What is ISO 45001? 

ISO 45001:2018 is the international ISO standard for occupational health and safety management systems (OHSMS) that has replaced OHSAS 18001. Created by a committee of health and safety management experts, ISO 45001 was designed with the strengths and weaknesses of many other occupational health and safety standards in mind.  

How does ISO 45001 differ from OHSAS 18001? 

Although ISO 45001 has many similarities to its predecessor, it is distinct from OHSAS 18001. 

ISO 45001 aims to help businesses protect workers and guests from work-related accidents and diseases. The standard provides guidance that senior management can use to create a safe working environment, control factors that cause illness and injury, preserve workers' physical and mental well-being, and reduce business risk. 

Why is ISO 45001 important? 

Workplace safety remains a serious concern for employees and employers alike. According to the International Organization for Standardization, 153 people experience workplace injuries every 15 seconds. In serious cases, unsafe working conditions can even lead to death. 

ISO 45001 is important because it aims to prevent workplace accidents, illnesses and fatalities. The committee responsible for writing ISO 45001 identified gaps in OHSAS 18001 and aimed to address them in the new standard. ISO 45001 will also work to standardize occupational health and safety management across borders, which has been difficult with the multiple versions of OHSAS in place internationally. 

What Are The Benefits Of ISO 45001 Certification? 

ISO 45001 builds and expands on the foundation of OHSAS 18001 and is designed to integrate more easily with other revised ISO management standards, such as ISO 14001 and ISO 9001. When effectively implemented, ISO 45001 will integrate with operations naturally. ISO 45001 is flexible and capable of meeting the needs of the business while protecting workers and delivering improvement. 

In addition to improved worker safety and reduced risk, benefits of ISO certification include: 

• Improved relationships with employees, customers, suppliers and other stakeholders 
• Reduced downtime and lower operating costs 
• Better reputation and consumer trust 
• Potential tax benefits 

Who Should Get ISO 45001 Certification? 

ISO 45001 certification is a good idea for any business that needs to mitigate safety risks and demonstrate a verifiable dedication to preventing work-related illnesses, injuries and deaths. This includes small and large businesses and businesses in various industries. Some examples of industries that should consider ISO 45001 certification include automotive, construction and healthcare. You should also consider ISO 45001 certification if you currently hold OHSAS 18001 certification. 

At NQA, we provide ISO certification for businesses in a wide range of industries and sectors. 

What Is The Difference Between Improvement and Continuous Improvement In ISO 45001? 

The phrase used in the standard is continual improvement, which means stepped improvement over time, not continuous. A range of changes can contribute towards improvement, including training, revisions to processes, achievement of objectives and performance goals. 

Is ISO 45001 Just A Watered-Down Version of OHSAS 18001? 

No, ISO 45001 is not just a watered-down version of OHSAS 18001. ISO 45001 uses an established structure based on an effective management model. It is designed to be used as part of a business management system. ISO 45001 emphasizes workforce participation, expands focus on worker health and safety programs and implements other changes. 

What Are The New Requirements In ISO 45001? 

ISO 45001 does come with new and updated requirements. This is an important output of Clause 4.2, which is of interest to the parties and the reason for an effective evaluation of the compliance process. It would be prudent to have robust processes in place that include compliance obligations associated with identified interested parties within your context. For example, a new document, IAF MD22, was released in January 2018. This document directly affects your certification body and may likely affect your organization, too. Make sure that your communication process includes staying current with the compliance/obligation needs and expectations of your certification body. The next significant revision is underway, with publication of a new version expected in 2027.  

Sign up to InTouch for updates as and when they're available.  
 

How Can You Earn ISO 45001 Certification?

To get ISO 45001 certification, your organization will need to implement the standard and complete the auditing and certification process with an accredited third-party certification body like NQA. The initial certification process involves a two-stage audit, and maintaining certification requires yearly surveillance audits and recertification every three years.

If you're transitioning to ISO 45001 from OHSAS 18001, the process may look slightly different and must be completed by the March 2021 deadline.

How Much Does ISO 45001 Certification Cost?

The cost of ISO certification depends on a range of factors, including audit duration, organization size, scope of risk, current level of compliance, and more. To get an accurate idea of direct certification costs, request a quote from your third-party certification body. At NQA, we offer competitive rates and never charge hidden fees.

Get a quote

How Much Notice Do You Need To Give NQA To Change A Standard OHSAS 18001 Surveillance Into A Transition Audit?

