41 min read

Global Safety Standard ISO 45001: from 2013 and beyond

Featured Image

Projecting the launch date of ISO 45001 has been interesting.


Consider that the Technical Committee [PC 283] is made up of 90+ safety professionals from 65 countries so getting consensus would be a challenge.


Even an agreement on the title, being OH&S versus OS&H resulted in a committee ballot involving consultation with 90+ people going back to their respective countries. The consensus was ‘OH&S’.


The committee commenced the review in 2013 and late [November] 2018 is a likely release date for ISO 45001 OH&S – the first ISO global safety standard.


This gives organisations approx. 2 to 3 years from now [Feb 2018] to transition from AS 4801 to ISO 45001. Although not yet available it is close enough to get started.


ISO 45001 Facts


  • Replaces OHSAS 18001 which was never an ISO standard

  • The Standard mirrors the new ISO structures now in place with ISO 9001 quality and ISO 14001 environmental 2015 updates [Annex SL (PDCA) common framework]

  • There are 10 clauses and 42 sub-clauses to address and is supported by 39 Annexes

  • The Standard contains 83 ‘shall’ [mandatory] statements.


ISO 45001 words to be aware of


In the context of this standard, key words that require careful consideration and some evidence based include the following.



Advisory process: Consultation is seeking views before a decision is made. Consultation is about seeking opinion, advice and expertise of interested parties. In the case of OH&S this must include a cross section of workers [non-managerial roles].



Decision making stage: Participation refers to direct and transparent involvement in the decision making process. Having consulted, the opinion/advice of those consulted must be carried through to the participation stage of making decisions relating to OH&S.


OH&S Opportunity:

Improvements: OH&S opportunities are various circumstances than can lead to improvement on OH&S performance. These sometimes come from risks converted to an opportunity [risk assessments], suggestions, outcomes of investigations and change management processes.


Top Management:

Top management refers to a person or group of persons [Board/ Executive group or committee] who direct and control an organisation at the top level.


What does it look like?


Its looks like a typical Plan/Do/check/Act PDCA Cycle.



The big ticket items to be addressed. Make a coffee and sit down before you turn the page...




Before establishing the scope of an OHSMS the organisational context needs to be considered. This must be documented.


First determine the internal and external interested parties relevant to the organisation’s purpose/business that have a potential to influence [+/-] the effectiveness of the OHSMS. This will lead to the identification of issues and subsequent needs and expectations.







The key issue with the organizational context is the need to consider all interested parties [stakeholders] and be very specific to your actual organisation. Therefore if you are reliant on major funding organisations, partnership arrangements etc or your industry is highly regulated [industry organisations and standards etc] these all need to be included and the particular needs/expectations explored.


Ensure you document how this process is undertaken, including parties to the decision making process and keep minutes.


Once this process has been achieved the scope of the organisations OHSMS can be developed taking into account the above.




Leadership and commitment


Top management shall demonstrate leadership and commitment. As a minimum leadership and commitment is demonstrated through:


  1. OHSMS integration: Developing an OHSMS integrated with all aspects of the organisation based on a risk thinking approach. This means effort and resources are assigned to the most significant OH&S risks [risk ratings].

  2. OHSMS compliance: Measure, monitor and deliver the OHSMS against objectives and other intended results. Where certification to ISO 45001 is achieved this is considered and ‘intended result’.

  3. OHSMS objectives: Setting, implementing, communicating, monitoring and reporting on a set of measurable strategic objectives representative of the business scope and associated risk priorities. [Note: Claiming compliance to ISO 45001 as an objective is not an accepted safety objective as it does not represent a specific risk or risk prioritisation. However, measurement of ISO 45001 audit outcomes for opportunities to improve could be a measurement of an objective such as continual improvement.]

  4. Management engagement: Support all management tiers of the workforce to engage in OHSMS responsibly and proactively.

  5. Resources: Resources strategy including procurement, fitness for purpose, operator competencies and resources lifecycle management.

