ISO 45001 Requirements

By Scott Dawson
June 28, 2019

ISO 45001 Requirements – 2023 Update

What is ISO 45001?

ISO 45001 is an international standard for occupational health and safety (OH&S) management systems. ISO 45001 helps organizations create a safe and healthy workplace environment for employees and visitors.

ISO 45001 uses the process approach to examine the risks and opportunities in your day-to-day operations.

ISO 45001 enables companies to improve their performance and prevent injury by focusing on health and safety as a sustainable business practice.

ISO 45001 can help:

  • Reduce operation downtime
  • Reduce employee turnover
  • Reduce costs of insurance premiums
  • Improve OH&S performance

The goal of ISO 45001 is to help companies improve their workflow and prevent workplace accidents by integrating health and safety as a sustainable practice.

Occupational Health and Safety

Requirements for the ISO 45001 Occupational Health and Safety standard were developed by the world’s health and safety bodies and a group of industry health and safety experts. The risk-based approach is designed to anticipate hazards – not just react to incidents. Driven by leadership and with participation required by all employees, the topic of occupational health and safety – in the eyes of ISO – is the responsibility of everyone involved in the organization.

The standard’s requirements are designed to help them consistently maintain a safe and healthy work experience and to look for areas where further improvement can be made continuously. From physical strain and risk management to mental and emotional well-being, each facet that could affect employee health and wellness will be scrutinized and optimized for excellence.

ISO standards follow the same ten-clause format, and clauses 1 through 3 are designed to introduce and inform the organization about the specifics of the standard. Moving into clause 4, companies will find the first OH&S-specific requirements and begin the real work of developing their new management system.

Focuses on the Process Approach

ISO 45001 is an international standard recognized for occupational safety and health management systems. This standard is unique because it combines decades of best industry practices for practical issues on worker safety into the familiar format of ISO regulations. It specifically focuses on a process approach to analyze the potential risks and benefits for daily operations at an organization. 

ISO 45001 Consultants

The goal is to help companies improve their workflow and prevent workplace accidents by integrating health and safety as a sustainable practice.

Why Do You Need to Be ISO 45001 Certified?

The International Labor Organization reports that every day, more than 7,600 employees die because of a workplace-connected illness or injury. The goal of ISO 45001 is to protect the people who work for you and build your brand’s reputation as a responsible corporate entity. It’s not a legal requirement, but it’s becoming increasingly important to show internal and external stakeholders your commitment to your team’s safety and well-being.

ISO 45001 is a highly efficient way to create a safety management system that will meet regulatory standards from the Occupational Safety and Health Administration (OSHA). It’s also highly efficient since ISO 45001 focuses on adapting a dynamic safety plan to your daily operations rather than asking you to restructure to meet a generic safety plan. The certification encourages safety teams to focus on risk management by studying their operations and potential dangers.


5-Step Plan for Safety Management

You can follow a five-step plan to structure and implement your safety management strategy:

  1. Understand OSHA management systems: It’s key to learn the requirements for ISO 45001 and the recommended 11 success factors for implementation. The deeper your understanding of the “why” behind safety management systems, the better your chance of success.
  2. Integrate with your system: If you already implement systems like ISO 9001 for quality or ISO 14001 for environmental sustainability, then you have an excellent foundation since ISO 45001 uses the same core language. If you’re already familiar with these systems, it’s far easier to implement ISO 45001.
  3. Collaborate with stakeholders: Another step is to help everyone, from the construction workers manually building a project to the top executives, understand the importance and implementation of the standard. It’s key to encourage those who embrace the idea and engage in honest conversation with stakeholders who don’t agree with the change to understand their position.
  4. Prioritize tasks and set milestones: The next step is to move the safety plan into alignment with business metrics to set objectives. Make sure health and safety practices are enhanced rather than subtracted from profits since safety should lead to economic savings in the long term.
  5. Launch your safety management program: The final step is to launch your project and iterate over time as you learn more about how it works in a real-world environment.

Steps to ISO 45001 Certification

NQA is the global certification body that provides ISO 45001 certification, so it’s key to understand the steps it requires to receive this certificate:

  • Quote: Fill out a quote request form so NQA can assess the scope of the assessment required and offer a proposal for certification.
  • Booking: Next, you will book an appointment with an NQA auditor to assess your status in two visits for the Initial Certification Audit. It’s vital to provide proof that your safety management system has been in place for at least three months, with a management review and internal auditing.
  • Certification: After the two-stage audit, NQA will provide you with a certification decision. If the decision is in your favor, you’ll receive your certificate, and it will remain valid for three years with annual auditing and a recertification audit every three years.

Clause 4 – The Context of the Organization

Following the standard ISO format, organizations will first be required to determine the context of their organization as it applies to OH&S. In examining the external and internal forces impacting the effectiveness, efficiency, and well-being of their team, companies are able to determine the positioning of their organization and clearly define the expectations of their OH&S management system as well as their health and safety goals.

