An Overview of ISO 45001
***Article Updated May 14, 2018***
The ISO finally released ISO 45001 to the public on March 12, 2018, marking the end of a more than four-and-a-half year development cycle. Recognizing the importance and far-reaching implications of the new standard, response from safety advocates and industry organizations was positive.
In a press release, Vic Toy, chair of the American National Standards Institute (ANSI)'s Technical Advisory Group, called it "one of the most significant developments in workplace safety over the past 50 years." The Institution of Occupational Safety and Health (IOSH)'s Richard Jones heralded it as a "much-needed solution ... (that) can enhance the drive towards a safe and healthy world of work."
Industries and Applications
Safety requirements and protocol vary from industry to industry and jobsite to jobsite. One of the benefits of ISO 45001 is that it is flexible enough to implement in virtually any organization. Some of the industries that can benefit most from a standardized safety management system include:
Oil and gas: The occupational fatality rate for oil and gas extraction workers is up to seven times higher than workers in general industry. This is in part due to challenges specific to the industry, including its complex supply chain and diverse, often contract-based workforce, as well the many dangerous processes, sites and equipment these workers interact with on a daily basis. ISO 45001 helps by providing a common language and set of safety standards that are easily accessible by any worker. This leads to greater engagement and accountability, and ultimately, a safer workplace.
Construction: Construction workers face many hazards, from slip-and-fall injuries to long-term health problems associated with asbestos exposure, repetitive stress injuries and more. At the same time, managers and business owners need to maintain productivity and profitability in this competitive sector. ISO 45001 provides a streamlined framework that integrates into your workflows, making safety part of the working culture rather than a check-the-box exercise. By focusing on the positive impacts of worker health and safety management, ISO 45001 motivates enhanced productivity and improved employee morale, and can lead to lower insurance premiums and other operating expenses.
Pharmaceutical: Toxic chemical exposure, fire and explosive hazards, and slip-and-fall injuries are common health and safety issues for pharma workers. Manufacturers also face a strict regulatory environment with extensive administrative requirements. By incorporating the Annex SL structure, ISO 45001 integrates with other quality management systems, reducing the red tape involved in staying compliant and managing risk organizationwide. Ultimately, when organizations see health and safety as a component of other quality goals, it is easier to build a more effective operation from the ground up.
Other industries that can benefit from becoming ISO 45001 certified to ensure occupational health include food and beverage processing, utility and telecommunications services, automotive manufacturing and more.
Getting Started With ISO 45001
There's no better time than now to begin the ISO 45001 certification process. Take the first steps by getting in touch with an NQA representative to request a quote today.
What is ISO 45001?
ISO 45001 (Occupational Health and Safety Management Systems – Requirements) is a new workplace safety standard. It will replace the current standard, OHSAS 18001. ISO 45001 is currently in development, and the final standard is expected to be published in late 2017. Once published clients with OHSAS 18001 will have to migrate to ISO 45001.
Background: Health and Safety Management StandardsThere were roughly 2.34 million deaths from workplace activities in 2013. The vast majority of these deaths (about 2 million) were due to workplace health issues, instead of injuries. Examples of these health and safety risks include:
- Toxic chemicals, paints, and solvents
- Handling work equipment without proper training
- Injuries from slips and falls
- Incorrect lifting and handling techniques
- Extreme workplace temperatures
Workplace injuries and health issues can have a significant impact on workplace productivity. Direct costs of workplace injuries include increased worker’s insurance premiums, fines and downtime for injured workers or damaged equipment as well as costs for replacement staffing, and other resources – not to mention the moral obligations.
The indirect impact is far less tangible. Workplace injuries often lead to low morale & employee turnover, reduced productivity, and difficulty complying with regulations. Organizations with a high number of workplace injuries and health concerns may struggle to capture a share of the growing market of consumers, concerned with the overall reputation of an organization – not just their product quality. A health and safety management standard strives to improve productivity and overall organization well-being by addressing concerns that could lead to negative outcomes.
Why Implement an Occupational Health and Safety Management System?
You may already be aware of some of the benefits of implementing a health and safety management system. If your organization has OHSAS 18001 certification, or other ISO certifications like ISO 9001 and ISO 14001, you probably have first-hand experience of the benefits of implementing a management system.
