ISO 45001 Occupational Health and Safety Management System Requirements

Introduction

The world that we live in has experienced rapid changes in technology, competition, economy, education and so on. It is constantly evolving and advancing, and so are the human expectations and demands. In order to compete in a continuously changing world, organizations need to establish a variety of approaches to keep up with industry trends. Consequently, organizations have to adapt in order to succeed in these fast paced and complex environments.

These changes often involve multinational supply chains and those operations that organizations' have outsourced. The differences between nations, organizations, and societies also form part of these complexities. Therefore, effective management is crucial and of a high priority at the board-level.

For an organization, it is not sufficient to only be profitable, it is also important for them to have reliable systems of internal controls covering those risks related to occupational health and safety, the environment and the reputation of the business. Each organization is responsible for the health and safety of their employees and others who may be affected by their activities. Organizations need to operate ethically, as well as, comply with the respective laws in these matters.

Statistics published by the ILO (International Labour Organization) indicate that: “more than 2.78 million deaths occur annually due to occupational accidents or work-related diseases, in addition to 374 million non-fatal injuries and illnesses, many of which result in extended absences from work.” 

Seemingly, this enormous number of affected workers is of very high concern to organizations and the society as a whole. These statistics are clear evidence that organizations around the world need to implement health and safety management systems. Likewise, the health and safety of workers is increasingly becoming a priority for most nations and societies.

Furthermore, according to certain estimations - over 40 million new jobs will be created annually by 2030, following the world’s population growth. Therefore, reducing the number of incidents that may result in high numbers of deaths (even by a small percentage) would be considered as a great achievement. However, as a consequence, there will be a high demand for “best practice” standards to assist organizations with improvements in health and safety.

These trends led to the need for the development of a recognized standard in all geographical areas, states, cultures, and jurisdictions, as a reference point for health and safety management; promoting better communication on common issues.

The ISO’s aspiration is that “the ISO name and the recognition will give further credibility to the new Standard and lead to even wider adoption of health and safety management systems in the workplace.”

Correspondingly, following a standard for occupational health and safety will help organizations reduce accidents and occupational diseases, avoid costly prosecutions, reduce insurance costs, enhance the public image & business reputation, and establish a positive culture for the organization where all stakeholders see that their needs are taken into account.

ISO 45001 is the new international standard for Occupational Health and Safety Management Systems published by the International Organization for Standardization (ISO). It is a voluntary standard that organizations can adopt to establish, implement, maintain and improve their Occupational Health and Safety Management Systems (OH&S MS).

ISO 45001 is an international standard for occupational health and safety (OH&S) that derives from OHSAS 18001. It provides a framework for managing the prevention of work-related injuries, ill health, and/or death; thereby providing a safe and healthy workplace. OHSAS 18001 required from organizations, regardless of their size, type and/or activities, to prevent injuries and deaths.

ISO 45001 sets the background for continual improvement in health and safety management based on the following principles:

• Provide safe and healthy working conditions to prevent work-related injury and ill health;
• Satisfy applicable legal requirements and other requirements;
• Control OH&S risks by using a hierarchy of controls;
• Continually improve the OH&S management system to enhance the organization’s performance;
• Ensure the participation of workers and other interested parties in the OH&S MS.

Distinctly, the ISO 45001 standard is more advanced than the OHSAS 18001 standard; in fact, the British Standards Institute will withdraw or completely take-off OHSAS 18001 from their market right after the ISO publishes the 45001 standard. Note that the British Standards Institute and ISO are two different standards’ making bodies; one being the official developer of British Standards (e.g. BS7799), whereas the other being the official developer of international standards (e.g. ISO 9001).

lHowever, all organizations worldwide that are currently implementing OHSAS 18001 must update their management systems to the requirements of the new standard, thus ISO 45001.

The prospective users of the ISO 45001 standard  

The new ISO 45001 standard brings real benefits to those who will use it. The standard is designed to be applicable to any organization, and its requirements are intended to be incorporated in any management system, regardless of the organization’s size or sector; whether it is a small business, large organization or even a non-profit organization, a charity, an academic institution or a governmental department.

