Featured Product
This Week in Quality Digest Live
Management Features
Gleb Tsipursky
Only a third of organizations have hybrid policies in place
Joe Judge
How you do anything is how you do everything
Stephanie Ojeda
How addressing customer concerns benefits the entire quality process
Shiela Mie Legaspi
Set SMART goals
Mike Figliuolo
Creating a guiding maxim helps your people think ahead, too

More Features

Management News
For companies using TLS 1.3 while performing required audits on incoming internet traffic
Accelerates service and drives manufacturing profitability
New video in the NIST ‘Heroes’ series
A tool to help detect sinister email
Developing tools to measure and improve trustworthiness
Manufacturers embrace quality management to improve operations, minimize risk
How well are women supported after landing technical positions?

More News

Stephanie Ojeda


Aligning Incident Management With ISO 45001 Requirements

Incorporate risk-based thinking in your approach

Published: Wednesday, October 4, 2023 - 11:03

The number of ISO 45001 certificates is growing fast, jumping 54% from 2020 to 2021, according to the ISO Survey.

This occupational health and safety standard is especially prevalent in manufacturing, where managing safety incidents is a core concern from the perspective of protecting workers, reducing costs, and avoiding compliance problems.

So what does ISO 45001 say about environmental, health, and safety (EHS) incident management, and how can manufacturers ensure compliance with the standard?

Below, we examine key clauses of the standard related to incident management and best practices for building your process. We also explore one big gap in EHS incident management today, and the role of technology in managing incidents.

Download a free case study to learn how one leading manufacturer created a customized process for root cause analysis and corrective action.

Incident management requirements in ISO 45001

While ISO 45001 is largely aimed at incident prevention, several requirements apply to how organizations respond to and manage incidents. These include requirements around:
• Incident reporting: Manufacturers must document their process for reporting incidents, including near misses, injuries, and occupational illnesses.
• Incident investigation: Companies must investigate incidents to identify their root causes, contributing factors, and related hazards.
• Incident response: Organizations must establish a process for incident response that mitigates the effect of incidents to prevent further harm.
• Documentation and record-keeping: The standard requires documentation of the incident management process as well as records of incidents, investigations, and corrective actions.
• Communication: Companies must keep workers informed about the results of incident investigations. The standard emphasizes sharing lessons learned, as well as seeking employee input on appropriate prevention and control measures.
• Corrective and preventive action: The standard requires companies to implement corrective actions to address the root cause of incidents and prevent recurrence.
• Continuous improvement: Like all ISO standards, there is a strong focus on continuous improvement. ISO 45001 requires companies to use incident management data to drive improvements in EHS performance as a whole.

The biggest gap in manufacturing-incident management

It’s worth noting that ISO 45001 includes near misses in its definition of workplace safety incidents. Unfortunately, it’s also one of the biggest gaps in manufacturing plants today.

The problem is that not reporting near misses means lost opportunities to prevent future injuries. It’s natural to feel relief after a near miss, and it’s not hard to see why people would be nervous about reporting a mistake. Because of this, it’s critical to communicate to your team:
• What counts as a near miss
• Why it should be reported
• That nobody will be blamed for reporting near misses or other incidents

It’s vital that your team understands how reporting helps the organization keep everyone safer, and that they won’t be punished for reporting.

Incident management best practices for ISO 45001 compliance

Similar to other ISO standards, ISO 45001 doesn’t provide specific instructions on how to manage incidents. However, it does require that manufacturers incorporate risk-based thinking into their approach.

That means incorporating risk into decision-making throughout the process. One example would be using a risk matrix and scoring to prioritize corrective actions. Another would be using failure mode and effects analysis (FMEA) to determine prevention measures for addressing an identified root cause.

Manufacturers should also consider the following incident management best practices:

Immediate response and documentation
Whenever possible, take photos of the incident scene, and keep it closed off until the investigation is complete, if feasible.

Incident investigation
Here, you’ll want to take statements from the injured party and any witnesses. The sooner you capture the details, the more people will be able to remember. Be sure to take into account what the person was doing before the incident happened, walking through the entire process from start to finish.

Incident reporting
Capturing data on the time, location, and circumstances surrounding the incident will be helpful both for tracking trends and for OSHA reporting purposes.

Corrective action
This step includes root cause analysis using tools such as a 5 Whys analysis, 8D problem solving, or failure mode and effects analysis (FMEA). Don’t assume you know the root cause, but rather follow the process to completion to avoid missing anything.

Preventive action
Some incidents are straightforward in terms of identifying preventive actions. However, if you’re having trouble coming up with an effective preventive action, consider using an impact assessment and FMEA. This helps determine how substantial of a preventive action is necessary based on risk and the effect on the process.

Using the QMS to build an ISO 45001-compliant incident management process

Quality management system (QMS) automation is becoming increasingly prevalent for manufacturers looking to standardize incident management. A configurable QMS helps companies create an ISO 45001-compliant process that aligns with internal processes, allowing these companies to:
• Capture, store, and share incident details within one centralized, permissions-based system
• Facilitate collaboration among different team members to accelerate the resolution of problems
• Launch a 5 Why, 8D, or FMEA from the EHS incident management solution
• Create customized workflows for incident investigations and reporting aligned with internal processes and reporting structures
• Automatically populate incident reports and OSHA 300 forms for regulatory reporting
• Analyze trends in EHS incident data to develop more effective preventive actions and drive continuous improvement


Clause 10.2 of ISO 45001 requires companies to establish processes for incident investigation, reporting, and corrective action. The standard also includes requirements for documentation and communication, as well as the stipulation to use incident data to promote continuous improvement.

An automated QMS with EHS incident management tools can help companies meet ISO 45001 requirements, which also helps avoid regulatory compliance issues. Beyond compliance, a standardized approach can help reduce incidence rate, protect workers, and foster a strong culture of safety across the organization.

Published Aug. 17, 2023, on the AssurX blog.


About The Author

Stephanie Ojeda’s picture

Stephanie Ojeda

Stephanie Ojeda is the director of product management for the life sciences industry at AssurX.


Excellent and important article

The sense I get from some Pennsylvania Training for Health and Safety (PATHS) webinars on incident handling and near miss reporting, and this is my position as well, is that safety near misses should be treated as if the incident had happened. This requires corrective and preventive action (CAPA) that uses the methods described in the article to remove the incident's root causes and also deploy the lessons learned to similar activities throughout the organization.

Japan calls a near miss report a hiyari hatto, or "experience of almost accident situation." Assume that, if it can happen, it will do so sooner or later so get rid of the underlying root causes.

Near Miss Definition

Great article, Ms. Ojeda.

To Ms. Ojeda and/or Mr. Levinson: Do you know if ISO or the "safety" industry at large, has a standard definition of a "near miss"? I'm wondering if what might be hindering the wider knowledge and useage of effective near-miss management, reporting, etc. is that we perhaps lack a definition that all interested parties and stakeholders agree upon.

Appreciate any feedback you may have.


PowerPoint on near misses

https://www.dli.pa.gov/Businesses/Compensation/WC/safety/paths/resources... is from the Pennsylvania Training for Health and Safety

"A near miss is an unplanned event that did not result in injury, illness, or damage, but had the potential to do so. Only a fortunate break in the chain of events prevented an injury, fatality or damage; in other words, a miss that was nonetheless very near. A near miss describes incidents where, given a slight shift in time or distance, an injury, ill-health, or damage easily could have occurred but didn't this time."

They have numerous online presentations on occupational health and safety. They are free of charge and I recommend them highly.