Benefits organizations can reap by implementing a management system include:
- Complying with regulatory and other compliance requirements
- Improving performance in a structured manner
- Implementing a system to manage risks and opportunities systematically
- Driving to improve cultural change
In the case of an occupational health and safety system, there are other benefits. These include:
- Proving a commitment to worker occupational health and safety
- Protecting your employees and contractors
- Potential for reducing workers’ insurance premiums
- Improving productivity by reducing workplace injuries and ill-health
Although many of the ISO management standards emphasize employee knowledge and participation, ISO 45001 goes even farther. It will be a requirement to focus on employee participation. Some of the clauses contained within the new standard, such as “Context of the Organization” and “Leadership,” specifically address the role employees have in developing the occupational health and safety management system alongside top management and staff.
Current Occupational Health and Safety Standards: OHSAS 18001
Currently, the OHSAS 18000 series are the most commonly recognized health and safety standards. These standards were first published in 1999. This series consists of OHSAS 18001 and OHSAS 18002:
- OHSAS 18001: Outlines requirements for an occupation health and workplace safety program
- OHSAS 18002: Provides recommendations for implementing the requirements found in 18001
The OHSAS 18000 series were the first widely adopted workplace health and safety standards. In 2007, OHSAS 18001 was revised to better match ISO standards. This aligned it more closely with ISO 9001 and ISO 14001 requirements.
ISO 45001 uses the recently revised standards framework (Annex SL) to align OHS requirements with other international standards.
A New Occupational Health and Safety Standard: ISO 45001
ISO 45001 will replace OHSAS 18001 in 2017 (currently proposed timeframe for final publication). A draft of the new standard was published in early 2016, with comments on the proposed requirements accepted through May 2016. A second draft of ISO 45001 is expected to be released in late 2016 or early 2017, with the final standard expected to be published at the end of 2017.
The new international standard is designed to allow organizations to tailor occupational health and safety management systems to their workplace more effectively. The requirements for ISO 45001 are process-oriented instead of focused on ensuring that a specific procedure is adopted. This will allow organizations to develop an occupational health and safety management program that addresses the specific risks of their workplace.
The new standard will use ISO 9001:2015 and ISO 14001:2015 as its normative references. This means the requirements of this standard will be harmonized with the requirements of the other two standards making integration into an existing management system far easier due to the common framework (Annex SL).
Timeline for ISO 45001 Publication
- 7 January 2016: Draft of ISO 45001 released
- 12 February – 12 May 2016: Draft ballot period, feedback on Draft of ISO 45001 accepted
- 23 May 2016: Report from draft ballot results
- Expected December 2016/January 2017: Second draft of ISO 45001 released
- December 2017: Publication of ISO 45001 expected
Once ISO 45001 is published it is expected that holders of OHSAS 18001 certification will have a three-year transitional period to migrate their certification to the ISO 45001 standard. The dates of this transition period will be set once the final standard is published.
Comparing OHSAS 18001 and ISO 45001
If you already have OHSAS 18001 certification, you’re unlikely to see major changes when transitioning to ISO 45001. Some of the differences you will see include:
1. Greater Emphasis on Workforce Participation
In OHSAS 18001, the primary emphasis is on the people in the workforce. This includes ensuring that employees are informed about occupational safety and actively participate in the process. ISO 45001 reinforces this focus.
The focus on employee participation and knowledge is found throughout ISO 45001. That is because occupational health and safety systems are at their most effective when people throughout the organization are engaged. Clauses 4 and 8 both focus specifically on these requirements.
The majority of new requirements occur in clause 4 (Context of the Organization) and clause 8 (Operations). However, the structure of ISO 45001 is dramatically different from that of OHSAS 18001. We’ve provided a full explanation of how OHSAS 18001 requirements map to ISO 45001 on our website.
2. Expanded Focus of Health and Safety Programs
Another considerable difference you will see between OHSAS 18001 and ISO 45001 is focus on the benefits of a worker health and safety management system. OHSAS 18001 primarily focused on reducing negative impacts of health and safety incidents. ISO 45001, on the other hand, focuses on valuing the positive impact of worker health and safety programs. These benefits might include:
- Lower insurance premiums
- Improved workplace productivity
- Better workplace morale
- Customer recognition of social responsibility
ISO 45001 does focus on risk management, but it also focuses on the role that health and safety management can have in driving a positive cultural change within an organization. This emphasis is shown through the increased number of requirements for employee participation. It’s also represented by the added focus on understanding organizational context, including stakeholders, outside influences, and regulatory requirements.