Having in place a systematic approach to manage health and safety will bring benefits to both the people and the organization. Ultimately, good health and safety is good business.

• Leadership and commitment of top or senior management;
• Promotion of a healthy and safety culture within the organization;
• Participation of workers and/or other representatives in the OH&S Management System;
• Identification of hazards and control of risks;
• Allocation of the necessary resources;
• Integration of the health and safety management system into appropriate processes;
• Alignment of the health and safety policies with the strategic objectives of the organization;
• Continuous evaluation and monitoring of the health and safety management system in regards to performance improvement.

The case of Cameroon

The demographic explosion associated with futuristic structural projects in Cameroon caused a significant movement of people to larger cities like Douala and Yaoundé, while also causing an exponential increase in the number of new buildings constructed. Buildings of various levels are built by local companies, most of them being built with outdated practices and a breach of the fundamental Occupational Health and Safety (OH&S) conditions to workers on different sites. The use of these practices had led to numerous deaths and work being halted on many construction sites.

Overview of ISO 45001

The ISO 45001 standard provides a framework for managing the prevention of work-related injuries, ill health and death. The intention of this international standard is to improve and provide a safe and healthy workplace for workers and other persons who may be interacting with the organization.

This includes the development and implementation of an OH&S policy and objectives which take into account applicable legal requirements and other requirements to which the organization subscribes.

• establish, implement and maintain an OH&S Management System to improve occupational health and safety, eliminate or minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S Management System nonconformities associated with its activities;
• continually improve its OH&S performance and achieve its OH&S objectives;
• assure itself of the conformity to the OH&S policy;
• demonstrate conformity with the requirements of this International Standard.

What is an Occupational Health and Safety Management System (OH&S MS)?

According to ISO 45001, the Occupational Health and Safety Management System is part of the organization’s overall management system used to achieve the OH&S policy. The intended outcomes of the OH&S Management System are to provide a safe and healthy workplace for all employees/workers.

Key Clauses of ISO 45001

ISO 45001 follows the high level structure of Annex SL and it is therefore organized into the following main clauses:

Clause 4: Context of the organization

Clause 5: Leadership and worker participation

Clause 6: Planning

Clause 7: Support

Clause 8: Operation

Clause 9: Performance evaluation

Clause 10: Improvement

Each of these key Clauses is listed and described below.

Clause 4: Context of the organization

The organization is free to define the scope of the OH&S Management System but must determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its OH&S Management System, such as:

• The needs and expectations of workers and other interested parties;
• Determining its scope in terms of organizational units, functions, and physical boundaries;
• The effect of its activities, products, and services;
• Applicable legal, regulatory and other requirements to which the organization will comply.

The standard defines “interested parties" as a “person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity.”

Clause 5: Leadership and worker participation

Top management shall demonstrate leadership and commitment with respect to their overall responsibility and accountability for the protection of workers, and with respect to the integration of the OH&S Management System processes and requirements into the organization’s business processes.

The engagement of top management is essential in order to support the organization through the provision of resources and to promote continual improvement. Furthermore, top management must demonstrate leadership through supporting other management roles in enhancing the OH&S management system, and to ensure continual improvement is achieved by dealing with nonconformities, risks and hazards, and the identification of opportunities for improvement.

An important responsibility of the top management is to establish, implement and maintain the OH&S policy, and to ensure that it is communicated within the organization and shared with relevant interested parties.

Consultation and participation of workers

Appropriate involvement of staff in:

• Hazard identification;
• Risk assessment and determination of controls;
• Incident investigation;
• Development and review of the OH&S policies and objectives;
• Consultation and representation on OH&S matters;
• Consultation with contractors, when there are changes that affect their OH&S.

Clause 6: Planning

This is one of the most critical clauses since it is related to the establishment of strategic objectives and guiding principles for the Occupational Health and Safety Management System as a whole. The OH&S objectives, which can be integrated with other business functions, are the expression of the intent of the organization to treat the risks identified.

