be in compliance with manufacturers specifications and regulatory requirements.
Evaluation The trend analysis indicates a reduction in airflow therefore maintenance is triggered to isolate and inspect the
LEV system.
Event Safe Walking Routes
Monitoring Appointed person daily site inspection of safe walking routes to ensure they are in a condition to prevent slips,
trips and falls.
Measurement Visual inspection to ensure there are no obstructions outside of defined safe walking routes. (Usually
measurement is associated with measurement equipment to obtain data).
Analysis Examination of results from inspections. In this case there may be a trend of equipment repeatedly left in the
same location of a Safe Walking Route.
Evaluation Determination of root cause of why equipment is repeatedly left in the safe walking route. Resulting in allocation
of designated safe place for equipment away from the safe walking route.

Any equipment used to determine the measurement ‘indicator’ Internal audits must be conducted by competent staff with a
should be calibrated and maintained so that a high degree of degree of impartiality to the area being audited. A risk-based
confidence is gained in the credibility of data. The standard also approach can be applied to areas being audited with an
requires the organization to implement a process to evaluate increased focus on higher risk activities. Internal audits must be
legal and other compliance including: planned with an expectation of each process being audited in
regular intervals.
• The frequency and method of evaluation
• If action is needed, the process in which it will be evaluated In addition to planned audits, unplanned audits may be
and implemented conducted in reaction to problematic areas, near miss reports or
• Maintain knowledge and understanding of its incident data with focus on accident prevention.
compliance status
• Retain documented information to support the evaluation of It is beneficial to communicate audit results to applicable
legal and other requirements interested parties including workers and set realistic completion
timescales for identified ‘opportunities for improvement’ or ‘non-
In practice you may consider putting a list of compliance conformities’. Top Management must be aware of deficiencies
obligations within a spreadsheet as outlined under section within the system to ensure necessary resources can be
6 of this document. Periodically this process should be allocated to mitigate the findings. Audit results will be reviewed
audited within the internal audit programme to ensure all as part of the management review process.
compliance obligations have been fulfilled. Audit results
including compliance status should be communicated to senior
leadership within the organization. Any outstanding or pending
Management Review
requirements can be actioned by the leadership team. This will Management Review is an essential element of the Occupational
ensure compliance to obligations and reduction in risk including Health and Safety Management System. The aim of the review
potential prosecution. is for Top Management to assess the performance of the
management system to ensure it has been effective and suitable
Internal Audit for the needs of the business, ultimately preventing injury or
harm to workers. The management review is also a planned
An internal audit is a systematic method to check organizational activity to review objectives including compliance and to set
processes and requirements, as well as those detailed in the new objectives.
ISO 45001 standard. This will ensure the processes in place are
effective and the procedures are being adhered to. The internal Usually management review meetings are conducted annually,
audit programme will aid the organization to achieve the OH&S however many organizations conduct management reviews
objectives and targets. It helps: every six months or quarterly to track the performance of the
system. If more frequent meetings are conducted, often the
• Monitor compliance to policy and objectives meeting agenda is reduced with the full agenda occurring
• Provide evidence that all necessary checks are carried out annually.
• Ensure all current legislative and other requirements are met
• Assess the effectiveness of risk management The table on the following page provides an overview of
• Worker engagement leading to a positive safety culture prescribed management review agenda requirements:
• Identify improvement using ‘fresh eyes’ to review a process
• Aid continual improvement

