Request a Proposal
Compliance Council Location

ISO 45001: the first international OHS standard

ISO has recently published the 45001 standard to help organisations improve their health and safety performance by creating safer work conditions, where injuries and diseases are prevented, and lives are saved.

ISO 45001 is a fresh answer to the old world scale concern about health and safety at work. It wants to put health and safety at the core of the business strategy and change the way both employees and employers think of the well-being at work.

Up to 90 experts worked together for five years, and their work resulted in the first international occupational health and safety standard that specifies requirements for an occupational health and safety management system (OHSMS), to enable an organisationto proactively improve its OH&S performance in preventing injury and ill-health.

This standard shares many basic ideas about safety with the previous ones but separates itself from the others by taking a new perspective towards the biggest occupational safety challenges that make it difficult for a company to protect its people.

Why does OHS matter?


People keep organisations alive with their work, commitment, and motivation. The existence of any business depends on its employees; this is a fact that will never change. Therefore, it is fair to say that the first responsibility of any organisation towards its people is to keep them safe and send them to their families in full health. However, statistics tell another story.

Data shows that each year over 2.78 million people loses their lives just because they’re doing their job; this number is more than half of the population of Sydney. Yet many more people are suffering from work-related diseases and injuries that can change their lives forever. This is why health and safety at work have been the common concerns of businesses around the globe for many years now.

Organisations needed guidelines to show them the best way of protecting their workers. This demand for safety guidelines led to various occupational health and safety standards.

However, there was still room for another standard to improve occupational safety and consider new changes in the business environment. A new standard that goes beyond basics and integrates into the overall business process of companies.

ISO stepped in to fill the gap and provide organisations with a new exciting opportunity to make their environment a safer and better place for work.

Challenges solved by ISO 45001

Members of ISO health and safety committee wanted to create a standard that could make a real difference in health and safety at work. To do so, the standard had to be capable of dealing with safety challenges standing in the way. By going through the standard requirements, we can say that ISO 45001 has been able to target the most critical safety challenges and provide organisations with different tools to overcome them.



Without prevention, any system would be just a reactive machine that is concerned with treatment and rehabilitation. However, this is a matter of life and death so a successful OHSMS should be more lined towards preventing and proactive actions. While the proactive approach to safety saves more lives, it also tends to be less costly, and in long time, it can help the organisation’s bottom line.

Given all that, ISO 45001 puts a strong emphasis on identifying and controlling hazards and risks to avoid accidents or any threat to the people’s health and safety. The standard makes a comprehensive effort to address all the activities or elements that could harm people in order to prevent safety issues in the first place.

ISO realizes that among the different management systems in an organisation, health and safety system is the first one that needs the greatest amount of proactivity; otherwise, the results could be catastrophic. The PDCA model makes sure that the process of identifying risk and hazards never stops.

Culture of safety and communications

So far, all we have said has been around the organisation’s responsibility towards people working on its behalf. Although, there is one important thing missing which is people’s responsibility towards safety. The picture is not complete unless everyone, from top management to frontline workers, takes safety seriously. There must be a culture of safety to promote OHSMS practices in organisations and create awareness of hazard and risks, if not; no one is going to do what a safety manual says.

Safety culture is one of the success factors that ISO 45001 mentions, and talks about it on different occasions in the requirements. The standard demands organisations to involve their workers in the H&S management system, to ask them about their ideas, and to give them enough training and tools, so workers consider themselves as a part of the OHSMS.

The intent of ISO 45001 is to make safety everyone’s responsibility and to create an environment where workers can express their safety concerns with the management and know that their concern is recognized and respected.

A safety culture needs a lot of effort and openness from both sides of the company, but when they get to the point that everyone values safety, and it becomes the first priority, positive results will be enormous. The new standard guides organisations to reach that point and develop new behavior that can make a difference in people’s lives.

Top management commitment

Strategic directions and policies are among the key aspects of any business and come directly from top management. A process in the organisation cannot be effective unless top management includes that in those key aspects and commits to implement that process.

ISO admits the significant role of senior management and assigns big responsibilities to it, in fact, we can see the leadership trace all over the requirements. Based on 45001 standard, improving safety is a top-down process, and there is no other way to ensure it will work.

