ISO 45001:2016 New Health & Safety Certification | NQA

ISO 45001, the replacement of OHSAS 18001, has now reached Draft International Standard 2 (DIS 2) status.

Please note: ISO 45001 delayed until 2017 - read more here.

WHAT IS ISO 45001?

ISO 45001 is the future replacement to OHSAS 18001 and will become the ISO standard for Occupational Health and Safety Management Systems (OHSMS).

Not only will the standard supercede OHSAS 18001, it will make integration with other management systems simpler than ever before; because it shares the new common structure defined by Annex SL, it is directly aligned with the 2015 versions of ISO 9001 and ISO 14001. 

You can find more information about migrating to ISO 45001 in the briefing note HERE.


In June 2015, results of an OHSAS Standard and Certification Survey showed although 90,000 certificates for OHSAS 18001 compliance have been issued to organizations, there are about 40 different versions of the standard worldwide.

This demonstrated a pressing need for a single international standard in the area of occupational health and safety. The main requirement needed to create one standard for all, is the application of Annex SL.



If you have certification to OHSAS 18001 you will need to migrate to ISO 45001 to maintain the validity of certification.

ISO 45001 is expected to be published late 2017, so there is plenty of time to plan the migration.

We will keep you informed of significant changes and updates but don't expect to have detailed plans until the Final Draft Standard has been published. 


Because ISO 45001 has to be agreed globally, do you think it will be a 'watered down' version of OHSAS 18001? No – it is a new standard using an established structure based on an effective management model, it is designed to be used as part of a business management system.

Legislation registers / Aspects and Impacts Registers: Is there a minimum requirement for what they must contain? No – the contents will be based on the business activity, geographical location and local /national enforcement requirements. Each organisation is unique.

If we adopt the new standard now (before we are able to migrate) will the organisation still be able to meet the requirements of OHSAS 18001 and hence maintain certification? The clause by clause requirements for the existing OHSAS 18001 are established and can be used for registration – the draft 45001 standard is not approved but there will be common elements, however as the draft ISO standard is still subject to potential change – to be sure, use what is currently approved- OHSAS 18001. Refinements can be made without compromising the integrity of an existing 18001 system.


Annex SL is the new high level structure for ISO management system standards. The structure will enable different ISO management systems to integrate more easily. Integrated management systems (IMS) can drive operational and resource efficiencies for the business and reduce the number of assessment days required for certification.

Annex SL also provides concepts that users of OHSAS 18001 will already be familiar with including:

1. Setting policies
2. Setting objectives
3. Conducting internal audits
4. Management reviews
5. Continual improvement


Annex SL requires ISO management systems standards to adopt three new concepts:

1. Context of the organization
2. Leadership
3. Documented information


Requirements around the new clause ‘Context of the Organization’ link your management system to your business environment and its’ strategies for health & safety performance. This in turn promotes greater management focus upon using the system as a business tool.

Assessing the context of your organization requires you to look at internal and external factors that might impact on your organization, including:

  • Changing labour relations
  • New technologies and materials
  • Services coming from outside or inside your organization that might change the way you do things

ISO 45001 requires you to look at the risks that change can introduce to your organization and assess how such risks are controlled.


It can be tough converting ideas around good leadership into objectively assessable and auditable requirements. Insisting top management set and communicate policies and objectives has been tried and tested!

There are now more enhanced ISO management system requirements for organizations to demonstrate leadership. Additional requirements will include:

  • Encouraging staff
  • Assisting lower orders of management within the organization


Traditionally, management systems require reference to documents and records. This requirement doesn’t take account of the modern business world, where we are walking around with smartphones and tablets.

We are no longer just looking at pure data but processed information too. From a system management point of view, we need to make sure that processed information is correct.

The new clause replacing a requirement for references to documentation and records is termed ‘Documented Information’, with the purpose of moving us forward into the modern world. The new clause still incorporates the concepts of documentation and records, but there are no mandated procedures in the ISO 45001 document.

With the risk-based approach of ISO 45001, documented procedures are a risk control mechanism. It would be overly prescriptive for the standard to specify when documented procedures are needed.