3. Reduced Focus on Standardized Procedures
Many organizations will notice that the requirements for ISO 45001 certification are less standardized than those of OHSAS 18001. The requirements found in clauses 6 (Planning), 7 (Leadership), and 8 (Operations) have specifically been designed with flexibility in mind but are based on risk and opportunity.
ISO 45001 will still require organizations to implement and document health and safety procedures in a structured way. However, specific requirements for implementing these procedures will not be contained within the standard.
This change has been made for two reasons, to:
Ensure that health and safety management programs apply to the specific needs and risks of the business in question
- Help to integrate health and safety management programs into the organization’s culture by ensuring that the programs are internally adopted instead of externally imposed
Because safety needs vary by industry, ISO 45001 allows workplace safety programs to vary as well. For instance, occupational hazards in the construction industry look very different from those in the pharmaceutical industry. Thus, both organizations may follow very different programs in order to mitigate their risk. The added flexibility of the new standard should make it easier for organizations to design health and safety programs that address the risks of their specific workplaces.
Who Does ISO 45001 Apply To?
Health and safety management systems apply to any type of business with employees - both large and small organizations can obtain these certifications. The requirements for an occupational health and safety program can easily be adapted to fit the needs of businesses in a wide variety of industries. ISO 45001 is designed to apply to both large and small businesses. Its use of the new Annex SL format will make it easier for organizations of different sizes, and in different types of industries, to adopt the new standards.
If your organization already has the OHSAS 18001 certification, you should seriously consider becoming ISO 45001 certified. This standard will replace the OHSAS 18000 series of standards, so your earlier certification will need to be migrated once the ISO 45001 has been published and approved.
What You Can Expect from the ISO 45001 Update
Like many new international standards, ISO 45001 will use the Annex SL format. That means the framework and much of the content of ISO 45001 will be familiar to organizations that have other ISO management system certifications.
Annex SL is a new framework for management systems. It’s designed to make it easier to implement multiple management standards in one organization. Although each standard will have discipline-specific clauses, many of the overarching terms, references and clauses will be shared.
Annex SL contains a high level framework, required appendixes, some core language and common terms. It functions as a template for a variety of different management system standards. Individual standards will add discipline-specific clauses, as well.
The change to the Annex SL framework was made to address conflicts between different standards. Some of these conflicts include:
- Conflicts in terms and definitions between different management standards
- The need to duplicate processes in order to maintain multiple certifications
- Incompatible requirements between different management standards
By using the same structure and shared terms and definitions, the Annex SL format reduces these conflicts. The very goal of management standards is to increase productivity. Duplicating processes is an inefficient use of resources, and ISO recognizes this. That’s why Annex SL was introduced.
What Does Annex SL Apply To?
Like most new or recently revised standards, ISO 45001 will follow the new Annex SL format. This is the same structure you may have seen in the recent revisions of ISO 9001:2015, ISO 14001:2015 and ISO 27001:2013.
This format is a high level structure that will apply to many of ISO’s new standards. It will be used to ensure that standards have consistent terminology and definitions. As the new structure becomes more common, it’s expected that Annex SL standards and terminology will comprise up to 40 percent of the requirements of many standards.
Annex SL is expected to:
- Standardize terms and requirements between different ISO standards
- Reduce confusion between requirements and definitions in different ISO standards
- Cut down on the need for repeat processes to maintain different ISO certifications
- Reduce bureaucracy
- Make management processes needed for ISO certification more efficient
The Annex SL structure will only be used for international standards and technical specifications going forward. Over time, international standards will develop a common appearance and set of requirements.
If your organization is currently certified to ISO 9001:2015 or ISO 14001:2015, you will be familiar with the Annex SL framework. The Annex SL format consists of 10 elements:
- Normative References
- Terms and Definitions
- Context of the Organization
- Performance Evaluation
We’ll explain each of these in more depth below.
The scope of ISO 45001 was provided in draft form earlier in 2016. This section received a number of comments, and is expected to be heavily revised before the publication of the final standard. Most of the comments made on this section focused on wording and aligning the introduction with other parts of the standard.