• OH&S hazards and their associated risks, and opportunities for improvement;
• Applicable legal requirements and other requirements;
• Risks and opportunities related to the operation of the OH&S Management System that can affect the achievement of the intended outcomes.

Clause 7: Support

Successfully managing an Occupational Health and Safety Management System relies heavily on having the necessary resources for each task. This includes having competent staff with the appropriate training, support services, and with effective information and communication means.

The organization will determine what documented information is necessary for the success of the system. Documented information is a new term in the standard, which means the information can be in any format, media or from any source.

Moreover, internal and external information must be communicated throughout the organization and must be gathered, disseminated and understood by those receiving it. The decisions that need to be made are:

• On/about what to inform?
• When to inform?
• Who to inform?
• How to inform?
• How to receive and maintain documented information and how to respond to relevant incoming communications?

Respectively, the terms ‘document and record’ became obsolete in the new standard, which uses the term ‘documented information’ instead, for the purpose of maximizing the confidence to share information through any media.

Clause 8: Operation

This clause requires:

Operational planning and control on multi-employer workplaces; whereby the organization shall implement a process for coordinating the relevant parts of the OH&S management system with other organizations. This clause includes the requirement to reduce risks by implementing a "Hierarchy of Control" approach as used by the European Union Legislation. In that regard, this is a system of prioritization which ranks hazard elimination as the preferred control down through a series of controls which are less effective.

Eliminating hazards and reducing OH&S risks requires the organization to establish, implement and maintain a process(es) for the elimination of hazards and reduction of OH&S risks. In order to ensure that this is done properly, the organization shall use appropriate controls.

Management of Change requires the organization to establish a process for the implementation and control of planned changes so that the introduction of new products, processes, services or work practices do not bring with them any new hazards.

Procurement requires the organization to establish, implement and maintain a process for the control of procurement services so as to ensure that they conform to the requirements of the standard. In addition, the standard requires from the organization to coordinate the procurement processes with its contractors and to identify the risks that arise from the contractors’ activities. Furthermore, the organization should ensure that outsourced processes which have an impact on its health and safety management system are appropriately controlled. 

Emergency preparedness and response requires the organization to identify emergency situations and maintain a process to prevent or minimize OH&S risks from potential emergencies.

Clause 9: Performance evaluation

The organization must establish a system that involves the monitoring, measurement, analysis and evaluation of its OH&S performance. It should decide what to measure and how, for instance, accidents or worker competence. Moreover, internal audits must be established along with regular management reviews, in order to see the progress made towards the achievement of OH&S objectives and the fulfillment of ISO 45001 requirements.

Clause 10: Improvement

The organization should react accordingly to nonconformities and incidents, and take action to: control, correct them, cope with their consequences, and eliminate their source so as to prevent recurrences.

Integration with other management systems

ISO 45001 will be internationally recognized, coherent, aligned and fully integrated with other ISO standards including ISO 9001 (Quality Management) and 14001 (Environment Management), as well as other IMS that are currently being developed.

These types of standards follow the high level structure of Annex SL and are developed by National Standards' Bodies and in the case of ISO 45001, with the involvement of the International Labor Organization.

Further, the general requirements which are commonly stated in any management system are presented in the table below. An integrated management system is implemented to simplify the work, to avoid conflicts and to reduce the duplication of documents.

The table below illustrates the requirements that are common to all integrated management systems.

The main reasons for implementing integrated management systems are to:

• Reduce risks and increase profitability, thus improve competitiveness
• Harmonize and optimize practices
• Eliminate conflicting responsibilities and relationships
• Balance conflicting objectives
• Formalize informal systems
• Reduce duplication and therefore costs
• Ensure the sustainable success of the organization
• Focus on business goals
• Ensure consistency
• Improve communication
• Facilitate training and awareness

List of documents required by ISO 45001:2018

The ISO 45001 standard provides us with some insight about what documents are required. Compared to OHSAS 18001, there are not too many changes, but the documentation requirements are easier to manage, following the logic of the new versions of other ISO standards. Of course, the standard does not explicitly mention documents and records, but uses the term “documented information.”