ISO 45001 believes that safety management system must be linked to the overall system of organisation to ensure there’s enough support coming from above, and leadership is accountable for the safety procedures. When leadership has a safety vision and motivates people to achieve that vision, the organisation also gains valuable outcomes and enhances its safety culture. The culture of safety in turn results in lowering the cost-benefit ratio, which can be a motivation for the top management as well.

An organisation cannot be successful in its safety attempts if the safety system leaves these challenges unanswered. However, ISO 45001 knows exactly how to address them.

5 major benefits of ISO 45001

The 45001 standard could significantly improve your safety performance and bring many values to your organisation, continue reading to find out more about the benefits that you can get from it.


1) Safety reputation and competitive advantage

ISO 45001 is a global standard, which is recognized across the world. This standard shows companies worldwide that your organisation is committed to the welfare of staff and external parties. It can help organisation to create a positive image of themselves.

Besides, 45001 standard minimises the risk of production delays and promotes a better service to the customers which results in standing out among the competitors.

2) Cost saving

ISO 45001 minimises the risk of downtime through accidents and provides possible cost saving through public liability insurance premiums. Identifying hazards and controlling risks at the earliest stage could help reducing business cost by preventing safety issues.

3) Employee motivation

Leadership commitment to safety and safety culture can change the way employees think of the organisation. As long as workers see their health and wellbeing is important for leaders, they are more likely to work better and be more productive.

4) Constant improvement

Certification to this ISO demonstrates a strong commitment to ongoing improvement of safety performance and proves that the safety of people who are somehow related to the company’s operation is very important.

5) Third-party feedback

It is always better to have someone from outside of the company double check the safety process to make sure every vital aspect has been considered and taken care of. Also, an outsider could see problems from a different angle that is beneficial as well.

Integrating ISO 45001 into other management systems

If your organisationis already certified to one of the recently revised ISO standards such as 9001 or 14001 you can easily notice the same feel and look in the ISO 45001 as well. The reason lies is the matching core text and common terms and definitions that all of these standards share which comes from adopting the new high-level structure of Annex SL.

This high-level framework includes 10 clauses as below:

Clause 1: Scope

Clause 2: Normative references

Clause 3: Terms & definitions

Clause 4: Context of the Organisation

Clause 5: Leadership and worker participation

Clause 6: Planning

Clause 7: Support

Clause 8: Operation

Clause 9: Performance Evaluation

Clause 10: Improvement

All the new ISO standards are developed using this10 clauses. This identical structure aims to help organisations to easily integrate more than one ISO standard and avoid conflict, confusion and extra effort as much as possible.

However, the real capacity of this framework is in not fully understood unless we combine it with the Plan-Do-Check-Act cycle (PDCA). PDCA is a powerful tool that if used in the correct way it can move the needle in the organisations’ performance.

The combination of Annex SL framework and PDCA model helps organisations to see their management systems as a never-ending loop that only improves and becomes a better version of what it was before. In fact,10 clauses of standard don’t have a linear relationship together, on the contrary, they are different parts of a process to achieve the management system goals.

The whole process is the same for all of the ISO standards so organisations can benefit from the simplicity of integrating different standards together and to their overall business process.


Here we try to mention some important points of ISO 45001 requirements and provide a high-level explanation of the 10 clauses to help you better understand the logic and intent behind them.


Clause 1: Scope

This clause refers to the intent of ISO 45001, which is continual improvement of safety in organisations fulfilling legal requirements.

Clause 2: Normative references

This standard has no normative reference.

Clause 3: Terms & definitions

This clause provides the list of terms and definitions in ISO 45001.

Clause 4: Context of the Organisation

Context of organisation is a new concept in the ISO standards that simply refers to all the internal and external issues that can affect your OHSMS ability to reach its intended objectives. In this step, you must identify all those issues that are specific to your own organisation.

Another new term in this clause is interested parties, which means organisations have to consider the needs and expectations of all the internal and external parties that can have an impact on their OHSMS, not just their employees. These internal and external parties could be stakeholders, unions, governments, etc.

The important point here is to know your company’s environment inside and out, so that you can create a global scope to implement your OHSMS in it.

