ISO 4500 the New Health & Safety Certification | NQA

ISO 45001, the replacement of OHSAS 18001, has now reached Draft International Standard 2 (DIS 2) status.

WHAT IS ISO 45001?

ISO 45001 is the future replacement to OHSAS 18001 and will become the international ISO standard for Occupational Health and Safety Management Systems (OHSMS).

Not only has the standard superceded OHSAS 18001, it makes integration with other management systems simpler than ever before; because it shares the new common structure defined by Annex SL, it is directly aligned with the 2015 versions of ISO 9001 and ISO 14001. 

You can find more information about this standard and the differences to OHSAS 18001 here in the ISO 45001 gap guide - download HERE.


If you have certification to OHSAS 18001 you will need to migrate to ISO 45001 to maintain the validity of certification.

There is the normal 3 year migration period so there is still time to plan your move over to ISO 45001.


Because ISO 45001 has to be agreed globally, do you think it will be a 'watered down' version of OHSAS 18001? No – it is a new standard using an established structure based on an effective management model, it is designed to be used as part of a business management system.

Legislation registers / Aspects and Impacts Registers: Is there a minimum requirement for what they must contain? No – the contents will be based on the business activity, geographical location and local /national enforcement requirements. Each organisation is unique.

If we adopt the new standard now (before we are able to migrate) will the organisation still be able to meet the requirements of OHSAS 18001 and hence maintain certification? The clause by clause requirements for the existing OHSAS 18001 are established and can be used for registration – the draft 45001 standard is not approved but there will be common elements, however as the draft ISO standard is still subject to potential change – to be sure, use what is currently approved- OHSAS 18001. Refinements can be made without compromising the integrity of an existing 18001 system.


Annex SL is the new high level structure for ISO management system standards. The structure will enable different ISO management systems to integrate more easily. Integrated management systems (IMS) can drive operational and resource efficiencies for the business and reduce the number of assessment days required for certification.

Annex SL also provides concepts that users of OHSAS 18001 will already be familiar with including:

1. Setting policies
2. Setting objectives
3. Conducting internal audits
4. Management reviews
5. Continual improvement


Annex SL requires ISO management systems standards to adopt three new concepts:

1. Context of the organization
2. Leadership
3. Documented information


Requirements around the new clause ‘Context of the Organization’ link your management system to your business environment and its’ strategies for health & safety performance. This in turn promotes greater management focus upon using the system as a business tool.

Assessing the context of your organization requires you to look at internal and external factors that might impact on your organization, including:

  • Changing labour relations
  • New technologies and materials
  • Services coming from outside or inside your organization that might change the way you do things

ISO 45001 requires you to look at the risks that change can introduce to your organization and assess how such risks are controlled.


It can be tough converting ideas around good leadership into objectively assessable and auditable requirements. Insisting top management set and communicate policies and objectives has been tried and tested!

There are now more enhanced ISO management system requirements for organizations to demonstrate leadership. Additional requirements will include:

  • Encouraging staff
  • Assisting lower orders of management within the organization


Traditionally, management systems require reference to documents and records. This requirement doesn’t take account of the modern business world, where we are walking around with smartphones and tablets.

We are no longer just looking at pure data but processed information too. From a system management point of view, we need to make sure that processed information is correct.

The new clause replacing a requirement for references to documentation and records is termed ‘Documented Information’, with the purpose of moving us forward into the modern world. The new clause still incorporates the concepts of documentation and records, but there are no mandated procedures in the ISO 45001 document.

With the risk-based approach of ISO 45001, documented procedures are a risk control mechanism. It would be overly prescriptive for the standard to specify when documented procedures are needed. Your organization does not need to throw existing documented procedures away. It should just consider whether it really needs them and how best to apply them.


  • ISO 45001 Incorporates the Annex SL Framework
  • ISO 45001 has a more risk-based focus
  • ISO 45001 does not include a clause for ‘Preventive Action’


The proposed ISO 45001 will mean organizations adopting the new standard will have a management system that looks at the risk of the system not performing in its’ self, or succeeding in controlling health and safety to the level required by the organization.