The following represent a list of documents that you need to maintain in order to comply with ISO 45001:

• The scope of the OH&S MS (clause  4.3)
• OH&S management system (clause 4.4)
• Leadership and commitment (clause 5.1)
• OH&S policy (clause 5.2)
• Organizational roles, responsibilities and authorities (clause 5.3)
• Actions to address risks and opportunities (clause 6.1)
• Assessment of OH&S risks and other risks to the OH&S management system (clause 6.1.2.2)
• Determination of legal requirements and other requirements (clause 6.1.3)
• Planning to achieve OH&S objectives (clause 6.2.2)
• Competence (clause 7.2)
• Communication (clause 7.4)
• Operational planning and control (clause 8.1)
• Contractors (clause 8.1.4.2)
• Emergency preparedness and response (clause 8.2)
• Monitoring, measurement, analysis and performance evaluation (clause 9.1)
• Evaluation of compliance (clause 9.1.2)
• Internal audit (clause 9.2)
• Management review (clause 9.3)
• Incident, nonconformity and corrective action (clause 10.2)
• Continual improvement (clause 10.2)

Other supporting documents

Apart from the abovementioned list of documents, there are additional supporting documents that can be used to facilitate the operation of a management system. Thus, the following documents are commonly used:

• Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
• Procedure for identification and evaluation of OH&S management system risks and opportunities (clauses 6.1.1 and 6.1.2)
• Procedure for competence, training and awareness (clauses 7.2 and 7.3)
• Procedure for communication (clause 7.4)
• Procedure for document and record control (clause 7.5)
• Procedure for internal audit (clause 9.2)
• Procedure for management review (clause 9.3)
• Procedure for management of nonconformities and corrective actions (clause 10.2)

It is evident that this standard went in the same direction as ISO 9001 and ISO 14001 with respect to the approach to documents and records, as the requirements are common to those standards as well.

The standard also emphasizes that it is important to demonstrate the effectiveness of the OH&S Management System, rather than to simply draft endless theoretical procedures.

ISO 45001 – The benefits of using this standard

Similarly to other management system standards, ISO 45001 emphasizes effectiveness, efficiency and continual improvement. 

Organizations will have a wide range of benefits from using this standard, including:

• Globalization: ISO 45001 puts your organization in an elite category of businesses, as it is an internationally recognized standard.
• Improvement in business performance: The implementation of an Occupational Health and Safety Management System based on ISO 45001 reduces workplace illnesses and injuries, and, in turn, increases productivity.
• Best practice creation: It provides consistency and establishes “best practices” for occupational health and safety throughout the organization
• Hazard & Risk identification: Conducting risk assessments in a systematic manner, improves the quality of the assessment.
• Lower Insurance premiums: Having a recognized system in place provides an apron for attracting lower insurance premiums.
• Improvements in efficiency: The implementation of an OH&S Management System contributes to the reduction of accident rates, absenteeism levels, and downtime, all of which improve the efficiency levels of internal operations.
• Establishment of a safe working environment: Promotes the safety of all persons being affected by the organization’s activities.
• Monitoring & measurement: Promotes management oversight through the provision of key performance indicators (KPI’s) in the measurement of the Occupational Health and Safety Management System performance levels.
• Focus: A culture that focuses on the “prevention of problems” rather than on the “detection of problems” is much more effective and rewarding to employees.
• Continual improvement: Encourages continual improvement, e.g. the adoption of the “zero accident” concept.

Implementation of the OH&S MS with the IMS2 methodology

Making the decision to implement an Occupational Health and Safety Management system based on ISO 45001 is often a simple one, as the benefits of it are clearly documented and the advantages heavily outweigh the decision to not have a sound health and safety management system in place.

