ISO 45001 briefing

IOSH head of policy and public affairs Richard Jones reviews the development of the universal management systems standard due in October.

Image credit: ©iStock/duncan1890

Why is more action needed on occupational health and safety (OH&S)?

More action is needed in order to tackle the huge human, societal and economic toll of health and safety failure across the globe. 

It is estimated that annually, 2.3 million people are killed by work accidents and disease and there are around 317 million non-fatal work accidents worldwide. Around 4% of world GDP is lost to work accidents and diseases [source: ILO].

Clearly, poor risk management is not an acceptable or sustainable model; whereas managing OSH risk not only prevents injury, illness and death – it also helps to support business success and sustain the economy.

Why is a new standard needed?

International standards are important because they help to build consensus and consistency and provide an internationally recognised benchmark.

In 1996, the British Standards Institute (BSI) created the BS 8800 Guide to occupational health and safety management and in 1999, worked with others to develop OHSAS 18001, which fulfilled the growing demand for a certifiable standard. This progressively gained a level of global acceptance and certifications number over 90,000 in 127 countries, with around 40 national-versions. However, because its development was not based on international consensus and there is no formal agreement between accreditation bodies and the OHSAS Project Group, the need for a truly internationally agreed certifiable standard remained.

In addition, historically, ISO management system standards for quality, environment, food safety, etc. led to some differences and confusion, with separate risk control systems. To help address this, ISO 9001 (QMS) and ISO 14001 (EMS) have recently been updated using the common framework (Annex SL) and so it makes sense that a new updated standard for OHSMS is available too. 

In 2013 BSI proposed that ISO produce an international standard based on BS OHSAS 18001, ISO approved project committee (ISO PC 283) to develop a new standard. Now, ISO 45001, the new international and certifiable standard Occupational health and safety management systems – requirements and guidance for use is being developed and is due for publication later this year.

What are the potential benefits?

Applying ISO 45001 and effectively managing OSH risks can assist an organisation to:

•    minimise OSH risk to all those working on its behalf (including to their mental and physical health)
•    continually improve its OSH performance
•    integrate OSH into its business management system and processes

In addition to the humanitarian benefits of reduced injury, illness and death, good OSH management can help organisations to:

•    ensure socially responsible and sustainable operations
•    enhance productivity and customer loyalty
•    improve reputation, reliability and business success
•    attract clients and investment
•    facilitate recruitment and retention of employees 
•    ensure legal compliance as a minimum
•    reduce losses due to incidents and absence 
•    reduce downtime and disruption to operations
•    reduce the cost of insurance premiums

What are ISO 45001’s main characteristics?

•    It uses the Plan-Do-Check-Act model, is risk-based and takes a similar approach to OHSAS 18001 and the Health and Safety Executive’s management systems guidance HSG65 Managing for health and safety [http://www.hse.gov.uk/pubns/priced/hsg65.pdf].

•    It gives the intended outcome of the system as: “…to prevent death, work-related injury and ill health to workers, to improve and provide a safe and healthy workplace for its workers and other persons under its control.”

•    In common with all new management system standards, ISO 45001 uses the same ‘high level structure’ to help enable integration (common clauses, terms and definitions and clause text, which is supplemented with discipline-specific additions), also known as Annex SL.

•    Outline of clauses in the draft standard:
1)    Scope – the applicability of this international standard
2)    Normative references – there are no normative references in this standard
3)    Terms and definitions – outlines those that apply to this standard
4)    Context of the organisation – eg understanding needs and expectations of interested parties
5)    Leadership & worker participation – eg commitment, policy, roles and responsibilities, accountabilities, authorities and consultation
6)    Planning – eg setting OH&S objectives and the actions needed to achieve them
7)    Support – eg resources, competence, awareness, communication, documented information
8)    Operation – eg operational planning and action, including change management, outsourcing, procurement and contractors, emergency preparedness
9)    Performance evaluation – eg measuring and monitoring, internal audit and management review 
10)    Improvement – eg setting targets, investigating incidents and non-conformities, taking corrective actions

There is an accompanying Annex A (informative) guidance on the use of this international standard, which explains the various clauses.

How does ISO 45001 differ from OHSAS 18001?

Main differences:

•    context of organisation – there must be consideration of wider issues such as supply chain and local community and also cultural, social, political, legal, technological, economic and governance settings 
•    leadership – top management (those who direct / control organisations) need to take an active role e.g. set direction, foster trust, promote positive culture and communicate what needs to be done and why it is important  
•    documented information – in this digital age, this includes electronic and processed information (e.g. use of smartphones or tablets) and does not refer to ‘documentation’, ‘records’ or ‘documented procedures’

Also, more focus on: 

•    worker participation – top management ensuring more non-managerial participation and supporting leadership and contribution from others
•    continual improvement – there is a requirement for continual improvement objectives and process, such as to improve system efficacy and promote positive       culture 
•    hierarchy of control – there is emphasis on applying the ‘hierarchy’ at planning and operational stages, so that problems can be designed-out at the earliest stage
•    risk management – this requires ongoing assessment of risks and opportunities, both for OSH and for the OHSMS itself
•    compliance status – requires a process to ensure that relevant legal and other requirements are taken into account, kept up-to-date and compliance status checked
•    contractors, procurement and outsourcing – recognising the growth in these areas, there is a requirement for specific processes to safely manage these issues
•    performance evaluation – requires criteria against which evaluation takes place and for not only OSH performance to be evaluated, but also of the efficacy of the system 

What’s the expected timetable?

