Anda di halaman 1dari 26

An Overview of ISO 45001

What is ISO 45001?

ISO 45001 (Occupational Health and Safety Management Systems –
Requirements) is a new workplace safety standard. It will replace the current
standard, OHSAS 18001. ISO 45001 is currently in development, and the final
standard is expected to be published in late 2017. Once published clients with
OHSAS 18001 will have to migrate to ISO 45001.

Background: Health and Safety Management Standards

There were roughly 2.34 million deaths from workplace activities in 2013. The
vast majority of these deaths (about 2 million) were due to workplace health
issues, instead of injuries. Examples of these health and safety risks include:

 Toxic chemicals, paints, and solvents

 Handling work equipment without proper training

 Injuries from slips and falls

 Incorrect lifting and handling techniques

 Extreme workplace temperatures

Workplace injuries and health issues can have a significant impact on workplace
productivity. Direct costs of workplace injuries include increased worker’s
insurance premiums, fines and downtime for injured workers or damaged
equipment as well as costs for replacement staffing, and other resources – not to
mention the moral obligations.

The indirect impact is far less tangible. Workplace injuries often lead to low
morale & employee turnover, reduced productivity, and difficulty complying with
regulations. Organizations with a high number of workplace injuries and health
concerns may struggle to capture a share of the growing market of consumers,
concerned with the overall reputation of an organization – not just their product
quality. A health and safety management standard strives to improve productivity
and overall organization well-being by addressing concerns that could lead to
negative outcomes.

Why Implement an Occupational Health and Safety Management


You may already be aware of some of the benefits of implementing a health and
safety management system. If your organization has OHSAS 18001 certification,
or other ISO certifications like ISO 9001 and ISO 14001, you probably have first-
hand experience of the benefits of implementing a management system.

Benefits organizations can reap by implementing a management system include:

 Complying with regulatory and other compliance requirements

 Improving performance in a structured manner

 Implementing a system to manage risks and opportunities systematically

 Driving to improve cultural change

In the case of an occupational health and safety system, there are other benefits.
These include:

 Proving a commitment to worker occupational health and safety

 Protecting your employees and contractors

 Potential for reducing workers’ insurance premiums

 Improving productivity by reducing workplace injuries and ill-health

Although many of the ISO management standards emphasize employee

knowledge and participation, ISO 45001 goes even farther. It will be a
requirement to focus on employee participation. Some of the clauses contained
within the new standard, such as “Context of the Organization” and “Leadership,”
specifically address the role employees have in developing the occupational health
and safety management system alongside top management and staff.

Current Occupational Health and Safety Standards: OHSAS 18001

Currently, the OHSAS 18000 series are the most commonly recognized health and
safety standards. These standards were first published in 1999. This series consists
of OHSAS 18001 and OHSAS 18002:

 OHSAS 18001: Outlines requirements for an occupation health and

workplace safety program

 OHSAS 18002: Provides recommendations for implementing the

requirements found in 18001
The OHSAS 18000 series were the first widely adopted workplace health and
safety standards. In 2007, OHSAS 18001 was revised to better match ISO
standards. This aligned it more closely with ISO 9001 and ISO 14001

ISO 45001 uses the recently revised standards framework (Annex SL) to align
OHS requirements with other international standards.

A New Occupational Health and Safety Standard: ISO 45001

ISO 45001 will replace OHSAS 18001 in 2017 (currently proposed timeframe for
final publication). A draft of the new standard was published in early 2016, with
comments on the proposed requirements accepted through May 2016. A second
draft of ISO 45001 is expected to be released in late 2016 or early 2017, with the
final standard expected to be published at the end of 2017.

The new international standard is designed to allow organizations to tailor

occupational health and safety management systems to their workplace more
effectively. The requirements for ISO 45001 are process-oriented instead of
focused on ensuring that a specific procedure is adopted. This will allow
organizations to develop an occupational health and safety management program
that addresses the specific risks of their workplace.

The new standard will use ISO 9001:2015 and ISO 14001:2015 as its normative
references. This means the requirements of this standard will be harmonized with
the requirements of the other two standards making integration into an existing
management system far easier due to the common framework (Annex SL).