Clause 5: Leadership and worker participation

The importance of top management engagement in OHSMS is shown in this exclusive clause for leadership. These are tasks that leadership must be accountable for them:

  • Effectiveness of OHSMS and its integration to the overall business process
  • Alignment of OHSMS policy with the organisation’s strategic direction and objectives
  • Allocating the adequate resources to OHSMS
  • Assigning responsibilities and authorities to the right people
  • Supporting the safety culture and open communications among all levels of the organisation

Engaging in these tasks demonstrate the commitment and participation of senior management.

Clause 6: Planning

This clause talks about creating plans to achieve intended outcomes of OHSMS and considerations for risks and opportunities along the way. Some of its key outlines include:

  • In case of hazard identification and control, ISO 45001 takes a more proactive rather than reactive approach, and it considers a wider range of people who could be affected by the organisation’s operation, not just people who are in the building. These people could be contractors, temporary workers, visitors and even other companies functioning in the same location. Besides, a business must determine changes that affect OHSMS.
  • Organisations need to have a process in place to identify risks and opportunities
  • The action plan must consider risks, opportunities and legal requirements as well as steps to address them.
  • Goals of OHSMS must be consistent with the health and safety policy and legal requirements. These goals also need to be measurable, communicated among all, and regularly updated.
  • Actions to achieve the goals must have adequate resources, completion timeline, and accountable staff as well as monitoring and evaluation methods.

Clause 7: Support

Support refers to the competency and awareness criteria needed for the effectiveness of OHSMS, meeting objectives and the necessary documented information.

  • Required competencies for staff who can affect the performance of OHSMS should be determined and documented. Also, organisations must evaluate the effectiveness of these competencies to ensure that everyone is capable and confident to play his or her role.
  • Another important action is to ensure that workers are aware of all the information they need to know about ISO and its requirements
  • Communication requirements must be determined not just for internal parties but also for the external parties as well.

Clause 8: Operation

The required actions to implement the plans of clause 6 are included in this clause. Organisations need to consider the following aspects:

  • Identifying hazards and evaluating the risks
  • Addressing temporary or permanent changes in the organisation that can affect OHSMS outcomes
  • Ensuring that the procurement of products and services are aligned with the OHSMS requirements
  • Predicting and preparing proper actions for the emergency situations

Clause 9: Performance Evaluation

This clause talks about the monitoring and measuring the process to evaluate the performance of OHSAS, also to reassure that leadership is actively participating. Here is what organisations need to do:

  • Organisations must exactly specify how they are going to evaluate their OHSMS performance and determine all of the requirements to do so, such as who, where, how often, how, etc.
  • There must be an internal audit that reports the results to all the interested parties that might be affected by that information. This again shows the importance of communication in this new standard.
  • Another method of monitoring the OHSMS performance is management review meetings. The standard gives clear instruction about how these meetings should be and what should expect from them in term of input and output. Top management should be fully responsible for these sections.

Clause 10: Improvement

This last clause directly reflexes one of the biggest aspects of this standard, which is being proactive and looking for improvement opportunities all the time. To be able to do that:

  • Organisations should look for the improvement before a nonconformity occurs. They should be willing to take actions before an accident even happens.
  • When there is a nonconformity, timely investigations and then necessary actions should be in place to correct that or to remove the root cause if possible.
  • Implemented actions should be evaluated to be sure of their effectiveness.
  • The evaluation results must be communicated to the related parties.
  • Organisations should try to improve the health and safety by creating the safety culture, better communications and maintaining records of actions and improvements.

Transition from AS 4801 to ISO 45001

If you are already certified to AS/NZS 4801, and you are thinking about transition to ISO 45001, it would be useful to know more about the differences between the two standards. Here is a brief review of the key differences:

Management Representative

Previously there was a requirement for appointing a management representative that has been removed and replaced by 13 responsibilities for Senior Management.

Health & Safety Policy

ISO 45001 includes additional commitments that an organisation needs to demonstrate in its Health and Safety Policy. The new policy has to include preventive measures, eliminating hazards and reducing OH&S risks.

Consultation and Participation of Workers

ASNZS 4801 had sections for consultation and communication but ISO 45001 adds some more requirements in order to provide time, training and resources necessary for consultation and participation, also, determine and remove obstacles or barriers to participation and minimise those that cannot be removed.