9.3 Standard Summary of requirement for Management Review agenda / clause reference point
reference
a) Provide a summary of the status of actions from the output of the previous management review. This will
include completed or incomplete tasks and justifications for their status. This information can be pre-prepared
for the meeting.
b1) Explain any changes to internal and external issues relevant to the context of the organization to ensure the
needs and expectations of interested parties including workers are fulfilled.
b2) In addition to B1 note any changes or pending changes to legal and other requirements and actions to address
compliance obligations.
b3) If there are any differences or changes to organizational risk and opportunities, they should be noted and
explained and discussed in the section below.
c) Review whether compliance to OH&S policy and objectives have been achieved. It is good practice to place
objectives within a table, align key performance indicators to achieve them and comments if they have or have
not been achieved. This will also indicate compliance status of continual improvement.
d1) Discuss any incidents or non-conformities which have occurred since the last review period including trends.
Are there any trends and what actions have been taken to prevent re-occurrence?
d2) Determine if monitoring and measuring has been effective in meeting expectations within the organization. If
evidence suggests it has not been effective Top Management can influence improvement.
d3) Discuss the status of compliance to legal and other requirements. This may include evidence to support
compliance including the methods of determination and sources of information. Discuss any pending legal and
other requirements.
d4) Discuss results of internal audits and actions that have been taken to resolve any non-conformities. Discuss
areas of improvement and areas which are performing well.
d5) Overview of consultation of workers. This may be feedback from safety committee meetings and actions to
address risk and opportunities. Other processes to ensure workers are safe including contractor arrangements.
d6) Discuss risk and opportunities including performance of hazard identification and opportunities to mitigate
harm to workers. The organization may wish to review significant findings of risk assessments.
e) With consideration of the information discussed in previous sections are there enough resources to maintain
and continuously improve the management system. This could be human or financial. Top Management are
key to influence improvement in this area.
f) Discuss communications with interested parties, this may include regulatory authorities or external providers
who are providing materials which have an impact on safety.
g) General discussion with the provision of information how the OH&S management system is performing and
how can it continually improve in the future.
On completion of the management review meeting the • Any implications to the strategic direction of the business. This
organization must decide with senior leadership and support, is a broad scope requirement to capture any topic to improve
what is needed to continuously improve OH&S and satisfy the OH&S management system
the standard. The following points outline the Management
Review Meeting output requirements: The organization is required to record the meeting minutes
within documented information. This information must be
• Provide a wide-ranging conclusion to the continuing stability, communicated to the relevant interested parties and where
adequacy and effectiveness in achieving its intended applicable worker representatives.
outcomes
• Identify continual improvement opportunities It is good practice to transfer management review objectives into
• Identify any required changes to the a separate document with identified key performance indicators,
OH&S management system expected completed timescales and delegated responsibilities.
• Identify required resources These objectives may be communicated via the organizations
• Identify any actions needed email or placed on notice boards.
• Identify any integration improvements with other business
processes. This may be further harmonisation with ISO 9001
or ISO 14001 management systems


SECTION 10:
IMPROVEMENT
• From the results discussed in section 9 Management Review including the
analysis and evaluation of OH&S performance, internal auditing and feedback
from worker engagement
•N on-conformity and corrective action

• Incident investigation and corrective action
•A ccident investigation and corrective action
•C ompliance obligations including output from the introduction of new regulation
Several different methods of capturing improvement opportunities may be designed

in the system based on the structure, activities and risk within the business discussed
in section 4 and 6. The chosen methods must consider the following:
•M
eans of reporting including incidents to the right
groups of workers and interested parties
•T
he timescale of reporting
•H
ow the information is going to be recorded as
documented information for example near miss
report cards, accident reports, defect reports,
reports to senior leadership
•U
sing workers to participate in investigations to
determine root cause analysis
•A
structured system to prevent reoccurrence
•H
ierarchy of control measures to reduce risk as far
as is reasonably practicable
•A
ssessment of OH&S risks prior to the introduction
of a corrective action to prevent the introduction of
new hazards
•T
raining and competence for workers and interested
parties on the means of reporting OH&S hazards,
incidents and opportunities for improvement

Incident
Unlike ISO 9001 Quality and ISO 14001 Environmental management systems, ISO 45001 introduces ‘Incident’ alongside non-
conformity and corrective action. Clause 3 ‘Terms of Definition’ within the standard provides the parameters in which ‘incident’
can be interpreted and reported. An ‘incident’ is an occurrence that does not result in an injury and / or ill health. Therefore,
the organization must implement a system of reporting that captures events which have not necessarily been foreseen within
processes of the management system. Often these are referred to as ‘near misses’, ‘near-hit’ or a ‘close call’. When a near miss is
reported there may be a process in which during the investigation the findings are recorded within a non-conformance report.
Basic example process of reporting an incident leading to non-conformance,

corrective action and continuous improvement
Process Event Management System
Incident • A delivery vehicle during a reversing manoeuvre • Driver has conducted the visitor induction
narrowly misses a worker. including issue of site map.
Near miss • The worker fills out a simple report card outlining the • Near Miss Report Card available across the site.
report Card occurrence with the assistance of the supervisor. Process training delivered during induction.
Corrective • Cones and tape are immediately placed to prevent • Temporary Corrective Action.
Action entry to the area of incident by the supervisor.
Investigation •T
he supervisor has a discussion with the delivery • Details recorded as part of the investigation.
driver relating to the circumstances. • Risk assessment reviewed.
•T
he warehouse and site manager discuss the
incident and review the associated risk assessment.
•W
orkers located in the area provide input.
Risk based • Following the risk assessment review including • Risk assessment revised.
thinking discussions with Top Management, physical barriers • Delivery driver induction modified to include
solution are placed on the pedestrian walkway as segregation barriered walkways.
of vehicles and transport. • Non-conformance report completed with root
• Additional lighting is installed. cause analysis.
• Barriers are incorporated into the maintenance • Recorded within the incident report register.
programme. • Maintenance programme updated.
Communication • The delivery driver (worker) is contacted and • Incident report sent to transport company.
provided with incident feedback and closure. • Incident report worker signs the corrective action
• The worker who reported the near miss is provided report as evidence of positive feedback.
with feedback.
Review • The incident is discussed at the Safety committee • Safety committee and management meeting
and management meetings. minutes.
• The responsible supervisor reports the effectiveness • Committee meeting minutes posted on notice
of the introduced changes. boards.
Management • Overview of incident and positive outcome within • Near miss / incident statistics review.
Review statistics. Management Review Minutes communicated.
• A regular audit of pedestrian routes is added
to the internal audit programme as part of an
improvement objective.
Resulting in Continuous Improvement