Timeline for ISO 45001 Publication

 7 January 2016: Draft of ISO 45001 released

 12 February – 12 May 2016: Draft ballot period, feedback on Draft of ISO
45001 accepted

 23 May 2016: Report from draft ballot results

 Expected December 2016/January 2017: Second draft of ISO 45001


 December 2017: Publication of ISO 45001 expected

Once ISO 45001 is published it is expected that holders of OHSAS 18001

certification will have a three-year transitional period to migrate their certification
to the ISO 45001 standard. The dates of this transition period will be set once the
final standard is published.

Comparing OHSAS 18001 and ISO 45001

If you already have OHSAS 18001 certification, you’re unlikely to see major
changes when transitioning to ISO 45001. Some of the differences you will see

1. Greater Emphasis on Workforce Participation

In OHSAS 18001, the primary emphasis is on the people in the workforce. This
includes ensuring that employees are informed about occupational safety and
actively participate in the process. ISO 45001 reinforces this focus.
The focus on employee participation and knowledge is found throughout ISO
45001. That is because occupational health and safety systems are at their most
effective when people throughout the organization are engaged. Clauses 4 and 8
both focus specifically on these requirements.

The majority of new requirements occur in clause 4 (Context of the Organization)

and clause 8 (Operations). However, the structure of ISO 45001 is dramatically
different from that of OHSAS 18001. We’ve provided a full explanation of how
OHSAS 18001 requirements map to ISO 45001 on our website.

2. Expanded Focus of Health and Safety Programs

Another considerable difference you will see between OHSAS 18001 and ISO
45001 is focus on the benefits of a worker health and safety management system.
OHSAS 18001 primarily focused on reducing negative impacts of health and
safety incidents. ISO 45001, on the other hand, focuses on valuing the positive
impact of worker health and safety programs. These benefits might include:

 Lower insurance premiums

 Improved workplace productivity

 Better workplace morale

 Customer recognition of social responsibility

ISO 45001 does focus on risk management, but it also focuses on the role that
health and safety management can have in driving a positive cultural change
within an organization. This emphasis is shown through the increased number of
requirements for employee participation. It’s also represented by the added focus
on understanding organizational context, including stakeholders, outside
influences, and regulatory requirements.

3. Reduced Focus on Standardized Procedures

Many organizations will notice that the requirements for ISO 45001 certification
are less standardized than those of OHSAS 18001. The requirements found in
clauses 6 (Planning), 7 (Leadership), and 8 (Operations) have specifically been
designed with flexibility in mind but are based on risk and opportunity.

ISO 45001 will still require organizations to implement and document health and
safety procedures in a structured way. However, specific requirements for
implementing these procedures will not be contained within the standard.

This change has been made for two reasons, to:

 Ensure that health and safety management programs apply to the specific
needs and risks of the business in question
 Help to integrate health and safety management programs into the
organization’s culture by ensuring that the programs are internally adopted
instead of externally imposed

Because safety needs vary by industry, ISO 45001 allows workplace safety
programs to vary as well. For instance, occupational hazards in the construction
industry look very different from those in the pharmaceutical industry. Thus, both
organizations may follow very different programs in order to mitigate their risk.
The added flexibility of the new standard should make it easier for organizations
to design health and safety programs that address the risks of their specific

Who Does ISO 45001 Apply To?

Health and safety management systems apply to any type of business with
employees - both large and small organizations can obtain these certifications.
The requirements for an occupational health and safety program can easily be
adapted to fit the needs of businesses in a wide variety of industries. ISO 45001 is
designed to apply to both large and small businesses. Its use of the new Annex SL
format will make it easier for organizations of different sizes, and in different
types of industries, to adopt the new standards.

If your organization already has the OHSAS 18001 certification, you should
seriously consider becoming ISO 45001 certified. This standard will replace the
OHSAS 18000 series of standards, so your earlier certification will need to be
migrated once the ISO 45001 has been published and approved.

What You Can Expect from the ISO 45001 Update

Like many new international standards, ISO 45001 will use the Annex SL format.
That means the framework and much of the content of ISO 45001 will be familiar
to organizations that have other ISO management system certifications.