- Sets out the intended results of the management program
- Defines any industry-specific requirements
- Addresses the processes and job functions that will be affected by the management standard
This section is not expected to undergo substantial revisions before publication of the final standard.
Details any other standards used as references
This element is expected to undergo revisions before the publication of the final standard. When the draft standard was published, comments asking for clarification of workers, workplaces, and contractors or external supplies were requested.
- Defines specific terms used within the standard
- Many terms and definitions are part of the Annex SL template
- Other industry-specific terms may be defined here
ISO 45001 is expected to share a number of terms and definitions with OHSAS 18001. Some of the terms that will transfer to the new standard include:
- Interested party: Person who can affect, be affected by, or perceive itself to be affected by a decision or activity
- Injury and ill health: Adverse effect on the physical, mental, or cognitive condition of a person
A more extensive list of shared terms and definitions can be found on our website.
This is a new element in the Annex SL format. As a result, it’s generated some confusion among clients. If your organization currently holds OHSAS 18001 certification, it’s likely you’ve already documented some of these procedures.
The draft text of this element is expected to undergo minor revisions. Comments provided on the draft focused on clarifying inconsistencies between this standard, ISO 9001 and ISO 14001.
The goal of this section is to:
- Determine why the organization exists
- Identify any internal or external influences that will affect desired outcomes
- Document the scope of the management system that’s implemented
This clause explicitly focuses on external and internal influences on an organization’s workplace and on its health and safety programs. David Smith, the chairman of the committee developing ISO 45001, explains that the new approach contrasts to earlier health and safety programs. Instead of focusing on internal employees only, organizations should now consider the impact of:
- Regulatory authorities
- External suppliers
This element consists of four different clauses. It contains two new requirements (4.1 and 4.2).
4.1: Understanding the Organization and its Context
- New requirement
- Requires the organization to consider outside influences that affect the organization, such as stakeholders, regulation or governance
- Organizations should consider what factors influence the culture of the organization
- Organizations seeking certification should be prepared to discuss influences on the organization’s culture with the assessor
4.2: Understanding the Needs and Expectations of Interested Parties
- New requirement
- Requires the organization to consider stakeholders and their interests
- Organizations seeking certification should be prepared to discuss stakeholders with their assessor
4.3: Determining the Scope of the Management System
- Previously found in scope and clause 4 of OHSAS 18001
- Requires organization to identify the boundaries of the health and safety management program
4.4: The Management System
- Previously found in scope and clause 4 of OHSAS 18001
Prior to the adoption of the Annex SL format, this clause was usually referred to as “management.” The new wording was adopted to reflect the role that various types of leadership play in the adoption of a management system.
This clause emphasizes greater involvement from top management and from employees. As a result, top management is expected to be more involved in review procedures. Greater awareness and participation from employees is also expected.
Comments on the draft of ISO 45001 asked for clarification on the intended outcomes of health and safety programs. They also focused on clarifying the role of top leadership in the health and safety management system. This clause is expected to undergo revisions before the publication of the final standard.
Clause 5 has three sub clauses found in Annex SL, and an additional sub-clause specific to ISO 45001.
5.1: Leadership and Commitment
- This clause is similar to clauses 4.4.1, 4.4.3 and 4.4.6 in OHSAS 18001
- There is an added emphasis on engagement with workers while developing health and safety programs
- Organizations are required to pay more attention to communication with and participation of workers
- Organizations should apply the hierarchy of controls to health and safety risks
- Organizations must commit to meeting legal requirements of health and safety programs
5.3: Organizational roles, responsibilities and authorities
This section is similar to clause 4.4.1 in OHSAS 18001.
5.4: Participation and Consultation
- This clause is not found in the standard Annex SL format — it has been specifically added to ISO 45001
- Emphasizes the need for engagement and participation with workers while developing health and safety programs
- Encourages non-management roles to participate in health and safety requirements
The “planning” clause directly addresses the risks and opportunities that the organization outlined in clause 4. As in many of the new and revised management standards, this clause places an emphasis on risk-based analysis.
This is an area where organizations with OHSAS 18001 certification will see major differences. OHSAS 18001 emphasizes prevention, with corrective action taken as needed. ISO 45001 emphasizes a more proactive approach. Organizations should expect to identify major risks, when they might occur, and who will be taking preventative action.