GET THE MOST
FROM YOUR
MANAGEMENT
SYSTEMS
Top tips to get the most out of your health and safety
management system:
1. T
o have an effective OH&S management 6. B
uild the requirements of the standard
system the organization must have in to existing processes and control –
commitment from ‘Top Management’ to OHS is not an add-on
implement and continually improve
7. C
onsider integrating this standard into
2. D
evelop the management system as existing management systems such
a tool to protect workers and business as ISO 9001 Quality and ISO 14001
interests and not just to satisfy the Environmental. This will help embed
standard OH&S into the thinking of both Top
Management and Workers leading to a
safe workplace
3. U
se ‘context’ to understand how
the organization can internally and
externally impact on OH&S including 8. Implementation of this standard is not
workers a burden on your organization. Risk
based thinking with the participation of
workers should improve safety culture
4. Inform interested parties and workers of and productivity
their objectives when implementing the
standard to gain ‘buy in’ and generate a
positive safety culture
5. W
hen designing processes ensure that
they are relevant to the environment
they are intended to be used. In other
words, do not overcomplicate the
system


NEXT STEPS ONCE
IMPLEMENTED
AWARENESS TRAINING INTERNAL AUDIT
• Your organization should raise awareness about • A robust internal audit system for the organization is
various standards covered under IMS. essential. Internal Auditor Training is recommended
and NQA can provide Internal Auditor Training for the
1 • You should hold separate training meetings for top
management, middle management and junior level
management, which will help to create a motivating
6 standard(s) that you are implementing.
• It is important to implement corrective actions for
environment, ready for implementation. improvements, in each of the audited documents, in
order to bridge gaps and ensure effectiveness of IMS.
POLICY AND OBJECTIVES ORGANISE A MANAGEMENT ‘SYSTEM’

REVIEW MEETING
• Your organization should develop an Integrated
Quality Policy/Environment Policy/Health & Safety • Top level management must review various official
Policy/Information Security Policy and relevant business aspects of the organization, which are
2 objectives to help meet the requirements.

• By working with top level management your company
7 relevant to the standards being implemented.
• Review the policy, objectives, results of internal
should hold workshops with all levels of management audit, results of process performance, results of
staff to outline the integrated objectives. complaints/feedback/legal compliance, results of risk
assessment/incidents and develop an action plan
following the meeting - which must be minuted.
INTERNAL GAP ANALYSIS THOROUGH GAP ANALYSIS OF

IMPLEMENTED SYSTEMS
• Your organization should identify and compare the
level of compliance of existing systems against • A formal pre-certification gap analysis should be
requirements of the standards under your new IMS. conducted to assess effectiveness and compliance of
3 • Relevant staff should all understand the operations of
the organization and develop a process map for the
8 system implementation in the organization.
• This final gap analysis will prepare your organization
activities within the business. for the final certification audit.
DOCUMENTATION / PROCESS DESIGN CORRECTIVE ACTIONS

• The organization should create documentation • Organization should be ready for final certification
of the processes as per requirements of relevant audit, providing that the gap analysis audit conducted
standard(s). in the last step and all the non-conformities (NC)
4 • You should write and implement a manual, functional
procedures booklet, work instructions, system
9 have been assigned corrective actions.
• Check that all the significant NCs are closed and the
procedures and provide associated terms. organization is ready for the final certification audit.
DOCUMENTATION / PROCESS FINAL CERTIFICATION AUDIT

IMPLEMENTATION
• Once completed, your organization is hopefully
• Processes / Documents developed in step 4, should recommended for registration to
be implemented across the organization covering all ISO 9001/14001/ISO 45001.
5 the departments and activities. 10 • CONGRATULATIONS!
• The organization should hold a workshop on the
implementation as per applicable for the ISO
standard requirements.