OHSAS 18001 includes the clause ‘Preventive Action’. By applying Annex SL to the international version of the standard (ISO 45001), your management system can then be used as a tool to control risks. With this risk management tool in place, there is no longer a need to address a specific clause on ‘preventive action’.


The new definitions of the terms ‘Risk’, ‘The Worker’, ‘The Workplace’ and ‘Hazard Identification’ may change for the following reasons:

Risk. A universal definition of the term ‘Risk’ will be clarified in ISO 45001 as the meaning of this varies in some countries. The term ‘Hazard Identification’ is covered by the terms ‘risk identification and ‘risk control’ to ensure we encompass all potential hazards applicable to all industries and sectors.

The worker. There are differences in the definition of this term and various legal constraints around this term in different countries – in the context of ISO 45001, ‘The Worker’ is defined as the person working under the control of the organization and includes subcontractors.

The work place. There are questions amongst organizations regarding what is the workplace, is it your organization’s site?


The issue of hazard identification is that it is currently very manufacturing, and hardware orientated, when more and more of us are working in services. ‘Hazard’ identification, therefore becomes ‘risk’ identification and ‘risk’ control to ensure we encompass all potential hazards applicable to all industries and sectors.

If your organization sends people to work at other people’s site, what is your responsibility for their safety? A universal definition of the term will need to be clarified.


Outsourcing - What is your responsibility?

What would be the damage to your business reputation if one of your outsourced suppliers or contractors created a significant OHS incident? ISO 45001 will look to define the answer in a way that can apply to all sectors and industries.

Worker participation:

There is some clarification required around expectations upon ‘worker participation’ and the ‘participation of worker representatives’ e.g. union and/or employee health & safety reps’ involvement in the day to day operations of the health & safety management system.

While top management will be responsible for setting organizational health & safety policy, they should be in consultation with union representatives and health & safety personnel.

The International Labour Organization wanted a lot more requirements on this issue. Many companies do not have any representatives what so ever. If there are no representatives within an organization, the standard will not force this requirement upon them as it is not a legal obligation either.


Charles Corrie’s recommendations to adopters and non-users of OHSAS 18001 health and safety management systems:


Many clauses requirements of ISO 45001 will be the same as OHSAS 18001 – however they may be presented in a different sequence and may use different terminology.

Advice to existing users:

  • Get a copy of draft standard at when this becomes available. (NQA will notify its ISO 45001 toolkit registrants)
  • Examine the changes
  • Do a gap analysis against your current OHSAS 18001 system
  • Start planning your transition towards using the new standard

There are significant benefits to be realized by your business now.


Watch our pre recorded webinar for a presentation on how the ISO 45001 standard will change the way occupational health and safety management systems are implemented and certified.

Terry Fisher, OHSMS Assessor will explain:

  • The structure of the standard and introduction to Annex SL
  • The key concepts of ISO 45001
  • New terminology and important definitions introduced in ISO 45001
  • The main differences between the requirements of OHSAS 18001 and ISO 45001
  • The expected transition timeline and milestone events
  • Practical tips on how to prepare for the changes
  • Q&A

Once you've watched the video you can also download our handy Gap Analysis document which gives a clause-by-clause comparison of OHSAS 18001 and ISO 45001.

ISO 45001 Timeline


GET AN NQA GAP ANALYSIS - Getting started with a certifiable health and safety management system can be easier than you might think. Request a gap analysis report that will help you to delegate tasks required for OHSAS 18001 compliance by contacting us.

MANAGE YOUR LEGAL REGISTER - This will highlight some of the legislative and regulatory requirements that may be applicable to your business and could help you to start putting your legal register together in line with ISO management system requirements. 

GAIN MANAGEMENT SYSTEM COMPETENCE - Select from a range of IRCA and CPD accredited safety training options to suit your needs and budget here.

UNDERSTAND COSTS - Ascertain potential costs for certification of your health and safety management system by completing a quick quote form.