Annex SL is a new framework for management systems. It’s designed to make it

easier to implement multiple management standards in one organization.
Although each standard will have discipline-specific clauses, many of the
overarching terms, references and clauses will be shared.

Annex SL contains a high level framework, required appendixes, some core

language and common terms. It functions as a template for a variety of different
management system standards. Individual standards will add discipline-specific
clauses, as well.

The change to the Annex SL framework was made to address conflicts between
different standards. Some of these conflicts include:

 Conflicts in terms and definitions between different management standards

 The need to duplicate processes in order to maintain multiple certifications
 Incompatible requirements between different management standards

By using the same structure and shared terms and definitions, the Annex SL
format reduces these conflicts. The very goal of management standards is to
increase productivity. Duplicating processes is an inefficient use of resources, and
ISO recognizes this. That’s why Annex SL was introduced.

What Does Annex SL Apply To?

Like most new or recently revised standards, ISO 45001 will follow the new
Annex SL format. This is the same structure you may have seen in the recent
revisions of ISO 9001:2015, ISO 14001:2015 and ISO 27001:2013.

This format is a high level structure that will apply to many of ISO’s new
standards. It will be used to ensure that standards have consistent terminology and
definitions. As the new structure becomes more common, it’s expected that Annex
SL standards and terminology will comprise up to 40 percent of the requirements
of many standards.

Annex SL is expected to:

 Standardize terms and requirements between different ISO standards

 Reduce confusion between requirements and definitions in different ISO


 Cut down on the need for repeat processes to maintain different ISO
 Reduce bureaucracy

 Make management processes needed for ISO certification more efficient

The Annex SL structure will only be used for international standards and technical
specifications going forward. Over time, international standards will develop a
common appearance and set of requirements.

If your organization is currently certified to ISO 9001:2015 or ISO 14001:2015,

you will be familiar with the Annex SL framework. The Annex SL format
consists of 10 elements:

 Scope

 Normative References

 Terms and Definitions

 Context of the Organization

 Leadership

 Planning

 Support

 Operation
 Performance Evaluation

 Improvement

We’ll explain each of these in more depth below.

Clause 1: Scope

The scope of ISO 45001 was provided in draft form earlier in 2016. This section
received a number of comments, and is expected to be heavily revised before the
publication of the final standard. Most of the comments made on this section
focused on wording and aligning the introduction with other parts of the standard.

 Sets out the intended results of the management program

 Defines any industry-specific requirements

 Addresses the processes and job functions that will be affected by the
management standard

Clause 2: Normative References

This section is not expected to undergo substantial revisions before publication of

the final standard.

Details any other standards used as references

Clause 3: Terms and Definitions

This element is expected to undergo revisions before the publication of the final
standard. When the draft standard was published, comments asking for
clarification of workers, workplaces, and contractors or external supplies were

 Defines specific terms used within the standard

 Many terms and definitions are part of the Annex SL template

 Other industry-specific terms may be defined here

ISO 45001 is expected to share a number of terms and definitions with OHSAS
18001. Some of the terms that will transfer to the new standard include:

 Interested party: Person who can affect, be affected by, or perceive itself to
be affected by a decision or activity

 Injury and ill health: Adverse effect on the physical, mental, or cognitive
condition of a person

A more extensive list of shared terms and definitions can be found on our website.
Context of the Organization

This is a new element in the Annex SL format. As a result, it’s generated some
confusion among clients. If your organization currently holds OHSAS 18001
certification, it’s likely you’ve already documented some of these procedures.

The draft text of this element is expected to undergo minor revisions. Comments
provided on the draft focused on clarifying inconsistencies between this standard,
ISO 9001 and ISO 14001.

The goal of this section is to:

 Determine why the organization exists

 Identify any internal or external influences that will affect desired


 Document the scope of the management system that’s implemented

This clause explicitly focuses on external and internal influences on an

organization’s workplace and on its health and safety programs. David Smith, the
chairman of the committee developing ISO 45001, explains that the new approach
contrasts to earlier health and safety programs. Instead of focusing on internal
employees only, organizations should now consider the impact of:

 Regulatory authorities

 Contractors
 External suppliers

This element consists of four different clauses. It contains two new requirements
(4.1 and 4.2).

