Home Resources Blog December 2015

ISO 45001 Health and Safety Standard Briefing

17 December 2015
This briefing by Charles Corrie, Secretary to ISO PC283 (the standard writing committee for ISO 45001), provides an overview of the key concepts of ISO 45001 and the key differences from OHSAS 18001.

The future of OHSAS 18001

In June 2015, results of an OHSAS Standard and Certification Survey showed although 90,000 certificates for OHSAS 18001 compliance have been issued to organizations, there are about 40 different versions of the standard worldwide.

This demonstrated a pressing need for a single international standard in the area of occupational health and safety. The main requirement needed to create one standard for all, is the application of Annex SL.

ISO 45001 Timeline

What is the implication of Annex SL?

Annex SL is the new high level structure for ISO management system standards. The structure will enable different ISO management systems to integrate more easily. Integrated management systems (IMS) can drive operational and resource efficiencies for the business and reduce the number of assessment days required for certification.

Annex SL also provides concepts that users of OHSAS 18001 will already be familiar with including:

1. Setting policies
2. Setting objectives
3. Conducting internal audits
4. Management reviews
5. Continual improvement

Key concepts of ISO 45001

Annex SL requires ISO management systems standards to adopt three new concepts:

1. Context of the organization
2. Leadership
3. Documented information

Ccontext of the organization

Requirements around the new clause ‘Context of the Organization’ link your management system to your business environment and its’ strategies for health & safety performance. This in turn promotes greater management focus upon using the system as a business tool.

Assessing the context of your organization requires you to look at internal and external factors that might impact on your organization, including:

  • Changing labour relations
  • New technologies and materials
  • Services coming from outside or inside your organization that might change the way you do things

ISO 45001 requires you to look at the risks that change can introduce to your organization and assess how such risks are controlled.


It can be tough converting ideas around good leadership into objectively assessable and auditable requirements. Insisting top management set and communicate policies and objectives has been tried and tested!

There are now more enhanced ISO management system requirements for organizations to demonstrate leadership. Additional requirements will include:

  • Encouraging staff
  • Assisting lower orders of management within the organization

Documented information

Traditionally, management systems require reference to documents and records. This requirement doesn’t take account of the modern business world, where we are walking around with smartphones and tablets.

We are no longer just looking at pure data but processed information too. From a system management point of view, we need to make sure that processed information is correct.

The new clause replacing a requirement for references to documentation and records is termed ‘Documented Information’, with the purpose of moving us forward into the modern world. The new clause still incorporates the concepts of documentation and records, but there are no mandated procedures in the ISO 45001 document.

With the risk-based approach of ISO 45001, documented procedures are a risk control mechanism. It would be overly prescriptive for the standard to specify when documented procedures are needed.

Your organization does not need to throw existing documented procedures away. It should just consider whether it really needs them and how best to apply them.

Differences between OHSAS 18001 and ISO 45001

  • ISO 45001 Incorporates the Annex SL Framework
  • ISO 45001 has a more risk-based focus
  • ISO 45001 does not include a clause for ‘Preventive Action’

A risk-based focus

The proposed ISO 45001 will mean organizations adopting the new standard will have a management system that looks at the risk of the system not performing in its’ self, or succeeding in controlling health and safety to the level required by the organization.

The missing concept: Preventative Action

OHSAS 18001 includes the clause ‘Preventive Action’. By applying Annex SL to the international version of the standard (ISO 45001), your management system can then be used as a tool to control risks. With this risk management tool in place, there is no longer a need to address a specific clause on ‘preventive action’.

New terms and definitions in ISO 45001

The new definitions of the terms ‘Risk’, ‘The Worker’, ‘The Workplace’ and ‘Hazard Identification’ may change for the following reasons:

  • Risk. A universal definition of the term ‘Risk’ will be clarified in ISO 45001 as the meaning of this varies in some countries. The term ‘Hazard Identification’ is covered by the terms ‘risk identification and ‘risk control’ to ensure we encompass all potential hazards applicable to all industries and sectors.

  • The Worker. There are differences in the definition of this term and various legal constraints around this term in different countries – in the context of ISO 45001, ‘The Worker’ is defined as the person working under the control of the organization and includes subcontractors

  • The Work Place. There are questions amongst organizations regarding what is the workplace, is it your organization’s site?

Significant business benefits:

The issue of hazard identification is that it is currently very manufacturing, and hardware orientated, when more and more of us are working in services. ‘Hazard’ identification, therefore becomes ‘risk’ identification and ‘risk’ control to ensure we encompass all potential hazards applicable to all industries and sectors.

If your organization sends people to work at other people’s site, what is your responsibility for their safety? A universal definition of the term will need to be clarified.

Current issues with OHSAS 18001

Outsourcing - What is your responsibility?

What would be the damage to your business reputation if one of your outsourced suppliers or contractors created a significant OHS incident? ISO 45001 will look to define the answer in a way that can apply to all sectors and industries.

Worker participation:

There is some clarification required around expectations upon ‘worker participation’ and the ‘participation of worker representatives’ e.g. union and/or employee health & safety reps’ involvement in the day to day operations of the health & safety management system.

While top management will be responsible for setting organizational health & safety policy, they should be in consultation with union representatives and health & safety personnel.

The International Labour Organization wanted a lot more requirements on this issue. Many companies do not have any representatives what so ever. If there are no representatives within an organization, the standard will not force this requirement upon them as it is not a legal obligation either.

Preparing for the future

Charles Corrie’s recommendations to adopters and non-users of OHSAS 18001 health and safety management systems:

Existing users – DON’T PANIC!

Many clauses requirements of ISO 45001 will be the same as OHSAS 18001 – however they may be presented in a different sequence and may use different terminology.

Advice to existing users:

  • Get a copy of draft standard at www.iso.org/iso/iso45001 when this becomes available. (NQA will notify its ISO 45001 toolkit registrants)
  • Examine the changes
  • Do a gap analysis against your current OHSAS 18001 system
  • Start planning your transition towards using the new standard

Non-users of OHSAS 18001 – START NOW!

Don’t wait for ISO 45001 to be published before implementing a Health and Safety Management System as OHSAS 18001 will have a three year transition period. There are significant benefits to be realized by your business now.

Significant business benefits:

  • Reduced insurance premiums
  • Avoiding downtime
  • Reduced incident levels
  • Improved relationships with regulatory bodies

Next Steps

GET AN NQA GAP ANALYSIS - Getting started with a certifiable health and safety management system can be easier than you might think. Request a gap analysis report that will help you to delegate tasks required for OHSAS 18001 compliance by contacting us.

MANAGE YOUR LEGAL REGISTER - This will highlight some of the legislative and regulatory requirements that may be applicable to your business and could help you to start putting your legal register together in line with ISO management system requirements. Why not take advantage of NQA’s free business and legal updates e-zine ‘InTouch’? It takes less than 60 seconds to sign up.

GAIN MANAGEMENT SYSTEM COMPETENCE - Select from a range of IRCA and CPD accredited safety training options to suit your needs and budget here.

ASK FOR HELP - If your system management resources are limited, you can find a competent consultant that is known for successfully taking organizations through to OHSAS 18001 certification, by browsing the NQA Associate Consultant Register.

UNDERSTAND COSTS - Ascertain potential costs for certification of your health and safety management system by completing a quick quote form.

STAY AHEAD OF THE CURVE - Keep abreast of changes to OHSAS 18001 during its transition to ISO 45001 (the new international standard for health and safety management systems) here.

Reviewed by: Terry Fisher, NQA Occupational Health & Safety Principal Assessor