It is important to follow a structured and effective methodology to cover all the minimum requirements for the implementation of an occupational health and safety management system. Nowadays, most companies realize that it is not sufficient to implement a generic, “one size fits all” occupational health and safety program.

Therefore, for an effective implementation methodology, organizations need to take into account specific risks that would impact occupational health and safety performance. Yet, a more difficult task is the compilation of an implementation plan that balances the requirements of the standard against the pressing business needs of the organization becoming certified quickly or by an impractical deadline.

There is no single scheme for implementing ISO 45001 that will work for every company, but there are some common steps that will allow organizations to balance the often conflicting requirements and prepare for a successful certification audit. Whatever methodology used, the organization must adapt it to its particular context (requirements, size, scope, objectives, and so on).

PECB has developed a methodology for implementing a management system. It is called the “Integrated Implementation Methodology for Management Systems and Standards (IMS2)” and it is based on best practices. This methodology is based on the guidelines of ISO standards, which also meets the requirements of ISO 45001.

IMS2 is based on the PDCA cycle, which is divided into four phases: Plan, Do, Check and Act. Each phase has a number of steps which are further divided into activities and tasks. This ‘Practical Guide’ considers the key phases in the organization’s implementation project from start to finish and suggests the appropriate ‘best practice’ for each step, while directing the organization as it embarks on its ISO 45001 journey.

By following a structured and effective methodology, an organization can ensure it covers all the minimum requirements for the implementation of the management system. As stated above, whatever methodology used, the organization must adapt it to its particular context. The key to a successful implementation relies on a contextualized and adaptable approach by the organization.

The sequence of steps required in the process may be changed (inverted or merged) to achieve the most suitable outcome. For example, the implementation of the management procedure for "documented information" (2.4) can be completed before "understanding the organization and its needs" (1.2). Many processes are iterative because of the need for progressive development throughout the implementation project; for example, communication and training.

Certification of organizations

The usual path for an organization that wishes to become certified against ISO 45001 is:

1. Implementation of the management system: Before being audited, a management system must be in operation for some time. Usually, the minimum time required by certification bodies is approximately 3 months and/or one full cycle of the system.
2. Internal audit and review by top management: Before a management system can be certified, it must have had at least one complete internal audit report and one management review.
3. Selection of the certification body (registrar): Each organization can select the certification body (registrar) of its choice; however, choosing the right certification body is a very important decision to be made in order to have a credible certification (one that is internationally recognized).
4. Pre-assessment audit (optional): An organization can choose to perform a  pre-audit to identify any possible gap(s) between its current management system and the requirements of the standard. This can be performed via a Registrar, an independent consulting firm, etc.
5. Stage 1 audit: The Stage 1 audit is a conformity review of the design of the management system. The main objective is to verify that the management system is designed to meet the requirements of the standard(s) and the objectives of the organization. It is recommended that at least some portion of the Stage 1 audit be performed on-site at the organization’s premises.
6. Stage 2 audit (On-site visit): The objective of the Stage 2 audit is to evaluate whether the declared management system conforms to all the requirements of the standard, and are being implemented in the organization and can support the organization in achieving its objectives. Stage 2 audit takes place at the organization’s site(s) where the management resides.
7. Follow-up audit (optional): If the auditee has significant or numerous nonconformities that require additional auditing before being certified, the auditor will perform a follow-up visit to validate only the action plans linked to the nonconformities (usually a half-day remotely or one-day on site).
8. Confirmation of registration: If the organization is compliant with the requirements of the standard, the Registrar confirms the registration and publishes the certificate.
9. Continual improvement and surveillance audits: Once an organization is registered, surveillance activities are conducted by the Certification Body to ensure that the management system still complies with the standard. The surveillance activities must include on-site visits (at least 1 per year) that allow the verifying of the conformity of the certified client’s management system, which can also include investigations following a complaint, a review of their website or a written request for further information.

Training and certifications of professionals

PECB has created a training roadmap and personnel certification schemes which are strongly recommended to implementers and auditors of an organization that wishes to become certified against ISO 45001. The certification of organizations is a vital component of the occupational health and safety management field as it provides evidence that organizations have developed standardized processes based on best practices.