Please give as much notice as possible — not only to allow NQA to make arrangements, but for clients to undertake the mandatory GAP analysis and implement the revisions and changes that may be necessary prior to the NQA migration assessment. The system should be mature enough to demonstrate it is effectively implemented and achieving the required outcomes at the point of assessment.

 

How has the definition of "worker" changed?

In ISO 45001, "worker" is an all-inclusive phrase that includes workers of all levels within the organization as well as those who are not directly employed, such as contractors and outsourced service/product suppliers. As all organizations are unique, it's important to consider this change and respond as appropriate for the system and audit.

What do "risk," "workplace," and "hazard identification" mean in ISO 45001?

In ISO 45001, the terms "risk," "workplace," and "hazard identification" are precisely defined to support effective occupational health and safety management:

• "Risk" in ISO 45001 refers to the combination of the likelihood of a work-related hazardous event or exposure and the severity of injury or ill health that can result from that event or exposure.
• "Workplace" is broadly interpreted in ISO 45001. It includes any physical location where work-related activities are performed under the control of the organisation.
• "Hazard identification" is the proactive and systematic process of recognising sources, situations, or acts within or related to the workplace that have the potential to cause injury or ill health. ISO 45001 requires organisations to consider routine and non-routine operations, emergency situations, people and processes involved, workplace design, changes in organisation, knowledge of hazards, and previous incidents when identifying hazards.

How should you determine risks and opportunities?

When the organization understands the needs and expectations of interested parties and strategic corporate requirements, it can then use the knowledge to assess any risks and opportunities that may be present and then take action to address them.

Is There A Minimum Requirement For What Legislation Registers and Aspects and Impacts Registers Must Contain?

There is no minimum requirement for what these registers must contain. The contents are based on the business activity, geographical location and local/national enforcement requirements. Each organization is unique. If you have questions about what you should include, please contact us.

How can local risks (e.g., earthquakes, tornadoes) be addressed within the emergency plan?

If these are requirements of enforcement agencies or interested parties, then they will need to be considered and planned for. However, these plans may also be part of other emergency considerations and responses, such as business continuity plans and responses.

Does ISO 45001 replace other certifications (e.g., ISO 9001/14001)?

No, ISO 45001 does not replace the need for other certifications such as ISO 14001 and ISO 9001. ISO 45001 is designed for OHS systems, and although they follow the same system structure, ISO 14001 and ISO 9001 focus on different disciplines — Environment and Quality.

If ISO 45001 requirements are met, does that mean OHSAS 18001 is also met?

ISO 45001 expands and builds on the foundations of OHSAS 18001. Therefore, meeting the requirements of 45001 is overall in place, but the way 18001 is written is different and requires documented procedures and other subtle changes. So, you may not automatically meet the requirements of both standards.

Can you still get OHSAS 18001 certification after 45001's release?

Although it was possible to be accredited to OHSAS 18001 up to September 2021, you can no longer apply for certification. NQA would advise looking at the migration timeline for key milestone dates that may help with making the decision, specifically regarding the ultimate migration that will be required to maintain certification.

Should organisations keep management systems separate or integrate?

It all depends on client needs, available resources and objectives. ISO 45001 adopted the annex SL framework and, therefore, is designed to efficiently integrate with other management systems by reducing redundancies.

 

How does the client application process work for Stage 2 audits?

A stage two assessment to ISO 45001 will not need further applications, as it will already be against the requirements of ISO 45001. If you have questions about our process, please contact NQA online today.

Do you need a management representative for ISO 45001?

No, ISO 45001 does not require a designated "management representative" as was required by OHSAS 18001. ISO 45001 shifts accountability and leadership for the occupational health and safety management system directly to top management, rather than allowing delegation of this responsibility to a single person. While an organisation may still appoint a person or team for day-to-day coordination, top management must now be actively engaged and demonstrate leadership, commitment, and integration of health and safety into company-wide processes. This approach ensures broad ownership, better employee engagement, and more robust continual improvement.

What about continual audit/recertification requirements?

ISO 45001 requires ongoing internal audits and periodic third-party recertification audits to maintain certification. The management system must be reviewed regularly to ensure its suitability, adequacy, and effectiveness—typically through a “management review” process led by top management. Most certification bodies require a full recertification audit every three years, with annual surveillance audits in between. Results, findings, and improvements from these audits must be documented and appropriately shared with staff and, where relevant, worker representatives.