When the draft of the ISO 45001 standard was published, the majority of comments in this section addressed language inconsistencies. Revisions are expected to provide greater clarification of what is meant by terms such as “hazard” and “incident”.
Clause 6 has two sub clauses:
6.1: Actions to Address Risks and Opportunities
- This section is similar to clauses 4.3.1, 4.3.2 and 4.3.3 in OHSAS 18001
- Legal and regulatory requirements for health and safety programs should be identified in this section
- The organization should consider the effectiveness of actions taken to address risks and opportunities
6.2: Management System Objectives and Planning to Achieve Them
- Objectives and plans should be documented
- The organization should develop a plan for achieving documented objectives, which includes responsible persons, a timeline for implementation and how progress and success are measured
- The organization is responsible for reviewing health and safety objectives
This section directly addresses the support or resources needed to implement the health and safety management program. In many cases, clause 7 will directly address the risks and opportunities (clause 4), requirements for commitment (clause 5), and health and safety plans (clause 6) that the organization has already outlined.
The majority of these requirements are similar to those found under OHSAS 18001. The requirements for Clause 7 are primarily found in Clause 4.4 and 4.5 in OHSAS 18001. Many of the requirements for documentation are found within this section.
The draft of this section had a variety of comments made on it. Questions included requests for clarification about the requirements of competence, documentation, awareness, and communication. Expect to see major revisions in the published standard to clarify these questions.
This element has five sub-clauses.
- The organization should determine the resources needed for the health and safety plan
- The organization is responsible determining how to supply these resources
- The organization should evaluate competence and determine actions needed to develop it
- The actions taken to evaluate and develop competence should be reviewed
- The specific procedures and documentation required by OHSAS 18001 are no longer required. However, the organization should have a plan to document competence and evaluations
- The organization should develop a plan to inform workers about workplace safety, hazards, and risks
- Workers should be informed of any elements in the health and safety plan that they are required to perform
- The organization should develop a plan to inform workers of the results of relevant health and safety investigations
- This clause is similar to clause 4.4.3 and 22.214.171.124 in OHSAS 18001
- The organization has an additional requirement to ensure that communication was received, and to determine whether it was effective
- Documented information in this section will replace some of the procedural requirements found in OHSAS 18001
7.5: Documented Information
- No longer requires the same procedural or documentation requirements of OHSAS 18001
- Organizations may maintain any relevant procedures or documentation from OHSAS 18001
- Documented information requires appropriate controls
Under the Annex SL format, Clause 8 includes only one required sub-clause. However, the majority of the requirements for the management system are found in this section. Organizations transitioning from OHSAS 18001 will find that this section contains most of the new requirements.
There were a number of comments made in reference to this element in the draft standard. As a result, expect this clause to undergo major revisions before the publication of the final standard. Comments included requests for additional clarification about the role of the hierarchy of controls, as well as the management of changes. Other questions included the requirements for health and safety programs that apply to contractors and suppliers, and what types of workplaces the health and safety program should consider.
This section has seven clauses. Six of these clauses are unique to ISO 45001.
8.1.1: Operational Planning and Control
- Aligns with section 4.4.6 in OHSAS 18001
- Requires risk controls to be developed in conjunction with other operational controls
8.1.2: Hierarchy of Controls
- New requirement
- The organization is required to specify the hierarchy of controls within business operation
- The hierarchy of controls adopted by the organization is required the take risk management into account
8.2: Management of Change
- New requirement addressing changes made to operations
- Specifies the requirements of any changes made, as well as, the sources of changes
- New requirement
- Addresses operational planning, controls and changes in regard to outsourced work
- New requirement
- Addresses health and safety program needs in relation to the procurement of materials
- New requirement
- Establishes controls on contractors’ activities
- Requirement also entails the organization to establish communication requirements for contractors and the host company’s workers
8.6: Emergency Preparedness and Response
- Aligns with 4.4.7 in OHSAS 18001
- Expands the emergency preparedness and response requirements to include a communication plan
This clause addresses the need for monitoring and evaluation of the organization’s health and safety program. The organization should expect to identify which elements should be monitored, measured, analyzed, or evaluated. The process and requirements for monitoring, measuring, and evaluating should be developed with the organization’s needs in mind. An internal audit to ensure effectiveness, as well as, compliance to the standard is required.