The certification of individuals serves as documented evidence of professional competency, while also providing evidence that the individual has attended one of the related courses and successfully completed the exams, and has the expertise to assist an organization in successfully obtaining an ISO 45001 certification.

Personnel certifications demonstrate that the professional holds defined competencies based on best practices. It also allows organizations to make an informed selection of employees or services based on the competencies that are represented by the certification designation.

Finally, it provides incentives to the professional to constantly improve his/her skills and knowledge and serves as a tool for employers to ensure that training and awareness has indeed been effective.

PECB training courses are offered globally through a network of authorized training providers; they are available in several languages and include the following: Introduction, Foundation, Lead implementer, and Lead Auditor courses.

The table below provides a short description of PECB’s official training courses for Occupational Health and Safety Management Systems (OH&S MS) based on ISO 45001.

Although a specified set of courses or curriculum of study is not required as part of the certification process, the completion of a recognized PECB training course or program of study will significantly enhance the chances of passing a PECB certification examination as the examination is based on PECB’s training material.

The list of approved organizations that offer PECB official training sessions can be found on our website: www.pecb.com.

Choosing the right certification Scheme

ISO 45001 provides the requirements for an OH&S MS so as to enable an organization to create a safe and healthy work environment, and build the best possible working conditions along with lessons learned on how to reduce workplace hazards, and protect the health, safety and welfare of its employees. Thus, PECB provides eight certification schemes that are suitable depending on the candidates’ background, expertise, experience and needs, such as:

The ISO 45001 Foundation certification is a certification for professionals who need to have an overall understanding of the ISO 45001 standard and its requirements.

The ISO 45001 Implementer certification is a certification for professionals who need to implement an OH&S Management System, and in the case of the ISO 45001 Lead Implementer Certification, need to manage an implementation project.

The ISO 45001 Auditor certification is a credential for professionals that need to audit an OH&S Management System, and in the case of the ISO 45001 Lead Auditor Certification, need to manage an audit team.

The ISO 45001 Master certification is a professional certification for professionals that need to implement an OH&S Management System, master the audit techniques and manage (or be part of) audit teams or audit programs.

Based on the candidate’s overall professional experience and their acquired qualifications, they will be granted one or more of these certifications based on project or audit activities they have performed in the past or on which they are currently working.

---

Principal Authors

• Eric LACHAPELLE, PECB
• Faton ALIU, PECB
• Nysret Lezi, PECB
• Artan Mustafa, PECB

Contributors

• Jason TELISZCZAK, JTEnvironmental Consulting, Inc (USA)
• Christopher WARD, ISO 45001 Contributor (UK)
• Debra HAMPTON, Cornerstone Engineering, Training and Consulting (CETC), (USA)
• Mike GRAY, MGTD Pirii (Australia)
• David SMART, Smart ISO Systems/Smart Mentoring (UK)
• Dragana PETROVIC, Victoria Consulting (Serbia)
• Ehab BARAKAT, Quality Academy Egypt (Egypt)
• Stephen AMANKWAH, PECB Certified Auditor and Trainer (Ghana)
• Swapan PURKAIT, Nettech Private Limited (India)
• Tariq KHAN, ANM Transformational Solutions (Pakistan)
• Yulius UNTUNG, PT. Decra Group (Indonesia)
• K.M YOUSUF, Global Standards (Pakistan)
• Jeff TANG, SP Consulting International Pte Ltd (Singapore)
• Kefah EL-GHOBBAS, Corporate Excellence Expert, and Trainer (UEA)
• Alain FOAPA, AFConsulting Group (Cameroon)
• Alfred WONG, NSAI, Inc. (USA)
• Amina Deji – LOGUNLEKO, Standards Organization of Nigeria (Nigeria)
• David MUTUNA, Management Systems Technical Consultant, Trainer, and Auditor (Zambia)
• Albina Osmani, PECB
• Jetë Spahiu, PECB