4.1: Understanding the Organization and its Context

 New requirement

 Requires the organization to consider outside influences that affect the

organization, such as stakeholders, regulation or governance

 Organizations should consider what factors influence the culture of the


 Organizations seeking certification should be prepared to discuss

influences on the organization’s culture with the assessor

4.2: Understanding the Needs and Expectations of Interested Parties

 New requirement

 Requires the organization to consider stakeholders and their interests

 Organizations seeking certification should be prepared to discuss

stakeholders with their assessor

4.3: Determining the Scope of the Management System

 Previously found in scope and clause 4 of OHSAS 18001

 Requires organization to identify the boundaries of the health and safety
management program

4.4: The Management System

 Previously found in scope and clause 4 of OHSAS 18001

Clause 5: Leadership

Prior to the adoption of the Annex SL format, this clause was usually referred to
as “management.” The new wording was adopted to reflect the role that various
types of leadership play in the adoption of a management system.

This clause emphasizes greater involvement from top management and from
employees. As a result, top management is expected to be more involved in
review procedures. Greater awareness and participation from employees is also

Comments on the draft of ISO 45001 asked for clarification on the intended
outcomes of health and safety programs. They also focused on clarifying the role
of top leadership in the health and safety management system. This clause is
expected to undergo revisions before the publication of the final standard.

Clause 5 has three sub clauses found in Annex SL, and an additional sub-clause
specific to ISO 45001.

5.1: Leadership and Commitment

 This clause is similar to clauses 4.4.1, 4.4.3 and 4.4.6 in OHSAS 18001

 There is an added emphasis on engagement with workers while developing

health and safety programs
5.2: Policy

 Organizations are required to pay more attention to communication with

and participation of workers

 Organizations should apply the hierarchy of controls to health and safety


 Organizations must commit to meeting legal requirements of health and

safety programs

5.3: Organizational roles, responsibilities and authorities

This section is similar to clause 4.4.1 in OHSAS 18001.

5.4: Participation and Consultation

 This clause is not found in the standard Annex SL format — it has been
specifically added to ISO 45001

 Emphasizes the need for engagement and participation with workers while
developing health and safety programs

 Encourages non-management roles to participate in health and safety


Clause 6: Planning

The “planning” clause directly addresses the risks and opportunities that the
organization outlined in clause 4. As in many of the new and revised management
standards, this clause places an emphasis on risk-based analysis.

This is an area where organizations with OHSAS 18001 certification will see
major differences. OHSAS 18001 emphasizes prevention, with corrective action
taken as needed. ISO 45001 emphasizes a more proactive approach. Organizations
should expect to identify major risks, when they might occur, and who will be
taking preventative action.
When the draft of the ISO 45001 standard was published, the majority of
comments in this section addressed language inconsistencies. Revisions are
expected to provide greater clarification of what is meant by terms such as
“hazard” and “incident”.

Clause 6 has two sub clauses:

6.1: Actions to Address Risks and Opportunities

 This section is similar to clauses 4.3.1, 4.3.2 and 4.3.3 in OHSAS 18001

 Legal and regulatory requirements for health and safety programs should
be identified in this section

 The organization should consider the effectiveness of actions taken to

address risks and opportunities

6.2: Management System Objectives and Planning to Achieve Them

 Objectives and plans should be documented

 The organization should develop a plan for achieving documented

objectives, which includes responsible persons, a timeline for
implementation and how progress and success are measured

 The organization is responsible for reviewing health and safety objectives

Clause 7: Support
This section directly addresses the support or resources needed to implement the
health and safety management program. In many cases, clause 7 will directly
address the risks and opportunities (clause 4), requirements for commitment
(clause 5), and health and safety plans (clause 6) that the organization has already

The majority of these requirements are similar to those found under OHSAS
18001. The requirements for Clause 7 are primarily found in Clause 4.4 and 4.5 in
OHSAS 18001. Many of the requirements for documentation are found within this

The draft of this section had a variety of comments made on it. Questions included
requests for clarification about the requirements of competence, documentation,
awareness, and communication. Expect to see major revisions in the published
standard to clarify these questions.