ISO 45001 has now reached the "enquiry" stage of development; the Draft International Standard (DIS) and has been consulted on. The ballot of the DIS failed to achieve approval and so the standard will go to a DIS2 stage after a further ISO PC 283 meeting in October 2016 to resolve any outstanding issues.

The DIS2 consultation will be a two-month period between February and March 2017, with another meeting in May 2017 to deal with any resulting queries. If there are no significant issues, the draft standard can go for final edit, with a view to it being published by the end of June 2017.

In the meantime, BSI’s HS/1 Committee is working to produce a guidance document for ISO 45001, similar to BS 18004 and this will probably be numbered BS 45004.

What implications are there?

The differences between OHSAS 18001 and ISO 45001 could mean there are implications for organisations seeking certification and their advisers; and also for auditors who are auditing to the new standard. Key areas include the requirement for demonstration of leadership and adequate consideration of an organisation’s context. 

For example, OSH practitioners may need to develop or refine their skills in helping managers to assess the internal and external factors affecting context (horizon-scanning and STEEPLE analysis, for example) and ensure effective engagement with relevant stakeholders and interested parties. They will also need to be able to prepare CEOs and other senior managers to be audited to this new standard. The introduction of ISO 45001 provides the opportunity for closer working relations between OSH practitioners and Boards / CEOs and other relevant corporate functions, such as procurement, encouraging organisations to show more visible and socially responsible leadership. 

Auditors who are auditing to ISO 45001 may need new skills, both interpersonal, in interviewing top management and also technical, in dealing with an increased variety of information sources and researching organisational context. 

What should organisations be doing?

For organisations already certificated to OHSAS 18001, there will be a transition period to move to ISO 45001 before OHSAS 18001 is withdrawn completely. Though this period has yet to be agreed, it is likely to be two to three years. Organisations’ certification auditors will be in touch to advise on the timescales and will probably suggest a ‘gap analysis’ audit to identify any changes to existing processes that might be necessary. 

Organisations without certification to an OSH management systems standard, but considering seeking ISO 45001 certification, can start preparing now. Taking part in the public consultation on ISO DIS 45001 provides an opportunity to understand the likely requirements of the standard and to start ensuring relevant processes are in place. Organisations will need to engage a certification body to audit them and conduct a ‘gap analysis’ against the ISO 45001 requirements. This will identify specifically where and how an organisation’s processes need to be improved to achieve the standard.

And of course, organisations can also opt to adopt the standard and follow the guidance without seeking certification if they so choose.

So, in summary, organisations should ensure effective OSH risk management is integral to their operations and that they have strong leadership, worker involvement, a competent workforce and a positive OH&S culture. As well as reducing injury, illness and death, this can help enhance the organisation’s reputation, resilience and results and ensure a sustainable and socially responsible future.  

Where can I get more information?

•    The ISO 45001 web pages 
•    The BSI web pages 
•    IOSH webinar on ISO 45001 
•    IRCA Briefing note – Annex SL


Type : 


  • Is this a legal requirement

    Permalink Submitted by Hugh Harrison on 4 February 2016 - 04:03 pm

    Is this a legal requirement for businesses to have ISO 45001? If so it is not stated.
    If not what penalties does it incur should a business have a serious accident and is found wanting in their health, safety and welfare instruction, documentation , assessments other than what The Health and Safety at Work act covers, other than being removed off the ISO 45001 list of companies.
    Therefore what benefits other than being a member of another safety club does this ISO 45001 do for a company. It appears to me to be just bureaucratic hoop and big expense that businesses have to jump through to be seen to be complying with the act.

  • Seemingly a very good safety

    Permalink Submitted by Jonas Mwango on 7 February 2016 - 08:51 pm

    Seemingly a very good safety management system

  • good

    Permalink Submitted by john on 7 February 2016 - 09:41 pm


  • Please inform me about

    Permalink Submitted by masjuli565@gmail.com on 24 September 2016 - 04:07 pm

    Please inform me about guidelines for implementing iso 45001?
    Thank you

    • Hello, At present the details

      Permalink Submitted by Louis_Wustemann on 7 October 2016 - 05:20 pm

      Hello, At present the details of the standard are still being negotiated. We will carry articles on implementing the standard once it is finalised.

  • A bureaucratic nightmare

    Permalink Submitted by Dezen12 on 12 October 2018 - 11:48 am

    A bureaucratic nightmare which runs totally counter to modern thinking, to HSE's approach, & to the legal requirements. It will create a mountain of work for consultants. It will also likely double costs to organisations and INCREASE risks as the systems-focus will distract people from actually managing risks as they should.


Add new comment