  6. Continual improvement: Promoting, management and measurement of continual improvement including converting risks to opportunities.

  7. Safety Culture: Proactively initiate and lead a safety culture - ‘safety in every aspect of what we do is the way we work at xxx’

  8. Worker consultation and participation: Consultation and participation in the workforce – refer ‘worker consultation and participation is mandatory’


Worker consultation and participation is mandatory


Participation and consultation are NOT the same thing

  • Participation is worker [non managerial] INVOLVEMENT IN DECISION MAKING. Determine and mitigate barriers to participation.

  • Consultation is SEEKING VIEWS / OPINIONS / ADVICE.





Risk Management Planning


Management of risk through an all of business risk assessment process to determine risks and opportunities – Risk Register to capture corporate and operational risks. Subject to leadership review and consultation and participation within the workforce / other stakeholders.


Hazard and Risk Management - HIRAC


Risk assessment procedure in place to identify hazards, assess and control risks and seek opportunities for improvement.

Risk management to take into account:

  • Historical data

  • Work organisation and workflow arrangements

  • Standard and non-standard work practices

  • Emergency situations including unplanned events

  • Human factors

  • Workplace design and workplace changes


Legal, Regulatory and Compliance Standards


Identification and integration of regulatory and compliance requirements into the management of risk. Included in the Risk Register, risk assessments and work methods. This shall form an integral part of the workplace consultative and participation processes.


OH&S Objectives


Taking into consideration the risk management process [risks and opportunities], objectives are determined and set by leadership in consultation and participation with the workforce and other related stakeholders.


Objectives should be clear, concise and measureable.


Delivering the objectives


Resources shall be assigned to the delivery of objectives.


A plan with assigned responsibilities, timelines, tools and processes for communicating, monitoring, measuring, updating and continually improving outcomes and objectives shall be established.


Integration of the objectives shall be reflected throughout all of business operations. Each objective should be measured and reported across operational levels within the organisation.



CLAUSE 7. SUPPORT – Planning and Delivery [PDCA]


Support is required to meet the objectives of the SMS and to ensure the SMS is fully integrated with other business systems and operations.


People Support


Support includes competent knowledge people whether internal or outsourced [contractors].


Awareness, competence, retaining competencies, licencing and knowledge about safety in relation to an individuals role within the organisation are critical factors. A training needs analysis will support these needs.




Communications within and external to the organisation in relation to supporting the SMS objectives and day-to-day operational needs of interested parties to ensure clarity and transparency of operational activities and resources needs.




As with all systems documentation must be in place:

  • current to legislation and internal practices,

  • understood [plain language],

  • able to be sourced at point of need ,and

  • under a document control regime.

This includes both internal and external documentation.


Change management of processes and documentation must be in sync.


CLAUSE 8. OPERATION – Plan and Deliver [PDCA]


Clause 8 is a new section and addresses hazard and risk planning and delivering against the agreed planned approach.


Operational planning and delivery [act on the plans]


Operational planning must identify hazards and consider the hierarchy of controls when assessing the risk and determining overall actions and controls. The process plans must deliver against the SMS objectives and take into account risk management principles.


Planning must also take into account worker health and welfare including health monitoring and injury management.


Eliminating hazards and reducing risks


A hazard identification, risk assessment and control HIRAC process is required. This must also consider the need for and type of monitoring and measuring/testing to be used for determining effectiveness and future improvement opportunities.


A clear focus of hazard management in the mitigation of risk and as such preventive measures put in place that ensure risk control is effective.


Change management


Change management is a planned, organised, consultative process based on PDCA principles. Each stage of the planned change must be validated before proceeding to avoid ‘unknowns’ which could be a safety and productivity risk.




Outsourcing is a new clause that relates to outsourced provisions of services and systems integral to the organisations ability to deliver the SMS and objectives.