Risks in ISO 45001 go beyond hazards

As part of ISO 45001 organisations are required to determine and assess risks and opportunities related to the establishment, implementation, operation and maintenance of the management system.

Psychosocial hazards

The requirements for the identification of hazards have been expanded to take into account elements such as “how work is organised, social factors (including workload, work hours, victimisation, harassment and bullying), leadership and the culture of the organisation.” when identifying hazards.

Documented information

AS/NZS 4801 had required documented procedures for topics such as hazard management and training and competency. ISO 45001, like other Annex SL based ISO standards requires organisations to have documented information. Documented information is defined as:

“Information required to be controlled and maintained by an organisation and the medium on which it is contained.”

Given that ISO 45001 has a risk-based approach to management systems it is up to the organisation to determine what documented information will be retained to demonstrate compliance. Examples of this include emails, videos, forms, chat messages, software, and photos. When determining what documented information is required you’ll need to take into account legal requirements, e.g. SWMS and WHS Management Plans.


A common criticism for AS/NZS 4801 was the lack of specific requirements for extending the health and safety management system to address subcontractors and other parties. ISO 45001 filled this gap by adding a section just for procurement and its related issues.

Evaluation of compliance

Previously in AS/NZS 4801 organisations were required to establish procedures to identify and have access to all legal and other requirements that are applicable to the organisation. ISO 45001 requires organisations to evaluate their compliance with legal and other requirements and retain documented information of the evaluation results. For organisations already compliance with ISO 14001:2015 for the environment this is something you’ve already had to consider.

Compliance Council proposes a simple 3 step process for transitioning to ISO 45001 to organisations that have existing health and safety management systems. These steps include:


You can’t effectively transition without understanding how your existing management system aligns with the standard. Compliance Council’s gap-analysis checklist that is designed based on the key differences between AS/NZS 4801 and ISO 45001 is a great tool for determining where the gaps are and then creating an action plan to address them.


You have the opportunity to refine your processes and integrate them with your quality and environment management systems. Given that the majority of ISO 45001’s requirements follow the same high-level structure as ISO 9001 and ISO 14001 it will be a very straightforward project to integrate the processes.


With the changes that occur as part of implementing ISO 45001, it is a good opportunity for your organisation to educate your colleagues at relevant functions and levels in your organisation from Senior Management to your frontline employees. Education doesn’t just have to be presentations and other training, it could be through involving your employees in the revision of the health and safety processes so they gain a better understanding of the requirements.

8 steps to ISO 45001 certification

Here at Compliance Council, we specialise in assisting organisations with developing and implementing management systems, which put your business on the path to becoming certified.

Our 8 Step Process is designed to give your organisation the most efficient turnaround time whilst delivering service second to none. Here is a diagram that shows these 8 steps:


What does an ISO certification body do: Stage 1 and Stage 2 with audit certification body

Third Party Certification is the process of having your Management System audited by an independent third party. This type of auditing is typically used by Conformity Assessment Bodies (CABs) who are regulated by a government organization known as JAS-ANZ. These CABs can issue registered certificates of compliance to various standards such as ISO 9001, AS 4801, and ISO 14001.

Stage 1 and Stage 2

The formal assessment process includes two stages. In stage 1, the auditing body will confirm whether you have met the requirements of your proposed scope and the objectives you have set for yourself. If there is any kind of minor or major nonconformities, you will have some extra effort to put in.

The auditing body will give you some time to address the nonconformities, before beginning stage 2 of the audit. In stage 2, your system will be assessed again to make sure that all nonconformities are corrected.

At this point, if there are no major nonconformities, your certification can be issued; otherwise, you will be given time to correct existing nonconformities before the next visit of the audit and only after removing all the major nonconformities you will be eligible for ISO 45001 certification.

Surveillance Audits

Typically, the certification body will do yearly surveillance of your management system for the first three years after your certification is issued. This way, you will be sure that everything is working the way that you wanted and your OHSMS still meets the ISO 45001 requirements.

compliance-council-contact-icon Have a question? Contact Compliance Council on 1800 771 275 or enquire online