HEALTH AND
SAFETY
MANAGEMENT
TRAINING
Learn how to identify, reduce and mitigate risk to your stakeholders and their property.
Need to get up to speed with the new 2018 health and safety standard? Gain the knowledge
and skills to manage the migration effectively.
COURSE DETAILS LVL. DURATION PRICE
NQA ISO 45001:2018 OH&S (Health & Safety) 1 0.5 Days £170.00
Migration E-Learning Training
FREE TO NQA CLIENTS
NQA ISO 45001 OH&S (Health & Safety) 1 2 Days £750.00

Introduction & Implementation Training
CQI and IRCA ISO 45001 OH&S (Health & Safety) 2 2 Days £750.00
Internal Auditor Training (A2199)
Lead Auditor Conversion Training (A1918)
Lead Auditor Training (A2236)

NQA ASSOCIATE
PARTNER PROGRAMME
If you are looking for a

consultant to assist you
with a new or existing

management system,
NQA can help!
Our APP has consultants from all over
the country enlisted on it. The register is
designed to help you find experienced
consultants who can help.
We have been The professionalism Since being certified

using JMT Quality and work-ethic Clark to ISO 9001 and ISO
Consultants as our ISO from CBO Associates 14001 we have relied
external auditor for the showed during our on Martin Giddens
past couple of years ISO 9001 process from Morton Hodson
and I wish that we had was excellent. Clark for support with our
done so much earlier! is a professional annual process auditing.
We have found them in his delivery, a Martin understands our
to be very professional, knowledgeable person business and always
providing not only a that offers a high advises us of which
comprehensive audit level of service which changes to guidance
report but additional makes him an ideal and regulations apply
ideas for improvement QHSE Consultant. and what we need to
and contacts for our His ideas and do to implement them.
company that we delivery are both Martin’s expertise
could additionally creative and effective. ensure that staying
benefit from. CLARK-IT,
compliant is simple.
ABERDEENSHIRE LONSDALE DIRECT
SAFETYBOSS
SOLUTIONS
To find a consultant to support you through ST

E D G LO B
A
U
your certification journey contact us on:

LL
TR
0800 052 2424 (option 2) or email sales@nqa.com YE A RS

SI
•
NC 8 8
E 19 0015

NOTES

USEFUL LINKS
Health and Safety Management Training
https://www.nqa.com/training/health-safety-management
The Institution of Occupational Safety and Health

https://www.iosh.co.uk/
The Health and Safety Executive

http://www.hse.gov.uk/
Authored on behalf of NQA by: Alister Constantine
www.nqa.com

HSE Professionals

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

HSE Professionals

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HSE Professionals

Uploaded by

Copyright:

Available Formats

ISO 45001:2018

Download HSE Docs hseprof.com

OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

> ISO 45001:2018

2 *UK and ISO

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 3

4 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

A Brief history of ISO 45001

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 5

Adoption of the high-level structure of ‘Annex In addition to internal process controls,

6 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

In the context of ISO 45001, refer to the following PDCA cycle:

Plan: Do: Check: Act:

SCOPE OF THE OH&S MANAGEMENT SYSTEM (4.3/4.4)

DO: CHECK: ACT:

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 7

Risk Based Thinking Walk Through Audits

1st Party - Internal Audit 3rd Party - Certification Audits

Audit Planning Certification is a demonstration to interested parties

8 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

Annex SL Clause Overview

4.1 9.1 Monitoring, 10.1

4.2 6.2 ISO 45001 8.2 Emergency 10.2 Continual

4.4 ISO 45001 7.5 Documented

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 9

10 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

If applicable to a standard, normative references are essential

ISO 45001 provides a bibliography with further information

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 11

It is highly recommended that persons responsible for

12 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 13

4.1 Understanding of the organization and context

WHAT ARE INTERNAL AND EXTERNAL ISSUES?

External issues Internal issues

14 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

This section requires the

Having defined who your Interested

When the application to NQA is made to have the system

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 15

This section provides the tone and expectation on senior

In addition, periodically the OH&S policy must be reviewed by

16 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 17

system will work.

once change has been made Elimination

• Define a methodology for hazard identification

PPE Protect the worker

18 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

Planning Action • The key performance indicator to demonstrate achievement

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 19

Resources The organization must also consider the competence of

No matter how big or small the organization is, training records

20 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

and leaflets, codes of practice

committee meetings, External Certificates Fire system, fixed wiring service

ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE 21

and control each process within the OH&S management system.

> ISO 45001:2018

• Define a methodology for hazard identification

Planning Action • The key performance indicator to demonstrate achievement

Procurement • Risk assessment and method statements between the

•N on-conformity and corrective action