The majority of the general requirements for performance evaluation found in clause 9 are present in Clauses 4.5 and 4.6 of OHSAS 18001. However, the emphasis and specific requirements have both been revised.
There are five sub-clauses in this element. Three of them are present in all Annex SL standards. Clauses 9.1.2 and 9.2.2 have been added specifically for ISO 45001.
9.1: Monitoring, measurement, analysis and evaluation
- The requirements for determining what should be monitored, measured, analyzed, or evaluated now include the need to document criteria
- The organization is required to document information — a requirement that replaces the OHSAS 18001 procedural requirements
9.1.2: Evaluation of compliance with legal requirements and other requirements
- Specific to ISO 45001
- Procedural requirements have been replaced by the requirement to document information
- Evaluation planning should include the frequency of evaluations
9.2: Internal audit objectives
- This section aligns with clause 4.5.5 in OHSAS 18001
- Procedural requirements in OHSAS 18001 have been replaced with the requirement to document information
9.2.2: Internal audit process
- This section aligns with clause 4.5.5 in OHSAS 18001
- Requirements for the internal audit process include communicating with workers
- The organization is required to retain documented information
- A new requirement to address non-conformities found during the audit process has been added
9.3: Management review
- Aligns with clause 4.6 in OHSAS 18001
- Management is required to review the occupational health and safety system for effectiveness
- There is a greater emphasis on aligning communication and improvements with the risks and opportunities developed earlier
This section addresses the organization’s plans for corrective actions.
Expect clause 10 of ISO 45001 to undergo moderate revisions. Comments on the draft of the standard focused on clarifying the definition of health and safety incidents, incident investigations, and continual improvement.
There are four sub-clauses in this element. Clauses 4.1 and 4.2 are both part of the Annex SL format. Clauses 4.2.1 and 4.2.2 have been added specifically to address the health and safety management program needs.
10.1: Non-conformity and corrective action
- This section aligns with OHSAS 18001 clauses 4.5.3, 126.96.36.199 and 188.8.131.52.
- The language of preventative action, which is found in most standards, has been reduced. This is because preventative action is considered intrinsic to the occupational health and safety management system.
- The organization is required to take direct action to address non-conformities.
- The organization should investigate the root cause of an incident, and address this cause in corrective actions.
- Requires organizations to document and review the effectiveness of any corrective actions taken.
10.2: Continual improvement
- Continually improve the suitability, adequacy and effectiveness of the OHS management system to prevent occurrences, incidents and nonconformities to enhance performance.
10.2.1: Continual improvement objectives
- for positive culture change and improved performance.
10.2.2: Continual improvement process
- Organizations should demonstrate that they are using the results of this process to identify opportunities for improvement.
Migrating From OHSAS 18001 to ISO 45001
Whether you’re considering obtaining ISO 45001 certification from scratch, or already have an OHSAS 18001 certification, the certification process is similar. Here are a few tips to make the migration easier.l;l1. Get a copy of the ISO 45001 standard and study it.
This step is essential, whether you currently have OHSAS 18001 certification or not. Although the final standard has not yet been published, we offer a number of resources to help you get started. Consider starting with this analysis of how OHSAS 18001 requirements will map to ISO 45001. You may also want to use our ISO 45001 health and safety standard toolkit.2. Identify information about legal and other requirements for occupational health and safety programs and how they will evaluate compliance with these requirements to demonstrate effectiveness.
This is most pertinent for organizations that don’t currently hold OHSAS 18001 certification. If you already have a health and safety management certification, this information has probably already been identified. If not, now is the time to identify any legal and other requirements that may affect your occupational health and safety management program.3. Review workplace hazards and develop a risk assessment methodology.
Similarly, this step applies primarily to organizations that do not currently hold a health and safety certification. If you currently have a certification, review your documentation to locate this risk assessment.4. Conduct a gap analysis.
Conducting a gap analysis will help organizations that currently hold OHSAS 18001 certification, as well as those seeking a certification for the first time. If you currently hold OHSAS 18001 certification, there shouldn’t be many gaps other than those differences highlighted between the two standards. A gap analysis should also include areas for improvement. Although it’s a good idea to prepare ahead of time, it won’t be possible to apply for ISO 45001 until the final standard is published.
For more information on ISO 45001 certification, review our ISO 45001 toolkit or contact NQA directly.