Like subcontracting and procurement, consideration must be given to safety aspects of outsourcing, should be consultative and participatory in the decision making process and must have in place effective performance monitoring.




Procurement shall cover safety risk aspects of both provider/supplier and product selection.


Any procurement that includes use or operation of a product or device, or installation of a product or device, must take into account all aspects of hazard and risk management. Training and awareness of users must be considered and change management processes initiated.




Contractor management is generally a risk to an organisation and care undertaken to include as a minimum:

  • Pre-qualification

  • Communication and participation

  • Inductions including site hazards and emergency response

  • Internal audit of contractors against pre-qualification claims and onsite performance

  • Performance monitoring on a regular basis and post any project work to review general contractors safety performance


Responsibility for contractor activities and their performance on site always sits with the organisation contracting the work and therefore ongoing management and monitoring shall be built into the SMS and subsequent daily activities.


Emergency preparedness and response


Emergency preparedness and response must take into account both planning and immediate responses:

  • Identification of types of emergencies

  • All locations – specific needs planned and emergency response instructions on sites

  • Emergency equipment needs appropriate to emergency types and locations

  • Appointment and training of wardens and others

  • Testing the effectives of plans – drills and drill reviews


First aid needs and equipment must take into account local needs and a risk assessment against site and people requirements. Consultation and participation in the workplace is important.


Where the organisation is not the prime occupier or in control of the site/workplace, plans must be in place to coordinate, cooperate and participate in any planning, response training or other requirement.




Clause 9 has three clear purposes:


  1. Monitor, measure, analysis and evaluation of overall safety and people welfare performance

  2. Internal audit as a measure of SMS performance

  3. Management review to receive performance information and act on that information moving forward – resources, improvements and safety suitability


Monitor, measure, analysis and evaluation


Requirements for monitoring, measuring and analysis for the purposes of evaluation and reporting to management review shall include as a minimum:


  • SMS objectives and processes

  • Work methods/practices for effectiveness and opportunities for improvement

  • Hazards and risks including effectiveness of risk controls

  • Health and welfare of people for injury and illness prevention

  • Injury management and monitoring for return to full and useful capacity work

  • Devices and equipment used for safety purposes

  • Operational plant and equipment including fixed and mobile plant for effectiveness of training and competencies, safety protective measures/guards

  • Emergency equipment


Evaluation of compliance to legal and regulatory requirements, the SMS and industry standards and contractual agreements such as enterprise or other employment agreements re safety.


Internal audit


Internal audit program comprising compliance to:

  • ISO 45001 compliance

  • SMS requirements

  • Projects or other specific business activities

  • Risk management compliance


Management review


Management review shall address the review of the SMS in compliance with its intended objectives, safety performance, resources and planning for future needs.

Executive management shall take ownership of management review and include communication of inputs and outputs across the organisation.




Clause 10 has two clear purposes:

  1. Incident, investigation, nonconformity and corrective action

  2. Improvements arising from all aspects of the business


Incidents and investigations


Formal processes for incident reporting and investigation leading to opportunities for improvement as part of the lessons learnt from each event.


Nonconformity and causal analysis


The nonconformity management process shall provide casual analysis leading to opportunities for improvement and mitigation of risk.


Causal analysis of nonconformities whether plant, property, activities, systems or event related shall be risk focused.


When changes occur through the nonconformity management process, change management protocols shall be followed.


Corrective actions


Corrective actions to address hazards, issues and manage risk shall be dimpleleted in a timely manner.


The corrective action process shall be documented.


Improvements and opportunities – objectives and processes


Continual improvement plans arising from all forms of analysis and reporting, initiatives and ideas and technology solutions are investigation for opportunities to continually improve workplace health and safety performance. These in turn should incrementally improve safety targets established as part of the overall SMS objectives.


Improvement plans should follow a PDCA cycle and include consultation, participation and communication. Plans shall be measured and monitored for effectiveness.


Change management protocols apply to all improvement plans.




Get a plan, get started...