Team review ISO 45001 Clauses

In addition to the context, companies must define the scope of their OH&S management system, outlining the needs and procedures that will be included within the system and setting boundaries for what will and will not be controlled.

Clause 5 – Leadership and Worker Participation

Executive leadership is required to take overall responsibility for the implementation of the OH&S system, and they are held accountable for the health and safety of all workers. Through clause 5, leadership is responsible for setting roles and responsibilities within their team and creating and maintaining documentation for all levels of involvement.

OH&S Policy

In addition to roles and responsibilities, leadership must also draft and publish an Occupational Health & Safety policy, setting the principles and guidelines by which the company will conduct business and reach its goals. Once finalized, the policy must be officially documented and communicated throughout the organization, and then be made available for review by interested parties.

The policy must include written commitments by the leadership to fulfill legal and regulatory requirements, eliminate hazards, reduce risk, promote continuous improvement, and encourage team involvement and input.

Clause 6 – Planning

After completing the work to establish the bones of the system (through context, scope, OH&S policy development, and responsibilities assignment), companies can begin to plan for the actual development and implementation of their ISO 45001 compliant OH&S management system. This is the first step of the familiar PDCA cycle (Plan, Do, Check, Act) that those familiar with ISO will recognize.

ISO 45001 Planning meeting

With the now-defined framework in place, companies can begin to develop processes that will help them reach the goals of their system and create a continuously-improving, safety-focused culture. There are two specific factors for consideration throughout the planning process.

Hazard Identification, Assessment of Risk and Opportunities

The first step in the planning process is to evaluate hazards faced by workers and fully assess the risk and opportunity of each hazard.

The process follows a specific, ISO-required format:

  1. Identify the hazard
  2. Assess the risk of the hazard (the severity and the opportunity for occurrence)
  3. Identify opportunities to reduce or eliminate the risk.

Achievement of OH&S Objectives

After hazards have been identified and risks evaluated, ISO 45001 requires companies to establish objectives and goals to not only address the found risks, but to also maintain continuous improvement of the OH&S management system.

The determination must be made for required resources, responsibilities, timeframes, measurement tools, transparency, and impact, and all objectives and their related data are required to be documented and carefully maintained.

Clause 7 – Support

The implementation of an effective OH&S management system requires generous support from the entire organization. Through resources, competence, awareness, communication, and documentation, organizations will develop the support needed to pursue ISO 45001 compliance and certification.


Companies are required to provide adequate personnel, tools and equipment, and organizational structure to support their management system. Signage, documented processes, specific tools or machine guards, or even extra workers for a specific task can all help to ensure the effectiveness of the system, and the safety of all involved in the process.


Worker competence must be documented and reviewed periodically, and education, training, and experiential learning opportunities offered to assist in their professional development.


Organizations are required to make all team members aware of company OH&S policies and objectives. Workers are responsible for understanding how their work and actions play a role in the success of the system, and will need to demonstrate awareness of their knowledge of the system. They must also demonstrate an understanding of their right to remove themselves from any situation in which they feel unsafe without fear of repercussion.


Organizations are required to create processes for both the internal and external communication of information related to their OH&S management system. Through the development of the communication plan, organizations must consider the diversity of their workforce and their legal obligations without jeopardizing sensitive company information and worker confidentiality.


Finally, the standard requires that companies follow a structured and controlled documentation and record-keeping process for all information related to their OH&S management system. They must establish a standard documentation format, and all changes and updates must be made in a way that is traceable.

Clause 8 – Operation

Thus far, it has been established that proper process evaluation, new procedure development, and thorough documentation and record keeping is required for ISO 45001 compliance. Clause 8 is when the action of implementation occurs (the Do phase of the PDCA cycle), and companies should carefully focus on the effectiveness of each of their plans as they work through each section.

ISO 45001 completing paperwork

Operational Planning and Control

Organizations are required to establish processes and implement controls to ensure that those processes are consistently working toward their OH&S goals. Proper training is required to be delivered and documented for each new process, and careful planning for all major changes should be closely monitored and recorded.

Hazard Elimination and Risk Reduction

Hazards that have been identified will be addressed and can be handled in various ways. If they have been documented in a previous clause, ISO 45001 requires companies to address the risk and eliminate the hazard. They may choose to replace the offending process, material, or equipment, control the risk with process adjustments or special training, implement new guards or safety protocols to avoid the risk, or retain the risk and provide adequate Personal Protective Equipment (PPE) for all members of their team who may encounter the hazard.

Change Management

Specific to the ISO 45001 standard, organizations are required to address changes and carefully manage and monitor how those changes may impact the effectiveness of their system and the health and safety of their team. From new processes to updated legal and regulatory requirements, companies are required to review the effect the change will have on the company and create a plan to minimize risks.