This element has five sub-clauses.

7.1: Resources

 The organization should determine the resources needed for the health and
safety plan

 The organization is responsible determining how to supply these resources

7.2: Competence

 The organization should evaluate competence and determine actions

needed to develop it
 The actions taken to evaluate and develop competence should be reviewed

 The specific procedures and documentation required by OHSAS 18001 are

no longer required. However, the organization should have a plan to
document competence and evaluations

7.3: Awareness

 The organization should develop a plan to inform workers about

workplace safety, hazards, and risks

 Workers should be informed of any elements in the health and safety plan
that they are required to perform

 The organization should develop a plan to inform workers of the results of

relevant health and safety investigations

7.4: Communication

 This clause is similar to clause 4.4.3 and in OHSAS 18001

 The organization has an additional requirement to ensure that

communication was received, and to determine whether it was effective

 Documented information in this section will replace some of the

procedural requirements found in OHSAS 18001

7.5: Documented Information

 No longer requires the same procedural or documentation requirements of

OHSAS 18001

 Organizations may maintain any relevant procedures or documentation

from OHSAS 18001
 Documented information requires appropriate controls

Clause 8: Operations

Under the Annex SL format, Clause 8 includes only one required sub-clause.
However, the majority of the requirements for the management system are found
in this section. Organizations transitioning from OHSAS 18001 will find that this
section contains most of the new requirements.

There were a number of comments made in reference to this element in the draft
standard. As a result, expect this clause to undergo major revisions before the
publication of the final standard. Comments included requests for additional
clarification about the role of the hierarchy of controls, as well as the management
of changes. Other questions included the requirements for health and safety
programs that apply to contractors and suppliers, and what types of workplaces
the health and safety program should consider.

This section has seven clauses. Six of these clauses are unique to ISO 45001.

8.1.1: Operational Planning and Control

 Aligns with section 4.4.6 in OHSAS 18001

 Requires risk controls to be developed in conjunction with other

operational controls

8.1.2: Hierarchy of Controls

 New requirement

 The organization is required to specify the hierarchy of controls within

business operation

 The hierarchy of controls adopted by the organization is required the take

risk management into account

8.2: Management of Change

 New requirement addressing changes made to operations

 Specifies the requirements of any changes made, as well as, the sources of

8.3: Outsourcing

 New requirement

 Addresses operational planning, controls and changes in regard to

outsourced work

8.4: Procurement

 New requirement

 Addresses health and safety program needs in relation to the procurement

of materials

8.5: Contractors

 New requirement

 Establishes controls on contractors’ activities

 Requirement also entails the organization to establish communication

requirements for contractors and the host company’s workers

8.6: Emergency Preparedness and Response

 Aligns with 4.4.7 in OHSAS 18001

 Expands the emergency preparedness and response requirements to

include a communication plan
Clause 9: Performance Evaluation

This clause addresses the need for monitoring and evaluation of the organization’s
health and safety program. The organization should expect to identify which
elements should be monitored, measured, analyzed, or evaluated. The process and
requirements for monitoring, measuring, and evaluating should be developed with
the organization’s needs in mind. An internal audit to ensure effectiveness, as well
as, compliance to the standard is required.

The majority of the general requirements for performance evaluation found in

clause 9 are present in Clauses 4.5 and 4.6 of OHSAS 18001. However, the
emphasis and specific requirements have both been revised.

There are five sub-clauses in this element. Three of them are present in all Annex
SL standards. Clauses 9.1.2 and 9.2.2 have been added specifically for ISO 45001.