Your organization does not need to throw existing documented procedures away. It should just consider whether it really needs them and how best to apply them.


  • ISO 45001 Incorporates the Annex SL Framework
  • ISO 45001 has a more risk-based focus
  • ISO 45001 does not include a clause for ‘Preventive Action’


The proposed ISO 45001 will mean organizations adopting the new standard will have a management system that looks at the risk of the system not performing in its’ self, or succeeding in controlling health and safety to the level required by the organization.


OHSAS 18001 includes the clause ‘Preventive Action’. By applying Annex SL to the international version of the standard (ISO 45001), your management system can then be used as a tool to control risks. With this risk management tool in place, there is no longer a need to address a specific clause on ‘preventive action’.


The new definitions of the terms ‘Risk’, ‘The Worker’, ‘The Workplace’ and ‘Hazard Identification’ may change for the following reasons:

  • Risk. A universal definition of the term ‘Risk’ will be clarified in ISO 45001 as the meaning of this varies in some countries. The term ‘Hazard Identification’ is covered by the terms ‘risk identification and ‘risk control’ to ensure we encompass all potential hazards applicable to all industries and sectors.

  • The Worker. There are differences in the definition of this term and various legal constraints around this term in different countries – in the context of ISO 45001, ‘The Worker’ is defined as the person working under the control of the organization and includes subcontractors

  • The Work Place. There are questions amongst organizations regarding what is the workplace, is it your organization’s site?

Significant business benefits:

The issue of hazard identification is that it is currently very manufacturing, and hardware orientated, when more and more of us are working in services. ‘Hazard’ identification, therefore becomes ‘risk’ identification and ‘risk’ control to ensure we encompass all potential hazards applicable to all industries and sectors.

If your organization sends people to work at other people’s site, what is your responsibility for their safety? A universal definition of the term will need to be clarified.


Outsourcing - What is your responsibility?

What would be the damage to your business reputation if one of your outsourced suppliers or contractors created a significant OHS incident? ISO 45001 will look to define the answer in a way that can apply to all sectors and industries.

Worker participation:

There is some clarification required around expectations upon ‘worker participation’ and the ‘participation of worker representatives’ e.g. union and/or employee health & safety reps’ involvement in the day to day operations of the health & safety management system.

While top management will be responsible for setting organizational health & safety policy, they should be in consultation with union representatives and health & safety personnel.

The International Labour Organization wanted a lot more requirements on this issue. Many companies do not have any representatives what so ever. If there are no representatives within an organization, the standard will not force this requirement upon them as it is not a legal obligation either.


Charles Corrie’s recommendations to adopters and non-users of OHSAS 18001 health and safety management systems:


Many clauses requirements of ISO 45001 will be the same as OHSAS 18001 – however they may be presented in a different sequence and may use different terminology.

Advice to existing users:

  • Get a copy of draft standard at when this becomes available. (NQA will notify its ISO 45001 toolkit registrants)
  • Examine the changes
  • Do a gap analysis against your current OHSAS 18001 system
  • Start planning your transition towards using the new standard


Don’t wait for ISO 45001 to be published before implementing a Health and Safety Management System as OHSAS 18001 will have a three year transition period. There are significant benefits to be realized by your business now.


This briefing by Charles Corrie, Secretary to ISO PC283 (the standard writing committee for ISO 45001), provides an overview of the key concepts of ISO 45001 and the key differences from OHSAS 18001.

It also includes Charles’s recommendations for existing users and non-users of OHSAS 18001.

Watch the briefing here.


GET AN NQA GAP ANALYSIS - Getting started with a certifiable health and safety management system can be easier than you might think. Request a gap analysis report that will help you to delegate tasks required for OHSAS 18001 compliance by contacting us.

MANAGE YOUR LEGAL REGISTER - This will highlight some of the legislative and regulatory requirements that may be applicable to your business and could help you to start putting your legal register together in line with ISO management system requirements. 

GAIN MANAGEMENT SYSTEM COMPETENCE - Select from a range of IRCA and CPD accredited safety training options to suit your needs and budget here.

UNDERSTAND COSTS - Ascertain potential costs for certification of your health and safety management system by completing a quick quote form.