As new equipment or materials are brought into the facility, outside contractors gain access to work spaces-workspaces, and processes or functions are outsourced, companies are required to consider the risk and impact of those factors on their environment and team.

Emergency Preparedness and Response

While the goal is to mitigate and eliminate risk, there will be times when organizations will be required to respond to emergency situations. Companies must train and prepare to handle situations in a way that restores the safety of their team as quickly as possible. Methods include training, performance and process evaluation, emergency response communications, and periodic simulations to test and demonstrate emergency response capabilities.

Clause 9 – Performance Evaluation

Measuring the effectiveness of a newly-developed OH&S management system is paramount to its success. The “Check” in the PDCA cycle, ISO 45001 sets requirements for performance evaluation that must be closely monitored in order to provide the proof needed for compliance and certification.

ISO 45001 performance evaluation

Monitoring, Measurement, Analysis, and Performance Evaluation

Without methods in place for measurement, it will be impossible to monitor, analyze, and control the effectiveness of the processes. Companies must create methods within each controlled process to evaluate outcomes to ensure they are meeting OH&S objectives. These measurements may relate to legal and regulatory compliance, hazard identification and management, operational processes and job-related tasks, and general OH&S goals.

Internal Audit

Once measurement strategies have been determined, organizations can utilize the results to conduct internal audits. Another requirement of the standard, internal audits can be used to evaluate the effectiveness of the full system or simply spot check certain aspects. The internal audit process must be documented, with all findings being logged for reference and further evaluation (if necessary).

Management Review

The management review process is the final requirement of process evaluation. These reviews should be handled with priority, and management should continuously consider incident occurrence and trends, resource adequacy, legal and regulatory changes, actions from previous reviews, and opportunities for continual improvement.

Clause 10 – Improvement

The final clause of the ISO 45001 standard centers around the “Act” phase of the PDCA cycle. Through hazard identification and goal setting, companies find innumerable avenues for improvement, aiding in their ability to meet their OH&S objectives. 

Incident, Non-Conformity, and Corrective Action

ISO 45001 requires companies to develop processes for investigation and report of all found nonconformities and OH&S incidents to develop plans for corrective action. Careful documentation of all activities and issue correction aids in further improvement plan development and helps to ensure effectiveness.

It’s important to understand the difference between incidences and nonconformities to move forward with improvement.

Incidents are near misses, injuries, or damage to buildings or equipment, that could pose a risk to the worker’s health and safety. Incidents are caused by action.

Nonconformities are specific to processes and procedures, and result when a team member violates a safety requirement. Failure to comply with PPE rules, ignorance or refusal of safety protocols, and participation in knowingly unsafe practices are all examples of non-conformities.

Organizations are required to diligently monitor team member behavior and work practices so that they can identify incidents and nonconformities as soon as possible. Additionally, they should develop a system designed for all team members to report observances of nonconformities and unsafe acts, encouraging workers to always speak up for safety.

When incidents and nonconformities are found, a full investigation must be carried out, and records of causes, actions, and consequences must be kept.

Documentation and Communication

Any time that incidents or nonconformities are recorded, companies should take the time to report them to their team, and, if necessary, communicate them externally to shareholders, customers, or regulatory bodies. Investigations of these issues must be carefully and meticulously documented to serve as evidence that corrective action was taken as immediately as possible and to show commitment to the priority of worker health and safety.

ISO 45001 Continual Improvement Meeting

Continual Improvement

Finding nonconformities and experiencing safety incidents is inevitable for every organization. There is no limit to the ways in which illness and injury risk can be reduced in a workplace, and the use of the OH&S system, PDCA cycle, and overarching ISO principles can be extended and expanded as businesses grow.

Pursuing ISO 45001 compliance and certification requires a full examination of an organization’s safety systems, protocols, processes, and employees. True dedication and priority to employee well-being ensure that the implementation of an ISO-certified OH&S management system will be set up for long-term success, and that success will be reflected in business growth and opportunity.

Choose Core Business Solutions for ISO 45001 Expert Consulting Today

Here at Core Business Solutions, we go the extra mile so the certification process can be as simple and effective as possible. We can connect with your team virtually or on-site to walk you through the complexities of ISO 45001 and help you receive a significant return on your investment.

Have questions or want to learn more? Read more about ISO 45001 consulting, or request a free quote now.

Related Articles:

ISO 45001 Explained

ISO 45001 Explained

What is a Health and Safety Management System?The very first standard of its kind, ISO 45001 covers decades of health and safety regulations and best practices into the familiar and effective format...

ISO 45001 Principles in Daily Life

ISO 45001 Principles in Daily Life

Safety is a topic that has had a presence in our lives from the day we were born. As a child, your parent made you hold their hand when you crossed the street. When you started driving, you couldn’t...