9.1: Monitoring, measurement, analysis and evaluation

 The requirements for determining what should be monitored, measured,

analyzed, or evaluated now include the need to document criteria

 The organization is required to document information — a requirement

that replaces the OHSAS 18001 procedural requirements

9.1.2: Evaluation of compliance with legal requirements and other


 Specific to ISO 45001

 Procedural requirements have been replaced by the requirement to
document information

 Evaluation planning should include the frequency of evaluations

9.2: Internal audit objectives

 This section aligns with clause 4.5.5 in OHSAS 18001

 Procedural requirements in OHSAS 18001 have been replaced with the

requirement to document information

9.2.2: Internal audit process

 This section aligns with clause 4.5.5 in OHSAS 18001

 Requirements for the internal audit process include communicating with


 The organization is required to retain documented information

 A new requirement to address non-conformities found during the audit

process has been added

9.3: Management review

 Aligns with clause 4.6 in OHSAS 18001

 Management is required to review the occupational health and safety

system for effectiveness
 There is a greater emphasis on aligning communication and improvements
with the risks and opportunities developed earlier

Clause 10: Improvement

This section addresses the organization’s plans for corrective actions.

Expect clause 10 of ISO 45001 to undergo moderate revisions. Comments on the

draft of the standard focused on clarifying the definition of health and safety
incidents, incident investigations, and continual improvement.

There are four sub-clauses in this element. Clauses 4.1 and 4.2 are both part of the
Annex SL format. Clauses 4.2.1 and 4.2.2 have been added specifically to address
the health and safety management program needs.

10.1: Non-conformity and corrective action

 This section aligns with OHSAS 18001 clauses 4.5.3, and

 The language of preventative action, which is found in most standards, has

been reduced. This is because preventative action is considered intrinsic to
the occupational health and safety management system.

 The organization is required to take direct action to address non-


 The organization should investigate the root cause of an incident, and

address this cause in corrective actions.
 Requires organizations to document and review the effectiveness of any
corrective actions taken.

10.2: Continual improvement

 Continually improve the suitability, adequacy and effectiveness of the

OHS management system to prevent occurrences, incidents and
nonconformities to enhance performance.

10.2.1: Continual improvement objectives

 for positive culture change and improved performance.

10.2.2: Continual improvement process

 Organizations should demonstrate that they are using the results of this
process to identify opportunities for improvement.

Migrating From OHSAS 18001 to ISO 45001

Whether you’re considering obtaining ISO 45001 certification from scratch, or

already have an OHSAS 18001 certification, the certification process is similar.
Here are a few tips to make the migration easier.l;l

1. Get a copy of the ISO 45001 standard and study it.

This step is essential, whether you currently have OHSAS 18001 certification or
not. Although the final standard has not yet been published, we offer a number of
resources to help you get started. Consider starting with this analysis of how
OHSAS 18001 requirements will map to ISO 45001. You may also want to use
our ISO 45001 health and safety standard toolkit.

2. Identify information about legal and other requirements for occupational

health and safety programs and how they will evaluate compliance with these
requirements to demonstrate effectiveness.

This is most pertinent for organizations that don’t currently hold OHSAS 18001
certification. If you already have a health and safety management certification,
this information has probably already been identified. If not, now is the time to
identify any legal and other requirements that may affect your occupational health
and safety management program.

3. Review workplace hazards and develop a risk assessment methodology.

Similarly, this step applies primarily to organizations that do not currently hold a
health and safety certification. If you currently have a certification, review your
documentation to locate this risk assessment.

4. Conduct a gap analysis.

Conducting a gap analysis will help organizations that currently hold OHSAS
18001 certification, as well as those seeking a certification for the first time. If
you currently hold OHSAS 18001 certification, there shouldn’t be many gaps
other than those differences highlighted between the two standards. A gap
analysis should also include areas for improvement. Although it’s a good idea to
prepare ahead of time, it won’t be possible to apply for ISO 45001 until the final
standard is published.

For more information on ISO 45001 certification, review our ISO 45001 toolkit or
contact NQA directly.

18001, ISO, OHSAS, 45001


Certification to ISO 55001 is based on ISO 55002 which is the guideline for ISO
55001 and additionally guidance standards such as ISO 15663 – 1 Life cycle
costing for Petroleum and Natural Gas industry, ISO 15686-2 Service life cycle
planning for Buildings and constructed assets are used to effectively implement
ISO 55001 and successful certification by reputed certification bodies.
10/26/2017 9:16:24 AM